Jezz,
> I realise that this is a bit off track for this forum, but I am
> looking to make my squid boxes as secure as reasonably possible.
>
> I have installed TCP wrappers and closed as many ports as I can but I'm
> wondering whether I need to have the 'sunrpc' and 'auth' ports open, and
> if not how to close them.
Depends on what else the host running squid is doing. If there's no NFS or
services using portmapper, you don't need sunrpc. Similarly, if you don't
want your system to provide ident info to others, you can close auth.
> Does any one have any opinions/advice?
I run squid on a couple of old pentiums here. Both were installed with
minimal Linux installations, then I went through and removed anything I
didn't need, applications, servers, whatever - if it wasn't essential to
squid it was deleted. The systems don't run inetd, in fact the only
network servers they run are squid, xntpd and sshd (which is configured
to only accept connections from a small no. of hosts). The fewer network
services you have running, the more manageable your security becomes, but
as ever it's a balance between what you need to run on the system and the
usability of that system. It may also be influenced by the location of
your squid cache, if it's behind a corporate firewall, it may be ok to be
a bit more lax with the security of the system itself.
Simon
-- Simon Greaves voice: (+679) 212114 Computer Centre fax: (+679) 304089 The University of the South Pacific email: Simon.Greaves@usp.ac.fj Suva, FijiReceived on Mon Apr 23 2001 - 16:18:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:33 MST