[nycbug-talk] Re:FreeBSD Newbie
Fri Aug 20 10:12:22 EDT 2004
---------- Original Message ----------------------------------
From: Pete Wright <pete at nomadlogic.org>
Date: Fri, 20 Aug 2004 10:12:50 -0500
>>I was told that "FreeBSD is secure out of the box" is that pretty true? Are there any major service I should turn off or on now that its "hot"
>The one service I would disable right off the bat is "telnet". You can
>disable this in your /etc/inet.d file. If you put a # in front of the
>line that looks like this:
>telnet stream tcp nowait root /usr/libexec/telnetd telnetd
>then reload the inet daemon like this:
>$ kill -HUP `cat /var/run/inetd.pid`
>(those are backticks)
> as root that will disable this service. Before you do so, a little
>background. Telnet, as you know, is a program that allows you to
>establish a remote shell to your Unix host. There is a huge problem
>with telnet tho, all data is sent over the network clear text. So, when
>you log into your server anyone that can see your data will be able to
>see your username and passwords unencrypted. Yikes!
> So what do you do to get around this problem, you obviously want to
>still be able to remotely admin your Unix server. SSH, the Secure
>SHell, has all of the benefits of telnet expect your data is encrypted
>making it harder for the Axis of Evil to sinff your data. SSH is part
>of a default FreeBSD install, I would suggest checking out these links
>for more info:
>and here is a random "primer" that i got off google
>and finally from a shell
>$ man ssh
> So anyway, I would become familiar with ssh before turning off
>telnet; but from a security stand point that is the first thing I do
>before I start setting up any Unix host.
> I hope you enjoy hacking BSD, it rocks! There are usually helpfull
>people on #nycbug on irc.freenode.net as well, so come by and chat!
Thanks for pointing out the other resource on IRC.
It looked to me that telnet was disabled when I installed by default and I had to enable it by removing the # from the inetd.conf file.
Sent via the WebMail system at slikstik.com
More information about the talk