Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: bakedjake
There are three basic items to simple unix security if you need to lock down a box like a webserver:
<a> comment out as much as you can in /etc/inetd.conf
<b> sendmail and BIND are monsters. If you need them, get books about them that talk security. Webservers generally don't need these two.
<c> subscribe to something that gives you security updates for your particular OS. Bugtraq is a good non-OS-specific one.
There are some other ideas that are generally good; like don't enable NFS (client or server) unless you really need it, avoid NIS/yp, and if you can turn off the startup of the portmapper (a.k.a. "rpcbind"), that'll save you some headache.
Hope this helps.