On Mon, Aug 2, 2010 at 13:28, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > Hi, > Mike noticed that someone had setup an irc bot running on > fedorapeople.org talking to an irc channel that was not remotely fedora > related. Even if it had been fedora-related it's still not something we > want running fedorapeople.org. I put in an outgoing port reject to > things bound to 6667. I'll work on a slightly better option soon but I > wanted to let everyone know about this and ask if there were any other > suggestions on how to best block this sort of thing. > > Thanks, > -sv Coming from a different background but dealing with summer students we usually put our people systems on a limited outbound network. We knew that 80,443,22,53 were going to happen so we allowed those through a proxy and everything else got logged and checked daily. Way overkill probably but the wonders of iptables tables allows for all kinds of local magic :). [Or a good selinux policy]. Personally I was thinking policy wise we MOTD that this server is not meant for running services or daemons off of and the definition of such things is up to the administrators and not the users :). -- Stephen J Smoogen. “The core skill of innovators is error recovery, not failure avoidance.” Randy Nelson, President of Pixar University. "We have a strategic plan. It's called doing things."" — Herb Kelleher, founder Southwest Airlines _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
