[1857] in linux-security and linux-alert archive
[linux-security] Re: Services not required?
daemon@ATHENA.MIT.EDU (darren@kedemel.demon.co.uk)
Sun Jun 14 04:31:15 1998
Date: Tue, 9 Jun 1998 20:05:09 +0000
From: darren@kedemel.demon.co.uk
To: linux-security@redhat.com
Reply-To: darren@kedemel.demon.co.uk
In-Reply-To: <016e01bd9315$cbe32820$34a2eecf@tecra740cdt.chaven.com>; from Stephen Costaras on Mon, Jun 08, 1998 at 02:44:04PM -0500
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> I'm in the process of locking down as much of my systems here
> as possible as to available ports. I am down to only a handful
> but am not sure how much of a security risk they pose and was
> wondering if anyone here might be able to comment, or suggest
> secure versions to run:
>
> 21/FTP (WU-ftpd v2.4.2 BETA 14)
> 22/SSH (1.22)
> 23/TELNET (Netkit 0.09)
> 25/SMTP (Sendmail v8.8.7)
> 49/TACACS (TACACS_Plus v4.0.2 BETA/Cisco)
> 53/DNS (BIND v8.1.2)
> 80/HTTP (Apache v1.2.6 - upgrading to v1.3.0)
> 110/POP3 (Katie Steven's v1.016)
> 111/RPC (Netkit 0.09)
> 113/IDENTD (????)
> 669/MOUNTD (RPC/Linux Userspace NFS server v2.2beta29)
> 2049/NFS (RPC/Linux Userspace NFS server v2.2beta29)
> 6669/APCUPSD (UPS Monitoring, read-only from UPS server, already sent
> letter to author for security info).
>
> On servers that have no need for the above ports (ie, telnet, tacacs, pop3,
> et al) they are disabled. My main concerns are based on the assumption
> that someone might gain access to the local subnet, which protocols
> would be sniffable/hackable/et al?
Whats perhaps more important is to make sure your running tcpd and
have firewalling in place, such as ipfwadm ... so only trusted machines
may connect to you.
Then look at the services your running, although thats about a minimal
list, except more upto date daemons.
I generally turn off Ident.
--
--------------------------------------------------------------------------
<a href="mailto:darren@kedemel.demon.co.uk">darren@kedemel.demon.co.uk</a>
PGP DSS/DH 1024/1024 public Key ID 0xF0AE2B5F.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null