I just use iptables to filter, disable all the services I don't need, compile a custom kernel, set openssh to version 2 only and don't accept pwds (in some cases only dsa-keys) and check remotely with nmap/nessus to see what's still reachable also try to make all services that are running and reachable not-show their version. so all manually, no tools that do the work for me.
regards, Diederik > Date: Wed, 22 May 2002 12:29:14 -0400 > From: "Fallon, Benjamin" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Linux Hardening > > Anyone know where I can find step-by-step documentation > on Hardening RH Linux boxes? I usually just use Bastille > Linux to do the hardening but I'd also like a better > understanding to be able to also perform the task manually > as well. > > Thanks, > > Ben > -- Lord of the Rings LITE(tm) -- by J.R.R. Tolkien Some guys take a long vacation to throw a ring into a volcano One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.