[TriLUG] Securing Lpd (TCP Port 515)
burnett at pobox.com
burnett at pobox.com
Fri Jun 14 09:34:41 EDT 2002
On Fri, 14 Jun 2002, Jeff Bollinger wrote:
> Does anyone have any good recommendations on securing Lpd (Line Printer
> Daemon)? Being paranoid as I am, I only start lpd right before I have
> to print something, then shut it off immediately after I've finished
> printing. Is there a way to set lpd to *not* listen for connections?
> Why does it have to run as a daemon that makes connections on port 515?
> There should be a way to print without running the daemon, or run the
> daemon in a mode where it does not open a network socket. Any ideas?
On
http://www.cert.org/tech_tips/usc20_essentials.html
(near the bottom) I found:
"Prevent lpd and syslogd from listening for network connections if
possible. Caution should be exercised to ensure outbound connections are
still allowed if required for your system configuration. This may be
accomplished with command-line arguments and/or tcp_wrappers - refer to
your system's info or man pages.
Clear /etc/hosts.lpd if not required. If the host is a print server,
ensure that only fully qualified domain names are specified ie.
hostname.domainname. See 2.9 /etc/hosts.lpd"
(the "See..." links to
http://www.cert.org/tech_tips/usc20.html#2.9 )
Hope this helps,
Steve
--
Steve Burnett burnett at pobox.com http://www.pobox.com/~burnett/
System Administration Technical Documentation Information Retrieval
More information about the TriLUG
mailing list