Suggestions for securing a home gateway/server

[jdong]

Hi, yesterday I dumped clarkconnect on my gateway (733MHz celeron, 128mb ram). CC got waaaay too slow, and I was starting to get tired of it.


Since it was a celeron (coppermine), I started from stage3 for pentium3. I initially installed gentoo-dev-sources 2.6.4, and shorewall for NAT. Now, I put on Apache+MySQL+PHP for a decent home server, samba to share some files (listening solely on LAN interface), and Webmin to make my job easier!

For the future, I plan on using some of the server's resources to host a PHP testing ground for a group of friends, all pretty trustworthy. I also intend on having an Xvnc terminal server + GNOME for at LEAST the lan.


Now, question time:

(1) I'm starting to compile Gentoo hardened sources. Should I use them? Any suggestions about them?

(2) I was looking at the Hardened gentoo site, and noticed some interesting aspects. I've already put on Propolice stack protection in my USE flags.

(3) Should I use hardened GCC?

(4) Anything else hardened?




Once I figure these out, I'll re-emerge world, so the Propolice takes effect.

[GentooBox]

Read this: http://www.gentoo.org/doc/en/gentoo-security.xml

Remove GCC after you installed ALL your patches and packages. - only to be sure.
(security patches dont need to be compiled)

Stop every service you dont need.
_________________
Encrypt, lock up everything and duct tape the rest