Senor Johnson, Where did you get the information about hardening your SuSE box? I am a newbie too... and I would love to know how to make mine more secure.
thanks dave
-----Original Message----- From: A_Johnson-SuseML-e [mailto:lj_suse_ml@hotmail.com] Sent: Thursday, May 31, 2001 10:31 AM To: suse-linux-e@suse.com Cc: suse-linux-e@suse.com Subject: [SLE] root HELP
Hello,
It's the new guy again, first I have to admit I can use Linux like a man who can drive a car but gets into a tank...so it's all in theory, I jus don't know where all the switches and pedals are yet...no what that is out of
Dave,
Ahh this was tricky for me at first, but by the time I finished I have a
somewhat greater understanding of the Linux world... Get this FAQ from here
its easy to follow and implement... even if you are not running a web server
this has some good ideas.
1.) get the secure web_server doc from www.suse.com/en/linux/webserver
2.) install SECMOD and INSMOD rpms they should be on your distro CDs or at
ftp.suse.com/en/suse ... someDIR... I cant remember right now.
3.)run suse_harden with the options y y y y y n y n y y
As for the suse_harden file go to http://www.suse.com/~marc and click on
the SuSE lizard. After you download the tar.gz file unpak it onto a
dir. But here was my hang-up, I could run the darn thing, I tried and
tried so finally I went into xwindows KDE2 and use the file manager
(Konqueror) and found the file, rename the file to ( harden_suse) then I
double clicked it and I was prompted with "open with" and select the
CHECK BOX "run terminal" and wala you are prompted to choose YES or NO for
the following options..... I chose y y y y y n y n y y
4.) follow the web_server faq
5.) make sure you create a user with root privileges....
a.) add user either by command line or yast
b.) open the /etc/passwd file
c.) change the 500 (user id) to 0 and the 100 (groupid) to 0 also. Then
save /etc/passwd
## use this user when you wish to do any ROOT activities, but I
recommend that you create a general user account for general
computer usage... AND NEVER BROWS internet as ROOT, its a bad idea!!
6.) I presume that you have SuSEfire wall up and running... If you get the
error messages from the following...
Starting Firewall Init........
No interfaces active! exiting ...
SuSEfirewall: clearing rules now ... done
failed
Initializing random number generator done
Setting up network device eth0
done
Setting up network device eth1
done
Setting up routing (using /etc/route.conf) done
Starting Firewall Initialization: (phase 2 of 3)
.............
.........
....
Starting inetd done
Starting Firewall Initialization: (phase 3 of 3)
Master Resource Control: runlevel 3 has been reached
Failed services in runlevel 3: SuSEfirewall_init SuSEfirewall_setup
SuSEfirewall_final
THIS IS OKAY, I know its weird but the fire wall starts after the NICs
initialize... you can test the fire wall by typing "SuSEfireall help" (for a
list of commands)
Now that this is dome there are a million things to read about security...
a fun one is this , reads like a spy novel http://grc.com/dos/grcdos.htm he
he he...
Please let me know if you need any help, I learn the quickest by helping
others :)
Best of LUCK :)
Aaron L. Johnson
----- Original Message -----
From: "Dave Gregory"
way and I have notified everyone that I don't know jack I might get a reply that I can comprehend :)
Okay I've (well I think I have) secured my Linux box...with SuSE harden, a few FAQs on disabling services, changing permissions and general stuff....now I want to create a user that has ROOT ablites with out the ROOT name. Sounds Easy, I thought it was but NOPE, none of them work entirely right, kind of like a co-worker of mine ;p Anyway that's my issue.
Thanks from A NEWBIE,
Aaron, L. Johnson
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
participants (1)
-
A_Johnson-SuseML-e