79.6 Insecure Packages

review

For security reasons the following should be avoided:

  • fingerd
  • ftp-server: Avoid encouraging users sending cleartext passwords.
  • ftp: Users will try to ftp to remote hosts and log in using clear text passwords. Run dsniff on the local machine as root to see that you can easily capture their passwords!
  • ftpd
  • netkit-rpc
  • nfs-common
  • nfs-kernel-server
  • nfs-user-server
  • portmap
  • rsh-client: Users will try to rsh to remote hosts and log in using clear text passwords. Run dsniff on the local machine as root to see that you can easily capture their passwords! The ssh package will install a replacement rsh.
  • rsh-server
  • rstart
  • rstartd
  • rusersd
  • rwalld
  • sendmail
  • talkd
  • telnet: Users will try to telnet to remote hosts and log in using clear text passwords. Run dsniff on the local machine as root to see that you can easily capture their passwords!
  • telnetd


Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0