If you run redhat recompile the kernel as soon as you download it.
I updated some links on my (very old) doc at dev.jongriffin.com.
These are no where near complete and one day I hope to update it. At a minimum add the grsecurity fixes and recompile without modules. You don't need modules, the distros use them to allow more hardware to be supported. Modules suck, they are a security flaw, did I mention that modules suck?
- Get up2date if you can't/don't have experience upgrading software.
- Delete most of what is in /etc/xinetd.d/.
- Add another user with an id of 0 and never login as root.
- Run Tripwire before you go on the net as you will be probed within minutes of plugging the cable in.
- get and install portsentry and logcheck. Learn to love reading your logs, you will soon find out what is not normal (like login from root).
- NMAP is your friend (just make sure you don't have an automatic lockout program such as portsentry running or you will lock yourself out.)
- Nessus is your friend
- Snort can be a good buddy
- Build a firewall (smoothwall is excellent) and use it in front of your real box. You don't need to buy someones proprietary box.
- SSH is your wife. Don't allow anyone to talk you into ftp/telnet.
- Get on Redhats update list
- Follow some security sites DAILY
- there is more, but you get the idea.
- Most of this applys to ANY OS.
