On Wed, 15 Sep 1999, Paul Sack wrote:
> It might not be a good idea to throw too many of these command line
> basic security packages at them at first. Clearly any packages with
> large security concerns need to be updated. But I don't think we need to
> worry about exploits that let a regular user acquire suser status.
Okay, so maybe tripwire is a bit much for the newcomers. But I think sudo
is an absolute necessity, if only to break the habit of logging in as
root (ever).
> (Presumably, these boxes will have one user account, MAYBE another for a
> friend or roommate, but probably nothing that requires very stron
> security.) They should know that packets can be sniffed (easily)
> especially on dorm nets. however ssh may be unnecessary b/c most of them
> (at first) probably will not want to telnet into their boxen. (Those
> people who are very familiar with their unix accounts and use them for
> mail/etc. who would like to telnet to their boxen can have ssh installed
> and explained.)
I was thinking of only the ssh client, so they could traipse over to other
unix accounts safely if they wanted to. My goal would be to give them a
fully functional desktop machine that offered nothing to the outside
world. It does seem like it's fettering the Awesome Cosmic Power of Linux
to completely lock it down, but it's the safest until they learn to unlock
things on their own.
Cheers,
Robert Kennedy
UT ACITS UNIX Services
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
