-------- Forwarded Message --------
From: Lindsay Druett <lindsay(a)wired.net.nz>
To: Bruce Kingsbury <zcat(a)wired.net.nz>
Subject: Re: [wlug] Linux the cause of Ebay phishing...
Date: Tue, 09 Oct 2007 20:05:28 +1300
And going to the Linux front....
Redhat server is a baddie...
I had to sort out a Linux server last week for a rather large customer.
In the /etc/rc(whatever).D they had everything under the sun *and* the
Would you believe, they had /etc/init.d/ipchains start
and /etc/init.d/iptables start together...
Going to my ITS days...
Slackware was the ITS standard distro when I was working for Uni, and
the big concern was security (no wonder).
The BOFH had done a crack down on ITS security when I was there, and
believe or not, my work desktop got the rubber stamp.
It wasn't running Slackware, and if it ran slackware, it would have
failed miserably, but it ran SuSe desktop of all things...
Oh yeah... || to your distro Denise...
On Tue, 2007-10-09 at 19:26 +1300, Bruce Kingsbury wrote:
Linux OTOH can
be set up so, for example, the MySQL database could
only be accessed via 127.0.0.1 if it was only for the local webserver,
or opened up only to the hosts that need to access the database
Windows can be set up the same way, it just typically isn't.
Many linux distros (particularly the ones intended for desktop users)
have a policy of 'no open ports' and a lot of software like MySQL is
similarly preconfigured to only listen to localhost. My experience with
Windows, all sorts of completely unnecessary things end up listening on
all interfaces, simply because on the chance that you happen to need
those services, they'll already be installed and accessable. Hello
slammer! That's great from an 'everything just works' perspective,
perhaps.. but it's terrible from a security perspective.