Re: Right way to setup server?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKevinO at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
To: plug-discuss
Subject: Re: Right way to setup server?
Other really good ideas:
- Make sure your star wars service account has a locked password. If
anyone needs access to that account's shell (does it need a shell???),
make them sudo to it.

- Does that account need a shell or a home dir?

- The Center for Internet Security (CISecurity.org) has a benchmark that
will guide you in setting up a pretty secure server. Free download!!!
It also comes with a scoring tool that tells you how well you secured it.

George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760


KevinO wrote:
> > Rob Wultsch wrote:
>
>>I am helping a buddy setup a server for of all things a star wars card
>>game. I think the right way to do this is to create user account for
>>the star wars card programs and have the program start up every time
>>the system boots.
>>
>>Am I going about this wrong?
>
>
> You are heading in the right direction. /etc/rc.local is sometimes used for
> starting things like this, since it gets executed during the end of system
> startup. It won't provide a shutdown mechanism nor care about run-levels.
>
> Creating a user for the game to run as is a good idea. Making him run in a
> chroot jail also is better.
>
> Since this box will be exposed, be sure you don't have anything else running
> that you don't need. (X, mail server, dns server, etc). Make sure the only
> ports open are what you need, then wrap it with a firewall (separate box or
> iptables on this one) to add a second layer.
>
> - --
> KevinO
> 
> Go placidly amid the noise and waste, and remember what value there may
> be in owning a piece thereof.
>         -- National Lampoon, "Deteriorata"

> > ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Westside?Audacity error->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)