Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Re: [NBUADV-L] Reporting without e-mail

2002-07-15 16:43:25
Subject: [Veritas-bu] Re: [NBUADV-L] Reporting without e-mail
From: PYLE AT wapa DOT gov (John Pyle)
Date: Mon, 15 Jul 2002 14:43:25 -0600 
I really appreciate it, this is exactly what I was looking for.

Thanks again,

John

>>> "Jeff Kennedy" <jlkennedy AT amcc DOT com> 7/15/2002 11:12:03 AM >>>
/etc/init.d/sendmail or /etc/rc2.d/S88sendmail.  These 2 are
hardlinked
so it doesn't matter which one you edit, they are the same inode.

On Solaris 8, line 18 of this file should be:

MODE="-bd"

Just make it an empty "" and restart sendmail (or reboot if you want
to
test it).

man sendmail.....

 -bd   Run as a daemon in the background, waiting for  incom-
           ing SMTP connections.

This is a very bad thing if it's not a sendmail server...

root   237     1  0   Jul 08 ?        0:00 /usr/lib/sendmail -bd -q15m 

(very, very, bad....)

root   237     1  0   Jul 08 ?        0:00 /usr/lib/sendmail
-q15m   (much
better....)

~JK

John Pyle wrote:
> 
> I really do not have a security issue with the reports or sending
e-mail
> out of this server.  The vulnerabilities of sendmail itself were my
> Security Officer's main issue.  Could you tell me if you know how to
> configure sendmail to come up without the -bd option?  I would want
this
> to be the default and not depend on a manual restart of sendmail at
each
> boot.  Is there a config file that starts sendmail with the -bd
option
> that I can change, or a rc script that can be modified?  If you do
not
> have the details I will research this but I thought if you knew it
would
> save me the time.
> 
> Thanks again,
> 
> John
> 
> >>> "Jeff Kennedy" <jlkennedy AT amcc DOT com> 7/11/2002 7:47:28 AM >>>
> There was a reply earlier regarding putting sendmail in
non-listening
> mode; essentially restarting it without the -bd option.  If you do
> that
> then there is *no* security risk of a break-in via sendmail.
> 
> The only argument to that is that mail could be sent out if someone
> managed to break in.  But come on, they could do that anyway (take a
> look at mconnect if they want an idea of how it's done).
> 
> ~JK
> 
> John Pyle wrote:
> >
> > I have a security standard that may prevent my using send mail, or
> lpr for reporting.  As the only other option is files within
Netbackup /
> Vault I'm trying to investigate other options for reporting.  Has
anyone
> found themselves in the same situation?  I'm not sure sendmail is
really
> that vulnerable in my environment, but I'm also leery of taking the
> responsibility of creating a security breech.  I had resolved to
setup
> an FTP from my workstation to the master server to grab logs and
vault
> reports, but for backup success/failure reporting I'm not sure what
I
> will need to do.
> >
> > Thank You,
> >
> > John Pyle
> >
> > _______________________________________________
> > NBU-LSERV AT datastaff DOT com - Advanced NetBackup Scripting Maillist
> > http://dsihost-srv01.com/mailman/listinfo/nbu-lserv 
> > Check out the Advanced Scripting Website
> > http://www.NetBackupCentral.com 
> >
> 
> --
> =====================
> Jeff Kennedy
> Unix Administrator
> AMCC
> jlkennedy AT amcc DOT com 

-- 
=====================
Jeff Kennedy
Unix Administrator
AMCC
jlkennedy AT amcc DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] Re: [NBUADV-L] Reporting without e-mail, John Pyle <=
Previous by Date:  [Veritas-bu] Increasing Job Monitor, Scott Jacobson
Next by Date:  [Veritas-bu] catalog merger, vidit kohli
Previous by Thread:  [Veritas-bu] vmd (69), david AT dsihost-srv01 DOT com
Next by Thread:  [Veritas-bu] catalog merger, vidit kohli
Indexes:  [Date] [Thread] [Top] [All Lists]