Re: [Cooker] msec/security was Shutdown

[Sergio Korlowsky]

David Walluck wrote:

 Axalon Bloodstone wrote:

  cooker - air = not supported
  oxygen - air = insane
  air - air = even more insane

 What is this about? I think I'm using Air, but the oxygen
 mandrake-release RPM was never updated.

  during the first few it was every hour, then 6hrs, I'm not sure off hand
  if it depends on the level in the one shipped with 7.0 if it doesn't it's
  set for 24hrs. Do you have both crond anacron installed :/

 I do have them bothh installed, I had them both running, then I switched
 to anacron only, because I'm not sure if they are conflicting and
 causing jobs to run more than they should.

   No, I meant your first guess. msec doesn't do any firewall things, but
   it would be great if it did in a future version. I have been looking for
   a firewall setup tool that is easy to use. If I do it by hand I always
   end up blocking too much.
 
  still planed (yeah yeah, i know I'm a "lazy sob"), I'll do some digging
  and seee if i can avoid starting from scratch, again.. (I also tend to
  loose things ;)

 There is a tool called "Lokkit: Firewall Configuration For The Rest Of
 Us" by Alan Cox which is not meant to "configure arbitary firewalls",
 but "to make it simple to understand it is solely designed to handle
 typical dialup user and cable
 modem setups." This is a newt/slang based tool, (isn't there a
 gnome-newt or gtk-newt frontend?), and the description sounds good, but
 I get some errors running it, and it doesn't allow some services that I
 need.

 --
 Sincerely,

 David Walluck
 [EMAIL PROTECTED]

David.. where can I get it?
I would like to try it out also...  TIA

Sergio

Re: [Cooker] msec/security was Shutdown

[Olivier Poulet]

Sergio Korlowsky writes:
  David Walluck wrote:
   There is a tool called "Lokkit: Firewall Configuration For The Rest Of
   Us" by Alan Cox which is not meant to "configure arbitary firewalls",
   but "to make it simple to understand it is solely designed to handle
   typical dialup user and cable
   modem setups." This is a newt/slang based tool, (isn't there a
   gnome-newt or gtk-newt frontend?), and the description sounds good, but
   I get some errors running it, and it doesn't allow some services that I
   need.
 ...
  David.. where can I get it?

http://roadrunner.swansea.linux.org.uk/lokkit.html

Cheers.
-- 
Olivier Poulet

Re: [Cooker] msec/security was Shutdown

[Phil]

Hi,

  I've used the Firewall Design Tool for several firewalls which received
excellent results from portscans.

  It's a set of webpages which uses questions and answers to construct a
firewall script tailored to your network.

http://www.linux-firewall-tools.com/linux/firewall/


-- 
Phil Lavigna
[EMAIL PROTECTED]

Re: [Cooker] msec/security was Shutdown

[Sergio Korlowsky]

Phil wrote:

 Hi,

   I've used the Firewall Design Tool for several firewalls which received
 excellent results from portscans.

   It's a set of webpages which uses questions and answers to construct a
 firewall script tailored to your network.

 http://www.linux-firewall-tools.com/linux/firewall/

 --
 Phil Lavigna
 [EMAIL PROTECTED]

Its a nice script-tool I had used in the past
it has one shotcomming... It assumes you have
one or two eth cards, and no ppp dialup
connection, that can be fixed easily, But
the ppp option should be 'considered' in his
java script.

I am on a dedicated line, connected full time to the net,  via ppp
just have another pc running a dual boot pc, most used OS linux
even for my kids (a 14 year and almost 18 girls!) ;-)  and love it!

I have been using gfcc to customize the pre-configured
ppp-masquerade.rule to reflect my system  addressing

I would like to try out the Sinus Proyect firewall, but actually
is available in tar only... and is Not easy to install and set up.
just hoping a soul dares to take it and make an rpm.
not judge me wrong, I like tar file and compile my own, but
have had no success with Sinus.  ;-(

I run a web server, not sensitive information... but is always nice
to be protected, and keep pests and would be hackers of your sys
they are just annoying not really much to loose regarding informationn.

I used port-sentry long time ago, I like to run nmap and other tools to
test my system, just to be informed of weaknesses... ;-)  if ANY!

Sergio

Re: [Cooker] msec/security was Shutdown

[Sergio Korlowsky]

Sergio Korlowsky wrote:

 Phil wrote:

  Hi,
 
I've used the Firewall Design Tool for several firewalls which received
  excellent results from portscans.
 
It's a set of webpages which uses questions and answers to construct a
  firewall script tailored to your network.
 
  http://www.linux-firewall-tools.com/linux/firewall/
 
  --
  Phil Lavigna
  [EMAIL PROTECTED]

 Its a nice script-tool I had used in the past
 it has one shotcomming... It assumes you have
 one or two eth cards, and no ppp dialup
 connection, that can be fixed easily, But
 the ppp option should be 'considered' in his
 java script.

 I am on a dedicated line, connected full time to the net,  via ppp
 just have another pc running a dual boot pc, most used OS linux
 even for my kids (a 14 year and almost 18 girls!) ;-)  and love it!

 I have been using gfcc to customize the pre-configured
 ppp-masquerade.rule to reflect my system  addressing

 I would like to try out the Sinus Proyect firewall, but actually
 is available in tar only... and is Not easy to install and set up.
 just hoping a soul dares to take it and make an rpm.
 not judge me wrong, I like tar file and compile my own, but
 have had no success with Sinus.  ;-(

 I run a web server, not sensitive information... but is always nice
 to be protected, and keep pests and would be hackers of your sys
 they are just annoying not really much to loose regarding informationn.

 I used port-sentry long time ago, I like to run nmap and other tools to
 test my system, just to be informed of weaknesses... ;-)  if ANY!

 Sergio

Oops... Sorry, it does support ppp now!great!

Sergio

[cooker] Re: [Cooker] msec/security was Shutdown

[David Walluck]

Phil wrote:
 
 Hi,
 
   I've used the Firewall Design Tool for several firewalls which received
 excellent results from portscans.
 
   It's a set of webpages which uses questions and answers to construct a
 firewall script tailored to your network.
 
 http://www.linux-firewall-tools.com/linux/firewall/
 
 --
 Phil Lavigna
 [EMAIL PROTECTED]


OK, what is /etc/rc.d/init.d/firewall? The script should go in
/etc/ppp/ip-up.local for ppp, since we can't run the script until the
device has been brought up, and bring up a ppp device on boot isnt very
good :/

-- 
Sincerely,

David Walluck
[EMAIL PROTECTED]

Re: [cooker] Re: [Cooker] msec/security was Shutdown

[Phil]

Hi,

I've used the Firewall Design Tool for several firewalls which received
  excellent results from portscans.
  
It's a set of webpages which uses questions and answers to construct a
  firewall script tailored to your network.
  
  http://www.linux-firewall-tools.com/linux/firewall/

 OK, what is /etc/rc.d/init.d/firewall? The script should go in
 /etc/ppp/ip-up.local for ppp, since we can't run the script until the
 device has been brought up, and bring up a ppp device on boot isnt very
 good :/

I've never used it for a dialup modem but for an ADSL connection.

The script I use is /etc/rc.d/rc.firewall and it is called at the end of 
/etc/rc.d/rc.local.



-- 
Phil Lavigna
[EMAIL PROTECTED]

Re: [Cooker] msec/security was Shutdown

[Axalon Bloodstone]

On Sun, 16 Jan 2000, David Walluck wrote:

 WH Bouterse wrote:
  
  David! You said,
  
  It's because of msec I believe.. may have been the SysVinit
  package too.
  find is searching for modified files which could indicate
  files with
  a trojan in them... personally i hate it, which is why i do
  custom...
  
   I was interested in your comment about
  'find' and 'custom'.
  I assume you mean the /etc/security/msec/init-sh/custom.sh?
 
 I meant "/etc/security/msec/init.sh custom", which runs the custom.sh.
 If you choose a security leael from the GUI tool, that will undo your
 custom settings, but if you set it, and run custom afterwards, you will
 have your custom settings.

cooker - air = not supported
oxygen - air = insane
air - air = even more insane

In other words quit doing that ;) but on to the more serious,

Pixel, how _does_ it handle the SECURE_LEVEL currently?
 
 As for the find, those are the "Do you want me to check for xxx files?"
 questions, which you have to answer no to if you don't want those checks
 to run constantly. Does anacron and crond conflict or can I have both
 running? I don't know.. all I notice is that these finds seem to run way
 to often (more than once a day). 

during the first few it was every hour, then 6hrs, I'm not sure off hand
if it depends on the level in the one shipped with 7.0 if it doesn't it's
set for 24hrs. Do you have both crond anacron installed :/

  Or in fact do you mean by 'custom' a custom firewall/ipchains/tripwire
  kind of setup?
  I have been running a Tripwire rpm successfully with 6.1 which
  installed flawlessly and worked right from thestart but have not
  tried it with 7.0 until more "kinks" get worked out on my 7.0 system.
  
  So to any MandrakeSoft folks who might read this;
  Does msec make something like Tripwire redundant?

no it doesn't, you can never be to secure. also keep an eye out for
prelude too ;)
 
 No, I meant your first guess. msec doesn't do any firewall things, but
 it would be great if it did in a future version. I have been looking for
 a firewall setup tool that is easy to use. If I do it by hand I always
 end up blocking too much.

still planed (yeah yeah, i know I'm a "lazy sob"), I'll do some digging
and seee if i can avoid starting from scratch, again.. (I also tend to
loose things ;)

  Thanks to All
  
  William Bouterse
  Juneau Alaska
 
 

-- 
MandrakeSoft  http://www.mandrakesoft.com/
--Axalon

Re: [Cooker] msec/security was Shutdown

[Vandoorselaere Yoann]

Axalon Bloodstone [EMAIL PROTECTED] writes:


 In other words quit doing that ;) but on to the more serious,
 
 Pixel, how _does_ it handle the SECURE_LEVEL currently?

I think it use the exported SECURE_LEVEL variable.


 during the first few it was every hour, then 6hrs, I'm not sure off hand
 if it depends on the level in the one shipped with 7.0 if it doesn't it's
 set for 24hrs. Do you have both crond anacron installed :/

the find operation are all day midnight,
( note that find is reniced in order to not lag your system. )

 
   Or in fact do you mean by 'custom' a custom firewall/ipchains/tripwire
   kind of setup?
   I have been running a Tripwire rpm successfully with 6.1 which
   installed flawlessly and worked right from thestart but have not
   tried it with 7.0 until more "kinks" get worked out on my 7.0 system.
   
   So to any MandrakeSoft folks who might read this;
   Does msec make something like Tripwire redundant?
 
 no it doesn't, you can never be to secure. also keep an eye out for
 prelude too ;)

Not ready again,
but it'll come :-)



-- 
   -- Yoann,  http://www.security-addict.org
 It is well known that M$ products don't call free() after a malloc().
 The Unix community wish them good luck for their future developments.

Re: [Cooker] msec/security was Shutdown

[David Walluck]

Axalon Bloodstone wrote:

 cooker - air = not supported
 oxygen - air = insane
 air - air = even more insane

What is this about? I think I'm using Air, but the oxygen
mandrake-release RPM was never updated.

 during the first few it was every hour, then 6hrs, I'm not sure off hand
 if it depends on the level in the one shipped with 7.0 if it doesn't it's
 set for 24hrs. Do you have both crond anacron installed :/

I do have them bothh installed, I had them both running, then I switched
to anacron only, because I'm not sure if they are conflicting and
causing jobs to run more than they should.

  No, I meant your first guess. msec doesn't do any firewall things, but
  it would be great if it did in a future version. I have been looking for
  a firewall setup tool that is easy to use. If I do it by hand I always
  end up blocking too much.
 
 still planed (yeah yeah, i know I'm a "lazy sob"), I'll do some digging
 and seee if i can avoid starting from scratch, again.. (I also tend to
 loose things ;)

There is a tool called "Lokkit: Firewall Configuration For The Rest Of
Us" by Alan Cox which is not meant to "configure arbitary firewalls",
but "to make it simple to understand it is solely designed to handle
typical dialup user and cable
modem setups." This is a newt/slang based tool, (isn't there a
gnome-newt or gtk-newt frontend?), and the description sounds good, but
I get some errors running it, and it doesn't allow some services that I
need.

--
Sincerely,

David Walluck
[EMAIL PROTECTED]

[Cooker] msec/security was Shutdown

[WH Bouterse]

David! You said,

It's because of msec I believe.. may have been the SysVinit
package too.
find is searching for modified files which could indicate
files with
a trojan in them... personally i hate it, which is why i do
custom...

 I was interested in your comment about 
'find' and 'custom'. 
I assume you mean the /etc/security/msec/init-sh/custom.sh?

I ran this but I also tried the DrakConf button security-level thingy
and had assumed the 'custom.sh' would cancel it out?
So to partially answer my own question, then 'find' is a result of
one of the security choices either in 'custom.sh' or the the other 
'msec' GUI chooser button program.

Or in fact do you mean by 'custom' a custom firewall/ipchains/tripwire
kind of setup?
I have been running a Tripwire rpm successfully with 6.1 which
installed flawlessly and worked right from thestart but have not
tried it with 7.0 until more "kinks" get worked out on my 7.0 system.

So to any MandrakeSoft folks who might read this;
Does msec make something like Tripwire redundant?

Thanks to All

William Bouterse
Juneau Alaska

Re: [Cooker] msec/security was Shutdown

[David Walluck]

WH Bouterse wrote:
 
 David! You said,
 
 It's because of msec I believe.. may have been the SysVinit
 package too.
 find is searching for modified files which could indicate
 files with
 a trojan in them... personally i hate it, which is why i do
 custom...
 
  I was interested in your comment about
 'find' and 'custom'.
 I assume you mean the /etc/security/msec/init-sh/custom.sh?

I meant "/etc/security/msec/init.sh custom", which runs the custom.sh.
If you choose a security leael from the GUI tool, that will undo your
custom settings, but if you set it, and run custom afterwards, you will
have your custom settings.

As for the find, those are the "Do you want me to check for xxx files?"
questions, which you have to answer no to if you don't want those checks
to run constantly. Does anacron and crond conflict or can I have both
running? I don't know.. all I notice is that these finds seem to run way
to often (more than once a day). 

 Or in fact do you mean by 'custom' a custom firewall/ipchains/tripwire
 kind of setup?
 I have been running a Tripwire rpm successfully with 6.1 which
 installed flawlessly and worked right from thestart but have not
 tried it with 7.0 until more "kinks" get worked out on my 7.0 system.
 
 So to any MandrakeSoft folks who might read this;
 Does msec make something like Tripwire redundant?

No, I meant your first guess. msec doesn't do any firewall things, but
it would be great if it did in a future version. I have been looking for
a firewall setup tool that is easy to use. If I do it by hand I always
end up blocking too much.

 
 Thanks to All
 
 William Bouterse
 Juneau Alaska

-- 
Sincerely,

David Walluck
[EMAIL PROTECTED]