Re: How to login user automatically? (for IP Filter firewall)
From: Lee Harr (missive_at_frontiernet.net)
Date: 09/08/04
- Next message: Jason Bourne: "Re: Newb questions"
- Previous message: John Bleichert: "Re: Web server on port 80"
- In reply to: WinGuy: "Re: How to login user automatically? (for IP Filter firewall)"
- Next in thread: Martin: "Re: How to login user automatically? (for IP Filter firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 08 Sep 2004 20:04:32 GMT
> I'm too inexperienced to know more than that I should wonder if I run
> IP Filter (see http://www.obfuscation.org/ipf/ipf-howto.html ) via rc.local
> then is it running with root permissions? Basically, I worry about some way
> to hack IP Filter (via internet), some unsuspected weakness, with the result
> being root privileges; and while I realize that's not at all likely it is
> still prudent to to guard against a remote unlikelyhood anyway. So maybe I'd
> want to run it from a less priviledged account, can I do that without having
> to login to that account (this sounds a little dumb even to me, since I
> assume IP Filter file and directory permissions can address that question
> and so rc.local really doesn't expose root to a possible hack unless those
> IP Filter file permissions are set wrong). I'm still ignorant and confused
> in this regard.
>
You can certainly run programs without having to "log in" to the account.
There are a bunch of services which get started at boot time (man rc
will give you the lowdown). There is also cron.
As for someone hacking IP Filter (or IPF) I do not think there is much
you can do to prevent that except to stay up to date and follow the
announce or security lists. You may want to look at intrusion detection
if it is very important system.
I do not believe there is any way to run IP Filter as an
unpriviledged user.
> But I might have made a mistake going with FreeBSD. Maybe I have to go with
> OpenBSD. One of the cool things about IP Filter is that it can bridge
> interfaces and not even use IP addresses on the 2 ethernet cards at all.
A few years ago, I selected OpenBSD over FreeBSD for one particular
setup for just this reason. I believe it is now supported in 5.x but
I read some cautionary tales on the -current list a few weeks ago.
It looks like there are some patches available for 4.x also:
http://ezine.daemonnews.org/200211/ipfilter-bridge.html
Start reading and trying stuff out on a practice system. It is
a really great way to learn.
- Next message: Jason Bourne: "Re: Newb questions"
- Previous message: John Bleichert: "Re: Web server on port 80"
- In reply to: WinGuy: "Re: How to login user automatically? (for IP Filter firewall)"
- Next in thread: Martin: "Re: How to login user automatically? (for IP Filter firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
