linux-admin@gurubase.com wrote: > Are there any resources for setting up a secure linux server? Since we'll > put our server into internet, we would like to find some tools or > guidelines to ensure our server is secure enough. Found my docs on those topics: Security testing tools and sites: Those willing to put up with a less functionality can still be well served by free tools such as: http://www.l0pht.com/~weld/netcat/ Another free testsite: http://www.grc.com If you have Solaris security questions, visit: http://www.sunworldonline/common/security-faq.html There is a nice checklist available that can help you compare firewalls. It's not perfect, but it's a good start: http://www.fortified.com/fwcklist.html Resources and Related Links: SAIC http://www.saic.com ISS http://www.iss.net NetCat http://www.l0pht.com/~weld/netcat/ Comparison of firewalls http://www.fortified.com/fwcklist.html Whitepaper on man-in-the-middle attacks http://www.cs.princeton.edu/sip/pub/spoofing.html US Army's Field Manual on Basic Cryptanalysis http://www.atsc-army.org/cgi-win/$atdl.exe/fm/34-40-2/default.htm Mirror site ftp://ftp.europa.com/outgoing/theoe O'Reilly study of Web commerce http://www.ora.com/research/ Past Security /sunworldonline/common/swol-backissues-columns.html#security Also check out the SunWorld's Site Index for stories on Web server security /sunworldonline/common/swol-siteindex.html#websec Ziegler's Linux Firewall Site: http://www.linux-firewall-tools.com/ Links and tools: http://www.linux-firewall-tools.com/linux/ Hope some of it helps. -- Regards, Mogens Valentin Networking - Security - Programming Linux configuration and troubleshooting http://www.danbbs.dk/~monz - monz@danbbs.dk - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
