[rescue] SGI fw_sshd and security
Mike Meredith
mike at blackhairy.demon.co.uk
Fri Mar 5 13:14:23 CST 2004
On Fri, 5 Mar 2004 13:37:21 -0500, Sheldon T. Hall wrote:
> How can I tell if the code was compiled with tcp_wrappers support?
> The SGI Freeware pages don't seem to say. Would I have to run
> tcp_wrappers to use the hosts.allow/hosts.deny facility?
Hmm ... "ldd /usr/freeware/sbin/sshd" shows that "libwrap" is a required
library, so it's included in my Freeware install. Looking at the openssh
site indicates that the SGI distributed version is vulnerable. I guess
that's another thing on my list.
> I could, of course, put another box between the SGI and the router.
> Or should I run some firewall software on the SGI itself?
Yes you can run firewall software on the SGI. The best bet is to install
:-
http://www.sgi.com/software/ipfilter.html
As it's a more widely used firewall than the native SGI one.
Personally, I'd say a firewalled SGI is just as secure as any other
firewalled system (except OpenBSD). With that sshd running, you've got a
potential vulnerability so you'll need to upgrade that ... most people
trying to break in won't be able to figure out that MIPS != Intel, but
some will.
More information about the rescue
mailing list