Omnisecure.net |
 |
| Home |
| Windows Security |
| Windows Tweaks |
| Unix Security |
Unix Security
- Don't use the following insecure services. Most of these services
are enabled or disabled from linuxconf,
/etc/xinetd.d/* or /etc/inetd.conf.
- rsh (remots shell)
- rlogin (remote login)
- finger (who really needs to know who is logged into your computer from another computer? You can always use w)
- sendmail (smtp) (sendmail should only be run on e-mail servers)
- snmp (Simple Network Management Protocol)
- If you need telnet, rsh, rlogin, consider using ssh instead.
- If you need to close port 6000 (X11 ports), you can usually close
them if you use "-nolisten tcp" option when the X server is started.
There are many locations and ways to start the X server. If you are
using Gnome, you can edit /etc/X11/gdm/gdm.conf and make the following
changes:
..... StandardXServer=/usr/X11R6/bin/X -nolisten tcp [server-Standard] ....... command=/usr/X11R6/bin/X -nolisten tcp
- If a web server is installed, at least change the default web page to something useful. It makes it easier to determine if web server needs to be running.
- You probably don't need the anonymous account enabled FTP (when FTP needs to be enabled). Make sure the anonymous account is disabled.
- You can use "netstat -atu" to see what TCP and UDP ports are open and available to the network on your computer.
- Occasionally look at the OS logs, which are typically in /var/log/messages