Detailed explanation of insecure Linux system programs and replacements

Linux has become more and more popular among computer users. As a result, many users may encounter insecure Linux system programs and substitution programs when learning linux, here we will introduce insecure Linux system programs and replacements. Here we will share with you.

WuFTD has been prone to security vulnerabilities since 1994. Hackers can easily obtain Remote root Access permissions, in addition, many security vulnerabilities do not even require a valid account on the FTP server. Recently, WuFTP also frequently experienced security vulnerabilities.

Its best alternative is ProFTPD. ProFTPD is easy to configure. In most cases, the speed is faster, and its source code is also relatively clean, with fewer buffer overflow errors ). Many important sites use ProFTPD. Sourceforge.net is a good example. This site has a total of 3,000 open-source projects, and the load is not small !). Some Linux Publishers also use ProFTPD on their main FTP site, and only two major Linux publishers, SuSE and Caldera, use WuFTPD.

Another advantage of ProFTPD is that it can run both from inetd and as a separate daemon. In this way, you can easily solve some problems caused by inetd, such as denial-of-service attack (denial of service attack. The simpler the system, the easier it is to ensure system security.

It is very difficult for WuFTPD to review all source code) or completely rewrite the code. Otherwise, WuFTPD must be replaced by ProFTPD.

Telnet
Telnet is very insecure. It uses plain text to send passwords. Its safe alternative is OpenSSH. OpenSSH is very mature and stable on Linux, and there are also a lot of free client software on Windows platform. Linux publishers should adopt the OpenBSD policy: install OpenSSH and set it to the default one. Install Telnet but do not set it to the default one.

For Linux Publishers not in the United States, it is easy to add OpenSSH to the Linux release. For example, Red Hat has the latest OpenSSH rpm package on the FTP server ftp.redhat.de in Germany ). Telnet is a hopeless program. To ensure system security, software such as OpenSSH must be used instead.

Sendmail
In the past few years, the security of Sendmail has improved a lot. Previously, it was usually a program that hackers attacked ). However, Sendmail still has a serious problem. In the event of a security vulnerability, such as a recent Linux kernel error, Sendmail is a program that has been attacked by hackers, because Sendmail runs with root permissions and the code is huge and prone to problems.

Almost all Linux publishers use Sendmail as the default configuration, and only a few use Postfix or Qmail as optional software packages. However, few Linux publishers use Sendmail on their own mail servers. Both SuSE and Red Hat use Qmail-based systems.

Sendmail is not necessarily replaced by other programs. However, its two alternatives, Qmail and Postfix, are safer and faster than it, and especially Postfix, is easier to configure and maintain than it.

Su
Su is used to change the ID of the current user and convert it to another user. You can log on as a common user. When you need to do something as root, you only need to execute the "su" command and then enter the root password. Su itself is no problem, but it will make people develop bad habits. If a system has multiple administrators, you must give them the root password.

An alternative to su is sudo. Red Hat 6.2 contains the software. Sudo allows you to set which user group can execute programs as root. You can also restrict the user's logon location. If someone breaks a user's password and uses this account to log on from a remote computer, you can restrict the user's use of sudo ). Debian also has a similar program called super, which has advantages and disadvantages compared with sudo.

Let users develop good habits. Using the root account and letting multiple people know the root password is not a good habit. This is why www.apache.org was infiltrated because it has multiple system administrators who have root privileges. A messy system is easy to intrude.

Named
Most Linux publishers solve this problem. Named was previously run as root. Therefore, when a new vulnerability occurs in named, it is easy to intrude into some important computers and obtain the root permission. Now, you only need to use some command line parameters to run named as a non-root user. In addition, most Linux publishers now allow named to run with the permissions of common users.

INN
The INN documentation clearly states that "disabling verifycancels is useless and will be removed ". About a month ago, a hacker released a method to intrude into INN when verifycancels takes effect. Red Hat sets verifycancels as valid. Any setuid/setgid program or network service program must be correctly installed and checked to ensure that security vulnerabilities are not found.

By introducing insecure Linux system programs and replacements, we hope you can learn more about Linux.

1. New prospects for Linux
2. Detailed introduction to Linux grep commands
3. How to obtain the file size in Linux
4. Introduction to Linux folders
5. Easily install Flash Media Server in Linux