Removing telnet and finger?

Darryl Clarke smartssa at gmail.com
Tue Apr 19 01:36:01 UTC 2005


On 4/18/05, Rainer Gutkas <Rainer.Gutkas at kstp.at> wrote:
> >Well, there's a difference between the client and server apps >- I find
> >the telnet client to be as useful as netcat, although it's >limited it
> >will at least tell you quickly if a port is responding.
> >
> >So are you referring to "telnet" or "telnetd" ? "finger" or >"ffingerd|
> >xfinferd" ?
> 
> I looked like a bit silly when I read this, but this paper, which is refered from within the making debian secure guide - which URL I gut when I wanted to install harden apps - talks about both the server and the client app. So I also saw with synaptic that telnetd and fingerd are not installed. But this paper also talks about removing telnet and finger, because they should be a security risk, so it isn't further explained why, which is a bit a pitty.
> 
> So I stumbled over the paper by mistake, I was searching for papers concerning WPA encryption as I am writing a part about wireless security in my diploma thesis. And then I found this thing and read it with lots of interrest, because its somehow a hot time round here. My provider dosen't care about security at all, not even ssl login to download mails or sftp or ssh for the acces to my www-server account. And hacking is becoming popular round here, since in this crazy town nobody does care about internet security as it seems. Yesterday our fire police was hacked and false alarm was broadcasted,.... And as I was looking for a job the last time I got to know that all of my hometown is driving the craciest things on windows, the whole hospital, every firm, whole public system, etc. there seems not to be anyone but the view people (bout 10) from the local Linux User Group that know that there's something else than windows. So actually I found a job as developer for the moment, but I guess it's also time to prepare for the future and as I write a diploma thesis bout security issues and see whats going on round here I wanna learn more, much more bout that theme, because collaps of this windows crazyness is gotta come round here sometime and then I can choose whome to work for,.....
> Nevermind, so as everybody round here dosen't care bout security except for theit houses, I wanna be the exception, thats why I read that stuff and thats why I am asking if I could do demage with the task of uninstalling telnet and finger to my beloved Ubuntu....
> 

Lots of people are concerned about security.  Mainly the replies you
got were just looking to clairify what you meant.

Having an application installed (telnet, finger) is not a secuirty
risk. Since these tools are a part of the base system, you can't
really remove them (cleanly and easily). You can however limit user
access to them if you don't want mom & dad using them.  Having the
daemons (servers) running on your local machine is a security risk.
Telnet (server) is one of the most dreaded security holes ever; and
with that nobody ships a distribution with it enabled by default.

But you are right, very few ISPs will provide you with secure
connections. And that just sucks.

-- 
~ Darryl  ~ smartssa at gmail.com
http://smartssa.com / http://darrylclarke.com
International Clean Your Windows Day - April 22, 2005
http://pileofcrap.org/news/2096/




More information about the ubuntu-users mailing list