Eric Base Notes

Security

Patching, TCP Wrappers, IP Filter (local packet filter) and router-level filtering.

Patching

Eric is regularly patched! Patches are to be found at sunsolve.sun.com.

The directory from which the patches are installed must be readable by user nobody since the installation scripts run as this user. To confirm this

    cd <patch_dir>
    su nobody
    pwd

If the patch directory is not readable by nobody patches will not be installed:

    pkgadd: ERROR: checkinstall script did not complete successfully

TCP Wrappers

TCP Wrappers is installed. See Cosmeric Security for details.

Router-level ACLs

Router-level filtering of packets is in action. See Cosmeric Security for details.

IP Filter

    /etc/ipnat.rules
    /etc/ipf.rules
    /etc/init.d/ipfboot
    /etc/rc2.d/S65ipfboot -> ../init.d/ipfboot

See Cosmeric Security for details of the IP Filter configuration.

...previous

cont's...

About this document:

Produced from the SGML: /home/isd/public_html/_eric/_reml_grp/base_notes_eric.reml
On: 12/10/2005 at 12:11:8
Options: reml2 -i noindex -l long -o html -p multiple