The Problem

We wish to export directories under NFS but want to do it in a way that minimises hacking. Some of these directories are for installation of Redhat Linux, Debian Linux and FreeBSD UNIX so will be readable by anyone with the domain. The trick here will be to keep in mountable/probable by computers within the specified subnets.

One of Possibly Many Solutions(?)

This is based around using Wietse Venema's portmapper utilties to give extra protection against hacker probes.

The /etc/exports setting on the webserver /web_disc/ccp14/web_area/web_live/people/lachlan/indycam -rw,access=indy.name The /usr/etc/portmapper security setting on the webserver to limit hacker portmapper/mountd/rpc probes (As run on initialisation in /etc/init.d/network. Do a "man portmap". This can be reconfigured and restarted without rebooting using Wietse Venema's portmapper utilties) -v -a 255.255.255.255,indy-ip-address (single machine) Then using Wietse Venema's portmapper program do the following sequence of commands to be able to restart the "IRIX" portmapper without having to reboot the machine. ./pmap_dump > table killall portmap /usr/etc/portmap `cat /etc/config/portmap.options` ./pmap_set < table Also do a man ipfilterd In the above export, the /etc/mtab setting on the local Indy client are: webserver.ccp14.ac.uk:/web_disc/ccp14/web_area/web_live/people/lachlan/indycam /indydirectory/indycam nfs vers=3,rw,intr,bg,dev=c0001 0 0