LinuxSA Mailing list archives

  From: Geoffrey D. Bennett <g@netcraft.com.au>
  To  : Ismail Ibrahim <mi-mi@sbs.itc.usm.my>
  Date: Tue, 1 Jul 1997 23:35:44 +0930 (CST)

Re: Security

> Hi All,
> Thanks for all the comments and additions on the 'kernel upgrade' posting.
> 
> I am now about to connect my computer to the Internet via the university 
> network. I am running RH4.1. I am a bit security conscious; are they any 
> adjustments I should make to my machine before connecting it?

There sure are.  You should definately:
- apply all the (relevant) errata for RH4.1 (see
  http://www.redhat.com/support/docs/errata.html ) or
- upgrade to RH4.2 and apply the errata for 4.2 (of which there are
  fewer).

You should also remove or disable any incoming services that you don't
use (eg. rlogin, rsh, telnet, ftp, talk, sendmail, pop, imap, http,
samba, etc).

Don't forget to subscribe to the Red Hat Announce list (send a message
to redhat-announce-list-request@redhat.com with a subject of
"subscribe").  Important updates are announced there.

> 1. How do I set up my machine so that root can only log in via a particular 
> VC? 

Edit /etc/securetty -- this file lists the consoles on which root is
allowed to log in.  I'm not sure why you want to do this though?  I
can't see how it would improve security.

> 2. According to the RH manual, I only need to issue 1 or 2 commands to 
> run shadow password. Is that it?

Yep.  One to set up the shadow file, and another to set the
permissions on the backup and/or shadow file correctly.

> It seems too simple to me.

I don't know anyone else who would consider that a problem :).

> Any help will be greatly appreciated.
> Thanks.

I hope this helps.

Regards,
-- 
Geoffrey D. Bennett (geoffrey@netcraft.com.au)
Computer Systems Manager, NetCraft Australia
http://www.netcraft.com.au/geoffrey/
Red Hat Linux Resellers: http://www.netcraft.com.au/redhat/