On 08 Jun 2001 12:14:40 -0500, [EMAIL PROTECTED] wrote:
>
> Security Objectives
>
> [5.2.11]
> Objective: Configure access control for services using tcpwrappers
> The candidate should be able to: Configure tcpwrappers to allow
> connections to specified servers from only certain hosts or subnets.
> Includes tools and files such as:
> * inetd.conf, tcpd
> * hosts.allow, hosts.deny
How about xinetd?
> 3.4.1 Configure ipchains to set up ip masquerading.
> 3.4.2 Use ipchains redirect to send input packets to IP servers
> 3.4.4 List firewall rules on a chain using ipchains.
I know iptables is still relatively new, but it addresses SNAT and DNAT
(source and destination)
as well as MASQUERADING. This maybe the first cross-over to the iptables
rules.
In 3.4.2, are you looking at port forwarding, or more of a load
balancing issue?
I would assume that its load balancing based on the plural of servers.
This task may need to be reworded for better understanding.
> 3.7.1 Set up secure anonymous ftp server for web host clients
> 3.7.2 L1 Change the /etc/ftpaccess file to include the DENY keyword.
The appears to be based on wu-ftp configuration. Are we looking at other
packages as well?
This may affect exactly what files are used, and therefore the wording
of the tasks.
> 6.3.1 Disable logging on as root by changing the /etc/ssh/sshd_config by
>entering DenyGroup root
Also look at other forms of root "denial" including:
/etc/nologin
/etc/securetty
or were these included in LPIC I (I cant remember?)
Regards,
Jonathon
--
This message was sent from the lpi-examdev mailing list.
Send `unsubscribe lpi-examdev' in the subject to [EMAIL PROTECTED]
to leave the list.
