I really appreciate it, this is exactly what I was looking for.
Thanks again,
John
>>> "Jeff Kennedy" <jlkennedy AT amcc DOT com> 7/15/2002 11:12:03 AM >>>
/etc/init.d/sendmail or /etc/rc2.d/S88sendmail. These 2 are
hardlinked
so it doesn't matter which one you edit, they are the same inode.
On Solaris 8, line 18 of this file should be:
MODE="-bd"
Just make it an empty "" and restart sendmail (or reboot if you want
to
test it).
man sendmail.....
-bd Run as a daemon in the background, waiting for incom-
ing SMTP connections.
This is a very bad thing if it's not a sendmail server...
root 237 1 0 Jul 08 ? 0:00 /usr/lib/sendmail -bd -q15m
(very, very, bad....)
root 237 1 0 Jul 08 ? 0:00 /usr/lib/sendmail
-q15m (much
better....)
~JK
John Pyle wrote:
>
> I really do not have a security issue with the reports or sending
e-mail
> out of this server. The vulnerabilities of sendmail itself were my
> Security Officer's main issue. Could you tell me if you know how to
> configure sendmail to come up without the -bd option? I would want
this
> to be the default and not depend on a manual restart of sendmail at
each
> boot. Is there a config file that starts sendmail with the -bd
option
> that I can change, or a rc script that can be modified? If you do
not
> have the details I will research this but I thought if you knew it
would
> save me the time.
>
> Thanks again,
>
> John
>
> >>> "Jeff Kennedy" <jlkennedy AT amcc DOT com> 7/11/2002 7:47:28 AM >>>
> There was a reply earlier regarding putting sendmail in
non-listening
> mode; essentially restarting it without the -bd option. If you do
> that
> then there is *no* security risk of a break-in via sendmail.
>
> The only argument to that is that mail could be sent out if someone
> managed to break in. But come on, they could do that anyway (take a
> look at mconnect if they want an idea of how it's done).
>
> ~JK
>
> John Pyle wrote:
> >
> > I have a security standard that may prevent my using send mail, or
> lpr for reporting. As the only other option is files within
Netbackup /
> Vault I'm trying to investigate other options for reporting. Has
anyone
> found themselves in the same situation? I'm not sure sendmail is
really
> that vulnerable in my environment, but I'm also leery of taking the
> responsibility of creating a security breech. I had resolved to
setup
> an FTP from my workstation to the master server to grab logs and
vault
> reports, but for backup success/failure reporting I'm not sure what
I
> will need to do.
> >
> > Thank You,
> >
> > John Pyle
> >
> > _______________________________________________
> > NBU-LSERV AT datastaff DOT com - Advanced NetBackup Scripting Maillist
> > http://dsihost-srv01.com/mailman/listinfo/nbu-lserv
> > Check out the Advanced Scripting Website
> > http://www.NetBackupCentral.com
> >
>
> --
> =====================
> Jeff Kennedy
> Unix Administrator
> AMCC
> jlkennedy AT amcc DOT com
--
=====================
Jeff Kennedy
Unix Administrator
AMCC
jlkennedy AT amcc DOT com
|