Re: Advanced Firewall Techniques

From: Omas Jakobsson (omas.jakobsson@corren.se)
Date: 07/26/02 

Date: Fri, 26 Jul 2002 08:15:02 +0200
From: Omas Jakobsson <omas.jakobsson@corren.se>
To: David Ziggy Lubowa <ziggy@one2net.co.ug>, SECURITY-BASICS@securityfocus.com

Hmmm...

I wonder where you got the idea that OpenBSD does not have a ports tree.
I just downloaded ports via CVS and to my knowledge, they are uppdating
the ports tree (just follow the patch branch for your dist.). Regarding
updating runnning services.. well "kill -HUP <pid>" after installing
patched binaries should work for most part, wouldnt it?

--to get latest ports patch branch--

export CVSROOT=anoncvs@<your closest anoncvs mirror>/cvs
cd /usr
cvs -q get -rOPENBSD_3_1 -P ports

Hard?

mvh.

/Omas Jakobsson

David Ziggy Lubowa skrev:
>
> ummh well unfortunately for OpenBSD it does not have the flexibility of
> FreeBSD i.e the ports where you can do a port upgrade with ease , IIRC you
> have to download the tarballs and install them manually , i would not go
> for OpenBSD just cause it is said to be secure i would also look at the
> ease of upgrading and patching any running services. As for protecting
> yourself from services which have vulnerabilities all i can suggest is
> that you keep updating your box and have a tight firewall which shall only
> allow what is needed and block the rest.
>
> cheers
>
> David Ziggy Lubowa
> Systems Administrator
> One2net (U)
> 7th Floor Workers Hse
> Tel: +256 41 345466
> Mob: +256 77 769064
> Fax: +256 41 345468
> Web: www.one2net.co.ug
> -----------------------------------
> A Network Of People And Technology |
> -----------------------------------
>
> On Sat, 1 Jan 2000, Eric Friedrich wrote:
>
> > I've sucessfully set up a home LAN with NAT, OpenBSD firewall, and all
> > the goodies. However, I'm wondering what the next step is. As far as
> > system maintenance, I know that all OS's require constant patches, but I
> > have no idea what that involves as far as OpenBSD goes, is there a
> > program out there which will update the system for me?
> > Also, I've heard of attacks using other protocols, and such, what
> > other security measures can I implement aside from only opening the
> > necessary ports with PF? Is there anything to protect against non tcp
> > attacks, DOS attacks and other ones I'm not mentiong? Thanks,
> >
> > limited
> >
> >
> >

Relevant Pages

  • Re: OpenBSD LiveCD -- public beta
    ... ports, instead of window manager, this really help who will use the ... I can't rescue anything with KDE. ... I've said I can fix OpenBSD problems also with the cd40.iso. ... There are many Linux LiveCDs that could be used with Linux environments, ...
    (comp.unix.bsd.openbsd.misc)
  • Re: BSD Newbie - install VIM?
    ... Partway through the installation there was an error and it failed. ... which is included in the base ports infrastructure system. ... of wsconsctl(from which the OpenBSD version was derived) and see ... jose nazario, co-author, "Secure Architectures with OpenBSD" ...
    (comp.unix.bsd.openbsd.misc)
  • RE: URL and Content Filtering Proxy
    ... I found privoxy in the ports web section on OpenBSD! ... URL and Content Filtering Proxy ...
    (Security-Basics)
  • Re: Advanced Firewall Techniques
    ... FreeBSD i.e the ports where you can do a port upgrade with ease, ... for OpenBSD just cause it is said to be secure i would also look at the ... > attacks, DOS attacks and other ones I'm not mentiong? ...
    (Security-Basics)
  • Re: OpenBSD LiveCD -- public beta
    ... There are more than 4000 ports in the tree. ... New user should not use OpenBSD if they don't undestand what they do! ... OpenBSD for this absence of stupid things! ... Here I use windows/thunderbird, I need ...
    (comp.unix.bsd.openbsd.misc)
Quantcast