Re: Linux security issues?

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sun, 26 Jan 1997 22:00:23 +0000 (GMT)


> I am planning on putting a Linux box on the 'net for a web/ftp site. Are
> there any security issues which should be addressed on RedHat 4.0? I am
> running a fairly stock configuration, but have applied the latest wu-ftpd
> to fix an alleged security hole.

Firstly apply all the Red Hat upgrades like libc. Several of these fix holes
some fix holes nobody has figured how to exploit (or noticed 8)).

Secondly work out who and what services need access to the machine. Set up
firewalling and start from a policy of deny. I suspect you may incoming
connections to the web port and ftp ports only.

Thirdly make sure your router to the net drops any packets that come in
from your provider with a source address that is on your local network.

If you work on the basis of deny all people will moan if something works. If
you work on the basis of denying only specific items people won't tell you
if you give out a feature you didnt intend.

Alan