Hi,

there could be an interesting update at http://sunsolve.sun.com/patches/cobalt/raq4.eng.html:

Security Hardening patch for the Sun Cobalt RaQ 4 server appliance. Includes port scan detection and buffer overflow detection.

cu
Daniel

Here's a reply I just sent to the Cobalt Users mailing list...

I've installed it on a test server and tested out the port scanning
functionality and it works wonderfully. It' much more effective than
portsentry on its own since it operates directly with the ethernet port,
though you probably don't gain anything over a portsentry+ipchains
configuration.

It appears to use the same firewall as the Qube3 package (Sun's Phoenix
FireWall) and you can monior activity of that in /var/log/phoenix.log

As for the buffer overflow protection, they've implemented Immunix'
StackGuard http://www.immunix.org/ . This protects against "stack smashing"
and uses a replacement GCC compiler. What they have done is rebuilt the
existing binaries for the port exposed daemons plus the kernel to prevent
this type of attack. This is why if you've upgraded any of the typical
services such as proftpd, sendmail, apache, qpopper, imap bind, telnet and
your kernel it will be downgraded to the Sun Cobalt standard version.

It seems like a very handy update.

One point of interest, there is a warning in the configuration of the port
scan protection that if you go beyond just logging and switch on blocking it
does warn that you may open yourself to DOS attacks. It's obvious why, but
will be interesting to see if and when people are affected by this.

Funny that it's not actually been announced - who feels like a beta tester?

They finally announced it, but the funny thing is that the PDF describing it's usage is month's old.
Thanks for some inside information!
It would be helpful if Cobalt provided details of what this update changes exactly, as I've spent a lot of time upgrading and fixing things.

This was posted earlier this morning:
http://www.nobaloney.net/wpCobaltRaqSHP.html