Ken or anybody out there that's a linux guru, I'm trying to set up a mandrake 7.2 box for security testing. Being a real novice on linux, what's the best way to setup the box? And how do I go about securing the box from hack attacks? Perhaps this is not the right forum page, but if anybody in the know can give me a hand, I'd appreciate it... :)

den2

Hey happy to see a fellow linux novice asking questions that I have but in the "Red Hat 7.0" arena. In Red Hat you have a fire wall prog called fire-config that can block ports, block ip ranges etc... I have not found however an easy how to document to do so..... Wish they had zonealarm for Linux... (hmmmm) Currently I am reading the Red Hat 7.0 Linux bible and it is a great start to this unfamiliar territory! I have found that when I run NMap on my system that I have several ports open to the world by default. You can get NMap at http://www.insecure.org It is a great security/hack website for the security conscience/deviant mind. Later on

well if you want to secure your box from hack attacks, you should really update your software, ftp daemon, telnet daemon and so on, their are alot of exploits out their , bu recently i havent found much exploits on mandrake 7.2, good choice mandrake 7.2 is the best for novices

once you get out of the novice stage, you should install a different linux os, because by default mandrake 7.2, with the programs that run when you boot up really hogs up your resources, than occasionally will freeze and crash

What about Red Hat 7.0... for novices??? Is it a good linux flavor to work with and learn about. I use the gnome x-windows and of course when i can the command line.
Thanks in advance

well yeah redhat 7.0 is for novices and well i guess people have their own tastes, i personally hate redhat 7

I dont think that your ready for Slackware just yet!! Master Mandrake and then move onto a bigger better Penguin.

To secure your Mandrake OS I would recomend installing Bastille Linux along with PortSentry.

Bastille Linux aims at fortifying your OS. Its simple to use and fully optimized for RedHAt and Linux Mandrake.
www.bastille-linux.org (http://www.bastille-linux.org)

PortSentry is a port scan and prevention software package that is part of the Abacus security project. (Check out www.psionic.com (http://www.psionic.com) for more details) PortSentry will bind itself too all inactive ports and listen for TCP and UDP scans. If a scan is found, PortSentry will use IPChains to block any further scans from the attacker.

Both of these programs are available for Mandrake in pre-compiled RPM format. I used to use both of em back when I was a Mandrake newbie 6 months ago :D I learnt a great deal about Linux security from these apps.

You could also surf over to www.linux-firewall-tools.com (http://www.linux-firewall-tools.com) and use the Firewall Design Tool to design your own IPChains firewall without even enterring the bash shell :D


******

Once Mandrake starts to bore you and you start looking for a UNIX OS with a hunger for power, turn your head towards Debian GNU/Linux. Debian is the best and most stable Linux OS. It is completely free and developed by a team of 600 volunteer programmers from all over world.

What is slackware linux? Why is it better than other linux flavors? Where can I get it?

once your done with linux, then comes to the harder operating systems, the bsd's , freebsd,netbsd,openbsd etc.

Apparently Mac is breaking new ground with BSD by encorparating it into Mac OS X, they've also released there own open-source BSD OS called Darwin. Maybe the BSD world will gain some popularity because of this.

http://rcf.mvlan.net/

Just grab the RPM and you're ready to go.