Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (2358 mails)

< Previous Next >
[SLE] running a webserver from suse
  • From: chris.reeves@xxxxxxxxx (Chris Reeves)
  • Date: Fri, 08 Oct 1999 17:33:15 +0000
  • Message-id: <37FE2ADB.56DB0610@xxxxxxxxx>



Hi everyone,

I'd better mention: SuSE 6.1, kernel 2.2.5, Cyrix P150+, 96M RAM, 10GB HD,
10Mb Ethernet connection. Using ipchains for firewalling.

I have ipchains set to DENY virtually everything except a few servers coming
from specific remote ports, and the first rule of all is to DENY all incoming
conections (-p tcp -y). Most of the services in /etc/services are left
uncommented.
I know that unneeded services should be commented out, but that's the way it
is. So as the computer is set up now (with no incoming ports open) are those
services safe?

Here is what I eventually want to do:

I want to run a web server from my computer. I don't want to remove all the
SuSE support db and search
facilities. I would like to know if there would be any security holes if I just
opened it up as it is - search facilities and everything. Would people be able
to search the hard drive? I have a documentation server installed, but I think
that's on a different port? I wouldn't be opening that up. But I have lots of
support docs installed from the packages on the cdrom, and they are searchable
with htdig. So can I just open the server up as it is?

This is how I plan to do it:

What if I put a rule in before that -y DENY rule that would accept connections
on port 80 for the webserver. Would those other services still be safe? As far
as I know, the
httpd would answer connections on port 80 - but is there any way for someone to
connect on port 80 (where httpd is running) and use telnet to log on (sort of
'request' the telnet daemon)?

Finally:
What if the open port were, say, 34712 and there
was no daemon listening there - would the incomming connection then be able to
choose a daemon? What would happen?

Hope you can help and thanks in advance,
Chris

--
__ _
-o)/ / (_)__ __ ____ __ Chris Reeves
/\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005
_\_v __/_/_//_/\_,_/ /_/\_\

--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/


< Previous Next >
Follow Ups