Re: [Setup-tool-hackers] I thought I would check and see first...

From: Burra <burra colorado edu>
To: Mitch Allmond <gte203h prism gatech edu>
Cc: Chema Celorio <chema ximian com>, <setup-tool-hackers ximian com>
Subject: Re: [Setup-tool-hackers] I thought I would check and see first...
Date: Tue, 24 Jul 2001 14:32:48 -0600 (MDT)


Yes, I guess a firewall configurator makes more sense if xst is just for
system configuration files. I could do this very easily... I can do rules
to open up/block specific ports, allow trusted hosts, disallow untrusted
hosts, block typicaly dos attacks and block port scans for iptables,
ipchains, and ipf.

We might put this under "Security" and tie in host.allow/hosts.deny
configuration, PAM configuration, and other /etc based security config
files.

Thoughts?

--------------------[-- burra@colorado.edu --]--------------------------

On Tue, 24 Jul 2001, Mitch Allmond wrote:

> what about a firewall configurator? Is this in the works? It would be great to
> have a tool in xst that can configure iptable firewalls, and give the option
> for it to be activated on boot or not.  I'll do a little text example
> below. The idea is to show each ethernet device, supply check boxes to block
> or open that service/port to that device, to allow user input for specific
> ports, and to allow masquerading.
>
>     Eth0                                Eth1
>         _                ssh                _
>
>         _                smtp             _
>
>         _                http               _
>
>         _                etc...              _
>
>         _                X11               _
>
>         _            | insert port |    _
>
>         _            | insert port |    _
>
> ---------------------------------------
> _    masquerade virtual ips (default 192.168.0.0) manual _____________
> _    close all ports/services not handled above
>
>
> etc......... you get the point
>
> if there was
>
> Chema Celorio wrote:
>
> > On 23 Jul 2001 21:15:27 -0600, Burra wrote:
> > >
> > > Hi setup-tool hackers,
> > > After successfully creating the basic componets of a setup tool, I am
> > > about to (currently actually) impliment a "security-setup-tool". This
> > > tool will check your file system, services, network, the list goes on...,
> > > and offer fixes once it has encountered a security problem.
> > >
> > > I thought I would check and see first if someone is already impliemnting
> > > this... Anyone? I guess I am looking for a blessing from everyone to go
> > > ahead :)
> >
> > The idea sounds great, but i am not sure it belong inside XST. XST read
> > system configuration and write system configuration. This security
> > program sounds good but does not quite fit in the architecture.
> >
> > >
> > > If no one is already doing this, I will post my code, once I get all
> > > basic functions in place, for approval to add it to cvs, hopefully :)
> > >
> > > --------------------[-- burra@colorado.edu --]--------------------------
> > >
> > >
> > > _______________________________________________
> > > setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> > >
> >
> > _______________________________________________
> > setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
>


_______________________________________________
setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
http://lists.ximian.com/mailman/listinfo/setup-tool-hackers

Follow-Ups:
- Re: [Setup-tool-hackers] I thought I would check and see first...
  - From: Mitch Allmond
- Re: [Setup-tool-hackers] I thought I would check and see first...
  - From: Luis Villa

References:
- Re: [Setup-tool-hackers] I thought I would check and see first...
  - From: Mitch Allmond

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]