"Koen" <[EMAIL PROTECTED]> writes: > > Anyone know where I can find step-by-step documentation > > on Hardening RH Linux boxes? I usually just use Bastille > > Linux to do the hardening but I'd also like a better > > understanding to be able to also perform the task manually > > as well.
[...] > What I do first after installation is an 'rpm -qa > rpmfiles' and check out > every rpm that's in there and see wether I really do need it. If not it's > easily removed with rpm -e. Also: Be especially cautious of programs which have setuid/setgid permissions. Use: find /usr/bin -perm -02000 -o -perm -04000 -ls to do this, then use "rpm -qf" to figure out which RPMs they come from, and remove RPMs that have setXid files you don't need. Many setXid files aren't really necessary for many machines; for example, on machines which are servers, I remove the setXid bits from ping and traceroute. This makes it so that only root can use them, but it means that any bugs which are later found in them aren't exploitable. Be equally cautious of anything which has a port open. Use netstat -ap --inet to see who has Internet ports open, and if you find processes that are in the LISTEN state that shouldn't be, either stop those daemons from starting and kill them, or else uninstall the RPM that they're in. Finally, be cautious with what software you install. Look at the security track record of each server that you're using, and if it's spotty, consider using something else instead. Good luck, ----ScottG.