SEARCHSOLARIS.COM Administrator Tip SPONSORED BY: PostMasterDirect.com ========================================== What do you like? Networks? Computer Games? Downloads? How about Free Stuff? SearchSolaris.com can get you FREE info on the topics that interest you most - and there are so many to choose from! We'll find related news, information and special offers and deliver them directly to your e-mailbox, all at no charge! Sign up today at http://searchsolaris.techtarget.com/postmasterDirect/. ========================================== "Protecting the NIS Maps Directory," by Gunther Vanaken The /var/yp directory should only be accessible by root. Change the permissions accordingly. If you are running TripWire, COPS or any other security tool, you should make it a part of the security audit process. Setup /var/yp/securenets You should configure NIS to make its maps available only to certain networks. This can be done with the /var/yp/securenets file, here is an example: 255.255.255.0 10.10.20.0 255.255.255.0 10.10.21.0 To restrict availability to hosts, simply add the IP address of that host(s): 255.255.255.0 10.10.20.2 255.255.255.0 10.10.20.1 Secure your Root account The root account should always be local! You should never allow it to be a part of NIS. If a hacker discovered the root password, he/she would have access to all of the machines within the NIS domain. Also, if NIS ever failed, you may not be able to login as root on any machine in the domain. Move NIS Maps NIS uses the /etc/passwd, /etc/shadow, /etc/inetd/netmasks files by default for its maps. Two problems with this are; anyone with login access to the system will be able to read all of the NIS maps; second, with /etc/passwd and /etc/shadow as NIS map sources, root login will be possible only if NIS is running properly. You should move these files out of the /etc directory. ==================================== SUBMIT A TIP AND YOU COULD WIN A GREAT PRIZE!! Every month searchSolaris holds a contest for the best user-submitted Sun/Solaris administration tip! This month we're giving away a very cool Handheld Global Positioning System. To experience our Online Tips Exchange, or to submit a tip of your own, click on http://searchsolaris.techtarget.com/tipsIndex/0,289482,sid12_tax281849,00.html. How did you like this tip? Like it or not, we want to hear from you. To sound off, or to submit a tip of your own, send an email to mailto:[EMAIL PROTECTED]. ==================================== SPONSORED BY: whatis?com ==================================== Visit the Web's most comprehensive online technology encyclopedia! Whatis.com defines more than 2,700 of the most important tech terms in plain English. Search for a term or navigate by category. Check out Fast Reference guides for a quick summary of everything from connection speeds to online color palettes. And don't miss Every File Format in the World, the Web's largest list of file extensions and the programs that use them. It's all free at http://whatis.com. ==================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchSolaris.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
