Umar Goldeli was once rumoured to have said:
> > ...or keep this discussion on list for those who cannot get to SLUG
> > meetings.
>
> Or both.. I'd be happy to do a presentation or a QA session on security if
> anyone's interested.. and consdering that a lot of people on this list are
> admins or working in IT - it'd be quite good to keep it on methodology as
> opposed to specific products/tools.. this way general solaris admins or
> network engineers could also benefit..?
Give me some time to brush up on netfilter and I'll happily do a
NetFilter/IpChains, whats new, good, why, and how do we use it? type
presentation at a SLUG meeting sometime. I just haven't gotten around
to setting up the new firewall here (at work) yet :/
> The only problem with atime records is when you're playing with squid etc
> and a lot of people put their cache partition in /var/cache or similar and
> mount /var noatime - which sucks for forensics, but will certainly make
> your squid fly. ;)
Squid should be caching to its own dedicated partition, perferably to
its own dedicated spindle if possible, both for reasons of performance
and sanity (ok, mostly sanity ;) ). Then the noatime thing only
becomes an issue if the cache spindle is used as part of the attack.
> (you should whack squid elsewhere btw! :)
Undoubtably. See my previous comments about leaving no services to
compromise.
C.
--
--==============================================--
Crossfire | This email was brought to you
[EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
