[clue-admin] CLUE server issues update
Jed S. Baer
thag at frii.com
Wed Jun 29 18:36:13 MDT 2005
On Wed, 29 Jun 2005 13:07:42 -0600
Crawford Rainwater wrote:
> The list I have
> initially are 25, 21212 (ssh), 25000 (webmin), This might further
> assist with the email issues. Plan B would be to put it out in front of
> our firewall there without any iptables (save defaults are "ACCEPT") and
> build them up that way, then have those tables mimicked on Linux ETC's
> firewall. However, during this part, the box is completely open to
> various web bot attacks and scans.
Well, it was hanging out in the wind previously. We were getting ssh
attacks regularly, but I suspect that moving it to another port as you've
done will be a major help for that. But I wouldn't do it without any
iptables at all. I'd do it with only necessary ports open.
Also, don't forget port 2401 for the CVS pserver.
We've talked about all this security stuff a lot, but it's never gone
anywhere. Maybe that's a topic for the admin meeting (oh, I see Jeff
mentioned he'd add them to the agenda). Some (a lot?) was discussed in the
context of how to set up member accounts. Also, for example:
http://clue.denver.co.us/pipermail/clue-admin/2005-March/002033.html this
thread.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list