[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: Cube 2 security
- Subject: [cobalt-users] Re: Cube 2 security
- From: Brian <bmcewen@xxxxxxxxxxx>
- Date: Sat Nov 29 08:02:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
>on 29/11/03 5:34 PM, pwilliams wrote:
>
>> I am trying to find a firewall (similar to the adaptive one for the
>> Cube3) for the Cube 2
>>
>> Any thoughts or advice greatly appreciated
>
>A SonicWall, or a WatchGuard Firebox in front of it. Even Netgear have
>devices which would be better than doing something in software on the Qube2.
>
>Cheers, Malcolm
I've asked a couple of (I thought :) sensible questions about Qube 2
matters recently with nothing back yet- I'll try again. You guys perhaps
don't realize how little is left on the web in a useable form for these
things, perhaps. Searching the archives for example, it's a tossup as to
whether SCSI support is built into the kernal- some places say yes, some
places say no, no mention of a specific version kernal or update that added
the feature. Things like that.
So, I've read/know a bit about hardening your services to make your setup
more secure, similar to Token's _Read World Linux Security_ and other
sources that have received good reviews. But those are geared for RH 7 and
up, often. A different era both in Linux and for the net from the Qube 2.
I just can't get a good picture of where the Qube 2 fits- securable or
not?? The services I mention below- can I get them implemented securely or
should I just give up now and put on NetBSD 1.6.1? I'd kind of like to
keep the Cobalt implementation for fun, if it will work properly.
With comments like the above about the Qube 2 services, just how much
SHOULD I trust the old RH 6 implementation it has? There's the MIPS pkgs
to update te sendmail, Apache, and a couple other services out there, but
not much else. And those aren't very recent.
What happens if I use common sense and change permissions/harden up the RH
6 and then run the Cobalt GUI? Will it revert much of the changes I made,
or the GUI break pretty fast? And setting up PHP seems completely
incompatible with the GUI? PHP is pretty insecure anyway...
Recall if you will from my other posts, this Qube 2 is a replacement for my
current home-based classic MacOS ftpd, SMTP/POP3, and it would be nice to
web-publish some databases from it as well. IMAP would be nice. My
current setup is pretty secure, I would like that to continue. Primary
use is as ftpd for moving files betwen the university and home.
I searched the archives extensively before I posted the first time, I'm
pretty comfortable with setting a newer Linux box in such a manner that
people should be kept out, but I have been unable to decide what
should/should not be workable with the RH 6 on the Qube 2.
After I get back from the holiday I'll have a SCSI card waiting for me to
install in the Qube 2, and I'll setup my /pub ftp files on an external
drive, and start trying to get things set up; but it would be very nice to
get some feedback on whether it's possible to harden this older setup
properly. Since summary information about these guys is apparantly
vanishing, I'd really be happy to put together a list of things that
can/might/should not be done with them. I would like to avoid finding out
about problems the hard way.
Thanks for any replies from those who used these things "way back when" in
1999-2000 ;)
Brian