My typical steps are to:
change the headers on each vtty* above the login prompt to some thing less "let's tell the whole world what we are".
change the motd to some thing more strict and create a suitable banner for sshd
ensure proper settings for users and passwords.
create groups/users and set perms as necessary for the system and ensure a sensible setup for what it's there to do.
configure sshd to be a bit more to my 'tastes' then the defaults and change it from port 22 to some thing else.
Kill unnecessary services, I usually don't use inetd either but that's just my way of doing things.
Say hello to pf and continue with system wide adjustments as necessary (e.g. what is this machine for factors).
__________________
My Journal
Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
|