My short laundry list of security tips:
Disable services in inetd.conf that you don't need. Comment out ftp,
telnet, the r* services, and anything else you don't absolutely have to
have.
Disable services that are started at boot time: bind, postgres, and all
the other wacky stuff that many linux distributions install via the
"kitchen sink approach". Find your default run-level and whack services
out of its start up directory (/etc/init.d/rc3.d most likely).
Know and love tcpwrappers; use it to limit services to known subnets or
hosts as much as possible.
Know and love secure shell; this should defacto replace telnet as your
means of connecting to your system if it hasn't already.
Subscribe to mailing lists that post security announcements. Update your
system as soon as it is feasible if a hole is found in a service you run.
I have found that bugtraq and ntbugtraq have good signal to noise ratios;
the list moderators do a good job on both lists.
Ultimately, the best approach to security is minimalism and vigilance.
This route led me to OpenBSD, which I recommend highly to anyone who is
interested in seeing how secure a unix can be out of the box.
Jack Miller
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
