You can always partition your system prior to the installation of any flavour of linux you have chosen, and most of the distributions come already equipped a partitioning tool. However, if you wish to do it yourself before installing linux, you can always do it with any fdisk, 'man fdisk(8)' or run fdisk and type 'm' for reviewing the list of all commands. Of course, there are other tools for partitioning, such as Disk Druid that comes with Red Hat, or Parted, a tool from the GNU foundation that you can find it here.

Passwords

Relying solely on decent passwords is not a good security measure, but using good passwords reduces the risks of a security breach. So, use password generation utilities, and most of all, educate your users about the significance of good passwords. Sadly, the best passwords are the ones you'll hardly ever remeber right, so it's always a trade-off between security and usability. Usually, this means horrible passwords, written on paper.

There are various proactive password checking utilites that can simplify your job and force users to pick a right password. Shadow passwording system needs not to be mentioned, it's a must. A good practice would be to do a dictionary attack by yourself from time to time, just to check for easy retrieveable passwords. Make sure all users create a separate password for any system they access. All passwords are vulnerable to dictionary attacks and brute force attacks, it's only up to you to make the attacker's job more difficult.

Services and daemons running at boot time

All that could be briefly said is: disable anything you don't need, or don't plan on using and also don't install anything you don't need.


One thing is certain, if you need a certain service, like telnet or FTP, think about it. Are they really needed? Are they safe to use, and is there a supplement to them, even more reliable? For instance, SSH replaces telnet perfectly, and FTP is pretty much obsolete, with all those web forms
these days, and, yes, even SCP from the SSH package.

Need an MTA? Why not think Qmail or some other instead of sendmail? A lot of issues exist when planning what services you will provide, and more important how.

Think how you're going to organize your machines in production, as it's pretty much useless to setup a perfect firewall, lose a lot of time on perfecting it, just to put an FTP behind it. Deploy servers rationally, using the least possible number of services exposed to the outside of your LAN, no matter how simple or harmless the service might be. If you really need services that have known past security issues, a wise idea would be to put them in DMZ, and separate them from all other machines, in any possible way.

Using LILO