It depends what were you running on your server. If out of the box then I
guess it would be running almost alll services like IMAP, POP, rpc, nfsd,
telnetd, mountd and whole lot of other that you dont need. Many of these
programs have serious bugs and should not be used at all. e.g wu.ftpd -
Beta has a security problem which will allow root access.
Irfan Akber
----------
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Security
> Date: Tuesday, May 04, 1999 6:42 PM
>
>
> I am a kind of new Linux user, pardon me if I am posting to the wrong
> group...
>
> I have a simple Q. Recently I set up a Linux machine with Apache and FTP
> services to use as my companies web server. The machine was hacked into
and
> was being used to telnet and finger into other machines. My ISP shutdown
> our service for a few days and would tell me exactly what occured, just
that
> over a 2 week period they got many complaints from companies being hacked
> from my server address. They told me it was serious enough that I should
> report it to the FBI and submit my hard drive to the feds to investigate.
> In the mean time I am trying to figure out how to make my server more
> secure. It was my understanding that the Red Hat version I am using was
> pretty secure straight out of the box. I didn't change too many
settings.
>
> Can anyone suggest any security programs that would help identify holes
in
> my setup? I have heard of one such program called COPS, any others I
should
> use? I have looked for books on Linux security but havent found any yet?
> any recomendation?
>
> Thanks in advance! I have learned a lot from just being a passive member
of
> this group, reading all the Qs and As over the past few months...
>
> David Andrews
> PC LAN Admin
> MPIUA
> [EMAIL PROTECTED]
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
