tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Sangeelee <ke...@susa.net>
Subject Re: Locking down daemons on Redhat 6.2
Date Tue, 17 Oct 2000 22:11:00 GMT
On Tue, 17 Oct 2000, Richard Wooding wrote:

> I have finally managed to get all my daemons running smoothly on
> Redhat Linux 6.2 box, including:
> 
> Apache/Tomcat/Sendmail/Oracle/Ssh
> 
> For those of familiar with Redhat 6.2 Distribution Server Install,
> which daemons do you suggest I remove to my web/database server as
> secure as possible.

There's no short answer to this, but here are some suggestions: -

Since you're running ssh, then telnetd is the most obvious one to be
commented out of inetd.conf (as should most other entries, really).

Disable password access for sshd (use public/private keys instead), and
consider removing the root password entirely (install the sudo package)

If you do want to keep some services on inetd, make sure that you
configure access using /etc/hosts.allow and /etc/hosts.deny, and as an
added precaution, I chmod -x /usr/sbin/in.* for any services I don't want
so they can't be executed by inetd if anyone misconfigures.

Consider replacing in.ftpd with one that supports encrypted passwords
(i.e. ncftpd), or perhaps use ssh tunnelling.

Samba and anything relating to linuxconf could be removed.

There are a couple of good docs on this subject (which I can't remember
the location of), but a search around 'redhat linux security' found them
for me



Mime
View raw message