OESF Portables Forum

Everything Else => Zaurus Distro Support and Discussion => Distros, Development, and Model Specific Forums => Archived Forums => Sharp ROMs => Topic started by: datajerk on June 04, 2004, 11:38:17 am

Title: Cacko 1.2x security warning
Post by: datajerk on June 04, 2004, 11:38:17 am: Just an FYI. I suspect that this is true for other ROMs as well. SSH and Samba are wide open after a fresh install of Cacko 1.2x. I am sure this is normal and necessary for PIM sync and other functions.

If you use public WiFi or GPRS networks that do not firewall your device then you should be concerned.

Solution:

Create /etc/hosts.deny and add the line:

ALL: ALL

This will block Samba and SSH access for all hosts including friendly hosts.

Then create /etc/hosts.allow and add the line:

ALL: 127.0.0.1, .your domain, friendly IPs like your desktop, etc...

E.g.

ALL: 127.0.0.1, .sense.net

Read the hosts.allow/hosts.deny man pages. This is standard Linux maintainence that most of you already do or know about. However I am sure there are a number of Cacko users that may be unaware.

I do not recommend adding samba, root, or zaurus passwords. Some things do break (like poorly written preinst/postinst ipk scripts that assume that su - will not prompt and PIM syncing).

SMF 2.0.19 | SMF © 2021, Simple Machines