[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security matters
On Mon, 9 Aug 1999, Lee Sharp wrote:
> >* possibly put ALL:ALL in /etc/hosts.deny. I believe that you should
> >know what you are doing to turn this stuff *ON* , not to turn it off.
> I disagree with this on. People will run services on this, and will
> wonder why they don't work. Turning off the network will hurt more than
I still think ALL:ALL is a good default ( we could explicitly turn on
stuff we wanted in hosts.allow )
But I guess we could just comment out stuff in inetd.conf.
> But, turn off telnet for root.
Already is by default ( they also turn off ftp for root )
> Could this be checkable in the install? This one should be a choice.
It's be nice to make this a choice.
Another middle road would be just to prevent finger @host ( this is an
easy way for crackers to get a free list of usernames to try out )
> Inde Linux! Some Version. www.seul.org/independence/ for the latest!
> We still advertise, but give no information.
Sounds good (-;
> There are sites that allow this. Best bet would be to point the download
> to a redirect off our FTP site. That way if the distribution site has to
> move, our install is still valid.
Yep, the ftp.replay.com is the one I was thinking of. It includes the
"Redhat crypto" distribution.
> >* I have already written a GUI inetd configurator that could make it
> >easier for users to choose which inetd services they do and don't want. It
> >includes a description of each service, and gratuitous plugs for ssh (
> >which isn't perfect, but much better than the inetd services )
> Best thing yet. This RPM could be uploaded to RH, and posted about on
> the linux security newsgroups to gain Inde more exposure. It is REALLY
Cool. I might do just that ...