Linux Gurus: What are your post install security routines?

[GTaudiophile]

I remember, after installing Slackware for the first time 3 years ago, my expert friend guided me through the process of plugging a few holes. I distinctly remember editing the hosts.allow file and then also some other file where one could comment out FTP and Telnet such that those services wouldn't run (I forget the file name).

What are some of the things you all do to plug holes after a new installation? Or do you just leave everything at default?

 

[n0cmonkey]

/etc/inetd.conf is probably the place to comment out services you don't need. I generally just don't let inetd run.

In /etc/hosts.deny:
ALL:ALL

Don't forget to update your system.

 

[Nothinman]

AFAIK Ubuntu comes with no network services listening, /etc/inetd.conf or /etc/xinetd.d/* and /etc/xinetd.conf, I don't remember which Ubuntu defaults to installing.

 

[stars]

http://www.geocities.com/jtarin47/linux/Slackware/Securing_Slackware.html is a good basic guide to start with. Another thing one can do is edit startx with -nolisten tcp in the serverargs section. The guide I posted a link to and editing the default startx is usually a basic starting place for me after a fresh install. Then depending on the machines role I either leave it alone or take further steps to secure it.

 

[Nothinman]

Another thing one can do is edit startx with -nolisten tcp in the serverargs section.

This should be done by default, Ubuntu is based on Debian and Debian has been doing that by default for as long as I can remember.

 

[stars]

Originally posted by: Nothinman

Another thing one can do is edit startx with -nolisten tcp in the serverargs section.

This should be done by default, Ubuntu is based on Debian and Debian has been doing that by default for as long as I can remember.

Yes, I agree. The main reason I mentioned it, is in case someone using a distro that doesnt do that by default reads this.