Hi list-users Please can somebody tell me where to find a bugtraq mailinglist that only deals with linux security bugs? and, according to the ip_always_defrag kernel option question I would like to ask you what other kernel options are recommended to install to have improved security on an ipchains paketfilter box. Thank you all, Philipp
"Philipp Snizek"
Hi list-users
Please can somebody tell me where to find a bugtraq mailinglist that only deals with linux security bugs?
You can try a _linux_ security mailing list: http://listserv.securityportal.com/SCRIPTS/WA-SECURITYPORTAL.EXE?SUBED1=linux-security&A=1
and, according to the ip_always_defrag kernel option question I would like to ask you what other kernel options are recommended to install to have improved security on an ipchains paketfilter box.
As said before, read http://www.bb-zone.com/Proc/chapter2.html#section2.8 about the /proc filesystem and /usr/src/linux/Documentation/networking/ip-sysctl.txt HTH Martin -- martin.peikert@innominate.com system engineer innominate AG clustering & security the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
Moin Philipp! securityfocus has a linux specific list: www.securityfocus.com hth's -- michael Philipp Snizek schrieb am Donnerstag, den 23. November 2000:
Hi list-users
Please can somebody tell me where to find a bugtraq mailinglist that only deals with linux security bugs?
and, according to the ip_always_defrag kernel option question I would like to ask you what other kernel options are recommended to install to have improved security on an ipchains paketfilter box.
Thank you all,
Philipp
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Thu, 23 Nov 2000 15:28:40 +0100, you wrote:
and, according to the ip_always_defrag kernel option question I would like to ask you what other kernel options are recommended to install to have improved security on an ipchains paketfilter box.
Hi. This is an excerpt from one of my fws: (note comments are in Spanish; check url that somebody gave about /proc fs :-))) ## Habilitamos la defragmentacion automatica en el kernel echo 1 > /proc/sys/net/ipv4/ip_always_defrag ## Filtrar paquetes fragmentados (no deberian llegar, el kernel defragmenta antes) ipchains -A input -f -j DENY -l ## Habilitar SYN cookies en el kernel (proteccion contra SYN flood) echo 1 >/proc/sys/net/ipv4/tcp_syncookies ## Habilitar en el kernel la proteccion contra Spoofing (Source Address Verification) for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done ## Deshabilitar en el kernel los ICMP-redirects for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done ## Deshabilitar en el kernel los paquetes con source-routing for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done Regards. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (4)
-
Martin Peikert -
Michael Galloway -
Philipp Snizek -
RoMaN SoFt / LLFB!!