Locking down RedHat
Miskell, Craig
Craig.Miskell at agresearch.co.nz
Tue Oct 25 19:11:56 UTC 2005
> Anybody have any best practices/links to how to "lock down" RedHat?
> Serverices to consider shutting off from the default install, etc.
I've found the checklists and checking tools on www.cisecurity.org to be
fairly good. The checking script gives a rating out of 10 as well, so
you've got a nice metric for your boss. If anything it's too paranoid
(e.g. it docks points for having a web-server installed, even if that's
the whole point of the server existing), and I wouldn't expect to ever
see a server get 10/10, due to operational requirements. However, it
does at least raise the possible issues and lets you decide whether the
tradeoff is worth it.
As mentioned in other replies, it's still just a list of stuff that
"anybody who's done unix for a while knows", but it's nice to see it
written down, codified, and checked for.
Craig
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================
More information about the redhat-list
mailing list