[828] in Intrusion Detection Systems
Re: Securing NSF
daemon@ATHENA.MIT.EDU (Jas (Matthew K))
Thu Jan 2 13:06:34 1997
From: Jas (Matthew K) <matt@uts.EDU.AU>
To: ids@uow.edu.au
Date: Mon, 30 Dec 1996 09:59:16 +1100 (EADT)
Cc: bos@suburbia.net.au
In-Reply-To: <Pine.OSF.3.91.961218093620.6203A-100000@venus.javeriana.edu.co> from "Carlos Medina --Ad
mon. Sistema" at Dec 18, 96 09:58:47 am
X-Mailer: ELM [version 2.4 PL25]
Content-Type: text
Sender: owner-ids
Precedence: bulk
Reply-To: ids
Carlos Medina --Admon. Sistema wrote this...
> Hello everyone,
> Does anyone knows how to make more secure the files shared with NFS,
> besides the usual thing of changing the configuration of
> /etc/exports (OSF/1), /etc/dfs/sharetab(Sunos 5.4), maybe changing
> the rpc configuration? Is there any package (better if freeware)
> that could do this job?
try SecureNFS or Kerberos NFS, both are supported under the standard
shipping of solaris (sorry no support for Secure NFS seems to exist on
other platforms that i have seen). Kerberos supports authentication,
and SecureNFS supports both encryption (US verisons only), and
authentication. the manual pages arent entirely clear on how to do
this (share_nfs(1m) Solaris only), but the NFS Administration Guide
has a bit more info. Linux may have the source code for it but im not
sure. if you are really gung ho, you can download a NFS version 3
server from playground.sun.com and the tirpc source code as well,
follow a few of the white papers on the server about SecureRPC,
SecureNFS, and NIS+ and hack the code together yourself (left as an
excercise for the reader). the legality of said approach is by no
means clear (to me anyhow, im no lawyer), but the source code is there
for the looking.
Matt
P.S. if someone is really interested i might be able to invest
_some_ time into this.
