<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/1.0.1">
</HEAD>
<BODY>
FTP: Use ProFTPD, wu-FTPD has had quite a few problems. (Like Jim, I've had to go in and help clean up after a compromise; wu-ftpd has been one of the largest holes.)
<BR>
<BR>
SMTP: I've used sendmail for years and I've never had it hacked, but the trick is to keep it *always* updated. For security, speed and ease of configuration you may want to consider a change to Qmail.
<BR>
<BR>
SSHd: Protocol v1 has some trouble, lock you box down to only use v2. (/etc/sshd/sshd_config)
<BR>
<BR>
Consider loading PortSentry and Tripwire. PortSentry will watch any ports (very configurable) and drop, reject, notify you of any traffic that you consider inappropriate. Tripwire (a bit harder to get going) will help you make sure that no one has modified your system binaries.
<BR>
<BR>
-Dave Hahn
<BR>
TechAngle Inc.
<BR>
<BR>
On Tue, 2002-01-29 at 07:02, Adam Bultman wrote:
<BLOCKQUOTE>
<PRE><FONT COLOR="#737373"><FONT SIZE="3"><I>Okay: This thread has been absolutely fascinating! I must say. </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>However, here is my question. At work, I've got a linux box on the </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>Internet. Red Hat 7.2, and I've used 'bastille' to allegedly lock it down </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>a bit. I'm running FTP, Sendmail, and ssh. Yeah, that's it. Anyway, </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>it's been up on the net for a bit, and I'm wondering: What else can I do </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>to lock it down? My network segment here isn't scanned much, but I'm </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>still worried about being cracked. </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>Secondly: I've got an OpenBSD firewall on my ISDN router acting as a </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>firewall. Is there many stories of OpenBSD getting cracked? I'm running </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>ssh and ftp on there, and other ports are forwarded elsewhere (sendmail, </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>fr example is sent to a linux box). </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>oh, well. Hope things get cleaned up okay, I'd recommend a clean install, </FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>rather than cleaning up the mess that's been made.</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>adam</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>CLUE-Tech mailing list</FONT></FONT></I>
<FONT COLOR="#737373"><FONT SIZE="3"><I>CLUE-Tech@clue.denver.co.us</FONT></FONT></I></PRE>
</BLOCKQUOTE>
<A HREF="http://clue.denver.co.us/mailman/listinfo/clue-tech"><FONT SIZE="3"><I>http://clue.denver.co.us/mailman/listinfo/clue-tech</FONT></I></A>
<BLOCKQUOTE>
<PRE></PRE>
</BLOCKQUOTE>
</BODY>
</HTML>