Easing security on "public" server.
I have a Debian 1.3 server running wu-ftpd and apache. This
server is intended for "public" use. Last weak my boss found out
that he was not able to telnet or ftp to that machine. It turned out
that his DNS entry and reverse DNS entries didn't match for his
laptop so the server was kicking him off. That problem is fixable
however with as many screwed up DNS entries that I have seen from
many ISPs and with the lack of understanding some ISP's have it is
certain that this will come up again. We really don't want our FTP
and web servers inaccessible because some ISP doesn't know what he is
doing.
I don't want to be too open, but on this machine I would
like to loosen the access a bit. One thing that I am aware of is
that there are some options during compile of tcpd so that it
doesn't worry about DNS. During setup of NFS I learned a bit about
the host.allow and host.deny files. I really don't have a good feel
for the extent of control that is available thru these files and
possibly others.
Basically I need to figure out the best plan of attack on the
following:
1. Allowing access to this server right now.
(Nothing too extreme, if possible. Recompiling tcpd isn't
that extreme if it's the best approach.)
2. Learn more about security access.
- man pages
- FAQs and HOWTOs
- Books
In the end I need to understand what's going on fairly well but right
now it's important to have the server usable for it's intended use.
It is probably going to take a while to learn as much as is necessary
so any help is greatly appreciated.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: