On 2023-04-26, jonathon575 <jonathon575@protonmail.com> wrote:
> The services in the file rc.conf are kept in its default state which is mostly disabled. the binary files sshd, portmap, ntpd are deleted from the /bin directory. Other binary files telnet, ssh, scp, sftp are removed to prevent any file transfer from the firewall to the LAN network.
That is pointless, if an attacker is on the system they can use shell
built-ins to write new binaries to disk. Better keep the tools which you
need to maintain and administer the system.
You talk about IDS/IPS a few times. Software doing that is often pretty damn
scary and often runs with high privileges. I would be way more concerned
about running that than say sshd.
--
Please keep replies on the mailing list.
No comments:
Post a Comment