On 02.09.2006, dentonj@gmail.com wrote:
> Just in time for Slackware 11.0, the new and improved Slackware System
> Hardening document for Slackware 10.2.
>
> Enjoy
>
> dentonj
>
>
> http://www.cochiselinux.org/files/sy...ening-10.2.txt

Could you stop writting such crappy "security" guides?

You *blindly* advise to stop Sendmail, Apache, BIND, inetd and so on.
You don't advise not to install them, just to shut them down.

#v+
/etc/shells:
Allowing users to run different shells allows them to bypass any security
restrictions set on their login shell.
#v-

How could that be true? How would the `removepkg zsh' add _anything_ to
system security?

#v+
/sbin/tune2fs:
Stop fsck from running every 22 boots. The new setting means fsck only
runs every 6 months. If you would like to fsck more often, then adjust
as necessary.
#v-

Very good advice. Pretty damn good! Who needs fsck? And how is it going
to work with ReiserFS or XFS?

Also, removing slrn, nn, strace, gdb and nc adds very much to system
security.

/etc/profile stuff:
#v+
# Kick and lockout users that are UID 0 but are not root
if [ `id -u` = "0" -a `echo $USER` != "root" ]; then

# Lock the user out
passwd -l $USER

# Save some info
date >> /root/****
netstat -peanut >> /root/****
ps auxww >> /root/****
w >> /root/****
#v-

ROTFL. It's pretty easy to avoid running /etc/profile.

--
Niektórzy lubi± dozziego...
Oczywi¶cie szanujemy ich.
Stanislaw Klekot