Re: [cobalt-security] Security Questions / Request for Comments

["justin" <ronin@xxxxxxxxxxxxx>]

Rick -

> 7) it seems like standard "locking down" of a cobalt server includes
several things - anybody >want to suggest anything else that one should do
as "standard operating procedure"? They >include: SSH; SSL; IPChains;
PortSentry; LogCheck; Trip Wire; disabling telnet, FTP, and >other unused
services; not giving any users any REAL priveledges, creating a new account
to >serve as admin and killing priviledges for admin; and GOOD, LONG
passwords?

There are several checklists out for securing a linux box.  For a good
briefing though check out
http://www.securityportal.com/cover/coverstory20000731.html


>8) Do you bother to write to the ISP of attackers, asking them to take
action against their >hacker client?

Yeah, but sometimes its like talking to a brick wall.

>9) Anyone recommend a GOOD book on using linux, for those who need to learn
how to do >stuff the GUI doesn't cover, particularly with respect to linux
use (i.e. crons, rc files, config >files, basic commands, etc.). I think
this would probably be a good recommendation for a >"newbie" to get before
venturing into the command line mode, at least for a basic >understanding.

A good book is O'Reilly's "Running Redhat Linux" book.  Contains a little
bit of most everything to get you started.  You might also look into joining
your local Linux Users Group (or at least their mailing list).

- Justin