Domain: openna.com
Stories and comments across the archive that link to openna.com.
Comments · 7
-
Re:Easy
Yup iggnore them!
You have not mentioed what kind of box you got? If it is Linux based then best resource is get book called Securing & Optimizing Linux: The Hacking Solution (v.3.0) http://www.openna.com/products/books/books.php/; this book will help you to protect your Linux systems from unauthorized intrusions and other external attacks. :) -
Still using 7.3
I just put fresh installs of 7.3 on two new servers. I update openssl and build a fresh kernel from source before deploying them, of course, but I build most of my key apps from source anyway, and with the most recent 2.4.x kernel, I haven't found a need yet to use 8, 9, or Whatever Comes Next.
Posting anonymously so I won't invite hackers to come test my security, but everything's been swimmingly fine with the hardening procedures that I use (OpenNA Linux's books are outstanding). Fedora? What's that?
I'll probably be moving to a Linux From Scratch system for my next round of servers anyway, so I can avoid getting locked into distros. -
Anyone use OpenNA Linux?
My organization is standardizing on it for critical servers, and I think it does a lot of what this article talks about. On install, it asks which services you want to run
... and it ONLY installs what is absolutely necessary to run them. It's pretty lightweight, but gets the job done. And it's also hardened like you wouldn't believe, with most services preconfigured to run in a chroot() jail, something the others should have been doing from the start IMHO.
Website -
Openna.com has pre-configured servers
You could try Open Network Architecture's secure linux solutions.
-
Re:Mandrake
The thing I really liked about the Mandrake 7.1+ install is the dependency checking. Unlike Red Hat, if you remove a component that others depend on, it tells you so immediatley. That in mind, do an expert install, and pick the general categories that you think suit your needs. Make sure you choose "Select Individual Packages", or what ever Mandrake calls it (Been awhile since I've installed it). The general categories will select a large, number of packages for you. After you tell it to let you select individual packages, and tell it that whatever size it says it is installing is fine, you'll get a tree of all the packages. It is VERY daunting at first glance, and seems like it will take forever. But, forge ahead, and you'll get through it. Unselect the packages you don't want. If a package depends on the one you are unselecting, it will say something to the effect of, "Removing packages FOO, BAR, UCK, and FUP. Yes|No" This is the confirmation dialog, if you say yes it will remove the listed packages. Some packages it claims are required. Some, like RedHat it installs hether you tell it to or not. Sendmail comes to mind, Red Hat anyways. There is no doubt that you will have to go through and remove and/or add a few packages w/rpm after the install completes. Compilers and network servers spring to mind as things that are not needed on a desktop. Check the logs the install creates to find exactly what is installed, and what version it is. Look them up, find out if you really need them. Judging from your reply, you don't need a whole lot. If it weren't for the security policy you mentions, doing the "Workstation" install might fit you. You should visit http://www.openna.com and look at the docs they have to offer. In particular, look for "Securing and Optimising Linux. They have a Red Hat edition, which I have been reading and referring to. It is geared mostly towards servers, but it does outline some good concepts. Since Mandrake is a derivative of Red Hat, much of the book will carry over very well. http://www.linuxdocs.org is invaluable as well. Are there any LUGS in your area? Any computer groups of any focus? Even if they are not directly involved with Linux, there's a good chance that they know of someone or some folks who are into Linux.
Make no mistake, you are going to have to spend a good bit of time and effort up front with this sort of thing. With Linux, you are in control, rather than a vendor, so the buck really stops with you. Doing the research up front saves a lot of, "Oh, shit!!! What did I fsck up?!?! and how in the hell do I fix it?" later. Believe me, I know.
Even though it looks as if it has a huge amount of stuff, as do most of the major distros, you're defintitely better off starting with a full distro, installing it, testing it, and removing what you don't want. I wouldn't know where to begin "rolling your own" distro, but I wouldn't think it is an overnight project. I haven't used KickStart, but I have heard good thing about it. KickStart is used to script a RedHat/Mandrake install, to install what you need, and leave out what you don't. Other distros probably can use it as well, and I am sure there are other utils to do the same thing.
Do you have a good internet connection? I'd recommend checking out as many distros as you can firsthand, after reading the other replies. Most of the major distros are going to have way more than you want or need, and will need to be customised for you. Find out what "goodies" people really ARE using in their everyday life. You might be surprised. Well, maybe not about music;) Finding a LUG is a really good thing to do. Find someone with more experience than me. Find someone with more experience than you.
-- -
Additional info
Another good source is "Securing and Optimizing Linux: Red Hat Edition" (4Mb PDF). It's actually a book... you can buy it online too. It covers shutting down services, firewalling, reconfiging the kernel, and a number of other things.
-
Good Book on securing Redhat
Found this book on setting up a redhat server for doing this sorta thing. The book looks fairly well designed and new versions are available on the web. Check it out.... http://www.openna.com/books/book.htm