This may not be entirely relevant for firewalls, but I think it is
I have an opportunity to get a couple of old Sun IPCs to use to
provide services such as RARP, bootp/dhcp, bootparams, etc as well as
some network listening. RARP under SunOS 4.1.n needs the /dev/nit
device, which I do not want to put on an "open" machine.
Would stripping all services from /etc/inetd, stopping nfs, NIS, etc,
basically only allowing console logins, and only supporting sendmail
going out, ftp going out, pulling unneeded devices/filesystem
types/etc out of the kernel, etc be sufficient protection for this
box, or are there some other parameters that would need to be tweaked
either in the kernel at run time or in some header files?
Basically I would like to lock that /dev/nit device into a controled
environment. It would be a pain in the but to administer, but it
should not require much in the way of maintenance.
Brian T. Wightman wightman @
Academic Computing, UW Oshkosh wightman @
800 Algoma Blvd, Dempsey Hall 307 http://www.uwosh.edu/faculty_staff/wightman
Oshkosh, Wisconsin 54901 Phone: (414) 424-3020