Mental on Thu, 21 Oct 1999 17:05:11 -0400 (EDT) |
First of all, you could just block smb at the router. I mean... unless you need to let smb traffic in. But.. if you need to do that, odds are you'll also need a WINS server to manage the names. Also, in smb.conf you can do the equivalent of hosts.allow and hosts.deny. Just so you know. So.. unless you need to route smb traffic, just confine it to one network. # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. Mental -- Fear Not the Dark within this night; Beneath the Sky of Deadly Light; Of raging fire seen from afar; The Fear inside of who you are. On Thu, 21 Oct 1999, Darxus wrote: > > My boss, who's been at a couple of the PLUG meetings, is interested in > trying a Linux Samba server. But he wants me to document how to secure & > monitor it first (as if this is done for any NT box here). > > As far as security, I expect the following to be far more than sufficient > (and be way more secure than any NT box on our network): > > 1) use ipchains to restrict all but samba & ssh connections > 2) install tripwire > 3) remove all server programs not in use > > I am familar with all 3 processes. > > For monitoring, he basically wants a Linux equivalent of NT's perfmon > (Performance Monitor). I think he basically wants to see cpu, memory, and > network load over time, in a GUI (he used the word GUI when stating his > requirments). > > Now, I've written a perl script that uses stuff in /proc to display load > over given intervals (in plaintext, similar to vmstat), and I could > probably add cpu load & memory usage somehow, and then plot it with GNU > Plot or something, but I'm wondering if there's anything that already > exists that would do these things for me and not make me build it myself. > > __________________________________________________________________ > PGP fingerprint = 03 5B 9B A0 16 33 91 2F A5 77 BC EE 43 71 98 D4 > darxus@op.net / http://www.op.net/~darxus > Join the Great Internet Mersenne Prime Search > http://www.mersenne.org/prime.htm > > > > _______________________________________________ > Plug maillist - Plug@lists.nothinbut.net > http://lists.nothinbut.net/mail/listinfo/plug > _______________________________________________ Plug maillist - Plug@lists.nothinbut.net http://lists.nothinbut.net/mail/listinfo/plug
|
|