search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 37

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 82
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 36
http://freshmeat.net/projects/fwlogwatch/ by Boris Wesslowski, is a similar idea, but supports more
log formats.
5.9. Where to Start
Let's take a quick look at where to run our firewall scripts from.
Portsentry can be run as an init process, like other system services. It is not so important when this is done.
Tcpwrappers will be automatically be invoked by inetd or xinetd, so not to worry there either.
But the packet filtering scripts will have to be started somewhere. And many scripts will have logic that uses
the local IP address. This will mean that the script must be started after the interface has come up and been
assigned an IP address. Ideally, this should be immediately after the interface is up. So this depends on how
you connect to the Internet. Also, for protocols like PPP or DHCP that may be dynamic, and get different IP's
on each re−connect, it is best to have the scripts run by the appropriate daemon.
Red Hat uses /etc/ppp/ip−up.local for any user defined, local PPP configuration. If this file does not
exist, create it, and make it executable (chmod +x). Then with your text editor, add a reference to your
firewall script.
For DHCP, it depends on which client. dhcpcd will execute /etc/dhcpcd/dhcpcd−<interface>.exe (e.g.
dhcpcd−eth0.exe) whenever a lease is obtained or renewed. So this is where to put a reference to your
firewall script. For pump (the default on Red Hat), the main configuration file is /etc/pump.conf.
Pump will run whatever script is defined by the "script" statement any time there is a new or renewed lease:
script /usr/local/bin/ipchains.sh
If you have a static IP address (i.e. it never changes), the placement is not so important and should be
before the interface comes up!
5.10. Summary and Conclusions for Step 3
In this section we looked at various components that might be used to construct a "firewall". And learned that
a firewall is as much a strategy and combination of components, as it is any one particular application or
component. We looked at a few of the most commonly available applications that can be found on most, if
not all, Linux systems. This is not a definitive list.
This is a lot of information to digest at all at one time and expect anyone to understand it all. Hopefully this
can used as a starting point, and used for future reference as well. The packet filter firewall examples can be
used as starting points as well. Just use your text editor, cut and paste into a file with an appropriate name,
and then run chmod +x against it to make it executable. Some minor editing of the variables may be
necessary. Also look at the Links section for sites and utilities that can be used to generate a custom script.
This may be a little less daunting.
Now we are done with Steps 1, 2 and 3. Hopefully by now you have already instituted some basic measures
to protect your system(s) from the various and sundry threats that lurk on networks. If you haven't
Security Quick−Start HOWTO for Red Hat Linux
5.9. Where to Start 34
Vedere la pagina 36
1 2 ... 32 33 34 35 36 37 38 39 40 41 42 ... 81 82

Commenti su questo manuale

Nessun commento
  • AdobeAir Evoluent UtiLite ElmoTech DAEWOO ELECTRONICS
  • Alesis Tastiere MIDI MikroTik Punti d’accesso WLAN Elite Proiettori dati Avermedia Sintonizzatori TV per computer Jacuzzi Generatori elettrici
  • Sony D-FJ787 Samsung BD-J7500 AEG L74272TL McIntosh C2300 Rexel 2104106
  • M-audio 1x1 Manuale Utente Asus CROSSHAIR V FORMULA Manuale Utente Mazda 2001 Tribute Manuale Utente Velas VD-F352U Manuale Utente Acer Extensa 5420 Manuale Utente