Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
The ONE Campaign to make poverty history

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents
Up to --> Security

· What You Can Do About It
· Trusted Hosts
· Modem Security
· Backups
· The Official Word
· Changing Attitudes
· System Security
· Security and the Law

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 170 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

Linux Tutorial - Security - What You Can Do About It - Trusted Hosts
  What You Can Do About It ---- FTP  

Trusted Hosts

Trusting other computers is a two edged sword. Many systems that disallowed trusted hosts did well against the Internet worm, compared to other sites that did not. You need to specify in your company's security policy just what kind of access is allowed. Maybe it's the extreme where everyone trusts everyone else. Maybe it's the extreme that no one trusts anyone. The middle ground would be to say that the database server trusts no one, although the database server is trusted by the others. That way if one machine is compromised, the database server is safe.

You need to weigh convenience with security. When I was able to crack the account of one system administrator, he already had an .rhosts file that allowed access to his account on every machine from every other machine by both his own account and root. Therefore, once I had broken into one machine using his account, I could break into all of them.

If you are setting up a system for the first time, you need to define you access policy before you hook up the machine to the rest of the network. Once on a net work where security "can" be broken, the new system is no longer secure.

If you are taking over a system, you need to check it to make sure that it adheres to both the security policy and common sense. Check /etc/hosts.equiv to see who is given access and every .rhosts file on the system. Make sure that they are what you want. Never allow wildcards of any kind. Make sure that you specifically define who has access and from what machines.

One common mistake is that the .rhosts file is world-readable. No one should be able to figure out what access another account gives. Just because someone knows what other machines can reach this one does not mean that he can access that account. However, the more information an intruder has, the more directed the attack and the greater the chances of success. Fortunately, the remote-command/login functionality does not work on most newer Linux distributions if the .rhost file is readable by others.

 Previous Page
What You Can Do About It
  Back to Top
Table of Contents
Next Page 


Test Your Knowledge

User Comments:

You can only add comments if you are logged in.

Copyright 2002-2009 by James Mohr. Licensed under modified GNU Free Documentation License (Portions of this material originally published by Prentice Hall, Pearson Education, Inc). See here for details. All rights reserved.
Show your Support for the Linux Tutorial

Purchase one of the products from our new online shop. For each product you purchase, the Linux Tutorial gets a portion of the proceeds to help keep us going.



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can choose larger fonts by selecting a different themes.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.08 Seconds