[Gllug] bastille/firewall confusion

Sun Jan 26 22:37:18 UTC 2003

With the emergence of the recent worm I've had a closer look at my 
security.  My debian box is running the Bastille scripts and should be 
logging all connection attempts.  However, having run an nmap scan from 
a security website, numerous ports are visible and open on the report. I 
also fail to find mention of denied connections in /var/log/syslog and 
/var/log/kernel.

I have removed most services, telnet is of course gone, however things 
like exim(smtp25) and nfs I need to use locally.  I've worked myself 
into a panic, stupidly, over this and could use guidance.  Am I looking 
in the right logs?  Should I scrap Bastille and, painstakingly, rewrite 
my ipchains?  Should I worry less?  The Debian security handbook is only 
getting me so far.

Other considerations, the box in question is a dialup box masquerading 
for the rest of my home network.

nervous nelly
aka
Branden Faulls
-- 
+-----------------------------omphe.com-+
|                                       |
|Branden Faulls                         |
|                                       |
|                        www.omphe.com  |
|              brandenfaulls at omphe.com  |
|                   (+44) 773 440 8623  |
+---------------------------------------+

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug