mmkhan - I'm not sure how useful it would be in this case. Nobody should have physical access to the box, all users should have long and complex passwords, and if I follow what has been mentioned by zencoder and gore then I shouldn't have a need for this. My apologies if you think otherwise :)
zencoder - Thank you for correcting that. With Tripwire there, any rootkits would be found because the file change would be logged and reported to the admin user.. sorry about that, I seem to have missed it.
I took ClamAV off the list as well - it's not needed, as you and d0pp said.
I'll also look into further configuration of SELinux - I'm not fully in touch with the deeper side of it.
Really? Even the compilers? It could be a bit tricky if I deleted a library which was required by a certain app. Sounds like a challenge though - I'll see if I can do it without removing any dependancies on Sunday, when I can download openSUSE 10 ;)Quote:
[...] If you want true security, I would go so far as to not only disable unessential services, but remove the executables, the library objects, and the compilers and man pages. Take EVERYTHING off the box that isn't needed. Stripped bare. Then get tripwire running properly, and everything tracked via syslog...and you might just have a nearly secure box. maybe.
I was also thinking of CentOS as a server distro, but openSUSE sounds quite suitable for the task, so I may just stick with that. Also, another app that I have thought of is PortSentry, which detects port scans and such. Should I install that as well, or is it unnecessary?
Thanks,
-jk :D