RE: Secure host newbie

["Shawn Jackson" <sjackson () horizonusa com>]

>   I'm going to put a host on the internet in a day or two, it 
> will be closed to public during the development stage.  We 
> have a lot of services to setup and I was wondering about 
> security issues for each of these services.  We will be 
> running this on a Redhat 7.3 base system.

Hmm, I'd recommend Red Hat 9.0. If you *have* to use RH 7.3 just
remember 
to grab the most recent kernel, well even with RH 9.0 you would still
have
to do that. I don't recommend Fedora, if you wanted to stay in Red Hat's
free
family.

> The services we will have are HTTP (Apache), private FTP, SSH 
> access, POP server for our users, SMTP for users 
> that would have to use ours, SSL for secure money 
> transactions, might have news server, might have a MP3 stream 
> server and will have home-made servers for home-made clients.

First, if you going to use Red Hat, (or Debian) grab APT-Get, from 
http://apt.freshrpms.net/ and run apt-get dist-upgrade. Seaming you
can't
get a RHN account anymore. There are other tools out there for that, but
APT is
the only one I use on a day-to-day basis.

If you're new to Linux head on over to http://easyfwgen.morizot.net/, or
any 
other iptables generator and generate a iptables script. I'm sure the
more Linux 
guys among us can recommend a better one, but I use that one for quick
little 
deployments, works fine.

Grab the newest RPM's for Httpd, OpenSSL, OpenSSH, etc. Pick a good FTP
server, 
vsFTPd works fine IMHO but some people don't care for it. I'd recommend
Postfix 
for SMTP/POP3 services, again a better mail server then sendmail IMHO.

> Now, before I ask you guys a whole lot of newbie questions, I 
> would like to read good documents on these topics.  
> Howtos, documentation, tutorials, books, all kinds of 
> references are appreciated, especially if I can get them free! 
> (Since our budget is extremely limited).

http://www.tldp.org
Great source for Linux HowTo's and General system information.

http://www.linux.com/
Has some good Documents and Articles.

http://www.redhat.com/docs/
*The* resource for Red Hat information and guides.

For specific products, (Apache, Postfix, etc) the homepages for those
projects will be loaded with information and guides.

If you don't have very good hardware, I've found that OpenBSD (maybe
FreeBSD) runs much 
better then *NIX. OpenBSD has a much smaller footprint then Linux, which
is good for 
lower-end systems.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338
 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------