Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] root HELP
  • From: "A_Johnson-SuseML-e" <lj_suse_ml@xxxxxxxxxxx>
  • Date: Thu, 31 May 2001 13:28:18 -0600
  • Message-id: <DAV33pQubaQYGpmIQT50000751f@xxxxxxxxxxx>
Dave,

Ahh this was tricky for me at first, but by the time I finished I have a
somewhat greater understanding of the Linux world... Get this FAQ from here
its easy to follow and implement... even if you are not running a web server
this has some good ideas.

1.) get the secure web_server doc from www.suse.com/en/linux/webserver

2.) install SECMOD and INSMOD rpms they should be on your distro CDs or at
ftp.suse.com/en/suse ... someDIR... I cant remember right now.

3.)run suse_harden with the options y y y y y n y n y y
As for the suse_harden file go to http://www.suse.com/~marc and click on
the SuSE lizard. After you download the tar.gz file unpak it onto a
dir. But here was my hang-up, I could run the darn thing, I tried and
tried so finally I went into xwindows KDE2 and use the file manager
(Konqueror) and found the file, rename the file to ( harden_suse) then I
double clicked it and I was prompted with "open with" and select the
CHECK BOX "run terminal" and wala you are prompted to choose YES or NO for
the following options..... I chose y y y y y n y n y y

4.) follow the web_server faq

5.) make sure you create a user with root privileges....
a.) add user either by command line or yast
b.) open the /etc/passwd file
c.) change the 500 (user id) to 0 and the 100 (groupid) to 0 also. Then
save /etc/passwd
## use this user when you wish to do any ROOT activities, but I
recommend that you create a general user account for general
computer usage... AND NEVER BROWS internet as ROOT, its a bad idea!!

6.) I presume that you have SuSEfire wall up and running... If you get the
error messages from the following...
Starting Firewall Init........
No interfaces active! exiting ...
SuSEfirewall: clearing rules now ... done
failed
Initializing random number generator done
Setting up network device eth0
done
Setting up network device eth1
done
Setting up routing (using /etc/route.conf) done
Starting Firewall Initialization: (phase 2 of 3)
.............
.........
....
Starting inetd done
Starting Firewall Initialization: (phase 3 of 3)
Master Resource Control: runlevel 3 has been reached
Failed services in runlevel 3: SuSEfirewall_init SuSEfirewall_setup
SuSEfirewall_final

THIS IS OKAY, I know its weird but the fire wall starts after the NICs
initialize... you can test the fire wall by typing "SuSEfireall help" (for a
list of commands)

Now that this is dome there are a million things to read about security...
a fun one is this , reads like a spy novel http://grc.com/dos/grcdos.htm he
he he...

Please let me know if you need any help, I learn the quickest by helping
others :)

Best of LUCK :)
Aaron L. Johnson

----- Original Message -----
From: "Dave Gregory" <dave_gregory@xxxxxxxxxxxxxxxxxxxx>
To: "'A_Johnson-SuseML-e'" <lj_suse_ml@xxxxxxxxxxx>
Sent: Thursday, May 31, 2001 11:45 AM
Subject: RE: [SLE] root HELP


> Senor Johnson,
> Where did you get the information about hardening your SuSE box? I am a
> newbie too... and I would love to know how to make mine more secure.
>
> thanks
> dave
>
> -----Original Message-----
> From: A_Johnson-SuseML-e [mailto:lj_suse_ml@xxxxxxxxxxx]
> Sent: Thursday, May 31, 2001 10:31 AM
> To: suse-linux-e@xxxxxxxx
> Cc: suse-linux-e@xxxxxxxx
> Subject: [SLE] root HELP
>
>
> Hello,
>
> It's the new guy again, first I have to admit I can use Linux like a man
who
> can drive a car but gets into a tank...so it's all in theory, I jus don't
> know where all the switches and pedals are yet...no what that is out of
the
> way and I have notified everyone that I don't know jack I might get a
reply
> that I can comprehend :)
>
> Okay I've (well I think I have) secured my Linux box...with SuSE harden, a
> few FAQs on disabling services, changing permissions and general
> stuff....now I want to create a user that has ROOT ablites with out the
ROOT
> name. Sounds Easy, I thought it was but NOPE, none of them work entirely
> right, kind of like a co-worker of mine ;p Anyway that's my issue.
>
> Thanks from A NEWBIE,
>
> Aaron, L. Johnson
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
>
> Also check the FAQ at http://www.suse.com/support/faq and the
> archives at http://lists.suse.com
>
< Previous Next >
This Thread
  • No further messages