[rescue] irix insecurity (was: Sparcstation 2 help! Please)
Patrick Giagnocavo
rescue at sunhelp.org
Sun Sep 23 22:02:15 CDT 2001
G W Adkins wrote:
> How about a little 'Real Security'? (Or is this an Unfamiliar Concept?)
> This is like complaining about someone owning your box which has a blank
> root password.
>
> System Security involves three things, physical access control, network
> access control, and eliminating exploitable scenarios in software and the
> OS. You can't 'root' a box without TWO of the three. Whining about the
> unwillingness or technical inability on the part of the sysadmin to deal
> with one without considering the other two is either pissing into the wind,
> or a troll.
My viewpoint on this is that I could probably secure an IRIX box doing
normal Web stuff, like HTTP, SCP, SSH, and mail (I really don't
recommend FTP to customers, but some of them insist they want it so...)
using the following:
vi (to edit inetd.conf)
tcp_wrappers
postfix as a replacement for sendmail
ipfilter (or similar, whatever is the best implementation for IRIX)
block whatever is not 80, 22, 25, + ICMP etc. and you are done.
Am I wrong about that? This does assume that the local users are not
trying to hack the box - that would take a little longer to secure. In
some cases my users only need scp, thus, I would disable shell logins.
./patrick
More information about the rescue
mailing list