On Wed, 18 Oct 2000, you wrote: > > So sprach Eric Mings am Thu, Oct 12, 2000 at 09:19:44PM -0400: > > I am about ready to send one of my linux boxes off to camp (ISP > > colocation) and I want to try and make sure I have not forgotten > > anything that would either effect security or my ability to remote > > administer it. I realize this thread died a few days back, but I had just thought of something else that may need to be done aside from just removing the services. You need to run through your /etc/passwd and /etc/groups and remove all the unnecessary users from those files (either with linxconf or your favorite editor). If ftp isnt running the ftp user is most certainly a bad thing to have on the box. Same with things like audio, floppy, cdrom, etc. If you think this isn't a problem, search the Bugtraq archives, there was a exploit earlier in the year about gaining floppy group access, and from there its an evelation of access attack. Not too difficult, with the right tools.... -- Matthew Micene Systems Development Manager Express Search Inc. www.ExpressSearch.com ____________________________ A host is a host from coast to coast, and no one will talk to a host too close Unless the host that isn't close is busy, hung or dead
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
