uname output ?
Mark Komarinski
mkomarinski at wayga.org
Mon Aug 19 13:30:30 EDT 2002
On Mon, Aug 19, 2002 at 12:26:12PM -0400, Derek D. Martin wrote:
> At some point hitherto, Mark Komarinski hath spake thusly:
> > > Which most security-concious admins still remove or zero as a matter
> > > of course. Why tell the net-at-large what holes to look for?
> >
> > Uhm...how can you tell the contents of /etc/issue from the net?
>
> Telnet to the machine would be one way (assuming you can). But you
> seem to be assuming that your attacker will not be on your network.
> 70% or more of reported computer crime is done from the inside,
> according to the FBI. I concur with Ben and Mike. Said so in a post
> that I managed to munge my from: address...
If the attacker is local, then they probably already know what
the distro and revision are, or can quickly find out without
resorting to looking at /etc/issue. The CDs labeled "Debian"
and "RedHat 7.3" on my desk are pretty good indicators. Maybe
I should store them in a safe? That Solaris 8 box should probably
go too.
This is a really strange discussion. You (collectively) want to know
what kind of distro you're running, but the tools you've been given
are security holes because they give the exact information you're
looking for!
> Note that at least on newer Linux systems, there's also an
> /etc/issue.net, which is what you see if you telnet to a machine.
> Some older Unix systems, IIRC, use /etc/issue for both purposes.
I remember writing about issue.net on Linux almost 5 years ago.
Solaris doesn't use issue.
-Mark
More information about the gnhlug-discuss
mailing list