First page Back Continue Last page Summary Graphics

Patching the System (cont.)

Set up inetd.conf. Comment out or remove all unnecessary services then restart inetd. If you find that everything is commented out, disable inetd in the startup scripts.

I generally run only ssh, no telnet or ftp. If possible, eliminate both as they send username and password in cleartext, which can be sniffed.

Change the login banners to remove all of the OS info.

Disable all unnecessary services in the startup scripts in /etc/rc.d/rc*.d. (Such as portmap, nfs, etc.)

Check your message logging in /etc/syslog.conf

Remove unnecessary suid and sgid bits from files.

Patching the System (cont.)

Notes: