Date: Mon, 12 Jan 1998 18:49:43 -0500 From: Nathan Dorfman <nathan@rtfm.net> To: Johnathan Raymond Sconiers II <jrs@Mcs.Net> Cc: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Security for isp Message-ID: <19980112184943.12096@rtfm.net> In-Reply-To: <Pine.BSF.3.95.980112133500.21228B-100000@Venus.mcs.net>; from Johnathan Raymond Sconiers II on Mon, Jan 12, 1998 at 01:46:02PM -0600 References: <Pine.BSF.3.95.980112133500.21228B-100000@Venus.mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 12, 1998 at 01:46:02PM -0600, Johnathan Raymond Sconiers II wrote: > > Hi, sorry to bother you again with isp questions but i wanted know if > there are any things such as daemons, ports/packages that i should > automatically disable. THANKS You should disable anything you don't need. In particular it's a good idea to disable telnetd, rshd, rlogind, etc. and enable only sshd. You can have /etc/inetd.conf point these services to a shell script that prints out why they are disabled and asks them to use ssh. You should really disable any- thing you don't need; ftpd is a good candidate. Many people have computers dedicated to local SMB or http but leave services like ftpd and telnetd on for no apparent reason. As to what you should _en_able, you should definitely look into xinetd, an enhanced (security-wise and otherwise) replacement for inetd. I recommend that you use sshd for remote logins instead of telnetd, but this isn't all that necessary if the machine is going to be running on a trusted network, with no access from the outside. tcp_wrappers might also be a wise choice. -- ________________ _______________________________ / Nathan Dorfman V PGP: finger nathan@rtfm.net / / nathan@rtfm.net | http://www.rtfm.net /
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980112184943.12096>