Here is a great security starter guide for people using FreeBSD. It talks about ftp too. Some of this would probably spill over into Linux as well.
http://draenor.org/securebsd/secure.txt - m0gely > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:hlds_linux- > [EMAIL PROTECTED]] On Behalf Of Casey Zacek > Sent: Tuesday, July 30, 2002 3:52 PM > To: [EMAIL PROTECTED] > Subject: Re: [hlds_linux] Security issues - my machine was hacked at the > UNIX level > > Florian Zschocke writed (at Tue, Jul 30, 2002 at 08:38:03PM +0200): > > James Bourke wrote: > > > > > > 1. DO NOT RUN: ftp, irc, bind, pop, or any other unnecessary service > > > on a gaming machine. Run sshd on the gaming server and put the other > > > processes on another machine. > > [...] > > > 3. Use ipchains or iptables to block everything you do not > > > absolutely need. > > > > I'll never understand why people do this. If you don't need a > > service and don't have a daemon running for it, then why do you > > need a packetfilter? Somebody once said "packetfilters are for > > lazy admins" and he is right in the vast majority of cases. :) > > > > BTW, if you need the FTP access only for you, you should use sftp. > > Installing a packet filter is just another measure. If someone hacked > in (as in this example) and started a service on port 31337 or > whatever that was an fsp server, for example, your packet filtering > (if he didn't change it) would stop it from being used. > > I agree that it's stupid to run services that you don't need, whether > or not you run packet filtering to block them, but it never hurts to > add another layer of security. > > -- > -- Casey Zacek (Zippo) > Beer for Breakfast servers <http://bfb.bogleg.org/> > 209.41.98.2:27016 (CS multi-map) 209.41.98.2:27015 (DoD) > 209.41.98.2:27017 (CS militia/dust2) Dallas, TX > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
