I was wondering what some of the security guru's might think about installing a new firewall this way & how well it might work.
Firewall
* Monolithic kernel - no usb, sound, video, mass storage, etc.
* all unnecessary services disabled
* extra users & groups removed - ftp, news,
* minimal install & remove extra base packages - install upgrades from trusted cd (all rpms gpg signed),
* Extra packages - bastille, blockhosts, sshdfilter,
* Daily checks with tripwire (database on cdr), rkhunter, chkrootkit, & antivir
Weekly checks with lsat & tiger
script is encrypted with shc (
http://www.datsi.fi.upm.es/~frosal/)
* SSH on different port (not 22) - no root login
* /etc/hosts.deny
All: ALL
* /etc/hosts.allow
sshd: 192.168.1.5 (penguin command)
* /etc/rc.d/rc.local
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
* configure network access, get new updates if any