[devel] Fwd: [school-discuss] Firewalls, services, and packages (was: Re: Ubuntu - Linux for Human Beings)

[devel] Fwd: [school-discuss] Firewalls, services, and packages (was: Re: Ubuntu - Linux for Human Beings)

[Michael Shigorin]

[-- Attachment #1: Type: text/plain, Size: 2999 bytes --]

...вдогонку (хотя сам вопрос явно не подлежит "просто
автоматизации" любого решения)

----- Forwarded message from "Karsten M. Self" <kmself ix.netcom.com> -----

Date: Thu, 28 Apr 2005 16:39:37 -0700
From: "Karsten M. Self" <kmself ix.netcom.com>
To: schoolforge-discuss schoolforge.net
Subject: [school-discuss] Firewalls, services, and packages (was: Re: Ubuntu - Linux for Human Beings)

on Thu, Apr 28, 2005 at 02:07:32PM -0700, Karsten M. Self (kmself ix.netcom.com) wrote:
> on Wed, Apr 27, 2005 at 09:53:59AM -0300, Stephen Downes (stephen downes.ca) wrote:
> > Yishay Mor wrote:


>   - Clean network profile.  As noted above, you'll have to install any
>     services you want to run, SSH among them.  One consequence is that
>     there is no firewall configured or installed by default,
>     rationalized by the lack of listening services.

Re-reading this, I realized that this is a good place to mention a
suggestion of Don Marti's (Linux Journal's editor):  autoconfigured
firewalls based on installed and/or running services.

Don laid out the basic scheme in a linux-elitists post:

    http://zgp.org/pipermail/linux-elitists/2005-April/011145.html

    [linux-elitists] Integrating the firewall and the package manager?
    Don Marti dmarti at zgp.org
    Tue Apr 12 11:28:06 PDT 2005

    Problem: malware can spread without getting root.

    Solution: Solution?  What is this, a banner for a tradeshow booth?
    There are no "solutions", just extra hops on the attack path.

    I think it's possible to combine the problem of setting up local
    firewall rules with the easier problem of using the package manager
    correctly.

    Basically, the system boots up with all tables default DROP.  Then,
    when any daemon starts, its init script is responsible for setting
    up any rules necessary for it to do its job.  If you start a
    local-only daemon, the script should be smart enough to parse the
    daemon's config file and only allow traffic that the daemon will.
    If you set up an MTA with a smarthost, the script should be smart
    enough to allow outgoing port 25 only to the smarthost. 

This would be a great value-add for distros, and something a
policy-based, APT-managed distro could do quite readily.

There's discussion of some of the obvious implications / concerns in the
list followup, but I think the basic idea is really sound.


Peace.

-- 
Karsten M. Self <kmself ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The black hat community is drooling over the possibility of a secure
    execution environment that would allow applications to run in a
    secure area which cannot be attached to via debuggers.
    - Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"



----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]