Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
howto:hardening [2012/03/06 22:10] – [Disable Plain Text Protocols] - removed repetitive step from instructions magikh0ehowto:hardening [2012/03/06 22:34] – [Disable Plain Text Protocols] - added logging section magikh0e
Line 5: Line 5:
 ===== Identifing your version of Synchronet ===== ===== Identifing your version of Synchronet =====
  
-Use of this document requires you to know which version of the software you are using. To identify what version of Synchro you are using follow these steps:+Use of this document requires you to know which version of the software you are using and ensuring you are using the most up-to-date version available for your operating system. If you are not using the latest available verison, see [[http://wiki.synchro.net/install:win|Win32]] or [[http://wiki.synchro.net/install:nix|Unix]] installation instructions.
  
-On linux run: exec/sbbs - The version will be listed on the first line.  +To identify what version of Synchro you are running: 
-On Windows: TODO+**Linux**: exec/sbbs - 
 +**Windows**From the //Synchronet Control Panel//, Select **Help->About...**.
  
 +To check the latest available version of Synchro: [[http://synchro.net/download.html|Synchro Download]]
 ===== Why Harden My Server ===== ===== Why Harden My Server =====
 An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include;
Line 87: Line 89:
     * If you only play to send mail on your BBS     * If you only play to send mail on your BBS
       * SendMail        * SendMail 
 +
 +=== Logging ===
 +**Unix**: [[config:nix#logfacility|Setup Synchro to log to a specific file]]
 +
 ===== Hardening Suggestions for 3.16: ===== ===== Hardening Suggestions for 3.16: =====
  
-  * Passwords should not be echo'd to the log/console 
-     * Set SCFG->System->Toggle Options->Echo Passwords Locally to "No". 
-     * Alternatively, ensure the log/console is not accessable by untrusted users.  Since passwords are stored in plain text, having them also in the log or on the console is not an increase in attack surface if this precaution is taken. 
-  * Disable passwords being sent in emails 
-     * Set email_passwords=false in the [login] section of the ctrl/modopts.ini file 
   * Disable Showing Version information to clients   * Disable Showing Version information to clients
-     * text/answer.wip (Line: 15, @VER@)+     * text/answer.wip (Line: 15, //**@VER@**//)
  
 Things to Investigate: Things to Investigate:
  
-@NUMDIR@ - JS_VER - LIB LIBL - LN - MSG_LIB - SOCKET_LIB +//**@NUMDIR@**// //**@JS_VER**// //**@LIB LIBL**// //**@LN**// //**@MSG_LIB**// //**@SOCKET_LIB**// 
  
  

Trace: