Re: Default services, was Re: security of OpenBSD vs Linux distros
From: Christopher Browne (cbbrowne@acm.org)Date: 08/03/02
- Next message: Christopher Browne: "Re: security of OpenBSD vs Linux distros"
- Previous message: Kasper Dupont: "Re: security of OpenBSD vs Linux distros"
- In reply to: Kasper Dupont: "Re: Default services, was Re: security of OpenBSD vs Linux distros"
- Next in thread: : "Re: Default services, was Re: security of OpenBSD vs Linux distros"
- Reply: : "Re: Default services, was Re: security of OpenBSD vs Linux distros"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Christopher Browne <cbbrowne@acm.org> Date: 3 Aug 2002 15:33:31 GMT
Oops! Kasper Dupont <kasperd@daimi.au.dk> was seen spray-painting on a wall:
> Nico Kadel-Garcia wrote:
>>
>> "Christopher Browne" <cbbrowne@acm.org> wrote in message
>> news:aife3b$140v2f$1@ID-125932.news.dfncis.de...
>> > In an attempt to throw the authorities off his trail, Kasper Dupont
>> <kasperd@daimi.au.dk> transmitted:
>> > > Luke Vogel wrote:
>> > >>
>> > >> I vote that we make "What distro is best?" type questions as
>> > >> being off topic fro this ng.
>> > >
>> > > Sure, that question is far too general to be answered with a
>> > > short and precise answer.
>> > >
>> > > OTOH a question like: "Is it a good idea for a distro to have
>> > > sshd enabled by default?" is more reasonable.
>> >
>> > To which a reasonable answer would be, as far as I'm concerned:
>> >
>> > "If they have telnetd enabled, and sshd disabled, they're idiots.
>> > If they have both enabled, the sshd part is certainly not their
>> > _worst_ mistake. If sshd is enabled, and telnetd is disabled,
>> > the only option that would _arguably_ be smarter would be to have
>> > _everything_ disabled."
>>
>> Should sshd allow direct root access or password access?
>
> Could be a bad idea. Not everybody chooses good root passwords.
> Allowing keys should be more secure, because a system definitely
> should not create an authorized_keys file by default.
A common doctrine is that direct root access shouldn't be permitted,
and that users have to log in as themselves before "su -"ing to root.
That provides the control that all logins to root are identified as to
"who-dunnit." And requires that it be made difficult for people to
fiddle with /var/log/auth.log, even if they have root access.
A better-still option could be for practically _nobody_ to have root
access, and "sudo" is used to "do root stuff." That's definitely more
complicated, of course.
Even in a simple environment, I'd think it sensible to deny "login to
root" as it'll throw some barriers in front of would-be crackers.
>> SMTP is useful for handling logs. Should it allow incoming mail?
>
> SMTP handling logs? I don't get it, logs are usually written to
> files. And when the system wants to send a mail to a user it can get
> written directly to the spool, there is no need use SMTP for local
> mail delivery.
SMTP is typically where output from cron goes, just to name one thing.
>> FTP: definitely off by default.
>
> Sounds reasonable.
>>
>> HTTP/HTTPS: definitely off by default.
>
> HTTP might be handy for some people, and it is not the service that
> is most likely to cause security problems. First of all it doesn't
> run as root on a correctly configured system. And it does not make
> data publicly available unless explicitly made public by the
> user. But still opening it by default is probably bad because many
> people will not know it is open by default. If anyway some
> distribution want to enable it by default it should be a minimal
> configuration for only static documents and now features enabled
> that could be turned off.
>
> HTTPS should definitely be off by default, the default install
> doesn't have a servercertificate anyway. If people go through the
> process of getting a sertificate the effort of actually enabling
> HTTPS is quite small.
This seems to me to mostly be a wrong set of questions.
A better set:
-> Should a web server be running, by default, at all?
-> If it is, it surely should be configured to not run any
CGI scripts, right?
-> If it is, what should it be configured, by default, to "serve up"
as a set of web pages? Hopefully nothing much more than the
file /var/www/index.html.
I don't see any big deal concerning HTTPS; apache-ssl is readily able
to generate its own server certificate, and I don't see that throwing
that in introduces any security holes that are of anywhere near the
importance of the list of more important predicates:
(#'APACHE-RUNNING-P #'APACHE-CGI-P #'APACHE-HOME-EMPTY-P)
>> NIS: ***OFF*** by default. I just had to deal with TurboLinux
>> setting up another ypserv master by default. B-r-r-r-r.
> Absolutely, many people don't need NIS, and those who does need it
> probably need to make their own configuration of it anyway. Setting
> up a NIS master by default is, ehrm, I cannot find any words strong
> enough for describing this, so lets just say it is stupid to set up
> a NIS master by default. :-O
I'll buy that...
-- (concatenate 'string "chris" "@cbbrowne.com") http://www.ntlug.org/~cbbrowne/security.html E.V.A., pod 5, launching...
- Next message: Christopher Browne: "Re: security of OpenBSD vs Linux distros"
- Previous message: Kasper Dupont: "Re: security of OpenBSD vs Linux distros"
- In reply to: Kasper Dupont: "Re: Default services, was Re: security of OpenBSD vs Linux distros"
- Next in thread: : "Re: Default services, was Re: security of OpenBSD vs Linux distros"
- Reply: : "Re: Default services, was Re: security of OpenBSD vs Linux distros"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
