Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] supplied firewall package robustness
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Mon, 21 Aug 2000 12:17:09 +0200 (CEST)
  • Message-id: <Pine.LNX.4.21.0008211212170.8098-100000@xxxxxxxxxxxxxx>
Hi,

On Fri, 18 Aug 2000, Jason P. Stanford wrote:

> I have taken a recent and deep interest in network security since installing
> SuSE 6.4 and OpenBSD on some spare machines in my lab. Of late I have noticed a
> lot of (possibly) suspicious activity, which probably shouldn't be too
> suspicious in a university setting. However, I am wondering just how robust and
> "impervious" the firewal package supplied with SuSE is?
> I only have ssh listening (on default port 22) through the firewall and a
> test web server on port 8080 (under my regular user uid and gid with no
> scripting or cgi by default). All other running daemons/servers are blocked
> (assumedly) by the firewall.
> Also, everything is deactivated in /etc/inetd.conf. /etc/hosts.deny is set to
> ALL: ALL and /etc/hosts.allow is set to sshd: ALL. That's it. Am I pretty safe,

uh, if you start sshd as standalone (not via inetd) it isn't protected by
tcpd.

> or should I still be paranoid? BTW, the machine is not acting as a router or
> NATS box. It is standalone only.

strip the box down, remove alot of s-bits, use sudo to avoid using the
root account, reorganize the permissions and privileges of your www
server, source code review your cgi scripts, check your config
files... still alot to do. ;)

Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47


< Previous Next >
References