[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: Thanks Jay, Tim, Dan and all, a few more question
- Subject: [cobalt-users] Re: Thanks Jay, Tim, Dan and all, a few more question
- From: Charles Teton <info@xxxxxxxxxx>
- Date: Tue Jul 2 04:58:49 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I am the only person with access to the RaQ3 server, which just serves web
pages and forwards email, so I pretty much got every turned off, apart from
the email server. I now access through ssh to the terminal, https for the
GUI and ssh for ftp.
What I'm trying to do is block ever port and/or service for everyone,
excluding myself, for every thing but access to my website.
With tcp wrappers I've:
'hosts.allow'
ALL: ***.**.***.**
Which is myself but I'm a little bit unsure about the 'hosts.deny'. If I put
in:
'hosts.deny'
ALL: ALL
Will that block everyone from accessing all of the services, 'apart' from
the web server? Or do I have to break the services down individually, so as
not to block everyone from seeing the web site?
I've just installed ipchains which I going to use to block off the remaining
port to everyone but myself, again apart from the web site. The only open
ports I've managed to pick up with a scanner are:
22/tcp open ssh
25/tcp open smtp
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop-3
143/tcp open imap2
443/tcp open https
444/tcp open snpp
617/tcp open unknown
Which of the above can I block without interfering with the web site?
Obviously not 80 and 81, but can I block '443: https' from everyone else but
myself, I the only one using https to access the Cobalt GUI?
Finally, I've held off installing 'Portsentry', do you suggest still
installing it, all being that I'm trying to close all unnecessary ports and
services?
Thanks again for your help.
Regards,
Charles Teton
http://www.makingmymovie.com