do a custom install, dont select anything in x, kde, gnome, emacs. then go through the other choices and take out things like apache, sendmail, bind, nfs, lpr, mysql, staroffice, etc. I would do the following partition scheme /dev/hda1 / 500 meg /dev/hda2 swap 128 meg /dev/hda3 /usr 800 meg /dev/hda4 /home rest of drive On Thu, 12 Jul 2001, De Loe, Maurits wrote:

Dear all,

At home I've an old P120 that I want to setup as a firewall-only machine.

As I want to install as little as possible what's the best "quick" solution. Under Yast Select "Minimum" and after that Network and Security packages?

Furthermore I was thinking to partition my disk with a app. 12MB /boot 128 /swap (there's about 90 ram) and the rest app. 1G / Is that a "correct and smart setup for a dedicated firewall. Would LVM be an option? (Would think not but...)

Any help would be appriciated. (Tried smoothwall before but Zyxel modem doesn't want to work whith chat, does with wvdial.

Thank,

Maurits

Chad Whitten Network/Systems Administrator Nexband Communications chadwick@nexband.com

Hi Maurits,

As I want to install as little as possible what's the best "quick" +solution. Under Yast Select "Minimum" and after that Network and Security packages? You may also use the DMZ config. For some reason it installs packages like nkita and nkitb where the latter includes unsafe software like rlogin, rexec etc. I recommend to scrap and replace them with OpenSSH. Here is a cut down SuSE installation:

aaa_base-2001.1.23-0 aaa_dir-2001.1.17-0 aaa_skel-2001.1.26-0 autolog-0.35-192 base-2001.1.15-0 bash-2.04-87 bc-1.06-10 bdflush-1.5-294 bzip-1.0.1-5 dump-0.4b20-4 compress-4.2.4-287 cpio-2.4.2-295 cron-3.0.1-296 db-3.1.17-13 devs-2001.1.2-3 diffutils-2.7-31 e2fsprogs-1.19-7 file-3.32-35 fileutils-4.0.35-3 findutils-4.1.6-14 gawk-3.0.6-41 gdbm-1.8.0-225 ash-0.2-294 glibc-2.2-7 gppshare-2.95.2-149 scanlogd-2.2-5 gzip-1.3-4 kbd-1.03a-39 less-358-26 libz-1.1.3-284 lilo-21.6-17 seccheck-1.6-4 man-2.3.10d69s-171 mktemp-1.5-150 modutils-2.4.1-3 net-tools-1.57-6 netcfg-2000.12.14-2 secumod-1.6b-3 pam-0.72-169 pam_devperm-2000.12.1-6 perl-5.6.0-39 ps-2001.1.22-0 rpm-3.0.6-26 sash-3.4-170 sh-utils-2.0-6 shadow-20000902-34 syslogd-1.3.33-197 sysvinit-2.78-143 terminfo-5.2-8 tripwire-1.2-258 textutils-2.0.10-5 timezone-2.2-7 util-linux-2.10q-7 vim-5.7-42 yast-1.09-7 ed-0.2-277 eject-2.0.2-185 openssh-2.3.0p1-5 k_deflt_24-2.4.0-7 I've replaced the default kernel k_deflt_24-2.4.0-7 with the latest version and patches. There are quite a few other packages that require an update. Check on www.suse.com.

Furthermore I was thinking to partition my disk with a app. 12MB /boot 128> +/swap (there's about 90 ram) and the rest app. 1G / Is that a "correct and smart setup for a dedicated firewall. Would LVM be +an option? (Would think not but...)

Any help would be appriciated. (Tried smoothwall before but Zyxel modem doesn't want to work whith chat, does with wvdial. You may create these partitions, too: (excerpt from /etc/fstab)

/dev/sda3 /usr ext2 defaults,ro,nodev 1 1 /dev/sda4 /var ext2 defaults,nodev 1 2 /dev/sda7 /tmp ext2 defaults,noexec,nosuid,nodev 1 2 Note that /usr is set read-only. /tmp disallows program execution, creation of device files and disarms suid programs. Separating /var from / prevents denial of service attacks. There are a lot more things to do to harden linux. Fortunately there is documentation on the net: http://www.linuxdoc.org/guides.html http://www.interhack.net/pubs/fwfaq http://nic.com/~dave/Security/ You can also buy good books: Building internet firewalls, 2nd Edition, O'Reilly Practical UNIX and Internet Security, 2nd Edition, O'Reilly Have a lot of fun -- Jörg Frühbrodt <jf@fruehbrodt.de> IT-Consulting Lessingstr. 9 D-14532 Kleinmachnow b. Berlin T +49 (0) 33 20 38 14 20 F +49 (0) 33 20 38 14 23 M +49 (0) 172 38 71 63 6 http://www.fruehbrodt.de http://www.fruehbrodt.org