Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] multi-services server securing
  • From: dproc <dproc@xxxxxxx>
  • Date: Sat, 12 Aug 2000 11:30:03 -0400
  • Message-id: <20000812113003.A1289@xxxxxxxxxxxxxxx>
On Wed, 12 Aug 1998, Gediminas Grigas wrote:

> Hello there,
> I feel erroneusly (?) secure after .host.denyed in.telnetd and
> in.sshd from everywhere except one pc, which is denying all exept
> keyboard. I belive that if i can keep hosts.deny and hosts.allow files
> safe, and from time to time patch most actual security holes i`ll be
> conditionaly safe. Em i wrong? Probably I do.
> I just cant imaginate how system can be cracked in lower stage, so
> that is my problem. I heard that inetd is very insecure, and some
> peoples using tcpd (or soundlike).

It may be ok for a fellow beginner to answer a little from my
recent experience. The professionals on the list may find your question too
open for them to answer. I had tight hosts.allow files and until a
few days ago I thought I was pretty secure. I was not cracked, but I
found out I was wrong.

hosts.deny and hosts.allow are part of tcpd so you are probably
running tcpd already

If you have an entry like
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
in your inetd.conf then telnet connections go through tcpd

If you test this from a machine that is hosts.deny'd then you will see that
you make a connection and then are thrown off. Some people say this
is bad as a stranger will suspect you use intd/tcpd/telnet and when a
vulnerability is found they will come back and attack you. They say
better to deny the packets with a firewall so they have to guess more
and maybe leave you alone.

Filtering other services through tcpd may be a good idea.

To motivate me to do some real learning and testing, I scanned my PC
using the ShieldsUp tool on
which a Windows user recommended to me.

When I tested from this other machine and found out that httpd was
open (I only started it local for susehilf/htdig) I just shut it down.

> do else. I should keep folowing services open:
> httpd; smptd; pop3d; ftpd; snmpd; named; inetd; sshd; nscd.
> So if you know how to keep them at minimal risk, or know some holes at
> those, i would be very gratefull for any info and/or tips.
> I dont ask to do work for me - link to good manual would be nice too.
> By the way i have SuSE 6.3 (2.2.13).

I like Chapter 18 of the SuSE manual

Did you read the recent thread warning about sysadmins using ftp and
telnet? It might affect you.

You need to do much more learning than I have done yet :-)


< Previous Next >