On Mon, Feb 19, 2001 at 07:13:40PM -0800, Rick Rezinas wrote: > I've been loosely foloowing this thread, and hope you have the best of > luck locking down. A few places to start with the inetd.conf file. You > probably don't > need any of those services. Install ssh. Setup your apt sources.list to > check for > > deb http://security.debian.org stable/updates main contrib non-free > > but you may want to use a mirror, so they don't get nailed. >
There are no mirrors of security.debian.org (or shouldn't be) for security reasons. This way the authenticity of security packages can be better controlled. - Tal > basically, each line in the sources.list has a list of packages, and they > look to see who is the newest and install that puppy. > > those are a coupla basic steps to locking down your box. Others include > not running named cux it's often a problem...I have no doubt that there are > crackers out there with several named and sendmail holes in their pocket. > That haven't been exposed before. So if you run mail, check out qmail. > IMHO. Don't have key services run as root, like your webserver if that is > key. That way if you get compromised they still need to work for root. > > have a nice day > rick > > > > On Mon, 19 Feb 2001, Steve Rudd wrote: > > > Steve here, > > > > Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have > > been maintaining my own box from a su level for about 3 months. That is why > > I was calling in an expert to install Debian tomorrow. It has become quite > > obvious to me that I am way over my head in trying to get my server secure. > > > > But I would also like to say that I was humbled by the sheer volume of > > caring replies. I want to say that I have taken note of all of them and > > thank you. > > > > My personal/superficial conclusions to my own questions based upon your > > replies is that Debian (as a software package) is a little more secure (for > > a variety of reasons), than Redhat 7. But the biggest factor is me getting > > pro help by someone who knows what he is doing. Done! > > > > There is one primary reason why I would have chosen Debian over Redhat in > > the first place. The auto-update feature. I was on line for the Redhat > > Network. It never notified me of anything. Even now, after being hacked, is > > gives me those nice smiley icons saying all is ok! <g> > > > > For me to get the box set up, then issue a one line command as the SU via > > "CRT" program in SSH mode, to update is breathtakingly attractive! > > > > Steve > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- ----------------------------------------------------------------- Tal Danzig [EMAIL PROTECTED] | Libranet Linux http://tal.thepenismightier.net | http://www.libranet.com -----------------------------------------------------------------
