Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-admin/bastille/files/bastille-firewall-imap.patch
blob: ebde155243419a9c0ee93b4cae98443504276499 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

diff -urN Bastille-orig/Bastille/Firewall.pm Bastille/Bastille/Firewall.pm
--- Bastille-orig/Bastille/Firewall.pm	2004-03-22 18:45:36.376652656 -0500
+++ Bastille/Bastille/Firewall.pm	2004-03-22 18:47:57.909136448 -0500
@@ -71,7 +71,7 @@
 
 	{
 	'varname' => "TCP_AUDIT_SERVICES",
-	'default' => "telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh",
+	'default' => "telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh",
 	'stanza' => "2",
 	'configname' => 'ip_s_tcpaudit',
 	},
diff -urN Bastille-orig/Questions.txt Bastille/Questions.txt
--- Bastille-orig/Questions.txt	2004-03-22 18:45:36.367654024 -0500
+++ Bastille/Questions.txt	2004-03-22 18:46:13.815961016 -0500
@@ -1584,7 +1584,7 @@
 some standalone services like OpenSSH, and --unless otherwise configured--
 services running under Red Hat's xinetd super-server, you can configure
 restrictions based on network address in /etc/hosts.allow. The services
-using inetd or xinetd typically include telnet, ftp, pop, imap, finger,
+using inetd or xinetd typically include telnet, ftp, pop, imap2, finger,
 and a number of other services.
 
 If you would like, Bastille can configure a default policy for all inetd,
@@ -4119,11 +4119,11 @@
 interfaces (only the \"public\" interfaces) to these ports and/or services. This is
 useful to spot possible probes or attacks. The default setting records connection
 attempts to several services, although you may not have them installed or enabled. "
-QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login
+QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login
 linuxconf ssh]"
 REQUIRE_DISTRO: LINUX DB SE TB GE
 SKIP_CHILD: ip_s_udpaudit
-DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh
+DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh
 CONFIRM_TEXT: " \nY"
 YN_TOGGLE: 0
 YES_EXP:
@@ -4237,8 +4237,8 @@
 
 For instance, a corporate firewall/mailserver might have \"smtp\" enabled
 on the public side to accept outside mail, and for \"internal\" interfaces it might
-allow both \"smtp\" and \"imap\" so local users can both send and get mail; in that
-case you would set this value to \"smtp imap\". This does not affect IP Masquerading's
+allow both \"smtp\" and \"imap2\" so local users can both send and get mail; in that
+case you would set this value to \"smtp imap2\". This does not affect IP Masquerading's
 ability to let masq'ed users access any services on outside/Internet hosts. "
 QUESTION: "TCP service names or port numbers to allow on private interfaces: [ ]"
 REQUIRE_DISTRO: LINUX DB SE TB GE
@@ -4651,11 +4651,11 @@
 interfaces (only the \"public\" interfaces) to these ports and/or services. This is
 useful to spot possible probes or attacks. The default setting records connection
 attempts to several services, although you may not have them installed or enabled. "
-QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login
+QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login
 linuxconf ssh]"
 REQUIRE_DISTRO: LINUX DB SE TB GE
 SKIP_CHILD: ip_b_udpaudit
-DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh
+DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh
 CONFIRM_TEXT: " \nY"
 YN_TOGGLE: 0
 YES_EXP:
diff -urN Bastille-orig/Server-modify-by-Spong Bastille/Server-modify-by-Spong
--- Bastille-orig/Server-modify-by-Spong	2004-03-22 18:45:36.363654632 -0500
+++ Bastille/Server-modify-by-Spong	2004-03-22 18:46:31.595258152 -0500
@@ -10,8 +10,8 @@
 IPChains.ip_b_trustiface="lo"
 # Q: Public interfaces: [eth+ ppp+ slip+]
 IPChains.ip_b_publiciface="eth+ ppp+ slip+"
-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
 # Q: UDP services to audit: [31337]
 IPChains.ip_b_udpaudit="31337"
 # Q: TCP service names or port numbers to allow on public interfaces: [ ]
diff -urN Bastille-orig/ServerModerate.config Bastille/ServerModerate.config
--- Bastille-orig/ServerModerate.config	2004-03-22 18:45:36.361654936 -0500
+++ Bastille/ServerModerate.config	2004-03-22 18:46:41.919688600 -0500
@@ -10,8 +10,8 @@
 IPChains.ip_b_trustiface="lo"
 # Q: Public interfaces: [eth+ ppp+ slip+]
 IPChains.ip_b_publiciface="eth+ ppp+ slip+"
-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
 # Q: UDP services to audit: [31337]
 IPChains.ip_b_udpaudit="31337"
 # Q: TCP service names or port numbers to allow on public interfaces: [ ]
diff -urN Bastille-orig/ServerParanoia.config Bastille/ServerParanoia.config
--- Bastille-orig/ServerParanoia.config	2004-03-22 18:45:36.379652200 -0500
+++ Bastille/ServerParanoia.config	2004-03-22 18:46:50.680356776 -0500
@@ -10,8 +10,8 @@
 IPChains.ip_b_trustiface="lo"
 # Q: Public interfaces: [eth+ ppp+ slip+]
 IPChains.ip_b_publiciface="eth+ ppp+ slip+"
-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
 # Q: UDP services to audit: [31337]
 IPChains.ip_b_udpaudit="31337"
 # Q: TCP service names or port numbers to allow on public interfaces: [ ]
diff -urN Bastille-orig/WorkstationModerate.config Bastille/WorkstationModerate.config
--- Bastille-orig/WorkstationModerate.config	2004-03-22 18:45:36.359655240 -0500
+++ Bastille/WorkstationModerate.config	2004-03-22 18:46:59.968944696 -0500
@@ -10,8 +10,8 @@
 IPChains.ip_b_trustiface="lo"
 # Q: Public interfaces: [eth+ ppp+ slip+]
 IPChains.ip_b_publiciface="eth+ ppp+ slip+"
-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
 # Q: UDP services to audit: [31337]
 IPChains.ip_b_udpaudit="31337"
 # Q: TCP service names or port numbers to allow on public interfaces: [ ]
diff -urN Bastille-orig/WorkstationParanoia.config Bastille/WorkstationParanoia.config
--- Bastille-orig/WorkstationParanoia.config	2004-03-22 18:45:36.379652200 -0500
+++ Bastille/WorkstationParanoia.config	2004-03-22 18:47:08.842595696 -0500
@@ -10,8 +10,8 @@
 IPChains.ip_b_trustiface="lo"
 # Q: Public interfaces: [eth+ ppp+ slip+]
 IPChains.ip_b_publiciface="eth+ ppp+ slip+"
-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
+# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
+IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
 # Q: UDP services to audit: [31337]
 IPChains.ip_b_udpaudit="31337"
 # Q: TCP service names or port numbers to allow on public interfaces: [ ]
diff -urN Bastille-orig/bastille-firewall.cfg Bastille/bastille-firewall.cfg
--- Bastille-orig/bastille-firewall.cfg	2004-03-22 18:45:36.378652352 -0500
+++ Bastille/bastille-firewall.cfg	2004-03-22 18:47:24.028287120 -0500
@@ -84,7 +84,7 @@
 #
 #	Also see item 12, LOG_FAILURES
 #
-#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" 
+#TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" 
 # anyone probing for BackOrifice?
 #UDP_AUDIT_SERVICES="31337"
 # how about ICMP?
@@ -102,7 +102,7 @@
 # Please make sure variable assignments are on single lines; do NOT
 # use the "\" continuation character (so Bastille can change the
 # values if it is run more than once)
-TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" 
+TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" 
 UDP_AUDIT_SERVICES="31337"
 ICMP_AUDIT_TYPES=""