diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-15 13:30:57 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-15 13:30:57 -0700 |
commit | 25438666015dc5ea9695f5172b0f4925c3ae2d9a (patch) | |
tree | cfd0e76bcddb84f691865d1e11701d45b2ae1451 /debian | |
parent | 6a2393d8053ab9ff9651a6f9c3b243cced7e4439 (diff) | |
download | vyatta-cfg-system-25438666015dc5ea9695f5172b0f4925c3ae2d9a.tar.gz vyatta-cfg-system-25438666015dc5ea9695f5172b0f4925c3ae2d9a.zip |
Block remote access to rpc-bind port
Use hosts.deny to block access to portmapper
Bugfix 3767
Diffstat (limited to 'debian')
-rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 21d7ff32..498e431f 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -80,8 +80,17 @@ EOF cp $sysconfdir/$f /etc/ssh/$f fi done + + # block external rpc access + if ! grep -q "^portmap" /etc/hosts.deny + then cat <<-EOF >>/etc/hosts.deny + # Disable rpc access from other hosts + portmap: ALL + EOF + fi fi + # update crontab for logrotate grep -v logrotate /etc/crontab>/etc/crontab.$$ echo "*/10 * * * * root /usr/sbin/logrotate /etc/logrotate.conf" >> /etc/crontab.$$ |