[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tiger et nfs se chamaillent

Le 18/09/04 à 17:50, Francois@mescam.org écrivait:

> >   From: "Tiger automatic auditor at bazooka.ascii-club.org" <root@bazooka.ascii-club.org>
> >   Subject: Tiger Auditing Report for bazooka.ascii-club.org
> >   Date: Sat, 18 Sep 2004 14:00:07 +0200
> > 
> >   # Checking listening processes
> >   OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 633 (UDP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 636 (TCP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 662 (UDP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 665 (UDP) on every interface.
> >   OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 668 (TCP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 629 (UDP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 632 (TCP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 658 (UDP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 661 (UDP) on every interface.
> >   NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 664 (TCP) on every interface.
> 
> Pour que ces messages ne sortent plus dans /etc/tiger/tigerrc mettre rpc.mountd
> et rpc.statd dans la variable Tiger_Listening_ValidProcs
> 
> > 
> > Il y a aussi des règles iptables.
> > Je voudrais que NFS ne soit accessible que par la carte réseau à l'adresse 192.168.13.30
> 
> C'est aux règles iptables de faire en sorte que NFS ne soit accessible que par
> l'adresse indiquée.

J'espère bien que mes règles iptables interdisent toute nouvelle
connection ailleurs que sur l'interface réseau eth0 qui a l'adresse
192.168.13.30:

tuxbox:~# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 7735 1111K ACCEPT     all  --  lo     any     anywhere             anywhere
 2107  101K DROP       tcp  --  ppp0   any     anywhere             anywhere            tcp dpt:microsoft-ds
    0     0 DROP       udp  --  ppp0   any     anywhere             anywhere            udp dpt:microsoft-ds
  517 25032 DROP       tcp  --  ppp0   any     anywhere             anywhere            tcp dpt:loc-srv
    0     0 DROP       udp  --  ppp0   any     anywhere             anywhere            udp dpt:loc-srv
    2    96 DROP       tcp  --  ppp0   any     anywhere             anywhere            tcp dpt:netbios-ssn
    0     0 DROP       udp  --  ppp0   any     anywhere             anywhere            udp dpt:netbios-ssn
  214 47387 ACCEPT     udp  --  ppp0   any     anywhere             anywhere            state RELATED,ESTABLISHED
19374 4544K ACCEPT     tcp  --  ppp0   any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  ppp0   any     anywhere             anywhere            state RELATED
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere            tcp dpt:bootps
    0     0 ACCEPT     udp  --  eth0   any     anywhere             anywhere            udp dpt:bootps
  117 24088 ACCEPT     all  --  eth0   any     localnet/24          anywhere
  543 41308 ULOG       all  --  ppp0   any     anywhere             anywhere            ULOG copy_range 0 nlgroup 1 queue_threshold
20
  543 41308 DROP       all  --  any    any     anywhere             anywhere
.....

A+++
Jean-Pierre
Reply to: