Linux Server Security by Michael D. Bauer The unconfirmed error reports are from readers. They have not yet been approved or disproved by the author or editor and represent solely the opinion of the reader. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification This page was updated June 6, 2008. UNCONFIRMED errors and comments from readers: [87] Box at bottom; The two iptables rules in this box seem to be as from Stephens' website, here: http://www.kalamazoolinux.org/presentations/20010417/conntrack.html and or here: http://www.sns.ias.edu/~jns/wp/2006/01/12/iptables-connection-tracking-ftp/ The rules presented there are for a CLIENT accessing ftp. For an ftp server, INPUT and OUTPUT in the two rules should be reversed as stated in the notes at the bottom of the page, second link. {210} axfr-get Makefile example; In the Makefile example on this page, there is a reference to the command '/usr/local/bin/tcpclient -i a.ns.hackenbush.com 53 /usr/local/bin/axfr-get flywheel.com flywheel.data flywheel.tmp' However, the '-i' flag expects an argument (it specifies the local IP address to use - http://cr.yp.to/ucspi-tcp/tcpclient.html), and the make fails. It will work if the flag is omitted. {420} 7th line from the bottom; bash-# useradd -d /var/logjail -g syslogng -r syslogng and in the next line is stated that the -r flag tells useradd to set the account automatically to /bin/false, etc... The problem is that useradd doesn't have an "-r" flag. Was it mistaken with "-s /bin/false"? {433} 4th paragraph; From: http://www.balabit.com/products/syslog_ng/reference/x97.html -------------------------------------------- In earlier revisions of syslog-ng there was a special filter identifier, "DEFAULT", which matched all not-yet-matched messages. This could make your configuration much simpler and easier to manage. This feature was removed in syslog-ng 1.5.x, and a more powerful idea was introduced. For more details consult the Section called Log paths. --------------------------------------------