[Zope] Zope and Linux flavors

Jonathan (Listserv Account) listsmurf@ur.nl
Tue, 16 Jan 2001 18:21:09 +0100


> Which Linux distributions are you using for running Zope and how easy
> it was for you to maximize security of your server?

Red Hat Linux 6.2 here. After a standard install, download and install
latest release of SSH. Open '/etc/inetd.conf', comment out all services.
Save and do a 'killall -HUP inetd'. Do 'ntsysv' and disable everything
you are not going to use on that machine (typically sendmail, nfslock,
identd, portmap etc.). Reboot after that.

That's what I do first. After that, get all the Red Hat updates from a
nearby mirror. Install all, make sure you've got at least a 2.2.16
kernel. Rebooting is not gonna hurt, check what services are started as
the machine boots.

Get Bastille Linux (http://www.bastille-linux.org) and lock down the
box, leaving only 22 and 80 open to the outside world. Well, maybe not
that extreme but you get the drift :)

Check '/etc/hosts.allow' and '/etc/hosts.deny' to make sure that only
the absolute minimum of hosts is allowed access to the server. The
latter should contain something like 'ALL: ALL'.

That catches most of the script kiddies. Still won't stop a real cracker
though, for that you need more. Much more. Read the various docs, keep a
tab on updates at Red Hat, SANS, Bugtraq etc. And remember, only the
paranoid survive in network security :)

Other Linux distros are similar, but this is the one I know :)

HTH
Jonathan