[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Checking sendmail.cf file at boot time



Robert L Cochran wrote:

In an earlier posting I made on the Shrike list, I mentioned it is a
good idea to turn off mail relaying in sendmail. Someone responded that
the default sendmail implementation from Red Hat only listens for
connections on the local host, anyhow, so in effect why bother?


The best answer to that is that a substitute sendmail.cf file could be
inserted to the system maliciously at some point. You should not just
assume that sendmail is running with the actual Red Hat defaults, in
other words.


This is theoretically true - but if an attacker has somehow gotten a root shell on your box, you have much, much bigger problems than mail relaying! Finding out how that happened, and taking measures to stop it from happening again are the key.

<snip security checks>

The procedures you list would be considered paranoid by some, but others would say that paranoia is the key to security. But if you're going to be paranoid, be consistent though - why focus solely on sendmail? There are thousands of things you will need to check daily or hourly, and sendmail is one of the smaller issues. hacked kernels, kernel modules, hacked utilities that mask an intruders presence (rootkits), hacked libs, hacked network layer, identity theft, malicious users, denial of service attacks, warez sites on your server, physical security, etc, etc.

But on balance, a reasonably up to date redhat box with sensible security measures is going to be one very tough nut to crack, for any hacker without physical access. anything is possible, but the probability of a sensibly managed redhat box getting hacked is quite low.

Joe





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]