# -- example "netstat -ntl" output Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.26.11:3306 0.0.0.0:* LISTEN tcp 0 0 192.168.26.15:80 0.0.0.0:* LISTEN tcp 0 0 192.168.26.17:80 0.0.0.0:* LISTEN tcp 0 0 192.168.26.22:80 0.0.0.0:* LISTEN tcp 0 0 192.168.26.27:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.26.15:443 0.0.0.0:* LISTEN # -- example "netstat -ntl" output * - * - * - * - * - * - * - * - * - * - * - * - * - * - * # -- /etc/sysconfig/iptables (Fedora/RHEL/CentOS) # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # -- /etc/sysconfig/iptables * - * - * - * - * - * - * - * - * - * - * - * - * - * - * # -- /etc/security/limits.conf # # -- special rules for root; can spawn up to 512 processes # root hard nproc 512 # -- members of the wheel group are allowed 256 processes and 50 logins # @wheel hard maxlogins 50 @wheel hard nproc 256 # -- limit all others to ten processes and 4 concurrent logins # * hard maxlogins 4 * hard nproc 10 # -- /etc/security/limits.conf # -- a possible partitioning scheme /dev/mapper/vg01-lv_root 1008 161 797 17% / /dev/sda1 99 14 80 15% /boot /dev/mapper/vg01-lv_home 10080 55 9513 1% /home /dev/mapper/vg01-lv_opt 4032 41 3787 2% /opt /dev/mapper/vg01-lv_usr 4032 562 3266 15% /usr /dev/mapper/vg01-lv_var 53657 3784 47104 8% /var /dev/mapper/vg01-lv_var_lib 122872 192 116440 1% /var/lib /dev/mapper/vg01-lv_var_qmail 4960 2077 2628 45% /var/qmail # -- a possible partitioning scheme # -- "mount -t ext3" output (different system) /dev/mapper/vg01-lv_root on / type ext3 (rw) /dev/sda1 on /boot type ext3 (rw) /dev/mapper/vg01-lv_home on /home type ext3 (rw) /dev/mapper/vg01-lv_opt on /opt type ext3 (rw) /dev/mapper/vg01-lv_usr on /usr type ext3 (rw) /dev/mapper/vg01-lv_var on /var type ext3 (rw) /dev/mapper/vg01-lv_data on /data type ext3 (rw,nosuid) # -- "mount -t ext3" output * - * - * - * - * - * - * - * - * - * - * - * - * - * - * # -- "pstree" output init-+-bdflush |-boa |-cron |-8*[getty] |-keventd |-klogd |-ksoftirqd_CPU0 |-kswapd |-kupdated |-lpd |-sshd-+-sshd---bash | `-sshd---bash---pstree |-svscanboot-+-readproctitle | `-svscan-+-supervise---dnscache | |-2*[supervise---multilog] | `-supervise---dhcpd `-syslogd # -- "pstree" output * - * - * - * - * - * - * - * - * - * - * - * - * - * - * # -- "ip address show dev eth0" output 3: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:30:1b:af:78:51 brd ff:ff:ff:ff:ff:ff inet 10.10.20.33/24 brd 10.10.20.255 scope global eth0 inet 10.10.20.44/24 brd 10.10.20.255 scope global secondary eth0:0 inet6 fe80::230:1bff:feaf:7851/64 scope link valid_lft forever preferred_lft forever # -- "ip address show dev eth0" output