Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securing a Linux Firewall

From: Kevin Steves <kevin () atomicgears com>
Date: Fri, 26 Jul 2002 17:50:38 -0700
On Tue, Jul 23, 2002 at 11:37:38AM -0400, Marc DVer wrote:

I have a computer set up for the exclusive use as a gateway/firewall running
IPChains.  I would like to know if I can safely shut down the rpc.statd
service.  According to the man page, " It is used by the NFS file locking
service, rpc.lockd, to implement lock recovery when the NFS  server machine
crashes and reboots."  Since I am not using NFS (or at least I believe I am
not; the firewall is the only *nix computer on the network, and isn't used
for file sharing) can I safely turn this off?  I have read that turning off
unneeded services is needed to secure a linux box, which is doubly a concern
with a firewall.


My basic methodology for constructing a bastion host is outlined in:
http://people.hp.se/stevesk/bastion11.html

Yes, the example is on HP-UX 11, but the general approach is applicable
to many Unix environments.  I have used the strategy on Redhat Linux
for example.

I prefer Unix operating environments that easily permit a "minimal" or
"secure by default" install.  Then the user can add the software and
packages that they require.  The strip down approach is flawed, but in
many cases there is no other choice.

-- 
Kevin Steves     | kevin () atomicgears com
Atomic Gears LLC | http://www.atomicgears.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: