On Wed, 2002-05-01 at 14:51, Femme wrote: > On 01 May 2002 14:24:21 +1000 > Brian Parish <[EMAIL PROTECTED]> wrote: > > > > > > Now the next thing you need to do to make the experience really > > complete, is to use it to lock up your system so tight that you can't > > get into it at all. Easily done on a server that has no > > keyboard/monitor associated with it. i.e. the only way in is the > > network. Just run InteractiveBastille, forget to include eth0 in your > > trusted interfaces, lock down all ports and bingo! > > > > Now you may think this sounds like personal experience, but of course > > I would never do such a thing. ;-) > > > > Brian > > *Hugs brian tightly* Ty.... I didn't know that... I"m looking at some > docs for how it works before I do something really stupid. IE what you > managed ;p > > Btw........ Just how do I undo that if you I *do* manage to fubar the > system like that besides an reinstall ? > > TIA Love, the warning will be well heeded. > > Femme > Well it's no problem if you have direct access to the console. Just login there, edit the /etc/Bastille/bastille-firewall.cfg file. Find "trusted interfaces" and add eth0 there. Then as root:
service bastille-firewall restart My problem was that this machine sits in a closet, with no screen, keyboard, or mouse attached. Not a major problem, but a little embarrassing when your network configuration work results in having to pull out the machine and set it up on a bench to fix it. It was very secure though! Remember, the InteractiveBastille does lots more than just setting your iptables rules. Some of the stuff about limiting access to the console, password protecting the lilo prompt etc., could really lock you out. But you would have to go against the defaults for that. You can safely assume that "I don't understand so I'll accept the default" won't break your system. One last word on that though, there is a question on limiting use of system resources to combat denial of service attacks. Answering yes to that one caused problems su'ing to root or something IIRC. The setting it made needed a couple of extra zeros. You may like to check the archives on that one, or can anyone who knows comment? May not be an issue with the version that ships with 8.2 I said no, so I can't comment. Have fun Brian
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com