Securing-Optimizing-RH-Linux-1_2_24
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
24
Applications/File:
git
Applications/Internet:
finger, ftp, fwhois, ncftp, rsh, rsync, talk, telnet
Applications/Publishing:
ghostscript, ghostscript-fonts, mpage, rhs-printfilters
Applications/System:
arpwatch, bind-utils, knfsd-clients, procinfo, rdate, rdist,
screen, ucd-snmp-utils
Documentation:
indexhtml
System Environment/Base:
chkfontpath, yp-tools
System Environment/Daemons:
XFree86-xfs, lpr, pidentd, portmap, routed, rusers, rwho, tftp,
ucd-snmp, ypbind
System Environment/Libraries:
XFree86-libs, libpng
User Interface/X:
XFree86-75dpi-fonts, urw-fonts
Before we explain each description of programs we want to uninstall, someone can ask why I
need to uninstall finger, ftp, fwhois and telnet on the server? First of all we know that those
programs by their nature are insecure. Now imagine that cracker have acceded your new Linux
server, he can use finger, ftp, fwhois and telnet programs to query or access other node on your
network. If those programs are not installed on your Linux server, he will be compelled to use
those programs from the outside or try to install program on your server in which case you can
trace it with toll like Tripwire.
Applications/File:
·
The GIT package provides an extensible file system browser, an ASCII/hexadecimal file
viewer, a process viewer/killer and other related utilities and shell scripts. [Unnecessary]
Applications/Internet:
·
The finger package is a utility, which allows users to see information about system users.
[Security risks]
·
The ftp package provides the standard UNIX command-line FTP client. [Security risks]
·
The fwhois program allows for querying whois databases. [Security risks]
·
The Ncftp package is an improved FTP client. [Security risks, unnecessary]
·
The rsh package allows users to run commands on remote machines, login to other
machines and copy files between machines (rsh, rlogin and rcp). [Security risks]
·
The ntalk package provides client and daemon programs for the Internet talk protocol,
which allows you to chat with other users on different UNIX systems. [Security risks]
·
Telnet is a popular protocol for logging into remote systems over the network but it is
insecure (transfer password in plain text). [Security risks]
Applications/Publishing:
·
The Ghostscript package is a set of software that provides a PostScript(TM) interpreter,
and an interpreter for Portable Document Format (PDF) files. [Unnecessary]