[nycbug-talk] Re:FreeBSD Newbie

freebsd freebsd
Fri Aug 20 10:12:22 EDT 2004 



---------- Original Message ----------------------------------
From: Pete Wright <pete at nomadlogic.org>
Date:  Fri, 20 Aug 2004 10:12:50 -0500

>freebsd wrote:
>
>>
>>I was told that "FreeBSD is secure out of the box" is that pretty true? Are there any major service I should turn off or on now that its "hot"
>>
>>  
>>
>The one service I would disable right off the bat is "telnet".  You can 
>disable this in your /etc/inet.d file.  If you put a # in front of the 
>line that looks like this:
>
>telnet  stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
>
>then reload the inet daemon like this:
>
>$ kill -HUP `cat /var/run/inetd.pid`
>(those are backticks)
>
>    as root that will disable this service.  Before you do so, a little 
>background.  Telnet, as you know, is a program that allows you to 
>establish a remote shell to your Unix host.  There is a huge problem 
>with telnet tho, all data is sent over the network clear text.  So, when 
>you log into your server anyone that can see your data will be able to 
>see your username and passwords unencrypted.  Yikes!
>
>    So what do you do to get around this problem, you obviously want to 
>still be able to remotely admin your Unix server.   SSH, the Secure 
>SHell, has all of the benefits of telnet expect your data is encrypted 
>making it harder for the Axis of Evil to sinff your data.  SSH is part 
>of a default FreeBSD install, I would suggest checking out these links 
>for more info:
>
>http://openssh.org/
>and here is a random "primer" that i got off google
>http://www.chemistry.ohio-state.edu/compsupp/Docs/ssh_primer.html
>and finally from a shell
>$ man ssh
>
>    So anyway, I would become familiar with ssh before turning off 
>telnet; but from a security stand point that is the first thing I do 
>before I start setting up any Unix host.  
>
>    I hope you enjoy hacking BSD, it rocks!  There are usually helpfull 
>people on #nycbug on irc.freenode.net as well, so come by and chat!


Thanks for pointing out the other resource on IRC. 

It looked to me that telnet was disabled when I installed by default and I had to enable it by removing the # from the inetd.conf file. 

Thanks. 




________________________________________________________________
Sent via the WebMail system at slikstik.com

More information about the talk mailing list