Shridhar Daithankar rearranged electrons thusly:
> If that machine is not going to act as some sort of server like mail/web/pop(Rare
> case that will be though), isn't is not sufficient to turn off all the unncessary
> services? OK ipchains rule assumed.
Yeah. But you have to run them elsewhere. And even if you dont handle your
own mail but use fetchmail to pop it from elsewhere, you _will_ have sendmail
running on the box right?
And you might want to set up some windows clients attached to the linux server,
which will use something like outlook / eudora to pop their mails from the
local server (where fetchmail delivers it into /var/spool/mail/username).
> A typical machine that leaves following services on.
> 1)Linuxconf(OK I didn't wanted shut it down. But still stands as optional)
Let it remain - but use ipchains to block access.
> 2)xfs
> 3)lpd(at my office)
> Any trivial services left?
sunrpc (portmap) for example. You can get rid of it immediately if you are not
running nis/nfs
> I wonder what kind of remote attack can take place against such machine?
well, there _are_ buffer overflows for almost anything. even X, lpd etc. In
fact, I seem to remember that one of my friends bcc'd me on a complaint he sent
to an indian software company ... their server had been hacked and his firewall
was rejecting a stream of ports to port 515. That port is
printer 515/tcp spooler # line printer spooler
So, upgrade everything, in any case. If you are not using something and dont
want to / cant rpm --erase it, take it out of daemon mode at least.
--suresh
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
"What separates normal people from kooks is how they react when people disagree
with them or tell them "NO" <-- Ron Ritzman on news.admin.net-abuse.email
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
