Re: OS Hardening

To: Jeremy Gaddis <jlgaddis@blueriver.net>
Cc: "'Wichert Akkerman'" <wichert@cistron.nl>, "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: OS Hardening
From: Javier Fernandez-Sanguino Peña <jfernandez@sgi.es>
Date: Wed, 13 Dec 2000 11:15:49 +0100
Message-id: <[🔎] 3A374C55.D6A98027@sgi.es>
References: <[🔎] 01C064B5.C1AD6B80@earthquake.home.lan>

Jeremy Gaddis escribió:
> 
(..)
> 
> Do a stock installation and see if a new user wouldn't need a "hardening
> script".  At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running.  I can see where a "hardening script" could come into play here,
> asking the user if he needs service "x" running, with a default answer of no.
> Unless the user specifically states that he wants it running, it won't be.

	Yes! So what we really need is a script that will test your security and make
suggestions to the user/sysadmin. Even if sometimes it pesters around too much,
for example:

Script: you are using telnetd do you really need insecure connections like this?
User: yes, absolutely
Script: telnetd-ssl is a better replacement, why don't you install it?
User: no, mi clients do not support it
Script: and why not tcp-wrap it so you can just give it to given locations
User: no
Script: are you sure? I can help you with the hosts.allow/deny stuff 
User: oh wel...


	Could make for a good AI  ;)

	Javi

begin:vcard 
n:Fernández-Sanguino Peña;Javier
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
x-mozilla-html:FALSE
org:SGI-GMV sistemas;Seguridad Lógica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
version:2.1
email;internet:jfernandez@sgi.es
x-mozilla-cpt:;28448
fn:Javier Fernández-Sanguino Peña
end:vcard

Reply to:

References:
- RE: OS Hardening
  - From: Jeremy Gaddis <jlgaddis@blueriver.net>

Prev by Date: Re: OS Hardening
Next by Date: Re: OS Hardening
Previous by thread: RE: OS Hardening
Next by thread: Re: OS Hardening
Index(es):
- Date
- Thread