[plug] [OT] [LONG] Installfest update/questions

Anthony J. Breeds-Taurima tony at cantech.net.au
Tue Sep 19 17:42:40 WST 2000 

Hello All.
    As the installfest gets closer, I realize that there are things that need to
be done.

    I have a couple of things that we need to look at.

1) Flyers:
    Now that the flyers actually exists:
    (http://installfest.plug.linux.org.au/Flyer.pdf)
    I need people to hit the Uni's
    I'll cover Curtin, Thanks to Leon Blackwell the CompSci web page has a
    link on it.  So If people can do UWA, ECU etc etc that'd be good.   If 
    anyone has time and can think of other places the flyer maybe good for 
    then please hit them.  I figure if most people pin up 2 flyers we'll be 
    very visible. 

2) Handout Sheets:
    It was mentioned earlier BUT then I didn't follow it up.  I think it
    would be good to have 2 handout sheets.  One that is distro non-specific 
    (commands that work everywhere) and the other taylored to a given distro.
    I guess that if we cover rpm and debian based systems we should cover
    most of them.  So we need to come up with a start.
    Matt suggested that we look at:
       http://enterprise.powerup.com.au/%7Esquadron/
    and use that as a base.  So what do people feel we need to give to
    installees.???

3) IPchains.
    With all these new machines hitting the 'Net I think it would be good if
    we came up with a "standard" set of ipchains rules that will slowdown 
    crackers I was thinking we could hack an existing script (I'm sure we ALL 
    have one in place) so that it could be used to protect a stand-alone 
    system and/or protect and net and MASQ.  If we then stick that script 
    in /usr/local/bin and add it to rc.local then all installers will be on 
    the same page.   Something like:
    +---
    |#!/bin/sh
    |
    |function ipForward() {
    |    file="/proc/sys/net/ipv4/ip_forward"
    |    if [ ! -f $file ] ; then
    |        echo "Hmmm this may be bad"
    |        break
    |    fi
    |
    |    case "$1" of
    |        on)  echo 1 > $file;;
    |        off) echo 0 > $file;;
    |    esac
    |}
    |
    |EXTDEV=ppp0
    |IPCHAINS=/sbin/ipchains
    |#Flush destroy make sure we know where we are etc etc
    |#reverse route lookups???
    |
    |case "$1" of
    |    standalone)
    |        ipForward(off)
    |        $IPCHAINS -P input DENY
    |        $IPCHAINS -a input -j ACCEPT -i lo
    |        ;;
    |    network)
    |        ipForward(on)
    |        $IPCHAINS -P input DENY
    |        $IPCHAINS -a input -j ACCEPT -i lo
    |        $IPCHAINS -a input -j MASQ -i $EXTDEV
    |        #protocol modules ??? modprobe ip_masq_ftp ????
    |        ;;
    |esac
    +---

    Then we'd call it like /usr/local/bin/ipchains {network,standalone}.  You get
    the idea.  I know this should be called way early in the piece BUT I
    think calling at all is a good start.   Now that may be a acomplete waste
    on time for some distros that do all of this for us .... it was just something 
    I thought of.


Also, if people want to have alook at the venue before the day let me know
.... we can look at to tomorrow arvo if y'all like ???

Yours Tony.

/*
 * "The significant problems we face cannot be solved at the 
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */

More information about the plug mailing list