OT: Centos 6 question
Ken A
ka at pacific.net
Tue Dec 27 16:35:10 GMT 2011
It depends what you are protecting. There are so many attack vectors
these days, some desktop machine will be taken over at some point. You
don't necessarily have to put a firewall on the servers, but in that
case it's usually good to have several zones, DMZs, whatever, to protect
internal servers from lower hanging fruit (desktops) for compliance or
other reasons. Sonicwall has some great boxes for this, imo. Seasons
Greetings,
Ken
On 12/27/2011 9:43 AM, Steve Campbell wrote:
> I typically don't put firewall on servers. Granted, it's an extra layer
> of protection to do so, but I run firewalls at the perimeter that would
> take care of anything a local firewall would handle "from the outside".
> There is always the possibility of someone cracking into the inside and
> having access to all the servers once inside, and this would help in the
> cracked situation.
>
> Guess I'll have to make up some rules.
>
> Thanks for all the help, everyone.
>
> steve
>
> On 12/27/2011 10:07 AM, Ken A wrote:
>>
>> On 12/22/2011 3:02 PM, Jeremy McSpadden wrote:
>>> or chkconfig iptables stop .. until you get around to building the
>>> rules out
>>
>> but _do_ get around to it, since otherwise you leave yourself open to
>> a variety of attacks on other 'running' things.
>> Ken
>>
>>
>>
>>
>>> Jeremy McSpadden
>>> Flux Labs, Inc
>>> http://www.fluxlabs.net<http://www.fluxlabs.net/>
>>> Endless Solutions
>>> Office : 850-588-4626
>>> Cell : 850-890-2543
>>> Fax : 850-254-2955
>>>
>>> On Dec 22, 2011, at 2:46 PM, Alex Neuman van der Hans wrote:
>>>
>>> Oh, and if you reboot the server it'll load the default rules again -
>>> which are "allow SSH and that's it".
>>> You need to do something like:
>>>
>>> echo "# I did this to get rid of the default rules">
>>> /etc/sysconfig/iptables
>>>
>>> ... as root in order to wipe the defaults.
>>>
>>> On 12/22/2011 3:25 PM, Steve Campbell wrote:
>>> OK, got the new version installed, turned iptables off (even though
>>> 'ps' didn't show them running) and seems well now.
>>>
>>> I'm not sure what ps is supposed to show for iptables in this
>>> version, but it appears it's iptables that was stopping it.
>>>
>>> Thanks all for all the help and have a great holiday.
>>>
>>> steve
>>>
>>> On 12/22/2011 2:35 PM, Mauricio Tavares wrote:
>>> See if
>>>
>>> yum grouplist | less
>>>
>>> gives you any ideas. then you can do, say,
>>>
>>> yum groupinfo 'Development Tools'
>>> yum groupinstall 'Development Tools'
>>> yum groupremove 'Development Tools'
>>>
>>> On Thu, Dec 22, 2011 at 2:12 PM, Steve
>>> Campbell<campbell at cnpapers.com<mailto:campbell at cnpapers.com>> wrote:
>>> I'm installing 6.2 now. One thing I noticed is that I did not see the
>>> little
>>> "network configuration" box on the install the first time. Once I get
>>> this
>>> installed, I check iptables.
>>>
>>> I'm using the "workstation" type install this time. Looking for
>>> something
>>> that gives me the least post-install headaches. Once this is all
>>> done, and
>>> I've got the grouplists installed, I'll see where I'm at.
>>>
>>> The types of installation isn't very informative, for instance, does the
>>> "workstation" install any server type apps, etc. This really belongs
>>> on the
>>> Centos list up to this point, but since the basic server will end up
>>> with
>>> MySQL, a mail server, HTTPD, PHP, and Perl, I was originally asking
>>> which
>>> "type" of installation would get me closest to that configuration.
>>>
>>> Thanks all,
>>>
>>> steve
>>>
>>>
>>> On 12/22/2011 12:57 PM, Mauricio Tavares wrote:
>>> You probably checked that, but the vm's NIC is in bridge mode, right?
>>>
>>> On Thu, Dec 22, 2011 at 12:36 PM, Jeremy
>>> McSpadden<jeremy at fluxlabs.net<mailto:jeremy at fluxlabs.net>>
>>> wrote:
>>> Stop iptables and make sure you can telnet in. then work from there. yes
>>> the
>>> network configuration is different.
>>>
>>> --
>>> Jeremy McSpadden
>>> Flux Labs, Inc
>>> http://www.fluxlabs.net
>>> Endless Solutions
>>> Office : 850-588-4626
>>> Cell : 850-890-2543
>>> Fax : 850-254-2955
>>>
>>> On Dec 22, 2011, at 11:10 AM, Steve Campbell wrote:
>>>
>>>
>>>
>>> On 12/22/2011 11:53 AM, Jeremy McSpadden wrote:
>>>
>>> The host setup shouldn't matter. Are you able to telnet into the xen vm
>>> on
>>> port 25? have you disabled iptables or allowed port 25 through ? Verify
>>> you
>>> have connectivity from the outside first, then start working back on
>>> your
>>> config files.
>>> --
>>> Jeremy McSpadden
>>> Flux Labs, Inc
>>> http://www.fluxlabs.net
>>> Endless Solutions
>>> Office : 850-588-4626
>>> Cell : 850-890-2543
>>> Fax : 850-254-2955
>>>
>>> On Dec 22, 2011, at 10:26 AM, Steve Campbell wrote:
>>>
>>> I've tried installing Centos 6.1 on a 5.7 xen host. I'm having a little
>>> trouble getting sendmail to work, and I'm not sure why. Could be the way
>>> the
>>> network NIC is configured, the fact that I'm running 6.1 under a 5.7
>>> host,
>>> or who knows, but the server isn't accepting mail at all, even after
>>> changing the line in the .mc file to accept mail from hosts other than
>>> localhost and rebuilding the .cf file.
>>>
>>> The new GUI for the Centos 6 installation seems to be somewhat confusing
>>> when it comes to asking what type of installation I would like (types
>>> being
>>> things like SQL server, web server etc.)
>>>
>>> I'm going to try the new 6.2 DVDs, but wonder what type of installation
>>> others have chosen since I'm sure there's something closer than the
>>> Workstation type I chose.
>>>
>>> Thanks and sorry for OT
>>>
>>> steve campbell
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
>>>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>> I originally tried just sending mail to the server, and got a bounce. I
>>> then
>>> tried telnet, and it too failed. The network setup in 6.1, as I recall,
>>> is
>>> nothing like the previous versions of Centos. I eventually installed
>>> Webmin
>>> and was surprised at how the NIC was configured from the install when I
>>> went
>>> to modify it. I could get to the internet, but sendmail didn't seem
>>> to be
>>> accepting mail. "ps ax" showed it running though.
>>>
>>> Thanks
>>>
>>> steve
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
>>>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
>>>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
>>>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
>>>
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>>
>>
>
--
Ken Anderson
Pacific Internet - http://www.pacific.net
Latest Pacific.Net Status - http://twitter.com/pacnetstatus
More information about the MailScanner
mailing list