[e-smith-devinfo] AntiNimda contrib RPMS.

Fri, 21 Sep 2001 10:46:59 -0700 

I've released a couple of contrib RPMS to help counter propagation of
the Nimda worm at least via IE5/5.5 vulnerabilities.

The RPMS do two things:

1) They block any attempts to access "readme.eml" files via any
   browser using the proxy server on e-smith/SMEServer v5.0.

2) They reject any attempts at outbound web traffic (TCP port 80) via
   the e-smith/SMEServer v5.0 without configuring web browsers to use
   the proxy.

There are two RPMS which I've released, one for use on e-smith 4.1.2
servers, and one for use on SMEServer v5.0 servers:

SMEServer v5.0:

   
ftp://ftp.e-smith.com/pub/e-smith/contrib/AdrianChung/RPMS/noarch/Mitel-ProxyDenyReadmeEML-1.1.0-04.noarch.rpm

e-smith 4.1.2:

   
ftp://ftp.e-smith.com/pub/e-smith/contrib/AdrianChung/RPMS/noarch/e-smith-proxy-4.2.0-05antinimda.noarch.rpm

To install them, simply download them to your server, and execute:

   rpm -Uvh e-smith-proxy-4.2.0-05antinimda.noarch.rpm

       or

   rpm -Uvh Mitel-ProxyDenyReadmeEML-1.1.0-04.noarch.rpm

Then:

   /etc/e-smith/events/actions/proxy-conf
   /etc/e-smith/events/actions/proxy-restart
   /etc/e-smith/events/actions/conf-masq
   /etc/e-smith/events/actions/restart-masq

To uninstall the RPMS and return your server to it's previous state,
take the following actions.

For SMEServer v5.0, simply remove the RPM, and re-run the above
commands:

   rpm -e Mitel-ProxyDenyReadmeEML-1.1.0-04.noarch.rpm
   /etc/e-smith/events/actions/proxy-conf
   /etc/e-smith/events/actions/proxy-restart
   /etc/e-smith/events/actions/conf-masq
   /etc/e-smith/events/actions/restart-masq

For e-smith 4.1.2, you'll need to retrieve the original
e-smith-proxy RPM from:

   
ftp://ftp.e-smith.com/pub/e-smith/releases/4.1.2/RPMS/e-smith-proxy-4.2.0-04.noarch.rpm

and do:

   rpm -Uvh --force e-smith-proxy-4.2.0-04.noarch.rpm
   /etc/e-smith/events/actions/proxy-conf
   /etc/e-smith/events/actions/proxy-restart
   /etc/e-smith/events/actions/conf-masq
   /etc/e-smith/events/actions/restart-masq

That's it!

--
Adrian Chung                               [EMAIL PROTECTED]
Senior Software Developer                      +1.613.368.4379
Network Server Solutions Group      Mitel Networks Corporation
    http://www.e-smith.com             http://www.mitel.com

--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org

Reply via email to