At 03:16 PM 4/27/00 -0400, you wrote:
>Well, I got 6.2 installed, and also installed the errata. As an interesting
>aside, after installing the new kernel and sources, I had to recompile as it
>broke my networking - just as well, as it's now a meaner, cleaner kernel.
>
>OK, as I said before, I want ftp, telnet, smtp, pop, and http available to
>the outside world, and the same plus samba on the inside world. I want to
>masquerade across the box (kernel compiled as a router).... I also want to
>make the box as airtight as possible against hackers - this includes
>portsentry, tripwire, and some sort of log checking software...
>
>Here's the question - what should I do next?
>
>What things do I need to do next to meet my ultimate goal?
>
>I think I have disabled everything except telnet and ftp, but I need to
>actually check the services file to be sure (did it through linuxconf)...
>What should I do to avoid the security problems with telnet & ftp?
>
>Should I go ahead & run bastille on the box, or what (I had to reinstall
>after I did that last time) - Any help is greatly appreciated.
>
>Thanks
>
One thing I would suggest is to remove telnet, and install ssh instead.
You may want to set up your firewall to block all ports, and then just
open up the ports you need. One disadvantage of this is that Portsentry
has problems detecting port scans with most of the ports blocked...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
