Re: Debian or Redhat 7???
I've been loosely foloowing this thread, and hope you have the best of
luck locking down. A few places to start with the inetd.conf file. You probably don't
need any of those services. Install ssh. Setup your apt sources.list to
deb http://security.debian.org stable/updates main contrib non-free
but you may want to use a mirror, so they don't get nailed.
basically, each line in the sources.list has a list of packages, and they
look to see who is the newest and install that puppy.
those are a coupla basic steps to locking down your box. Others include
not running named cux it's often a problem...I have no doubt that there are
crackers out there with several named and sendmail holes in their pocket.
That haven't been exposed before. So if you run mail, check out qmail.
IMHO. Don't have key services run as root, like your webserver if that is
key. That way if you get compromised they still need to work for root.
have a nice day
On Mon, 19 Feb 2001, Steve Rudd wrote:
> Steve here,
> Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have
> been maintaining my own box from a su level for about 3 months. That is why
> I was calling in an expert to install Debian tomorrow. It has become quite
> obvious to me that I am way over my head in trying to get my server secure.
> But I would also like to say that I was humbled by the sheer volume of
> caring replies. I want to say that I have taken note of all of them and
> thank you.
> My personal/superficial conclusions to my own questions based upon your
> replies is that Debian (as a software package) is a little more secure (for
> a variety of reasons), than Redhat 7. But the biggest factor is me getting
> pro help by someone who knows what he is doing. Done!
> There is one primary reason why I would have chosen Debian over Redhat in
> the first place. The auto-update feature. I was on line for the Redhat
> Network. It never notified me of anything. Even now, after being hacked, is
> gives me those nice smiley icons saying all is ok! <g>
> For me to get the box set up, then issue a one line command as the SU via
> "CRT" program in SSH mode, to update is breathtakingly attractive!
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org