On Thu, Mar 23, 2000 at 02:01:26PM +0000, Gareth Bowker wrote: > It's quite a useful document, certainly. I've only got one comment on it, > which is to explain what the changes are that are being made: i.e. > disabling tcp listening for X means that you can't run remote X sessions > from the machine blah blah, but that crackers can't blah blah.
My thought of the day: why nmap localhost, rather than netstat -a or -an ? After all, you might well have things that you want listening on the loopback interface but not on e.g. eth0 (bind/named being the first thing that comes to mind!), and netstat runs just a tad faster. I do, however, recommend nmap from an external machine if you have remote root access somewhere else and won't upset anyone else between you & that account. > It just makes it clearer as to what's being done, so people won't disable > features they actually need/rely on. e.g. on my (non-portable), I use and > rely on being able to run a remote X session from my machine, so I know not > to disable it. I guess that the people reading the document won't know > exactly what they're doing when they're following it (if they did, they > wouldn't need it in the first place, I'd have thought ;), so a full > explanation would be useful for them. This is definitely the way to approach it, I think. Good document to start with at least.. ~Tim -- | Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++ | w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y- | The sun is melting over the hills, | http://piglet.is.dreaming.org/ | All our roads are waiting / To be revealed | [EMAIL PROTECTED]
