Mon Mar 17 17:25:14 GMT 2008 Secure Linux-------- Original Message -------- Subject: Re: 本人已做了不同方法, 務求令linux secure... Date: 6 Dec 2004 23:55:18 +0800 From: 深海公子 Organization: 3home.net Newsgroups: 3comp.linux References: <41b47d72$1@news.3home.net> uninstall unused packages, keep minimum set of packages in ur server update apache, openssl, openssh, kernel and other main packages in ur server, i remember there are serious bugs in these packages of rh9 disable unused mod in apache, especially the user, status and dav mod. in ssh, use only Cert Authentication, disable passwords, rhost auth ... etc generate a 2048 bit and password protect cert to login ur server via ssh. block incoming ping use tripwire to monitor file changes. separate important files that should not be changed to a read only partition/media, or a HD set to read only in BIOS. remount it as RW when necessary. > 請問還有什麼需要做...以求被人成功hack 入的機會減至最低呢... disconnect from network .... -- 香港盈訊 http://www.hkes.com * 伺服器托管,伺服器租用,網頁儲存,網頁寄存,垃圾郵件,病毒,過濾 �獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺獺� _______________________________________________________________________ > 本人用redhat linux 9, 已做了: > -update 左的rpm packages, > -set 了個iptables, disable 左唔用d service > -同埋限制某些ip 才可連入 ssh server(ssh not use port 22) > -set 左 portsentry > 本人個server 只有 apache, ssh 等.. > 請問還有什麼需要做...以求被人成功hack 入的機會減至最低呢... > 請問各位有沒有這方面可以分亨一下 > thx ~ > > > > -- > 10M"地獄火"寬頻免費試用3天 > http://www.cyberec.com/ > -- 10M"地獄火"寬頻免費試用3天 http://www.cyberec.com/ (google search) (amazon search) second |