![](https://seccdn.libravatar.org/avatar/52d5fb107787790b355a3ff09a1feaea.jpg?s=120&d=mm&r=g)
Senor Johnson, Where did you get the information about hardening your SuSE box? I am a newbie too... and I would love to know how to make mine more secure.
thanks dave
-----Original Message----- From: A_Johnson-SuseML-e [mailto:lj_suse_ml@hotmail.com] Sent: Thursday, May 31, 2001 10:31 AM To: suse-linux-e@suse.com Cc: suse-linux-e@suse.com Subject: [SLE] root HELP
Hello,
It's the new guy again, first I have to admit I can use Linux like a man who can drive a car but gets into a tank...so it's all in theory, I jus don't know where all the switches and pedals are yet...no what that is out of
Dave, Ahh this was tricky for me at first, but by the time I finished I have a somewhat greater understanding of the Linux world... Get this FAQ from here its easy to follow and implement... even if you are not running a web server this has some good ideas. 1.) get the secure web_server doc from www.suse.com/en/linux/webserver 2.) install SECMOD and INSMOD rpms they should be on your distro CDs or at ftp.suse.com/en/suse ... someDIR... I cant remember right now. 3.)run suse_harden with the options y y y y y n y n y y As for the suse_harden file go to http://www.suse.com/~marc and click on the SuSE lizard. After you download the tar.gz file unpak it onto a dir. But here was my hang-up, I could run the darn thing, I tried and tried so finally I went into xwindows KDE2 and use the file manager (Konqueror) and found the file, rename the file to ( harden_suse) then I double clicked it and I was prompted with "open with" and select the CHECK BOX "run terminal" and wala you are prompted to choose YES or NO for the following options..... I chose y y y y y n y n y y 4.) follow the web_server faq 5.) make sure you create a user with root privileges.... a.) add user either by command line or yast b.) open the /etc/passwd file c.) change the 500 (user id) to 0 and the 100 (groupid) to 0 also. Then save /etc/passwd ## use this user when you wish to do any ROOT activities, but I recommend that you create a general user account for general computer usage... AND NEVER BROWS internet as ROOT, its a bad idea!! 6.) I presume that you have SuSEfire wall up and running... If you get the error messages from the following... Starting Firewall Init........ No interfaces active! exiting ... SuSEfirewall: clearing rules now ... done failed Initializing random number generator done Setting up network device eth0 done Setting up network device eth1 done Setting up routing (using /etc/route.conf) done Starting Firewall Initialization: (phase 2 of 3) ............. ......... .... Starting inetd done Starting Firewall Initialization: (phase 3 of 3) Master Resource Control: runlevel 3 has been reached Failed services in runlevel 3: SuSEfirewall_init SuSEfirewall_setup SuSEfirewall_final THIS IS OKAY, I know its weird but the fire wall starts after the NICs initialize... you can test the fire wall by typing "SuSEfireall help" (for a list of commands) Now that this is dome there are a million things to read about security... a fun one is this , reads like a spy novel http://grc.com/dos/grcdos.htm he he he... Please let me know if you need any help, I learn the quickest by helping others :) Best of LUCK :) Aaron L. Johnson ----- Original Message ----- From: "Dave Gregory" <dave_gregory@hardingmarketing.com> To: "'A_Johnson-SuseML-e'" <lj_suse_ml@hotmail.com> Sent: Thursday, May 31, 2001 11:45 AM Subject: RE: [SLE] root HELP the
way and I have notified everyone that I don't know jack I might get a reply that I can comprehend :)
Okay I've (well I think I have) secured my Linux box...with SuSE harden, a few FAQs on disabling services, changing permissions and general stuff....now I want to create a user that has ROOT ablites with out the ROOT name. Sounds Easy, I thought it was but NOPE, none of them work entirely right, kind of like a co-worker of mine ;p Anyway that's my issue.
Thanks from A NEWBIE,
Aaron, L. Johnson
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
participants (1)
-
A_Johnson-SuseML-e