here in Edmonton requires identd if you want to telnet into any of the main

Here in edmonton requires identd if you want to

This preview shows page 91 - 93 out of 152 pages.

here in Edmonton requires identd if you want to telnet into any of the main shell servers, primarily so they can track down compromised accounts quickly. Identd is a useful tool, but generally only on machines with users you do not trust (i.e. shell account servers). It is also a two edged sword, while it gives out information useful for tracking down attackers (definitely people you want to boot off of your servers) it can also be used to gain information about users on your system, leading to their accounts being compromised. I would suggest only running identd on servers with shell accounts/etc. Identd supports quite a few features, and can be easily set to run as a non root user. Depending on your security policies you may not want to give out very much information, or you might want to give out as much as possible. Simply tack the option on in inetd.conf, after in.identd (the defaults are -l -e -o). -p port -a address Can be used to specify which port and address it binds to (in the case of a machine with IP’s aliased, or multiple interfaces), this is generally only useful if you want internal machines to connect, since external machines will probably not be able to figure out what port you changed it to. -u uid -g gid Are used to set the user and group that identd will drop it's privileges to after connecting to the port, this will result in it being far less susceptible to compromising system security. As for handling the amount of information it gives out: -o Specifies that identd will not return the operating system type, and simply say "UNKNOWN", a very good option. -n Will have identd return user numbers (i.e. UID) and not the username, which still gives them enough information to tell you and allow you to track the user down easily, without giving valuable hints to would be attackers. -N Allows users to make a ~/.noident file, which will force identd to return "HIDDEN-USER" instead of information. -F format
Image of page 91
92 Enables you to specify far more information then is standard, everything from user name and number to the actual PID, command name, and command name and arguments that were given! This I would only recommend for internal use, as it is a lot of information attackers could find useful. In general I would advise disabling identd, primarily due to the number of denial of service attacks it is susceptible to. You should only run it if you want to make the lives of other administrators easier, in tracking down which of your users are being bad. There are however other versions of identd available, some with security enhancements (I do not endorse these as I have yet to test them): - Paul's secure identd written in perl - ojnk identd - null identd - fake identd - midentd Identd runs on port 113 using tcp, and typically you will only need if you want to IRC (many irc networks require an identd response), or be nice to systems running daemons (such as tcp_wrapped telnet, or sendmail) that do identd lookups on connections.
Image of page 92
Image of page 93

You've reached the end of your free preview.

Want to read all 152 pages?

  • Spring '12
  • JRUNG
  • Linux kernel, log files

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes