Re: Tiger et nfs se chamaillent
Le 18/09/04 à 17:50, Francois@mescam.org écrivait:
> > From: "Tiger automatic auditor at bazooka.ascii-club.org" <root@bazooka.ascii-club.org>
> > Subject: Tiger Auditing Report for bazooka.ascii-club.org
> > Date: Sat, 18 Sep 2004 14:00:07 +0200
> >
> > # Checking listening processes
> > OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 633 (UDP) on every interface.
> > OLD: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 636 (TCP) on every interface.
> > OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 662 (UDP) on every interface.
> > OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 665 (UDP) on every interface.
> > OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 668 (TCP) on every interface.
> > NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 629 (UDP) on every interface.
> > NEW: --WARN-- [lin002i] The process `rpc.mountd' is listening on socket 632 (TCP) on every interface.
> > NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 658 (UDP) on every interface.
> > NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 661 (UDP) on every interface.
> > NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket 664 (TCP) on every interface.
>
> Pour que ces messages ne sortent plus dans /etc/tiger/tigerrc mettre rpc.mountd
> et rpc.statd dans la variable Tiger_Listening_ValidProcs
>
> >
> > Il y a aussi des règles iptables.
> > Je voudrais que NFS ne soit accessible que par la carte réseau à l'adresse 192.168.13.30
>
> C'est aux règles iptables de faire en sorte que NFS ne soit accessible que par
> l'adresse indiquée.
J'espère bien que mes règles iptables interdisent toute nouvelle
connection ailleurs que sur l'interface réseau eth0 qui a l'adresse
192.168.13.30:
tuxbox:~# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7735 1111K ACCEPT all -- lo any anywhere anywhere
2107 101K DROP tcp -- ppp0 any anywhere anywhere tcp dpt:microsoft-ds
0 0 DROP udp -- ppp0 any anywhere anywhere udp dpt:microsoft-ds
517 25032 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:loc-srv
0 0 DROP udp -- ppp0 any anywhere anywhere udp dpt:loc-srv
2 96 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:netbios-ssn
0 0 DROP udp -- ppp0 any anywhere anywhere udp dpt:netbios-ssn
214 47387 ACCEPT udp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
19374 4544K ACCEPT tcp -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- ppp0 any anywhere anywhere state RELATED
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:bootps
0 0 ACCEPT udp -- eth0 any anywhere anywhere udp dpt:bootps
117 24088 ACCEPT all -- eth0 any localnet/24 anywhere
543 41308 ULOG all -- ppp0 any anywhere anywhere ULOG copy_range 0 nlgroup 1 queue_threshold
20
543 41308 DROP all -- any any anywhere anywhere
.....
A+++
Jean-Pierre
Reply to: