[1845] in linux-security and linux-alert archive
[linux-security] Re: Services not required?
daemon@ATHENA.MIT.EDU (A Dark Elf)
Tue Jun 9 07:18:11 1998
Date: Tue, 9 Jun 1998 03:08:20 -0500 (CDT)
From: A Dark Elf <drow@darkelf.net>
To: linux-security@redhat.com
In-Reply-To: <016e01bd9315$cbe32820$34a2eecf@tecra740cdt.chaven.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Mon, 8 Jun 1998, Stephen Costaras wrote:
>
> I'm in the process of locking down as much of my systems here
> as possible as to available ports. I am down to only a handful
> but am not sure how much of a security risk they pose and was
> wondering if anyone here might be able to comment, or suggest
> secure versions to run:
>
> 21/FTP (WU-ftpd v2.4.2 BETA 14)
> 22/SSH (1.22)
> 23/TELNET (Netkit 0.09)
> 25/SMTP (Sendmail v8.8.7)
> 49/TACACS (TACACS_Plus v4.0.2 BETA/Cisco)
> 53/DNS (BIND v8.1.2)
> 80/HTTP (Apache v1.2.6 - upgrading to v1.3.0)
> 110/POP3 (Katie Steven's v1.016)
> 111/RPC (Netkit 0.09)
> 113/IDENTD (????)
> 669/MOUNTD (RPC/Linux Userspace NFS server v2.2beta29)
> 2049/NFS (RPC/Linux Userspace NFS server v2.2beta29)
> 6669/APCUPSD (UPS Monitoring, read-only from UPS server, already sent
> letter to author for security info).
The most non-secure services are the r services, and those aren't much at
risk if you're not running a version with security holes. But I don't see
why you would actualy need to run all of them. Ssh could replace telnet,
you don't need identd unless you go on IRC, as for mail, you should check
sendmail alternatives. Oh and firewalling ports is still the best
solution. Unless you need to NFS with someone across the country, you
should firewall it for outside users.
Patrick Lambert
----------------------------------------------------------------------
DarkElf Network SysAdmin http://www.darkelf.net
OKC.OK.US.UnderNet.Org Operator http://www.undernet.org
Check the main resource for developers at www.fastethernet.net
----------------------------------------------------------------------
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null