OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Buchan Milne (bgmilnecae.co.za)
Date: Thu Jan 17 2002 - 08:23:12 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I don't know how many of you guys on this list answer questions on
    MandrakeExpert, but I do on occasion. Sometimes I get questions that I
    don't feel comfortable answering correctly.

    For example, I answered someone who wanted to enable the telnet server
    with a standard "Use ssh" reply (AFAIK there is no reason one would need
    a telnet server, telnet client I can understand: some network devices
    need configuration via telnet). The user figured telnet out himself
    (after I explained the basics of getting ssh running, and pointing him
    to some docs on ssh with keys).

    He then asked how to make it possible for root to log in directly
    without needing to log in as a user first. I explained that it was about
    the worst thing to do security-wise, and that even if it was on a closed
    network: 1)The network may not remain closed, will you remember to turn
    telnet off, 2)Better to learn ssh (and scp, sftp etc) and be in the
    habit of using secure tools.

    So this time, I answered that if he really wanted an insecure box, he
    should install redhat 6.2 or so, which would set up all that for him by
    default, rather than wasting all the work of packagers and developers
    trying to improve security. I did however give him a hint:
    securetty(5)
    saying that if he couldn't figure it out from there, he should really
    consider whether he know enough about linux to understand the risks.

    So, in light of this kind of question, would it be worthwhile to setup a
    set of guidelines for what kinds of questions experts should be
    comfortable in NOT answering, and maybe a page on mandrakesecure.net
    explaining why such questions will not be answered?

    Comments? 

    -- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work       +27 82 472 2231 * +27 21 808 2497 ext 202
Stellenbosch Automotive Engineering         http://www.cae.co.za

    For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net.  To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.