Securing a Linux Box
I was just reading O'Reilly's Programming Perl, and as a side note they said that chown should be accessible only to the superuser. I was thinking about it, and not only does it make very good sense, I noticed that on my Mandrake box chown is executable by the world. The book also included a number of other good suggestions (like mounting /var/www/cgi-bin/ on a read only loopback filesystem to sandbox all scripts (anybody hacking a CGI script will have nowhere to go))
So I was wondering, what other good ways are there out there to secure my server that aren't the default configuration of Mandrake, but are still good ideas?
Thanks in advance,
Dan
|