hack lesson?

Jon Reynolds proteon at gci.net
Fri Jan 11 22:40:12 PST 2002 

Steve, you bring up a good point on security. I am still somewhat green
to linux and would like to know what the general opinion(did i spell
that right?that damn word gives me fits) of the longtime unix/linux
users do to insure security on their boxes. A list of good practices to
follow and commit to habit would be nice. Or, as always, a good site
that addresses this.

Jon

On Fri, 2002-01-11 at 21:24, Steve Anderson wrote:
> Maybe I am too naive, but I have a hard time believing that someone lurking 
> on this list hacked your box.
> 
> I work on Unix for a living and prefer to limit my home linux activities to 
> stuff that I think is fun. So I have a Linksys DSL/Cable router, and only 
> have HTTPD and SSH forwarded to my Linux box. I do not use Webmin, and would 
> discourage remote use of Webmin. Maybe discourage use of it at all, but the 
> reason is for security. I don't get so worried about local exploits, only 
> remote exploits. The remote ones alone keep me busy!
> 
> I perform admin on a number of different operating systems, and prefer to do 
> my business at the command prompt when possible. I find it easier to adapt to 
> each OS when I know the stuff at the command line.
> 
> But anyway, I also discourage use of other Web "programs" like PHP-Nuke. I 
> try to limit my vulnerabilities and do this by allowing the fewest programs 
> as possible. Also I encourage others to write their own cgi/perl scripts, and 
> try to keep Security in mind when writing the code.
> 
> I would always encourage compiling programs from source. There are good 
> reasons that others have stated. But I just feel that the programs are better 
> optimized for my systems, and I have a say so in the configuration that the 
> compiler uses. Hand compiling can get tiresome. Recently at work, I upgraded 
> almost twenty machines to a new version of OpenSSH, and then turned right 
> around and had to do it over again the following week due to another 
> vulnerability. You should see the hassle that I have keeping a RedHat 6.2 
> machine current by hand at work! But the machine has been up for 465 days 
> without a reboot! It is due to be retired in 8 months when another machine 
> will replace it. So the machine hopefully will go from cradle to grave 
> without a reboot! 
> Steve
> 
> ---
> You are currently subscribed to luau as: proteon at gci.net
> To unsubscribe send a blank email to $subst('Email.Unsub')

More information about the LUAU mailing list