On 22:51 23 May 2002, Anders Thoresson <[EMAIL PROTECTED]> wrote: | 1) I've scanned newsgroups, this maillist and other resources. But I can't | find a solution to stop X listen for incoming connections at TCP port 6000. | How do I do this?
You may not be able to (a quick glance at the XFree86 manual entry doesn't show an option for this). But you can use ipchains to set up a rule to prevent people from connection to the service. Or don't run X11. | 2) What file integrity checker is the best choice? Simple setup more | important than many features. I've looked at AIDE, but not succeeded in | compiling it. I've looked at Tripewire, but the configuration seems very | complex. Should I sit down with the manual and learn Tripwire, or is for | instance Samhain a good choice? Rpm has a check in it (--verify option as I recall). You can use it to check the installed components. It's an ok first cut, but it can probably be tricked by modifying the rpm database; tripwire gets around this by keeping the db on a read only medium like a write protected floppy. | Also, this is what I've done so far, security-wise: | 1. During installation, a clean one, set the security at "high" and | "standard rules" for the firewall. This will block quite a lot of stuff. Which is good. | 2. Shut down every service listening for incoming connections. Just X and | xinetd (listening at som UDP port, this is something I have figured out yet) | remaining. You've grepped for that IP in /etc/services? | 3. Changed default umask to 077. Fair enough. Some of the less careful install scripts assume a more generous umask, so bear that in mind if you install something from source - it may need some tweaking afterwards. | Is there anything obvious I have forgotten and should do, beside installing | a file integrity checker, before I put the computer online the first time | and runs up2date? The computer is only being used by me and is on a | SOHO-network with only trusted computers, all protected by a firewall. Make sure you're using MD5 passwords, and that any account which has a password has a good long one. And make sure most accounts have no password (_not_ an empty one). -- Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/ network security: 1. Kill all your users. 2. Remove all accounts. 3. Detach network and dialups. 4. Turn off machine. - David A. Guidry <[EMAIL PROTECTED]> _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
