3. Security Concerns

The installation of the LTSP software will enable some services that could make your system vulnerable to hack attempts.

The install script will modify the following files:

• /etc/exports An entry is added to allow machines in the 192.168.0.0 class-c to mount the /tftpboot/lts/ltsroot directory. Also, entries are added for other directories, but they are left commented out. They can only create a vulnerability if they are un-commented.
• /etc/bootptab A partial entry is created called .ltsp. An additional entry is created for workstation ws001 but it is left commented out.
• /etc/X11/xdm/xdm-config The 'DisplayManager.requestPort' entry is commented out, allowing remote workstations to get an XDM Login screen.
• /etc/X11/xdm/Xaccess The wildcard entry that starts with an asterisk '*' is un-commented, allowing remote workstations to get an XDM Login screen.
• /etc/hosts.allow Entries are added, allowing the following:
  • bootpd will be allowed to receive broadcase packets.
  • in.tftpd will be allowed to receive transfer requests from the 192.168.0.0 class-c.
  • portmap will be allowed to receive requests from the 192.168.0.0 class-c.
• /etc/rc.d/init.d/syslog This script is modified to allow remote clients to send syslog messages to the server.
• /etc/inetd.conf This file is modified to turn on the tftp daemon.
• /etc/inittab This file is modified to start the xdm process and the default run level is set to 5.
• /etc/rc.d/rc5.d/S11portmap This symbolic link is created so that the portmapper will start when the system enters runlevel 5.
• /etc/rc.d/rc5.d/S60nfs This symbolic link is created so that nfs will start when the system enters runlevel 5.