-
August 25th, 2001, 12:06 AM
#21
And where can we get this this VLock?
"There are two major products that come out of Berkeley: LSD and BSD. We don't believe this to be a coincidence." --Jeremy S. Anderson
There are a lot of major products that come from Belgium: pralines, Belgian Sprouts, Belgian Endives, Belgian Waffles, BELGIAN fries (yes, I know it's called french fries, because the lame-ass that landed in Belgium did think he was in France). And not to forget: Bastard Operators From Belgium!)
And beer! (I know Butt ,- is the main beer distributor in the world, but that won't take long.
Butt beer actually is beer with +++++++++censore,.............. in it).
InterBrew actually is the number 2 in the world, so here we come with real beer, Butttttttttassbeer, like Celis White, Duvel, Stella, Jupiler, Maes, (and about 400 others)
And Technotronic's Pump Up The Jam?
And 2Unlimited?
AND New Beat? AND Lords of Acid?
I don't believe this to be a coincidence neither...
-
August 25th, 2001, 06:20 PM
#22
Senior Member
vlock
vlock was created by RedHat. You can select it in a custom installation of RedHat. Otherwise you can get the rpm off of RedHat's download site or the source here (link is to freshmeat in case new version comes out or something):
http://freshmeat.net/projects/vlock/
You sure do like my quotes, don't you Negative?
\"If you torture the data enough, it will confess.\" --Ronald Coase
-
August 26th, 2001, 01:16 AM
#23
You sure do like my quotes, don't you Negative?
I'm a big fan of theirs.
BTW: anybody can tell me how to install a Alcatel Speed Touch USB on SUSE 7.2? Never tried it with a USB modem before.
-
August 26th, 2001, 01:57 AM
#24
Junior Member
I'd say that only thing you have to do is to rebuild kernel with USB suport and USB modem support.
there are lots of linux-usb-HOWTOs out there
-
August 26th, 2001, 02:05 AM
#25
Yeah I know, I installed the hotplug stuff again but it doesn't seem to work. BTW, SUSE 7.2 supports USB. It just doesn't seem to recognize my modem (and yes, I downloaded the drivers). Strange...
-
September 17th, 2001, 04:23 PM
#26
Senior Member
OK *NIX groupies
I'm an NT admin by trade and a linux hobbyist, i tend not to get involved in arguments over which is best, in my opinion they both have thier merits and faults, linux is free though...
If your interested in how people secure thier boxes, here's what i do:
firstly, as has been said before, don't run services you don't need, thats just common sense, i prefer though to have a tight gateway box and you can relax a bit on your other pc's here's a script i knocked up using the brilliant iptables from the 2.4.x kernel:
#Declare Constants
LOCALNET="192.168.0.1/24"
INT_IF="eth0"
INT_IP="192.168.0.1/32"
EXT_IF="eth1"
EXT_IP=""
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/24"
# Switch on ip forwarding
echo Turning on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
#Flush all rules
echo Flushing rules
iptables -F
iptables -X
#Masquarade for local lan
echo Setting nat for $LOCALNET
iptables -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
iptables -A FORWARD -i $EXT_IF --source $LOCALNET -j ACCEPT
iptables -A FORWARD -m state --destination $LOCALNET --state ESTABLISHED -j ACCE
PT
#Create a new table for logging/dropping packets
iptables --new DROPME 2>/dev/null
iptables -A DROPME --proto tcp -j LOG --log-level info --log-prefix "TCP Drop "
iptables -A DROPME --proto udp -j LOG --log-level info --log-prefix "UDP Drop "
#iptables -A DROPME --proto gre -j LOG --log-level info --log-prefix "GRE Drop "
iptables -A DROPME -f -j LOG --log-level emerg --log-prefix "Frag Drop "
iptables -A DROPME -j DROP
echo Building hack attempt rules
iptables --new HACKER 2>/dev/null
iptables -A HACKER --proto ALL -j LOG --log-level warn --log-prefix "Hacker Atte
mpt: "
iptables -A HACKER --j REJECT
#Deny MySQL
echo Denying mysql connections apart from $LOCALNET
iptables -A INPUT --protocol tcp --dport 3306 --source ! $LOCALNET -j HACKER
#Deny X Connections
echo Denying X Connections apart from $LOCAL_ADDRS
iptables -A INPUT --protocol tcp --dport 5900:6100 -i $EXT_IF -j HACKER
iptables -A INPUT --protocol tcp --dport 5900:6100 -i ! lo -j HACKER
#Deny Other Ports
echo Denying SMB from outside $LOCALNET
iptables -A INPUT --protocol tcp --dport 135:139 --source ! $LOCALNET -j HACKER
iptables -A INPUT --protocol tcp --dport 23 --source 0/0 -j HACKER
iptables -A INPUT --protocol tcp --dport 111 --source 0/0 -j DROP
echo Denying udp upto 1024
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j DROP
#Allow related connections back in
#iptables -A $EXTER_IF -m state -d $
iptables -L
Obviously this is something you couldn't do with windows, i'm curious to see what the built in firewall in XP is going to be like, if its anything like microsofts last foray into security (ISA) then i wouldn't trust it.
-
September 17th, 2001, 05:33 PM
#27
You know... I think part of the reason some people use *nix semi-exclusively is so they can feel smart because of the 'only smart people use *nix' myth that seems to be involved.
I would change that to 'only people with enough extra time on their hands use *nix'.
I mean, it's funny. I've not found many (although some exist) *nix-only users who are dedicated to their OS, but don't seem to faintly exude a sort of 'I use it, you don't, I'm smarter' kind of attitude.
As if OS matters quite so much now with the advent of TCP/IP .
[HvC]Terr: L33T Technical Proficiency
-
September 17th, 2001, 06:05 PM
#28
Junior Member
screen lock in X
Actually the screen lock in X is only good for security if your box is in run level 5.
If its in run level 3, then you can use Ctrl + Alt + Backspace to kill X, and land at the command prompt already logged in. Effectivly bypassing the screen lock.
If in run level 5 then Ctrl + Alt + Backspace should land you at the X loggin screen (logged out).
-
September 17th, 2001, 11:19 PM
#29
Obviously this is something you couldn't do with windows
I don't follow you, Petemcevoy.
So you think I can't define those rules in Windows? I don't see anything in your script I can't do with my Winbox. Maybe if you'd give me an example? I'm a retard, so I'm not as quick as you are.
And BTW: can someone like Parker take a look at this script, please? I'm no *NIX guru, but I think it's got some errors in it.
And Terr, why are you so fast? You're stealing the words right out of my mouth...again
-
September 17th, 2001, 11:36 PM
#30
Senior Member
Enlighten me
Negative said:
I don't follow you, Petemcevoy.
So you think I can't define those rules in Windows? I don't see anything in your script I can't do with my Winbox. Maybe if you'd give me an example? I'm a retard, so I'm not as quick as you are.
I've got a better idea, why don't you tell me how you would define those rules in a wondows box, how you would close down all ports apart from those you specify, or how you'd tell your windows box what to do to a packet that arrives at a particular port (DENY, DROP) - without the use of third party software
And he also said:
And BTW: can someone like Parker take a look at this script, please? I'm no *NIX guru, but I think it's got some errors in it.
What's your interest in finding errors in my script? Hogfly asked how people tighten up security on thier *nix boxes, this is what i do, why did Terr and yourself take offence at this, do i smell an attack of the green eyed monster? I'm not trying to give any air of superiority, what i dont know could fill a thousand books. I'm not interested in a flame war either, if you want somebody to bicker with, pwaring seems quite contentious - go bother him.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|