[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Listening daemons and security

>>>>> "HM" == Howard Mann <howardm@xmission.com> writes:
    HM> This is a stand-alone home machine. I do not offer services.
    HM> 
    HM> What is the purpose of "omniNames" ? Do I need it? Is it a
    HM> security risk?

I would guess that omniNames is related to the omniORB that is installed
as part of Debian. Would also further guess that omniNames provides the
CORBA namimg service for omniORB. As to why you would need it, that is a
good question.

    HM> 
    HM> I guess I do not need "portmap." I do not use NFS. What is the
    HM> best way to shut it off?

There was a thread on this list a few weeks about how to turn off
portmap. Check the mailing list archives. If you are not using NFS, make
sure that all NFS related packages are not installed on your system ie
dpkg --purge <*nfs*>.

    HM> 
    HM> I'd appreciate any general comments as well.
    HM> 

Turn off discard, time, and daytime as well. If you don't have a printer
setup for your system, lpd should be removed as well.

You also have the X Font Server running. If you are not using that,
remove/disable that.

Other general security notes:

(1) use tcp_wrappers. They are very handy. Check out /etc/hosts.allow
and /etc/hosts.deny and make sure that any inetd-enabled services are
using tcp_wrappers.

(2) monitor your logfiles. Some good logging tools that are available as
deb packages are ippl (IP Protocols logger), and iplogger (icmplogd,
tcplogd; also known as IP Paranoia Daemons)

HTH,

-- 
Salman Ahmed
ssahmed AT pathcom DOT com
Reply to: