[Courses] [Security] netstat, and file copying

Akkana akkana at shallowsky.com
Thu Mar 7 22:37:49 EST 2002 

This is great.  I've already learned a lot, including that our
server is running a bunch of stuff it doesn't need to be running.
Thanks, Raven!

Looking over my own netstat output for things you've flagged in
other postings:

I use rlogin and rcp, on my local net -- we have a router/firewall (a
Linkys somethingorother) which doesn't pass most incoming ports, so I'm
under the illusion that I can get away with things like that) because
they're so darned convenient and I hate having to type passwords every
time I want to move a file someplace.  (Yes, I even have a .rhosts with
the names of our local hosts in it.)  Am I being foolish in trusting the
router/firewall?

Re ftp: one reason one might want to use ftp is html editors, which
typically know how to publish via ftp and http put, but no other
protocols.  I'm on the mozilla editor team, and I tried to interest
other team members and the networking folks into supporting publishing
via more secure protocols since I know sysadmins who refuse to run ftpd,
and I got blank stares and "I've never heard of that" and "All ISPs I
know of allow either ftp or http and that's all most people want to
use, and even Dreamweaver doesn't support any more than that."

If one has a need for ftp, what's a good server?  Redhat uses wu-ftp,
which I've heard is about the worst as far as security holes?

Raven, corporate courtesan writes:
> 	I have heard but don't know firsthand that the latest Red Hats
> don't do so anymore.  Many of the older versions of Red Hat would turn
> on everything and the kitchen sink if you asked for a "Server" install.
[ ... ]
> 	If you've done Linux installs before, have someone experienced
> to hold your hand, or are just feeling brave, I think doing a
> custom/expert install is usually worth the extra effort.  That way, you
> know what you're getting.  

You know what packages you're getting, but don't assume that means
you know what's turned on.  Run a "chkconfig --list | grep on"
and you may be surprised (I was).  Redhat (even 7.2) turns on
scads of services by default, sometimes even services you said
no to during a custom installation, plus lots more that it never
asked you about.

	...Akkana

More information about the Courses mailing list