Securing Fedora Core 2

[James McDonald]

Chong Yu Meng wrote:

>
> Hi All,
>
> I'm going to say up-front that I haven't done any reading, and I'm 
> actually looking for something like a StepByStep solution to securing 
> a FC2 web server.
>
> I went through an IBM AIX Firewall course way back in 1997, but since 
> then, I have lost touch with firewall configurations and the latest 
> threats and defenses. I have recently inherited a web server running 
> FC2 that needs to be locked down, but not so tightly that it can no 
> longer run web applications.
>
> Does anyone have any useful hints, tips or links I could look at? And 
> does Sasser affect web servers too? Is the built-in firewall in FC2 
> iptables? What should I be protecting against?

Set default policy on all your iptables chains to drop then specifically 
enable only the services you require... if it's a webserver you probably 
only need ssh http https to be allowed through to your external interface.

Don't play with your iptables policies if you are very remote as you may 
lock yourself out of the box ;)

>
> Thanks in Advance !
>
I have not used shorewall so I can't offer any comment about it.

If you require the ability to create a firewall policy and keep it 
versioned then the latest http://www.fwbuilder.org stuff is very good. 
It provides a reasonably intuitive QT based interface. You can get 
fwbuilder to create the firewall using a wizard or do your own from 
scratch. I find it useful because I can save a file with each of my 
firewalls in it and then crate/edit, compile and install a firewall 
without getting into the fundamentals of iptables -t nat -A CHAIN blah 
etc etc.

www.Oreilly.com sells some very good books on firewalling for Linux. I 
just bought the "Linux Security Cookbook" and it has information and 
examples on what you are wanting to do... very useful.

Despite being in a digital age I find books to be a better medium by 
which to learn.... How about everyone else?