Re: crack traces in /var ?
First of all, thanks for your little essay, ;-)
On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote:
> partitions. I run tiger and chkrootkit occasionally, i.e. once or twice
> a week, sometimes not. The firewall box is a small hardened Woody with
> security updates, the desktop a current SID installation.
Hmmm... I run woody for a few months now, but I have _never_ run tiger
or chkrootkit. I will do so immediately...
Tiger returns clean.
Chkrootkit returns clean.
;-))
> open one of the higher ports for a few hours. Fiddeling with
> firestarter/iptables until port forwarding worked was when I shut off
> the firewall for minutes and once unfortunately a lot longer: I forgot
I use shorewall, as others have already recommended. I looked into a few
other programs, fwbuilder, ferm, plain iptables... I liked shorewall
best. It guards you from making (stupid) mistakes when scripting your own
firewall, while allowing you to use your favourite text editor to add or
comment out a single rule. No hassles, just protection.
> What I wonder is whether it is potentially dangerous for me to have
> iptables starting quite slowly on my 133MHz firewall machine, it takes
> maybe 10 seconds to get all the modules loaded while ntp already picks
> up the time and a net connection has seemingly already been established.
> I power down my system almost daily to reduce risks and keep my power
> bill lower, so there is a certain window almost daily at startup. My IP
> address is a de facto fixed one from the cable provider.
I have wondered about this too...
Hmmm... Shorewall's default is to start it _way_ after network
services... Anyone knows the debian way to deal with this? Otherwise
I'll probably add a iptables -P DROP in my /etc/network/interfaces. Is
this correct?
> PS will ook at Shrewall too
Yes, please do, :-)
David
Reply to: