RSS feed [root] /security /document




login:

password:

title search:




 


Mon Mar 17 17:25:14 GMT 2008

Secure Linux



-------- Original Message --------
Subject: Re: 本人已做了不同方法, 務求令linux secure...
Date: 6 Dec 2004 23:55:18 +0800
From: 深海公子
Organization: 3home.net
Newsgroups: 3comp.linux
References: <41b47d72$1@news.3home.net>

uninstall unused packages, keep minimum set of packages in ur server

update apache, openssl, openssh, kernel and other main packages in ur server,
i remember there are serious bugs in these packages of rh9

disable unused mod in apache, especially the user, status and dav mod.

in ssh, use only Cert Authentication, disable passwords, rhost auth ... etc
generate a 2048 bit and password protect cert to login ur server via ssh.

block incoming ping

use tripwire to monitor file changes.

separate important files that should not be changed to a read only partition/media, or a HD set to read only in BIOS.
remount it as RW when necessary.

> 請問還有什麼需要做...以求被人成功hack 入的機會減至最低呢...
disconnect from network ....


--
香港盈訊 http://www.hkes.com
* 伺服器托管,伺服器租用,網頁儲存,網頁寄存,垃圾郵件,病毒,過濾
�獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺�

_______________________________________________________________________

在郵件 news:41b47d72$1@news.3home.net 中撰寫...
> 本人用redhat linux 9, 已做了:
> -update 左的rpm packages,
> -set 了個iptables, disable 左唔用d service
> -同埋限制某些ip 才可連入 ssh server(ssh not use port 22)
> -set 左 portsentry
> 本人個server 只有 apache, ssh 等..
> 請問還有什麼需要做...以求被人成功hack 入的機會減至最低呢...
> 請問各位有沒有這方面可以分亨一下
> thx ~
>
>
>
> --
> 10M"地獄火"寬頻免費試用3天
> http://www.cyberec.com/
>



--
10M"地獄火"寬頻免費試用3天
http://www.cyberec.com/




(google search) (amazon search)
second
download zip of files only