basic security message
Jude DaShiell
jdashiel at shellworld.net
Sat Jun 11 15:38:07 EDT 2005
Two front-ends for iptables already exist in fedora core.
/etc/hosts.allow is one of them and /etc/hosts.deny is the second
front-end. Both need to be adjusted or script kitties will litter all
over your hard drive and wn your system. /etc/hosts.allow and
/etc/hosts.deny also need to be monitored for changes and you need to know
if you made those changes or if you didn't. If you don't remember making
those changes then someone or something else made those changes. in
/etc/hosts.deny i put a line like All.: All That says allow nothing in
unless found in /etc/hosts.allow. In /etc/hosts.allow I have a line like:
127.0.0.1 that line says allow only localhost access and enables both
mysql and postgresql to start up error free. Without that line in
/etc/hosts.allow both mysql and postgresql will error out. Now combine
/etc/hosts.deny with /etc/hosts.allow in thought and what's open or should
be open is only localhost to itself and no other ports. This does not
necessarily guarantee script kitties won't litter all over your hard drive
but should make it more difficult.
More information about the Speakup
mailing list