Re: [TCLUG:5528] security

To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:5528] security
From: Peter Lukas <peter@math.umn.edu>
Date: Mon, 26 Apr 1999 14:36:09 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.04.9904261401520.31292-100000@pclueyb>

Take a look at /etc/inetd.conf and comment out anything you don't plan on
using.  This should be done by default.  I've been hounding RedHat, et al
for several years on this one since that's where at least 90% of all Linux
compromises originate.

Peter Lukas

On Mon, 26 Apr 1999, Ben Luey wrote:

> Two security questions:
> 
> On a server, I have /etc/hosts.deny ALL:ALL and hosts.allow
> ALL: 192.168.1.0/255.255.255.0   --intranet has full access
> sshd: ALL      -- everyone has ssh
> 
> I ran nmap on this server from outside the intranet and it says lots of
> things are open:
> 
> Starting nmap V. 2.02 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
> Interesting ports on sf-usr4-21-149.dialup.slip.net (207.171.246.149):
> Port    State       Protocol  Service
> 21      open        tcp        ftp
> 22      open        tcp        unknown
> 23      open        tcp        telnet
> 25      open        tcp        smtp
> 37      open        tcp        time
> 53      open        tcp        domain
> 70      open        tcp        gopher
> 79      open        tcp        finger
> 80      open        tcp        http
> 98      open        tcp        linuxconf
> 109     open        tcp        pop-2
> 110     open        tcp        pop-3
> 111     open        tcp        sunrpc
> 113     open        tcp        auth
> 137     filtered    tcp        netbios-ns
> 138     filtered    tcp        netbios-dgm
> 139     filtered    tcp        netbios-ssn
> 143     open        tcp        imap
> 513     open        tcp        login
> 514     open        tcp        shell
> 895     open        tcp        unknown                                  
> 
> I can't use, say, imap from outside the normal way, but is it still a
> security liability, or now? (137-139 are filtered from ppp0). If it is,
> what should I do -- (this doesn't have to be very anal, because it is a
> dynamic ip dialup, but still -- I noticed someone trying my imap
> connection from outside ...) 
> 
> Also, how can I have ssh (or telnet) only let certain users login from
> ppp0? Some users have wussy passwords which is fine within the network,
> but I'd like to disable access to these accounts from the outside (ie
> ppp0).
> 
> Thanks,
> 
> Ben
> 
> 
> Ben Luey
> lueyb@carleton.edu
> ICQ: 19144397
> 
> Modern computerized word processing enables us, both as individuals and as a
> cohesive societal entity, to exponentially enhance and aggrandize the 
> parameters, both qualitative and quantitative, not to mention paradigmatic, of 
> out communicative conceptualizations because now we can spell great big words
> correctly without having a clue what they mean.  -- Dave Barry
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
> 
>

References:
- security
  - From: Ben Luey <lueyb@carleton.edu>

Prev by Date: Re: [TCLUG:5507] Hubs
Next by Date: Re: [TCLUG:5528] security
Prev by thread: security
Next by thread: Re: [TCLUG:5528] security
Index(es):
- Date
- Thread