[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] IPChains Tool
- Subject: RE: [cobalt-security] IPChains Tool
- From: "Eric Frisch" <ericf@xxxxxxxxxxx>
- Date: Fri, 20 Jul 2001 16:49:02 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You might try this tool, I use it on several machines and it is quite
flexible:
http://muse.linuxmafia.org/gshield.html
Get the "old version" for IPChains, new version is for IPTables and the 2.4
kernel. Personally I see no purpose in integrating with PortSentry or even
using it, just lock everything down except those public services required.
If your public web server becomes vulnerable and a cracker scans
directly/only for that vulnerability as they typically to, PortSentry or any
sort of host based dynamic rule tool will do nothing for you, just keep your
patches up-to-date. A separate IDS like Snort would be a better choice if
one has the resources. (This will probably start a religious debate, I
won't play, so you can make up your own mind up as to what is right for your
site.)
Be very careful with the rule definitions as you could easily lock yourself
out of the machine. Your only recourse would then be to connect a serial
console, login and fix the rules. You have been warned . . .
Eric
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Edward Cruz
> Sent: July 20, 2001 2:44 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] IPChains Tool
>
>
> Some weeks ago someone on the list (Carrie?) mentioned a tool for
> configuring IPChains. I would love to hear some more about using
> this tool,
> in particular with PortSentry...
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>