Hello All,
I am considering hiring someone to add some security to my server, below is what they have suggested they will do, can someine please tell me if this is a resonable price for what they plan to do? They quoted me $75 for the whole job---

1) Install
Logcheck : Logfile auditing software for Unix. ;
PortSentry : Port scan detection and active response tool. ;
HostSentry : Host based Intrusion Detection and Login Anomaly Detection.

2) Remove Telnet access

3) Firwall the server if your ISP allows it. It is not essential as portsentry does quite a neat work. Also some ISP's do not allow that.

4) Remove unwanted packages such as sendmail, ypserver etc..

5) Configure SSH. Remove direct root access for SSH

6) Remove root access for mysql with a password

Thanks

Well, they seem to have given you a free checklist of things to do... personally, I'd save myself the money and do those myself (if I hadn't already, of course).

But if you don't want to do those things yourself, $75 is a reasonable amount to pay someone else to do them for you.

I've done most of these things myself, but based on that I'd say that an experienced person could manage all that within the hour...

I guess that for the amount of work, and for the enhanced security of your server $75 is very reasonable...

Security Consulting Rates
In my area (NYC), I usually charge between $70-100/hour, depending upon the server, for security work. These are pretty average rates here in the Northeast and other places as well. The items in the list should be completed in about an hour, so I would say the price if fair.

Qualifications???
Just make sure the person actually knows what they are doing, because false security is almost as bad as no security.

More Security Issues
The items in that list are only the first step though. If you are running cgi scripts, databases, samba or other processes, you would want to secure those as well.

I spend about 3-4 hours securing every linux server that I attach to the net. This includes tcp wrappers, removing unecessary services, setting up firewalls, adding logging options, etc.

After all that is setup, I use nessus scanner and a couple of other tools to make sure I did not miss anything. I recently heard that it is no longer uncommon for a linux box to be hacked within 15 minutes of being on the net.

Resources
There was a thread in the cobalt section about security, which you may want to take a look at:
http://www.webhostingtalk.com/showthread.php?threadid=8539

Many of the items there are general and apply to non-cobalt machines.
Web sites
http://www.linuxsecurity.com
http://www.securityportal.com
List of security articles
http://www.hideaway.net/Server_Security/Library/Linux/linux.html