On Tue, May 02, 2000 at 03:42:51PM +1000, Matthew Dalton wrote: > > "Dzuy M. Nguyen" wrote: > > > > Yeah, I checked the /var/log and they did delete the log files. Could syslog be set up to forward the logs to a backup machine? Or you could set up logcheck to ignore nothing and have it email to an account on a different machine. (logcheck is useful anyway) > Make sure you are running the absolute minimum of services that you > require. If a service is not active, security problems with that service > should not affect you. > > Use secure alternatives to services, for example: install and use ssh > instead of telnet (disable telnet). If at all possible, uninstall the insecure service daemons to make it that much more difficult for someone to mess with them. Especially telnet. If possible, on a dedicated webserver or similar machine i'd also remove gcc and all -dev packages, and anything else unnecessary for the serving of webpages (or whatever service). portsentry could also be useful for some amount of advance warning if someone comes around looking for holes. > Setup your tcpwrappers conf files (hosts.allow and hosts.deny) to > restrict the use of active services. Use ipchains / ipfwadm / linux-2.4 > equiv (ipnatctl?) to further restrict access. iptables? Remember that in hosts.allow/hosts.deny, if you use name-based restrictions (instead of ip number based) you'll be trusting the DNS server to give accurate information. > Make sure you know exactly what services you have installed lsof -i can help you make sure of what's open. As can a good portscan of your own machine. > and follow the security alerts. Linux Weekly News (http://lwn.net/) > security section once a week is a good place to start. It also has > links to other security related sites. Debian announces security > alerts and fixes for Debian GNU/Linux on its web page > (http://www.debian.org). You might also want to subscribe to bugtraq. Email "SUBSCRIBE BUGTRAQ lastname, firstname" to firstname.lastname@example.org. -- finger for GPG public key.
Description: PGP signature