On Saturday 05 April 2003 01:36 pm, [EMAIL PROTECTED] wrote: > I'm trying to lock down my server, which, for historical reasons *has* > to run the various nis services. No problem, I'll just block the ports > that ypfrx, yppasswdd, ypbind, etc bind to. However, it seems that they > choose a different port each time. As I don't want to switch to the > 'block everything, only open needed' methodology (too much overhead to > keep all my clients working), how do I force the various nis services to > use only certain specified ports? Looking at the man page, some of them > take a -p switch, but putting that into the /etc/init.d/nis file in the > --exec line 1) doesn't seem to work and 2) would be overwritten by the > next upgrade (iirc, the init scripts are not marked as config files). > Any ideas?
I'm not exactly sure if locking the NIS ports is possible, but I can verify that init.d scripts are (almost?) always marked as conffiles. You do not need to worry about them being overwritten without being asked. That said, I would really recommend that you switch to the "block everything" firewall methodology, especially if you need legacy software like NIS around. You'll sleep easier. Also, about the -p switch: make sure you're passing "--" between the program name and the -p. start-stop-daemon needs this, to seperate its own arguments from those of the daemon it's starting. (This may not be your problem - like I said, I don't use NIS, those scripts might not call start-stop-daemon.) Hope this helps. - Keegan
