Securing your Linux Box... was Re: warning in /var/log/messages

J.L.Francois jlf@magusnet.gilbert.az.us
Sat, 20 May 2000 16:22:24 -0700 

It seems like on Thu, May 18, 2000 at 09:53:47AM -0700, Bob George scribbled:
Orig Msg> > auth   stream  tcp     nowait.32768    nobody    /usr/sbin/in.identd
Orig Msg> in.identd -l -e -o -i -n
Orig Msg> 
Orig Msg> Why run auth, or are there users on the firewall itself using IRC and such?

Some places configure their servers to drop connections if they do
not see an identd connection.
Others seem to hang while waiting for identd to time out.
See "man identd" for what the switch settings do.

The MagusNet Public Proxy ( http://www.magusnet.com/proxy.html )
uses identd for some procedures in-house so I keep it in place 
for that as well. That is why I have the nowait.32768 added.
The proxy runs as nobody/UID( 99 ) and that is what most
of my identd responses would return.

Orig Msg> Wouldn't they be behind the firewall?

Yes, and identd at the firewall in my config does not reveal
much of anything about any data connection since there are no
pieces of user data available for identd to return.

Orig Msg> > cfinger stream tcp nowait root /usr/sbin/tcpd /bin/cat
Orig Msg> /home/frenchie/Mail/info
Orig Msg> > finger stream tcp nowait root /usr/sbin/tcpd /bin/cat
Orig Msg> /home/frenchie/Mail/info
Orig Msg> 
Orig Msg> So what's in /home/frenchie/Mail/info? While cat is probably not a risk,
Orig Msg> does it need to run as root?

You are right it does not need to be run as root.
It is something I haven't thought about...good catch.
The 2 services above used to be managed by my proxy server
software.
I changed them out a while back and obviously missed something 
that I should have gone back and reviewed.
Proof that even when you know what you are doing it is easy
to make the silliest of mistakes.

Anyway, the config above returns the same file regardles of what
address you finger inside the [francois|magusnet].[com|gilbert.az.us]
domains.

Because I have a hybrid filtering firewall / proxy server setup
I have done some oddball things to get the config where it is
today.

Thanks for the review.

JLF Sends...

Behold, the Internet is the greatest sum of information at mankind's 
fingertips since the Library of Alexandria. Despite this vast storehouse
of knowledge at our disposal, there are still those that will send
urban legend and blatantly false information to mailing lists and
newsgroups without making even the slightest effort to check their 
legitimacy.  At every occurance this proves to me that every node,wire,
and server I help connect to the Internet to widen its expanse for 
the benefit of the masses is a complete waste of time.  ( J. Francois )