Re: a good start to do hardening
From: nickd@nospam.demon.co.ukDate: 12/29/01
- Next message: Enoch Root: "Re: 2 keyboards not allowed"
- Previous message: Bruce Cook: "Re: a good start to do hardening"
- In reply to: Bruce Cook: "Re: a good start to do hardening"
- Next in thread: Bill Unruh: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: nickd@nospam.demon.co.uk Date: Sat, 29 Dec 2001 12:17:42 GMT
Bruce Cook <sysadmin@usertools.net> wrote:
> On Fri, 28 Dec 2001 12:35:54 GMT, nickd@nospam.demon.co.uk wrote:
>> Marcus <talos@algonet.se> wrote:
>> > Thomas wrote:
<snip>
>> > 1) echo "" > /etc/inetd.conf; killall -HUP inetd
<snip>
>> Oh yeah, and (1) is lovely too :)
>
> I actually agree with (1) - inetd (especialyy on RH systems) has a bunch of
> services that are simply never used, and a just waiting for some future exploit.
Fair enough. I tend not to run inetd, and
grep -v "^#" /etc/inetd.conf
is always a good idea, as is s:/^/#/g when editing it in vi.
<snip>
> I then enable only the services I want (almost never includes NIS and RPC
> stuff that's on by default)
I know very little about those services because for all the time I've been
in IT, they're just something you turn off because its too much of a
security risk :)
-- "Anyone with the naivety to run IIS is, IMHO, automatically suspect when it comes to doing anything technical, such as setting a clock."
- Next message: Enoch Root: "Re: 2 keyboards not allowed"
- Previous message: Bruce Cook: "Re: a good start to do hardening"
- In reply to: Bruce Cook: "Re: a good start to do hardening"
- Next in thread: Bill Unruh: "Re: a good start to do hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
