Hi there We're getting false alarms triggering on our NIDS due to PASV-mode YUM FTP sessions. This is on no account the fault of YUM, but I was wondering if we could reconfigure YUM to use non-PASV (ie PORT) mode FTP instead (better yet, disable FTP so that YUM only used HTTP servers). We can do some NIDS whitelisting tricks for PORT-mode - as port 20 is always used - which we can't do with PASV-mode. So YUM uses urlgrabber which in turn uses ftplib, which in turn has a "set_pasv" option. But I don't seem to be able to alter that by adding it to /etc/yum.conf? Can I do that, or would I actually have to fiddle with ftplib to achieve what I want (I won't do that - too many downstream consequences) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Yum mailing list Yum@xxxxxxxxxxxxxxxxx http://lists.baseurl.org/mailman/listinfo/yum
