On Fri, Oct 05, 2007 at 11:40:28AM -0700, Amit Uttamchandani wrote: > There is an amazing software set called bastille. It runs a set of > scripts that hardens linux. Although it doesn't tell if it has been > compromised but this should be done after every new install.
I found bastille to be a bit stupid for me. The better choice is to read the document in harden-doc and follow those recomendations that make sense. Don't have any ports open to the internet that you don't need. Don't have servers listening on outside interfaces unless you are in a DMZ. Especially, don't have ssh listening on outside interfaces if you don't need it. If you do, and it will work for you, disable password ssh login altogether and use pubkey only. Don't allow root to ssh in. Finally, after you've secured everything else, read shorewall-doc and set up a firewall that has the default policy of either deny or drop, then only allow what you need. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
