RE: [Nolug] SSH Key Question

From: Wimprine, Thomas <twimprine_at_stei.com>
Date: Thu, 28 Aug 2003 11:57:14 -0500
Message-ID: <30397D20E848D2119BA70008C724E28D0EB54CB5@lajeffeex01.stei.com>

It sucks because it's a pain to configure and there are security fixes
released every week it seems.

It's perpetuated because it's the default install on a lit of distros plus
it's extremely configurable, and has a massive user base. So there are a
bunch of people that know what they are doing with it.

I like it but I haven't actually used anything else to actually compare it
to.

-----Original Message-----
From: Brett D. Estrade [mailto:estrabd@yahoo.com]
Sent: Thursday, August 28, 2003 11:52 AM
To: nolug@joeykelly.net
Subject: Re: [Nolug] SSH Key Question

why is sendmail perpetuated if it sucks so damn hard?!

Brett

--- Dustin Puryear <dpuryear@usa.net> wrote:
> At 11:11 AM 8/28/2003 -0500, you wrote:
>
> >"Wimprine, Thomas" <twimprine@stei.com> writes:
> >
> >oh. and tw won't do you any good if you're already hacked. Don't trust
> >chkrootkit. check your sendmail version and redhat's security alerts
> >and make sure you haven't been running any known exposed vulnerabilies.
>
> I'm with Scott on this.
>
> 1. Use AIDE. I run it often. I've used Tripwire, and like it, but man it's

> a rascal to deal with.
>
> 2. Verify your system files by checking the RPM checksums from your
> installation CD against the installed RPMs. That will give you a decent
> start on verifying file integrity.
>
> 3. You can do a diff between what an RPM on the CD says should be in a
> directory and what is actually there. That will let you know of new files
> that shouldn't be there. (Or might have been installed by you later on.)
>
> 4. sendmail is poop. You have to update the darn thing too often. Use
qmail
> or Postfix on your gateway mail server.
>
> Okay, Scott didn't say #4, but I know he was thinking it!
>
>
> ---
> Dustin Puryear <dustin@puryear-it.com>
> Puryear Information Technology, LLC <http://www.puryear-it.com>
> Providing expertise in the management, integration, and
> security of Windows and UNIX systems, networks, and applications.
>
> ___________________
> Nolug mailing list
> nolug@nolug.org

=====
http://www.brettsbsd.net/~estrabd

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
___________________
Nolug mailing list
nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/28/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST