Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: R* Service and Security Concerns
Top Forums UNIX for Beginners Questions & Answers R* Service and Security Concerns Post 302985703 by rbatte1 on Monday 14th of November 2016 11:09:32 AM
Old 11-14-2016
With a poorly configured set of files, you can open yourself up to unhindered intrusion. Sadly I once inherited an application that relied on the source IP address of a connection be secure and we had all sorts of spaghetti to get the thing to work when someone new joined or worse, someone moved desk, usually without telling us. We did eventually get on top of it, but it was a long, hard slog.

Best plan is to avoid allowing anything that you are not absolutely certain of.

Individual .rhosts files can be useful but they can be abused so auditors do not like them.

What are you trying to achieve? There may be a better way altogether.



Robin
 

2 More Discussions You Might Find Interesting

1. AIX

Unix security -- FTP service????

I would like to ask for you suggestions or comments see if you can help. Since system auditing is under progress and the AIX is the main investigated unit. They are asking to disable the FTP service to enhance the security but I doubt. For daily use, the FTP will help administrator to download... (1 Reply)
Discussion started by: shanemcmahon
1 Replies

2. Linux

RPC Services Security Concerns

Hi there, I am trying to understand the how is it possible to enumerate RPC services and the common RPC services and the most-commonly found RPC vulnerability. (1 Reply)
Discussion started by: alvinoo
1 Replies

LEARN ABOUT FREEBSD

freebsd-update

FREEBSD-UPDATE(8)					    BSD System Manager's Manual 					 FREEBSD-UPDATE(8)

NAME

     freebsd-update -- fetch and install binary updates to FreeBSD

SYNOPSIS

     freebsd-update [-b basedir] [-d workdir] [-f conffile] [-k KEY] [-r newrelease] [-s server] [-t address] command ...

DESCRIPTION

     The freebsd-update tool is used to fetch, install, and rollback binary updates to the FreeBSD base system.  Note that updates are only avail-
     able if they are being built for the FreeBSD release and architecture being used; in particular, the FreeBSD Security Team only builds
     updates for releases shipped in binary form by the FreeBSD Release Engineering Team, e.g., FreeBSD 7.3-RELEASE and FreeBSD 8.0-RELEASE, but
     not FreeBSD 6.3-STABLE or FreeBSD 9.0-CURRENT.

OPTIONS

     The following options are supported:

     -b basedir   Operate on a system mounted at basedir.  (default: /, or as given in the configuration file.)

     -d workdir   Store working files in workdir.  (default: /var/db/freebsd-update/, or as given in the configuration file.)

     -f conffile  Read configuration options from conffile.  (default: /etc/freebsd-update.conf)

     -k KEY	  Trust an RSA key with SHA256 of KEY.	(default: read value from configuration file.)

     -r newrelease
		  Specify the new release to which freebsd-update should upgrade (upgrade command only).

     -s server	  Fetch files from the specified server or server pool.  (default: read value from configuration file.)

     -t address   Mail output of cron command, if any, to address.  (default: root, or as given in the configuration file.)

COMMANDS

     The command can be any one of the following:

     fetch	  Based on the currently installed world and the configuration options set, fetch all available binary updates.

     cron	  Sleep a random amount of time between 1 and 3600 seconds, then download updates as if the fetch command was used.  If updates
		  are downloaded, an email will be sent (to root or a different address if specified via the -t option or in the configuration
		  file).  As the name suggests, this command is designed for running from cron(8); the random delay serves to minimize the proba-
		  bility that a large number of machines will simultaneously attempt to fetch updates.

     upgrade	  Fetch files necessary for upgrading to a new release.  Before using this command, make sure that you read the announcement and
		  release notes for the new release in case there are any special steps needed for upgrading.  Note that this command may require
		  up to 500 MB of space in workdir depending on which components of the FreeBSD base system are installed.

     install	  Install the most recently fetched updates or upgrade.

     rollback	  Uninstall the most recently installed updates.

     IDS	  Compare the system against a "known good" index of the installed release.

TIPS

     o	 If your clock is set to local time, adding the line

	       0 3 * * * root /usr/sbin/freebsd-update cron

	 to /etc/crontab will check for updates every night.  If your clock is set to UTC, please pick a random time other than 3AM, to avoid
	 overly imposing an uneven load on the server(s) hosting the updates.

     o	 In spite of its name, freebsd-update IDS should not be relied upon as an "Intrusion Detection System", since if the system has been tam-
	 pered with it cannot be trusted to operate correctly.	If you intend to use this command for intrusion-detection purposes, make sure you
	 boot from a secure disk (e.g., a CD).

FILES

     /etc/freebsd-update.conf  Default location of the freebsd-update configuration file.

     /var/db/freebsd-update/   Default location where freebsd-update stores temporary files and downloaded updates.

SEE ALSO

     freebsd-update.conf(5)

AUTHORS

     Colin Percival <cperciva@FreeBSD.org>

FreeBSD 							   July 14, 2010							   FreeBSD
All times are GMT -4. The time now is 09:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy