Results 1 to 2 of 2

Thread: Amanda 2.4.4p3 - locking down client ports

  1. #1

    Question Amanda 2.4.4p3 - locking down client ports

    Hi All,

    I've just inherited an old Amanda system from a group of admins, and charged with locking down it's security.

    build:
    VERSION="Amanda-2.4.4p3"
    BUILT_DATE="Mon Jun 28 15:53:32 EDT 2004"


    All clients and servers are built on RHEL4.
    The problem is the ports the client sets up to listen on after the initial request from the server.

    server ---request---> client (udp port 10080)

    client then setups up a few random ports for the dumper processes for the server to connect to.

    Pretty much like an ftp session.

    Is there a way to lock down a range of ports that the client can use? so I can define proper firewall rules for it.
    Keep in mind this is an old version 2.4.4 which from another post I gathered doesn't have all the nice parameters like:
    reserved-udp-port
    reserved-tcp-port
    unreserved-tcp-port

    And yes I've tried those parameters, and the old version of Amanda doens't recognise them.

    Upgrading the version of Amanda is not possible, because these are legacy systems and the operator group isn't in a position to upgrade.

    Hard to find a solution as all the current documentation available are for version 2.5 onwards.

  2. #2
    Join Date
    Oct 2005
    Location
    Bay Area, CA
    Posts
    124

    Default

    in /tmp/amanda/amandad*debug* file which list the debug option it used to compile Amanda.
    Search for 'port' or 'portrange'. If it's there, you can use that range to secure the firewall properly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •