NEW 2 RH ANYTHING, but Winx power user

ZeeKAlphA · 02-03-2003, 11:55 PM

target point: setting up server for shell accounts on IRC or other.
steps in process
1) installed RH 7.2 - tested online status - ok
2) ?? am thinking that updates or security messure is needed.*

new to RH or unix/linux, just install RH 7.2 and need to know the steps in making sure it secure and stable, new to envoiment, use to Windows platform, (*norm would fdisk/format/partition/install after install, OS and security updates then NAV or other anti-virus. then accounts).

3) hoping to get advice frm the Great Linux GOD.

thank you
ZeeKAlphA
zeekalpha@hotmail.com
zeek@sysascend.com
am online most everynight till 3-4 am

Mara · 02-04-2003, 06:45 AM

Making sure your system is secure is a long process and in fact it never stops...
What you should start from? A firewall (there are many iptables scripts examples posted to this site), for sure. Then browse the list of running services and turn off all you don't need. Make sure you've got all the security upgrades. Then check them from time to time...

unSpawn · 02-04-2003, 08:21 AM

Next to Mara's suggestions which I agree fully with IMO the most important thing is to become a user. Why? because the firewall won't stop users from trying to compromise the box. See what they got access to you wouldn't like them to have like for instance suid/sgid binaries, system configs (a shell user doesn't need to read lilo.conf or /etc/pam.d or /var/httpsd), compilers.

- hide/remove development stuff
- install the GRSecurity kernel patch: it allows for "Trusted Path Execution" which only means binaries outside designated $PATH can't be run (like mount -o ro,noexec,nodev,nosuid), has extensive audit caps like logging user activity (per group, per id) and protects your kernel against typical forms of buffer overflows. It also does ACL 's.
- focus on ulimits: (background) process/login/diskspace/cpu limits
- do look into logging to a remote syslogd
- focus on your fw's limiting. IRC boxen are DoS prone by nature.
- regularly trawl the system for bad stuff

//If you want more links about securing your box search the security forum, I post a list with basic references regularly.

HTH somehow.