8 More Discussions You Might Find Interesting
1. SCO
I'm under huge pressure to recover data from an old server that only gets booted very infrequently. The data on it is urgently required - isn't always??!
..
Server is an HP DL380G5 which is running SCO Unixware 7.11
..
It has 3 partitions in a RAID 5 Configuration: 1 of 10GB (I assume it... (19 Replies)
Discussion started by: BernP
19 Replies
2. UNIX for Dummies Questions & Answers
HI I am a datastage (ETL) developer , i have sequence and it has got one job to run , by using UNIX / Shell script , i have to find " after running the job in sequence successfully , i need to find whether it has inserted any no of records into the table or not "? both source and targets DB2... (2 Replies)
Discussion started by: sopinti
2 Replies
3. Cybersecurity
Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP.
... (0 Replies)
Discussion started by: savigabi
0 Replies
4. Solaris
Hi guys,
Is there any script or program which i can use to verify that my hardening setting is all correct ? Recently i am given a task to make sure my Sun servers are all harden properly though sunjass was already introduced. I need to generate a report to convince my manager that the settings... (0 Replies)
Discussion started by: ahlude
0 Replies
5. UNIX for Advanced & Expert Users
Hi people,I am trying to install Debian Lenny Betta-2 on a system that has the built in promise chip for "Raid 0" but when I finished the install and then I reboot ,I get "grub loading,pleas wate... Error 2.
also the Debian Lenny Betta-2 is identifying both drives ,instead of a singular drive... (4 Replies)
Discussion started by: thegreatalsky
4 Replies
6. Solaris
What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies
7. Solaris
So I've just done my first install of Solaris. I installed it on an x86 system and am now in the processing of figuring out what I need to do to 'harden' it. I've got the Security kit downloaded (jass) but I am not sure what to do with the .tar file.
I can't seem to find any easy steps to... (6 Replies)
Discussion started by: flood
6 Replies
8. UNIX for Dummies Questions & Answers
Greetings all.
I need is a script that will move a file from one known dir to another, then grab another file from a different dir to replace it, and have absolutely zero clue how to do this.
Here's what I am trying to do:
A web client wants his site header image to change based on US... (2 Replies)
Discussion started by: ccvortex
2 Replies
SHOREWALL6-NESTING(5) [FIXME: manual] SHOREWALL6-NESTING(5)
NAME
nesting - shorewall6 Nested Zones
SYNOPSIS
child-zone[:parent-zone[,parent-zone]...]
DESCRIPTION
In shorewall6-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be
neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as
sub-zones of the firewall zone.
Where zones are nested, the CONTINUE policy in shorewall6-policy[2](5) allows hosts that are within multiple zones to be managed under the
rules of all of these zones.
EXAMPLE
/etc/shorewall6/zones:
#ZONE TYPE OPTION
fw firewall
net ipv6
sam:net ipv6
loc ipv6
/etc/shorewall6/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
- eth0 detect blacklist
loc eth1 detect
/etc/shorewall6/hosts:
#ZONE HOST(S) OPTIONS
net eth0:[::]
sam eth0:[2001:19f0:feee::dead:beef:cafe]
/etc/shorewall6/policy:
#SOURCE DEST POLICY LOG LEVEL
loc net ACCEPT
sam all CONTINUE
net all DROP info
all all REJECT info
The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is
sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that
this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the
IMPLICIT_CONTINUE option in shorewall6.conf[3](5).
Partial /etc/shorewall6/rules:
#ACTION SOURCE DEST PROTO DEST PORT(S)
...
ACCEPT sam loc:2001:19f0:feee::3 tcp ssh
ACCEPT net loc:2001:19f0:feee::5 tcp www
...
Given these two rules, Sam can connect with ssh to 2001:19f0:feee::3. Like all hosts in the net zone, Sam can connect to TCP port 80 on
2001:19f0:feee::5. The order of the rules is not significant.
FILES
/etc/shorewall6/zones
/etc/shorewall6/interfaces
/etc/shorewall6/hosts
/etc/shorewall6/policy
/etc/shorewall6/rules
SEE ALSO
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)
NOTES
1. shorewall6-zones
http://www.shorewall.net/manpages6/shorewall-zones.html
2. shorewall6-policy
http://www.shorewall.net/manpages6/shorewall6-policy.html
3. shorewall6.conf
http://www.shorewall.net/manpages6/shorewall6.conf.html
[FIXME: source] 06/28/2012 SHOREWALL6-NESTING(5)
