HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_45
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 45 NOTE: Errors message may look like this: warning: /etc/hosts.allow, line 6: can't verify hostname: gethostbyname(win.openarch.com) failed. If you receive this kind of error message, check in your DNS configuration file for the existence of this hostname. 12. The “/etc/aliases” file Wrongly or carelessly administered aliases file can easily be used to gain privileged status. For example, many vendors ship systems with a “decode” alias in the “/etc/aliases” file. The intention is to provide an easy way for users to transfer binary files using mail. At the sending site the user converts the binary to ASCII with “uuencode”, then mails the result to the “decode” alias at the receiving site. That alias pipes the mail message through the “/usr/bin/uuencode” program, which converts the ASCII back into the original binary file. You can imagine the security hole that can happen with this feature turning On in your “aliases” file. Remove the “decode” alias line from your “/etc/aliases” file. Similarly, every alias that executes a program that you did not place there yourself and check completely should be questioned and probably removed. Edit the aliases file (vi /etc/aliases) and remove or comment out the following lines: # Basic system aliases -- these MUST be present. MAILER-DAEMON:  postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root #games: root   remove or comment out. #ingres: root   remove or comment out. nobody: root #system: root   remove or comment out. #toor: root   remove or comment out. #uucp: root   remove or comment out. # Well-known aliases. #manager: root   remove or comment out. #dumper: root   remove or comment out. #operator: root   remove or comment out. # trap decode to catch security attacks #decode: root # Person who should get root's mail #root: marc For this change to take effect you will need to run: [root@deep /]# /usr/bin/newaliases 13. Prevent your Sendmail being abused by unauthorized users The very latest versions of Sendmail (8.9.3) include powerful Anti-Spam features which can help prevent your mail server being abused by unauthorized users. To do that, edit your “/etc/sendmail.cf” file and make a change to the configuration file to block off spammers. Edit the sendmail.cf file (vi /etc/sendmail.cf) and change the line: