Other really good ideas:
- Make sure your star wars service account has a locked password.  If 
anyone needs access to that account's shell (does it need a shell???), 
make them sudo to it.

- Does that account need a shell or a home dir?

- The Center for Internet Security (CISecurity.org) has a benchmark that 
  will guide you in setting up a pretty secure server.  Free download!!! 
  It also comes with a scoring tool that tells you how well you secured it.

George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760


KevinO wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Rob Wultsch wrote:
> 
>>I am helping a buddy setup a server for of all things a star wars card
>>game. I think the right way to do this is to create user account for
>>the star wars card programs and have the program start up every time
>>the system boots.
>>
>>Am I going about this wrong?
> 
> 
> You are heading in the right direction. /etc/rc.local is sometimes used for
> starting things like this, since it gets executed during the end of system
> startup. It won't provide a shutdown mechanism nor care about run-levels.
> 
> Creating a user for the game to run as is a good idea. Making him run in a
> chroot jail also is better.
> 
> Since this box will be exposed, be sure you don't have anything else running
> that you don't need. (X, mail server, dns server, etc). Make sure the only
> ports open are what you need, then wrap it with a firewall (separate box or
> iptables on this one) to add a second layer.
> 
> - --
> KevinO
> 
> Go placidly amid the noise and waste, and remember what value there may
> be in owning a piece thereof.
> 		-- National Lampoon, "Deteriorata"
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFBgeS8I3MJ/OwKti0RAkdbAJ9R9WY0EBZlFqr60UskpMWBjIUd4ACfSv5S
> C0V2v6kAQYVkLg8Z2GN093g=
> =hLL/
> -----END PGP SIGNATURE-----
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss