RE: [TCLUG:5793] security (some pre-coffee thoughts)...

["Eric Hillman" <ehillman@cccu.com>]

> > * comment out all undesired services in /etc/inetd.conf
>
> What is the relationship between /etc/inetd.conf and /etc/services? Do you
> need to comment out lines in both files or just /etc/inetd.conf?

	Simply put, /etc/services defines the services, telling the system what
their names are and
what ports they use.  /etc/inetd.conf tells the system which of these
services to actually run through identd (read the manpage on identd for a
better understanding of what it is).  So, no, you don't need to comment
lines out of /etc/services.

> Can anyone else add to this list?


	Read up on /etc/hosts.deny -- you can set it up to trigger scripts which
can notify you of attack attempts, lock out intruders permanently via
ipfwadm, or any number of responses.  (If you'd like, I have a script here
written by Tom Cross which works quite nicely.)  Also, it might be a good
idea to browse your logfiles on a regular basis to look for any suspicious
goings-on.  (Even better would be to write a perl or shell script that does
the browsing for you.)  Not only will you have a better idea what's going on
with your machine on a daily basis, but if some script kiddie does make an
attempt on your box, you can have the satisfaction of tracking down the
miscreant and getting his mom's AOL account cancelled.

---
Eric Hillman
CCCU -- UNIX Sysadmin
ehillman@cccu.com
The opinions expressed in this message are mine.  You can't have them.