Re: My first firewall
On Wed, May 22, 2002 at 01:54:10AM +0600, nishan wrote:
> some intrusion detection:
> build as much in module format as you can and don't keep modules that you
> don't need.
I would rather suggest deactivating modules at all, just to avoid possible
LKM root-kits.
And make sure no compiler or linux sources are left on the system
after it goes into production ;)
If it should be just a firewall, I think the only open port should be
ssh (restricted to certain hosts or just to the IP of your workstation).
BTW, getting a 2.4.x kernel running on potato implies upgrading some
stuff, at least modutils (not needed if you go without modules).
have a nice day
Frederik Schüler
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: