Items for the HOWTO (was Re: OS Hardening)
On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote:
> *Please* post it. It could be really useful for documents like the
> Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with it
> soon.
>
> So, for all of you.. new thread? : checklist of things to do for a secure
> setup?
One other thing I try to be conscious of... while it can be a good idea
to change the listen port of a service (such as putting ssh on a port !=
22 for example), fwictl it's important to make sure any authenticating
service remain on a port <=1023. Otherwise, should the "real" service
fail, it would provide an opportunity for a luser to bind to its port
and:
1- deny real users access
2- steal/record auth info or whatever with a rogue daemon
P.S. In http://www.debian.org/doc/manuals/securing-debian-howto/ch4.html#s4.1
"Listen 666" should be "Port 666" to change the port #.
Thanks. :)
Reply to: