Re: Checklist (was Re: OS Hardening)
What I do:
1-Custom package selection, try to weed out talkd, telnetd, and some others that
are installed by default.
2-netstat -a | grep LIST or netstat -l to find out who is listening for
connections.
3-kill all the packages that are running that I don't want and that slipped past
me earlier.
4-add ALL:ALL or ALL:PARANOID and specific services by name that I want to
restrict to /etc/hosts.deny, depending on what the box is going to be used for.
5-allow access to my local network or to specific services with /etc/hosts.allow.
6-edit /etc/inetd.conf to remove unwanted services.
7-nmap localhost to see what ports are open.
8-start ipchains, kill all chains with ipchains -F.
9-block off ports that I don't want the world to see but should be open to the box
itself with:
ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 portname -j REJECT
Alternatively, set the ipchains policy to REJECT and then open up specific
ports with ALLOW
10-nmap localhost again to see that everything's good.
11-install logcheck and ippl. Possibly portsentry (in the non-free section)
and/or snort for a "bastion host".
12-configure portsentry if I have it installed to block out attackers with
ipchains.
HTH
--Mike
--
It's a shame that a family can be torn apart
by something as simple as wild dogs.
Reply to: