Some further information on this problem.
There are no entries in either the /etc/hosts.deny or hosts.allow files.
So this isnt causing the problem.
I can perform an iptables -F and then set all the default policies back
to accept and everything works fine. Of course this leaves me with no
firewall too. So it looks like it is some firewalling rule that is
causing the problem.
I attached a copy of my bastille-firewall.cfg file to see if anyone sees
a problem with it. I don't see anything in there that could be causing
this.
Thanks,
Ian K. Harrell
[EMAIL PROTECTED]
"Dragon ." <[EMAIL PROTECTED]> wrote:
> Try this, I couldn't connect with SSH from anywhere and I swore up and
down
> that Bastille was setup correctly. Look in the hosts.deny file. I
found an
> entry with ALL:ALL... I deleted that line and everything worked fine.
I
> could still browse to FTP and HTTP when the line was there but I
couldn't
> connect via SSH. Its another place to look.
>
> From: "Ian K.Harrell" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [newbie] cant connect to apache, ssh, ftp or telnet from
network
> Date: 21 Dec 2001 09:42:11 EST
>
> Hi all,
>
> I installed 8.1 the other day. (3 disc set from cheapbytes). Then use
> Interactive Bastille to configure firewalling, internet masquerading
and
> basic system security.
>
> The problem is that while i can connect to the machine locally
> (http://localhost) noone can connect to it over the lan with either
> telnet, ssh, ftp or http. These servers are running and I told Bastille
> to leave these ports open to the internal network.
>
> On the public network i left ssh and 80 open so i could connect in over
> the web from home and so we could host a small company web site. Still
> noone can connect to them from the internet BUT i went to www.grc.com
> and ran the port probe and it showed the ports as being open. This
makes
> me wonder if it is a firewall rule that Bastille put in there or is
> there something else going on?
>
> Right now the only thing that is working over the lan is internet
> masquerading.
>
> Any ideas?
> Ian K. Harrell
> [EMAIL PROTECTED]
>
>
>
> Want to buy your Pack or Services from MandrakeSoft?
> Go to http://www.mandrakestore.com
>
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
>
>
> ---------------------------------------------
> Attachment: message.footer
> MIME Type: text/plain
> ---------------------------------------------
#
# /etc/bastille-firewall.cfg
#
# Configuration fiel for both 2.2/ipchains and 2.4/netfilter scripts
#
# version 0.99-beta1
# Copyright (C) 1999-2001 Peter Watkins
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Thanks to David Ranch, Brad A, Don G, and others for their suggestions
# the configuration values should be whitespace-delimited lists of
# appropriate values, e.g.
# TCP_PUBLIC_SERVICES="80 smtp ssh"
# lists Web (port 80), SMTP mail, and Secure Shell ports
#
# This script is suitable for workstations or simple NAT firewalls;
# you may want to add more "output" restrictions for serious servers
# 0) DNS servers. You must list your DNS servers here so that
# the firewall will allow them to service your lookup requests
#
# List of DNS servers/networks to allow "domain" responses from
# This _could_ be nameservers as a list of <ip-address>/32 entries
#DNS_SERVERS="a.b.c.d/32 e.f.g.h/32"
# If you are running a caching nameserver, you'll need to allow from
# "0.0.0.0/0" so named can query any arbitrary nameserver
# (To enable a caching nameserver, you will also probably need to
# add "domain" to the TCP and UDP public service lists.)
#DNS_SERVERS="0.0.0.0/0"
#
# To have the DNS servers parsed from /etc/resolv.conf at runtime,
# as normal workstations will want, make this variable empty
#DNS_SERVERS=""
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
DNS_SERVERS="0.0.0.0/0"
# 1) define your interfaces
# Note a "+" acts as a wildcard, e.g. ppp+ would match any PPP
# interface
#
# list internal/trusted interfaces
# traffic from these interfaces will be allowed
# through the firewall, no restrictions
#TRUSTED_IFACES="lo" # MINIMAL/SAFEST
#
# list external/untrusted interfaces
#PUBLIC_IFACES="eth+ ppp+ slip+" # SAFEST
#
# list internal/partially-trusted interfaces
# e.g. if this acts as a NAT/IP Masq server and you
# don't want clients on those interfaces having
# full network access to services running on this
# server (as the TRUSTED_IFACES allows)
#INTERNAL_IFACES="" # SAFEST
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TRUSTED_IFACES="lo"
PUBLIC_IFACES="eth+ ppp+ slip+"
INTERNAL_IFACES="eth0"
# 2) services for which we want to log access attempts to syslog
# Note this only audits connection attempts from public interfaces
#
# Also see item 12, LOG_FAILURES
#
#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
# anyone probing for BackOrifice?
#UDP_AUDIT_SERVICES="31337"
# how about ICMP?
#ICMP_AUDIT_TYPES=""
#ICMP_AUDIT_TYPES="echo-request" # ping/MS tracert
#
# To enable auditing, you must have syslog configured to log "kern"
# messages of "info" level; typically you'd do this with a line in
# syslog.conf like
# kern.info /var/log/messages
# though the Bastille port monitor will normally want these messages
# logged to a named pipe instead, and the Bastille script normally
# configures syslog for "kern.*" which catches these messages
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
UDP_AUDIT_SERVICES="31337"
ICMP_AUDIT_TYPES=""
# 3) services we allow connections to
#
# FTP note:
# To allow your machine to service "passive" FTP clients,
# you will need to make allowances for the passive data
# ports; Bastille users should read README.FTP for more
# information
#
# "public" interfaces:
# TCP services that "public" hosts should be allowed to connect to
#TCP_PUBLIC_SERVICES="" # MINIMAL/SAFEST
#
# UDP services that "public" hosts should be allowed to connect to
#UDP_PUBLIC_SERVICES="" # MINIMAL/SAFEST
#
# "internal" interfaces:
# (NB: you will need to repeat the "public" services if you want
# to allow "internal" hosts to reach those services, too.)
# TCP services that internal clients can connect to
#TCP_INTERNAL_SERVICES="" # MINIMAL/SAFEST
#
# UDP services that internal clients can connect to
#UDP_INTERNAL_SERVICES="" # MINIMAL/SAFEST
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TCP_PUBLIC_SERVICES="21 22 80"
UDP_PUBLIC_SERVICES=""
TCP_INTERNAL_SERVICES="21 22 23 80 5801 5901"
UDP_INTERNAL_SERVICES="21 22 23 80"
# 4) FTP is a firewall nightmare; if you allow "normal" FTP connections,
# you must be careful to block any TCP services that are listening
# on high ports; it's safer to require your FTP clients to use
# "passive" mode.
#
# Note this will also force clients on machines
# that use this one for NAT/IP Masquerading to use passive mode
# for connections that go through this server (e.g. from the
# internal network to public Internet machines
#
# For more information about FTP, see the Bastille README.FTP doc
#
#FORCE_PASV_FTP="N"
#FORCE_PASV_FTP="Y" # SAFEST
#
FORCE_PASV_FTP="N"
# 5) Services to explicitly block. See FTP note above
# Note that ranges of ports are specified with colons, and you
# can specify an open range by using only one number, e.g.
# 1024: means ports >= 1024 and :6000 means ports <= 6000
#
# TCP services on high ports that should be blocked if not forcing passive FTP
# This should include X (6000:6010) and anything else revealed by 'netstat -an'
# (this does not matter unless you're not forcing "passive" FTP)
#TCP_BLOCKED_SERVICES="6000:6020"
#
# UDP services to block: this should be UDP services on high ports.
# Your only vulnerability from public interfaces are the DNS and
# NTP servers/networks (those with 0.0.0.0 for DNS servers should
# obviously be very careful here!)
#UDP_BLOCKED_SERVICES="2049"
#
# types of ICMP packets to allow
#ICMP_ALLOWED_TYPES="destination-unreachable" # MINIMAL/SAFEST
# the following allows you to ping/traceroute outbound
#ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TCP_BLOCKED_SERVICES="2049 2065:2090 6000:6020 7100"
UDP_BLOCKED_SERVICES="2049 6770"
ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
# 6) Source Address Verification helps prevent "IP Spoofing" attacks
#
ENABLE_SRC_ADDR_VERIFY="Y"
# 7) IP Masquerading / NAT. List your internal/masq'ed networks here
#
# Also see item 4, FORCE_PASV_FTP, as that setting affects
# clients using IP Masquerading through this machine
#
# Set this variable if you're using IP Masq / NAT for a local network
#IP_MASQ_NETWORK="" # DISABLE/SAFEST
#IP_MASQ_NETWORK="10.0.0.0/8" # example
#IP_MASQ_NETWORK="192.168.0.0/16" # example
#
# Have lots of masq hosts? uncomment the following six lines
# and list the hosts/networks in /etc/firewall-masqhosts
# the script assumes any address without a "/" netmask afterwards
# is an individual address (netmask /255.255.255.255):
#if [ -f /etc/firewall-masqhosts ]; then
# echo "Reading list of masq hosts from /etc/firewall-masqhosts"
# # Read the file, but use 'awk' to strip comments
# # Note the sed bracket phrase includes a space and tab char
# IP_MASQ_NETWORK=`cat /etc/firewall-masqhosts | awk -F\# '/\// {print $1; next}
/[0-9]/ {print $1"/32"}' |sed 's:[ ]*::g'`
#fi
#
# Masq modules
# NB: The script will prepend "ip_masq_" to each module name
#IP_MASQ_MODULES="cuseeme ftp irc quake raudio vdolive" # ALL (?)
#IP_MASQ_MODULES="ftp raudio vdolive" # RECOMMENDED
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
IP_MASQ_NETWORK="192.168.0.0/255.255.255.0"
IP_MASQ_MODULES="ftp"
# 8) How to react to disallowed packets
# whether to "REJECT" or "DENY" disallowed packets; if you're running any
# public services, you probably ought to use "REJECT"; if in serious stealth
# mode, choose "DENY" so simple probes don't know if there's anything out there
# NOTE: disallowed ICMP packets are discarded with "DENY", as
# it would not make sense to "reject" the packet if you're
# trying to disallow ping/traceroute
#
REJECT_METHOD="DENY"
# 9) DHCP
# In case your server needs to get a DHCP address from some other
# machine (e.g. cable modem)
#DHCP_IFACES="eth0" # example, to allow you to query on eth0
#DHCP_IFACES="" # DISABLED
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
DHCP_IFACES=""
# 10) more UDP fun. List IP addresses or network space of NTP servers
#
#NTP_SERVERS="" # DISABLE NTP QUERIES / SAFEST
#NTP_SERVERS="a.b.c.d/32 e.f.g.h/32" # example, to allow querying 2 servers
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
NTP_SERVERS=""
# 11) more ICMP. Control the outbound ICMP to make yourself invisible to
# traceroute probes
#
#ICMP_OUTBOUND_DISABLED_TYPES="destination-unreachable time-exceeded"
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
ICMP_OUTBOUND_DISABLED_TYPES="destination-unreachable time-exceeded"
# 12) Logging
# With this enabled, ipchains will log all blocked packets.
# ** this could generate huge logs **
# This is primarily intended for the port mointoring system;
# also note that you probably do not want to "AUDIT" any services
# that you are not allowing, as doing so would mean duplicate
# logging
LOG_FAILURES="N" # do not log blocked packets
IPTABLES_LOG_LEVEL="1" # define the log level for audited
# 13) Block fragmented packets
# There's no good reason to allow these
#ALLOW_FRAGMENTS="N" # safest
ALLOW_FRAGMENTS="Y" # old behavior
# 14) Prevent SMB broadcasts from leaking out NAT setup
# Windows machines will poll teh net with SMB broadcasts,
# basically advertising their existence. Most folks agree
# that this traffic should be dropped
#DROP_SMB_NAT_BCAST="N" # allow them (are you sure?)
DROP_SMB_NAT_BCAST="Y" # drop those packets
# Q: Would you like to run the packet filtering script? [N]
Firewall.ip_intro="Y"
# Q:
Firewall.ip_detail_level_kludge="Y"
# Q: Do you need the advanced networking options?
Firewall.ip_advnetwork="Y"
# Q: DNS servers: [0.0.0.0/0]
Firewall.ip_s_dns="0.0.0.0/0"
# Q: Trusted interface names: [lo]
Firewall.ip_s_trustiface="lo"
# Q: Public interfaces: [eth+ ppp+ slip+]
Firewall.ip_s_publiciface="eth+ ppp+ slip+"
# Q: Internal interfaces: [ ]
Firewall.ip_s_internaliface="eth0"
# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
Firewall.ip_s_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
# Q: UDP services to audit: [31337]
Firewall.ip_s_udpaudit="31337"
# Q: TCP service names or port numbers to allow on public interfaces:[ ]
Firewall.ip_s_publictcp="21 22 80"
# Q: TCP service names or port numbers to allow on private interfaces: [ ]
Firewall.ip_s_internaltcp="21 22 23 80 5801 5901"
# Q: UDP service names or port numbers to allow on private interfaces: [ ]
Firewall.ip_s_internaludp="21 22 23 80 "
# Q: Force passive mode? [N]
Firewall.ip_s_passiveftp="N"
# Q: TCP services to block: [2049 2065:2090 6000:6020 7100]
Firewall.ip_s_tcpblock="2049 2065:2090 6000:6020 7100"
# Q: UDP services to block: [2049 6770]
Firewall.ip_s_udpblock="2049 6770"
# Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded]
Firewall.ip_s_icmpallowed="destination-unreachable echo-reply time-exceeded"
# Q: Enable source address verification? [Y]
Firewall.ip_s_srcaddr="Y"
# Q: Masqueraded networks: [ ]
Firewall.ip_s_ipmasq="192.168.0.0/255.255.255.0"
# Q: Kernel modules to masquerade: [ftp raudio vdolive]
Firewall.ip_s_kernelmasq="ftp"
# Q: Reject method: [DENY]
Firewall.ip_s_rejectmethod="DENY"
# Q: ICMP types to disallow outbound: [destination-unreachable time-exceeded]
Firewall.ip_s_icmpout="destination-unreachable time-exceeded"
# Q: Should Bastille run the firewall and enable it at boot time? [N]
Firewall.ip_enable_firewall="Y"
# Q: Would you like to disable SUID status for mount/umount?
FilePermissions.suidmount="N"
# Q: Would you like to disable SUID status for ping? [Y]
FilePermissions.suidping="N"
# Q: Would you like to disable SUID status for at? [Y]
FilePermissions.suidat="Y"
# Q: Would you like to disable SUID status for usernetctl? [Y]
FilePermissions.suidusernetctl="N"
# Q: Would you like to disable SUID status for traceroute? [Y]
FilePermissions.suidtrace="N"
# Q: Would you like to enforce password aging? [Y]
AccountSecurity.passwdage="N"
# Q: Would you like to restrict the use of cron to administrative accounts? [Y]
AccountSecurity.cronuser="Y"
# Q: Should we allow root to login on tty's 1-6? [Y]
AccountSecurity.rootttylogins="Y"
# Q: Would you like to password-protect the LILO prompt? [N]
BootSecurity.protectlilo="N"
# Q: Would you like to reduce the LILO delay time to zero? [N]
BootSecurity.lilodelay="N"
# Q: Do you ever boot Linux from the hard drive? [Y]
BootSecurity.lilosub_drive="Y"
# Q: Would you like to write the LILO changes to a boot floppy? [N]
BootSecurity.lilosub_floppy="N"
# Q: Would you like to disable CTRL-ALT-DELETE rebooting? [N]
BootSecurity.secureinittab="N"
# Q: Would you like to password protect single-user mode? [Y]
BootSecurity.passsum="N"
# Q: Would you like to set a default-deny on TCP Wrappers and xinetd? [N]
SecureInetd.tcpd_default_deny="N"
# Q: May we deactivate telnet? [y]
SecureInetd.deactivate_telnet="N"
# Q: May we deactivate ftp? [y]
SecureInetd.deactivate_ftp="N"
# Q: Would you like to disable the compiler? [N]
DisableUserTools.compiler="N"
# Q: Would you like to put limits on system resource usage? [Y]
ConfigureMiscPAM.limitsconf="N"
# Q: Should we restrict console access to a small group of user accounts? [N]
ConfigureMiscPAM.consolelogin="N"
# Q: Would you like to add additional logging? [Y]
Logging.morelogging="Y"
# Q: Do you have a remote logging host? [N]
Logging.remotelog="N"
# Q: Would you like to set up process accounting? [N]
Logging.pacct="N"
# Q: Would you like to disable GPM? [Y]
MiscellaneousDaemons.gpm="N"
# Q: Would you like to deactivate the routing daemons? [Y]
MiscellaneousDaemons.routing="N"
# Q: Would you like to chroot named and set it to run as a non-root user? [N]
DNS.chrootbind="N"
# Q: Would you like to deactivate the Apache web server? [Y]
Apache.apacheoff="N"
# Q: Would you like to bind the web server to listen only to the localhost? [N]
Apache.bindapachelocal="N"
# Q: Would you like to bind the web server to a particular interface? [N]
Apache.bindapachenic="N"
# Q: Would you like to deactivate the following of symbolic links? [Y]
Apache.symlink="N"
# Q: Would you like to deactivate server-side includes? [Y]
Apache.ssi="N"
# Q: Would you like to disable CGI scripts, at least for now? [Y]
Apache.cgi="N"
# Q: Would you like to disable indexes? [N]
Apache.apacheindex="N"
# Q: Would you like to disable printing? [N]
Printing.printing="N"
# Q: Would you like to install TMPDIR/TMP scripts? [N]
TMPDIR.tmpdir="N"
# Q: Would you like to run the packet filtering script? [N]
Firewall.ip_intro="Y"
# Q:
Firewall.ip_detail_level_kludge="Y"
# Q: Do you need the advanced networking options?
Firewall.ip_advnetwork="Y"
# Q: DNS servers: [0.0.0.0/0]
Firewall.ip_s_dns="0.0.0.0/0"
# Q: Trusted interface names: [lo]
Firewall.ip_s_trustiface="lo"
# Q: Public interfaces: [eth+ ppp+ slip+]
Firewall.ip_s_publiciface="eth+ ppp+ slip+"
# Q: Internal interfaces: [ ]
Firewall.ip_s_internaliface="eth0"
# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
Firewall.ip_s_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
# Q: UDP services to audit: [31337]
Firewall.ip_s_udpaudit="31337"
# Q: TCP service names or port numbers to allow on public interfaces:[ ]
Firewall.ip_s_publictcp="21 22 80"
# Q: TCP service names or port numbers to allow on private interfaces: [ ]
Firewall.ip_s_internaltcp="21 22 23 80 5801 5901"
# Q: UDP service names or port numbers to allow on private interfaces: [ ]
Firewall.ip_s_internaludp="21 22 23 80 "
# Q: Force passive mode? [N]
Firewall.ip_s_passiveftp="N"
# Q: TCP services to block: [2049 2065:2090 6000:6020 7100]
Firewall.ip_s_tcpblock="2049 2065:2090 6000:6020 7100"
# Q: UDP services to block: [2049 6770]
Firewall.ip_s_udpblock="2049 6770"
# Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded]
Firewall.ip_s_icmpallowed="destination-unreachable echo-reply time-exceeded"
# Q: Enable source address verification? [Y]
Firewall.ip_s_srcaddr="Y"
# Q: Masqueraded networks: [ ]
Firewall.ip_s_ipmasq="192.168.0.0/255.255.255.0"
# Q: Kernel modules to masquerade: [ftp raudio vdolive]
Firewall.ip_s_kernelmasq="ftp"
# Q: Reject method: [DENY]
Firewall.ip_s_rejectmethod="DENY"
# Q: ICMP types to disallow outbound: [destination-unreachable time-exceeded]
Firewall.ip_s_icmpout="destination-unreachable time-exceeded"
# Q: Should Bastille run the firewall and enable it at boot time? [N]
Firewall.ip_enable_firewall="Y"
# Q: Would you like to disable SUID status for mount/umount?
FilePermissions.suidmount="N"
# Q: Would you like to disable SUID status for ping? [Y]
FilePermissions.suidping="N"
# Q: Would you like to disable SUID status for at? [Y]
FilePermissions.suidat="Y"
# Q: Would you like to disable SUID status for usernetctl? [Y]
FilePermissions.suidusernetctl="N"
# Q: Would you like to disable SUID status for traceroute? [Y]
FilePermissions.suidtrace="N"
# Q: Would you like to enforce password aging? [Y]
AccountSecurity.passwdage="N"
# Q: Would you like to restrict the use of cron to administrative accounts? [Y]
AccountSecurity.cronuser="Y"
# Q: Should we allow root to login on tty's 1-6? [Y]
AccountSecurity.rootttylogins="Y"
# Q: Would you like to password-protect the LILO prompt? [N]
BootSecurity.protectlilo="N"
# Q: Would you like to reduce the LILO delay time to zero? [N]
BootSecurity.lilodelay="N"
# Q: Do you ever boot Linux from the hard drive? [Y]
BootSecurity.lilosub_drive="Y"
# Q: Would you like to write the LILO changes to a boot floppy? [N]
BootSecurity.lilosub_floppy="N"
# Q: Would you like to disable CTRL-ALT-DELETE rebooting? [N]
BootSecurity.secureinittab="N"
# Q: Would you like to password protect single-user mode? [Y]
BootSecurity.passsum="N"
# Q: Would you like to set a default-deny on TCP Wrappers and xinetd? [N]
SecureInetd.tcpd_default_deny="N"
# Q: May we deactivate telnet? [y]
SecureInetd.deactivate_telnet="N"
# Q: May we deactivate ftp? [y]
SecureInetd.deactivate_ftp="N"
# Q: Would you like to disable the compiler? [N]
DisableUserTools.compiler="N"
# Q: Would you like to put limits on system resource usage? [Y]
ConfigureMiscPAM.limitsconf="N"
# Q: Should we restrict console access to a small group of user accounts? [N]
ConfigureMiscPAM.consolelogin="N"
# Q: Would you like to add additional logging? [Y]
Logging.morelogging="Y"
# Q: Do you have a remote logging host? [N]
Logging.remotelog="N"
# Q: Would you like to set up process accounting? [N]
Logging.pacct="N"
# Q: Would you like to disable GPM? [Y]
MiscellaneousDaemons.gpm="N"
# Q: Would you like to deactivate the routing daemons? [Y]
MiscellaneousDaemons.routing="N"
# Q: Would you like to chroot named and set it to run as a non-root user? [N]
DNS.chrootbind="N"
# Q: Would you like to deactivate the Apache web server? [Y]
Apache.apacheoff="N"
# Q: Would you like to bind the web server to listen only to the localhost? [N]
Apache.bindapachelocal="N"
# Q: Would you like to bind the web server to a particular interface? [N]
Apache.bindapachenic="N"
# Q: Would you like to deactivate the following of symbolic links? [Y]
Apache.symlink="N"
# Q: Would you like to deactivate server-side includes? [Y]
Apache.ssi="N"
# Q: Would you like to disable CGI scripts, at least for now? [Y]
Apache.cgi="N"
# Q: Would you like to disable indexes? [N]
Apache.apacheindex="N"
# Q: Would you like to disable printing? [N]
Printing.printing="N"
# Q: Would you like to install TMPDIR/TMP scripts? [N]
TMPDIR.tmpdir="N"
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
