Toad wrote:

You have taken extraordinary measures to protect against [the ftp server being hacked], haven't you?

Umm, measures such as..? I don't see how you can defend against the
above, really.

Well, first of all the elementary stuff. No other services on the same machine. You don't want your ftp server compromised because of a flaw in mailman, or even sendmail, so put that stuff elsewhere. Heavy firewalling. IDS. No compiler installed; most hacks begin with a compilation. No unnecessary script interpreters; an ftp server can live very well (and much longer) without PHP, python, perl, java, whathaveyou. A super-lean kernel. A permanently up to date system.

Then the more tedious stuff. Remote syslog. Remote md5sums of every
file on the machine, regularly checked. A draconic password policy.
Why not a read-only server running from a CD-ROM?

And then comes the really difficult part, physical security. A
gang of angry and hungry dobbermans in the outer perimeter, cobras
in the server room, tarantulas inside the server itself.

As a side-dish, network security. If your DNS can be compromised,
nobody needs to touch your ftp server before they can serve their
own files from "your" machine. Arp. There is really no way to
ensure that a visitor to your ftp server won't end up elsewhere,
but an unpredictable control mechanism can let you know if that
happens and mitigate the damage.

There is one thing though... I think the CVS announcement mails are
generated on the client side. They should be generated on the server
side. Anyone know how to do this?

What you mean by "CVS announcements"?


-- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka _______________________________________________ Support mailing list [EMAIL PROTECTED] Unsubscribe at Or mailto:[EMAIL PROTECTED]

Reply via email to