[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [Raq3i] securely using rpc.statd and otherrpc services
- Subject: Re: [cobalt-security] [Raq3i] securely using rpc.statd and otherrpc services
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sat, 4 Nov 2000 22:49:15 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 4 Nov 2000, Theodore Jones wrote:
> Gossi,
>
> Very cool suggestions. ipchains is not too difficult or dissruptive to a
> RaQ3i's customized setup? Do you have to recompile the kernal or anything?
Theo,
No need to recompile the kernel or mess around with anything. Its a case
of grabbing the source, doing ./configure; make; make install (it just
places a single binary in /sbin). I'm thinking of making a few .pkg files
for things like ipchains, as I'm sure people might like them.
The only thing to be careful of are ipchain rules - for example, I
recently messed up a rule on owned.lab6.com, and firewalled the whole
internet out. I had to wait over the weekend for somebody at the isp to
reboot the box :(
Nowadays I just have a crontab job to flush the rules out while I'm
testing stuff, so if I do make a similar mistake, I just have to wait for
the crontab job to kick in..
Gos.