Colapse all |
Post message
RE: Securing Fedora Core 4 2005-09-26 Shay Wilson (Bryan_Wilson legis state ak us) be careful with rp_filter=1 because it tends to silently drop packets causing you to spend a good deal of time scratching your head wondering where they've gone. A host with multiple routes can have problems with that (It is very good for most machines, but any gateway with redundant paths should be [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-26 Nick Crawford (nick null net) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 For nitty gritty secure OS/Application configuration, I'd suggest taking a look at the NSA's Security Configuration Guides, (http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1), and DISA STIGS (http://csrc.nist.gov/pcig/cig.html). There are of cou [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-26 Andrea Pasquinucci (cesare ucci it) If you are considering MAC (Mandatory Access Control) features, have a look also at RSBAC (http://www.rsbac.org/), it is a quite complete modular MAC system [_personally_ I find it much better than Selinux, with many more features and depending on your skills on setting it up, it can give you a m [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-23 AragonX (aragonx dcsnow com) <quote who="Cocobu"> > A good idea is patching the kernel with grsecurity > (http://www.grsecurity.net/) > > Just my 2 cent. That's the 2nd time I've heard that package suggested. I checked out the web site and it looks very powerful. How easy is it to configure and understand? My major problem [ more ] [ reply ] RE: Securing Fedora Core 4 2005-09-23 Will Yonker (aragonx dcsnow com) <quote who="Charles Heselton"> > Well, those kinds of things should be blocked at your gateway. It's > much faster, and just as secure to handle this in a router's ACL, > than it is on a per machine basis. This way, you only need to worry > about configuring the host firewall for internal or "allo [ more ] [ reply ] RE: Securing Fedora Core 4 2005-09-23 Will Yonker (aragonx dcsnow com) (1 replies) <quote who="Charles Heselton"> > Like I said, they all provide the same outcome. They all are > glorified wrappers for iptables, so they all have the same ultimate > effect. I believe shorewall is a little more "low-level", and may > provide more of the granularity that you are probably looking fo [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-23 AragonX (aragonx dcsnow com) (2 replies) <quote who="K. Jusupov"> > > Nice (impressive) list... > > But wouldnt it be better first to classify the servers > that you are going to secure? > > DB server might not neet spamassasin installed or mail > server would not require for php related things and so > on... > > And it would be easier lat [ more ] [ reply ] RE: Securing Fedora Core 4 2005-09-23 Will Yonker (aragonx dcsnow com) (1 replies) <quote who="Charles Heselton"> > 4. Set up your firewall. I like firestarter (should come with FC4). > Other people like shorewall. Ultimately, it's the same outcome. I wasn't fond of the way Firestarter worked at all. I'll take a close look at Shorewall. I was really worried about rolling m [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-24 Cocobu (cocobu mail pf) (1 replies) There is a quickstart paper on installing and configuring grsecurity (http://www.grsecurity.net/quickstart.pdf) AragonX a écrit : ><quote who="Cocobu"> > > >>A good idea is patching the kernel with grsecurity >>(http://www.grsecurity.net/) >> >>Just my 2 cent. >> >> > >That's the 2nd time [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-23 Glenn Valenta (HDNet) (gvalenta hd net) (1 replies) I Concur! It's nice to see someone with a sense of sanity to security. Also remember that these tools will need to be maintained. The logs reviewed often. Michael Hallager wrote: > Hello. > > I suggest that rather then going in 'boots and all' that you take some time to > study and carefully co [ more ] [ reply ] Re: Securing Fedora Core 4 2005-09-22 AragonX (aragonx dcsnow com) (1 replies) <quote who="Syn Ack"> > Hello AragonX, > I will add these steps to the list: > - Only allow ssh V.2 I'm pretty sure this is the default. I haven't need to make this change since FC2 I think. > - Deny root ssh logins This was implied by "only allow me to logon". What I should have written is "On [ more ] [ reply ] |
Privacy Statement |
---
Fairly recently I noticed my ftp client wouldn't list files in certain directories on my server any
[ more ] [ reply ]