Security?! Post: 8511

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Security?! Post 8511 by vancouver_joe on Friday 12th of October 2001 01:05:55 PM

10-12-2001

Registered User

I guess my first step would be to run a port scan on the server.

Second, I would check all my non-user id's, i.e.: htdig, mysql, nfs, etc..., and make sure they don't have a shell script applied against their user id's .

Third, I would check my password policy to ensure that your users can't use simple dictionary names for passwords.

Fourth, I would set up port sentry to keep an eye open for any weird activity, and if you have a spare linux server around and a couple of nic cards, I would activate tcpdump and monitor activity coming into your network for a couple of days (hopefully you've got the space).

Finally, shut down non-required services and try to get your users to use ssh and sftp when/if they connect to the server. That way you can get rid of telnet which, as you likely know, send passwords and userid in the clear.

Anyway, some suggestions for you to think of.

Regards,

VJ

vancouver_joe

View Public Profile for vancouver_joe

Find all posts by vancouver_joe

LEARN ABOUT PHP

sftp-server

sftp-server(1M) 					  System Administration Commands					   sftp-server(1M)

NAME

       sftp-server - SFTP server subsystem

SYNOPSIS

       /usr/lib/ssh/sftp-server

DESCRIPTION

       sftp-server implements the server side of the SSH File Transfer Protocol as defined in the IETF draft-ietf-secsh-filexfer.

       sftp-server is a subsystem for sshd(1M) and must not be run directly. There are no options or config settings.

       To enable the sftp-server subsystem for sshd add the following to /etc/ssh/sshd_config:

       Subsystem   sftp     /usr/lib/ssh/sftp-server

       See sshd_config(4) for a description of the format and contents of that file.

       There is no relationship between the protocol used by sftp-server and the FTP protocol (RFC 959) provided by in.ftpd.

EXIT STATUS

       The following exit values are returned:

       0	Successful completion.

       >0	An error occurred.

FILES

       /usr/lib/sftp-server

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshdu 		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       sftp(1), ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), sshd_config(4), attributes(5)

       To  view  license  terms,  attribution,	and  copyright	for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the
       Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
       location.

AUTHOR

       Markus Friedl

SunOS 5.10							    30 Jul 2003 						   sftp-server(1M)