Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 01 Mar 2004 09:31:44 -0800
From:      "Gustavo A. Baratto" <gbaratto@superb.net>
To:        bookman@oteglobe.net
Cc:        freebsd-security@freebsd.org
Subject:   Re: General Security Issues
Message-ID:  <013801c3ffb3$11515e80$6400a8c0@chivas>
References:  <DNENIGNODKCOJCLIAEICCEMJDHAA.bookman@oteglobe.net>

next in thread | previous in thread | raw e-mail | index | archive | help
never hurts to read this:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html

why dont you run ssh standalone... I dont like inetd

----- Original Message ----- 
From: "Konstantinos Fotiadis" <bookman@oteglobe.net>
To: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>; <bookman@oteglobe.net>
Cc: <freebsd-security@freebsd.org>
Sent: Monday, March 01, 2004 9:21 AM
Subject: RE: General Security Issues


>
> Yeap, sendmail is down.
> However inetd.conf is up but it only starts the SSH daemon. Is this a
> problem-threat ?
>
>
>
> PS: Is this the right list for security questions or not ? Cause I got an
> e-mail from someone that this isn't....
>
> best
>
> /kostas
>
> -----Original Message-----
> From: Kevin D. Kinsey, DaleCo, S.P. [mailto:kdk@daleco.biz]
> Sent: Monday, March 01, 2004 7:15 PM
> To: bookman@oteglobe.net
> Cc: freebsd-security@freebsd.org
> Subject: Re: General Security Issues
>
>
> Konstantinos Fotiadis wrote:
>
> >Greetings list,
> >
> >As a newbie to security I would like to ask any recommendation that the
> list
> >might have.
> >We are about to "install" a new box with 4.9 stable to the nice and
> innocent
> >internet world. :-P
> >The box has no services running expect apache and we telnet to it via
SSH.
> >
> >
>
> So you've disabled sendmail and inetd.conf?
>
> >Main function of this box will be graphing various interfaces via
rrdtool.
> >So, I would like to ask if there is any other precautions that I must
take
> >in order to sleep safe at night. Should I check for any other opened
ports
> ?
> >
> >
>
> Good idea, always ... from inside (netstat) and outside
> (port scanner, like nmap<?>)....
>
> >Should I do something with the kernel to be more secure ?
> >
> >
> A firewall is often considered a must.
>
> >I know this ain't so easy, but let's say my main scope is to get a least
a
> >decent sleep :-)
> >
> >Kind Regards,
> >
> >Kostas
> >
> >
> >
> >
>
> I imagine this list would prefer that you send your
> questions to the questions@ list.  I can't remember
> the list charter enough to know exactly *why* at
> the moment ... so I've made a comment or two.
>
> I imagine that if you can find no open ports, and stay
> on top of any changes to Apache and OpenSSH,
> you should have few worries --- except for the scripts
> that run on the webserver...which is a whole different
> topic, as I see it.... :-(
>
> Kevin Kinsey
> DaleCo, S.P.
>
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013801c3ffb3$11515e80$6400a8c0>