hi it's paul here. i'm pretty new to slack and linux in general, but i managed to install v8.0 on a somewhat old toshiba tecra 510cdt. xfree86/kde display issues aside, i seem to be doing ok so far- but since i'm running both ftp and apache servers here, i'm curious if anyone has any general security tips. since i don't really know what i'm doing (apache and proftpd installed and start sort of automagically). i keep an eye on my logs, but that strikes me as a little backward, as if anything did happen it'd be sort of too late. most of the time any "attacks" i get are what i suspect are infected servers looking for NT-specific vulnerabilities, so i'm not too worried about that. and i plan on only keeping the server machine powered on part time anyway (like while i'm using it, not really to serve stuff constantly), partly out of paranoia and partly in the interest of keeping the old utility bill down...

i guess i have a couple specific questions:

1. are there changes i ought to make to the default install? seems to me that most of the defaults lean in the direction of more secure vs. not (no root or anonymous ftp login, no backing up out of the root www directory, etc), but i'd rather be safe(r) than sorry.

2. can i shut down or monitor telnet activity? i noticed some odd telnet goings-on, and i'm not sure what i should do, if anything. it was an isolated incident, anyway.

3. shut down unused ports? uh. how do i do this?

4. if i'm using one routable IP address from behind NAT, am i compromising the security of the rest of our network here? we have one mac and two windows machines that, as far as i know, aren't visible from the outside, but since i only barely managed to configure our routing table, i'm not too sure. that in itself is probably an indication that i shouldn't be doing this at all...

and i just sort of noticed that none of these are really slackware-specific questions, but try not to be too brutal.

thanks
cheers
paul

I don't think anyone will be brutal in this particular forum.
As far as most of your questions, I believe you could answer them all with a well built firewall with well setup network intrusion detection software. iptables (netfilter), is the name of the newer 2.4.x kernel firewall er, tables. LOL I don't know what ports and or setup you have going as far as NAT and the servers, though if you look into iptables, they can all be taken care of with it. I'm sorry if this was a little general, but I believe it's the right place to start. Correct me if I misunderstood anything.

Yes first of all shut off any uneeded ports. You will find most not all in /etc/inetd.conf you can turn these off by commenting them and restarting inted with kill -HUP $pidofinetd where $pidofinetd is the number that ps ax gives you for /usr/sbin/inetd the first things you should shutoff are finger, netstat and systat. If you read http://www.linuxsecurity.com/docs/colsfaq.html it will tell you some other things to do. There are other sites you can read as well but that FAQ should get you started
Yes it is in inetd.conf you should use sshd instead. Make sure your passwords are hard to crack. If you suspect your machine has been tampered with then you should get a rootkit detector and it run it on the machine.
You can do the inetd thing, some other programs do not run through inetd such as apache and samba to stop their ports kill the program.
Technically yes you are compromising security. If however you are the sysadmin of the network then no. Either way you can improve system security by finding out information on security. It is harder to crack a system where someone has a clue then one where no one does. So read the C.O.L.S FAQ and get secured and have fun doing it.