Linux Today: Linux News On Internet Time.

More on LinuxToday

SearchOpenSource: Kickstart your Linux Security by Avoiding Garbage Installations

Aug 24, 2006, 09:00 (2 Talkback[s])
(Other stories by James Turnbull)

[ Thanks to Jane Walker for this link. ]

"Recently, a colleague complained to me that X Windows refused to start following a routine patch upgrade on a production Web server. I asked why he needed X Windows running on a production Web server in the first place, especially a server that was allegedly secured as a bastion host in a perimeter DMZ. The response that 'it was installed by default' seemed inadequate when considering the security risk posed by running X Windows on a bastion host.

"Unnecessary packages on a host bring significant risks. An attacker can target the capabilities of those unnecessary packages to subvert or compromise your host, especially since most distributions automatically start the processes required by the installed packages (for example, if you have installed Apache, then the httpd process is automatically started)..."

Complete Story

Related Stories: