Re: [Setup-tool-hackers] I thought I would check and see first...
- From: Burra <burra colorado edu>
- To: Mitch Allmond <gte203h prism gatech edu>
- Cc: Chema Celorio <chema ximian com>, <setup-tool-hackers ximian com>
- Subject: Re: [Setup-tool-hackers] I thought I would check and see first...
- Date: Tue, 24 Jul 2001 14:48:02 -0600 (MDT)
Right... so how about this for the "basic" configuration dialog:
Allowed Services:
SSH [] FTP [] TELNET [] Ping []
... etc ...
Anti Spoofing protection []
Syn flood protection []
Port scan protection []
Accept all local packets []
Accept all established connections []
Accept all related connections []
Trusted hosts: _____________________________________
Block hosts: _____________________________________
... something like the above, but I will make it much easier to use and
multi-interface compat.
I think for the "more options" area I will give the option of adding your
own rules.. of course ;)
Also, in the end, I will add a panel applet to monitor your firewall.
--------------------[-- burra@colorado.edu --]--------------------------
On Tue, 24 Jul 2001, Mitch Allmond wrote:
> I think such a tool is seriously needed. I say go for it. However, try to keep it
> very elegant. A 13 year old ought to be able to make sense of it. I kind of liked
> my diagram of it where each device is shown, the common services with their ports,
> spaces for manual port input, and then check boxes to select which device has that
> service/port blocked and which doesn't. It just makes more sense like that to
> people that have no clue about firewalls. All they'll see is that "if I click this
> button, no one outside can access my ssh server."
>
>
> Burra wrote:
>
> > Yes, I guess a firewall configurator makes more sense if xst is just for
> > system configuration files. I could do this very easily... I can do rules
> > to open up/block specific ports, allow trusted hosts, disallow untrusted
> > hosts, block typicaly dos attacks and block port scans for iptables,
> > ipchains, and ipf.
> >
> > We might put this under "Security" and tie in host.allow/hosts.deny
> > configuration, PAM configuration, and other /etc based security config
> > files.
> >
> > Thoughts?
> >
> > --------------------[-- burra@colorado.edu --]--------------------------
> >
> > On Tue, 24 Jul 2001, Mitch Allmond wrote:
> >
> > > what about a firewall configurator? Is this in the works? It would be great to
> > > have a tool in xst that can configure iptable firewalls, and give the option
> > > for it to be activated on boot or not. I'll do a little text example
> > > below. The idea is to show each ethernet device, supply check boxes to block
> > > or open that service/port to that device, to allow user input for specific
> > > ports, and to allow masquerading.
> > >
> > > Eth0 Eth1
> > > _ ssh _
> > >
> > > _ smtp _
> > >
> > > _ http _
> > >
> > > _ etc... _
> > >
> > > _ X11 _
> > >
> > > _ | insert port | _
> > >
> > > _ | insert port | _
> > >
> > > ---------------------------------------
> > > _ masquerade virtual ips (default 192.168.0.0) manual _____________
> > > _ close all ports/services not handled above
> > >
> > >
> > > etc......... you get the point
> > >
> > > if there was
> > >
> > > Chema Celorio wrote:
> > >
> > > > On 23 Jul 2001 21:15:27 -0600, Burra wrote:
> > > > >
> > > > > Hi setup-tool hackers,
> > > > > After successfully creating the basic componets of a setup tool, I am
> > > > > about to (currently actually) impliment a "security-setup-tool". This
> > > > > tool will check your file system, services, network, the list goes on...,
> > > > > and offer fixes once it has encountered a security problem.
> > > > >
> > > > > I thought I would check and see first if someone is already impliemnting
> > > > > this... Anyone? I guess I am looking for a blessing from everyone to go
> > > > > ahead :)
> > > >
> > > > The idea sounds great, but i am not sure it belong inside XST. XST read
> > > > system configuration and write system configuration. This security
> > > > program sounds good but does not quite fit in the architecture.
> > > >
> > > > >
> > > > > If no one is already doing this, I will post my code, once I get all
> > > > > basic functions in place, for approval to add it to cvs, hopefully :)
> > > > >
> > > > > --------------------[-- burra@colorado.edu --]--------------------------
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > setup-tool-hackers maillist - setup-tool-hackers@ximian.com
> > > > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> > > > >
> > > >
> > > > _______________________________________________
> > > > setup-tool-hackers maillist - setup-tool-hackers@ximian.com
> > > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> > >
>
_______________________________________________
setup-tool-hackers maillist - setup-tool-hackers@ximian.com
http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]