Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] multi-services server securing
  • From: dproc <dproc@xxxxxxx>
  • Date: Sat, 12 Aug 2000 11:30:03 -0400
  • Message-id: <20000812113003.A1289@xxxxxxxxxxxxxxx>
On Wed, 12 Aug 1998, Gediminas Grigas wrote:

> Hello there,
>
> I feel erroneusly (?) secure after .host.denyed in.telnetd and
> in.sshd from everywhere except one pc, which is denying all exept
> keyboard. I belive that if i can keep hosts.deny and hosts.allow files
> safe, and from time to time patch most actual security holes i`ll be
> conditionaly safe. Em i wrong? Probably I do.
>
> I just cant imaginate how system can be cracked in lower stage, so
> that is my problem. I heard that inetd is very insecure, and some
> peoples using tcpd (or soundlike).

It may be ok for a fellow beginner to answer a little from my
recent experience. The professionals on the list may find your question too
open for them to answer. I had tight hosts.allow files and until a
few days ago I thought I was pretty secure. I was not cracked, but I
found out I was wrong.

hosts.deny and hosts.allow are part of tcpd so you are probably
running tcpd already

If you have an entry like
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
in your inetd.conf then telnet connections go through tcpd

If you test this from a machine that is hosts.deny'd then you will see that
you make a connection and then are thrown off. Some people say this
is bad as a stranger will suspect you use intd/tcpd/telnet and when a
vulnerability is found they will come back and attack you. They say
better to deny the packets with a firewall so they have to guess more
and maybe leave you alone.

Filtering other services through tcpd may be a good idea.

To motivate me to do some real learning and testing, I scanned my PC
using the ShieldsUp tool on
http://www.grc.com/
which a Windows user recommended to me.

When I tested from this other machine and found out that httpd was
open (I only started it local for susehilf/htdig) I just shut it down.

> do else. I should keep folowing services open:
> httpd; smptd; pop3d; ftpd; snmpd; named; inetd; sshd; nscd.
> So if you know how to keep them at minimal risk, or know some holes at
> those, i would be very gratefull for any info and/or tips.
> I dont ask to do work for me - link to good manual would be nice too.
> By the way i have SuSE 6.3 (2.2.13).

I like Chapter 18 of the SuSE manual
and
http://www.securityportal.com/

Did you read the recent thread warning about sysadmins using ftp and
telnet? It might affect you.

You need to do much more learning than I have done yet :-)

dproc


< Previous Next >
References