[luau] RH 9 server hacked -- what went wrong?
Keith
krjw at optonline.net
Fri Aug 22 16:34:00 PDT 2003
* Warren Togami <warren at togami.com> [22/08/2003 1850EDT]:
[...]
> > I like RH but they have a habbit of enabling nearly every service by
> > default.
>
> Eh? This has not been true for years now.
I stand corrected! Although I believe a safer default is to have most
-- if not all -- services off rather than on (especially true for
network daemons). RH install procedures could do better to prompt the
user verbosely as to which services he/she wishes their box to run. I
don't believe any such attempt at this is made. Then again I could be
wrong; I haven't done an RH install since 1996 or '97. These days I do
post install configuration and hardening of RH boxes and custom distro
development. :)
> > 98% of the time there is no need for this. Another good
> > practice is, after installing and before plugging the cat5 into your
> > NIC, run through your default runlevel's rc directory and turn all
> > unnecessary services off with chkconfig. Issue a
> >
> > bash$ chkconfig --list | grep :on
>
> Total agreement with using chkconfig to see your automatically started
> services and disable things which you don't need.
Indeed this is critical if anyone would like a secure box. Box cannot
be hacked over the 'net if no connect() can be made. :)
Aloha!
krjw.
--
Keith R. John Warno [k r j w at optonline dot net]
The words stuck in my mind\ Alive from what I've learned\ I have to
seize the day
-- Dream Theater, "A Change of Seasons"
More information about the LUAU
mailing list