Bonjour, J'ai install� Tiger sur mon PC pour r�duire le nombre potentiel de trous de s�curit�.
Je peine � colmater un trou de s�curit� avec nfs. Voil� ce qu'envoie Tiger par e-mail: From: "Tiger automatic auditor at bazooka.ascii-club.org" <[EMAIL PROTECTED]> Subject: Tiger Auditing Report for bazooka.ascii-club.org Date: Sat, 18 Sep 2004 14:00:07 +0200 # Checking listening processes OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 633 (UDP) on every interface. OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 636 (TCP) on every interface. OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 662 (UDP) on every interface. OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 665 (UDP) on every interface. OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 668 (TCP) on every interface. NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 629 (UDP) on every interface. NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 632 (TCP) on every interface. NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 658 (UDP) on every interface. NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 661 (UDP) on every interface. NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 664 (TCP) on every interface. J'ai modifi� /etc/hosts.allow comme suit pour �viter cela, mais en vain: # ALL: 127.0.0.1 smbd, proftpd, swat: 192.168.13. # NFS [EMAIL PROTECTED]: 192.168.13. [EMAIL PROTECTED]: 192.168.13. [EMAIL PROTECTED]: 192.168.13. # mise � jour de Debian par apt-proxy [EMAIL PROTECTED]: 192.168.13. #-- leafnode begin leafnode: 127.0.0.1 #-- leafnode end Voici �galement /etc/hosts.deny: ALL: ALL #-- leafnode begin leafnode: ALL #-- leafnode end Il y a aussi des r�gles iptables. Je voudrais que NFS ne soit accessible que par la carte r�seau � l'adresse 192.168.13.30 Quelqu'un a une id�e ? Merci par avance Jean-Pierre
