Full Discussion: Security?!
Top Forums UNIX for Advanced & Expert Users Security?! Post 8511 by vancouver_joe on Friday 12th of October 2001 01:05:55 PM
Old 10-12-2001
I guess my first step would be to run a port scan on the server.

Second, I would check all my non-user id's, i.e.: htdig, mysql, nfs, etc..., and make sure they don't have a shell script applied against their user id's .

Third, I would check my password policy to ensure that your users can't use simple dictionary names for passwords.

Fourth, I would set up port sentry to keep an eye open for any weird activity, and if you have a spare linux server around and a couple of nic cards, I would activate tcpdump and monitor activity coming into your network for a couple of days (hopefully you've got the space).

Finally, shut down non-required services and try to get your users to use ssh and sftp when/if they connect to the server. That way you can get rid of telnet which, as you likely know, send passwords and userid in the clear.

Anyway, some suggestions for you to think of.


sftp-server(1M) 					  System Administration Commands					   sftp-server(1M)

sftp-server - SFTP server subsystem SYNOPSIS
/usr/lib/ssh/sftp-server DESCRIPTION
sftp-server implements the server side of the SSH File Transfer Protocol as defined in the IETF draft-ietf-secsh-filexfer. sftp-server is a subsystem for sshd(1M) and must not be run directly. There are no options or config settings. To enable the sftp-server subsystem for sshd add the following to /etc/ssh/sshd_config: Subsystem sftp /usr/lib/ssh/sftp-server See sshd_config(4) for a description of the format and contents of that file. There is no relationship between the protocol used by sftp-server and the FTP protocol (RFC 959) provided by in.ftpd. EXIT STATUS
The following exit values are returned: 0 Successful completion. >0 An error occurred. FILES
/usr/lib/sftp-server ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWsshdu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
sftp(1), ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), sshd_config(4), attributes(5) To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed location. AUTHOR
Markus Friedl SunOS 5.10 30 Jul 2003 sftp-server(1M)

Featured Tech Videos

All times are GMT -4. The time now is 01:42 AM.
Unix & Linux Forums Content Copyright 1993-2021. All Rights Reserved.
Privacy Policy