hack lesson?
Jon Reynolds
proteon at gci.net
Fri Jan 11 22:40:12 PST 2002
Steve, you bring up a good point on security. I am still somewhat green
to linux and would like to know what the general opinion(did i spell
that right?that damn word gives me fits) of the longtime unix/linux
users do to insure security on their boxes. A list of good practices to
follow and commit to habit would be nice. Or, as always, a good site
that addresses this.
Jon
On Fri, 2002-01-11 at 21:24, Steve Anderson wrote:
> Maybe I am too naive, but I have a hard time believing that someone lurking
> on this list hacked your box.
>
> I work on Unix for a living and prefer to limit my home linux activities to
> stuff that I think is fun. So I have a Linksys DSL/Cable router, and only
> have HTTPD and SSH forwarded to my Linux box. I do not use Webmin, and would
> discourage remote use of Webmin. Maybe discourage use of it at all, but the
> reason is for security. I don't get so worried about local exploits, only
> remote exploits. The remote ones alone keep me busy!
>
> I perform admin on a number of different operating systems, and prefer to do
> my business at the command prompt when possible. I find it easier to adapt to
> each OS when I know the stuff at the command line.
>
> But anyway, I also discourage use of other Web "programs" like PHP-Nuke. I
> try to limit my vulnerabilities and do this by allowing the fewest programs
> as possible. Also I encourage others to write their own cgi/perl scripts, and
> try to keep Security in mind when writing the code.
>
> I would always encourage compiling programs from source. There are good
> reasons that others have stated. But I just feel that the programs are better
> optimized for my systems, and I have a say so in the configuration that the
> compiler uses. Hand compiling can get tiresome. Recently at work, I upgraded
> almost twenty machines to a new version of OpenSSH, and then turned right
> around and had to do it over again the following week due to another
> vulnerability. You should see the hassle that I have keeping a RedHat 6.2
> machine current by hand at work! But the machine has been up for 465 days
> without a reboot! It is due to be retired in 8 months when another machine
> will replace it. So the machine hopefully will go from cradle to grave
> without a reboot!
> Steve
>
> ---
> You are currently subscribed to luau as: proteon at gci.net
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list