Re: Tiger et nfs se chamaillent

Sat, 18 Sep 2004 11:15:08 -0500 

Le 18/09/04 à 17:50, [EMAIL PROTECTED] écrivait:

> >   From: "Tiger automatic auditor at bazooka.ascii-club.org" <[EMAIL 
> > PROTECTED]>
> >   Subject: Tiger Auditing Report for bazooka.ascii-club.org
> >   Date: Sat, 18 Sep 2004 14:00:07 +0200
> > 
> >   # Checking listening processes
> >   OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 
> > 633 (UDP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 
> > 636 (TCP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 
> > 662 (UDP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 
> > 665 (UDP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 
> > 668 (TCP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 
> > 629 (UDP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 
> > 632 (TCP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 
> > 658 (UDP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 
> > 661 (UDP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 
> > 664 (TCP) on every interface.
> 
> Pour que ces messages ne sortent plus dans /etc/tiger/tigerrc mettre 
> rpc.mountd
> et rpc.statd dans la variable Tiger_Listening_ValidProcs
> 
> > 
> > Il y a aussi des règles iptables.
> > Je voudrais que NFS ne soit accessible que par la carte réseau à l'adresse 
> > 192.168.13.30
> 
> C'est aux règles iptables de faire en sorte que NFS ne soit accessible que par
> l'adresse indiquée.

J'espère bien que mes règles iptables interdisent toute nouvelle
connection ailleurs que sur l'interface réseau eth0 qui a l'adresse
192.168.13.30:

tuxbox:~# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 7735 1111K ACCEPT     all  --  lo     any     anywhere             anywhere
 2107  101K DROP       tcp  --  ppp0   any     anywhere             anywhere    
        tcp dpt:microsoft-ds
    0     0 DROP       udp  --  ppp0   any     anywhere             anywhere    
        udp dpt:microsoft-ds
  517 25032 DROP       tcp  --  ppp0   any     anywhere             anywhere    
        tcp dpt:loc-srv
    0     0 DROP       udp  --  ppp0   any     anywhere             anywhere    
        udp dpt:loc-srv
    2    96 DROP       tcp  --  ppp0   any     anywhere             anywhere    
        tcp dpt:netbios-ssn
    0     0 DROP       udp  --  ppp0   any     anywhere             anywhere    
        udp dpt:netbios-ssn
  214 47387 ACCEPT     udp  --  ppp0   any     anywhere             anywhere    
        state RELATED,ESTABLISHED
19374 4544K ACCEPT     tcp  --  ppp0   any     anywhere             anywhere    
        state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  ppp0   any     anywhere             anywhere    
        state RELATED
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere    
        tcp dpt:bootps
    0     0 ACCEPT     udp  --  eth0   any     anywhere             anywhere    
        udp dpt:bootps
  117 24088 ACCEPT     all  --  eth0   any     localnet/24          anywhere
  543 41308 ULOG       all  --  ppp0   any     anywhere             anywhere    
        ULOG copy_range 0 nlgroup 1 queue_threshold
20
  543 41308 DROP       all  --  any    any     anywhere             anywhere
.....

A+++
Jean-Pierre

Répondre à