TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:5793] security
On Tue, May 04, 1999 at 08:03:19AM -0500, Tim Wilson wrote:
> Good morning everyone,
>
> I've been thinking about security on my server lately. I've realized that
> I really need to get up to speed on security issues before my system gets
> cracked. I've been reading some docs on the subject, but I thought the
> entire list might benefit from this question. (Incidentally, I suppose
> this would be a good topic for the FAQ-O-matic, but I was having trouble
> figuring out how to use it. It didn't seem to want to accept my password.)
>
> Let's assume that you've got a newly installed Linux system on a
> brand-spankin'-new server. RedHat for example. Let's say that this machine
> will be a file server on a LAN with a mixture of Win9x/NT and Linux
> client. You will also be running a web server, ftp server, and would like
> to allow remote access from home for administration purposes. Once the
> system is installed, what steps should you take to secure the system?
>
> Let's contribute a list of steps, put them into some order, and place it
> on the TCLUG website or in the FAQ-O-matic. Here are some initial
> suggestions (incomplete, and in no particular order).
>
> 1. Install SSH on the server. Go to
> ftp://ftp.replay.com/pub/crypto/crypto/SSH/ to download SSH.
>
> 2. Make sure you install TCP Wrappers to make some rules for allowing and
> disallowing access to services.
>
> 3. Read the Security-HOWTO at the Linux Documentation Project website
> (http://metalab.unc.edu/mdw/linux.html)
>
> 4. Read the Linux Administrators Security Guide at
> http://www.seifried.org/lasg/
>
> Well that's a small start. Would others of you be interested in adding
> your $0.02?
>
> -Tim
>
> --
> Timothy D. Wilson "A little song, a little dance,
> University of MN, chem. dept. a little seltzer down your
> wilson@chem.umn.edu pants." -Chuckles the Clown
> Phone: (612) 625-9828 as eulogized by Ted Baxter
>
Thats a good start. Now remember to disable any ports that your not using. If you decide to run a ftp server make sure it is a secure variety. Like sftpd etc. Other wise there is not point in running ssh because the ftp passwords are sent via clear text.
Eric
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
- References:
- security
- From: Tim Wilson <wilson@chemsun.chem.umn.edu>
- security
- From: Tim Wilson <wilson@chemsun.chem.umn.edu>