On Tue, Feb 01, 2000 at 12:28:17PM +0100, R Graham wrote:
>
> Considering this is a newbie list, and I myself am a newbie, please feel
> free to correct anything that is not entirely correct. Also, you should
> yell at me for anything that is blatantly wrong!
ok. here goes.
> Comments are inline:
me too.
> > inetd
> > # I went through this file and turned everything off but
> > # telnet and ftp, unless I decide to turn both of them off
> > # as well and stick to SSH.
>
> You absolutely HAVE to run inetd. It is not only responsible for ftp and
> telnet, it is responsible for all sockets. That means, if you want anyone
> or anything to connect to your box or even talk to your box you have to
> run inetd. man inetd for more info
No. inetd is only responsible for the sockets listed in
/etc/inetd.conf . It is possible for many programs to be
run through inetd or they can open the sockets themselves
and listen(man 2 bind) inetd is basically good for running programs without
much traffic, because if you ran them all as daemons you would
have more processes taking up more memory.
> > routed -g
> > # ip forwarding, I'm guessing
> > # I have this on as I intend, eventually, to run Ipchains.
>
> This manages more than just IPforwarding. It is responsible for the
> routing tables. I would describe this as important.
I don't use routed, but I believe it is responsible for updating
dynamic routes ( routes that change as time goes by ), and would
not be nessicary for a home machine that has one connection to
the internet. I don't believe that it interacts with ipchains
at all. This could probably be turned off. It's important for
system connected to the internet with multiple connections, where
the ideal route to a location changes based on network outages.
> >
> > lpd
> > # no idea what this is. Printer?
> > # Whatever it is, can I turn it off?
> Yes, that's exactly what it is. There is no security issue here, period.
feh.
It appears than current linux versions of lpd are secure, but there
have been problems with bsd/hpux versions before, and new exploits
arrive everyday. If you arent printing from this machine, I'd disable
it.
try
grep lpd /etc/rc.d/init.d/*
then
/etc/rc.d/init.d/<whatever file it was in> stop
then
rm /etc/rc.d/rc<your runlevel, probably 2 or 3>/<whatever file it was in>
(sorry I'm not sure this works -- I don't really know redhat)
>
> Let me sum it up. As far as I know, you cannot receive mail on a machine
> w/o having some mailer daemon. In this case, you have sendmail loaded.
> This should be no problem. Just because you have sendmail running doesn't
> mean this machine is your E-mail hub. This usually has more to do with how
> your topology is setup, specifically what machine(s) is connected to your
> router etc.
>
You can still send and recieve email locally without having sendmail
*running*. It has to be on the machine, but having sendmail running just
means that it's listening on port 25 for connections. Sendmail has been
repeatedly found to have buffer overflows and other security holes. For
a router, I'd turn it off ( I do ).
> > gpm -t ms
> > # I'm guessing this is the mouse program.
> > # Can I turn this off, since I have no mouse?
>
> This isn't for your mouse. This is a menu/admin program that you can use a
> mouse in. Like a miniX for administration. You should be able to remove
> gpm also.
>
gpm passes mouseclicks to non-X applications.
If there's no mouse, take it off.
> >
> > I'm looking around the internet for some good files that explain how
> > to properly secure your machine when connected to the internet
> > (eventually it will be online full time). In the mean time if anyone
> > has any suggestions or a URL that I could follow, I'd mighty
> > appreciate.
>
> Check rootshell for all cracks that would pertain to your machine. Then,
> find the patch and install it. The other place I would check is AntiOnline
> whether you have good feelings for JP or not. Lastly, cert has both a site
> and I think a list. You can reach them at www.cert.org. Caveat emptor:
> Security is a full time job 24/7. Why do you think it is, that so many
> boxes get cracked.
>
I would first look at redhat security page ( There is one, I can't find
it right now) and look for a redhat security mailing list. Not using redhat,
I don't know the name, but I've read about it before, it should be low
traffic, only announcing fixes. Install those and your mostly ok. Redhat
seems to react to security holes within 2-3 days. Not too bad.
You don't need much running on a router.
About all I have on mine is
sshd ( only listening on the lan side )
identd ( needed for some stuff like sending mail out, irc,... )
discard ( cause I haven't bothered to disable it, and I don't think it's
a problem )
some gettys for terminals
cron ( for log files )
xntpd ( to keep time. only on lan side )
scanlogd ( logs port scans -- real nice. comes from solar designer
ftp.openwall.com )
a good set of ipchains rules.. drop packets you don't want, ignore
packets that have wrong ip addresses for the interface they are
coming in on. Ignore packets that claim to be from you....
look at the ipchains how-to
/usr/doc/HOWTO
or
http://metalab.unc.edu/LDP/
ok
have fun
greg
--
this is not here
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
