From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:37:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9A7616A4CE for ; Mon, 1 Mar 2004 09:37:15 -0800 (PST) Received: from pd5mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6650A43D41 for ; Mon, 1 Mar 2004 09:37:15 -0800 (PST) (envelope-from gbaratto@superb.net) Received: from pd2mr2so.prod.shaw.ca (pd2mr2so-ser.prod.shaw.ca [10.0.141.109])2003))freebsd-security@freebsd.org; Mon, 01 Mar 2004 10:31:49 -0700 (MST) Received: from pn2ml6so.prod.shaw.ca (pn2ml6so-qfe0.prod.shaw.ca [10.0.121.150]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) freebsd-security@freebsd.org; Mon, 01 Mar 2004 10:31:49 -0700 (MST) Received: from chivas ([24.85.92.136]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with SMTP id <0HTW00MHXRD08N@l-daemon> for freebsd-security@freebsd.org; Mon, 01 Mar 2004 10:31:49 -0700 (MST) Date: Mon, 01 Mar 2004 09:31:44 -0800 From: "Gustavo A. Baratto" To: bookman@oteglobe.net Message-id: <013801c3ffb3$11515e80$6400a8c0@chivas> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 Content-type: text/plain; charset=iso-8859-7 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: cc: freebsd-security@freebsd.org Subject: Re: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:37:15 -0000 never hurts to read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html why dont you run ssh standalone... I dont like inetd ----- Original Message ----- From: "Konstantinos Fotiadis" To: "Kevin D. Kinsey, DaleCo, S.P." ; Cc: Sent: Monday, March 01, 2004 9:21 AM Subject: RE: General Security Issues > > Yeap, sendmail is down. > However inetd.conf is up but it only starts the SSH daemon. Is this a > problem-threat ? > > > > PS: Is this the right list for security questions or not ? Cause I got an > e-mail from someone that this isn't.... > > best > > /kostas > > -----Original Message----- > From: Kevin D. Kinsey, DaleCo, S.P. [mailto:kdk@daleco.biz] > Sent: Monday, March 01, 2004 7:15 PM > To: bookman@oteglobe.net > Cc: freebsd-security@freebsd.org > Subject: Re: General Security Issues > > > Konstantinos Fotiadis wrote: > > >Greetings list, > > > >As a newbie to security I would like to ask any recommendation that the > list > >might have. > >We are about to "install" a new box with 4.9 stable to the nice and > innocent > >internet world. :-P > >The box has no services running expect apache and we telnet to it via SSH. > > > > > > So you've disabled sendmail and inetd.conf? > > >Main function of this box will be graphing various interfaces via rrdtool. > >So, I would like to ask if there is any other precautions that I must take > >in order to sleep safe at night. Should I check for any other opened ports > ? > > > > > > Good idea, always ... from inside (netstat) and outside > (port scanner, like nmap).... > > >Should I do something with the kernel to be more secure ? > > > > > A firewall is often considered a must. > > >I know this ain't so easy, but let's say my main scope is to get a least a > >decent sleep :-) > > > >Kind Regards, > > > >Kostas > > > > > > > > > > I imagine this list would prefer that you send your > questions to the questions@ list. I can't remember > the list charter enough to know exactly *why* at > the moment ... so I've made a comment or two. > > I imagine that if you can find no open ports, and stay > on top of any changes to Apache and OpenSSH, > you should have few worries --- except for the scripts > that run on the webserver...which is a whole different > topic, as I see it.... :-( > > Kevin Kinsey > DaleCo, S.P. > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >