Re: OS Hardening
Jeremy Gaddis escribió:
> Do a stock installation and see if a new user wouldn't need a "hardening
> script". At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running. I can see where a "hardening script" could come into play here,
> asking the user if he needs service "x" running, with a default answer of no.
> Unless the user specifically states that he wants it running, it won't be.
Yes! So what we really need is a script that will test your security and make
suggestions to the user/sysadmin. Even if sometimes it pesters around too much,
Script: you are using telnetd do you really need insecure connections like this?
User: yes, absolutely
Script: telnetd-ssl is a better replacement, why don't you install it?
User: no, mi clients do not support it
Script: and why not tcp-wrap it so you can just give it to given locations
Script: are you sure? I can help you with the hosts.allow/deny stuff
User: oh wel...
Could make for a good AI ;)
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
org:SGI-GMV sistemas;Seguridad Lógica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
fn:Javier Fernández-Sanguino Peña