Re: CDE Without ToolTalk?
From: George Capehart (gwc@capehassoc.com)Date: 09/07/02
- Previous message: Charles Clancy: "Re: CDE Without ToolTalk?"
- In reply to: Crist J. Clark: "CDE Without ToolTalk?"
- Next in thread: Akop Pogosian: "Re: CDE Without ToolTalk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 07 Sep 2002 17:41:30 -0400 From: George Capehart <gwc@capehassoc.com> To: cjclark@alum.mit.edu
"Crist J. Clark" wrote:
>
> Does anyone have a reference on how to lock down CDE?
Yes. Don't install the X Window system . . . *grin*
Seriously, though, in some shops, servers are headless and administered
remotely via ssh or locally over the serial port. It's been a couple of
years since I actually had my hands on a Sun box, but at that time,
there was nothing that necessitated an admin needing CDE to administer
the box . . . If you need multiple sessions there are a couple of ways
to accomplish that:
o most of the *sh family support putting processes in the background
and then recalling them
o emacs - there have been days in which I started emacs and then didn't
leave it until I logged out to go home
o screen - supports multiple virtual terminals
When asked to
> "harden" a Sun server, one of the first things to do is go through
> inetd.conf and take everything out but the basics, or even better, not
> run inetd at all.
>
> But the admins really don't like that since it breaks CDE. I don't
> like being stuck at the console prompt with one shell either. I
> wouldn't think it would be a lot to ask to just have a windowing
> environment so we can have multiple ttys going at once, but not have
> all of the extra network services like the dreaded ToolTalk server.
There are some serious InfoSec types (and *all* BOFHs) who would
seriously question the level of expertise of a sysadmin who would whine
about not being able to administer a server without a GUI. See the
above comments about ways to have multiple things/virtual
terminals/shells. I've really got to wonder whether these guys really
know their way around . . . That may sound harsh, but it's true.
>
> Is there a way to get CDE going? It bails out for me once it finds it
> can't start up ToolTalk. Am I stuck going to a different windowing
> system (isn't Openwin depricated these days?)?
>
> (I think this has been covered before here, but SecurityFocus's search
> page keeps telling me the server is too busy, and I haven't had any
> luck Googling. Thanks.)
> --
> Crist J. Clark | cjclark@alum.mit.edu
> | cjclark@jhu.edu
> http://people.freebsd.org/~cjc/ | cjc@freebsd.org
-- George W. CapehartCapehart Associates LLC Phone: +1 704.678.1660 1604 Nottingham Drive Fax: +1 704.853.2624 Gastonia, NC 28054
"We did a risk management review. We concluded that there was no risk of any management." -- Dilbert
- Previous message: Charles Clancy: "Re: CDE Without ToolTalk?"
- In reply to: Crist J. Clark: "CDE Without ToolTalk?"
- Next in thread: Akop Pogosian: "Re: CDE Without ToolTalk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
