|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Hardening" OpenBSD
From: STeve Andre' (andres
msu.edu)
Date: Sat Nov 04 2006 - 18:33:50 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Saturday 04 November 2006 19:09, Nick Guenther wrote:
> Just came across this article:
> http://geodsoft.com/howto/harden/OpenBSD/services.htm
>
> This list has made me skeptical of claims about hardening, especially
> when done independantly. In particular, the article says
> "The most interesting configuration choice in the default OpenBSD
> install is portmap and some of the related RPC services. portmap is on
> by default and the comment is that it's "almost always needed". [. .
> .] Disregard the "almost always needed" comment. Portmap should not be
> running on a machine that is acting as a firewall or public Internet
> server such as a web, FTP, or SMTP server."
>
> So is he right?
>
> -Nick
It seems that this was written to cover OpenBSD 2.9, and revisied
for 3.0. Keeping old sites like this online without a huge disclaimer
saying "likely out of date!" seems irresponsible to me.
Look at /etc/rc and /etc/rc.conf to see whats going on these days.
Always look to see what an author claims about whats going on
in OpenBSD before believing what they say...
--STeve Andre'
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]