Here is a great security starter guide for people using FreeBSD.  It
talks about ftp too.  Some of this would probably spill over into Linux
as well.

http://draenor.org/securebsd/secure.txt

- m0gely

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:hlds_linux-
> [EMAIL PROTECTED]] On Behalf Of Casey Zacek
> Sent: Tuesday, July 30, 2002 3:52 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [hlds_linux] Security issues - my machine was hacked at
the
> UNIX level
>
> Florian Zschocke writed (at Tue, Jul 30, 2002 at 08:38:03PM +0200):
> > James Bourke wrote:
> > >
> > > 1.  DO NOT RUN: ftp, irc, bind, pop, or any other unnecessary
service
> > > on a gaming machine.  Run sshd on the gaming server and put the
other
> > > processes on another machine.
> > [...]
> > > 3.  Use ipchains or iptables to block everything you do not
> > > absolutely need.
> >
> > I'll never understand why people do this. If you don't need a
> > service and don't have a daemon running for it, then why do you
> > need a packetfilter? Somebody once said "packetfilters are for
> > lazy admins" and he is right in the vast majority of cases. :)
> >
> > BTW, if you need the FTP access only for you, you should use sftp.
>
> Installing a packet filter is just another measure.  If someone hacked
> in (as in this example) and started a service on port 31337 or
> whatever that was an fsp server, for example, your packet filtering
> (if he didn't change it) would stop it from being used.
>
> I agree that it's stupid to run services that you don't need, whether
> or not you run packet filtering to block them, but it never hurts to
> add another layer of security.
>
> --
> -- Casey Zacek (Zippo)
>    Beer for Breakfast servers        <http://bfb.bogleg.org/>
>    209.41.98.2:27016 (CS multi-map)   209.41.98.2:27015 (DoD)
>    209.41.98.2:27017 (CS militia/dust2)            Dallas, TX
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to