|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Hardening" OpenBSD
From: Melameth, Daniel D. (dmelameth
mba-cpa.com)
Date: Sat Nov 04 2006 - 18:26:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Guenther wrote:
> Just came across this article:
> http://geodsoft.com/howto/harden/OpenBSD/services.htm
>
> This list has made me skeptical of claims about hardening, especially
> when done independantly. In particular, the article says
> "The most interesting configuration choice in the default OpenBSD
> install is portmap and some of the related RPC services. portmap is on
> by default and the comment is that it's "almost always needed". [. .
> .] Disregard the "almost always needed" comment. Portmap should not be
> running on a machine that is acting as a firewall or public Internet
> server such as a web, FTP, or SMTP server."
>
> So is he right?
Did you look in rc.conf? While somewhat relevant, the article is quite
dated. From a clean install of 4.0:
portmap=NO # Note: inetd(8) rpc services need portmap too
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]