All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 6f3ea866 authored by Leigh B Stoller's avatar Leigh B Stoller

Add hosts.allow template that blocks rpcbind (port 111). To be

installed on boss/ops where necessary.
parent 3fe9e24a
......@@ -30,6 +30,7 @@ include $(OBJDIR)/Makeconf
BINS = suexec runsuid
SBINS = genlastlog lastlog_daemon runmedusa
OTHERS = hosts.allow
# These scripts installed setuid, with sudo.
SETUID_BIN_SCRIPTS =
......@@ -41,7 +42,7 @@ SETUID_CTRL_LIBX_PROGS = runsuid
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: $(BINS) $(SBINS)
all: $(BINS) $(SBINS) $(OTHERS)
include $(TESTBED_SRCDIR)/GNUmakerules
......
#
# Emulab version to block rpcbind amplification attacks. Put this
# in /etc on both boss and ops.
#
rpcbind : 127.0.0.1 : allow
rpcbind : @CONTROL_NETWORK@/@CONTROL_NETMASK@ : allow
rpcbind : 172.16.0.0/255.240.0.0 : allow
rpcbind : ALL : deny
ALL : ALL : allow
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment