Security for a first timer

[James Wilkinson]

Greg Lobring wrote:
> It is a standalone machine, and is not acting as a server/gateway or
> anything else. Its connected to my router at home, but only to give it
> Internet access.
> 
> And I'm not too sure what NFS even is....

Network File System, originally from Sun, way back when. It's roughly
similar to Windows file sharing. It's the standard way of sharing
filesystems between Unix and Unix-like computers over a local network.
Unlike FTP, rsync, or other protocols, NFS mounts a directory structure
from another computer into your own filesystem tree, making it look as
though it's a part of your computer.

It also has historically had a number of security weak points.

There are a few situations where you might want to NFS mount a
filesystem that's been exported from your own computer: given the right
software, it's one way of implementing a filesystem completely in
user-space. But you'd know if you needed it for that.

Since you don't have any other computers on your network, disable it.

You should also consider completely uninstalling anything you're sure
you aren't going to use. For example, sendmail is installed setUID root,
and has had a history of security problems. This means that if an
attacker can get access as a normal user, and is aware of a
vulnerability in sendmail that you haven't patched yet, then he or she
may be able to use sendmail to get root privileges.

James.

-- 
E-mail address: james |    "Just for once, I wish we would encounter an
@westexe.demon.co.uk  | alien menace that wasn't immune to bullets..."
                      |     -- The Brigadier, 'Doctor Who'