>I am running ip_masq, and everything is working fine, but a friend of mine
>tried to telnet to the box and got a prompt. Is this bad?
Well, if you want your buddy to access your machine, no. But if you
don't want the entire Internet to access your Linux box: YES!!!
>Is there a way I can allow ftp in and telnet in, but still keep it
>secure enough that I should have no serious worries?
Absolutely. Read [Section 10] of TrinityOS:
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
>Is this info in the ipfwadm howto? I looked and looked, but I think
>this is either obscure enough that there was nothing there,
>or I am an idiot and asking a question with an obvious answer that I cannot
>see.
The IPFWADM manual is tough and this level of security isn't in the
MASQ HOWTO either (yet). So, for now, check out TrinityOS.
>Not to ask a question off
>topic from ip_masq, but is there a way to disable the su command?
Sure.. change its permissions. But, if you do this, you won't be
able to gain root access easily from a remote site. As it stands,
most Linux distributions default to disabling root logins. You
have to login as a normal user and THEN su to get root access.
Btw.. the TrinityOS doc covers a LOT of other security, performance,
etc topics.
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
