At 01:58 AM 12/02/2001, you wrote:
Hi,
I am currently setting up one of our development servers with SuSE 7.0. Since the installation of a "normal" workstation system is pretty much straight forward I believe that there are a lot of things more to be configured to have secure development server.
Hopefully someone on the list can point me to the right direction.
The server will be used for web development and therefore needs to have the following services/applications:
# initial setup HTTP MYSQL
Add --skip-networking to /etc/rc.d/mysql if you don't need to access mysql over the network
SSH
use certificates and disable password based logins
POSTFIX
good
CVS (CVSPSERVER) current idea is to connect to cvs via ssh which might be the better idea
yes
XServer
bad
KDE2
# later IBM WEBSPHERE IBM DB2
I first started to read Marc's article abpout setting up a secure webserver [ http://www.suse.de/en/linux/webserver/index.html ]
I think using harden_suse might invoke problems using XServer and any Windowmanager. Anyway due to demands from our Websphere guy he wants to be able to access the Websphere GUI remotely.
Not so, You just need to make sure that anyone that needs to use X is in the "xok" group.
So my main question seems to be "How to use an XServer remotely and still have a 'secure' box?"
Use X through SSH and you should be fine.. Read up on the ssh docs to find out more about this :-)
Thanks for your help,
Sorry for the short answers, I'm a bit tired.. maybe someone else can be more verbose if you need more help Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com