Here's what I did...
I edited the file '/etc/rc.d/rcfirewall', and added rules for the
services that i required, or wanted to block...
It was in the form:
ipchains {rule.....}
ipchains {rule...} etc., etc.
Try "man ipchains" and/or search the web for sample
rcfirewall scripts, and how to create them. Might be of use...
note: I now use an old machine (486) with smoothwall installed on it, and it
sits between my local machines and the outside world.. Way easier ;)
Might still have the file somewhere, I'll have a look....
G
----- Original Message -----
From: Judith Miner <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 04, 2001 2:57 AM
Subject: [newbie] Internet Security
> First of all, thanks to everyone who shared their opinions on working as
> root. I've printed out a bunch of messages and will be digesting them as
> time allows. For those who wondered why I need to be root so often, it's
> because I'm still very much involved in getting the system set up,
> installing programs, etc., and it seems I have to be root in order to do
> a lot of what needs to be done. Once the system is complete and has a
> chance to settle, I can handle working as user. But for now, it is very
> inconvenient.
>
> My priorities now are first, to firm up my Internet security; second, to
> get my Type 1 fonts working and available to applications; third, to
> figure out what's going on with the printers.
>
> Today I worked on Internet security. I tried some of the things
> suggested and frankly, I don't have a clue. I don't understand the
> directions, I can't find some of the things suggested, I can't deal with
> scripts, I don't have six months to take a course.<g> I read the How
> To's on network security and firewalls and they descended into geekspeak
> much too fast and far too deeply and I was lost.
>
> Remember, I'm your test case--the Windows user who wants to say good-bye
> to Microsoft but does not want to and will not become a command
> line/console sort of gal. Mandrake 8 claims to have me in mind.<g>
>
> Since I was stumped by the console approach, here's what I did in
> desperation to get my ports closed on the Internet. I ran draksec as
> root from a command line and when it came up, I set my security to
> Medium. I also ran BastilleChooser and picked the Medium level, no
> server option. Then I went on the Web and back to grc.com and
> sdesign.com to test my ports. At grc.com all my ports were closed, which
> was an improvement from when I tested before and my SMTP port was
> reported open. I turned off some startup process or whatever it's called
> that had something to do with mail transport. So okay, some progress. At
> sdesign.com I had fewer ports open than I did before, but I'm still
> seeing open ports at 631 (tcp) and 6000 (tcp X11).
>
> I got the same results whether I went online as root or as user.
>
> How can I get those ports closed? Clear directions much appreciated! If
> you tell me exactly where to look and what to edit, I can do it, but I
> can't figure it out on my own.
>
> I tried to run the interactive Bastille but I didn't understand the
> options and the explanations were much too sketchy. I don't like to make
> decisions like that when I don't understand what I'm doing. So I ran
> BastilleChooser instead and figure it's better than nothing. Why isn't
> Bastille on medium security closing all my ports?
>
> Thanks very much for any help you can give.
> --Judy Miner
>
>
