Hi everybody, I was asking myself how secure is a system when there are no services running on it. I have here a Linux-Box which acts as a Masquerading-Gateway. There a no services running on it, just the Masq-Script as described in the SuSE Support Database (just the Standard). I haven't worked much with Linux, but when no services like WWW or SMTP are running it should be nearly safe or not? Jan Räther [?] [!] newtention technologies gmbh mailto:jan@newtention.de | http://www.newtention.de ----- panic("Tell me what a watchpoint trap is, and I'll then deal with such a beast..."); 2.2.16 /usr/src/linux/arch/arch/sparc/kernel/traps.c
Hi,
running on it. I have here a Linux-Box which acts as a Masquerading-Gateway. There a no services running on it, just the Masq-Script as described in the SuSE Support Database ...
Be sure not to start the inetd and for doubleproof comment out all services in the /etc/ined.conf rgds Jakob
Hi,
running on it. I have here a Linux-Box which acts as a Masquerading-Gateway. There a no services running on it, just the Masq-Script as described in the SuSE Support Database ...
Be sure not to start the inetd and for doubleproof comment out all services in the /etc/ined.conf
rpm -e inetd. why needlessly complicate things.
rgds
Jakob
-Kurt
Hi,
running on it. I have here a Linux-Box which acts as a Masquerading-Gateway. There a no services running on it, just the Masq-Script as described in the SuSE Support Database ...
Be sure not to start the inetd and for doubleproof comment out all services in the /etc/ined.conf
rpm -e inetd. why needlessly complicate things.
inetd is not installed..... Jan
rpm -e inetd. why needlessly complicate things.
Bad idea, I think. You could feel like installing it again. Then you're badly bugged. Better have a service installed and safely disabled rather than taking the risk to install it, where it might be activated automatically already.
-Kurt
Roman.
--
- -
| Roman Drahtmüller
-----BEGIN PGP SIGNED MESSAGE----- I think that's safe enough. - --- Bogdan Zapca System Administrator SC EcoSoft SA Internet Service Provider 1-7 Deva st, Cluj-Napoca, Romania Tel: +40 64 199696 PGP: http://www.itotal.ro/lupe@admin2.ecosoft.ro.pgp http://www.ecosoft.ro On Wed, 6 Dec 2000, [iso-8859-1] Jan R�ther wrote:
Hi everybody,
I was asking myself how secure is a system when there are no services running on it. I have here a Linux-Box which acts as a Masquerading-Gateway. There a no services running on it, just the Masq-Script as described in the SuSE Support Database (just the Standard). I haven't worked much with Linux, but when no services like WWW or SMTP are running it should be nearly safe or not?
Jan R�ther
[?] [!] newtention technologies gmbh mailto:jan@newtention.de | http://www.newtention.de
----- panic("Tell me what a watchpoint trap is, and I'll then deal with such a beast..."); 2.2.16 /usr/src/linux/arch/arch/sparc/kernel/traps.c
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOi49U9Pv6ylvTc6pAQEi0QP/Xt2mTLckqhgHuPoY1vHhg0Cezqhnv+9o U8TPC/WiGxNvg3Q2Wvo0W0lyZJKsGp17IIL4z8In/gRbhP6pFCDi23z4b+lkkKyZ CYHEPLLAxlRzekKISA9As0yqzoZyQMwi4aqEWg+dfJv7mESzZ/DMQ+3I9UlES8Ek 20e9IKMhS+c= =9qVY -----END PGP SIGNATURE-----
HiHo...
I was asking myself how secure is a system when there are no services running on it. I have here a Linux-Box which acts as a Masquerading-Gateway. There a no services running on it, just the Masq-Script as described in the SuSE Support Database (just the Standard). I haven't worked much with Linux, but when no services like WWW or SMTP are running it should be nearly safe or not?
I don't tyhink, thats a very good idea. It may be save for this one machine, but not for all the machines in the internal network. If we really talk about the same script from the sdb it does nothing more, than this one command: ipchains -A forward -i $WORLD_DEV -j MASQ And this means, that every traffic will be transported without any filtering(!) like mentioned in the article. If you have an eye on security issues, you should use SuSEfirewall like described in the rest of the article and only allow masquerading for some special services which you really need and block everything from the outside. If you are talking about any other script forget the stuff above. stephan -- t="\$_='for(\$i=-2;\$_=substr(\"2720ab25409d2500f82310a6272\",\$i+=2,3);){ .~. /V\ s.martin@odn.de /( )\ ^ ~ ^ \$_=\$i++%2?hex:oct;\$_=chr(\$_%(2**2*22));\$_=\$i?lc():{};print; }';s/\( +\)|[\w\.]+\@[^ ]+|[.\/V~^\\\]+| {2,}//g;eval \$_;" && echo $t|perl
participants (6)
-
Bogdan Zapca -
J. Weinberg -
Jan Räther -
Kurt Seifried -
Roman Drahtmueller -
Stephan Martin