On Wed, Jan 03, 2001 at 10:15:43AM +0200, era eriksson wrote:
> Package: base
> Version: 20010103
> Severity: wishlist
>
> The stock base system comes with various "traditional security holes"
> enabled. It would be nice (and probably very constructive) to have a
> brief and simple procedure for how to reconfigure the system so as to
> run a reasonably tight ship.
>
> Off the top of my head, I can think of the following:
>
> * Disable telnet; go with ssh instead (but then which ssh?)
apt-get remove telnetd
> * Recommend disabling any non-critical network services entirely
apt-get remove NETWORK_PACKAGE
(rwhod, rsh-server, ...)
If you don't know the package name, use:
dpkg -S /usr/sbin/server
> * chroot and otherwise patch up everything that can't be turned off
I can deinstall all network packages without problems
> * Recommend replacing Sendmail with Postfix (or whatever)?
IMHO sendmail is not the default mail server. It is exim. But only
write:
apt-get install postfix
and you have postfix on your system...
> * Recommend replacing regular ftp server with something more robust
type
apt-get install MORE-ROBUST-FTP-SERVER
and you get it..
apt-get is a nice package tool, use it. :-)
Gruss
Grisu
--
Michael Bramer - a Debian Linux Developer http://www.debian.org
PGP: finger grisu@db.debian.org -- Linux Sysadmin -- Use Debian Linux
"Verwende Perl. Shell will man koennen, dann aber nicht verwenden."
Kristian Koehntopp, de.comp.os.unix.misc
Attachment:
pgpkPKSGvKa3l.pgp
Description: PGP signature