Scott Taylor <[EMAIL PROTECTED]> wrote:
> On Wed, 30 May 2001, Andreas [iso-8859-1] Müller wrote:
>
> > Hallo,
> >
> > I just have a dialup account and want to prevent all machines from the
> > internet to connect to mine. As much as I understand it hosts.deny will do
> > this. I have added the following line to /etc/hosts.deny
> >
> > ALL:ALL EXCEPT localhost:DENY
>
> /etc/hosts.deny:
> All: All: deny
>
> /etc/hosts.allow
> All: localhost: allow
>
>
>
Also you should probably have the hosts' machine name in there as well
as 'localhost' - not sure if that opens any security holes or not, I'll
let those more knowledgeable speak up here...
(i.e. if the host name is 'ahost' then /etc/hosts.allow would say:
ALL: localhost: allow
ALL: ahost: allow
ALSO! Beware that this ONLY protects those things started by inetd
that use tcp-wrappers! There could be many things that are not started
by inetd that need protection also! to start out getting an idea of
what's hanging in the wind, do 'netstat -a|less' and look at the
ports that are being listened to - shut down all listeners that you
are certain you don't need or want, and investigate why you think you
should have any others...
There's lots more, but much of it is on the 'net already. Howto's on
setting up a firewall tell lots of the info you want, plus there's some
security info on places like securityfocus and rootprompt.org - go to
your favourite search engine and search for things like 'linux security'
'firewalls' and so forth...
If all else fails I can send out my security bookmarks...
rc
rc
Rusty Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
Voice: (480) 345-3621 SnailMail: Schlumberger ATE
FAX: (480) 345-8793 7855 S. River Parkway, Suite 116
Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825
ICBM: 33 20' 44"N 111 53' 47"W
