Bill Landry wrote:
Why, are you blocking outbound rsync traffic? If so, after 3 years of maintaining this script and many thousands of users, this is the first time I've heard this request.
Some of do this by default - set an outbound policy of block and allow specific traffic that's allowed. It means that should a machine get compromised despite all other precautions, it can't* then be used to launch an attack on others (or other servers in your own network) and/or is unable to communicate with it's control centre. Just another layer of security.
* Yes the attacker (assuming they got root equivalent access) can clear iptables - but that means they have to be proactive and risk making themselves more visible, not to mention they risk their remote install breaking networking (and also making their presence visible).
But then what would I know about administering servers :-/ -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
