basic security message

Jude DaShiell jdashiel at shellworld.net
Sat Jun 11 15:38:07 EDT 2005


Two front-ends for iptables already exist in fedora core. 
/etc/hosts.allow is one of them and /etc/hosts.deny is the second 
front-end.  Both need to be adjusted or script kitties will litter all 
over your hard drive and wn your system.  /etc/hosts.allow and 
/etc/hosts.deny also need to be monitored for changes and you need to know 
if you made those changes or if you didn't.  If you don't remember making 
those changes then someone or something else made those changes. in 
/etc/hosts.deny i put a line like All.: All That says allow nothing in 
unless found in /etc/hosts.allow. In /etc/hosts.allow I have a line like: 
127.0.0.1 that line says allow only localhost access and enables both 
mysql and postgresql to start up error free.  Without that line in 
/etc/hosts.allow both mysql and postgresql will error out. Now combine 
/etc/hosts.deny with /etc/hosts.allow in thought and what's open or should 
be open is only localhost to itself and no other ports.  This does not 
necessarily guarantee script kitties won't litter all over your hard drive 
but should make it more difficult.





More information about the Speakup mailing list