[luau] Road Runner
Steve Anderson
andersons001 at hawaii.rr.com
Sun Mar 24 11:35:03 PST 2002
> gone to this site, I recommend a look.
> Any others out there better?):
CERT is very resource, especially the CERT advisories.
I like this site:
http://www.giac.org/GCUX.php
Tons of stuff. But anyway, a Google search on "securing linux" or
"armoring linux" would provide you with lots of sites to filter through.
As you move forward, remember Google is your friend. I have found many
solutions to OS/Application problems through relentless searches of
Google Groups.
You will not find one absolute source of information on securing Linux.
You most likely will need to use various sources. After you fully
analyze the role of your machine, you can begin to secure your machine.
There are many varying approaches to security and you have to find the
one that suits your needs.
For instance, some folks simply turn off services with xinetd, while
others completely remove the offending startup scripts in
/etc/rc.d/init.d. And still others remove the program from their system.
This last approach strips the system down to the bare minimum programs
necessary for the narrow scope of the machine. This is just one example
of an area of security and there are of course many areas to look at.
The role and location of the machine help determine the level of
security that you employ. I would think that your company will place the
database server behind a firewall, unless the server requires
connectivity with remote machines. So you need to look at the security
procedures of the entire network and research your company Security
Policy.
Steve Anderson
More information about the LUAU
mailing list