From: JD Austin > 1. Disable root login via ssh (usually in /etc/ssh/sshd_config -> > PermitRootLogin no) If you've got to get in there as root non-interactively (which could happen), then "PermitRootLogin without-password" is a better idea. That means you have to keep root's private SSH key extremely private, though. > 4. Disable any services you don't need/use This should probably be point 1, considering how important it is. > https://help.ubuntu.com/community/SELinux If you decide to do this, put it in "permissive" mode first and then run through a bunch of normal tests. Then look at the logs, figure out where all your normal tests would've failed, change the security contexts and/or the applications you're using so that the operations would be permitted. Rerun tests. Keep doing this. Allow several days. If you have to run things that you don't maintain (like MySQL, or WordPress) or don't have time to fix extensively, you may realize you don't have enough time and energy to deal with selinux. (In general, security is directly proportional to how much of a pain in the ass it is to get anything done.) > 7. Check all of your logs daily :) This gets difficult if you have multiple G of logs every day.... -- Matt G / Dances With Crows The Crow202 Blog: http://crow202.org/wordpress/ There is no Darkness in Eternity/But only Light too dim for us to see --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss