Assuming that we put our site behind a hardware firewall appliance/router like sonicwall or smoothwall, and properly configure it, how much hardening of a stock distro is needed? I don't care much about the content and there won't be much public interest in my site but I would rather my machine not participate in a DoS attack, get cracked, etc.
I have a static IP and SDSL connection. I've installed various versions of ACS and OpenACS, I can type man RPM, but I am definitely a security naif.
I am slowly getting better with Linux, Oracle, and OpenACS etc. I'm sure I can follow directions on removing unwanted packages, installing patches, recompiling, etc. However, as I'm really still learning much of Gnu/Linux CVS, Jade, DocBook, Emacs, LaTex, Postgress, etc. I like to install the new disrtros when they become available - is there a way around having to reharden your machine following every installation.
Thanks.
