[mythtv-users] Security concerns for my myth box
kuphal at dls.net
Thu Dec 16 00:54:03 UTC 2004
Craig Partin wrote:
>After reading the post about the poor soul who's box was rooted, it
>got me to worrying about my own. Right now I feel pretty safe with
>the box behind a NAT hardware firewall. I do want to open some ports
>for SSH and HTTP connections and wonder what security considerations I
>might be missing.
>The myth user is logged in with sudo passwordless renice access.
>Services are run as root and the frontend and X are setuid root. It's
>a basic gentoo install with no additional security related tweaking.
>openSSH, MySQL, and Apache2 are the only network daemons running.
>What security measures do others have in place?
Since I have a Windows machine on my net I only open the RDP port to
allow remote desktop access to my Windows box and then access everything
else on my net from there. In a Linux only environment I would only
open SSH as you can tunnel anything else you need through that SSH
connection like HTTP, X, or others.
More information about the mythtv-users