outgoing port block on fedorapeople.org
Stephen John Smoogen
smooge at gmail.com
Tue Aug 3 19:10:53 UTC 2010
On Mon, Aug 2, 2010 at 13:28, seth vidal <skvidal at fedoraproject.org> wrote:
> Hi,
> Mike noticed that someone had setup an irc bot running on
> fedorapeople.org talking to an irc channel that was not remotely fedora
> related. Even if it had been fedora-related it's still not something we
> want running fedorapeople.org. I put in an outgoing port reject to
> things bound to 6667. I'll work on a slightly better option soon but I
> wanted to let everyone know about this and ask if there were any other
> suggestions on how to best block this sort of thing.
>
> Thanks,
> -sv
Coming from a different background but dealing with summer students we
usually put our people systems on a limited outbound network. We knew
that 80,443,22,53 were going to happen so we allowed those through a
proxy and everything else got logged and checked daily. Way overkill
probably but the wonders of iptables tables allows for all kinds of
local magic :). [Or a good selinux policy].
Personally I was thinking policy wise we MOTD that this server is not
meant for running services or daemons off of and the definition of
such things is up to the administrators and not the users :).
--
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines
More information about the infrastructure
mailing list