[vox-tech] Before I do this...

Peter Jay Salzman vox-tech@lists.lugod.org
Mon, 25 Mar 2002 13:04:43 -0800 

begin Rusty Minden <clownsinc@attbi.com> 
> For what my limited advice is worth I would start by checking the install. Is 
> it partitioned properly IE is /var and / on separate partitions this is a pet 
> peeve of mine I like to start with proper partitioning, but that is only my 
> opinion. 

good advice, but i think you mean ie instead of IE, which could be
interpreted as something else.  ;)

> Check your system for proper patches and keep it to a minimum.

* actually, go hog wild on proper patches.  don't stop installing them,
  and keep on installing them until you've installed ALL of them.  :)

* keep /functionality/ to a minimum (which is what rusty was saying).
  this is pretty standard stuff:
  don't enable cgi's or SSI unless you use them.  don't load apache
  modules you won't use.  many distros turn everything on but the
  kitchen sink by default.

* disable directory browsing so people can't look at what files you have.

* install portsentry, at least for a few months just so that you educate
  yourself on what nasty traffic you have.  key point: DON'T FREAK OUT.
  you'll see lots of nasty stuff.  mostly doorknob twisting that you
  really don't need to care about.  but you should at *least* be aware
  of.

  once you have the ability to look at your portsentry logs and not want
  to vomit your breakfast all over your keyboard, then you can uninstall
  portsentry.

* use a log reader.  i use logcheck based on jeff's advice.  it's pretty
  good, but i don't think the filtering works 100% as advertised.

> The more 
> software you have installed the more can go wrong IE less is better than more 
> :-) Other than that keep good logs and check them monitor your traffic and 
> use programs like ntop to monitor your network flow and saint to look for 
> security holes like unused ports.

* yes.  use saint, or even better, nmap.  saint is kind of over the hill
  and not maintained well.  nmap is pretty much the defacto standard.

* other things you CAN use are cops and tara (both very out of date).

> You may also want to look into a good 
> security book. LUGOD has one that I donated a while back and I have "Hack 
> Proofing LINUX" by Syngress Press. I was impressed with it personally. Look 
> at http://www.nerdbooks.com for other good books Dave has a great book store.

excellent advice.  all the advice in the world can't equal reading a
good book.  and nerdbooks.com is the best place to go.  they're linux
friendly, lugod friendly and has an incredible assortment of books.

security is a tug of war between a tight system vs convenience and time
you want to spend thinking about security.  no clear cut value of how
much is enough.  but i think everything i mention here is prolly more
than enough for a home adsl user.

also, go to the vox-tech archives and read about mark kim's hacking
project he did for a class at ucdavis.  imho, it's in the top 10 "best
posts ever made to vox-tech".

pete