[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ3 ipchains install help

Wayne,

> Searched the archives, google, linuxnewbie.org/com... etc etc never found
a
> basic "how to" guide.. (wish I had Dan's skills in searching!)

Well, we almost all wish that, I guess. ;-)

But you found the Firewall-HOWTO
(http://ldp.nllgg.nl/HOWTO/Firewall-HOWTO.html) and the IPCHAINS-HOWTO
(http://ldp.nllgg.nl/HOWTO/IPCHAINS-HOWTO.html), right?

> After spending way too many hours looking and still sitting here needing
to
> install/configure this... if anyone has a link to a basic step by step
"how
> to" such as the one in the archives for doing portsentry and could point
me
> to it I'd be eternally grateful...

There has been talk about a script that was posted to this list some time
ago; probably be4 I entered the list.

http://www.openna.com/books/book.htm is a great book on Linux (RedHat
specific) security in general. I keep a printed copy closeby at all times.
It has some great pointers on configuring ipchains. I've been using that
book and another (somewhat dated) ipchains script to construct my own thang
(not finished yet).

Biggest problem with the firewall scripts I've seen is that these do not
take into account the ability to add more IP addresses to a Linux box at any
given time. There's a quick fix to provide that feature. Next big problem is
that the Active Monitor keeps on flashing... ;-)

While on the subject, a question: is there any specific (Cobalt) reason why
one should open up high, unprivileged (did I just spell that correctly? ;-P)
ports (1024-65535) by default?

> Tripwire is next!... then it's tin cans on a string and a sleeping bag
next
> to the box!!

I'd be interested in your findings on Tripwire. Haven't come around to it
yet.

> It's hard not to be paranoid when everone's out to get you!!

It's good to be paranoid when everyone's out to get you! :-)

Have a safe one... Nico