← previous next →
Pages: [1]

Author Topic: Securing A New C3000  (Read 3515 times)

SwiftOne

  • Newbie
  • *
  • Posts: 5
    • View Profile
Securing A New C3000
« on: March 14, 2005, 12:26:39 pm »
I'm the owner of a new C3000, and I'd like to make sure I've locked it down properly.  I've read that previous Zaurii had (essentially) root FTP with no password, but that is no longer the case.  Is there anything too lax on it that I should tighten down?  I've already installed SSH for my outbound connections.
Logged

speculatrix

  • Administrator
  • Hero Member
  • *****
  • Posts: 3707
    • View Profile
Securing A New C3000
« Reply #1 on: March 14, 2005, 05:53:29 pm »
Quote
I'm the owner of a new C3000, and I'd like to make sure I've locked it down properly.  I've read that previous Zaurii had (essentially) root FTP with no password, but that is no longer the case.  Is there anything too lax on it that I should tighten down?  I've already installed SSH for my outbound connections.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=70625\"][{POST_SNAPBACK}][/a][/div]

I imagine that the 300 is not much different to the 860 I am using at this instant.

just ssh into it as root, and type "passwd root"

my question is what might break when you set the root password?

also/ what happens if you set the password on the zaurus user?
Logged
Gemini 4G/Wi-Fi owner, formerly zaurus C3100 and 860 owner; also owner of an HTC Doubleshot, a Zaurus-like phone.

SwiftOne

  • Newbie
  • *
  • Posts: 5
    • View Profile
Securing A New C3000
« Reply #2 on: March 14, 2005, 06:05:16 pm »
Quote
just ssh into it as root, and type "passwd root"

That tells me _how_ I can do something, not _what_ I should do.    What's currently open?  What's currently open that should be closed?  

Although I am curious to see what gotcha's exist about closing any of this.
Logged

bluedevils

  • Hero Member
  • *****
  • Posts: 1284
    • View Profile
    • http://
Securing A New C3000
« Reply #3 on: March 14, 2005, 07:46:26 pm »
"netstat -a" while you are connected to a network should tell you what services are listening (open).  You could also install iptables and setup a tight firewall.
« Last Edit: March 14, 2005, 07:46:52 pm by bluedevils »
Logged
I'm now an iphone user and use my zaurii as serial terminals, perl and shell scripting and when I need 640x480 screens

sl-c3100/pda cacko 1.23 | sl-6000l/needs battery | sl-c760/server pdaxrom rc12 | Former sl-5500/tkcrom owner (sister's birthday gift)

speculatrix

  • Administrator
  • Hero Member
  • *****
  • Posts: 3707
    • View Profile
Securing A New C3000
« Reply #4 on: March 15, 2005, 05:06:06 am »
Quote
"netstat -a" while you are connected to a network should tell you what services are listening (open).  You could also install iptables and setup a tight firewall.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=70681\"][{POST_SNAPBACK}][/a][/div]

So, basically, lock down networked ports to stop stuff coming in.

If you're not sure about putting passwords on accounts, then put your public ssh key into the authorized_keys files for each user, then change the sshd config to not allow plain text passwords, that way the lack of passwords doesn't matter... also, you can put specific users into the sshd config which are allowed to login, and thus prevent attempting to log in to the Zaurus account for example.

Don't forget to save a copy of the old config files first.
« Last Edit: March 15, 2005, 05:06:45 am by speculatrix »
Logged
Gemini 4G/Wi-Fi owner, formerly zaurus C3100 and 860 owner; also owner of an HTC Doubleshot, a Zaurus-like phone.
Pages: [1]
← previous next →