Michael Havens wrote:
> 
> 
> 
> :-)Mike(-:
> 
>>     I would like to claim that it was not my fault, but the fact that 
>>I ran a service as root that was unnecessary means it was my fault. 
> 
> 
> --Well, seeing as how I got a job that pays some money (yeaaaaah) and will be able to get DSL soon it is a good thing that people are helping me learn to lock down my system. 
> 
> 
>>highly recommend chacking it out:  <http://cisecurity.org/>  Not only 
>>does it tell you what to do, it tells you why.  The scoring tool is 
>>non-invasive and will make no changes on your system - they leave that 
>>up to you.
> 
> 
>>I scripted the benchmark for my Debian servers (pretty easy - you'll see 
>>once you download the benchmark - they give you the code to create the 
>>script).  I now lockdown my Debian boxes by running 2 scripts.
> 
> 
> --downloaded from cisecurity?

No - I took the PDF, and scraped the commands and pasted them into vi. 
The result is a script (after I put #!/bin/bash on the first line).


> 
>>Another great learning experience is Bastille - it will ask you 
>>questions and harden your system based on your answers.  Bastille is 
>>available in RPM format is is a perl script.  It will make changes on 
>>your system.
> 
> 
> -- I would think the cisecurity option would be a better learning opportunity if I can download it for debian (fakeroot alien -r <rpm package>?)

For maximum learning, go through the manual.  Scrape the PDF and paste 
the commands if you have to.  Go through the manual.  Go through the 
manual.  Did I say "go through the manual?"

You need to know what you are doing - not run some George-O-Matic(TM) 
script and declare yourself secure.  Security is a journey, not a 
destination.

Perhaps this would make an appropriate installfest side activity?  Thoughts?


> Finally, the aforementioned Securing and Optimizing Red Hat Linux by 
> openna is pretty good.  Very long read (yes, even longer than this 
> post), but still good.
> </soapbox>
> 
> --What is this 'openna'?


See previous post in this thread.

-- 
George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss