[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sheflug] Re: Suggestions of distro?
Yeah, grc is quick and dirty - although useful to quickly tell if your
firewall is actually switched on! I use http://scan.sygatetech.com/ if
I want to check more. Thanks for the info on nmap though, I'll check it
out. And yes, the cfg file for bastille-firewall is so well commented
that you really don't need a gui however allergic you are to messing
around with config scripts :) and actually setting it up means you learn
a lot more about possible security issues and what you need defined etc.
Ta
Neil - who now knows what port 53 is for :)
> -----Original Message-----
> From: shef-lug-admin [at] list.sheflug.org.uk
> [mailto:shef-lug-admin [at] list.sheflug.org.uk] On Behalf Of
> Barrie Bremner
> Sent: 18 December 2001 18:58
> To: shef-lug [at] list.sheflug.org.uk
> Subject: RE: [Sheflug] Re: Suggestions of distro?
>
>
> >>>>> "Neil" == Neil R Porter <Neil> writes:
>
> Neil> Hiya James What problems have you got with it? You say it's
> Neil> not secure... Do you mean you've checked it on something
> Neil> like http://grc.com and it says your shields are down and
> Neil> your ports are open (those that you want closed anyhoo)?
> Neil> Bastille-firewall works out of the box. You can either
> Neil> configure it using the mandrake control centre or by editing
> Neil> the bastille-firewall.cfg file (in /etc/Bastille). Don't
> Neil> worry too much about messing with the cfg file unless you
> Neil> need to tweak it (I had to to allow my LAN to be
> Neil> 'trusted')... I'll send you my cfg file off list if you need
> Neil> it.
>
> I'd leave grc.com alone - it's not all that useful.
> I'll give you a brief (and rather slow) check on a few common
> ports, but if you _really_ want to check things out properly,
> you can't do much better than to use 'nmap'.
>
> Nmap is installed by default on some systems, if not
http://insecure.org/ or Freshmeat are the places to go.
Bastille and other hardening scripts are a good idea, but part of the
role of such a script - especially with Bastille is to educate the admin
as to exact what is being done and why - pay attention - you'll probably
need to know what's been done incase something 'breaks' after Bastille
blocks traffic :-)
Neil> As for other things, I'm not sure what else you need. All
Neil> the net 'probers' have told me that my system is pretty well
Neil> locked down and as for other services, well I'm running web,
Neil> ftp, samba, net connection sharing, the lot with my linux
Neil> box on LM8.1.
Cheers.
Baz.
--
Barrie J. Bremner OpenPGP public key ID: F78CEE08
baz [at] barriebremner.com http://barriebremner.com/
___________________________________________________________________
Sheffield Linux User's Group - http://www.sheflug.co.uk .
To unsubscribe from this list send mail to
shef-lug-request@list.sheflug.org.uk with the word "unsubscribe" in the
body of the message.
GNU the choice of a complete generation.
___________________________________________________________________
Sheffield Linux User's Group - http://www.sheflug.co.uk .
To unsubscribe from this list send mail to
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.