PDA

Click to See Complete Forum and Search --> : protecting your computer

Fandelem
10-19-2000, 03:46 PM
i have recently setup an account on dyndns.org so my computer is pretty much vulnerable to the whole world. I need telnet and ftp to be open because I telnet from my work, and a few other places. Would the easiest way just be to set my host.allow and .deny files up? Or should I grab portsentry too? (do people portscan *.dyndns.org?)

oh - one final question:

i have a list of IP address's i want to add to host.allow - but should i do ALL: (ipadd) or should i do FTP: (ipadd) and telnet: (ipadd)

thanks,

~kyle
toolie
10-19-2000, 04:10 PM
Too much security is better than not enough. Close everything, except telnet and ftp (and think about losing telnet and installing SSH1 instead), get PortSentry up and going, get a firewall working. Use ALL: in the hosts.deny, there is no reason to allow people access to something you dont explicitly add them to.
Fandelem
10-19-2000, 04:36 PM
Regarding SSH:

Will this hinder my regular telneting? (Sometimes I will be at a computer that will only have regular telnet)

the hosts.allow and hosts.deny file will be in effect for BOTH telnet and SSH, right?

thanks http://www.linuxnewbie.org/ubb/smile.gif

~kyle
Fandelem
10-19-2000, 04:51 PM
Okay - I tried untaring ssh2 and got this error when running ./configure

configure: error: configuring with X but xauth not found - aborting

what's that mean? :)

- i found Xauth.tar.gz somewhere - and here's the error upon making it:

cc -g -I/usr/X11R6/include -IAuth/ -Wall -pedantic -c pipe.c -o pipe.o
cc -g -I/usr/X11R6/include -IAuth/ -Wall -pedantic -c Xconv.c -o Xconv.o
cc -g -I/usr/X11R6/include -IAuth/ -Wall -pedantic -c xconv.c -o xconv.o
xconv.c: In function `PAMFeedGraphics':
xconv.c:150: storage size of `tv' isn't known
xconv.c:150: warning: unused variable `tv'
make: *** [xconv.o] Error 1

what now? :(

[This message has been edited by Fandelem (edited 19 October 2000).]
CanadaMan
10-19-2000, 07:04 PM
Forget ssh, use Openssh instead. You can get rpms at www.rpmfind.net. (http://www.rpmfind.net.)

I built it from source. I think that works better.

You'll also need OpenSSL. If you're on RH 6.x you should be fine with that.

Bear in mind that when using PAM, you'll need to add a file in /etc/pam.d for sshd to read it's rules from. Go to Armoring Linux www.enteract.com/~lspitz/linux.html (http://www.enteract.com/~lspitz/linux.html)
and check out example G to see what it should look like.

Don't forget to shut down those services!