home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 15.8 UUCP Over Networks Chapter 15
UUCP
Next: 16. TCP/IP Networks
 

15.9 Summary

Although UUCP can be made relatively secure, most versions of UUCP , as distributed by vendors, are not. If you do not intend to use UUCP , you may wish to delete (or protect) the UUCP system altogether. If you are not running UUCP , check the permissions on the uucppublic directory, and set them to 0.

If you do use UUCP :

  • Be sure that the UUCP control files are protected and cannot be read or modified using the UUCP program.

  • Only give uucp access to the directories to which it needs access. You may wish to limit uucp to the directory /usr/spool/uucppublic .

  • If possible, assign a different login to each UUCP site.

  • Consider using callback on your connections.

  • Limit the commands which can be executed from off-site to those that are absolutely necessary.

  • Disable or delete any uucpd daemon if you aren't using it.

  • Remove all of the UUCP software and libraries if you aren't going to use them.

  • Be sure to add all uucp accounts to the ftpusers restriction file.