There are many settings I find myself adjusting after every Slackware installation I complete. This article takes place immediately after an installation of Slackware 11, logged in as root for the first time. Here are some of the settings I adjust:
The inetd.conf file contains all of the standard services that come with the Slackware distribution. By default this file has many of these services uncommented, and I comment them out so that they are no longer running. The default services I comment out are:
- time stream tcp nowait root internal
- time dgram udp wait root internal
- comsat dgram udp wait root /usr/sbin/tcpd in.comsat
- auth stream tcp wait root /usr/sbin/in.identd in.identd
Then save the file and exit your editor. Be sure to run killall -HUP inetd in order to restart the inetd process and have your changes take effect.
Read my article on Modifying SSH to Maximize Security for details on modifications to make to your sshd_config file.
The next thing to do is to install Slackpkg, which was introduced into the /extras folder along with the recent release of Slackware 11.0. Slackpkg will make it easier to upgrade to the latest applications that Slackware has released since the original Slackware 11 release date. This includes security fixes. Here is a quick run down of installing and configuring Slackpkg:
- Visit http://packages.slackware.it/
- Search for Slackpkg and download it from your closest mirror.
- Once downloaded, run installpkg slackpkg-X.XX-noarch-1.tgz
- Edit /etc/slackpkg/mirrors and uncomment a mirror closest to you.
- From the command line, as root, run slackpkg update
- Once the update completes, run slackpkg upgrade-all to view a list of applications to upgrade.
Slackpkg is a very helpful tool. Whenever there is a security advisory or update to the slackware-current tree I can stay up to date simply by following the last two steps from above.
The rc.local file is a great place to put in commands you want executed at boot time, providing the rc.local file is executable (chmod +x rc.local). Another one of the initial configurations I do to Slackware is to add the command ntpdate time.nist.gov to this rc.local file. This will keep my machine in sync with the time server at nist.gov.
If the machine I installed Slackware onto is a single boot machine, I like to remove the LILO prompt. To do this, I edit /etc/lilo.conf and comment out the line that reads prompt so that it now reads #prompt. Be sure to execute /sbin/lilo after saving the lilo.conf file.
Of course there are many other settings that I adjust that are specific to my environment and network configuration but the items mentioned above are the universal settings I feel every new Slackware 11.0 installation should have. To summarize, it is important to make the proper modifications to your inetd.conf, sshd_conf if you are looking to harden, better secure your installation.