I learned to take care of two things with harden_suse: 1. run it before you start the usual configuration stuff, as it would overwrite many options 2. take care of the reduced password-expiration time in /etc/login-defs. When you set a system in production, you have to learn after a month, that no user can login anymore - this does not make sense for ftp or mail only users. Even for administrative accounts, if you visit the system infrequently. //Rainer Ragnar Beer <rbeer@uni-goettingen.de> Sent by: suse-security-return-1788-rhoerbe=netpromote.co.at@suse.com 22.05.00 11:38 To: suse-security@suse.com cc: marc@suse.de Subject: [suse-security] harden_suse documentation During the weekend I had some time to look at the harden_suse script. What it does looks very reasonable to me but I wish there was some more documentation or references respectively. Here is my wishlist: - Although I can guess what the users xok and trusted ar needed for it would be great to get _some_ more information about it. - It would be great to get a little background information about what's going on in the 10 steps to hardening. I'm not talking about writing a book or something but it would be great to have a book-reference or a link where to go and look for each of the 10 steps. The first thing I did (of course;) was to look at the manual but it could have been more helpful. --Ragnar --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com