Date: Sun, 12 Sep 1999 15:19:48 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: patmac@demon.net, freebsd-questions@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG Subject: Re: How to prevent motd including os info Message-ID: <3.0.3.32.19990912151948.01d36380@207.227.119.2> In-Reply-To: <199909111127.MAA00229@gti.noc.demon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:27 PM 9/11/99 +0100, Patrick MacKeown wrote: [leaving -questions, not subscribed] >Hi > >Please would somebody tell me how to prevent motd including the OS version >and the kernel name. On my 3.2 box editing the lines out of /etc/motd just >leads to them being replaced Before this thread gets any more ridiculous... Are you allowing users to telnet or ssh in in the first place? Or if you allow ftp, the version is a clue. If so, then what's to stop them from doing a 'uname' among other things. Security through obscurity should be the subject here, at least until you mention that you *are* not allowing logins. Otherwise.... As for the question, make sure that you don't have 'update_motd="YES"' in /etc/rc.conf (or horror of horrors if do this in /etc/defaults/rc.conf). Edit the file as you like and don't clobber it when you update /etc/ after a build. FWIW, only first 2 lines after left in motd. The rest is just noise for when others login. Don't give a rat's @$$ if they know what the system is, since I'm allowing them on it anyways. And for those that can't login. Adding '-h' to telnet in inetd is a good idea, editing the outputs of the daemons listening to other ports is even better, but even then it is still possible to guess. Then again as well, one can just try an exploit, so you spent a lot of time for nothing. my .02 Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve '86 Yamaha MaxiumX (not FBSD powered) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19990912151948.01d36380>