I have a few questions and if anyone has answers I would appreciate the help.

1. I have been told the RAQ4 I use is vulnerable and needs to be more secure. Can someone give me some pointers on how to make this a more secure box?

2. I want to turn off telnet, is openSSH the product to use to replace telnet or is there something better?


I have been researching the above on the web and then I came here.


Alexx

You can get the updates from the cobalt.com site - although they are generally pretty old. I would get all those (be sure and update through SSH, not the web client). Use the openSSH package provided by uh...pkgmaster.com I believe. Then be sure and turn off telnet. You can also update things manually, but be warned it can break the cobalt pretty easily...

There was a recent package (late 2002) with SSH from cobalt that had to be uninstalled. Is this related to the OpenSSH ?

The RAQ is updated to the most recent updates.

I want to make it more secure before I start to use MySql and ASP.


Alexx

First, install all patches available at the SunSolve site. Install them from the bottom of the page to the top - they are listed newest-first, but the oldest patches need to be installed first.

The RaQ 4 patch page is at http://sunsolve.Sun.COM/pub-cgi/show.pl?target=cobalt/raq4.eng&nav=patchpage

Second, yes, install SSH. Both www.pkgmaster.com and www.solarspeed.net have free PKGs you can install through the UI. Having telnet enabled isn't inherently insecure -- there aren't any known exploits for it -- but if you use it, there is the chance someone can sniff your password or data since it's sent in clear text. Same for FTP -- if you install SSH, you get a secure replacement (scp).

The SHP (Security Hardening Patch) you refer to that had to be uninstalled added port scanning detection like the RaQ 550 has (and like the Qube 3 has in the Adaptive Firewall). Sun has never released an official SSH for RaQ 4.

There are lots of things you can do to harden your RaQ: install an ipchains firewall and block non-essential ports. Install chkrootkit, a log-analyzer, fcheck/tripwire, etc.

For MySQL read the security stuff on their site -- make it only answer to queries from the RaQ itself (no open MySQL port to the world) unless necessary. Set proper permissions for users, etc.

For ASP, get the 3.6.2 upgrade from ftp.chilisoft.com (_after_ you install all the Sun patches).

Any general Linux security site info will be relevant for the RaQ....

follows Bruce's advices; my additional 5 cents: don't give shells to customers
disable SNMP (unless you need it for MRTG)
monitor perl/cgi scripts customers are installing (bad code is exploitable, e.g. the old FormMail.pl script)
restrict PHP with safe_mode = on and with open_basedir = "." in /etc/httpd/php.ini
Best regards

Thanks for all the info.

I have installed SSH on the server. How do I access this so I can learn to use it?

I am avoiding ASP, MySQL and PHP till later. One thing at a time.

Alexx

I have installed putty on my comp.

Hopefully there will be a manual or something with this that I can use.

Alexx

Good! With PuTTY you'll have an SSH shell access for hacking into your configuration files. But sorry, don't expect to get help here on how to use the command line :-)

Regarding security, if you have all updates installed and don't use ASP, MySQL and PHP, you're pretty much set.

Best regards