Re: [cobalt-security] Making my Raq4 a securer system

[Fabrice Prémel <fabrice@xxxxxxxxxx>]

On Tue, 7 Nov 2000 21:33:32 +0000, Michelle A. Hoyle wrote:
>Suppose that I'm a reasonably competent auto-magically installs kind
>of installer, am comfortable wandering around my Raq via the shell, 
>but I'm not a Linux administration/security genius by any stretch of
>the imagination.  I want to make my Raq4 more secure but without 
>making the machine almost impossible to use.
[snip]
>1) What should I be installing?
>2) What does it do, briefly?
>3) Once I install it, what do I need to do with it to improve the 
>security of my site?

More than installing something new, you should first inspect 
carefully your raq. Start by using netstat to see which ports are 
open. Then, go into each and every config file to check everything is 
ok. See if you can recompile Apache so that it doesn't run as root. 
Look for suid exec that you might un-suid. Check that all your 
daemons are uptodate wrt security patches. Check for badly written 
cgi.

Even if only trusted people connect via ssh, it might happen that 
such an account be compromised. In such a case, you do not want the 
intruder to quickly gain root.

You might also want to subscribe to mailing lists such as bugtraq.

There are interesting readings on how to secure a linux box. You 
might want to check www.securityfocus.com, and www.linux.org (in the 
ldp part).

Hope that helps,

Fabrice Prémel.