[tech] SGI Security and r00tability

Adrian Chadd adrian at ucc.gu.uwa.edu.au
Thu Nov 20 11:59:48 WST 2003


On Wed, Nov 19, 2003, Paul Marinceu wrote:
> On Wed, Nov 19, 2003 at 10:03:01PM +0800, Grahame Bowland wrote:
> > Adrian has got Netfilter (is it that?) - some sort of BSDish IP filter, 
> > anyway, working on his IRIX machine in the office. It might be worth 
> > getting him to impart the knowledge of how to link that into the 
> > kernel into someone, and setting that up too.
> 
> Ipfilterd. At least that's what comes with the Irix os. Is this the one
> Adrian? Seems like a very basic, but useable, fw. Prolly not as nifty as
> netfilter.

ipfilterd is the suck. Don't use it. Use ipfilter. Google search for it,
SGI provide a pre-built package for your convienence.

> > The thing with the SGIs is local security.. I don't think you can 
> > really trust them once someone has access. Who knows if we care, 
> > but probably worth thinking about.
> 
> Yeah. True.
> But hopefully everyone in ucc picks good passwords for
> their accounts ;)
> Bah, who am I kidding...

Gah. Just turn off external SSH into the SGI. Require people to log in at the 
console.

ANd yes, I have 6.5.22 plus lotsa patches here. I just have to get them
going. I have a sacrificial indy to install it on when I find the time.



More information about the tech mailing list