Re: Linux hardening

[James Leighe <jamesleighe () gmail com>]

I would recommend trying out Bastille Linux, it's basically a pearl
script that interactively hardens your installation, if nothing else
it's a time saver... and who knows maybe it includes a security tweak
that you did not think to do yet.

On 20/08/05, AragonX <aragonx () dcsnow com> wrote:
> I had an intrusion on one of my servers and am in the process of hardening
> it (after a reinstall).  I'm using Fedora Core 4.  I've taken all the
> basic steps (shutting down unused services etc) and have done the
> following:
>
> Installed Smothwall on a separate box.
> Installed & configured AIDE, Snort and chkrootkit
> Ran Bastille
>
> I am in the process of configuring LIDS.  I'm using LIDS instead of
> SELinux because it's easier for me to configure.
>
> My next and final step will be to install mod_security.
>
> The server performs the following tasks:
>
>    Web (Squirrelmail, eGroupWare, myPhpAdmin and others) and email serving
> to the internet.
>    File, print and DHCP serving to my local network.
>
> I'm looking for more preventative measures.  It appears that LIDS and
> mod_security are the only ones in that role now.  Should I jail apache?
> Would that give me any benefits over what LIDS provides?
>
> Thank you in advance.