Don Parris wrote:
... So, other than using a Linux box as a front door for a mainframe telnet session, is there any valid reason to even install telnet, rlogin, etc.?
Based on the SAG, I could eliminate telnet, etc., as I cannot think of any reason to use those services in my LAN (which has no mainframe). SUSE installs these services by default (at least as of 8.0), so I'm thinking about removing them, unless someone can offer good reasons to retain them. My LAN consists of 6 SUSE 8.0 boxes and currently has no connection to the outside world (though that may come at a later date). I want to be sure I thoroughly understand security issues and that I am implementing the best practices for my LAN _before_ I think about connecting it to the outside world. Thanks in advance for your input.
You are wise to think/design this before you get there, if only more companies would we'd have fewer problem on the net...sigh... Yes, turn off every service you don't explicitly need. Go into /etc/xinetd.d and make sure every file's "disable" field is "yes" unless you know for sure you need it. Do an "nmap" against your machine (from another machine) to see what's there and needs to be turned off. I think you're on a good path not to allow rsh, rlogin, and ftp. We don't allow those here except for a couple of test machines that need ftp (one could put that in a chroot jail if needed). Our folks use ssh, scp, sftp for their work. The client telnet is actually useful in a few places as a testing tool; so I install it, but telnetd does not go on the box. HTH and Good Luck! Kevin