Security Task List
From ArchWiki
Contents |
Security issues tracker
Intention
This page is here to track the status of security issues in arch.
Note:
* This page is not intended to track security holes. * This page is not intended to replace the bug tracker * This page is not intended to provide security guidelines. Another page may be created for this purpose
Note that Arch already use configuration files and templates respecting good security practices. In a standard installation, the only things you may want to add is a firewall or an antivirus.
The point of this page is to track small issues related to security and their correction.
Testing commands
Issues
Services
portmap
- Issue
portmap seems to be by default open to external interfaces
# netstat -lnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name ... ... tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5263/portmap ... udp 0 0 0.0.0.0:111 0.0.0.0:* 5263/portmap
Note : portmap is running as user 'bin'
- Solution
As there is no conf.d/portmap file, the solution is to update /etc/rc.d/portmap
stat_busy "Starting Portmap" [ -z "$PID" ] && /sbin/portmap -l
- State
Not reported
famd
- Issue
famd seems to be by default open to external interfaces
# netstat -lnp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name ... ... tcp 0 0 0.0.0.0:784 0.0.0.0:* LISTEN 5272/famd ...
- Solution
The solution is to update /etc/fam/fam.conf
local_only = true
- State
Not reported