Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howto:hardening [2012/03/06 22:10] – [Disable Plain Text Protocols] - removed repetitive step from instructions magikh0e | howto:hardening [2012/03/06 22:34] – [Disable Plain Text Protocols] - added logging section magikh0e | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Identifing your version of Synchronet ===== | ===== Identifing your version of Synchronet ===== | ||
- | Use of this document requires you to know which version of the software you are using. To identify what version | + | Use of this document requires you to know which version of the software you are using and ensuring you are using the most up-to-date |
- | On linux run: exec/sbbs - The version will be listed on the first line. | + | To identify what version of Synchro you are running: |
- | On Windows: | + | **Linux**: exec/sbbs -h |
+ | **Windows**: From the // | ||
+ | To check the latest available version of Synchro: [[http:// | ||
===== Why Harden My Server ===== | ===== Why Harden My Server ===== | ||
An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; | An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; | ||
Line 87: | Line 89: | ||
* If you only play to send mail on your BBS | * If you only play to send mail on your BBS | ||
* SendMail | * SendMail | ||
+ | |||
+ | === Logging === | ||
+ | **Unix**: [[config: | ||
+ | |||
===== Hardening Suggestions for 3.16: ===== | ===== Hardening Suggestions for 3.16: ===== | ||
- | * Passwords should not be echo'd to the log/console | ||
- | * Set SCFG-> | ||
- | * Alternatively, | ||
- | * Disable passwords being sent in emails | ||
- | * Set email_passwords=false in the [login] section of the ctrl/ | ||
* Disable Showing Version information to clients | * Disable Showing Version information to clients | ||
- | * text/ | + | * text/ |
Things to Investigate: | Things to Investigate: | ||
- | @NUMDIR@ - JS_VER - LIB LIBL - LN - MSG_LIB - SOCKET_LIB | + | //**@NUMDIR@**// - //**@JS_VER**// - //**@LIB LIBL**// - //**@LN**// - //**@MSG_LIB**// - //**@SOCKET_LIB**// |