PDA

Click to See Complete Forum and Search --> : Security primer

TurboFC3S
12-03-2001, 12:20 PM
Ok, I just installed Red Hat 7.2 on my Dell 2550 server. Gonna use it to serve up a few websites with the majority of it being vBulletin pages using PHP/MySQL. The sites are all on a Win2k server now - yuk!

My question is where can I find a good security checklist? I know a lot of the basics, but I'd really like to get the screws tightened down before I roll the thing into production.

One specific question is, can I leave X or KDE installed? Or is there to much risk? Can I just turn off remote X logins?

Thanks all,
Ryan
milanuk
12-03-2001, 09:04 PM
For a good security doc, go to the Linux Documentation Project and find the guide "Securing and Optimizing Red Hat Linux". The free version at the LDP is on RH 6.2, and you can buy a hardcopy 2nd Ed. on RH 7.1 @ OpenNA.com. I haven't heard yet if they are planning on doing one on 7.2 or what. The only things I don't like about the book (I have a hard copy) is that a) they should have had someone proof-read the grammar. I realize the author isn't a native speaker of English, but if the book is to be published in the English language, the publishers should try and make an effort to make it read properly. And no, I'm not interested in giving specifics, for those out there looking to pick. It's just my opinion.

Otherwise, the only *real* gripe I have w/ the book is that it assumes that you are going to rip out damn near everything, disregard any available RPMs or SRPMs, and d/l the tarballs and do custom compiles from scratch. True, this will give the most secure and optimized install. But then why in the hell even use Red Hat, SuSE, Debian, or any other distro w/ a real package manager. Just do a LFS or Slackware install, for christ sakes. Might as well after all the manual compiling you do following the book. The first third of the book is *excellent* advice on stripping and locking down every conceivable little entry point, to the point where you can accidentally end up locking _root_ out of the box!! But after that, it is just cookbooking thru downloading, unpacking, compiling, and installing the various programs, like Apache, BIND, etc. Not as much actual configuring for this scenario or that as I would have thought. Gets very repetitious very quickly.

Just my two cents worth,

Monte