Re: [PLUG] security for home users

Jason on 22 Jul 2005 14:43:33 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] security for home users

From: Jason <jcostom@gmail.com>

To: "Christopher M. Jones" <cjones@partialflow.com>

Subject: Re: [PLUG] security for home users

Date: Fri, 22 Jul 2005 08:57:14 -0400

Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Reply-to: Jason <jcostom@gmail.com>, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

On 7/21/05, Christopher M. Jones <cjones@partialflow.com> wrote: > I've done 1-4. But beyond that, I don't even know what the issues are. > So that's why I asked for the basic tutorial. I've just never had to > worry about security and I think it's something I should know about > anyway. Thanks for the suggestions. Excellent start then. Definitely work your way from outside to inside. Next steps would be to do a bit of hardening to your OS. Strip off extraneous services you don't use. Why start nfs daemons if you're not using nfs? Why start (postfix|sendmail|exim|etc.) if you're not running a mail server? Do you need to have Apache, MySQL, PostgreSQL and 17 other services running on your workstation? Probably not. Check your (inetd|xinetd) configuration too. You probably don't need much of anything in there. In fact, you may find that you can just completely disable (inetd|xinetd). Lots of people recommend scripts like Bastille. While a fine idea to download and look at what it does, I'm a big believer in self-implementation - that way you learn something along the way. Otherwise, you learned how to run a script. If your distribution provides it, consider using SELinux. You get SELinux in (at least) FC3, FC4, RHEL4, CentOS 4 and WBEL 4. Things like prohibiting root ssh sessions (in the /etc/ssh/sshd_config file) are always good. Choose good passwords. The strongest passwords contain mIxEd CaSE words, letters, numbers and even special characters such as + , . | ( * ) and so on. Rather than a simple password, a great way to go is to choose a phrase that you'll easily remember, and convert that into a password. Eg: Suppose you had a daughter, Jennifer, and she was 13 years old. This might lead you to the phrase, "My daughter, Jennifer is 8 + 5 years old.", or a password of: MdJi8+5yo. Don't login as root. Use su, or better still, sudo. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

RE: [PLUG] security for home users
From: "Chris" <chris@jynx.net>

References:

[PLUG] Newbie level DHCP client question
From: Douglas Lentz <dlentz@dca.net>

[PLUG] security for home users
From: "Christopher M. Jones" <cjones@partialflow.com>

Re: [PLUG] security for home users
From: Jason <jcostom@gmail.com>

Re: [PLUG] security for home users
From: "Christopher M. Jones" <cjones@partialflow.com>

Prev by Date: [PLUG] [OT] Free to good home

Next by Date: RE: [PLUG] security for home users

Previous by thread: Re: [PLUG] security for home users

Next by thread: RE: [PLUG] security for home users

Index(es):

Date

Thread