[TriLUG] Basic Security Question

Robby Dermody nova at naomi.avalonent.org
Thu May 9 10:36:23 EDT 2002


At least the distros I've tried recently have been getting better in
this department. Take a serious look at Mandrake 8.2. It's an excellent
distro, and gives you the option of security levels (i.e. basically from
a very open system to a very restrictive level where everything is
denied by default). If you installed at security level 3 (or 4-5 if
you're a control freak) it should be pretty good right out of the box.
However, don't take my word for this, and instead find a good security
howto that goes over topics such as disabling any unessential services,
not using use telnet, rsh, ftp servers if at all possible, etc. Securing
a "client" machine IMO is much easier than a "server" (terms in quotes
b/c unix is inherently multiuser and all machines are "servers" in some
regard), so if all you're setting up is a "client", it shouldn't be that
bad. I'd take a look at abacus logcheck and possibly abacus
hostsentry/portsentry if you're serious about your security (do a google
search).

Good luck, too much info I know, sorry. :)

Robby

On Thu, 2002-05-09 at 10:25, Lisa C. Boyd wrote:
> Three years ago (yeah - I know - an eternity in software time), I went to a 
> seminar/conference about Linux. The speaker was talking about how Linux 
> installs left a lot of open doors that are major security risks. Doors that 
> have to be closed by the user and that most student users never realize 
> that they need to close those doors. This was at a time when there were a 
> lot of problems on the network due to students not configuring their 
> computers correctly.
> 
> So - is this true for installations nowadays? And if so, ya'll will help me 
> Saturday close all those doors right? ;)
> 
> Lisa B.
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
-- 
Robby Dermody
Avalon Entertainment
eMail: robbyd at avalonent.org
web: www.avalonent.org
aim: nova0523

 FREE TIBET, with purchase of second
    Tibet of equal or lesser value




More information about the TriLUG mailing list