I gave a presentation a few years ago called "Reasonably secure builds" taht covers the basics of setting up a Linux box. The slides can be found at http://www.tux.org/~storm.
As for the iptables piece of it, yes, you should probably upgrade to a 2.4 kernel, 2.4.22 works quite well. I use an iptables script called gShield, which can be found at http://muse.linuxmafia.org/gshield.html. On Wed, Oct 15, 2003 at 08:38:28AM -0500, [EMAIL PROTECTED] wrote: > Subject: Firewall security > > Message-Id: <[EMAIL PROTECTED]> > From: [EMAIL PROTECTED] > Date: Wed, 15 Oct 2003 14:37:54 +0100 > > > Hi > > I have iinsatlled Debian many times in the past, but each time was for a server > behind a firewall. > > I now have to build a new server that will sit on the web directly, and move an > existing server onto the web. > > Both servers will run Woody. > > Is there a document, or reference, somewhere that explains how to secure Debian > servers . These servers will need to provide ssh, http, mail, ftp(?). I was thinking > along the lines of iptables, but I have never configured this before. Will I have to > upgrade to teh 2.4 kernel? > > Many thanx > > Simon > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Mailscanner thanks transtec Computers for their support. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- --Brad ======================================================================== Bradley M. Alexander | gTLD SysAdmin, Security Engineer | storm [at] tux.org Debian/GNU Linux Developer | storm [at] debian.org ======================================================================== Key fingerprints: DSA 0x54434E65: 37F6 BCA6 621D 920C E02E E3C8 73B2 C019 5443 4E65 RSA 0xC3BCBA91: 3F 0E 26 C1 90 14 AD 0A C8 9C F0 93 75 A0 01 34 ======================================================================== There is always a way. The easy way is always mined. --Murphy's Laws of Combat -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
