Contact:[email protected]
Run 'pwconv' to turn on shadow passwords. Turn off services in inetd.conf. ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd gopher stream tcp nowait root /usr/sbin/tcpd gn shell stream tcp nowait root /usr/sbin/tcpd in.rshd login stream tcp nowait root /usr/sbin/tcpd in.rlogind talk dgram udp wait root /usr/sbin/tcpd in.talkd ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d imap stream tcp nowait root /usr/sbin/tcpd imapd finger stream tcp nowait root /usr/sbin/tcpd in.fingerd time stream tcp nowait nobody /usr/sbin/tcpd in.timed time dgram udp wait nobody /usr/sbin/tcpd in.timed auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l - e -o Remember to SIGHUP inetd! Either don't run the sendmail daemon, or install the latest available with the 'norelay' option. Install updateme: rpm -i ftp://linuxserv.uga.edu/pub/unix/linux/updateme-3.5.1-1.noarch.rpm Make sure that humans read root's mail. Change /etc/aliases and run newaliases Install and use ssh Change /etc/logrotate.conf Install and configure logcheck: rpm -i ftp://linuxserv.uga.edu/pub/unix/linux/redhat/contrib/libc6/i386/logcheck-1. 1.1-1.i386.rpm Remove /etc/issue and /etc/issue.net and change /etc/rc.d/rc.local. This will make it harder for potential hackers to gain information about your machine. Configure tcpwrappers and limit connections to localhost and other trusted domains within UGA. If FTP is needed, install proftp and remove wu-ftp Do not allow root logins, force users to su to root. remove packages you don't need. time daemon swatch Back to the Index