Re: [Setup-tool-hackers] I thought I would check and see first...

[Mitch Allmond <gte203h prism gatech edu>]

I think such a tool is seriously needed. I say go for it. However, try to keep it
very elegant. A 13 year old ought to be able to make sense of it.  I kind of liked
my diagram of it where each device is shown, the common services with their ports,
spaces for manual port input, and then check boxes to select which device has that
service/port blocked and which doesn't. It just makes more sense like that to
people that have no clue about firewalls. All they'll see is that "if I click this
button, no one outside can access my ssh server."


Burra wrote:

> Yes, I guess a firewall configurator makes more sense if xst is just for
> system configuration files. I could do this very easily... I can do rules
> to open up/block specific ports, allow trusted hosts, disallow untrusted
> hosts, block typicaly dos attacks and block port scans for iptables,
> ipchains, and ipf.
>
> We might put this under "Security" and tie in host.allow/hosts.deny
> configuration, PAM configuration, and other /etc based security config
> files.
>
> Thoughts?
>
> --------------------[-- burra@colorado.edu --]--------------------------
>
> On Tue, 24 Jul 2001, Mitch Allmond wrote:
>
> > what about a firewall configurator? Is this in the works? It would be great to
> > have a tool in xst that can configure iptable firewalls, and give the option
> > for it to be activated on boot or not.  I'll do a little text example
> > below. The idea is to show each ethernet device, supply check boxes to block
> > or open that service/port to that device, to allow user input for specific
> > ports, and to allow masquerading.
> >
> >     Eth0                                Eth1
> >         _                ssh                _
> >
> >         _                smtp             _
> >
> >         _                http               _
> >
> >         _                etc...              _
> >
> >         _                X11               _
> >
> >         _            | insert port |    _
> >
> >         _            | insert port |    _
> >
> > ---------------------------------------
> > _    masquerade virtual ips (default 192.168.0.0) manual _____________
> > _    close all ports/services not handled above
> >
> >
> > etc......... you get the point
> >
> > if there was
> >
> > Chema Celorio wrote:
> >
> > > On 23 Jul 2001 21:15:27 -0600, Burra wrote:
> > > >
> > > > Hi setup-tool hackers,
> > > > After successfully creating the basic componets of a setup tool, I am
> > > > about to (currently actually) impliment a "security-setup-tool". This
> > > > tool will check your file system, services, network, the list goes on...,
> > > > and offer fixes once it has encountered a security problem.
> > > >
> > > > I thought I would check and see first if someone is already impliemnting
> > > > this... Anyone? I guess I am looking for a blessing from everyone to go
> > > > ahead :)
> > >
> > > The idea sounds great, but i am not sure it belong inside XST. XST read
> > > system configuration and write system configuration. This security
> > > program sounds good but does not quite fit in the architecture.
> > >
> > > >
> > > > If no one is already doing this, I will post my code, once I get all
> > > > basic functions in place, for approval to add it to cvs, hopefully :)
> > > >
> > > > --------------------[-- burra@colorado.edu --]--------------------------
> > > >
> > > >
> > > > _______________________________________________
> > > > setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> > > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> > > >
> > >
> > > _______________________________________________
> > > setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> >


_______________________________________________
setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
http://lists.ximian.com/mailman/listinfo/setup-tool-hackers