> Anyone know where I can find step-by-step documentation > on Hardening RH Linux boxes? I usually just use Bastille > Linux to do the hardening but I'd also like a better > understanding to be able to also perform the task manually > as well.
* get an IDS (http://www.lids.org/about.html) * check periodically for rootkits and changed files (http://www.chkrootkit.org/) * install a good firewall and check your logs (http://www.netfilter.org/) * use tcp_wrappers for services that support it * uninstall every binary that you don't need * restrict the locations that are world-writable and/or world-readable * read documenation * read again * http://razor.bindview.com/index.shtml What I do first after installation is an 'rpm -qa > rpmfiles' and check out every rpm that's in there and see wether I really do need it. If not it's easily removed with rpm -e. If you're installing some daemons that are available for the public, best is to remove the rpm-version and install them from source (that way you have both the latest version and you can configure it the way you want). Install one box that acts as a syslogger and make sure every other boxs logs to this one Install nessus on one machine and scan your host from the outside and see what comes up. Hope this helps, Koen www.cudeso.be
