Thanks for various comments regarding cc:Mail etc. If anyone else has opinions
I look forward to hearing them.
I'm going through my /etc/services file again (Solaris 2.3). The FW+Inet
Security bible makes a load of recommendations about what to allow -
however it doesn't consider all the entries in the default solaris services
file, viz
name 42/udp nameserver
rje 77/tcp
hostnames 101/tcp hostname # usually to sri-nic
iso-tsap 102/tcp
x400 103/tcp
x400-snd 104/tcp
csnet-ns 105/tcp
printer 515/tcp
courier 530/tcp
new-rwho 550/tcp #experimental
rmonitor 560/udp #experimental
pcserver 600/tcp #experimental
ingreslock 1524/tcp
lockd 4045/udp #NFS lock daemon/manager
lockd 4045/tcp #NFS lock daemon/manager
I'm inclined to take all of these out. I'm slighly wary as to whether I'm
going to shoot myself in the foot by doing so however, as I don't really
know what half of these do! We don't have any need for X.400 mail; I'm
not running a printer or NFS from my firewall either. And needless to
say I'm not running Ingres on it!!! Anyone comment upon whether I should
keep any of these ?
Thanks all again,
Danny
Follow-Ups:
|
|
