*NIX Firewall
jludwig
wralphie at comcast.net
Tue May 17 21:16:25 UTC 2005
On Tuesday 17 May 2005 01:31 pm, Rick Stevens wrote:
> Vincent Jordan wrote:
snip
> Unless you're running an ancient 2.2 kernel, it will be "iptables".
> There are a number of GUI tools to help you configure it. My favorite
> is "firestarter" (http://www.fs-security.com) but your preference may be
> something else.
>
> > Intrusion Detection / snort, portsentry?(where did portsentry go)
>
> Both are good. PortSentry is at
>
> http://sourceforge.net/projects/sentrytools
>
> but that's an older version. Check the freshmeat repositories for later
> versions (I think there's an updated version for FC3 there). You can
> also configure iptables to log break in attempts, but it will rapidly
> grow your logs to a ridiculous extent.
>
> > VPN / pppd, pptp, ipsec
>
> Yup. There are others. Google is your friend! :-)
>
> > MTA / postfix, fetchmail
>
> Don't forget sendmail and qmail. By the way, fetchmail is NOT an MTA as
> it doesn't speak SMTP. It is, rather, an MUA (speaks POP, IMAP, etc.).
>
> > FTP / vsftp
>
> vsftpd comes with most newer Linuxen. There's also ProFTP.
>
> > Anti-spam / spam assassin
>
> Also spaminator, bogofilter, lots more. Don't forget virus filtering,
> too. Try ClamAV for that.
>
> > Internet Proxy / squid
>
> Ah, yes, the default standard for proxies.
> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
> - VitalStream, Inc. http://www.vitalstream.com -
> - -
> - "The Schizophrenic: An Unauthorized Autobiography" -
I would and packages not mentioned, tripwire, chkrootkit, and clamav.
All these can be run with cron during off hours and the data mailed to the
system administrayttor(s).
--
John H Ludwig
Common sense is so rare, why do they call it common!!!
I'm not schitziod! I got better tomorrow.
More information about the Redhat-install-list
mailing list