Great Circle Associates Firewalls
(November 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: strip-down filelist
From: Joseph Judge <joej @ joesmac . ultranet . com>
Date: Wed, 12 Nov 1997 21:51:21 -0500
To: "firewalls @ GreatCircle . COM" <firewalls @ GreatCircle . COM>, "'Ken Simmons'" <simmonsk @ groupz . net> 
The Sunworld Online's Peter Galvin has a Solaris Security FAQ which
describes the steps to take to "tighten" down a solaris box ... the 
details are great and the concepts help you solve the other OSs.

	--joe


----------
From: 	Ken Simmons[SMTP:simmonsk @
 groupz .
 net]
Sent: 	Tuesday, November 11, 1997 8:54 AM
To: 	firewalls @
 GreatCircle .
 COM
Subject: 	RE: strip-down filelist

We are also building a firewall box. This will benefit us greatly. Now, remove Sendmail......

-----Original Message-----
From:	Marc Heuse [SMTP:Marc .
 Heuse @
 mail .
 DeuBa .
 COM]
Sent:	Tuesday, November 11, 1997 5:20 AM
To:	linux-security @
 redhat .
 com
Cc:	firewalls @
 GreatCircle .
 COM
Subject:	strip-down filelist

Hi Folks,


When installing a Linux system for a proxy/firwall/gateway/router/victim
purpose you have to strip it down to make the security on the host as tight
as possible. Removing compilers, suid/sgid files, mounting readonly etc. etc.
In other words, stuff that you do again and again.

One approach is to delete everything you know you don't need.

The other and better approach is just to make a list of all files you really
need and removing all the rest.

Is there anyone who has done that for a system? (not especially Linux ...
*BSD, Solaris, HP, AIX etc. are interesting too.)

I think such a discussion about could improve security on our bastion hosts.
Comments, lists etc. welcome.



Mit freundlichen Gruessen,
				Marc Heuse


This message and any statements expressed therein are those of myself
and not of the Deutsche Bank AG or its subsidiary companies.



Type Bits/KeyID    Date       User ID
pub  2048/DB5C03C5 1997/09/23 Marc Heuse <marc .
 heuse @
 mail .
 deuba .
 com>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzQnbFEAAAEIAL/tj4hn/DVjEWAZhuqRdxZQDy5B+gZbE0CD/mUnZqpem+9L
KY+I8te7jMfTQExzqn5jYb5BaibT0SbEBWSx9Gha8EiBLAVcAjvrXpV+HJLcnPRG
YDk5a3s7GrA+QVHbbd9DWgqjMfUMw9oUDAhhjgK20SeOtFGBD2U17GkQF6TK7EjC
CTOuz2Hx/tisDuroJJnxZdbLNvCceOf/D/bbFcR7DfnEJWJ3f9JC4fibZMlX5rXL
Ct/TKhZMd4d42uL7L4KvkT5JCnFuEw1jRDPpBjZ030cK2uWCM//iEVLGmGKOs6Pg
o3Lfnnd6I6bTPHgrNsapNWmocbIGDC/4w9tcA8UABRG0Jk1hcmMgSGV1c2UgPG1h
cmMuaGV1c2VAbWFpbC5kZXViYS5jb20+iQEVAwUQNCdsUQwv+MPbXAPFAQFWEwf5
AWt6PbKLLCCBPnzBMdXatKEJvNzrZRXNSpbgKQUDAKApRUnOkDJ9yp3tfJG0/BsL
XBf+ldmjjoo/OZeWhIhNb71bbCs8BK7/YK5LKef2eq4pzSiWYosrOfjlfyOVhAiP
AiWYtK/HBELy6Zs8QwoPX0QX0+R2+ocMS0TDz7nwBgO5wcj3yMU0geTrnlDpJdj1
RgFQLE6T9qO5coRjj1EAoT5gQMxP9L4TQuifYiQ6S2vh6blr3amjPohKSDzZ62/x
rQ1KMXJd7MlMQndn8UwKt4XgoFIsZOFRrkDiXfm6zFnH40UcotoA+Ygojp52+Y6A
MuixTDbuf3Jph2jEG6r4Dw==
=/n63
-----END PGP PUBLIC KEY BLOCK-----
Indexed By Date Previous: Gauntlet firewall
From: "Revati Damle" <rdamle @ hotmail . com>
Next: Need a Firewall but don´t know which one
From: "Barfuß Egon jun." <egon @ computronic . at>
Indexed By Thread Previous: RE: strip-down filelist
From: Ken Simmons <simmonsk @ groupz . net>
Next: MSPROXY2 + PPTP
From: "Itai Dor-on" <silicom @ netvision . net . il>
Google
 
Search Internet Search www.greatcircle.com