1 |
On Thu, 2002-03-14 at 10:29, Einar Karttunen wrote: |
2 |
> On 14.03.02 10:11 +0100(+0000), kn@××××××××××.dk wrote: |
3 |
> > Considerations before installation |
4 |
> > BIOS password |
5 |
> If the machine is a server set the bios password only to guard |
6 |
> against modifying the settings i.e. it should not be asked on |
7 |
> startup because of remote reboots. Also make sure the machine |
8 |
> will not boot from floppy/cd/network. |
9 |
> |
10 |
> > Password policy |
11 |
> Gentoo could have a stricter pam config on this |
12 |
> because currently very weak passwords get through. |
13 |
|
14 |
I think pam_passwdqc (http://www.openwall.com/passwdqc/) is the best |
15 |
option for this job. I could make an ebuild (if there isn't one |
16 |
already). |
17 |
|
18 |
> > Kernel patches |
19 |
> > Grsecurity |
20 |
> Currently fails against the gentoo kernel |
21 |
> (see some posts this week about it on the |
22 |
> gentoo-dev list) |
23 |
|
24 |
It doesn't apply cleanly, but it's no problem to fix it by hand. |
25 |
|
26 |
> > Using xinetd |
27 |
> Or using no inetd at all. Many servers/home machines |
28 |
> which run only http, ssh and mail do not imho need |
29 |
> inetd at all. |
30 |
> |
31 |
> > FTP |
32 |
> oftpd |
33 |
|
34 |
I personally prefer vsftpd. _Very_ fast, written with security and |
35 |
performance as top priorities. |
36 |
|
37 |
-- |
38 |
Joachim Blaabjerg |
39 |
styx@×××××.org |
40 |
www.SuxOS.org |