summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2008-10-15 13:30:57 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2008-10-15 13:30:57 -0700
commit25438666015dc5ea9695f5172b0f4925c3ae2d9a (patch)
treecfd0e76bcddb84f691865d1e11701d45b2ae1451 /debian
parent6a2393d8053ab9ff9651a6f9c3b243cced7e4439 (diff)
downloadvyatta-cfg-quagga-25438666015dc5ea9695f5172b0f4925c3ae2d9a.tar.gz
vyatta-cfg-quagga-25438666015dc5ea9695f5172b0f4925c3ae2d9a.zip
Block remote access to rpc-bind port
Use hosts.deny to block access to portmapper Bugfix 3767
Diffstat (limited to 'debian')
-rw-r--r--debian/vyatta-cfg-system.postinst.in9
1 files changed, 9 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 21d7ff32..498e431f 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -80,8 +80,17 @@ EOF
cp $sysconfdir/$f /etc/ssh/$f
fi
done
+
+ # block external rpc access
+ if ! grep -q "^portmap" /etc/hosts.deny
+ then cat <<-EOF >>/etc/hosts.deny
+ # Disable rpc access from other hosts
+ portmap: ALL
+ EOF
+ fi
fi
+
# update crontab for logrotate
grep -v logrotate /etc/crontab>/etc/crontab.$$
echo "*/10 * * * * root /usr/sbin/logrotate /etc/logrotate.conf" >> /etc/crontab.$$