[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Security Questions / Request for Comments

Subject: Re: [cobalt-security] Security Questions / Request for Comments
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Wed, 10 Jan 2001 16:04:13 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

----- Original Message -----
From: "Rick Ewart" <cobalt@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, January 10, 2001 3:21 PM
Subject: [cobalt-security] Security Questions / Request for Comments

>1) If I have SSL enabled and am logging into the GUI via
>http://domain.com/admin - does Cobalt ask for my password through the
>SSL server, or is it plain-text?

It is secure, your password is encrypted.

>4) I installed iXplorer to do FTP type sessions through the SSH, but when
>logging in as admin, I cannot go above the admin user directory... Any
>ideas what I should do, or what alternate program would be better?

You cannot login as root, and admin is not an all-powerful root-type
account. Hence, you only have access to the admin user directory. If you
want to upload stuff to a specific web site directory, you have to create a
user admin and use that as your username/password when you FTP. If you want
to put stuff anywhere on the hard drive, you should first copy it to the
admin directory and SSH in and move it at the command line (more secure that
way).

>6) FrontPage posts sites as the user "nobody". In several of my sites, I
>have imported cgis into the site and post them to the site. In order to get
>my cgi's to work, I had to chown them to the site admin's username.

This is a problem with the way front page does business. My advice is not to
import CGIs into your front page webs. (use ftp to upload them).

>8) Do you bother to write to the ISP of attackers, asking them to take
>action against their hacker client?

Yes. Don't always expect any action.

>9) Anyone recommend a GOOD book on using linux

Cobalt products use Red Hat Linux, so be sure to pick up a title that
specifically addresses Red Hat. I purchased "Red Hat Linux 6 Unleashed,"
which I found pretty good because it covered in general a lot of different
areas, including apache, sendmail, bind, cron, etc. (ie most of the stuff
that comes with your cobalt). There's an updated version now, for red hat 7.

Happy Hacking :-)
Kevin

Follow-Ups:
- Re: [cobalt-security] Security Questions / Request for Comments
  - From: Jeff Lasman

References:
- [cobalt-security] Security Questions / Request for Comments
  - From: Rick Ewart

Prev by Date: [cobalt-security] Security Questions / Request for Comments
Next by Date: Re: [cobalt-security] Security Questions / Request for Comments
Previous by thread: [cobalt-security] Security Questions / Request for Comments
Next by thread: Re: [cobalt-security] Security Questions / Request for Comments

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index