On Mon, Jun 28, 1999 at 10:03:27PM +0200, hans schneidhofer wrote:
> hi list,
>
> am setting up a bastion-host between a leased line and a webnet, consisting of
> a web-server, mail-server and an ftp-server. during installation the RH 6.0 a
> question appears of about :
>
> enable MD5 Paaswords
>
> and
>
> Use Shadow Passwords.
>
> after reading the HOWTO, I am getting unsure, because a bastion-host should NOT
> contain any User - on the other hand - a Shadow-Password is NOT recommended
> on hosts without any user.
>
> What is your experience and your recommends ?
>
> Your tips and hints are very welcome
Doesn't matter. Well, there's no reason not to use MD5 and shadow passwords.
It's much more important that you don't run _any_ network services on the machine
that aren't strictly needed.
Use the strobe port-scanner to scan you machine once you got it set up. Ideally
it shouldn't respond to _anything_. You may however want to be able to SSH to
the machine.
Kill inetd, you don't need it. If you do, you're not running a bastion host :)
Also, the portmapper, NFS server, samba, apache, squid, ....... kill it.
For bastion hosts it would probably be nice to be able to completely disable sockets
in the kernel. Is that possible by the way ? You don't need sockets on a machine
that's only filtering/forwarding traffic.
................................................................
: [EMAIL PROTECTED] : And I see the elder races, :
:.........................: putrid forms of man :
: Jakob �stergaard : See him rise and claim the earth, :
: OZ9ABN : his downfall is at hand. :
:.........................:............{Konkhra}...............:
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
