[Gllug] netstat -pan --inet

[Bruce Richardson]

On Mon, Feb 11, 2002 at 11:26:53AM -0000, Paul wrote:
> > Is anyone else out there trying to tighten up there box and 
> > if so should we
> > have a time where people can scan each other to see what 
> > works and what
> > doesn't. I think my box is reasonably tight from an internet 
> > perspective.
> > 
> > Harry
> 
> I'm doing the same with a Debian box at the moment.
> I've shut down all unwanted services although I find my log gets full of
> "ident" requests.
> The consensus seems to be that it's safest to turn it off but that the
> internet would work better as a whole if it was turned on so I'll have
> to look into this a bit more.

It's *polite* to have it on, for the benefit of mailhosts mainly, but
only if you are another mailhost.  Otherwise it isn't worth it.  If you
want to be polite to other mailhosts, look at oidentd.  It allows you to
spoof the userid for selected users, omit the OS name and other things.
If you need an honest local ident daemon then use xinetd and run one
version of oidentd on the external interface and another internally.

> Also I'm checking out "snort" for warning of possible attacks.
> I think as it's potato I'm stuck with ipchains (iptables only works for
> kernel 2.4.x?).

There are unofficial 2.4.x kernel sources for potato, maintained by
someone who was an official Debian developer until a couple of weeks a
go so they are useful.

http://www.fs.tum.de/~bunk/kernel-24.htm

If you're running Woody (like Harry) then there's a whole series of
security-minded packages, names all beginning with "harden" (Dean, put
that innuendo down).

-- 
Bruce

What would Edward Woodward do?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20020211/75224adb/attachment.pgp>