--- Chris Wilcox wrote: >
>
> If this box will run Squid and Squid only...


yes, this box will run squid and squid only..

>...then I'd
> be looking into one of
> the more minimal distributions such as Debian. You
> don't need most of the
> 'junk' that distro's like Suse will install by
> default....


when u say 'junk', do u mean actively running
services, that have ports to which one can connect, or
do u mean the myriad of packages that SuSE will
install based on the type of setup u need (which
includes Minimal, Default, Default With Office or
Everything)..?..

>... as most of the
> services etc that will be running by default on
> distro's like Suse will only
> serve to slow things down.


i see u mean well, but i've been running SuSE since i
started in the industry, and over time one develops
ideas and tricks on one's favorite flavor of Linux..

regarding running services, i know SuSE don't have
INETD running by default post install..

although they do default to runlevel 5 which starts X
at boot, i counter this by defaulting to runlevel 3
(really don't need X running on production gear)...

i know the smtp port is open post install thanks to
postfix, which i delete before anything else (and if i
need a mailer, replace with exim)..

the portmapper is also open by default post install,
but i stop this and remove it from the runlevels so it
doesn't start on boot..

then there's openssh, which is started by default post
install.. this is good, of course, all i do is
updgrade it to the latest stable version and close it
off using iptables and the tcp wrapper..

once all that's done, i use a script that SuSE have
discontinued (but it still does its job) called
harden_suse.. it removes setuid and setgid bits from
binaries that could compromise your system.. the
script also hashes/comments all (uncommented) entries
in /etc/inetd.conf...

after all that, i use a customised and hardened
iptables firewall to close off the only service
running on the box, SSH...

so, as u can see, adding squid to my system will only
open up port 3128, which the firewall will close off
and only redirect outbound http traffic to...

i hope this is minimal enough..

Regards,

Mark.

>
> hth
>
> Regards,
>
> Chris
>
>

__________________________________________________ _______________
> Find a cheaper internet access deal - choose one to
> suit you.
> http://www.msn.co.uk/internetaccess
>




__________________________________________________ __________
How much free photo storage do you get? Store your holiday
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com