Linux Today: Linux News On Internet Time.

Smart Partner: Keep Tux Safe

Dec 03, 2000, 18:51 (0 Talkback[s])
(Other stories by David Raikow)

"Until someone designs an operating system that reads minds, security will depend on diligent configuration and administration, no matter what OS software you use. Your Linux machine can be extremely secure, but it's not going to get there on its own. Here are a few basic measures."

"Disable Services Shut down every service not 100 percent necessary for the specific purpose of a given machine-when in doubt, turn it off. Any of the myriad services offered through inetd (Linux's "superdaemon") may be turned off by opening the /etc/inetd.conf file and inserting a "#" at the beginning of the line listing the service. All of the "r" services (rsh, rlogin and rcp) should be removed entirely and replaced, if necessary, with OpenSSH (www.openssh.com). If possible, OpenSSH also should replace telnet and ftp."

"Restrict Access Use IP Chains to block unused ports and suspicious packets (see www.Linuxsecurity.com/docs/ HOWTO/IPCHAINS-HOWTO.html for configuration specifics). Warning: IP Chains on your hosts is a supplement to-not a replacement for-stand-alone peri meter network firewalls."

Complete Story

Related Stories: