If you have a new box you want to use for web hosting etc, then here are just a few of the things you can do to help make the box secure. This list is not comprehensive, nor do I take any responsibility for any harm that may come to your server if you use any of these commands. These are mainly “quick reference” commands in case I need them in a rush (for example: we’ve put a box online and need it at least “semi-secured” – we’ll spend a bit more time securing a box then just these commands, but they’re a good starting point)
Run commands as root/su:
Disable telnet
Modify /etc/xinetd.d/telnet (could also be /etc/xinetd.d/telnet and change disable=no to disable=yes
Disable code compilation
Add compiler group: /usr/sbin/groupadd compiler
Move to correct directory: cd /usr/bin
Make most common compilers part of the compiler group chgrp compiler *cc*
chgrp compiler *++*
chgrp compiler ld
chgrp compiler as
Set access on mysqlaccess chgrp root mysqlaccess
Set permissions chmod 750 *cc*
chmod 750 *++*
chmod 750 ld
chmod 750 as
chmod 755 mysqlaccess
To add users to the group, modify /etc/group and change compiler:x:123: to compiler:x:123:username1,username2 (‘123’ will be different on your installation)