[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Checklist (was Re: OS Hardening)

What I do:

1-Custom package selection, try to weed out talkd, telnetd, and some others that
are installed by default.
2-netstat -a | grep LIST or netstat -l to find out who is listening for
3-kill all the packages that are running that I don't want and that slipped past
me earlier.
4-add ALL:ALL or ALL:PARANOID and specific services by name that I want to
restrict to /etc/hosts.deny, depending on what the box is going to be used for.
5-allow access to my local network or to specific services with /etc/hosts.allow.
6-edit /etc/inetd.conf to remove unwanted services.
7-nmap localhost to see what ports are open.
8-start ipchains, kill all chains with ipchains -F.
9-block off ports that I don't want the world to see but should be open to the box
itself with:
    ipchains -A input -p TCP -s -d portname -j REJECT
    Alternatively, set the ipchains policy to REJECT and then open up specific
ports with ALLOW
10-nmap localhost again to see that everything's good.
11-install logcheck and ippl.  Possibly portsentry (in the non-free section)
and/or snort for a "bastion host".
12-configure portsentry if I have it installed to block out attackers with


It's a shame that a family can be torn apart
by something as simple as wild dogs.

Reply to: