Well, let's see it. I'm not in home, so I can't check my own checklist. Some tips I remember:
1. Disable uneeded services, like DNS servers or mail servers. To do it, you only need to 'chmod -x' the respective scripts in /etc/rc.d/ folder. Well, how do you gonna know which service is needed or not? My advise is: be very restrictive. Look inside the scripts and check which daemon is started by it. If you are in a desktop you won't need httpd, mysqld and other network daemons. If you are a web developer and need Apache for testing you sites, it's safer to start it using 'apachectl start' when you're working than to run it as a daemon from the startup.
2. Give a look in the /etc/login.defs file (or something like that). The comments are self-explanatory and can provide a lot of ways for hardening login.
3. There is a file in /etc name 'securetty' or something like this. The uncommented lines defines the terminals the root is allowed to use for logging in. In a very hardened system you can disable all access (comment all lines) and force people to log as an ordinary user and use 'su' to do root jobs.
4. In /etc/sudoers you can restrict who can use the 'su' command and which command the user can do as root. I don't know very well how to configure it, but I think that there is a 'man' page for this file.
5. Ah, evidently: use a firewall. Iptables is very powerful, but hand-configuring it is very very hard for a newbie as I'm. Use Guarddog for doing that. I think it does a good job.
6. Search in Sourceforge.net or in Freshmeat.net for security tools as Nmap, Tripwire, Chkrootkit, SARA (former SATAN, I guess), Logcheck (or Logwatch). It's advisable to run some File Integrity Check Tool just after the installation or the script found in the Post-Installation Checklist HOW-TO.
http://www.tldp.org/HOWTO/Post-Insta...ist/index.html
This script takes a snapshot of the clean system, before you start to do the silly things that makes it unsecure :-) It's useful for rolling back some bad idea or for use as a standard of file integrity.
Schedule the auditing tools in root's crontab file. Check 'man crontab' to see how to use it. It's not very hard. You'll maybe need to write some simple Bash scripts in order to control the command-line options of the programs. For instance, I use scripts in such a manner that the reports are not overwritten, but each new report receives a unique name, is put in a specific folder, chmoded 400 and chatter'ed +i (i.e., made immutable).
7. Check the permissions settings of some important folders. In principle there must be very few world-writable files and not a lot of world-readable files in some important folders. But it's better to do extensive changes only after the forementioned snapshot, for some files in "system" folders needs to be readable even by ordinary users. I don't have a general recommendation in this point. But you can maybe check this file:
http://www.userlocal.com/security/secfileperm.php
(and the parent folder, as well).
Other kind of permission attribute is set with the "chattr" command. Two options are interesting for security purposes: +i to make the file immutable, even for root (but root still can unset this attribute) and +a to make the file only appendable.
Well, there are many other tips, but these are the ones I can remember now. I'm still a newbie, but I grant you that researching the security topic is very addicting. So, I recommend you to pay attention to all the security HOW-TOs, including the marvellous "Secure Programs", for it contains general security considerations too. I recommend this guide too:
http://www.tldp.org/LDP/solrhe/Secur...ution-v2.0.pdf
It is very RedHat-centric but a lot of informations are useful in any Linux Distro.
Good Luck and enjoy Slackware! If I remember something I come back and post it!
