Le Lundi 17 Septembre 2001 20:15, Christian Belisle scribit :
> --=-=-=
> Name : Bastille Relocations: (not relocateable)
> Version : 1.2.0 Vendor: MandrakeSoft
> Release : 1.3mdk Build Date: Mon Sep 17 20:00:34
> --=-=-=
>
> * Mon Sep 17 2001 Christian Belisle <[EMAIL PROTECTED]>
> 1.2.0-1.3mdk
>
> - Fixed log level bug. (Thanks Fabrice)
Note : don't strip line beginning with > as I use this to separate comments
and quotations.
Another problem. In the firewall config ( InteractiveBastille, I don't test
the others ) it proposes to audit services. In the default selection/answer
there is pop-3. The right name is pop3. The problem comes from the default
value of /usr/share/Bastille/Questions.txt :
> LABEL: ip_s_tcpaudit
> SHORT_EXP: "List any TCP-based services (name or port number) that you want
> the kernel
> to log connection attempts from the \"public\" interfaces."
> LONG_EXP: "List any TCP-based services (name or port number) that you want
> the kernel
> to log connection attempts from the \"public\" interfaces.
> If you have \"syslog\" configured to log \"kern\" messages of \"info\"
> level, the kernel will automatically log connection attempts from the
\"public\"
> interfaces (only the \"public\" interfaces) to these ports and/or services.
> This is
> useful to spot possible probes or attacks. The default setting records
connection
> attempts to several services, although you may not have them installed or
enabled. "
> QUESTION: "TCP services to audit: [telnet ftp imap pop-3 finger sunrpc exec
~~~~~
> login linuxconf ssh]"
> DEFAULT_ANSWER: telnet ftp imap pop-3 finger sunrpc exec login linuxconf ssh
~~~~~
> CONFIRM_TEXT: " \nY"
> YN_TOGGLE: 0
> YES_EXP:
> NO_EXP:
> YES_CHILD: ip_s_udpaudit
> NO_CHILD:
> PROPER_PARENT: ip_s_internaliface
> [root@bastard root]# InteractiveBastille
> Using Tk user interface module.
> Only displaying questions relevant to the current configuration.
> Existing config file found. Populating answers...
> About to run through config file...
> iptables v1.2.2: invalid TCP port/service `pop-3' specified
~~~~~~
> Try `iptables -h' or 'iptables --help' for more information.
> [root@bastard root]# grep pop /etc/services
> ########## 106 Unauthorized use by insecure poppassd protocol
> pop2 109/tcp Post Office Protocol - Version 2
> pop2 109/udp Post Office Protocol - Version 2
> pop3 110/tcp Post Office Protocol - Version 3
> pop3 110/udp Post Office Protocol - Version 3
> hybrid-pop 473/tcp hybrid-pop
> hybrid-pop 473/udp hybrid-pop
> pop3s 995/tcp pop3 protocol over TLS/SSL (was spop3)
> pop3s 995/udp pop3 protocol over TLS/SSL (was spop3)
> # Donny Gilor <[EMAIL PROTECTED]>
> # OpenMail Encyclopedia <[EMAIL PROTECTED]>
> # OpenMail Encyclopedia <[EMAIL PROTECTED]>
> kpop 1109/tcp # Pop with Kerberos
As it seems it use a text file to print question, do you plan do make a
translation ? Maybe en French ? If you want help for the translation, I can
try to do my best to participate for the translation. To my mind it may
compensate for the lack of documentation.
I've just have a look to the others files /usr/share/Bastille/*.config : all
except for the *Lax* one ( ServerLax.config WorkstationLax.config ) have the
same problem.
So pop-3 have to be replaced by pop3 in ServerModerate.config
ServerParanoia.config WorkstationModerate.config WorkstationParanoia.config
from WorkstationModerate.config :
> # Q: TCP services to audit: [telnet ftp imap pop-3 finger sunrpc exec login
~~~~~
> linuxconf ssh]
> IPChains.ip_b_tcpaudit="telnet ftp imap pop-3 finger sunrpc exec login
linuxconf ssh"
--
Copyleft Faber's prod. 2001
http://perso.wanadoo.fr/linux_wizard/index.html
