Am i in danger?

Am i in danger?

[Chris]

Well, I know that some servers on Slackware are started literally as soon as
installation is complete, like, sendmail being one of them...  I have set a
mount point as /win which points to my windows fat32 drive at which I can
see the entire drive from there...  There is a hell of a lot of sinsitive
info on that drive...  On my router, I do have port 21 ftp opoened, as under
Windows, I do run an ftp server, which I have very cautiously configured so
that well... 1... the whole world can't see my drive, and on top of that, I
basicly only allow access to my Adventures in Odyssey collection, as well as
my music collection which is now just over 4gb.  I guess to get to my point
of this mail:  Because of me having port 21 opened for windows,and because
of the fact that right now root has access to every file and every directory
on /win which is on /dev/hda1 I'm wondering if that opens my hda drive for
being jeopardized of someone hacking in through port 21 and seeing my drive
and even possibly retreiving inappropriate data for them to be seeing...
now granted, my theory is that in order for that to happen, the user would
have to have the modification set to 6 on the whole directory thus, giving
them total access, but, here's the thing:  see:  like i said, the person who
helped me get everything up and going, forgot to put the mount point in my
fstab file, so the only user right now that can even cd into /win regardless
is root and that's literally it...  So, I'm just wondering if that is going
to open a security hole, and if so, how can I improve my security and
prevent a molicious attack, or even worse, spreading of nonpublic data.

Thank you for your time, efforts, and help...


Chris.

Re: Am i in danger?

[Joseph C. Lininger]

Well, when ever you set up any kind of machine so that it accepts incoming
connecting you are taking risks that someone will gain unauthorized access.
As it stands the ftp server that shipps with your version of slackware does
not allow root access by default, but you may want to patch your ssh server
since there is currently an exploit that allows one to gain root access to
your box. As for sencitive data leaking out, I'd recommend either not
allowing any incoming connections or employing encryption on that data in
case someone gets a hold of it.
--
Joseph C. Lininger
jbahm@pcdesk.net
----- Original Message ----- 
From: "Chris" <chris@mailvision.ath.cx>
To: <speakup@braille.uwo.ca>
Sent: Monday, September 22, 2003 12:29 AM
Subject: Am i in danger?


> Well, I know that some servers on Slackware are started literally as soon
as
> installation is complete, like, sendmail being one of them...  I have set
a
> mount point as /win which points to my windows fat32 drive at which I can
> see the entire drive from there...  There is a hell of a lot of sinsitive
> info on that drive...  On my router, I do have port 21 ftp opoened, as
under
> Windows, I do run an ftp server, which I have very cautiously configured
so
> that well... 1... the whole world can't see my drive, and on top of that,
I
> basicly only allow access to my Adventures in Odyssey collection, as well
as
> my music collection which is now just over 4gb.  I guess to get to my
point
> of this mail:  Because of me having port 21 opened for windows,and because
> of the fact that right now root has access to every file and every
directory
> on /win which is on /dev/hda1 I'm wondering if that opens my hda drive for
> being jeopardized of someone hacking in through port 21 and seeing my
drive
> and even possibly retreiving inappropriate data for them to be seeing...
> now granted, my theory is that in order for that to happen, the user would
> have to have the modification set to 6 on the whole directory thus, giving
> them total access, but, here's the thing:  see:  like i said, the person
who
> helped me get everything up and going, forgot to put the mount point in my
> fstab file, so the only user right now that can even cd into /win
regardless
> is root and that's literally it...  So, I'm just wondering if that is
going
> to open a security hole, and if so, how can I improve my security and
> prevent a molicious attack, or even worse, spreading of nonpublic data.
>
> Thank you for your time, efforts, and help...
>
>
> Chris.
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

Re: Am i in danger?

[Gregory Nowak]

I believe that slackware doesn't start proftpd by default (if you've
got that installed). Same thing should be true for uw ftp.

If you want to find out what services are running, look at
/etc/inetd.conf.

If you don't want something running, just put a hash mark (#) in front
of it. If you modified the file do
killall -HUP inetd
(note the capitalization). This will make inetd reread it's file.

For anything else, look through /etc/rc.d (I.E. rc.sendmail, rc.httpd,
rc.sshd, ETC), and do for example
./rc.httpd stop
to stop the apache server.

If you want to prevent some rc.d scripts from being run every time you
boot, I think the best way would be to just take away their execute
permissions
chmod -x rc.httpd
or better yet, go through /var/log/packages, and remove anything you
don't need by doing
removepkg package_name
. That way, things won't get started without you wanting them to.

That should do it, and I hope someone will correct me if I messed
something up. I haven't had to install slackware from scratch for a
while now, so I might have forgotten a thing or 2.

Greg


On Mon, Sep 22, 2003 at 02:29:02AM -0400, Chris wrote:
> Well, I know that some servers on Slackware are started literally as soon as
> installation is complete, like, sendmail being one of them...  I have set a
> mount point as /win which points to my windows fat32 drive at which I can
> see the entire drive from there...  There is a hell of a lot of sinsitive
> info on that drive...  On my router, I do have port 21 ftp opoened, as under
> Windows, I do run an ftp server, which I have very cautiously configured so
> that well... 1... the whole world can't see my drive, and on top of that, I
> basicly only allow access to my Adventures in Odyssey collection, as well as
> my music collection which is now just over 4gb.  I guess to get to my point
> of this mail:  Because of me having port 21 opened for windows,and because
> of the fact that right now root has access to every file and every directory
> on /win which is on /dev/hda1 I'm wondering if that opens my hda drive for
> being jeopardized of someone hacking in through port 21 and seeing my drive
> and even possibly retreiving inappropriate data for them to be seeing...
> now granted, my theory is that in order for that to happen, the user would
> have to have the modification set to 6 on the whole directory thus, giving
> them total access, but, here's the thing:  see:  like i said, the person who
> helped me get everything up and going, forgot to put the mount point in my
> fstab file, so the only user right now that can even cd into /win regardless
> is root and that's literally it...  So, I'm just wondering if that is going
> to open a security hole, and if so, how can I improve my security and
> prevent a molicious attack, or even worse, spreading of nonpublic data.
> 
> Thank you for your time, efforts, and help...
> 
> 
> Chris.
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
Free domains: http://www.eu.org/ or mail dns-manager@EU.org