[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OS Hardening

Jeremy Gaddis escribió:
> Do a stock installation and see if a new user wouldn't need a "hardening
> script".  At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running.  I can see where a "hardening script" could come into play here,
> asking the user if he needs service "x" running, with a default answer of no.
> Unless the user specifically states that he wants it running, it won't be.

	Yes! So what we really need is a script that will test your security and make
suggestions to the user/sysadmin. Even if sometimes it pesters around too much,
for example:

Script: you are using telnetd do you really need insecure connections like this?
User: yes, absolutely
Script: telnetd-ssl is a better replacement, why don't you install it?
User: no, mi clients do not support it
Script: and why not tcp-wrap it so you can just give it to given locations
User: no
Script: are you sure? I can help you with the hosts.allow/deny stuff 
User: oh wel...

	Could make for a good AI  ;)

n:Fernández-Sanguino Peña;Javier
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
org:SGI-GMV sistemas;Seguridad Lógica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
fn:Javier Fernández-Sanguino Peña

Reply to: