[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] How far do you go to secure your raq?
- Subject: Re: [cobalt-users] How far do you go to secure your raq?
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Wed May 30 00:40:18 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
From: "Berg, Guy van den" <Guy.vandenBerg@xxxxxxxxxx>
> Just wondering how far do you go?
>
> For example do you do the basics (portsentry/ipchains/logcheck) or do you
go
I prefer a baseline checking tool like tripwire or fcheck to all of the
above, as such a tool gives you proof positive that you have been hacked,
and is more reliable than the above (fewer false alarms, for instance). I
have objections to both portsentry and logcheck, and I don't even bother
installing them. IPchains I find useful for banning rogue IPs completely and
filtering by IP on port 81 (and others). Recently, I have been toying with
snort, just to monitor potential exploit attempts against my raq. After over
a year of colocation with my raq, I have never been hacked.
> further (update bind/apache/php/remove admin server etc?)
Many of these updates can be done without affecting the admin server, but
since I only have one raq, I don't test them until someone else has :)
<snip>
> essentially removing the admin server, updating out of date binaries etc?
<snip>
A raq without a GUI is just a preconfigured, hardened RH6 box. You might as
well get a cheaper rack mount RH box if you don't want the GUI. Since not
every tech here is versed in linux/apache/sendmail/ etc., we have to keep
our GUI intact.
Kevin