1. Disable ALL network services
"netstat --inet -a" should provide a empty listing
2. Install Squid and make use of the chroot_dir squid.conf directive.
3. If needed, install bind and make use of the -t and -u command line
options to secure bind.
4. Add -a options to syslog as required for Squid and bind (if
installed).
5. Install a ssh server for remote administration, and configure it to
only listen on your internal network, not visible from the outside.
-- Henrik Nordstrom Squid Hacker Palmer J.D.F. wrote: > > Hi, > > I realise that this is a bit off track for this forum, but I am looking to > make my squid boxes as secure as reasonably possible. > > I have installed TCP wrappers and closed as many ports as I can but I'm > wondering whether I need to have the 'sunrpc' and 'auth' ports open, and if > not how to close them. > > Does any one have any opinions/advice? > > Many thanks, > > Jezz Palmer. > > **************************************** > Jezz Palmer. > Internet Systems Officer. > Library and Information Services > University of Wales, Swansea > Singleton Park > Swansea > SA2 8PP > Tel 01792 513260 > **************************************** > > -----Original Message----- > From: Henrik Nordstrom [mailto:hno@hem.passagen.se] > Sent: 23 April 2001 10:11 > To: Balu > Cc: Squid Users > Subject: Re: [squid-users] HTTPS &Reverse proxy > > Balu wrote: > > > As u have said earlier ,If the squid is the end point for the HTTPS > > connection then it will cache page.Am i in the right sense here. > > Yes, then it is the same as receiving the request as an unencrypted HTTP > request (https is no more than HTTP over SSL, it is still HTTP). > > -- > Henrik Nordstrom > Squid HackerReceived on Mon Apr 23 2001 - 16:22:48 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:33 MST