A group of students at my university will be participating in a round of computer security CTF (Capture the Flag) as the Defenders [1] early next week.
Given that they have to keep their servers and services online; what would you do in 5 mins to secure a Linux system? I'm hoping that I can give them a list of commands and items to check quickly so they can study/practice before the "big event". They will be running Zenwalk Linux; probably a LAMP stack (with PHPmyadmin), ssh, ftp, and postfix. Any help would be greatly appreciated. And no, they can't just `iptables -A INPUT -j DROP -p tcp -i eth0` as they are scored continuously on service uptime. I thought of that too (this will be the nuclear option). Thanks. --Joseph Kern [1]: http://en.wikipedia.org/wiki/Capture_the_flag#Computer_security _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
