I learned to take care of two things with harden_suse:
1. run it before you start the usual configuration stuff, as it would
overwrite many options
2. take care of the reduced password-expiration time in /etc/login-defs.
When you set a system in production, you have to learn after a month, that
no user can login anymore - this does not make sense for ftp or mail only
users. Even for administrative accounts, if you visit the system
infrequently.
//Rainer
Ragnar Beer
Sent by: suse-security-return-1788-rhoerbe=netpromote.co.at@suse.com
22.05.00 11:38
To: suse-security@suse.com
cc: marc@suse.de
Subject: [suse-security] harden_suse documentation
During the weekend I had some time to look at the harden_suse script.
What it does looks very reasonable to me but I wish there was some
more documentation or references respectively. Here is my wishlist:
- Although I can guess what the users xok and trusted ar needed for
it would be great to get _some_ more information about it.
- It would be great to get a little background information about
what's going on in the 10 steps to hardening. I'm not talking about
writing a book or something but it would be great to have a
book-reference or a link where to go and look for each of the 10
steps.
The first thing I did (of course;) was to look at the manual but it
could have been more helpful.
--Ragnar
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com