Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Jul 1998 17:22:07 -0600
From:      Brett Glass <brett@lariat.org>
To:        "Jan B. Koum " <jkb@best.com>
Cc:        chat@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: FreeBSD Security How-To (Was: QPopper exploit)
Message-ID:  <199807272354.RAA01585@lariat.lariat.org>
In-Reply-To: <Pine.BSF.3.96.980727160713.8287A-100000@shell6.ba.best.com >
References:  <199807272300.RAA00688@lariat.lariat.org>

next in thread | previous in thread | raw e-mail | index | archive | help
At 04:11 PM 7/27/98 -0700, Jan B. Koum wrote:
 
>	Hello all,
>
>	Since the secret is out now on freebsd-security .. I have been
>working on FreeBSD Security How-To for the last few weeks. It is still in
>beta and I hope to get more comments from people on -security.
>	It is currently at www.best.com/~jkb/howto.txt
>	No kernel hacking -- just basic steps users can take to secure
>their workstations, server, etc. I'd like any comments, feedback or
>suggestions from -chat also. (yes, I'll soon have html also for those of
>you who can't stand ascii).
>
>-- Yan

I'd like to commend Jan on this effort. 

I do think that the section on eliminating inetd needs some fleshing out,
though. Some servers, such as all of the POP3 daemons I've tried, don't
seem to admit themselves to being run except from inetd. Also, the section
should discuss the dangers of having a server die without any automatic
means to resuscitate it. For example, the docs for identd warn against
running it without inetd, since if it quits it will not be restarted.
Perhaps a utility that checks for the presence of servers and restarts them
if they've died could be developed as part of this effort and perhaps added
to the FreeBSD distribution.

Also, the section on ssh suggests running it without telling the user where
to find client software. Any recommendation for a secure service should
include information on how to obtain clients for all of the usual client
platforms (including -- yes -- Microsoft OSes).

--Brett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807272354.RAA01585>