Le Lundi 17 Septembre 2001 15:07, Borsenkow Andrej scribit :
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:cooker-owner@linux-
> > mandrake.com] On Behalf Of Borsenkow Andrej
> > Sent: Thursday, September 13, 2001 2:27 PM
> > To: Mandrake cooker list
> > Subject: [Cooker] Bastille does not work again.
> >
> > [root@cooker root]# InteractiveBastille
> > Using Tk user interface module.
> > Only displaying questions relevant to the current configuration.
> > This distribution version is not yet supported!
> > Compilation failed in require at /usr/sbin/InteractiveBastille line
>
> 256.
>
> > [root@cooker root]# rpm -qa | grep Bastille
> > Bastille-Tk-module-1.2.0-1.1mdk
> > Bastille-1.2.0-1.1mdk
> > Bastille-Curses-module-1.2.0-1.1mdk
> >
> > Hmm ... was not it already fixed?
you've got also this one when you want to audit ports :
> sep 17 12:39:41 bastard bastille-firewall: Setting up IP spoofing
protection... done.
> sep 17 12:39:41 bastard bastille-firewall: Allowing traffic from trusted
interfaces...
> sep 17 12:39:42 bastard bastille-firewall: done.
> sep 17 12:39:42 bastard bastille-firewall: Setting up chains for
public/internal interface traffic...
> sep 17 12:39:42 bastard bastille-firewall: done.
> sep 17 12:39:42 bastard bastille-firewall: Setting up general rules...
> sep 17 12:39:42 bastard bastille-firewall: iptables v1.2.2:
> sep 17 12:39:42 bastard bastille-firewall: log-level `--log-prefix' unknown
> sep 17 12:39:42 bastard bastille-firewall: Try `iptables -h' or 'iptables
--help' for more information.
> sep 17 12:39:42 bastard bastille-firewall: iptables v1.2.2: log-level
`--log-prefix' unknown
etc .....
this error is repeat again with ifup :
> sep 17 12:39:48 bastard ifup: resetting the Bastille firewall ruleset
> sep 17 12:39:48 bastard ifup: Setting up IP spoofing protection...
> sep 17 12:39:48 bastard ifup: done.
> sep 17 12:39:48 bastard ifup: Allowing traffic from trusted interfaces...
done.
> sep 17 12:39:48 bastard ifup: Setting up chains for public/internal
interface traffic...
> sep 17 12:39:48 bastard ifup: done.
> sep 17 12:39:48 bastard ifup: Setting up general rules...
> sep 17 12:39:48 bastard ifup: iptables v1.2.2:
> sep 17 12:39:48 bastard ifup: log-level `--log-prefix' unknown
> sep 17 12:39:48 bastard ifup: Try `iptables -h' or 'iptables --help' for
more information.
> sep 17 12:39:48 bastard ifup: iptables v1.2.2: log-level `--log-prefix'
unknown
> sep 17 12:39:48 bastard ifup: Try `iptables -h' or 'iptables --help' for
more information.
the problem come from /sbin/bastille-netfilter where the variable
IPTABLES_LOG_LEVEL is not set and on top of that there's no explanation
concerning its possible values.
there's a lot of line with -j LOG --log-level ${IPTABLES_LOG_LEVEL}
--log-prefix
a way to solve the probleme is to ... set this variable in
/etc/Bastille/bastille-firewall.cfg :
# 12) Logging
# With this enabled, ipchains will log all blocked packets.
# ** this could generate huge logs **
# This is primarily intended for the port mointoring system;
# also note that you probably do not want to "AUDIT" any services
# that you are not allowing, as doing so would mean duplicate
# logging
LOG_FAILURES="N" # do not log blocked packets
IPTABLES_LOG_LEVEL="1" # define the log level for audited
packets
--
Copyleft Faber's prod. 2001
http://perso.wanadoo.fr/linux_wizard/index.html
