On Wed, Jan 03, 2001 at 10:15:43AM +0200, era eriksson wrote: > Package: base > Version: 20010103 > Severity: wishlist > > The stock base system comes with various "traditional security holes" > enabled. It would be nice (and probably very constructive) to have a > brief and simple procedure for how to reconfigure the system so as to > run a reasonably tight ship. > > Off the top of my head, I can think of the following: > > * Disable telnet; go with ssh instead (but then which ssh?) apt-get remove telnetd > * Recommend disabling any non-critical network services entirely apt-get remove NETWORK_PACKAGE (rwhod, rsh-server, ...) If you don't know the package name, use: dpkg -S /usr/sbin/server > * chroot and otherwise patch up everything that can't be turned off I can deinstall all network packages without problems > * Recommend replacing Sendmail with Postfix (or whatever)? IMHO sendmail is not the default mail server. It is exim. But only write: apt-get install postfix and you have postfix on your system... > * Recommend replacing regular ftp server with something more robust type apt-get install MORE-ROBUST-FTP-SERVER and you get it.. apt-get is a nice package tool, use it. :-) Gruss Grisu -- Michael Bramer - a Debian Linux Developer http://www.debian.org PGP: finger grisu@db.debian.org -- Linux Sysadmin -- Use Debian Linux "Verwende Perl. Shell will man koennen, dann aber nicht verwenden." Kristian Koehntopp, de.comp.os.unix.misc
Attachment:
pgpkPKSGvKa3l.pgp
Description: PGP signature