[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sheflug] Re: Suggestions of distro?



Yeah, grc is quick and dirty - although useful to quickly tell if your
firewall is actually switched on!  I use http://scan.sygatetech.com/ if
I want to check more.  Thanks for the info on nmap though, I'll check it
out.  And yes, the cfg file for bastille-firewall is so well commented
that you really don't need a gui however allergic you are to messing
around with config scripts :) and actually setting it up means you learn
a lot more about possible security issues and what you need defined etc.

Ta

Neil - who now knows what port 53 is for :)

> -----Original Message-----
> From: shef-lug-admin [at] list.sheflug.org.uk 
> [mailto:shef-lug-admin [at] list.sheflug.org.uk] On Behalf Of 
> Barrie Bremner
> Sent: 18 December 2001 18:58
> To: shef-lug [at] list.sheflug.org.uk
> Subject: RE: [Sheflug] Re: Suggestions of distro?
> 
> 
> >>>>> "Neil" == Neil R Porter <Neil> writes:
> 
>     Neil> Hiya James What problems have you got with it?  You say it's
>     Neil> not secure... Do you mean you've checked it on something
>     Neil> like http://grc.com and it says your shields are down and
>     Neil> your ports are open (those that you want closed anyhoo)?
>     Neil> Bastille-firewall works out of the box.  You can either
>     Neil> configure it using the mandrake control centre or by editing
>     Neil> the bastille-firewall.cfg file (in /etc/Bastille).  Don't
>     Neil> worry too much about messing with the cfg file unless you
>     Neil> need to tweak it (I had to to allow my LAN to be
>     Neil> 'trusted')... I'll send you my cfg file off list if you need
>     Neil> it.
> 
> I'd leave grc.com alone - it's not all that useful.
> I'll give you a brief (and rather slow) check on a few common 
> ports, but if you _really_ want to check things out properly, 
> you can't do much better than to use 'nmap'.
> 
> Nmap is installed by default on some systems, if not 
http://insecure.org/ or Freshmeat are the places to go.

Bastille and other hardening scripts are a good idea, but part of the
role of such a script - especially with Bastille is to educate the admin
as to exact what is being done and why - pay attention - you'll probably
need to know what's been done incase something 'breaks' after Bastille
blocks traffic :-)

    Neil> As for other things, I'm not sure what else you need.  All
    Neil> the net 'probers' have told me that my system is pretty well
    Neil> locked down and as for other services, well I'm running web,
    Neil> ftp, samba, net connection sharing, the lot with my linux
    Neil> box on LM8.1.

Cheers.

Baz.

-- 
Barrie J. Bremner		OpenPGP public key ID: F78CEE08
baz [at] barriebremner.com	http://barriebremner.com/


___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word "unsubscribe" in the
body of the message. 

  GNU the choice of a complete generation.


___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.