diff options
Diffstat (limited to 'misc/slackbook/html/security.html')
| -rw-r--r-- | misc/slackbook/html/security.html | 218 |
1 files changed, 0 insertions, 218 deletions
diff --git a/misc/slackbook/html/security.html b/misc/slackbook/html/security.html deleted file mode 100644 index 34249a8b..00000000 --- a/misc/slackbook/html/security.html +++ /dev/null @@ -1,218 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta name="generator" content="HTML Tidy, see www.w3.org" /> -<title>Security</title> -<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> -<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> -<link rel="PREVIOUS" title="Talking to Other People" -href="basic-network-commands-talk.html" /> -<link rel="NEXT" title="Host Access Control" href="security-host.html" /> -<link rel="STYLESHEET" type="text/css" href="docbook.css" /> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> -</head> -<body class="CHAPTER" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" -alink="#0000FF"> -<div class="NAVHEADER"> -<table summary="Header navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<th colspan="3" align="center">Slackware Linux Essentials</th> -</tr> - -<tr> -<td width="10%" align="left" valign="bottom"><a href="basic-network-commands-talk.html" -accesskey="P">Prev</a></td> -<td width="80%" align="center" valign="bottom"></td> -<td width="10%" align="right" valign="bottom"><a href="security-host.html" -accesskey="N">Next</a></td> -</tr> -</table> - -<hr align="LEFT" width="100%" /> -</div> - -<div class="CHAPTER"> -<h1><a id="SECURITY" name="SECURITY"></a>Chapter 14 Security</h1> - -<div class="TOC"> -<dl> -<dt><b>Table of Contents</b></dt> - -<dt>14.1 <a href="security.html#SECURITY-DISABLE">Disabling Services</a></dt> - -<dt>14.2 <a href="security-host.html">Host Access Control</a></dt> - -<dt>14.3 <a href="security-current.html">Keeping Current</a></dt> -</dl> -</div> - -<p>Security on any system is important; it can prevent people launching attacks from your -machine, as well as protect sensitive data. This chapter is all about how to start -securing your Slackware box against script kiddies, crackers and rogue hamsters alike. -Bear in mind that this is only the start of securing a system; security is a process, not -a state.</p> - -<div class="SECT1"> -<h1 class="SECT1"><a id="SECURITY-DISABLE" name="SECURITY-DISABLE">14.1 Disabling -Services</a></h1> - -<p>The first step after installing Slackware should be to disable any services you don't -need. Any services could potentially pose a security risk, so it is important to run as -few services as possible (i.e. only those that are needed). Services are started from two -main places - <tt class="COMMAND">inetd</tt> and init scripts.</p> - -<div class="SECT2"> -<h2 class="SECT2"><a id="AEN5081" name="AEN5081">14.1.1 Services started from <tt -class="COMMAND">inetd</tt></a></h2> - -<p>A lot of the daemons that come with Slackware are run from <tt -class="COMMAND">inetd</tt>(8). <tt class="COMMAND">inetd</tt> is a daemon that listens on -all of the ports used by services configured to be started by it and spawns an instance -of the relevant daemon when a connection attempt is made. Daemons started from <tt -class="COMMAND">inetd</tt> can be disabled by commenting out the relevant lines in <tt -class="FILENAME">/etc/inetd.conf</tt>. To do this, open this file in your favorite editor -(e.g. <tt class="COMMAND">vi</tt>) and you should see lines similar to this:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -</pre> -</td> -</tr> -</table> - -<p>You can disable this service, and any others you don't need, by commenting them out -(i.e. adding a <var class="LITERAL">#</var> (hash) symbol to the beginning of the line). -The above line would then become:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -</pre> -</td> -</tr> -</table> - -<p>After <tt class="COMMAND">inetd</tt> has been restarted, this service will be -disabled. You can restart <tt class="COMMAND">inetd</tt> with the command:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd -class="USERINPUT">kill -HUP $(cat /var/run/inetd.pid)</kbd> -</pre> -</td> -</tr> -</table> -</div> - -<div class="SECT2"> -<h2 class="SECT2"><a id="AEN5102" name="AEN5102">14.1.2 Services started from init -scripts</a></h2> - -<p>The rest of the services started when the machine starts are started from the init -scripts in <tt class="FILENAME">/etc/rc.d/</tt>. These can be disabled in two different -ways, the first being to remove the execute permissions on the relevant init script and -the second being to comment out the relevant lines in the init scripts.</p> - -<p>For example, SSH is started by its own init script at <tt -class="FILENAME">/etc/rc.d/rc.sshd</tt>. You can disable this using:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">chmod -x /etc/rc.d/rc.sshd</kbd> -</pre> -</td> -</tr> -</table> - -<p>For services that don't have their own init script, you will need to comment out the -relevant lines in the init scripts to disable them. For example, the portmap daemon is -started by the following lines in <tt class="FILENAME">/etc/rc.d/rc.inet2</tt>:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -# This must be running in order to mount NFS volumes. -# Start the RPC portmapper: -if [ -x /sbin/rpc.portmap ]; then - echo "Starting RPC portmapper: /sbin/rpc.portmap" - /sbin/rpc.portmap -fi -# Done starting the RPC portmapper. -</pre> -</td> -</tr> -</table> - -<p>This can be disabled by adding <var class="LITERAL">#</var> symbols to the beginnings -of the lines that don't already start with them, like so:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="PROGRAMLISTING"> -# This must be running in order to mount NFS volumes. -# Start the RPC portmapper: -#if [ -x /sbin/rpc.portmap ]; then -# echo "Starting RPC portmapper: /sbin/rpc.portmap" -# /sbin/rpc.portmap -#fi -# Done starting the RPC portmapper. -</pre> -</td> -</tr> -</table> - -<p>These changes will only take effect after either a reboot or changing from and back to -runlevel 3 or 4. You can do this by typing the following on the console (you will need to -log in again after changing to runlevel 1):</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">telinit 1</kbd> -<samp class="PROMPT">#</samp> <kbd class="USERINPUT">telinit 3</kbd> -</pre> -</td> -</tr> -</table> -</div> -</div> -</div> - -<div class="NAVFOOTER"> -<hr align="LEFT" width="100%" /> -<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<td width="33%" align="left" valign="top"><a href="basic-network-commands-talk.html" -accesskey="P">Prev</a></td> -<td width="34%" align="center" valign="top"><a href="index.html" -accesskey="H">Home</a></td> -<td width="33%" align="right" valign="top"><a href="security-host.html" -accesskey="N">Next</a></td> -</tr> - -<tr> -<td width="33%" align="left" valign="top">Talking to Other People</td> -<td width="34%" align="center" valign="top"> </td> -<td width="33%" align="right" valign="top">Host Access Control</td> -</tr> -</table> -</div> -</body> -</html> - |