[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Items for the HOWTO (was Re: OS Hardening)

On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote:
> 	*Please* post it. It could be really useful for documents like the
> Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with it
> soon. 
> 	So, for all of you.. new thread? : checklist of things to do for a secure
> setup?

One other thing I try to be conscious of... while it can be a good idea
to change the listen port of a service (such as putting ssh on a port !=
22 for example), fwictl it's important to make sure any authenticating
service remain on a port <=1023.  Otherwise, should the "real" service
fail, it would provide an opportunity for a luser to bind to its port

1- deny real users access
2- steal/record auth info or whatever with a rogue daemon

P.S. In http://www.debian.org/doc/manuals/securing-debian-howto/ch4.html#s4.1
"Listen 666" should be "Port 666" to change the port #.

Thanks.  :)

Reply to: