> > Tim has the idea... I don't quite agree with Carlos's assesment of > > Red Hat's security flaws, but I don't think that matters if /etc/hosts.* > > files were set up properly and only SSH, port 80, and perhaps anonymous > > FTP were allowed from "unknown" hosts. > > Okay. We need someone to volunteer to be our anti-cracker. > > Tim? Carlos? Dave? Rahul? > I agree in RedHat being the least secure of all distributions - I switched from Debian & RH to Suse on all of the departments and my personal machines. One of our fresh installes RH machines was on the net in 7 minutes before the first successfull crack-in ... :-( My policy here is * restricted secure shell * if ssh is not an alternative: tcp_wrapper protected telnet/ftp and I do NOT close all ports - instead I wrapp/twist/fake them with tcp_wrapper so that we get a chance to notice any cracking attempts; read script kiddies (try to finger me at beagle.bmc.uu.se - I assure you we dont have users named fritz or bertram) * of course ... no rsh.rcp, rhost etc. My suggestion is to (at least) wrap all open ports directly in inetd. I fear that I have to stop looking at python and the sequence editor for a while ... to many meetings and to many unwritten thesises (=1) -thomas -- Sicheritz Ponten Thomas E. Department of Molecular Biology blippblopp at linux.nu BMC, Uppsala University BMC: +46 18 4714214 BOX 590 S-751 24 UPPSALA Sweden Fax +46 18 557723 http://evolution.bmc.uu.se/~thomas Molecular Tcl: http://evolution.bmc.uu.se/~thomas/tcl Molecular Linux: http://evolution.bmc.uu.se/~thomas/mol_linux De Chelonian Mobile ... The Turtle Moves ...