* Richard Hector <rhector@actrix.gen.nz> [2001.10.08 01:01:42+1300]: > Does anybody have any suggestions for a general approach to configuring > a server outside of its final environment? in general, just make a note of all the places where you specify the IP. when you bring it online, you need to edit /etc/resolv.conf, /etc/network/interfaces, and change all IPs. for apache, i suggest mod-ssl, and then specifying 0.0.0.0 as the IP addies within httpd.conf. this works as of 1.3.10, before that you had to enter the actual IP. > Also, are debian-default installations of most packages safe for use on > the net? I'll set up packet filtering, and leave lots of stuff off, but > I wasn't going to do much more than that. that's what i have (with woody), and you might need some additional changes to make it more secure (e.g. apache, proftpd), but between nessus and one's own security audits, you should be able to pretty much lock the machine down. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck a c programmer asked whether computers have buddha's nature. as the answer, the master did "rm -rf" on the programmer's home directory. and then the c programmer became enlightened...
Attachment:
pgp4XUN1hCHbN.pgp
Description: PGP signature