Besides the fact that this server looks as if it has a few Trojans on it,
lets have a look at the fundamental steps in minimizing services:
1) Install only the required packages. You are obviously setting this
machine up for a purpose so install what you need. When installing a new
server keep it on an independent network not accessible from the net.
2) Comment out any services that you don't require in /etc/inetd.conf.
To make doubly sure use this check " cat /etc/inetd.conf | grep -v "#" "
and restart inetd.
3) Stop any processes in /etc/rd.d/init.d that aren't required. These
services can easily be turned off by going into setup /usr/sbin/setup
(version 6.1) and select the services not required.
4) Remove any users from /etc/passwd that you don't require.
5) Install ssh and kill telnet.
6) If you are using FTP engage extra logging with -l -L -i -o in
inetd.conf
7) Use you /etc/hosts.deny and allow to restrict access
8) Apply latest patches etc
If you would like to read more, here is a great whitepaper written by lance
spitzner who currently is a member of the honey pot project.
http://www.enteract.com/~lspitz/linux.html
Cheers
Mark
-----Original Message-----
From: mouss [mailto:[EMAIL PROTECTED]]
Sent: 20 March 2001 03:39
To: Patrick Orzechowski; Hans Scheffers
Cc: Firewalls-Digest (E-mail)
Subject: Re: Redhat 7.0:Securing system
At 08:04 20/03/01 -0500, Patrick Orzechowski wrote:
>you need to edit your etc/services file to shut off those services....
that might work, but he will get too many errors!
the right way should be to comment the services in /etc/inetd.conf
(as far as I know, xinetd uses the same file as inetd).
have a look at:
http://www.macsecurity.org/resources/xinetd/tutorial.shtml
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
