|
Scrappy Notes for Newbs trying to Harden a Linux Machine
(this is a work in progress)
Tell MySQL server not to listen for outside connections if you are only
using it for the localhost. Add the following parameter to the
/etc/mysql/my.cnf file under [mysqld]
skip-networking
If you are not using the machine as a pop mail server, disable the pop3
xinetd service
vi /etc/xinetd.d/ipop3
Disable portmapper
/etc/rc.d/rc3.d
If you are running Samba tell it not to listen on the public interface.
Under the [Global] section of /etc/samba/smb.conf add:
interfaces = ethX
Where X is the interface of your internal NIC.
If LDAP is running and you are not using directory services then
disable it
S61ldap
Check your box to see what all ports are listening (check it from
another machine by scanning it with nmap)
nmap -v -sS -p0- 10.10.0.1
You might have to specify the port range depending on your version.
nmap -v -sS -p 1-65535 10.10.0.1
The -p is for 'prots' and 0- means starting at zero scan all 65536
If you are using mod_php with Apache, you should disable php register_globals
which was enabled by default on many version of PHP.
vi php.ini
register_globals = Off
|
