From owner-freebsd-security Sun Nov 1 03:42:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA21188 for freebsd-security-outgoing; Sun, 1 Nov 1998 03:42:39 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA21171 for ; Sun, 1 Nov 1998 03:42:32 -0800 (PST) (envelope-from ncb05@banshee.cs.uow.edu.au) Received: (from ncb05@localhost) by banshee.cs.uow.edu.au (8.9.1a/8.9.1) id WAA01629; Sun, 1 Nov 1998 22:42:20 +1100 (EST) Date: Sun, 1 Nov 1998 22:42:20 +1100 (EST) From: Nicholas Charles Brawn X-Sender: ncb05@banshee.cs.uow.edu.au To: Dan Langille cc: security@FreeBSD.ORG Subject: Re: no telnet. how secure? In-Reply-To: <199811010901.WAA12524@witch.xtra.co.nz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 1 Nov 1998, Dan Langille wrote: : I don't allow telnet to my box. I'm the only user. I'm running a : webserver, but it's not published. There's no CGI apart from what came : with Apache. How vulnerable is such a machine to attack? I would like to : exclude DOS attacks from this discussion as I feel thats something outside : the scope of this question. As listmembers, we can only really suggest common sense solutions without further information of your network and system setup. But here's my $0.02 worth of advice nevertheless. :) - Don't run services you don't need to run. Edit inetd.conf and rc.conf accordingly. - Compile firewall support into your kernel, or make use of the ipfw loadable kernel module. Learn how to use it effectively. - Learn what files on your system are priviledged (suid/sgid). Then, go through them one by one, and decide whether they *really* need to be priviledged. Robert Watson's tool 'suidcontrol' is well suited to this task: http://www.watson.org/fbsd-hardening/suidcontrol.html - Check recent CERT advisories and FreeBSD Security Advisories, and determine whether your system needs patching/etc. If so, apply them. - Keep abreast of the latest security developments and vulnerability's. Subscribing to mailing lists such as this one and BUGTRAQ is a good start. - If you have users, set appropriate defaults in such files as /etc/profile for umask and other settings that affect security. Url's you should check on a semi-regular basis: - http://www.freebsd.org/security/ FreeBSD's Security Site - http://www.watson.org/fbsd-hardening/ FreeBSD Hardening Project - http://www.best.com/~jkb/howto.txt FreeBSD Security Howto : -- : Dan Langille : The FreeBSD Diary - my [mis]adventures : http://www.FreeBSDDiary.com Hope that's of help, Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message