Commit 6f3ea866 authored by Leigh Stoller's avatar Leigh Stoller

Add hosts.allow template that blocks rpcbind (port 111). To be

installed on boss/ops where necessary.
parent 3fe9e24a
......@@ -30,6 +30,7 @@ include $(OBJDIR)/Makeconf
BINS = suexec runsuid
SBINS = genlastlog lastlog_daemon runmedusa
OTHERS = hosts.allow
# These scripts installed setuid, with sudo.
SETUID_BIN_SCRIPTS =
......@@ -41,7 +42,7 @@ SETUID_CTRL_LIBX_PROGS = runsuid
# Force dependencies on the scripts so that they will be rerun through
# configure if the .in file is changed.
#
all: $(BINS) $(SBINS)
all: $(BINS) $(SBINS) $(OTHERS)
include $(TESTBED_SRCDIR)/GNUmakerules
......
#
# Emulab version to block rpcbind amplification attacks. Put this
# in /etc on both boss and ops.
#
rpcbind : 127.0.0.1 : allow
rpcbind : @CONTROL_NETWORK@/@CONTROL_NETMASK@ : allow
rpcbind : 172.16.0.0/255.240.0.0 : allow
rpcbind : ALL : deny
ALL : ALL : allow
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment