Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Security testing
  • From: Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
  • Date: Fri, 1 Feb 2002 21:59:42 +0100
  • Message-id: <656F04F343FC25409463829A15B5FDDC08AE5D@xxxxxxxxxxxxxxxxxxxxx>
>
> Hi all,
>
> I use SuSE7.0 , SuSE6.4 , SuSE6.3.=20
> After setting up all the servers - mail , apache , squid,
> firewall.
> How can I know my server is in secur or not?

First of all, get rid of SuSE 6.x - most (all?) of them are no longer
supported (no more security updates).
When installing new servers, you should
a) use a stable, supported dist (IMHO SuSE 7.3 matches)
b) apply any vendor patches (using YOU)
c) scan the installed and configured servers (eg with nessus), re-check for
unneeded services running
d) test, test, test. Not in your home/office environment, but in a
customer-like one (ok, not really security related, but neccessary)

And in general:
e) subscribe to one or more security related lists (and read the messages)
f) keep an eye on security announcements, and for the SuSE ones, check the
"pending vulnerabilities" section carefully


> Of course, I want to test my server before launching officially.
>
> Any help will be apreciated.
> Thanks you in advance
>
> Regards,
>
> lonh

You're welcome.

Thomas

< Previous Next >
This Thread
  • No further messages