Software Considerations
After the kernel is built, you can look over the system for software that isn't required for operation. Extraneous software should be removed. This is especially true of compilers, games, and other unnecessary software. The use of the X Window software is discouraged because this binds to ports 6000–6255 (though most commonly just 6000–6010). If you feel that it is needed, consider using iptables to deny output on the untrusted network side. This includes nfs and other services that are not used or needed. If an intruder breaches the firewall, it doesn't make sense to provide tools to use or services to activate, and most certainly not provide bridges to other systems.
The use of a secure shell (OpenSSH) program is also ...
Get Special Edition Using Linux®, Sixth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
