Re:Re: Beginning to try to secure my box. Thanks so far
Thanks so far to all who replied to my earlier post asking about uninstalling
a few services/programs to try to secure this box.
I have downloaded and printed out the Securing Debian Manual and am beginning
to wade my way through. My biggest problem here is the assumptions the
authors make about the level of knowledge that the reader will have about
Debian/Linux ...there are a lot of things they make reference to that I have
no idea about...:-) But I will in time.
I have also installed from cd the Hardening Docs and will begin reading those
A couple of the replies mentioned that I could disable services in the
inetd.conf file. Below is a copy of mine, how do I know what I need and dont
Thanks for any help.
# /etc/inetd.conf: see inetd(8) for further informations.
# Internet server configuration database
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
# Packages should modify this file by using update-inetd(8)
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#:INTERNAL: Internal services
#echo stream tcp nowait root internal
#echo dgram udp wait root internal
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
discard stream tcp nowait root internal
discard dgram udp wait root internal
daytime stream tcp nowait root internal
#daytime dgram udp wait root internal
time stream tcp nowait root internal
#time dgram udp wait root internal
#:STANDARD: These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocols.
#:MAIL: Mail, news and uucp services.
smtp stream tcp nowait mail /usr/sbin/exim exim -bs
#:INFO: Info services
ident stream tcp wait identd /usr/sbin/identd identd
#:BOOT: Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#:RPC: RPC based services
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services
vboxd stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vboxd
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org