Hello David, This is the constellation:
Here is the problem, I need to runn a productive server SuSE 8.0 to which real terminals are connected (-> no harddrive) the terminals boot via tfpt and mount the certain drives via nfs. For "online"backups I run rsync. The server must be reachable for remote maintenance via isdn dialin, also telnet and ftp.
David Smith wrote:
Use SuSEfirewall2. Edit the configuration file /etc/sysconfig/SuSEfirewall2
Would it really be enough to run SuSEfirewall2? I like to hook on Matthias answer:
If possible drop ftp and telnet and use ssh / sftp instead. Or at least chroot the ftp process and don't let it run as root. ok, ssh and sftp are no problem but for some maintenace tasks root asscess is needed. What would be a strategie in this case?
The temporary connects to the internet for surfing and email should also be possible. If it's connected to the internet install a *tight* firewall. Guess SuSEfirewall2 can do this but what about ssh and sftp and dailin?
Install IDS software (eg AIDE) HIDS or NIDS?, an attach from the inner side is a less reasonable issue, though still (in theory) possible.
Install chkchroot. Install portsentry in case your firewall is dropped for some reason. I never used them, what can they do in the current senario?
I guess the main probelm are the temporarely connects to the internet and the dial in connection for maintenace. How can I make sure that only *one* certain number can dialin? Thanks again Michael -- Encrypted eMail welcome! GnuPG/OpenPGP-Key: 0xC82CD70C. Fingerprint: BB76 0DED 1329 D3B7 04D0 F6BB 2033 3B11 C82C D70C