Security Checklist

Michalis Kabrianis kabrianis at hellug.gr
Wed May 5 09:54:51 EEST 1999 

On 04-May-99 Dimitris Kontoudis wrote:
> Kalhmera sto koino ths listas,
> 
> kai xairetismata se autous pou me thymountai
> apo palia (ITE,SGI).
> 

Kalws ton Dimitri....

> O logos pou grafw einai oti psaxnw, ean yparxei,
> gia kapoio security checklist gia Linux systhmata.
> 
> Ekshgoumai: O telikos skopos auths ths kinhshs einai
> na mporw na sthsw ena Linux systhma kai na kanw
> merikes epembaseis wste na diorthwthoun kapoia
> problhmata asfaleias (profanh kai mh).
> 
> Shmeia pou me endiaferoun einai:
> 
Egw den apantaw se osa apantise o Ricudis, mia pou einai kai pio sxetikos apo
mena...

> 2) Diktyakes yphresies/system yphresies
>    (profanws yparxei /etc/services. Yparxoun kapoia
>    entries pou PREPEI na einai energa opwsdhpote ?
>    Anaferomai se entries pou apaitei to systhma kai
>    oxi se ftp/telnet kai ta sxetika...)

Me tin morfi pou iparxei sta Irix (kati SGI-fam, sgittserver klp) oxi den
yparxei. Fantazomai ayto ennoouses. Yparxoun osa bazeis esy (i to
distribution). 
P.x. : RedHat -> Linuxconf
Caldera -> Coas (nomizw, den to exw tsekarei akoma)
Esy -> webconf, mat klp klp klp.

> 3) Kapou eida oti yparxei entolh ''chkconfig''
>    (antistoixh tou IRIX). Kai edw, ti mporoume na
>    bgaloume off kai ti PREPEI na einai ON logw systhmatos ?

Nai, me kapoies allages. Doulevei mono se RedHat an thymamai kala opws einai
ftiagmeno (Se caldera pantws den mou doulepse kai poly eykola) kai einai
external, diladi den einai standard se oles tis distributions. Tha to breis sto
freshmeat. Logw tou background sou, na sou pw kaigia ena perl scriptaki me to
onoma hinv :-) pou tha to breis kai ayto sto freshmeat.

> 4) Rytmiseis gia thn symperifora tou login,su

Synithws kati login.defs kapou mesa sto etc. Dystyxws den einai standard

> 6) Ektelesima/alla-files pou egkathistantai by default
>    kai exoun problhmata asfaleias, opote kalo einai na
>    bgoun/anabatmistoun/rythmistoun ktl.

Mmmm, ta panta :-(
Pio prosfata SOBARA Bugs, to NFS kai to FTPD.

> 7) Rytmiseis asfaleias tou X11. Na ypothesw oti isxyoun
>    ta standard peri rytmisewn tou XDM (Xaccess, chooser ktl.) ?

Nai, kai tha breis ta arxeia sto /usr/X11R6/lib/X11/xdm

> 8) alla .....
> 
> Opws katalabainetai thelw na katalhksw me mia lista
> entelws praktikh pou na kanei douleia.
> 
> Brhka liga pragmata sta arxeia ths listas (kyriws to
> thread ''Problhma security'') alla dysthxws
> kalyptoun sto elaxisto ta parapanw.
> 
> Eida, epishs, to Security-HOWTO. Se ti bathmo thewreite
> oti me kalyptei sta parapanw. Me alla logia loso xrhsimo
> einai apo praktikhs apopsews?
> 
> Bebaia, tha htan endiaferousa mia koubenta sygkritikh
> sxetika me to security diaforwn flavor tou Unix opws
> auta diatithentai default sto koino, alla paei makria
> h balitsa (to mpaoulo kalytera...)

Dystyxws ola ta Linux pou exw stisei kata kairous (diladi sxedon ola:
Slackware, RedHat, Caldera, Suse, to Debian den emeine oute mia mera ston disko
mou) stinoun eks orismou ta panta anoixta. Synepws thelei mia 10lepti sxedon
apasxolisi gia na kleiseis ta services pou den xreiazesai.... kata ta alla
einai sxedon etoimo to systima

> 
> Auta ta liga. Ean labw kamoia proswpikh apanthsh
> tha ta mazepsw kai tha steilw thn souma sthn lista
> me prwth eukairia.
> 
> Mporeite na steilete kai flames, etsi xabales na ginetai !.
> 
> Na 'ste kala,
> 
> Dimitris.
> 
> --
> Dimitris Kontoudis
> 

Na pw ki egw, oti tha itan isws kalo na analabei kapoios (oxi, egw den
prolabainw gia tin wra) na mazevei ola ta advisories apo bugtraq klp, kai apo
tous distribution vendors, outws wste na stelnei stin lista ena mail opote
yparxei ena sobaro problima me ta linuxakia mas, kai na exei kai mia selida
(isws ston syllogo?). Tha itan genika poly xrisimo kati tetoio stin Linux
koinotita.

Michalis Kabrianis
kabrianis at hellug.gr
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/archives
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================

More information about the Linux-greek-users mailing list