| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Hardening YubiRADIUS, what services can be off? https://forum.yubico.com/viewtopic.php?f=29&t=976 |
Page 1 of 1 |
| Author: | nzkiwi68 [ Wed Feb 27, 2013 1:18 am ] |
| Post subject: | [QUESTION] Hardening YubiRADIUS, what services can be off? |
We'd like very much to harden our YubiRADIUS server and at the very least, turn off all the services that are not required. Using Webadmin: "System" - "Boot and Shutdown" Quote: Can support tell us EXACTY what services are required for YubiRADIUS to function? Then, I can go through and switch to "Start at boot time" - "No" for the rest of the services. There seems to be a large number of services that are not required which are running, e.g. * bluetooth * cpufrequtil * cups * fancontrol * kerneloops * loadcpufreq * nfs-common * nfs-kernel-server * rsync * samba * slapd (if your not going to use the built-in LDAP server) * smartmontools |
|
| Author: | ronsdavis [ Wed Feb 27, 2013 9:51 pm ] |
| Post subject: | Re: [QUESTION] Hardening YubiRADIUS, what services can be of |
Bump. I'd like to see the appliance as hardened as possible. There is really no reason to have anything unnecessary running, especially considered this is a security appliance. Let's not let it get hacked due to some stupid bug in a package that was inadvertently installed and left running. |
|
| Author: | kore [ Mon Mar 04, 2013 7:54 pm ] |
| Post subject: | Re: [QUESTION] Hardening YubiRADIUS, what services can be of |
Agreed, there's really no reason to even have all these things installed. I would like to see a minimal debian installation as base and then only the services needed installed. |
|
| Author: | nzkiwi68 [ Tue Apr 02, 2013 3:14 am ] |
| Post subject: | Re: [QUESTION] Hardening YubiRADIUS, what services can be of |
Can we please have an answer? |
|
| Author: | GregL [ Wed May 15, 2013 3:19 pm ] |
| Post subject: | Re: [QUESTION] Hardening YubiRADIUS, what services can be of |
I concur. The documentation says, "we are limiting automatically starting services to only those needed for YubiRADIUS authentication." However, I'm having a hard time understanding how or why several of these services are needed and are running. Some clarification on the policy and why these service are not disabled would be greatly appreciated. |
|
| Author: | GRS [ Fri Jan 09, 2015 4:49 am ] |
| Post subject: | Re: [QUESTION] Hardening YubiRADIUS, what services can be of |
As YubiRADIUS is no longer being maintained, you should check out GreenRADIUS – Yubico Edition. GreenRADIUS is built from YubiRADIUS by the original developers, but is being carried forward by Green Rocket Security, a Yubico partner. It is kept current with the latest updates, taking care of issues such as Heartbleed, Shellshock, and POODLE. In addition, the server has been hardened specifically to remove unneeded services out of the box so you don’t need to. Services such as cups for printing, Samba for Windows file sharing, and NFS tools for accessing NFS shares are not included in the VM. Check out the GreenRADIUS hardening page to see how the server is hardened out of the box, and check out the latest security updates to the server here. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|