This is what I thought. I don't even have slist installed on my machines, i think this audit is mistaken.
Michael Martinez System Administrator (Contractor) Information Systems and Technology Management CSREES - United States Department of Agriculture (202) 720-6223 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 4:31 PM To: [EMAIL PROTECTED] Subject: Re: SLIST under linux? "Martinez, Michael - CSREES/ISTM" <[EMAIL PROTECTED]> wrote .. > I recently had a network audit, which had the following to say about my > LInux machines. Wanted to get some feedback from the list. It seems rather > bogus. I never heard of this. Can somebody provide details. Is this > legimitate or no: > > "The linux system accepts the SLIST command from outside the agency to > display internal routing tables. This poses a serious security risk..." "slist" is I believe just an implementation of Novell's SLIST command for listing NetWare servers. Question, are you running a NetWare emulator on Linux or just doing slist on Linux to see NetWare servers you have in house? The slist on Linux is a part of the ncpfs-2.2.0.18-6 package. You could just remove the slist command from most Linux boxes, or you could rename slist and make a script wrapper for the slist command so not everyone can use it, or you could change the execute permissions to root only, or contact its developer for other options. Peter _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
