[svlug] Server Hardening
Rick Moen
rick at linuxmafia.com
Fri Sep 22 11:52:54 PDT 2006
Quoting Don Marti (dmarti at zgp.org):
> I do find it helpful to keep a checklist of items to
> look at when putting up a new server.
>
> Here's a new version:
> https://monkey.linuxworld.com/NewServer.html
Damn, that's good. I can't think offhand of a thing to suggest that's
not there. I was going to say "nmap your box", but you've actually
listed it _twice_. The one comment I can think of is that you really
need to nmap it from a different host on the same LAN; a Knoppix
live-CD session will suffice for that.
Why? Because nmapping localhost doesn't tell you a thing about what's
attackable from elsewhere.
That hint about how to run a Stable/Testing mix via pinning is correct
but, in my view, unwise: People needing a broader selection of packages
on Stable should either stick to backports.org repositories or make the
jump to Testing/Unstable. Mixing Stable/Testing is a bad idea, because
there is just too wide a gap in app versioning: E.g., something's going
to drag in a leading-edge libc6 package, and mess up the system.
You might mention that make-kpkg is provided by the "kernel-package"
.deb .
Suggested hyperlink for "NTP pool": http://www.pool.ntp.org/use.html
More information about the Svlug
mailing list