Hi:

Im pretty new to Linux, and new to Fedora.
I was wondering if anyone has a Security Checklist of things to do, to lockdown Fedora alittle better then the default install settings, like to shadow password, apache security, and services, protocols etc.

Thanks.

Issue a:
netstat -tul
to found out what services are running, and start to close the one's you don't need.

This is just to begin with.

Yea I dont have much open :)

$ netstat -tul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
udp 0 0 *:bootpc *:*
--------------------------------------------------------
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http

Not bad. I remember in the old days, everything used to be on by default, and it would take age to close them down.

I would start getting a firewall setup, and maybe swapping out the kernel for say grsecurity (www.grsecurity.net) or learn selinux.

Also a nice firewall program, that lets you see all you hits etc is Firestarter (http://firestarter.sourceforge.net/)

Originally posted by ghenry
or learn selinux. Don't forget that FC Core 2 will be SE Linux, which will make it more secure. ;)

Yeah, but all the access controls must be right or even switched on first. That is the biggest hurdle it getting it on.

I have to admit, i'm not looking forward to havng to fiddle with that.

Originally posted by ghenry
Not bad. I remember in the old days, everything used to be on by default, and it would take age to close them down.

I would start getting a firewall setup, and maybe swapping out the kernel for say grsecurity (www.grsecurity.net) or learn selinux.

Also a nice firewall program, that lets you see all you hits etc is Firestarter (http://firestarter.sourceforge.net/)

Cool, I just installed Firestarter, its a nice log program. Ohh I got my 1st hit hehehe....

Time: Mar 23 00:25:39 Source: 192.168.1.1 Destination: 192.168.1.255 In: eth0 Out: Port: 162 Length: 155 Protocol: udp Service: snmptrap

I got my Fedora behind a Router using NAT,
too bad this Firestarter dont tell you if the packet was dropped or if it was blocked or accepted.

So I just went into "rules" created a blockport rule for port 162. I guess its blocking it already, cause im only allowing incoming port 80, thats it.

I've moved this to Networking, which is a more relevant place for this thread.