[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Advice on server



Sorry if this is off topic for this list, but I can't think of a better place to ask...

I'm currently in charge of a server that does DNS, web, & mail for a number of clients. These clients also use ftp & telnet, as well as postgresql. It's a Red Hat 6 box that I inherited from someone else, & it's been rooted twice now. Fortunately, the company has already approved purchase of a new rackmount box in order to move it to a colo facility in about 2 weeks, so I figure this is a golden opportunity to make it <ahem> somewhat more secure. Obviously, I'll start by installing OpenBSD rather than Linux. My questions for the list are as follows:

I can dump telnet for ssh without much trouble, but how do you get rid of the other cleartext services? I'm all for being a BOFH & telling the users they need to learn to use scp & that if their mail client doesn't use apop they should get one that does, but I doubt that the Big Boss is going to let me treat his clients like that.

<*nix newbie> I've considered giving each company one "ftp account" with shell set to /bin/false, but then they can't change their passwords without bothering me. Or can they? Is there some way I can allow a user with no shell to change his or her password? Is there an encrypted version of same with cross-platform client support? From a system-wide PoV this is probably fine with ftpd running -A, but it doesn't make their home dirs secure.</*nix newbie>

Is there free or cheap scp software out there for Macs & Windoze boxes that's easy to use? I'm sure I can get the Mac users to eventually figure out how to use the scp function in Nify Telnet SSH, but I'm not so sure the Windoze people will be able to figure out how to install the TeraTerm hackaround for scp, much less use it.

Does anybody know the current state of apop support in the major clients? I know Eudora supports it on Mac & Win & Outlook Express supports it on Mac, but last time I looked around that was about it.

Thanks,
-Kit
--


Kit Halsted Network Administrator, Blue Dingo/GB




Visit your host, monkey.org