|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: ksemat
wawa.eahd.or.ugDate: Wed Oct 10 2001 - 06:34:48 CDT
> We ahve installed and configured Bastille firewall, portsentry, tripwire and
> snort. Assuming we keep our configurations up to date to detect the "latest
> and greatest" threats, do we need any other means of protecting our system?
quite good so far. You can also go ahead and remove all unnecessary SUID
programs, make many of your serious files in /etc and binaries in /sbin,
/usr/sbin, /bin, /usr/local/bin, /usr/local/sbin immutable with chattr.
You can also do some process limiting in /etc/profile and patch your
kernel with solar designer's openwall patch from http://www.openwall.com.
infact even better integrate openwall and LIDS ( www.lids.org)
Noah.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]