[tech] SGI Security and r00tability
Adrian Chadd
adrian at ucc.gu.uwa.edu.au
Thu Nov 20 11:59:48 WST 2003
On Wed, Nov 19, 2003, Paul Marinceu wrote:
> On Wed, Nov 19, 2003 at 10:03:01PM +0800, Grahame Bowland wrote:
> > Adrian has got Netfilter (is it that?) - some sort of BSDish IP filter,
> > anyway, working on his IRIX machine in the office. It might be worth
> > getting him to impart the knowledge of how to link that into the
> > kernel into someone, and setting that up too.
>
> Ipfilterd. At least that's what comes with the Irix os. Is this the one
> Adrian? Seems like a very basic, but useable, fw. Prolly not as nifty as
> netfilter.
ipfilterd is the suck. Don't use it. Use ipfilter. Google search for it,
SGI provide a pre-built package for your convienence.
> > The thing with the SGIs is local security.. I don't think you can
> > really trust them once someone has access. Who knows if we care,
> > but probably worth thinking about.
>
> Yeah. True.
> But hopefully everyone in ucc picks good passwords for
> their accounts ;)
> Bah, who am I kidding...
Gah. Just turn off external SSH into the SGI. Require people to log in at the
console.
ANd yes, I have 6.5.22 plus lotsa patches here. I just have to get them
going. I have a sacrificial indy to install it on when I find the time.
More information about the tech
mailing list