Re: Hardening a Solaris system.

gerryt_at_gtconnect.net
Date: 11/24/03 

Date: Mon, 24 Nov 2003 17:26:16 GMT

In article <3fc0f942$0$1505$e4fe514c@news.xs4all.nl>,
        Casper H.S. *** <Casper.***@Sun.COM> writes:
> gerryt@gtconnect.net () writes:
>
>>Yes I use both a wrapped version of rpcbind and ip-filter rules..
>>Is the playground rpcbind not really recommended anymore on 9??
>
> The only rpcbind I could find is the standard tirpc2.3 one; it does not
> have all security fixes available in S9; I'm not even sure it support
> Ipv6 properly.

playground has this:
rpcsrc_40.tar 1100 KB 21/07/98 12:00:00 AM
The others are 1995 or earlier. Pretty OLD : >
Yes Ipv6 would be a problem Im sure. But we know who can fix
THAT dont we : >

>>You are talking about ports 32771 and above? I have a range in
>>ip-filter blocked but its true that that range could be exceeded..
>>One could cobble up a script to detect deltas how do you avoid windows
>>of vulnerability??
>
> Why allow those ports in in the first place?

a) I dont have a router - yet - : >
b) I dont except maybe locally. Right now I see:
   32771,2,6,7,8,9 listening
   The box is set up to do jumpstarts.

Ill see what I can do about a 3271??-32799 rule in ip-filter : >
Unless theres a better way.