On Fri, 2002-02-08 at 04:58, Pixel wrote: > Bryan Paxton <[EMAIL PROTECTED]> writes: > > > On Fri, 2002-02-08 at 04:20, Pixel wrote: > > > Bryan Paxton <[EMAIL PROTECTED]> writes: > > > > > > AFAIK, there's not much difference between level 2 and 3 with current msec. > > > The major differences: > > > - X port 6000 is closed in level 3 (and i won't accept a default install which > > > breaks xhost +foobox) > > That's highly insecure (DoS attacks mostly). > > IMO this is availability, not security. >
Not fun when your box locks up : ) > > > > - ssh-server allows login as root in level 2 > > HIGHLY insecure... Allowing remote root login on any service is BAD BAD > > BAD. > > As for me, i don't care. This could be changed. > > [...] > > > -/etc/rc.d/init.d/* root.root 744 > > +/etc/rc.d/init.d/* root.root 700 > > really annoying. Security via obscurity. It also means you have to use root > more often. > Hmmmm, you usually have to be root to exec the scripts in there anyway? But for the sake of argument, s/700/711/ or s/700/751/ > [...] > > > -/home/* current 755 > > +/home/* current 711 > > that is friendly :-( > i hate it > You like it when anyone on the system can browse your $HOME ? : ) Or did you mean you don't like it when anyone on your system can browse your $HOME? > > > -AllowAutologin > > of course, this is not acceptable. > > [...] : ) > > > umask defaults > > umask doesn't seem to be changed. Slip up on my reading! : ) > > And the security checks > > beurk. Any rootkit can see cron-based checks and disable them... Of course, but the point is simply defaults secure (or quasi-secure) defaults. -- Bryan Paxton Public PGP key: http://www.deadhorse.net/bpaxton.gpg "Winning gives birth to hostility. Losing, one lies down in pain. The calmed lie down with ease, having set winning & losing aside." Dhp. 201