Securing ispconfig 3. Tiger
Many thanks for your answers Till.
I was a bit worried mainly for the /usr/local directory warnings. I messed it up a changing permissions thinking that would be harmless, and I had to reset them back.
I see then that both ispconfig and getmail need a valid shell to run their cronjobs, but I'm not sure If I can "chsh -s /bin/false" libuuid and vmail.
Let me ask you a couple of questions:
Does mysql need to be listening on every interface if we are not planning a multiserver setup?
What do you think about security tools like tiger, logwatch, Samhain, Aide? Do you use any of them yourself?