Re: Hardening a Solaris system.
From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 11/22/03
- Next message: Volker Birk: "Re: Socket security"
- Previous message: sponge: "Re: Need some advice on an IDS solution"
- In reply to: gerryt_at_gtconnect.net: "Re: Hardening a Solaris system."
- Next in thread: Richard L. Hamilton: "Re: Hardening a Solaris system."
- Reply: Richard L. Hamilton: "Re: Hardening a Solaris system."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Nov 2003 12:18:05 GMT
gerryt@gtconnect.net () writes:
>Solaris 9 comes with their own version of ssh
>If you have tcp_wrappers installed you can easily deny
>access to port 22 except for trusted IPs..
Solaris 9 comes with "tcp_wrappers" support; (based on the IPv6 version
I did); the ssh daemon is linked with that library as ldd will show.
>That leaves port 111 (rpcbind) - there is a tcp_wrapper
>version in source at playground.sun.com :
>ftp://playground.sun.com/pub/rpc
Note that that is still based on an older version of rpcbind; it's probably
best dealt with using ipfilter/SunScreen; note that protecting rpcbind does
not protect the services.
Casper
- Next message: Volker Birk: "Re: Socket security"
- Previous message: sponge: "Re: Need some advice on an IDS solution"
- In reply to: gerryt_at_gtconnect.net: "Re: Hardening a Solaris system."
- Next in thread: Richard L. Hamilton: "Re: Hardening a Solaris system."
- Reply: Richard L. Hamilton: "Re: Hardening a Solaris system."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
