[K12OSN] Linux vulnerabilities?
Les Bell
lesbell at lesbell.com.au
Mon May 17 23:51:51 UTC 2004
"Jonathan Kallay" <Yoni at kallay.net> wrote:
>>
I've been told that it would be to my benefit to identify what the big
Linux security holes are, to 'get everything out in the open,' so to speak.
Because of the openness of the operating system, the only security holes I
know of are simply the result of system admin error or ignorance. Can
anyone help me out?
<<
About the only "hole" by default on a RH9 or K12LTSP installation is that
NFS is usually enabled by default. A quick series of chkconfig and service
stop commands will shut that off, however.
>From that point on, it's a matter of good system administration practices:
selection of strong passwords, not using protocols which pass the password
over the network as cleartext (i.e. use SSH by default for everything),
ensure you subscribe to vendors' security mailing lists, ensure patches are
applied in a timely fashion usiing RHN, yum or apt-rpm, etc.
If it would help, I can let you have an early copy of a table I've prepared
which maps the features and subsystems in Linux against the controls in
Appendix A of AS/NZS 7799.2:2003, "Information Security Management -
Specification for Information Security Management System".
I'd have to say that, as a security professional, I'd much rather work on
Linux systems than deal with the constant patching and disinfecting that's
necessary in the Windows world.
Best,
--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]
More information about the K12OSN
mailing list