Re: Query on OS hardening

[m p <sumirati () yahoo de>]

 --- Tim Chettle <tim.chettle () orange net> schrieb: 
> My question is as to what methods people use to manage and monitor the
> underlying Unix operating systems on the firewalls. SNMP doesnt seem the
> best thing to be running on the Firewall itself so how would people suggest
> that i monitore the OS

At the last customer I worked for we developed a small program which takes
connections via SSL. On the firewall was an access list for the managment
servers to allow connections to that port. Upon connect the IP and a pre-shared
secret was checked. A simple string was passed to the server. That string was
checked against a list on a per IP base with allowed/disallowed parameters.
Then predefined shell scripts with the correct parameter settings were
executed. STDOUT of ps, df, du, .... was passed back to the client. 

2 weeks at max to write up the code again if you work fulltime on it. Sadly the
company would not release the code to the public. 

Marc


__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards