I know its off topic, but I hate such narrow minded comments...
> If you have ever installed any *ix system, you'd be darn well
> aware that the thing is w i d e open. There is almost
> no security there. It has to be added and maintained. Win32
> systems are similar. Very trusting and friendly until they are
> properly taken care of. Is *ix inherently more secure? no way.
No holy war here either. But I could not resist the reply to this
comment. Of course it depends on the administrator of the box, but it
depends also how you install it. I have never installed a linux box with
ftp or telnet by default(openssh). Because these boxes I setup are
usually dns or web servers you can install them so that they run in a
chrooted environments which tends to be a tad bit more secure. This is
one reason I like nix over any win platform because I can install what I
want and how I want it, which usually makes a nix box more secure than
any win platform. So to me how I stated above nix is more secure, but of
course you have to know what you are doing. You probably will say well
this is not a base install. And my reply is well if you do a custom
install which you can do right out of the box without recompiling the
kernel or anything fancy nix will me more secure than win32 platforms
out of the box. I would like to see a custom install on win32 instead of
click here to continue.
I challenge anyone to make a valid, non-ideological based
> comparison of a base Win32 and a base Liux install. If Linux
> were so damned secure in its current state, I woulnd't see IDS
> logs filling up with folks scanning for obvious Linux vulns, now
> would I? Bottom dollar is, without proper administration, both
> Win32 and *ix suck big time. With proper care and feeding, they
> can both become releatively secure.
>
You are seeing IDS logs filling up due to the fact that most script
kiddies out there are learning nix and what vulnerabilities are
associated with it. And from my years of experience and dealing with
these individuals it is more of a challenge for them, like a notch in
their belt if they compromise a nix box rather than a win32 platform.
They will be readily accepted by their peers if this is accomplished and
shunned away for saying hey I cracked a nt server. Due to the fact and
the latest security survey (I can't remeber right off hand by whom) that
show due to the recent influx of MCSE certified individuals that lack
experience on securing these boxes that get broken into its not a
challenge to them any more. It showed there were a very high number of
individuals out there that did not even have the known IIS patch
applied. I am not knocking MCSE individuals here because I myself am a
MCSE+I we all have to start some where. But there are more individuals
out there in the industry with NT boxes than there are with Unix boxes
under their control.
If you ask me this is some of the reason why you see so many entries in
your log for nix vulnerabilities than you do for the win32 platform.
-----Original Message-----
From: W. Alan Robertson
Sent: Thu 3/22/2001 10:23 AM
To: Brian Kimsey-Hickman; [EMAIL PROTECTED]
Cc:
Subject: Re: Anyone tried setting up a Linux TFTP Server
for Cisco?
Rather than get into a Holy War about why Linux is
better than Windows, I
figured I'd just answer your question.
in.tftpd doesn't constantly run like other processes,
like a http server, as an
example.
in.tftpd is typically started as needed, and terminated
when finished. The
controlling process is inetd. The configuration file
for inetd can be found at
'/etc/inetd.conf'.
Edit that file...
Scroll down to a line that reads like this (the exact
line varies by Linux
distribution):
#tftp dgram udp wait nobody
/usr/sbin/tcpd
/usr/sbin/in.tftpd /tftpboot
The # means that this line is commented out. If you
remove the hash mark,
leaving:
tftp dgram udp wait nobody
/usr/sbin/tcpd
/usr/sbin/in.tftpd /tftpboot
you will have enabled the tftp service for the box. The "/tftpboot"
reference
refers to the tftp service home directory, so make
certain that it exists. You
can also move the location if you'd like. Just specify
a different path, and
ensure that it exists.
Finally, you need to restart the inetd process, so that
it will be aware of that
fact that you want it to manage tftp services.
Do a 'ps ax | grep inetd'. That will something like:
yavin:/etc# ps ax | grep inet
252 ? S 0:00 /usr/sbin/inetd
369 ? SW 0:00 [rinetd]
7945 pts/1 S 0:00 grep inet
yavin:/etc#
To restart it, type this: 'kill -HUP [pid]'
In my example, 252 is the pid (Process ID).
I almost forgot... One thing you also need to check is
the directory pemissions
of /tftpboot...
Make sure that the directory is World Readable, and
World Writable. Tftp does
no user authentication, so you have to give global
read/write access to it's
directory. Also, before sending a file up to the tftp server, you will
need to
'touch filename'. Generally, the service will allow you
to overwrite a file
that exists, but it will not allow you to create a
wholly new file. Silly,
isn't it?
Best of luck...
Alan
----- Original Message -----
From: "Brian Kimsey-Hickman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 22, 2001 8:17 AM
Subject: Anyone tried setting up a Linux TFTP Server for Cisco?
> I was wondering if anyone had tried to set up to Linux
box as a TFTP server
> for Cisco configurations and images. I have tried
in.tftp but don't seem to
> be having a lot of luck.
>
> Thanks,
>
> Brian
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
<http://www.groupstudy.com/list/cisco.html>
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
<http://www.groupstudy.com/list/cisco.html>
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
