On Sat, 08 Jul 2000, Christoph Hammann wrote about, re: More strange occurances:
> Richard Adams <[EMAIL PROTECTED]> wrote:
> __________
> >
> >
> >I for one see NO reason to even think about reinstalling or installing
> >another unix flavor.
> >
> >What you want to do is add firewall chains, ipchains is the program to use.
> >
> >If a certain service is not required or unnessacary stop it getting
> >started in /etc/inetd.conf.
> >Things like; netstat, finger, time, smtp, pop3, even telnet could be
> >closed, use in its place ssh.
> >
> >
> Richard, all,
> what you propose is, as usual, all correct, and if you really know what you're doing
>you can even make a sysstem safe in this way _while_it's_running_. But Karthik said
>that he has little experience using Linux, and truth be told, you need a lot of
>experience to do that right. If you read down the thread, you'll see that I
>explicitly warned against a simple reinstall. Sure, Icould have been more verbose
>concerning the means to make his computer safer, but I hadn't the time for epic
>e-mails yesterday (I work for a living at that local time) and found it most
>important that he gets the machine off the net and examines the damage done. The
>attacker in his case seems to have used one of the many vulnerabilities of a FTP
>server (ProFTP and wuFTP have both been shown to present root exploits to the world
>during the last few days).
> I proposed OpenBSD as an alternative because there, the ports you mentioned are
>_closed_ by default after a vanilla install. Not very user-friendly, but safer.
>Someone proposed reinstalling to wipe out all the damage the attacker has done
>(otherwise, would you ever be sure you got _every_ patched executable?) and hardening
>the new RedHat install with Bastille Linux. I think this is a good idea.
> Bye, Christoph
>
True about BSD, however BSD is more for the "experianced networking freak"
and not for compiling and testing C programs for the linux enviroment as i
belive the origanal question asker said. True that BSD is usable to compile
C programs but in another enviroment.
As to some firewall scripts some are hard to understand for the beginner,
others are "absolute and downright confusing" others idem dito.
I have yet to find one which is user freindly and does not cut you off from
the outside world as well as stop others from getting to parts of your
system where they are not wanted if one or more questions are answered
incorrectly.
Really just my thoughts.
O the text said, "i'm not here", so i deleted it.!!!!!
--
Regards Richard
[EMAIL PROTECTED]
http://people.zeelandnet.nl/pa3gcu/
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
