## Hardening SUSE

From: "andrew cooke" <andrew@...>

Date: Sat, 21 Apr 2007 18:23:14 -0400 (CLT)

So, for two weeks I have been running my local server without a firewall.
Ports 25 (SMTP), 111 (portname) and 143 (IMAP) were all open to the world.

(Don't ask how - in fact, I now realise that they weren't quite "as open"
as I first thought, when "shields up" showed some alarming red squares -
https://www.grc.com/ and, I believe, I should have been moderately safe
anyway, as SMTP and IMAP were configured internally to only accept local
requests and all services are using the latest patches)

Anyway, once I'd fixed the problem, I thought it was probably worthwhile
configuring services not to bind to the external address at all.  For most
it's simply a change in the config file.  However, exim (IMAP) requires
the -oX command line argument (which can be specified via sysconfig in
SUSE) and portmap requires "-i" (which I set in /etc/init.d/portmap).
There seems to be no need to use -oP with exim.

Andrew