Timothy Legge schrieb: > Hi > > Just a couple of notes on my recent implementation of Ubuntu with LTSP > 5. The progress on sound, local devices etc is amazing compared to my > first FC1 based install. Most things just work in initial testing but > I am sure the users will find issues when they start looking. > > I did run into a few gotchas for server hardening though: > > 1) Clients run over ssh so the typical things that I configure caused > issues, notably: > a) AllowUsers > b) Changing the default port from 22 to something else > 2) Running Bastille Unix to lock down the server disabled tftp and > changed the permissions on tcpd changing them bak to the original with > all other settings > 3) denyhosts with LTSP is problematic because incorrect passwords on > the terminals will cause them to be locked out > 4) Locking down FireFox 3 proxy settings is a little annoying. The > script I normally use works but I need to manually copy a firefox.cfg > to the firefox directory. I need to look to see if there is a newer > version. > 5) I have one client that seems to rev up when using flash that I need > to look at (the fans kick in and it makes a heck of a noise) > > I will probably look into whether denyhosts can ignore the terminal > network and whether it makes sense to run two ssh daemons one internal > and one external. > > Does anyone else have server hardening processes that you use for LTSP? > > Tim > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > > A simple solution is running sshd on two ports simultaniously: Port 22 Port 22022 It's a bit dirty because it runs with the same configuration, but it's easy and quick. Enable port forwarding in your router and disable port 22 and you get the brute force attacks out. Frank
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
