| 1 |
On Thu, 2002-03-14 at 10:29, Einar Karttunen wrote: |
| 2 |
> On 14.03.02 10:11 +0100(+0000), kn@××××××××××.dk wrote: |
| 3 |
> > Considerations before installation |
| 4 |
> > BIOS password |
| 5 |
> If the machine is a server set the bios password only to guard |
| 6 |
> against modifying the settings i.e. it should not be asked on |
| 7 |
> startup because of remote reboots. Also make sure the machine |
| 8 |
> will not boot from floppy/cd/network. |
| 9 |
> |
| 10 |
> > Password policy |
| 11 |
> Gentoo could have a stricter pam config on this |
| 12 |
> because currently very weak passwords get through. |
| 13 |
|
| 14 |
I think pam_passwdqc (http://www.openwall.com/passwdqc/) is the best |
| 15 |
option for this job. I could make an ebuild (if there isn't one |
| 16 |
already). |
| 17 |
|
| 18 |
> > Kernel patches |
| 19 |
> > Grsecurity |
| 20 |
> Currently fails against the gentoo kernel |
| 21 |
> (see some posts this week about it on the |
| 22 |
> gentoo-dev list) |
| 23 |
|
| 24 |
It doesn't apply cleanly, but it's no problem to fix it by hand. |
| 25 |
|
| 26 |
> > Using xinetd |
| 27 |
> Or using no inetd at all. Many servers/home machines |
| 28 |
> which run only http, ssh and mail do not imho need |
| 29 |
> inetd at all. |
| 30 |
> |
| 31 |
> > FTP |
| 32 |
> oftpd |
| 33 |
|
| 34 |
I personally prefer vsftpd. _Very_ fast, written with security and |
| 35 |
performance as top priorities. |
| 36 |
|
| 37 |
-- |
| 38 |
Joachim Blaabjerg |
| 39 |
styx@×××××.org |
| 40 |
www.SuxOS.org |
Archives