Securing-Optimizing-RH-Linux-1_2_45
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
45
NOTE: Errors message may look like this: warning: /etc/hosts.allow, line 6: can't verify hostname:
gethostbyname(win.openarch.com) failed. If you receive this kind of error message, check in your
DNS configuration file for the existence of this hostname.
12. The /etc/aliases file
Wrongly or carelessly administered aliases file can easily be used to gain privileged status. For
example, many vendors ship systems with a decode alias in the /etc/aliases file. The intention
is to provide an easy way for users to transfer binary files using mail. At the sending site the user
converts the binary to ASCII with uuencode, then mails the result to the decode alias at the
receiving site. That alias pipes the mail message through the /usr/bin/uuencode program, which
converts the ASCII back into the original binary file. You can imagine the security hole that can
happen with this feature turning On in your aliases file.
Remove the decode alias line from your /etc/aliases file. Similarly, every alias that executes a
program that you did not place there yourself and check completely should be questioned and
probably removed.
Edit the aliases file (vi /etc/aliases) and remove or comment out the following lines:
# Basic system aliases -- these MUST be present.
MAILER-DAEMON: postmaster
postmaster:
root
# General redirections for pseudo accounts.
bin:
root
daemon:
root
#games:
root remove or comment out.
#ingres:
root remove or comment out.
nobody:
root
#system:
root remove or comment out.
#toor:
root remove or comment out.
#uucp:
root remove or comment out.
# Well-known aliases.
#manager:
root remove or comment out.
#dumper:
root remove or comment out.
#operator:
root remove or comment out.
# trap decode to catch security attacks
#decode:
root
# Person who should get root's mail
#root:
marc
For this change to take effect you will need to run:
[root@deep /]# /usr/bin/newaliases
13. Prevent your Sendmail being abused by unauthorized users
The very latest versions of Sendmail (8.9.3) include powerful Anti-Spam features which can help
prevent your mail server being abused by unauthorized users. To do that, edit your
/etc/sendmail.cf file and make a change to the configuration file to block off spammers.
Edit the sendmail.cf file (vi /etc/sendmail.cf) and change the line: