Description | Logging FTP connection and command activity is recommended. The only |
| reason not to do this is the frequency of logging from FTP fills logs more |
| quickly, particularly if FTP services are heavily used on this machine. |
Actions | In the /etc/inetd.conf file, add the |
Headline | Reminder to disable unneeded inetd services in the TODO.txt file. |
Default | N |
Description | Disable unneeded inetd services. Leave only those services running that are |
| critical to the operation of this machine. This is an example of the frequent |
| trade off between security and functionality. The most secure machine is not |
| very useful. For the most secure but useful system, enable only those services |
| which this system needs to fulfill its intended purpose. You can further restrict |
| access using the inetd.sec file or a program like tcpwrappers. If you |
| answer Y to this question, |
| how to configure these tools. |
|
|
| IMPORTANT: Manual action required to complete this configuration. See |
| TODO.txt file for details. |
Actions |
|
Instructions for manual actions provided in TODO.txt list. | |
| SecureInetd.log_inetd | |
Headline | Enable logging for all inetd connections. |
Default | N |
Description | Logging connection attempts to inetd services is a good idea. The only reason |
| not to do this is the frequency of logging from inetd fills logs more quickly, |
| particularly if inetd services are heavily used on this machine. |
Actions | In the /etc/rc.config.d/netdaemons file, add the |
| INETD_ARGS= parameter. |
| SecureInetd.owner | |
Headline | Who is responsible for granting authorization to use this machine? |
Default | The owner |
Description | |
| responsible for this machine. This will state explicitly who the user needs to |
| obtain authorization from to use this machine. Fill in the name of the company, |
| person, or other organization who owns or is responsible for this machine. |
Actions | Parameter for default banner. No action. |
| Sendmail.sendmailcron | |
Headline | Run sendmail via cron to process the queue. |
Default | Y |
Description | Should sendmail run every 15 minutes to process the mail queue by |
| processing and sending out email? If this machine does not run sendmail in |
daemon mode, you might want to enable this to make your outbound mail more reliable.
In most cases, mail queue processing is not required because most mailer programs activate sendmail to process their particular message. A message usually only gets written to the queue (and thus needs a cron entry) if sendmail has trouble delivering it. For example if the receiving mail server is down.
60 Question modules