AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20070810100445.2db79180@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:onstor-exch02.onstor.net
NSV:
SSH:
R:<ranga.nathan@onstor.com>,<sandrine.boulanger@onstor.com>,<jonathan.goldick@onstor.com>,<caeli.collins@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@onstor-exch02.onstor.net/INBOX	0	BB375AF679D4A34E9CA8DFA650E2B04E046A5CA1@onstor-exch02.onstor.net
X-Sylpheed-End-Special-Headers: 1
Date: Fri, 10 Aug 2007 10:07:11 -0700
From: Andrew Sharp <andy.sharp@onstor.com>
To: "Ranga Nathan" <ranga.nathan@onstor.com>, Sandrine Boulanger
 <sandrine.boulanger@onstor.com>, Jonathan Goldick
 <jonathan.goldick@onstor.com>, Caeli Collins <caeli.collins@onstor.com>
Subject: Re: case: 5611
Message-ID: <20070810100711.45d85aa2@ripper.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E046A5CA1@onstor-exch02.onstor.net>
References: <08ea01c7db0a$743fc280$03517e0a@csslt112>
	<BB375AF679D4A34E9CA8DFA650E2B04E046A5CA1@onstor-exch02.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 9 Aug 2007 22:02:34 -0700 "Sandrine Boulanger"
<sandrine.boulanger@onstor.com> wrote:


> Customers question:
> 
> Is there a way to restrict the management related system processes
> such as sshd & httpd to the ip addresses assigned to the ssc
> interfaces? 

There is a standard way of telling sshd to listen soley on a specific
IP address and/or port number.  Someone would have to log into the
machine as root and hack^Wchange a value in the config file.  This
wouldn't require any bsd firewall stuff, but would also almost
certainly be overwritten on upgrades.  I don't know if we can do this
on our http daemon.

Cheers,

a
