* NSF: Don't run mountd if you don't NFS serve, at least upgrade from the latest mountd bug (Aug 1998) * SENDMAIL: If you are not running sendmail as a mail server, which this example sounds like then all you need to do is; /usr/lib/sendmail -q30m & It will only run sendmail in queue mode, which will just make sure the mail gets out. It will then not listen on the SMTP port at all. If anything, upgrade to the sendmail that allows turning off relaying (version 8.9.x) * TELNET/FTP/RLOGIN: Remove the entries in /etc/inetd.conf, and install ssh instead * IMAP/POP: Remove the entries in /etc/inetd.conf, you probably don't serve mail to people. IMAP in particular, has over and over again shown to be vulnerable. Even the latest RedHat 5.1 patch (aug 1998) has already been shown to be bad. * PERMISSIONS: /etc/inetd.conf comment anything you don't use and kill -HUP `cat /var/run/inetd.pid` /etc/hosts.deny /etc/hosts.allow .rhosts: find / -name .rhosts -exec ls -l '{}' \; These should be chmod 600 at least. * MAILING LISTS BugTraq send mail to listserv@netspace.org containing the message body subscribe bugtraq. RedHat watch list: mail redhat-watch-list-request@redhat.com with "subscribe" as the Subject.