Re: Xerox DocuTech problems

[uid0 () catastrophe net]

On Fri, 2002-05-17 at 14:50:08 -0400, J Edgar Hoover wrote...

; The laser printer is controlled by a dual-processor Sun Uitra 60
; running Solaris 8. The Scanner is controlled by an Intel box
; running Windows NT.

Some of thier older printers are running on a Sun Ultra 10. The same
problems exist, and you cannot patch the running lpd as it has been
hacked up by Xerox to work. When asking them for updates, we were
silently ignored for 3 months.

; So, they install it, first thing we do is ask what the root
; password is for the Solaris box. "Oh, no problem, it's
; "service!" -- it's the same for all of our machines."
; 
; WTF?  First thing I say is "We will want to change that."
; 
; "No, you can't. It will probably break things."

Actually it doesn't break anything, although the default configuration
sometimes leaves the console open without locking it for "ease of
use".

; Well, this puppy is WIDE OPEN like you wouldn't believe.
; Everything imaginable is running and listening, including such
; arcane services like sprayd.  Then I do a "rpcinfo -p" and see a
; shitload of unknown RPC services running. But best yet,
; showmount -e reveals numerous directories exported to the entire
; world, world writable!

Yes it is. The world writeable directories are for NFS shares. Why
this was done is prolly some throwback to 1994 or so.

; So, we lock the box down tight, installing ssh, disabling
; telnet, finger, echo, chargen, and other shit you wouldn't
; believe. Also installed security updates from Microsoft on the
; NT box.  Xerox comes in today and has a fit and starts to
; reinstall everything from scratch.

The most we could do, since we would have expired our warranty, 
was install IPF and just filter anything not required.

-#0