[Elecraft] Linux - Summary
[email protected]
[email protected]
Wed Feb 19 18:31:00 2003
Rich,
Now that you've got the box up, some VERY important steps that you skipped
is:
(4) Secure it
(5) Secure it
(6) Secure it
The following commands are VERY handy for doing this:
pstree
Simplified output of ps in a "tree" format. Note: often times,
when a box is compromised, the "script kiddies" neglect to trojan pstree
to hide their tracks and thus, ps will lie to you but, pstree won't.
/sbin/chkconfig --list | grep ":on "
See what is starting when you boot the box. Sadly, we have yet to
convince packagers that security is more important than "convenience" and
thus, by default, many things that are NOT typically needed are loaded by
default. You want to limit your potential exposure. You don't want
potentially exploitable code running, especially when you don't use it for
anything! (Your firewall - if you have one - is nifty but, my 'leet skillz
are more nifty and I can still find your 'sploitable boxen!)
netstat -lnp
See what is listening, where it is listening.
Once you get your box the way you want it, a "snapshot" of the output of
those commands is a handy comparrison to check in the future if you
suspect a compromise.
Consider setting up iptables to further secure the box itself.
As indicated in my signature, I do this for a living so, if you have any
questions, don't hesitate to contact me.
73 de John - K4WTF
---
John Fraizer | High-Security Datacenter Services |
President | Dedicated circuits 64k - 155M OC3 |
EnterZone, Inc | Virtual, Dedicated, Colocation |
http://www.enterzone.net/ | Network Consulting Services |
On Mon, 17 Feb 2003, Rich Lentz wrote:
> Thought that you would want to know the results.
>
> Red Hat - 8
> Mandrake - 5
> SuSe - 1
> Smothwall - 1
>
> Decided on Red Hat. If you want to down load - three important criteria
> 1) be on a high speed connection - Cable. 2) Try a college mirror on
> Saturday night/Sunday morning - They were 20 time faster than Red Hats
> download (they must have a speed limit to minimize downloads). 3) do the
> checksum on the image.
>
> Installed in under twenty minutes. BUT my pci stuff wasn't recognized.
> After finding out that my motherboard doesn't talk to Linux found out the
> fix is "linux pci=bios,biosirq" <ENTER> at the first prompt "boot:" upon
> initial loading AND then to add "pci=bios,biosirq" after "root=LABEL=/"
> i.e., " ... root=LABEL=/ pci=bios,biosirq" in the grub.conf file (found
> in /boot/grub/ when you log on as administrator (username = root, password =
> whatever you assigned for administrator)).
>
> After that fix (which needed another reload), the system works great I mean
> GREAT. Everything I need (except for ham radio programs). Works as good
> (better than) Win-2000. Until you are experienced I would recommend playing
> on a spare hard drive before trying to make a dual boot system.
>
> Rich
> KE0X
>
> _______________________________________________
> Elecraft mailing list: [email protected]
> You must be a list member to post to the list.
> Postings must be plain text (no HTML or attachments).
> See: http://mailman.qth.net/mailman/listinfo/elecraft
> Elecraft Web Page: http://www.elecraft.com
>