[1843] in SIPB_Linux_Development
Re: suggestion for /etc/athena/inetd.conf
daemon@ATHENA.MIT.EDU (Erik Nygren)
Mon Oct 6 00:01:30 1997
To: "Kevin 'Bob' Fu" <fubob@MIT.EDU>
Cc: linux-dev@MIT.EDU, net-defense@MIT.EDU
In-Reply-To: Your message of "Sun, 05 Oct 1997 23:23:20 EDT."
<199710060323.XAA02449@tiramisu.mit.edu>
Date: Mon, 06 Oct 1997 00:00:58 EDT
From: Erik Nygren <nygren@MIT.EDU>
Kevin 'Bob' Fu wrote:
> Do people object to distributing the default /etc/athena/inetd.conf
> with "telnetd -a valid" set?
>
> We should more activity discourage unencrypted logins. Disallowing
> non-kerberized telnet is more convenient than dealing with sniffed
> passwords.
Before I would have objected, but I think we need to start taking more
actions to keep Linux Athena machines secure with the default installation.
I think there are a number of actions we need to take in the RedHat 4.2
release before it comes out of beta to improve its security:
* In order to notify users of security problems that require attention,
we need to be able to contact them in some way. One approach is for
the machine to prompt for the owner's email address at install-time.
This address could either be used to add the user to an announcement-only
list, or could be used by the machine to send mail about things
like needing to run update.pl when it changes.
* Make the system default to only allowing secure connections.
As part of this, we should also include ssh in the distributions.
(Apparently, there's a modified version that works with PAM).
Users can enable insecure telnet themselves, but a comment
in inetd.conf could discourage this. Also distribute
kerberized telnet and ssh client binaries for lots of platforms
so that people don't have any excuse. We have to make it
as easy as possible for people to use them without any/much
effort and without being sysadmins on the machines they're
logging in from. I think NetOps is working on this...
* Possibly have a script that checks for standard indications
of break-ins (ie, weird files in /dev, changed login binary,
etc) and notifies the machine owner.
* Make subsystems (such as samba) not start up even if they are
installed, but make it easy for users to enable them.
Also comment out unnecessary things in inetd.conf.
I think taking this combination of actions could greatly
reduce the number of break-ins we're seeing.
In addition, we'll need to convince people to upgrade their systems.
There are lots of people with ancient swiss-cheese-like RedHat 3.0.3
and Slackware machines.
I suggested having a meeting last week but Thursday was a bad time.
Do people think a meeting would be useful, or should we just discuss
issues here? Either way, something really needs to get done.
Erik
