Thornton wrote:
> > Hi all, I've been using RH 6.0 for over a year and reading this list
> > for about the same time. Finally, I've got an external modem and wanna
> > try using the internet from Linux (don't get me started on buying an
> > expensive machine only to find out most of the components are cheap -
> > yes I'm talking Winmodem, etc.). I've done a fair amount of reading
> > about security in the past but it was only when I actually started to
> > set it up myself that I realized - there seems to be very little
> > information about setting up a single machine for internet usage. What I
> > really want to know is should I set up ipchains on the machine that is
> > accessing the internet, all the literature I've found points to using it
> > on a dedicated machine with masquerading. So any hints on how to set up
> > nice secure single machine would be gratefully received.
>
> You don't really need ipchains if your services running on your local
> machine are secure, but if you want you can take a look...
I very much agree with this advice. Ipchains is a good tool, but if you
don't need a service, turn it off rather than block it with ipchains. It
is very likely that you do not need any inetd services, so just don't
run inetd. Same for sendmail if you are getting your email via pop
(likely). Run netstat -apt. Look for things like nameserver, portmapper,
auth and print spooler. You can likely turn those off too. I personally
do not run any of these services.
And since you are configuring things, while it does not provide much of
a security increase, don't forget to run junkbusters or an equivalent as
a web browser proxy.
http://www.junkbusters.com/
Duane
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
