"Martinez, Michael - CSREES/ISTM" <[EMAIL PROTECTED]> wrote .. > I recently had a network audit, which had the following to say about my > LInux machines. Wanted to get some feedback from the list. It seems rather > bogus. I never heard of this. Can somebody provide details. Is this > legimitate or no: > > "The linux system accepts the SLIST command from outside the agency to > display internal routing tables. This poses a serious security risk..."
"slist" is I believe just an implementation of Novell's SLIST command for listing NetWare servers. Question, are you running a NetWare emulator on Linux or just doing slist on Linux to see NetWare servers you have in house? The slist on Linux is a part of the ncpfs-2.2.0.18-6 package. You could just remove the slist command from most Linux boxes, or you could rename slist and make a script wrapper for the slist command so not everyone can use it, or you could change the execute permissions to root only, or contact its developer for other options. Peter
