Re: [cobalt-security] FTP Scans

["Ed Morgan" <excalde@xxxxxxx>]

Hi Michael,

> They are in their rights to do so based on US law, but warranty in >Germany 
> for instance is a bit different and the customer has more >rights. But I 
> don't want to go deeper into that issue as it is of >little value.

First, let me point out that my point has less to do with the warranty, and 
more to do with logic. In my opinion, it is not wise to alter a system in 
areas that one has not taken the time to understand. By suggesting an 
addition of one line of code to a system, without knowing what ramifications 
that change will cause is not a wise thing to do.

> Amen to that, Ed. It is a good system they offer, but it doesn't help >much 
> that they sell it as an appliance for the point-and-click >community. After 
> all, it runs Linux and sooner or later any >administrator will have to look 
> under the hood and will have to tackle >with the underlying OS.

I agree. One of the primary reasons we went with the system is to build our 
knowledge of this system. While I like many points of the system, I do find 
Sun's support lacking in a number of areas.


> Yeah, but most of those problems could have been avoided by proper >RTFM. 
> The manpages for the different programs and tools are also a >good source 
> of information. And a lot of problems stem from the fact >that people don't 
> make use of the wisdom which is already available. >Just look at the 
> quality of question on the Cobalt Support Forum which >is available on the 
> website. Sometimes I can only shake my head and >wonder what's worse: The 
> quality of the questions, or the quality of >the answers from the 
> SUN/Cobalt staff which looks after the forum. Why >the forums sees the 
> worst of it is easy to imagine: You need just a >browser to get there, 
> while a mailing-list like this requires some >thinking on behalf of the 
> people who want to post. ;o)

Personally, I would like to see Sun expand the support area to include 
material that would explain how to locate things like log files, man pages, 
and such. When we first got the system we went entirely through the manual, 
and there is nothing regarding security or even the basic tasks the owner 
should do on a daily or weekly basis. Much of the useful information we have 
found has been through constant searches for information. This list has been 
very helpful, and I do appreciate the spirit of concern shown by those 
response to this thread. This is an ongoing learning process for us, and we 
are very aware of the risks.

> But back to the topic: If you ever want to give Ipchains a try, then >just 
> ask the people in this place for advice and options, which goes >beyond 
> what the manual says.

We have been reviewing a fair amount of information on IPChains, and do plan 
to start working with them soon. The expertise of those of you that are more 
familiar with Linux is always appreciated. I can guarantee when we have 
questions, they will show up here first.
I would like to make one point though. From the tone of some of the response 
on this thread, I get the impression that my point is not being understood 
as I had intended it. I am not saying IPChains are worthless, not to be 
used, or that making alterations is wrong. I am not as much concerned with 
the warranty, but it does come into play in my point. What I am saying is 
that I feel it is best to know what I am doing before I start the project, 
since doing almost anything to the RAQ will cost us if something goes wrong. 
As with most systems, there are no constants and adding a line to one system 
may have an entirely different effect on another. In some cases, this is not 
true. But it is possible, and I would rather avoid that, if possible. 
Especially considering there is no such thing as free support these days.

Regards,
Ed

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp