Re: ext2fs and security settings

Tue, 19 Nov 2002 18:41:23 -0800

Some VERY Simple rules. Turn off ALL network Services not needed to run the system (this is done in
the inetd.conf file). Cancel, trash or otherwise do away with daemon process you DO NOT need.
With the FEW remaining services in networking - run them thru wrappers.
From there on, build the iptables/chains for the firewall.

Oh yeah ..... if you do NOT NEED NFS - get the h*ll rid of it .....

Robert Black Eagle wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 19 November 2002 5:50 am, m.w.chang wrote:


again, not when I am new to linux. do you know how intimidating for a
newbie when they see doors and doors of obstacles to setup a simple
home server behind a hardware firewall+router? Most newbies are not
ready for the hussles at the *Very* beginning.



More research into viruses, trojans and worms might convince you
otherwise.




Here's the problem I ran into.  When I first installed linux, I ran as 
root for a long time (no security issues).  Some cracker screwed my 
system to the wall, so I had to reinstall it.  I then learned to run as 
a user.  My users files got messed up by some cracker.  I even set up a 
separate "fake" user for internet access.  Some overflow problem messed 
up the root system.  Now I run behind a firewall (not hardware and 
according to tests, I am invisible to outside hackers) and I've not had 
problems since.



I discovered that most systems will be at least looked at by hackers 
within 15 minutes of getting online and often faster than that.  Many 
times on Windows, the reason a reinstall is necessary every few months 
(esp for 9X systems) is that crackers mess things up sometimes even 
when they don't intend to.



- -- 
Robert Black Eagle	

Linux for stability; GPG for security

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.0 (GNU/Linux)



iD8DBQE92mG9tjSYKkYJrmcRAoXnAJ4lqJbF/U+mHuWgG7Gj+zSgxh6OJgCdFVUG

AqTAiydY3+Uv3VIFc31ksq4=

=NRLP

-----END PGP SIGNATURE-----

_______________________________________________

Linux-users mailing list

[EMAIL PROTECTED]

Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users



.







--

Ben Duncan   Phone (601)-355-2574     Fax (601)-355-2573   Cell 
(601)-946-1220

                        Business Network Solutions

                     336 Elton Road  Jackson MS, 39212

   "Software is like Sex, it is better when it's free" - Linus Torvalds



_______________________________________________

Linux-users mailing list

[EMAIL PROTECTED]

Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users























					Reply via email to