3 Things in Linux you should NOT Install

While I’m all for promoting the use of Linux and software on Linux, unless you absolutely know what you’re doing, there are certain things you should not install. Entirely too often, I see people on LinuxQuestions.org asking how to configure one of these or why they will not work. So, in no particular order, 3 Things you should NOT Install:

  1. RedHat 9. For that matter, you should not install any of the “classic” RedHats. They’re old and outdated. If you want commercially supported, look at RHEL. For free RedHat-like distributions, look at CentOS (Server) and Fedora Core (Workstation). If you run a RedHat 9 server that faces the internet, there is a good chance you will get rooted. It is NOT supported for security or otherwise.
  2. Telnetd. [Edit: several people have pointed out that I did not make it clear if I meant the server or the client.  The telnet client is quite useful, it is the server that introduces many security concerns.] Telnet is unencrypted and unsecure. Would you send your credit card number over an unencrypted link? Then why send your passwords? SSH can do everything Telnet can, and more. SSH can do file transfers, encrypt other connections, compress your data stream, and allow you to connect without typing a password. Oh, and there are SSH clients for just about every system on earth, so no worries about incompatibilities.
  3. rsh, rlogin, etc. The authentication mechanisms in rsh and rlogin can easily be defeated. Oh, and they use plaintext too, so everything that applies to Telnet applies here as well.

I can think of several more items, but these are the biggest for security. And while you’re configuring the SSH server, don’t forget to turn root logins off with “PermitRootLogin no”.

Advertisements

4 Responses to 3 Things in Linux you should NOT Install

  1. Jeqq.com says:

    3 Things in Linux you should NOT Install

    While Im all for promoting the use of Linux and software on Linux, unless you absolutely know what youre doing, there are certain things you should not install. Entirely too often, I see people on LinuxQuestions.org asking how to configure one of th…

  2. jdhore says:

    #1: I agree…RH is very out of date and if you’re still running it, you REALLY need to migrate to RHEL, CentOS or FC.
    #2: I don’t completely agree here because i use 3 or 4 servers that only have telnet access…I would never run a telnet server on any system i run and i avoid using it if possible, it’s good to have a telnet client just in case though.
    #3: rsh isn’t really used anymore because unlike telnet, all rsh is is basically an insecure version of SSH.

  3. DannyB says:

    Having a Telnet client can be very handy. Especially for manually typing, say, the SMTP protocol, POP3, or HTTP.

    But I agree you should NEVER even INSTALL, let alone run, the Telnet server. On both SuSE (which I’ve used for years) and Ubuntu (used about a year), installing SSH is trivial. Just install it.

    Do you use Windows? Try the nifty drag-drop WinSCP gui to copy files to/from your SSH Linux box.

  4. drew says:

    All absolute things I never run. But then again, a good idea to keep in mind is, if it’s not needed to keep the machine or services you serve to others on the outside world, don’t run them. Some systems by default have samba, telnet, finger and a whole slew of daemons or services by default. Eliminate these if they’re not going to be used.

    And as for telnet being a backup, still not a good idea. There’s too many tools available if ssh or any other access isn’t available and the machine is remote. Most colocations and or data centers have on call support and if you’re running a production enterprise environment, there’s no reason to not have some type of console access either via remote kvm, builtin remote management console capability or some third party tool or hardware like Cyclades for console access when ssh, networking or the like is not up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: