uncheck Windows File
@@ -147,7 +150,7 @@
will appear.
uncheck apmd
(monitors power, not very useful for servers), | check ImageMagick
-(required for the photo-album packages, | uncheckisdn4k-utils
+(required for the photo-album packages, | uncheckisdn4k-utils
(unless you are using isdn, this installs a useless daemon), | check mutt (a mail
program that reads Maildir), | uncheck nfs-utils
(nfs is a major security risk), | uncheck pam-devel (I
@@ -178,9 +181,11 @@
Exit, remove the CD, and
watch the computer reboot.
After it finishes rebooting and shows the login prompt, log
-in: yourserver login: root
+in:
+yourserver login: root
Password:
-[root root]#
+[root root]#
+
Install any security patches. For example, insert your CD with
patches, mount it with mount
/dev/cdrom , then cd
@@ -192,7 +197,7 @@
Lock down SSH
-
- SSH is the protocol we use to connect
+ SSH is the protocol we use to connect
securely to the computer (replacing telnet, which is insecure).
sshd is the daemon that listens for incoming ssh connections. As a
security precaution, we are now going to tell ssh not to allow
@@ -234,7 +239,8 @@
we'll use daemontools to perform a similar function for
AOLserver. (The reason for these discrepancies is that, while
daemontools is better, it's a pain in the ass to deal with and
-nobody's had any trouble leaving PostgreSQL the way it is.) [root root]# service pcmcia stop
+nobody's had any trouble leaving PostgreSQL the way it is.)
+[root root]# service pcmcia stop
[root root]# service netfs stop
[root root]# chkconfig --del pcmcia
[root root]# chkconfig --del netfs
@@ -247,7 +253,8 @@
Plug in the network cable. -
Verify that you have connectivity by going to another computer
and ssh'ing to yourserver, logging in as remadmin, and
-promoting yourself to root: [joeuser\@someotherserver]$ ssh remadmin\@yourserver.test
+promoting yourself to root:
+[joeuser\@someotherserver]$ ssh remadmin\@yourserver.test
The authenticity of host 'yourserver.test (1.2.3.4)' can't be established.
DSA key fingerprint is 10:b9:b6:10:79:46:14:c8:2d:65:ae:c1:61:4b:a5:a5.
@@ -257,7 +264,8 @@
Last login: Mon Mar 3 21:15:27 2003 from host-12-01.dsl-sea.seanet.com
[remadmin remadmin]$ su -
Password:
-[root root]#
+[root root]#
+
-
If you didn't burn a CD of patches and use it, can still
download and install the necessary patches. Here's how to do it
@@ -266,7 +274,8 @@
8.0 system kernel (2.4.18-14, which you can check with
uname -a ) has
several security problems. Download the new kernel, install it,
-and reboot. [root root]# cd /var/tmp
+and reboot.
+[root root]# cd /var/tmp
[root tmp]# wget http://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-27.7.x.i686.rpm
--20:39:00-- http://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-27.7.x.i686.rpm
=> `kernel-2.4.18-27.7.x.i686.rpm'
@@ -299,8 +308,9 @@
\ No newline at end of file
| |