"J. Dow" wrote:
> Bastille?
SourceForge
Search
Require
All Words
Search results for
Bastille
Group Name
Description
Bastille-linux
Bastille Linux is a Hardening Program
which enhances the security of a Linux box, by configuring
daemons, system settings and
firewalling. It currently hardens Red Hat 6.0-7.1 and Mandrake 6.0-8
I tried this package after hacking up my own IPCHAINS firewall see earlier
post "hacking w ipchains & DNS"
(sorry - dont know how to include ref thats not a mailbox: link). I
basically wasnt sufficiently satisfied that
Id barred enough doors, so I pulled the encoded expertise of the
Bastille-Linux developers.
Features that sold me:
iptables based (for 2.4 kernels), which has better connection tracking than
ipchains( current RH default )
several pre-defined configuration templates
question-answer based customization ( via tk-gui )
its free :)
features that may be responsible for prob: (with decreasing likelyhood)
possibly added ulimits for users.
dropped -suid &or -x for some progs ( like ping )
> Check disk space with a "df" command. If any partitions are getting full
> "do something about it." That could be the problem you are seeing. Also
> check if ulimits are in effect. ( apropos ulimit )
df shows home at 96%. Possible prob, but Ive been here plenty before,
never manifested like this.
[jimc@groucho jimc]$ ulimit -a
core file size (blocks) 0
data seg size (kbytes) unlimited
file size (blocks) 100000
....
file-size looks like the germane limit, but what do I compare it too ?
[jimc@groucho jimc]$ du -s ~
3019480 /home/jimc
evidently, Im far in excess, or limit applies to single files larger than
100,000 k
(assuming block = 1 k, as for du, not older 512b)
So Im prepared to accept that it is a new constraint, but why am I able to
continue to create new files ( probably cuz none were 100 MB )
[jimc@groucho jimc]$ du -a | sort -n | head -100
shows directories ( shouldnt count for file-size, dirs are just indexes of
fname => inode)
no files are > 100 MB
and im still wondering why the ulimit is checked only when su'g, but not
when running
cmds, etc. ulimit is part of bash - so always available from that
perspective.
.. I must be missing something ..
tia, jimc
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
