On Friday, January 21, 2011 02:35:11 pm m.r...@5-cent.us wrote:
> I have a friend with several RISC 6000's, and of course his MicroVAX. You
> had a PDP-8? When I was taking an o/s class in the mid-eighties, I was on
> a PDP-11/780. *Nice* machine, running RSTS, I think it was.

Hmm, I wonder....nope, simh isn't in EPEL 5 or 6 yet (it's available for F14).  
See simh.trailing-edge.com and you'll see why I mention it.... I used simh's 
MicroVAX module to rescue some disk images from the VS4000's we have (they are 
controllers for our 7,000 pound 20x20 microdensitometers used for photographic 
plate scanning; see http://www.pari.edu/library/apda/rooms/ for a little bit of 
info about what they're for).

We want to replace the VS4000's with Linux box(en); since the interface to 
GAMMAs I and II is CAMAC-over-SCSI plus IEEE-488-over-RS-232 (CAMAC for the 
digitizer ADC and GPIO; IEEE-488 for the Agilent/HP laser interferometer servo 
system for the platen drive), I'm considering using the SGI box to control 
them; if not the SGI box, any generic CentOS box with RS-232 or IEEE-488 and a 
SCSI adapter will work.  (GAMMA = Guide star Automatic Measuring MAchine; used 
at Space Telescope Science Institute (STScI) to generate the guide star catalog 
for use with Hubble, as well as for generating the one arcsecond digitized sky 
survey 102 volume CD set.

> Have you looked into Bastille Linux? It's not a distro, it's a set of
> scripts to harden a system.

Yes; I have tried it out, but it's just another one of those things that I 
periodically look at and say 'I need to be doing that....'  I think the first 
time I looked at it was back before RHEL3, maybe in the RHL7.2 timeframe.  It's 
on the list; somewhere between 'Implement PacketFence (implies writing a module 
for Cisco Catalyst 5500 and Cisco 7600 and Catalyst 8540 and Catalyst 2948G-L3 
and the other old but working oddball Cisco switches and routers in my 
network)' and 'Implement IPv6 (once the ISP gives me the prefix)'.  That is, 
pretty high up the list, just not in the execution queue yet.

> <snip>
> > about it, too.  Now I don't allow outbound port 22 to just anywhere (among
> 
> Ah, no. When I've had a home network with the old machine running, the
> *only* place it would accept ssh from was the inside NIC.

That's the point; it was an outbound *to* someone else's port 22 brute-forcer.  
I can count on one hand the number of people who have come here and had me add 
their server to the 'outbound to port 22' permit ACL on the Cisco border 
router(s).  That way, even when someone gets in, they can't get out, at least 
not on that port.  Yeah, I said when, not if.  Someone at some point in time 
will get in; when that does happen I want to try to mitigate the potential for 
damage.

That is, since I know I cannot possibly prevent all ingress attempts, I can at 
least make the success as useless as possible.  That's part of the reason 
PacketFence is high on my To Do list.
1 PARI Drive
Rosman, NC  28772
http://www.pari.edu
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to