[lug] Security

George Sexton gsexton at mhsoftware.com
Tue Feb 15 11:07:33 MST 2000


Perhaps one approach would be to create an RPM (or script) that would
tighten things up:

I.E. comment out most things in inetd.conf, remove links from the rc?.d
directories (or at least prompt the user if they should be removed), create
a default strong hosts.deny file, etc. This would be a lot easier than
writing a whole installer and could be done after the fact.

George Sexton
MH Software, Inc.
Voice: 303 438 9585
Fax: 303 469 9679
URL: http://www.mhsoftware.com

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of Kyle Moore
Sent: Tuesday, February 15, 2000 9:44 AM
To: BLUG
Subject: [lug] Security


I'm fishing for opinions on default security. Our company just spent a
ton of money on a security audit so it got me thinking about security on
other systems as well as the ones I am responsible for.

Do you think it would be good if the installer (of whatever OS you are
installing) prompted you for at least two different kinds of security.
Maybe it gave you a screen that said 1)Would you like to set your system
up to be more secure or 2)Would you like default security. I am from the
school of "install as little as possible to do the job" but I know many
people don't. I just think it is a joke that some people have NIS, NFS,
Samba, Sendmail, Apache, a database, a proxy server, dns, a news server,
snmp, etc. running on a machine and they don't even know it. I think at
the very least it should install the product but not start it at boot
until it is configured.

With DSL and cable modems becoming more popular, I think it would be
great if the OS made it easier for someone without much knowledge to
have a somewhat secure system. Maybe this means the first choice of an
install is beginner or expert. The expert side would leave you alone to
shoot yourself in the foot. The beginner install would as you about
security and explain what the packages you have selected actually do.
When you have a Linux box that you use for internet access and you
select NIS and NFS, the install says what they are for and they allows
you to change your selection.

Just kicking around some ideas...thought I would share them with the
group.

-kjm

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug





More information about the LUG mailing list