On Wednesday 23 January 2002 15:05, Togan Muftuoglu wrote:
Sorry if the question has been asked before and already replied then just point me rather sending flames as it has already been an extremely bad day.
This is what I want to do
I am placing a webserver on DMZ (192.168.2.2) apache is running chrooted via compartment the webpages are located at $CHROOT/webhome the directory and files are owned by wwwrun.nogroup
I want to be able to run rsync to update the web pages however I only want to open the minimum number of ports in the firewall.
The question is how can I force rsync to except communication from ssh only rather than from rsync port.
Just make sure you don't have the rsyncd enabled, by inetd, or running standalone (if it can do that). Taking a belt and braces approach, block daemons with hosts.allow and host.deny, block the rsync port in your packet filter, comment out unwanted daemons in inetd (consider if you really need inetd running at all). And then run netstat -lp to see what programs are listening on what ports. It's very similar to disabling Sun RPC portmapper. Rob