Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] [newbie:] Secure development environment
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Mon, 12 Feb 2001 02:06:22 +1100
  • Message-id: <5.0.2.1.0.20010212020307.03a36e08@xxxxxxxxxxxxxxxxxxxx>
At 01:58 AM 12/02/2001, you wrote:
Hi,

I am currently setting up one of our development servers with SuSE
7.0. Since the installation of a "normal" workstation system is pretty
much straight forward I believe that there are a lot of things more to
be configured to have secure development server.

Hopefully someone on the list can point me to the right direction.

The server will be used for web development and therefore needs to
have the following services/applications:

# initial setup
HTTP
MYSQL

Add --skip-networking to /etc/rc.d/mysql if you don't need to access mysql
over the network

SSH

use certificates and disable password based logins

POSTFIX

good

CVS
(CVSPSERVER) current idea is to connect to cvs via ssh which might be
the better idea

yes


XServer

bad

KDE2

# later
IBM WEBSPHERE
IBM DB2

I first started to read Marc's article abpout setting up a secure
webserver [ http://www.suse.de/en/linux/webserver/index.html ]

I think using harden_suse might invoke problems using XServer and any
Windowmanager. Anyway due to demands from our Websphere guy he wants
to be able to access the Websphere GUI remotely.

Not so, You just need to make sure that anyone that needs to use X is in the
"xok" group.


So my main question seems to be "How to use an XServer remotely and
still have a 'secure' box?"

Use X through SSH and you should be fine.. Read up on the ssh docs to
find out more about this :-)


Thanks for your help,

Sorry for the short answers, I'm a bit tired.. maybe someone else can be
more verbose if you need more help

Cheers


---
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com


< Previous Next >
This Thread
References