Date: Mon, 27 Jul 1998 17:22:07 -0600 From: Brett Glass <brett@lariat.org> To: "Jan B. Koum " <jkb@best.com> Cc: chat@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD Security How-To (Was: QPopper exploit) Message-ID: <199807272354.RAA01585@lariat.lariat.org> In-Reply-To: <Pine.BSF.3.96.980727160713.8287A-100000@shell6.ba.best.com > References: <199807272300.RAA00688@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:11 PM 7/27/98 -0700, Jan B. Koum wrote: > Hello all, > > Since the secret is out now on freebsd-security .. I have been >working on FreeBSD Security How-To for the last few weeks. It is still in >beta and I hope to get more comments from people on -security. > It is currently at www.best.com/~jkb/howto.txt > No kernel hacking -- just basic steps users can take to secure >their workstations, server, etc. I'd like any comments, feedback or >suggestions from -chat also. (yes, I'll soon have html also for those of >you who can't stand ascii). > >-- Yan I'd like to commend Jan on this effort. I do think that the section on eliminating inetd needs some fleshing out, though. Some servers, such as all of the POP3 daemons I've tried, don't seem to admit themselves to being run except from inetd. Also, the section should discuss the dangers of having a server die without any automatic means to resuscitate it. For example, the docs for identd warn against running it without inetd, since if it quits it will not be restarted. Perhaps a utility that checks for the presence of servers and restarts them if they've died could be developed as part of this effort and perhaps added to the FreeBSD distribution. Also, the section on ssh suggests running it without telling the user where to find client software. Any recommendation for a secure service should include information on how to obtain clients for all of the usual client platforms (including -- yes -- Microsoft OSes). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807272354.RAA01585>