Chris on 22 Jul 2005 14:53:33 -0000 |
Its also good to start a password with # crackers,brute force etc ignore lines with # for comments, the odds of a cracker cracking a password with ^# are nill Chris S chris@jynx.net www.Jynx.net -----Original Message----- From: plug-bounces@lists.phillylinux.org [mailto:plug-bounces@lists.phillylinux.org] On Behalf Of Jason Sent: Friday, July 22, 2005 8:57 AM To: Christopher M. Jones Cc: Philadelphia Linux User's Group Discussion List Subject: Re: [PLUG] security for home users On 7/21/05, Christopher M. Jones <cjones@partialflow.com> wrote: > I've done 1-4. But beyond that, I don't even know what the issues are. > So that's why I asked for the basic tutorial. I've just never had to > worry about security and I think it's something I should know about > anyway. Thanks for the suggestions. Excellent start then. Definitely work your way from outside to inside. Next steps would be to do a bit of hardening to your OS. Strip off extraneous services you don't use. Why start nfs daemons if you're not using nfs? Why start (postfix|sendmail|exim|etc.) if you're not running a mail server? Do you need to have Apache, MySQL, PostgreSQL and 17 other services running on your workstation? Probably not. Check your (inetd|xinetd) configuration too. You probably don't need much of anything in there. In fact, you may find that you can just completely disable (inetd|xinetd). Lots of people recommend scripts like Bastille. While a fine idea to download and look at what it does, I'm a big believer in self-implementation - that way you learn something along the way. Otherwise, you learned how to run a script. If your distribution provides it, consider using SELinux. You get SELinux in (at least) FC3, FC4, RHEL4, CentOS 4 and WBEL 4. Things like prohibiting root ssh sessions (in the /etc/ssh/sshd_config file) are always good. Choose good passwords. The strongest passwords contain mIxEd CaSE words, letters, numbers and even special characters such as + , . | ( * ) and so on. Rather than a simple password, a great way to go is to choose a phrase that you'll easily remember, and convert that into a password. Eg: Suppose you had a daughter, Jennifer, and she was 13 years old. This might lead you to the phrase, "My daughter, Jennifer is 8 + 5 years old.", or a password of: MdJi8+5yo. Don't login as root. Use su, or better still, sudo. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|