[H-GEN] Just finished installing a new server, now looking at things to lock it down.

Greg Black gjb at gbch.net
Wed Aug 10 03:33:27 EDT 2005


On 2005-08-10, Ewan Edwards wrote:

> Before putting it into production as an ftp server, I was wondering 
> about removing some of the user accounts in the /etc/passwd 
> (& /etc/shadow) file.  There are a few that don't seem to be of any 
> use at all. eg: news, games, gopher, smmsp, nscd, etc.
> 
> Is this sort of thinking okay, or somewhat unwise?

The rule here is: if you need to ask, then leave them alone.

The longer answer is that the accounts that are delivered with
the system mostly have a reason for being there, even if it's
not apparent and you may break stuff if you delete them.  And,
when it comes time to upgrade, the new system will have restored
them, so you have to go through all that again.  This is not
good use of your time.

As for locking down your system, the basic rules are easily to
be found in any of the security books and websites.  But the
obvious stuff is to use a firewall to protect as much as you
can; to turn off services that you don't need (or to only allow
them internally); to ensure that all accounts with passwords
(which none of the system accounts should have, except root)
have strong passwords; and to keep your system fully patched
against all security advisories that come out for it.

Cheers, Greg




More information about the General mailing list