Re: Re:Re: Beginning to try to secure my box. Thanks so far
On Fri, 2002-06-07 at 22:15, arthur_dent wrote:
> Thanks so far to all who replied to my earlier post asking about uninstalling
> a few services/programs to try to secure this box.
>
> I have downloaded and printed out the Securing Debian Manual and am beginning
> to wade my way through. My biggest problem here is the assumptions the
> authors make about the level of knowledge that the reader will have about
> Debian/Linux ...there are a lot of things they make reference to that I have
> no idea about...:-) But I will in time.
>
> I have also installed from cd the Hardening Docs and will begin reading those
> too.
> A couple of the replies mentioned that I could disable services in the
> inetd.conf file. Below is a copy of mine, how do I know what I need and dont
> need?
You may want to take a look at Securing and Optimizing Redhat Linux by
Gerhard Mourani at
http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/ although this book is Redhat specific, if provides a general overview of what you need/don't need.
>
> Thanks for any help.
> # /etc/inetd.conf: see inetd(8) for further informations.
> #
> # Internet server configuration database
> #
> #
> # Lines starting with "#:LABEL:" or "#<off>#" should not
> # be changed unless you know what you are doing!
> #
> # If you want to disable an entry so it isn't touched during
> # package updates just comment it out with a single '#' character.
> #
> # Packages should modify this file by using update-inetd(8)
> #
> # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
> #
> #:INTERNAL: Internal services
> #echo stream tcp nowait root internal
> #echo dgram udp wait root internal
> #chargen stream tcp nowait root internal
> #chargen dgram udp wait root internal
> discard stream tcp nowait root internal
> discard dgram udp wait root internal
> daytime stream tcp nowait root internal
> #daytime dgram udp wait root internal
> time stream tcp nowait root internal
> #time dgram udp wait root internal
>
> #:STANDARD: These are standard services.
>
> #:BSD: Shell, login, exec and talk are BSD protocols.
>
> #:MAIL: Mail, news and uucp services.
> smtp stream tcp nowait mail /usr/sbin/exim exim -bs
>
> #:INFO: Info services
> ident stream tcp wait identd /usr/sbin/identd identd
>
> #:BOOT: Tftp service is provided primarily for booting. Most sites
> # run this only on machines acting as "boot servers."
>
> #:RPC: RPC based services
>
> #:HAM-RADIO: amateur-radio services
>
> #:OTHER: Other services
> vboxd stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vboxd
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: