Scrappy Notes for Newbs trying to Harden a Linux Machine
(this is a work in progress)


Tell MySQL server not to listen for outside connections if you are only
using it for the localhost.  Add the following parameter to the 
/etc/mysql/my.cnf file under [mysqld]

  skip-networking

If you are not using the machine as a pop mail server, disable the pop3
xinetd service

  vi /etc/xinetd.d/ipop3

Disable portmapper

  /etc/rc.d/rc3.d

If you are running Samba tell it not to listen on the public interface.
Under the [Global] section of /etc/samba/smb.conf add:

  interfaces = ethX

Where X is the interface of your internal NIC.

If LDAP is running and you are not using directory services then 
disable it
  
  S61ldap

Check your box to see what all ports are listening (check it from 
another machine by scanning it with nmap)

  nmap -v -sS -p0- 10.10.0.1

You might have to specify the port range depending on your version.

  nmap -v -sS -p 1-65535 10.10.0.1

The -p is for 'prots' and 0- means starting at zero scan all 65536

If you are using mod_php with Apache, you should disable php register_globals
which was enabled by default on many version of PHP.

  vi php.ini
  register_globals = Off