Page is a not externally linkable
windsor - 5:27 pm on Jul 22, 2001 (gmt 0)
There are three basic items to simple unix security if you need to lock down a box like a webserver: <a> comment out as much as you can in /etc/inetd.conf There are some other ideas that are generally good; like don't enable NFS (client or server) unless you really need it, avoid NIS/yp, and if you can turn off the startup of the portmapper (a.k.a. "rpcbind"), that'll save you some headache. Hope this helps. Rob++
There are a handful of books on overall UNIX security from O'Reilly. They're good for novices, but aren't very good for reference material since they spend a lot of time describing stuff and little time on "you want this, you don't want that."
<b> sendmail and BIND are monsters. If you need them, get books about them that talk security. Webservers generally don't need these two.
<c> subscribe to something that gives you security updates for your particular OS. Bugtraq is a good non-OS-specific one.