diff -urN Bastille-orig/Bastille/Firewall.pm Bastille/Bastille/Firewall.pm --- Bastille-orig/Bastille/Firewall.pm 2004-03-22 18:45:36.376652656 -0500 +++ Bastille/Bastille/Firewall.pm 2004-03-22 18:47:57.909136448 -0500 @@ -71,7 +71,7 @@ { 'varname' => "TCP_AUDIT_SERVICES", - 'default' => "telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh", + 'default' => "telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh", 'stanza' => "2", 'configname' => 'ip_s_tcpaudit', }, diff -urN Bastille-orig/Questions.txt Bastille/Questions.txt --- Bastille-orig/Questions.txt 2004-03-22 18:45:36.367654024 -0500 +++ Bastille/Questions.txt 2004-03-22 18:46:13.815961016 -0500 @@ -1584,7 +1584,7 @@ some standalone services like OpenSSH, and --unless otherwise configured-- services running under Red Hat's xinetd super-server, you can configure restrictions based on network address in /etc/hosts.allow. The services -using inetd or xinetd typically include telnet, ftp, pop, imap, finger, +using inetd or xinetd typically include telnet, ftp, pop, imap2, finger, and a number of other services. If you would like, Bastille can configure a default policy for all inetd, @@ -4119,11 +4119,11 @@ interfaces (only the \"public\" interfaces) to these ports and/or services. This is useful to spot possible probes or attacks. The default setting records connection attempts to several services, although you may not have them installed or enabled. " -QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login +QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]" REQUIRE_DISTRO: LINUX DB SE TB GE SKIP_CHILD: ip_s_udpaudit -DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh +DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh CONFIRM_TEXT: " \nY" YN_TOGGLE: 0 YES_EXP: @@ -4237,8 +4237,8 @@ For instance, a corporate firewall/mailserver might have \"smtp\" enabled on the public side to accept outside mail, and for \"internal\" interfaces it might -allow both \"smtp\" and \"imap\" so local users can both send and get mail; in that -case you would set this value to \"smtp imap\". This does not affect IP Masquerading's +allow both \"smtp\" and \"imap2\" so local users can both send and get mail; in that +case you would set this value to \"smtp imap2\". This does not affect IP Masquerading's ability to let masq'ed users access any services on outside/Internet hosts. " QUESTION: "TCP service names or port numbers to allow on private interfaces: [ ]" REQUIRE_DISTRO: LINUX DB SE TB GE @@ -4651,11 +4651,11 @@ interfaces (only the \"public\" interfaces) to these ports and/or services. This is useful to spot possible probes or attacks. The default setting records connection attempts to several services, although you may not have them installed or enabled. " -QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login +QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]" REQUIRE_DISTRO: LINUX DB SE TB GE SKIP_CHILD: ip_b_udpaudit -DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh +DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh CONFIRM_TEXT: " \nY" YN_TOGGLE: 0 YES_EXP: diff -urN Bastille-orig/Server-modify-by-Spong Bastille/Server-modify-by-Spong --- Bastille-orig/Server-modify-by-Spong 2004-03-22 18:45:36.363654632 -0500 +++ Bastille/Server-modify-by-Spong 2004-03-22 18:46:31.595258152 -0500 @@ -10,8 +10,8 @@ IPChains.ip_b_trustiface="lo" # Q: Public interfaces: [eth+ ppp+ slip+] IPChains.ip_b_publiciface="eth+ ppp+ slip+" -# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] -IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] +IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" # Q: UDP services to audit: [31337] IPChains.ip_b_udpaudit="31337" # Q: TCP service names or port numbers to allow on public interfaces: [ ] diff -urN Bastille-orig/ServerModerate.config Bastille/ServerModerate.config --- Bastille-orig/ServerModerate.config 2004-03-22 18:45:36.361654936 -0500 +++ Bastille/ServerModerate.config 2004-03-22 18:46:41.919688600 -0500 @@ -10,8 +10,8 @@ IPChains.ip_b_trustiface="lo" # Q: Public interfaces: [eth+ ppp+ slip+] IPChains.ip_b_publiciface="eth+ ppp+ slip+" -# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] -IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] +IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" # Q: UDP services to audit: [31337] IPChains.ip_b_udpaudit="31337" # Q: TCP service names or port numbers to allow on public interfaces: [ ] diff -urN Bastille-orig/ServerParanoia.config Bastille/ServerParanoia.config --- Bastille-orig/ServerParanoia.config 2004-03-22 18:45:36.379652200 -0500 +++ Bastille/ServerParanoia.config 2004-03-22 18:46:50.680356776 -0500 @@ -10,8 +10,8 @@ IPChains.ip_b_trustiface="lo" # Q: Public interfaces: [eth+ ppp+ slip+] IPChains.ip_b_publiciface="eth+ ppp+ slip+" -# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] -IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] +IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" # Q: UDP services to audit: [31337] IPChains.ip_b_udpaudit="31337" # Q: TCP service names or port numbers to allow on public interfaces: [ ] diff -urN Bastille-orig/WorkstationModerate.config Bastille/WorkstationModerate.config --- Bastille-orig/WorkstationModerate.config 2004-03-22 18:45:36.359655240 -0500 +++ Bastille/WorkstationModerate.config 2004-03-22 18:46:59.968944696 -0500 @@ -10,8 +10,8 @@ IPChains.ip_b_trustiface="lo" # Q: Public interfaces: [eth+ ppp+ slip+] IPChains.ip_b_publiciface="eth+ ppp+ slip+" -# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] -IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] +IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" # Q: UDP services to audit: [31337] IPChains.ip_b_udpaudit="31337" # Q: TCP service names or port numbers to allow on public interfaces: [ ] diff -urN Bastille-orig/WorkstationParanoia.config Bastille/WorkstationParanoia.config --- Bastille-orig/WorkstationParanoia.config 2004-03-22 18:45:36.379652200 -0500 +++ Bastille/WorkstationParanoia.config 2004-03-22 18:47:08.842595696 -0500 @@ -10,8 +10,8 @@ IPChains.ip_b_trustiface="lo" # Q: Public interfaces: [eth+ ppp+ slip+] IPChains.ip_b_publiciface="eth+ ppp+ slip+" -# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] -IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh] +IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" # Q: UDP services to audit: [31337] IPChains.ip_b_udpaudit="31337" # Q: TCP service names or port numbers to allow on public interfaces: [ ] diff -urN Bastille-orig/bastille-firewall.cfg Bastille/bastille-firewall.cfg --- Bastille-orig/bastille-firewall.cfg 2004-03-22 18:45:36.378652352 -0500 +++ Bastille/bastille-firewall.cfg 2004-03-22 18:47:24.028287120 -0500 @@ -84,7 +84,7 @@ # # Also see item 12, LOG_FAILURES # -#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +#TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" # anyone probing for BackOrifice? #UDP_AUDIT_SERVICES="31337" # how about ICMP? @@ -102,7 +102,7 @@ # Please make sure variable assignments are on single lines; do NOT # use the "\" continuation character (so Bastille can change the # values if it is run more than once) -TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" +TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" UDP_AUDIT_SERVICES="31337" ICMP_AUDIT_TYPES=""