Date: 13 Jul 1996 04:48:09 -0400 From: bill@twwells.com (T. William Wells) To: freebsd-questions@freebsd.org Subject: Re: looking for remote dump suggestion Message-ID: <4s7ns9$eom@twwells.com> References: <4s6tlq$6dq@twwells.com> <199607130704.AAA00517@starshine>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <199607130704.AAA00517@starshine>, Jim Dennis <jim@starshine.org> wrote: : Trust should flow the *other* direction : (rather than allowing ux1 to initiate processes : on admin, allow admin to initiate processes on : ux1 -- and use a command like: : : you@admin$ rsh -l root ux1 'dump ...' | dd ... of=/dev/rmt0 Yeah. Like I said, Silly Me for not thinking of that. : (note this is rough since I always have to look up the : parameters to dump and I don't know your blocksizes, tape's : device name, etc, would be). Actually, I've decided not to use dump. The main reason is that I don't want to fully dump certain file systems so I really need to filter the path names. So it's find...-print0 | cpio -0 instead. Maybe in my Copious Spare Time I'll look at making dump not descend into a specified list of directories. Do any dump gurus have a feel for how difficult that would be? : My other suggestion is tcp_wrappers. You should configure : admin so that it won't allow logins from ux1 at all. I've had the TCP wrappers installed since day one. At the moment, they let me in from ux1 but that's because I'm in the midst of tightening security. We started out "reasonably secure" but as we're growing we'd like to become "OK, do your damndest" secure. :-) Lotsa changes are needed to even begin to approach that; this dump thing is just one of them. : (I also hope that you have an anti-spoofing screen on your : router). H*ll yes! I didn't hook up the first T1 until I had access lists blocking all our network addresses. Saved my bacon a couple of times -- I've twice had massive IP spoof attacks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4s7ns9$eom>