Home page logo

basics logo Security Basics mailing list archives

RE: Secure host newbie
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 30 Mar 2004 16:54:24 -0800

  I'm going to put a host on the internet in a day or two, it 
will be closed to public during the development stage.  We 
have a lot of services to setup and I was wondering about 
security issues for each of these services.  We will be 
running this on a Redhat 7.3 base system.

Hmm, I'd recommend Red Hat 9.0. If you *have* to use RH 7.3 just
to grab the most recent kernel, well even with RH 9.0 you would still
to do that. I don't recommend Fedora, if you wanted to stay in Red Hat's

The services we will have are HTTP (Apache), private FTP, SSH 
access, POP server for our users, SMTP for users 
that would have to use ours, SSL for secure money 
transactions, might have news server, might have a MP3 stream 
server and will have home-made servers for home-made clients.

First, if you going to use Red Hat, (or Debian) grab APT-Get, from 
http://apt.freshrpms.net/ and run apt-get dist-upgrade. Seaming you
get a RHN account anymore. There are other tools out there for that, but
APT is
the only one I use on a day-to-day basis.

If you're new to Linux head on over to http://easyfwgen.morizot.net/, or
other iptables generator and generate a iptables script. I'm sure the
more Linux 
guys among us can recommend a better one, but I use that one for quick
deployments, works fine.

Grab the newest RPM's for Httpd, OpenSSL, OpenSSH, etc. Pick a good FTP
vsFTPd works fine IMHO but some people don't care for it. I'd recommend
for SMTP/POP3 services, again a better mail server then sendmail IMHO.

Now, before I ask you guys a whole lot of newbie questions, I 
would like to read good documents on these topics.  
Howtos, documentation, tutorials, books, all kinds of 
references are appreciated, especially if I can get them free! 
(Since our budget is extremely limited).

Great source for Linux HowTo's and General system information.

Has some good Documents and Articles.

*The* resource for Red Hat information and guides.

For specific products, (Apache, Postfix, etc) the homepages for those
projects will be loaded with information and guides.

If you don't have very good hardware, I've found that OpenBSD (maybe
FreeBSD) runs much 
better then *NIX. OpenBSD has a much smaller footprint then Linux, which
is good for 
lower-end systems.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]