Re: Beginning to try to secure my box. Thanks so far
> "arthur" == arthur dent <[EMAIL PROTECTED]> writes: arthur> I have also installed from cd the Hardening Docs and will arthur> begin reading those too. A couple of the replies arthur> mentioned that I could disable services in the inetd.conf arthur> file. Below is a copy of mine, how do I know what I need arthur> and dont need? Well, depends on what you plan to do... I personally don't have anything running except smtp, and even that, I run from daemon. But your needs may be different. Most probably, you don't need the first bunch. Good Luck. Marshal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
> "Paladin" == Paladin <[EMAIL PROTECTED]> writes: Paladin> On 05 Jun 2002 13:58:48 +0200 Paladin> Mark Janssen <[EMAIL PROTECTED]> wrote: >> Also check your /etc/inetd.conf Paladin> time, daytime and discard, what are these for?? You probably don't need them, and to what I heard, they are quite insecure. I have them turned off, with no ill effects. But I don't run an internal network. Actually, I don't even use inetd. I have exim running as a daemon, and the only thing I use the superserver for is leafnode, and I use rlinetd for that. Good Luck. Marshal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
Em Wed, 5 Jun 2002 22:06:30 +1200 arthur_dent <[EMAIL PROTECTED]>, conhecido dependente de drogas (Coke e BigMac's), wrote: > I am trying to begin to secure my P.C.. It's only a home computer > but may hopefully later be linked to a second pc via 10/100 nics. > > http://www.debian.org/doc/manuals/securing-debian-howto/ enough information there.. :-) -- saudações, irado furioso com tudo Linux User 179402 mais crimes são cometidos em nome das religiões do que em nome do ateísmo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
You've gotten the answers to your questions, already, but I'll point you to www.debian.org/doc/manuals/securing-debian-howto/ for an okay primer to hardening your box, if you don't already know about it. I'm no security expert, but it seems to coincide with most of the knowledge that I've seen on the net. Good luck. Marshal > "arthur" == arthur dent <[EMAIL PROTECTED]> writes: arthur> I am trying to begin to secure my P.C.. It's only a home arthur> computer but may hopefully later be linked to a second pc arthur> via 10/100 nics. arthur> I was reading a faq on the net about securing a linux box arthur> and they recomend to not have certain services enabled arthur> unless absolutly necessary. One of these is "portmap". I arthur> notice this is enabled by default (I think) on Woody. Can arthur> I safely uninstall this service/program without affecting arthur> my p.c.? All I'm using it for is surfing the net, reading arthur> email and other "home" type things. arthur> Also they recomend disabling nfs...I have "nfs-common" and arthur> nfs-kernel-server" installed. Can I safely disable these arthur> too? I dont require them for apt-get updates etc? Thanks arthur> for any advise. arthur> -- To UNSUBSCRIBE, email to arthur> [EMAIL PROTECTED] with a subject of arthur> "unsubscribe". Trouble? Contact arthur> [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
On 05 Jun 2002 13:58:48 +0200 Mark Janssen <[EMAIL PROTECTED]> wrote: > Also check your /etc/inetd.conf time, daytime and discard, what are these for?? -- Paladin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
--- arthur_dent <[EMAIL PROTECTED]> wrote: > I am trying to begin to secure my P.C.. It's only a > home computer but may > hopefully later be linked to a second pc via 10/100 > nics. > > I was reading a faq on the net about securing a > linux box and they recomend > to not have certain services enabled unless > absolutly necessary. One of these > is "portmap". I notice this is enabled by default (I > think) on Woody. Can I > safely uninstall this service/program without > affecting my p.c.? > All I'm using it for is surfing the net, reading > email and other "home" type > things. > > Also they recomend disabling nfs...I have > "nfs-common" and nfs-kernel-server" > installed. Can I safely disable these too? I dont > require them for apt-get > updates etc? > Thanks for any advise. > > Yes and yes. You might want to install the harden meta-packages ( is that the correct terminology? ). See: http://packages.debian.org/cgi-bin/search_packages.pl?keywords=harden&searchon=names&subword=1&version=testing&release=all = [EMAIL PROTECTED] Hacking is a "Good Thing!" See http://www.tuxedo.org/~esr/faqs/hacker-howto.html __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
On Wed, 2002-06-05 at 12:06, arthur_dent wrote: > I am trying to begin to secure my P.C.. It's only a home computer but may > hopefully later be linked to a second pc via 10/100 nics. That's allways a good thing :) > is "portmap". I notice this is enabled by default (I think) on Woody. Can I > safely uninstall this service/program without affecting my p.c.? > Also they recomend disabling nfs...I have "nfs-common" and nfs-kernel-server" > installed. Can I safely disable these too? I dont require them for apt-get You can safely remove the portmapper and nfs. These are all only needed for NFS (and rpc, which is used (omong other things) by nfs). You can just add "exit 0" to the beginning of the /etc/init.d/portmap and nfs-* files to disable them. (Or remove relevant packages) Also check your /etc/inetd.conf Most services here can be turned off. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Beginning to try to secure my box.
On Wed, Jun 05, 2002 at 10:06:30PM +1200, arthur_dent wrote: > I am trying to begin to secure my P.C.. It's only a home computer but may [...] > One of these > is "portmap". I notice this is enabled by default (I think) on Woody. Can I > safely uninstall this service/program without affecting my p.c.? Yes. > Also they recomend disabling nfs...I have "nfs-common" and nfs-kernel-server" > installed. Can I safely disable these too? Yes. > I dont require them for apt-get > updates etc? No. -- Note that I use Debian version 3.0 Linux emac140 2.4.17 #1 sön feb 10 20:21:22 CET 2002 i686 unknown Hans Ekbrand pgpTr4eKdANFW.pgp Description: PGP signature
RE: Beginning to try to secure my box.
>Can I > safely uninstall this service/program without affecting my p.c.? Yes. > Also they recomend disabling nfs...I have "nfs-common" and > nfs-kernel-server" > installed. Can I safely disable these too? Yes. >I dont require > them for apt-get > updates etc? No. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]