Original question: > Does anyone know how to do the following? > > 1. Restrict all RPC traffic to specific subnets or IP addresses (Solaris > 8). > 2. Make iPlanet 4.1's server string and OS version unavailable for query > (Netscape-Enterprise/4.1) Solutions: 1. There were several solutions presented to me, so here they are: 1a. Replace the Solaris rpcbind with Wietse Venema's rpcbind replacement that uses the tcp wrapper library to restrict access. His site is ftp://ftp.porcupine.org/pub/security/index.html. 1b. IP Filter or Sunscreen - ipf source is available from http://coombs.anu.edu.au/ipfilter/ 1c. Several people suggested the block traffic at firewall or router option. 1d. /var/yp/securenets - c.f. "man securenets", be sure to include 127.0.0.1 - I'm pretty sure this will only secure NIS traffic, but hey, that's a start 1e. One method would be to implement secure rpc -- doesn't really address the subnet restriction issue but does allow you to control access to authorized hosts. 2. There were only a couple of answers for this: 2a. The server identification string is stored in the library libns-httpd40.so and unless you want to open that puppy up with a clean hex editor, locate the string and then modify the current string (with on that is EXACTLY the same size), and then trust that you won't have any issues with the library, you will probably NOT want to change this. 2b. Use Apache or some other more configurable HTTP server as a forwarding proxy. Thanks to: Todd Fiedler Julian Simpson Bill Mooney John Hilger Rowan Littell Brion Moss -- Chad Campbell System Administrator III, Sprint Midrange SupportReceived on Thu Oct 11 16:40:24 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:33 EDT