Re: New info on how to install your laptop
On Thu, Mar 23, 2000 at 02:01:26PM +0000, Gareth Bowker wrote:
> It's quite a useful document, certainly. I've only got one comment on it,
> which is to explain what the changes are that are being made: i.e.
> disabling tcp listening for X means that you can't run remote X sessions
> from the machine blah blah, but that crackers can't blah blah.
My thought of the day: why nmap localhost, rather than netstat -a or -an ?
After all, you might well have things that you want listening on the loopback
interface but not on e.g. eth0 (bind/named being the first thing that comes to
mind!), and netstat runs just a tad faster.
I do, however, recommend nmap from an external machine if you have remote root
access somewhere else and won't upset anyone else between you & that account.
> It just makes it clearer as to what's being done, so people won't disable
> features they actually need/rely on. e.g. on my (non-portable), I use and
> rely on being able to run a remote X session from my machine, so I know not
> to disable it. I guess that the people reading the document won't know
> exactly what they're doing when they're following it (if they did, they
> wouldn't need it in the first place, I'd have thought ;), so a full
> explanation would be useful for them.
This is definitely the way to approach it, I think. Good document to start
with at least..
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/
| All our roads are waiting / To be revealed | firstname.lastname@example.org