[NCLUG] Two easy? security questions...
dobbster
dobbster at verinet.com
Mon Sep 4 23:53:20 MDT 2000
> > > http://www.linux-firewall-tools.com has more info, including an automated
> > > firewall script generator.
> > >
> > > The fine folks over at tummy.com also have IsinGlass, which works quite
> > > nicely: http://www.tummy.com/isinglass
> >
> > Thanks... I'll check both of these places out. It sounds as if some
> > of these tools might provide me additional protection.
> >
> > I do have ipchains configured into my kernel already. Where would I set
> > the deny rule? (inetd.sec?)
>
> No, you set the rules in another file; you can really do it anywhere you
> want; I use to do it in /etc/rc.d/rc.local on my RedHat system, and now I
> have rc.local call rc.network, which sets up some virtual interfaces, and
> also calls rc.firewall, which has all my rules in it.
>
> If you use linux-firewall-tools.com, you'd place the output from the
> website in a firewall like rc.firewall; if you use isinglass, they
> probably have a procedure documented.
I checked out isinglass and I am experimenting with it on a test
system. Evidently I have a lot of reading to do. :-)
Since my server doesn't use IMAP, couldn't I just remove it from the
/etc/inetd.conf and thus at least avoid that port?
Thanks for all of the help...
Mark (dobbster at verinet.com)
More information about the NCLUG
mailing list