diff options
author | Bryan Stine <battousai@gentoo.org> | 2009-01-09 00:36:14 +0000 |
---|---|---|
committer | Bryan Stine <battousai@gentoo.org> | 2009-01-09 00:36:14 +0000 |
commit | fbb0d7967d1eb1e758462468f93947ea41336f7f (patch) | |
tree | 58edaf80047250f05f2a05f989a87aa6e4fd9132 /app-admin | |
parent | Add tk to IUSE. (diff) | |
download | historical-fbb0d7967d1eb1e758462468f93947ea41336f7f.tar.gz historical-fbb0d7967d1eb1e758462468f93947ea41336f7f.tar.bz2 historical-fbb0d7967d1eb1e758462468f93947ea41336f7f.zip |
Bump to 3.0.9, fixing various bugs. Remove old, broken versions.
Package-Manager: portage-2.2_rc20/cvs/Linux 2.6.28 x86_64
Diffstat (limited to 'app-admin')
-rw-r--r-- | app-admin/bastille/ChangeLog | 19 | ||||
-rw-r--r-- | app-admin/bastille/Manifest | 15 | ||||
-rw-r--r-- | app-admin/bastille/bastille-2.1.1-r3.ebuild | 98 | ||||
-rw-r--r-- | app-admin/bastille/bastille-3.0.9.ebuild (renamed from app-admin/bastille/bastille-3.0.2.ebuild) | 11 | ||||
-rw-r--r-- | app-admin/bastille/files/bastille-2.1.1-firewall.init | 41 | ||||
-rw-r--r-- | app-admin/bastille/files/bastille-2.1.1-hlist-fix.patch | 12 | ||||
-rw-r--r-- | app-admin/bastille/files/bastille-3.0.2-firewall.init | 42 | ||||
-rw-r--r-- | app-admin/bastille/files/bastille-firewall-imap.patch | 154 |
8 files changed, 27 insertions, 365 deletions
diff --git a/app-admin/bastille/ChangeLog b/app-admin/bastille/ChangeLog index 219046522e28..201d5606aa73 100644 --- a/app-admin/bastille/ChangeLog +++ b/app-admin/bastille/ChangeLog @@ -1,6 +1,21 @@ # ChangeLog for app-admin/bastille -# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/ChangeLog,v 1.21 2007/10/28 12:46:02 phreak Exp $ +# Copyright 2000-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/ChangeLog,v 1.22 2009/01/09 00:36:14 battousai Exp $ + +*bastille-3.0.9 (08 Jan 2009) + + 08 Jan 2009; Bryan Stine <battousai@gentoo.org> + -files/bastille-2.1.1-firewall.init, + -files/bastille-2.1.1-hlist-fix.patch, + -files/bastille-3.0.2-firewall.init, -files/bastille-firewall-imap.patch, + -bastille-2.1.1-r3.ebuild, -bastille-3.0.2.ebuild, +bastille-3.0.9.ebuild: + Version bump to 3.0.9. Restores compatibility with various distribution + changes, such as coreutils program locations, etc. Also added many little + fixes. Moved firewall init script into patch distribution, so no future + versions will require FILESDIR. This version should bring the package out + of p.mask, fixing version bump bug #157187 and issues bug #154002. Removed + old versions that no longer work with those distribution changes mentioned + above. 28 Oct 2007; Christian Heim <phreak@gentoo.org> bastille-2.1.1-r1.ebuild, bastille-2.1.1-r2.ebuild, bastille-2.1.1-r3.ebuild, bastille-3.0.2.ebuild: diff --git a/app-admin/bastille/Manifest b/app-admin/bastille/Manifest index ca7ebd8117a7..ed68d189c9bf 100644 --- a/app-admin/bastille/Manifest +++ b/app-admin/bastille/Manifest @@ -1,12 +1,5 @@ -AUX bastille-2.1.1-firewall.init 1340 RMD160 8cbf5f84f7579b0fab349a6502ef88cfeadd5d1a SHA1 6863a444897e91f2f0c791561dd077faedbfaccd SHA256 26c30596854d42889296c1ffca6d301574e1525d0d2e9096590e1a77dfc1f498 -AUX bastille-2.1.1-hlist-fix.patch 463 RMD160 70d37c6b4e0d217cafe0ca84682567f6a80fd039 SHA1 8503ad759c3116893d7b797ee401bb414362a245 SHA256 abea73ee720e040d94fffde09478dc46d0774d2cfe5c2078521ce906167a95b3 -AUX bastille-3.0.2-firewall.init 1450 RMD160 0e884c26c33bfdb033d24246bbfc370da3f3d43a SHA1 47561c1ef337edca90c44ec36038128e8aedbb0c SHA256 d4026621bfb3105a03bdbf46d692e18cc203bb4362c86fbe303ca7e9ed2c6002 -AUX bastille-firewall-imap.patch 8660 RMD160 d65c3babd5289f4526ebf9b2214b5e55337a3dd8 SHA1 74566c5ddd6bbb0aa11a4731b318244a13f459c1 SHA256 8f26646dbdff1e0ed08cddaf9cc2d28bab7628d6d77db63eec18f0d00f8a6e3e -DIST Bastille-2.1.1.tar.bz2 338227 RMD160 4592c2b88f32fe85bf1e9e7984359fba0abb9693 SHA1 4e040442970912590d953fe0f69340b4194526cb SHA256 70cb45f7eddf7ce46c535952e888e50c2423e9beed1549db74ddebc24ed28127 -DIST Bastille-3.0.2.tar.bz2 328161 RMD160 8602b6c5abc3d35c1fe2a956580a22b1147c3592 SHA1 26a47a9e344781a844cfa36cc98890e15589eb5a SHA256 4c916f294fa2168405a475ce0c7197a60bf0e3f814edc3ae95dc42b732c87436 -DIST bastille-2.1.1-gentoo-0.1.patch.bz2 15312 RMD160 02986c3430a628fe32ec93ad1dec539a5a9cb345 SHA1 a502b6717971564481151d36e6aeca9271c44c40 SHA256 df5e3381282592a7587622925b77b43660814a2c4eacda77931ca0cd4ef113fb -DIST bastille-3.0.2-gentoo-0.1.patch.bz2 16334 RMD160 64fb3c4801eccf1af1100571813668acb12ae3d6 SHA1 201ce08b5707ed3b73553c51fa50080df3270cd1 SHA256 d9cd942f9c3fdf9489a20005e490380577935729c3cf409155bb3253d51d7277 -EBUILD bastille-2.1.1-r3.ebuild 2664 RMD160 fb6e5e7a4bffa76d5761ff4066083ea193285b0b SHA1 825518ff610ed01dafa875f1e714adf3afb62386 SHA256 9c21d7bf26800631ce9b43f0efdeec4da8cfb2fe35fcc6beed71a3d7b8f0f2ca -EBUILD bastille-3.0.2.ebuild 1506 RMD160 d15b015c71e950084d88d6e3cc63b5c69014081c SHA1 5d1923a8e5b59c8c284405d8a9c13b2e5c04dd6a SHA256 00d90d7ca35b7f1f7dfd6d9c059240f47da5db9ebcbcc11e91d562ce7a04dc91 -MISC ChangeLog 4349 RMD160 c0f19a228a5f191a680b1bdd56594a1118afd91f SHA1 42599b118ef211d4678b011dbb60ea6b36fefd3b SHA256 fe95ad91e2c2d44ffd1b5d7008006fa7b4af212055570c43bbd2b4088a6f3036 +DIST Bastille-3.0.9.tar.bz2 319045 RMD160 853bec2e007d3084cb4df9d509a316523c4dc467 SHA1 389f13d9c6c7b14b91b30bda7285238c74758e0d SHA256 1fd66ef724441a36459d5f937ce76c3bb9f7ccc9584d318a916ff59f709fc02d +DIST bastille-3.0.9-gentoo-0.2.patch.bz2 14117 RMD160 44ee370fa924b54d7039c460cec07e58997d8bda SHA1 d7cfb1f3f05f50a568b140f511452fc74384f635 SHA256 91773f8fda6aa67dd87c4451f04ed525965c7408590281b960a3e717ff57880c +EBUILD bastille-3.0.9.ebuild 1464 RMD160 ec04968d7a7682f3b1c72032dc6358dadc7fcc42 SHA1 99885299c82187489e4e768ccfd0c0a51a79c21a SHA256 710d74cfab1e8c462f7e53d2e23cec48cdb20fff67d047d18a181aeac194f317 +MISC ChangeLog 5130 RMD160 38ef1f9377a3d2954da34075ae84372eb421713b SHA1 aebbbac4730285f566a7929a804c21908b32aa1c SHA256 76b1e02e6f23c28a4210496df6820aae7366c8c173f952b176a9f1dd25066763 MISC metadata.xml 353 RMD160 6fa2f9e9b45804b19212538831af1d2ac58590ac SHA1 f16c6d969a3d810f1cffac6860453b0324a84bee SHA256 d5c8da8d2eceeb617bd143924f19d893c87ceef621a562c14108c97d81bf433a diff --git a/app-admin/bastille/bastille-2.1.1-r3.ebuild b/app-admin/bastille/bastille-2.1.1-r3.ebuild deleted file mode 100644 index d2585de5c225..000000000000 --- a/app-admin/bastille/bastille-2.1.1-r3.ebuild +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-2.1.1-r3.ebuild,v 1.6 2008/06/16 15:40:49 drac Exp $ - -inherit perl-app eutils - -PATCHVER=0.1 -MY_PN=${PN/b/B} -MY_P=${MY_PN}-${PV} -S=${WORKDIR}/${MY_PN} -DESCRIPTION="Bastille-Linux is a security hardening tool" -HOMEPAGE="http://bastille-linux.org/" -SRC_URI="mirror://sourceforge/${PN}-linux/${MY_P}.tar.bz2 - mirror://gentoo/${P}-gentoo-${PATCHVER}.patch.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="x86 ppc ~sparc alpha amd64" -IUSE="X" - -RDEPEND="net-firewall/iptables - app-admin/logrotate - dev-perl/Curses - net-firewall/psad - X? ( dev-perl/perl-tk ) - virtual/logger" - -src_unpack() { - unpack ${A} - epatch "${WORKDIR}"/${P}-gentoo-${PATCHVER}.patch - epatch "${FILESDIR}"/bastille-firewall-imap.patch - epatch "${FILESDIR}"/${P}-hlist-fix.patch -} - -src_compile() { - cp "${FILESDIR}"/bastille-${PV}-firewall.init ./bastille-firewall - - cd "${S}"/psad/Psad.pm - perl-module_src_compile -} - -src_install() { - keepdir /var/lock/subsys/${PN} - dodir /etc/Bastille - - into /usr - dosbin bastille AutomatedBastille InteractiveBastille \ - BastilleBackEnd RevertBastille *.pl - - dosym RevertBastille /usr/sbin/UndoBastille - - insinto /usr/share/Bastille - doins Questions* Credits bastille-* *.xbm *.config - - insinto /usr/share/Bastille - doins Questions.txt Credits complete.xbm incomplete.xbm \ - ifup-local hosts.allow - - exeinto /usr/share/Bastille - doexe bastille-firewall* bastille-tmpdir* \ - bastille-ipchains bastille-netfilter \ - firewall/*.sh - - perlinfo - insinto ${SITE_LIB} - doins Bastille_Curses.pm - use X && doins Bastille_Tk.pm - insinto ${SITE_LIB}/Curses - doins Curses/Widgets.pm - - doman docs/bastille.1m - dodoc docs/* firewall/*.txt - - cd "${S}"/Bastille - - insinto /usr/lib/Bastille - doins AccountSecurity.pm Apache.pm API.pm OSX_API.pm BootSecurity.pm \ - ConfigureMiscPAM.pm DisableUserTools.pm DNS.pm \ - FilePermissions.pm FTP.pm Firewall.pm HP_API.pm HP_UX.pm \ - IOLoader.pm Patches.pm Logging.pm \ - MiscellaneousDaemons.pm PatchDownload.pm Printing.pm \ - RemoteAccess.pm SecureInetd.pm Sendmail.pm TMPDIR.pm \ - test_AccountSecurity.pm test_Apache.pm test_DNS.pm \ - test_FTP.pm test_HP_UX.pm test_MiscellaneousDaemons.pm \ - test_SecureInetd.pm test_Sendmail.pm TestAPI.pm IPFilter.pm - - # psad interface module - cd "${S}"/psad/Psad.pm - newins Psad.pm PSAD.pm - - # Documentation - cd "${S}" - dodoc *.txt BUGS Change* README* -} - -pkg_postinst() { - use X || elog "When not using the Tk interface you will need to start use the -c flag when calling ${PN} from command line. example ${PN} -c --os GE1.4" -} diff --git a/app-admin/bastille/bastille-3.0.2.ebuild b/app-admin/bastille/bastille-3.0.9.ebuild index 19c83478513d..6ba1d8fb6c86 100644 --- a/app-admin/bastille/bastille-3.0.2.ebuild +++ b/app-admin/bastille/bastille-3.0.9.ebuild @@ -1,10 +1,10 @@ -# Copyright 1999-2007 Gentoo Foundation +# Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-3.0.2.ebuild,v 1.5 2007/10/28 12:46:02 phreak Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-3.0.9.ebuild,v 1.1 2009/01/09 00:36:14 battousai Exp $ inherit eutils -PATCHVER=0.1 +PATCHVER=0.2 MY_PN=${PN/b/B} MY_P=${MY_PN}-${PV} S=${WORKDIR}/${MY_PN} @@ -30,7 +30,6 @@ src_unpack() { epatch "${WORKDIR}"/${P}-gentoo-${PATCHVER}.patch cd "${S}" - cp "${FILESDIR}"/bastille-${PV}-firewall.init ./bastille-firewall chmod a+x Install.sh bastille-ipchains bastille-netfilter } @@ -44,11 +43,13 @@ src_install() { insinto /usr/share/Bastille doins *.config - newinitd "${FILESDIR}"/${P}-firewall.init ${PN}-firewall + newinitd ${PN}-firewall.gentoo-init ${PN}-firewall # Documentation cd "${S}" dodoc *.txt BUGS Change* README* + cd "${S}"/docs + doman *.1m } pkg_postinst() { diff --git a/app-admin/bastille/files/bastille-2.1.1-firewall.init b/app-admin/bastille/files/bastille-2.1.1-firewall.init deleted file mode 100644 index 5dd9bfbc757a..000000000000 --- a/app-admin/bastille/files/bastille-2.1.1-firewall.init +++ /dev/null @@ -1,41 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/files/bastille-2.1.1-firewall.init,v 1.2 2004/07/14 21:09:15 agriffis Exp $ - -opts="start stop" - -depend() { - need logger -} - -start() { - # "Borrowed" from the original bastille-firewall init script ((c) P. Watkins) - REALSCRIPT=/sbin/bastille-ipchains - if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then - # We are using Linux 2.3 or newer; use the netfilter script if available - if [ -x /sbin/bastille-netfilter ]; then - REALSCRIPT=/sbin/bastille-netfilter - fi - fi - - ebegin "Starting bastille-firewall" - $REALSCRIPT start - eend $? "Failed to start bastille-firewall" -} - -stop() { - # "Borrowed" from the original bastille-firewall init script ((c) P. Watkins) - REALSCRIPT=/sbin/bastille-ipchains - if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then - # We are using Linux 2.3 or newer; use the netfilter script if available - if [ -x /sbin/bastille-netfilter ]; then - REALSCRIPT=/sbin/bastille-netfilter - fi - fi - - ebegin "Stopping bastille-firewall" - $REALSCRIPT stop - eend $? "Failed to stop bastille-firewall" -} - diff --git a/app-admin/bastille/files/bastille-2.1.1-hlist-fix.patch b/app-admin/bastille/files/bastille-2.1.1-hlist-fix.patch deleted file mode 100644 index ad4de0abb836..000000000000 --- a/app-admin/bastille/files/bastille-2.1.1-hlist-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN Bastille.orig/Bastille_Tk.pm Bastille/Bastille_Tk.pm ---- Bastille.orig/Bastille_Tk.pm 2005-04-05 12:28:47.000000000 -0400 -+++ Bastille/Bastille_Tk.pm 2005-04-05 12:27:19.000000000 -0400 -@@ -734,7 +734,7 @@ - # This is the listbox callback - # - sub hlist_callback { -- my $sel = $list->info(selection); -+ my ($sel) = $list->info(selection); - if($sel ne ""){ - $list->selectionClear('0', $reverse_module_index{"End"}); - $list->selectionSet($sel); diff --git a/app-admin/bastille/files/bastille-3.0.2-firewall.init b/app-admin/bastille/files/bastille-3.0.2-firewall.init deleted file mode 100644 index 5537418db804..000000000000 --- a/app-admin/bastille/files/bastille-3.0.2-firewall.init +++ /dev/null @@ -1,42 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/files/bastille-3.0.2-firewall.init,v 1.1 2005/07/31 05:21:10 battousai Exp $ - -opts="start stop" -BASTILLEPREFIX="/usr/share/Bastille" - -depend() { - need logger -} - -start() { - # "Borrowed" from the original bastille-firewall init script ((c) P. Watkins) - REALSCRIPT=${BASTILLEPREFIX}/bastille-ipchains - if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then - # We are using Linux 2.3 or newer; use the netfilter script if available - if [ -x ${BASTILLEPREFIX}/bastille-netfilter ]; then - REALSCRIPT=${BASTILLEPREFIX}/bastille-netfilter - fi - fi - - ebegin "Starting bastille-firewall" - $REALSCRIPT start - eend $? "Failed to start bastille-firewall" -} - -stop() { - # "Borrowed" from the original bastille-firewall init script ((c) P. Watkins) - REALSCRIPT=${BASTILLEPREFIX}/bastille-ipchains - if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then - # We are using Linux 2.3 or newer; use the netfilter script if available - if [ -x ${BASTILLEPREFIX}/bastille-netfilter ]; then - REALSCRIPT=${BASTILLEPREFIX}/bastille-netfilter - fi - fi - - ebegin "Stopping bastille-firewall" - $REALSCRIPT stop - eend $? "Failed to stop bastille-firewall" -} - diff --git a/app-admin/bastille/files/bastille-firewall-imap.patch b/app-admin/bastille/files/bastille-firewall-imap.patch deleted file mode 100644 index ebde15524341..000000000000 --- a/app-admin/bastille/files/bastille-firewall-imap.patch +++ /dev/null @@ -1,154 +0,0 @@ -diff -urN Bastille-orig/Bastille/Firewall.pm Bastille/Bastille/Firewall.pm ---- Bastille-orig/Bastille/Firewall.pm 2004-03-22 18:45:36.376652656 -0500 -+++ Bastille/Bastille/Firewall.pm 2004-03-22 18:47:57.909136448 -0500 -@@ -71,7 +71,7 @@ - - { - 'varname' => "TCP_AUDIT_SERVICES", -- 'default' => "telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh", -+ 'default' => "telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh", - 'stanza' => "2", - 'configname' => 'ip_s_tcpaudit', - }, -diff -urN Bastille-orig/Questions.txt Bastille/Questions.txt ---- Bastille-orig/Questions.txt 2004-03-22 18:45:36.367654024 -0500 -+++ Bastille/Questions.txt 2004-03-22 18:46:13.815961016 -0500 -@@ -1584,7 +1584,7 @@ - some standalone services like OpenSSH, and --unless otherwise configured-- - services running under Red Hat's xinetd super-server, you can configure - restrictions based on network address in /etc/hosts.allow. The services --using inetd or xinetd typically include telnet, ftp, pop, imap, finger, -+using inetd or xinetd typically include telnet, ftp, pop, imap2, finger, - and a number of other services. - - If you would like, Bastille can configure a default policy for all inetd, -@@ -4119,11 +4119,11 @@ - interfaces (only the \"public\" interfaces) to these ports and/or services. This is - useful to spot possible probes or attacks. The default setting records connection - attempts to several services, although you may not have them installed or enabled. " --QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login -+QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login - linuxconf ssh]" - REQUIRE_DISTRO: LINUX DB SE TB GE - SKIP_CHILD: ip_s_udpaudit --DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh -+DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh - CONFIRM_TEXT: " \nY" - YN_TOGGLE: 0 - YES_EXP: -@@ -4237,8 +4237,8 @@ - - For instance, a corporate firewall/mailserver might have \"smtp\" enabled - on the public side to accept outside mail, and for \"internal\" interfaces it might --allow both \"smtp\" and \"imap\" so local users can both send and get mail; in that --case you would set this value to \"smtp imap\". This does not affect IP Masquerading's -+allow both \"smtp\" and \"imap2\" so local users can both send and get mail; in that -+case you would set this value to \"smtp imap2\". This does not affect IP Masquerading's - ability to let masq'ed users access any services on outside/Internet hosts. " - QUESTION: "TCP service names or port numbers to allow on private interfaces: [ ]" - REQUIRE_DISTRO: LINUX DB SE TB GE -@@ -4651,11 +4651,11 @@ - interfaces (only the \"public\" interfaces) to these ports and/or services. This is - useful to spot possible probes or attacks. The default setting records connection - attempts to several services, although you may not have them installed or enabled. " --QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login -+QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login - linuxconf ssh]" - REQUIRE_DISTRO: LINUX DB SE TB GE - SKIP_CHILD: ip_b_udpaudit --DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh -+DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh - CONFIRM_TEXT: " \nY" - YN_TOGGLE: 0 - YES_EXP: -diff -urN Bastille-orig/Server-modify-by-Spong Bastille/Server-modify-by-Spong ---- Bastille-orig/Server-modify-by-Spong 2004-03-22 18:45:36.363654632 -0500 -+++ Bastille/Server-modify-by-Spong 2004-03-22 18:46:31.595258152 -0500 -@@ -10,8 +10,8 @@ - IPChains.ip_b_trustiface="lo" - # Q: Public interfaces: [eth+ ppp+ slip+] - IPChains.ip_b_publiciface="eth+ ppp+ slip+" --# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] --IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] -+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - # Q: UDP services to audit: [31337] - IPChains.ip_b_udpaudit="31337" - # Q: TCP service names or port numbers to allow on public interfaces: [ ] -diff -urN Bastille-orig/ServerModerate.config Bastille/ServerModerate.config ---- Bastille-orig/ServerModerate.config 2004-03-22 18:45:36.361654936 -0500 -+++ Bastille/ServerModerate.config 2004-03-22 18:46:41.919688600 -0500 -@@ -10,8 +10,8 @@ - IPChains.ip_b_trustiface="lo" - # Q: Public interfaces: [eth+ ppp+ slip+] - IPChains.ip_b_publiciface="eth+ ppp+ slip+" --# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] --IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] -+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - # Q: UDP services to audit: [31337] - IPChains.ip_b_udpaudit="31337" - # Q: TCP service names or port numbers to allow on public interfaces: [ ] -diff -urN Bastille-orig/ServerParanoia.config Bastille/ServerParanoia.config ---- Bastille-orig/ServerParanoia.config 2004-03-22 18:45:36.379652200 -0500 -+++ Bastille/ServerParanoia.config 2004-03-22 18:46:50.680356776 -0500 -@@ -10,8 +10,8 @@ - IPChains.ip_b_trustiface="lo" - # Q: Public interfaces: [eth+ ppp+ slip+] - IPChains.ip_b_publiciface="eth+ ppp+ slip+" --# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] --IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] -+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - # Q: UDP services to audit: [31337] - IPChains.ip_b_udpaudit="31337" - # Q: TCP service names or port numbers to allow on public interfaces: [ ] -diff -urN Bastille-orig/WorkstationModerate.config Bastille/WorkstationModerate.config ---- Bastille-orig/WorkstationModerate.config 2004-03-22 18:45:36.359655240 -0500 -+++ Bastille/WorkstationModerate.config 2004-03-22 18:46:59.968944696 -0500 -@@ -10,8 +10,8 @@ - IPChains.ip_b_trustiface="lo" - # Q: Public interfaces: [eth+ ppp+ slip+] - IPChains.ip_b_publiciface="eth+ ppp+ slip+" --# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] --IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] -+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - # Q: UDP services to audit: [31337] - IPChains.ip_b_udpaudit="31337" - # Q: TCP service names or port numbers to allow on public interfaces: [ ] -diff -urN Bastille-orig/WorkstationParanoia.config Bastille/WorkstationParanoia.config ---- Bastille-orig/WorkstationParanoia.config 2004-03-22 18:45:36.379652200 -0500 -+++ Bastille/WorkstationParanoia.config 2004-03-22 18:47:08.842595696 -0500 -@@ -10,8 +10,8 @@ - IPChains.ip_b_trustiface="lo" - # Q: Public interfaces: [eth+ ppp+ slip+] - IPChains.ip_b_publiciface="eth+ ppp+ slip+" --# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] --IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] -+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - # Q: UDP services to audit: [31337] - IPChains.ip_b_udpaudit="31337" - # Q: TCP service names or port numbers to allow on public interfaces: [ ] -diff -urN Bastille-orig/bastille-firewall.cfg Bastille/bastille-firewall.cfg ---- Bastille-orig/bastille-firewall.cfg 2004-03-22 18:45:36.378652352 -0500 -+++ Bastille/bastille-firewall.cfg 2004-03-22 18:47:24.028287120 -0500 -@@ -84,7 +84,7 @@ - # - # Also see item 12, LOG_FAILURES - # --#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+#TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - # anyone probing for BackOrifice? - #UDP_AUDIT_SERVICES="31337" - # how about ICMP? -@@ -102,7 +102,7 @@ - # Please make sure variable assignments are on single lines; do NOT - # use the "\" continuation character (so Bastille can change the - # values if it is run more than once) --TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" -+TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" - UDP_AUDIT_SERVICES="31337" - ICMP_AUDIT_TYPES="" - |