[lug] Security

Sebastian Sobolewski ( Zeb ) spsobole at mindless.com
Tue Feb 15 14:15:43 MST 2000


Just an FYI, but

         Mandrake Linux 7.0 Installer (based on RedHat 6.1) offers several 
security options.

         Paranoid (for those who are well... paranoid)
         High Security (Perfect for a server)
         Medium Security (Workstation?)
         Low Security (??)
         Hackers Paradise (name says it all)

         I believe the 2 highest security options are VERY secure.  Telnet 
and ftp acces is disabled by default and only secure services are left 
running with very restricted access.

It also allows you to download and install Secure shell and socket rpms to 
increase system security.  Over all a really nice setup.

Sebastian

At 01:11 PM 2/15/00 , you wrote:
>This is something I'd sure like to see.  I'm tired of having to do all this
>manually and sometimes discovering that I missed something because I just
>didn't know about it.
>
>The RPM idea mentioned in another post also would be more convenient.
>
>         -----Original Message-----
>         Date: Tue, 15 Feb 2000 09:44:21 -0700
>         From: Kyle Moore <kmoore at trustamerica.com>
>         To: BLUG <lug at lug.boulder.co.us>
>         Subject: [lug] Security
>         Reply-To: lug at lug.boulder.co.us
>
>         I'm fishing for opinions on default security. Our company just spent
>a
>         ton of money on a security audit so it got me thinking about
>security on
>         other systems as well as the ones I am responsible for.
>
>         Do you think it would be good if the installer (of whatever OS you
>are
>         installing) prompted you for at least two different kinds of
>security.
>         Maybe it gave you a screen that said 1)Would you like to set your
>system
>         up to be more secure or 2)Would you like default security. I am from
>the
>         school of "install as little as possible to do the job" but I know
>many
>         people don't. I just think it is a joke that some people have NIS,
>NFS,
>         Samba, Sendmail, Apache, a database, a proxy server, dns, a news
>server,
>         snmp, etc. running on a machine and they don't even know it. I think
>at
>         the very least it should install the product but not start it at
>boot
>         until it is configured.
>
>         With DSL and cable modems becoming more popular, I think it would be
>         great if the OS made it easier for someone without much knowledge to
>         have a somewhat secure system. Maybe this means the first choice of
>an
>         install is beginner or expert. The expert side would leave you alone
>to
>         shoot yourself in the foot. The beginner install would as you about
>         security and explain what the packages you have selected actually
>do.
>         When you have a Linux box that you use for internet access and you
>         select NIS and NFS, the install says what they are for and they
>allows
>         you to change your selection.
>
>         Just kicking around some ideas...thought I would share them with the
>         group.
>
>         -kjm
>
>
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug






More information about the LUG mailing list