On Fri, 2002-06-07 at 22:15, arthur_dent wrote: > Thanks so far to all who replied to my earlier post asking about uninstalling > a few services/programs to try to secure this box. > > I have downloaded and printed out the Securing Debian Manual and am beginning > to wade my way through. My biggest problem here is the assumptions the > authors make about the level of knowledge that the reader will have about > Debian/Linux ...there are a lot of things they make reference to that I have > no idea about...:-) But I will in time. > > I have also installed from cd the Hardening Docs and will begin reading those > too. > A couple of the replies mentioned that I could disable services in the > inetd.conf file. Below is a copy of mine, how do I know what I need and dont > need?
You may want to take a look at Securing and Optimizing Redhat Linux by Gerhard Mourani at http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/ although this book is Redhat specific, if provides a general overview of what you need/don't need. > > Thanks for any help. > # /etc/inetd.conf: see inetd(8) for further informations. > # > # Internet server configuration database > # > # > # Lines starting with "#:LABEL:" or "#<off>#" should not > # be changed unless you know what you are doing! > # > # If you want to disable an entry so it isn't touched during > # package updates just comment it out with a single '#' character. > # > # Packages should modify this file by using update-inetd(8) > # > # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args> > # > #:INTERNAL: Internal services > #echo stream tcp nowait root internal > #echo dgram udp wait root internal > #chargen stream tcp nowait root internal > #chargen dgram udp wait root internal > discard stream tcp nowait root internal > discard dgram udp wait root internal > daytime stream tcp nowait root internal > #daytime dgram udp wait root internal > time stream tcp nowait root internal > #time dgram udp wait root internal > > #:STANDARD: These are standard services. > > #:BSD: Shell, login, exec and talk are BSD protocols. > > #:MAIL: Mail, news and uucp services. > smtp stream tcp nowait mail /usr/sbin/exim exim -bs > > #:INFO: Info services > ident stream tcp wait identd /usr/sbin/identd identd > > #:BOOT: Tftp service is provided primarily for booting. Most sites > # run this only on machines acting as "boot servers." > > #:RPC: RPC based services > > #:HAM-RADIO: amateur-radio services > > #:OTHER: Other services > vboxd stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vboxd > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
