RE: Looking for..............

Ronneil Camara Wed, 25 Apr 2001 20:17:07 -0700
I would suggest you turn off unnecessary services in inetd.conf. Also
install a program that check file checksums. Go to security sites to look
for vulnerabilities and solutions. With 6.2, hmmm, upgrade to the latest
BIND. Or if that box will not run as a nameserver, you might as well not run
it. Apply patches. Compile a new kernel to make it as thin as possible.
Correct the perms. SUIDs and so on.

chown root /bin/su
chgrp wheel /bin/su

or chown root.wheel or root:wheel /bin/su
chmod 4750 /bin/su

then edit /etc/group, add your name in wheel group. So only your name will
be able to su. :-)

IPchains? It's cool, but to create a secure rulebase, it's long.

Why not run freebsd or openbsd then install IPfilter on it. I tried sending
an oversized fragmented ip packets to linux, freebsd and winnt, only freebsd
survive.

Yeah, it reminds me of something. Anyone got a solution on checkpoint fw-1
2000 running on linux or winnt that when hit by oversized fragmented ip
packets, everything stops, no keyboard, not even CAPS lock, no mouse, it's
like it's OFF. I tried "fw ctl -debug buf" to both o.s., it helped linux but
it was still terribly slow. But with WinNt SP6a, it's still frozen. No logs
are being logged by checkpoint. I hope you can help me with this.

> -----Original Message-----
> From: DSC coria fernandez jose antonio
> [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 25, 2001 7:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Looking for..............
> 
> 
> 
> well, the linux net that im admin, was hack. im trying to use 
> some tools
> that help me to control the access.
> 
> i would like to  use ipchains like a firewall and that let me 
> shared the
> ip with the workstation (ie. like ipforward)
> 
> for the ipchains machine i did the next:
> 
> i installed a red hat box ver. 6.2 with five partitions.
> 
> /       
> home
> usr
> var
> swap
> 
> and i selected the follow options:
> 
> -multimedia support
> -networked workstation
> -network managament workstation
> -development
> -kernel development
> -utilities
> 
> i would like test the ipchains if its working,
> some suggestions?
> 
> 
> thanks a lot
> 
> Jose A.       
> 
> 
> 
>  
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>    
> 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: Looking for..............

Reply via email to
