Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 9:56 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Wed Feb 27, 2013 1:18 am 
Offline

Joined: Sun Jan 06, 2013 8:22 pm
Posts: 8
We'd like very much to harden our YubiRADIUS server and at the very least, turn off all the services that are not required.

Using Webadmin:
"System" - "Boot and Shutdown"

Quote:
Can support tell us EXACTY what services are required for YubiRADIUS to function?


Then, I can go through and switch to "Start at boot time" - "No" for the rest of the services.

There seems to be a large number of services that are not required which are running, e.g.
* bluetooth
* cpufrequtil
* cups
* fancontrol
* kerneloops
* loadcpufreq
* nfs-common
* nfs-kernel-server
* rsync
* samba
* slapd (if your not going to use the built-in LDAP server)
* smartmontools


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Feb 27, 2013 9:51 pm 
Offline

Joined: Wed Feb 06, 2013 8:10 pm
Posts: 13
Bump.
I'd like to see the appliance as hardened as possible. There is really no reason to have anything unnecessary running, especially considered this is a security appliance. Let's not let it get hacked due to some stupid bug in a package that was inadvertently installed and left running.


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 04, 2013 7:54 pm 
Offline

Joined: Sun Mar 03, 2013 8:23 am
Posts: 3
Agreed, there's really no reason to even have all these things installed. I would like to see a minimal debian installation as base and then only the services needed installed.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 02, 2013 3:14 am 
Offline

Joined: Sun Jan 06, 2013 8:22 pm
Posts: 8
Can we please have an answer?


Top
 Profile  
Reply with quote  
PostPosted: Wed May 15, 2013 3:19 pm 
Offline

Joined: Thu Apr 21, 2011 9:03 pm
Posts: 14
I concur. The documentation says, "we are limiting automatically starting services to only those needed for YubiRADIUS authentication." However, I'm having a hard time understanding how or why several of these services are needed and are running.

Some clarification on the policy and why these service are not disabled would be greatly appreciated.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 09, 2015 4:49 am 
Offline

Joined: Fri Sep 12, 2014 4:36 am
Posts: 5
As YubiRADIUS is no longer being maintained, you should check out GreenRADIUS – Yubico Edition. GreenRADIUS is built from YubiRADIUS by the original developers, but is being carried forward by Green Rocket Security, a Yubico partner. It is kept current with the latest updates, taking care of issues such as Heartbleed, Shellshock, and POODLE.

In addition, the server has been hardened specifically to remove unneeded services out of the box so you don’t need to. Services such as cups for printing, Samba for Windows file sharing, and NFS tools for accessing NFS shares are not included in the VM.

Check out the GreenRADIUS hardening page to see how the server is hardened out of the box, and check out the latest security updates to the server here.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group