Hi all,

Is there Document for Fedora Core 4 how to secure it before connecting to network.
I have found one for Red Hat 8 and 9 @ www.bio.upenn.edu/computing/security/linux.

Can we put somthing together?

Thanks

Shut down unnessary services like ssh vnc etc.. Anything that will open holes into your system plug 'em up

Newbie question. If you are running a system through a router with a firewall. Is there still a danger?

tresslyn not if those ports are closed via the router/firewall. i.e. FTP will not work even if it's all 'good' on the client side until it's opened up via the router/firewall.

Thanks Crux. I will give it a shot off site some where and see what happens.

Newbie question. If you are running a system through a router with a firewall. Is there still a danger?
yep--there's always a danger from the Internet--you would probably be running a "home" type router/firewall appliance--did you ever wonder why commercial data centers/businesses run those $1,000's++ of dollar versions??

I got that message. Maybe Santa will bring me a new router for x-mas.

Here is an excerpt from the %post section of a kickstart file I have used to provision one of my desktop machines. It does some of the simple hardening such as inactivating unneeded services and disallowing root logins from the console and over ssh. It is, of course, somewhat dependent on the servers specified in the remainder of the kickstart file, and to the extent that your machine is different, you will need to modify it. Your mileage may vary.

# Disable unneeded services
echo "Turning off unneccessary services..."
for SERVICE in autofs bluetooth isdn kudzu mDNSResponder mdmonitor \
netfs nifd pcmcia;\
do echo "Turning $SERVICE off."; /sbin/chkconfig $SERVICE off;\
done
# Activate desired services
echo "Turning ldap on."; /sbin/chkconfig --level 2345 ldap on
echo "Turning saslauthd on."; /sbin/chkconfig --level 2345 saslauthd on
echo "Disabling graphical boot..."
cp /etc/sysconfig/init /etc/sysconfig/init.original
sed -e 's/# Turn on graphical boot/# Turn off graphical boot/' \
-e 's/GRAPHICAL=yes/GRAPHICAL=no/' /etc/sysconfig/init.original \
> /etc/sysconfig/init
echo "Disallowing root login via SSH..."
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sed -e 's/#PermitRootLogin yes/PermitRootLogin no/' \
/etc/ssh/sshd_config.original > /etc/ssh/sshd_config
echo "Disallowing root login from the console (prefer to use su, for logging)..."
cp /etc/securetty /etc/securetty.original
cat /dev/null > /etc/securetty


To use it, copy it using ctrl-C from your browser. From the command line, type cat > harden.sh and then paste it into your terminal (for mine, I use <shift>-ctrl-V) and terminate it with ctrl-D. Make it executable with chmod +x harden.sh and execute it with ./harden.sh.

You may want to look into Bastille linux and you should consider reading "Hacking Linux Exposed" by Brian Hatch.

Hope this helps.
-al

Thanks,

I'll try to get that book.

if you have a router of course it's better, anyway, just learn how to set up correctly iptables and you shouldn't have problems ;)

also not running a static ip helps a fair bit too because you effectivly dont become a sitting duck if your ip to the outside world is only the same for 100 odd hours at a time

I used this one for my home network. Alpha Shield (http://www.alphashield.com/index.html)

It actutally worked to well so I removed it. I was unable to keep a steady webcam stream with my wife, so I removed it and sold it to my brother. Seemed to do it's job very well though. Got it at Best Buy for about 70 bucks. This was about a year back when I was working out of country.