[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] worm attack
- Subject: Re: [cobalt-users] worm attack
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Thu Sep 20 14:17:04 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Revd leonard payne" <vicarage@xxxxxxxxxxxxxx> wrote
> Can anyone give a blow by blow - step by step - idiots (tm) guide to
> installation of
>
> a. portsentry
> b. logcheck
> c. ipchains
>
> and then anything else that the community feels is valid. (I've got a and b)
>
Since you have a and b, then all you need is ipchains.
read http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
You didn't say which RaQ you have I assume a 3 or 4
run <ls /proc/net/ip_fwchains> if this file exist then you can use ipchains.
RaQ2 and Qube2 need to use ipfwadm
login to a ssh shell as root
wget http://netfilter.samba.org/ipchains/ipchains-1.3.10.tar.gz
tar zxvf ipchains-1.3.10.tar.gz
cd ipchains-1.3.10
make all
make install
this will install /sbin/ipchains
and /usr/man/man8/ipchains.8
Then get pmfirewall
wget http://www.pointman.org/PMFirewall/download/pmfirewall-1.1.4.tar.gz
tar -zxvf pmfirewall-1.1.4.tar.gz
cd into the directory pmfirewall-1.1.4
Read - README and INSTALL
Run "sh install.sh" and follow the prompts.
pmfirewall adds rc.d scripts for each runlevel
Start pmfirewall /etc/rc.d/rc3.d/S50pmfirewall start
So when you reboot it will start.
The install.sh prompts are very good.
In most cases just accept the [default]
This will install a basic firewall.
Read up on the HOWTO and then
Add you own rules to /usr/local/pmfirewall/pmfirewall.rules.local
Gerald