Security Task List

From ArchWiki

Jump to: navigation, search

Contents

Security issues tracker

Intention

This page is here to track the status of security issues in arch.

Note:

* This page is not intended to track security holes.
* This page is not intended to replace the bug tracker
* This page is not intended to provide security guidelines. Another page may be created for this purpose

Note that Arch already use configuration files and templates respecting good security practices. In a standard installation, the only things you may want to add is a firewall or an antivirus.

The point of this page is to track small issues related to security and their correction.

Testing commands

Issues

Services

portmap

  • Issue

portmap seems to be by default open to external interfaces

   # netstat -lnp
   Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
   ...
   ...
   tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      5263/portmap        
   ...
   udp        0      0 0.0.0.0:111             0.0.0.0:*                           5263/portmap   

Note : portmap is running as user 'bin'

  • Solution

As there is no conf.d/portmap file, the solution is to update /etc/rc.d/portmap

   stat_busy "Starting Portmap"
   [ -z "$PID" ] && /sbin/portmap -l
  • State

Not reported

famd

  • Issue

famd seems to be by default open to external interfaces

   # netstat -lnp
   Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
   ...
   ...
   tcp        0      0 0.0.0.0:784             0.0.0.0:*               LISTEN      5272/famd  
   ...
   
  • Solution

The solution is to update /etc/fam/fam.conf

   local_only = true
  • State

Not reported

Personal tools