[linux-security] Re: IMAPD fix for RH

[Lamar Owen <lamar owen wgcr org>]

>> It appears that uninstalling the imap rpm uninstalls the pop mail service
as
>> well, or at least disables it.  Is this uncool?  Is it safe to leave it
>> installed (but removed from inetd.conf) for the sake of keeping pop
service in
>> place?
>
>I'm not sure, actually.  The POP code comes from the imap package, so
>presumably you need to updated it *all* if you use any of it to make
>sure you are safe from attack.
>
>I'd just update the package to the latest one and leave imap enabled.


Better yet, do some packet filtering in addition to updating -- after all,
who _really_ needs access to your imap/pop server but usually a select
few....  Guys, people are already trying to exploit this hole -- I have
packet filter logs to prove it.  My philosophy is simply this -- if they
don't need access to a port, don't give it.  Deny by default -- permit only
when there is a demonstrated need.  Permit access at the finest granularity
possible -- even if that means a fifty line packet filter.  Use multiple
filters -- tcp wrappers plus cisco ACLs, etc.  Log access to exposed
ports -- even if it means a large partition dedicated to /var/log.  Protect
your logs.  Etc, etc, etc,....

Yes, I know it's alot of (often thankless) work.  However, the crackers
attacking your system are going to be diligent -- it behooves you to be just
as diligent.  I know I'd rather be chewed out by my boss for spending too
much time on security than to have him really chew me out for the
embarrassment of not spending enough time.

Lamar Owen
WGCR Internet Radio