[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security matters

On Mon, 9 Aug 1999 louis@pcmagic.net wrote:

> I keep hearing about "script kiddies" and more and more Linux cracking
> going on.  Would it be a good idea to close up some of the worst
> vulnerabilites?  For us beginners, it's hard to figure out how to turn off
> all those unneeded services.  Here in the US, it's common to stay online
> for hours at a time, and I'm getting concerned about it.
> I know Bastille Linux is also based on Red Hat, and there are various
> scripts floating around ....  I think after ease-of-use, security could be
> a secondary objective.  [Yes, I know that security is antithical to
> ease-of-use.]

I agree, in fact I ranted about this some time back. I suggest that:

*	rlogin, rsh, inf act "r-anything" be turned off by default. These
services are horendously insecure.

*	possibly put ALL:ALL in /etc/hosts.deny. I believe that you should
know what you are doing to turn this stuff *ON* , not to turn it off.

Maybe make some exceptions for telnet and restrict it to local access
( everyone seems to use it. The US crypto laws have really helped slow the
general move to secure software. )

*	disallow remote fingers by default. Or at least block "finger

in.fingerd ALL EXCEPT local
or even

*	modify /etc/issue and /etc/issue.net so that they *DON'T* loudly
announce the OS, kernel version, distribution and distribution release

*	perhaps we could put pointers to ssh up somewhere. I've even
suggested that we could write a tool that downloads software from the net
( software that we can't include such as crypto stuff and nocd stuff ).
This would be easy enough for me to do, because I have written a simple
GUI ftp client already.

*	I have already written a GUI inetd configurator that could make it
easier for users to choose which inetd services they do and don't want. It
includes a description of each service, and gratuitous plugs for ssh (
which isn't perfect, but much better than the inetd services )