kevin bailey wrote:
hi,
was recently rootkitted on a debian machine because i'd left an obscure
service running.
which one?
2. firewall
not i'm not sure about the need for a firewall - i may need to access the
server over ssh from anywhere. also, to run FTP doesn't the server need to
be able to open up a varying number of ports.
hmm. you could look into port knocking for your ssh problem.
ftp server can be configured to use only 21tcp and 20tcp (ftp,ftp-data)
(requires configuring clients active/passive mode)
BTW - FTP *has* to be available - many of the users only know how to use
FTP.
hmm, a wide range of clients on all systems is begining to implement
scp/sftp, its worth *forcing* on users, in some sceanario's its not as
scary as it might seem.
currently - i see no compelling need to set up a firewall - especially since
if i get it wrong i could lose access to the machine.
no right attitude.
your compelling need is established by:
1. you just got rootkited onto a port which couldve been closed.
2. your going to be hooked up to internet.
so, use something like nmap to test for open ports on a remote machine.
make sure only required services are running.
absolutely. with and without the firewall running, scan everything.
run snort to check for attacks.
this can get really annoying=not useful, especially when you decide
snort should also send you alerts via email or sms.
i would suggest you leave this to very last.
and if you do set it up, make sure to check out the 'acid' interface..
hth,
t.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
