Re: [expert] Sendmail in Mandrake 9.0
On Sun, 2002-11-03 at 09:11, . wrote: I could use some help with msec. I found in the documentation how you can use the /etc/security/msec/perm.local file to allow for modifying permissions of a file. My problem is with modifying a file. I've got a firewall running at security level 3. I want to modify some files like /etc/syslogd.conf and /etc/issue{.net}; However, msec keeps undoing my changes. Any help would be greately appreciated. I've got the same problem I think. It appears to me that msec and shorewall for instance, work against each other. I think the idea behind msec is good, but somehow I think it's default configuration is a little overboard. Rod. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Sendmail in Mandrake 9.0
On Sun, 2002-11-03 at 11:55, Jack Coates wrote: On Sun, 2002-11-03 at 07:18, Rod Giffin wrote: On Sun, 2002-11-03 at 09:11, . wrote: I could use some help with msec. I found in the documentation how you can use the /etc/security/msec/perm.local file to allow for modifying permissions of a file. My problem is with modifying a file. I've got a firewall running at security level 3. I want to modify some files like /etc/syslogd.conf and /etc/issue{.net}; However, msec keeps undoing my changes. Any help would be greately appreciated. I've got the same problem I think. It appears to me that msec and shorewall for instance, work against each other. I think the idea behind msec is good, but somehow I think it's default configuration is a little overboard. Rod. Haven't had any problems here -- what are you seeing? I'm now sure that I should not have included Shorewall in the statement above. It is working as advertised. It's msec I'm having the biggest problem with. Just for example, during the install process (and afterwords in the configuration center) I told the system I wanted higher security - the instructions say that this is sufficient security for a server connected to the internet. Apparantly you can't believe everything you read, because that setting causes the line: ALL:ALL EXCEPT 127.0.0.1:DENY to be added to hosts.deny. That is inappropriate for a server that might say, be used as a dns/e-mail server. I havn't found out where to change this yet, and any change I do in that file are commented out by crond's msec scripts every hour. Short of removing the msec's scripts from crond, which is also self defeating, I'm at a loss. There is a bit of documentation on msec on www.mandrakesecure.net, but the fix for my problem isn't exactly jumping off of the page at me. At the moment, the only solution I can see is changing the security level from 4 back to 2 and hope Shorewall drops any unwanted traffic on the floor. At least it will allow my remote users to retrieve their e-mail, and my dns will work. One other issue I had was with the Postfix install, but I've installed drakwizard on a test system here and see that the wizard provides the proper postfix configuration files. I don't actually have the time anymore to figure out what it adds, so I'm going to have to drive to my system (20 miles away) and install and run the wizard manually rather than by webmin or ssh. Very disappointing. I use Mandrake specifically because it has been easy to administer remotely. Rod. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Sendmail in Mandrake 9.0
On Sun, 2002-11-03 at 14:06, Jack Coates wrote: On Sun, 2002-11-03 at 09:57, Rod Giffin wrote: You can make permanent detailed changes to its behavior by editing the /usr/share/msec/perm.[level] files. Some high-level stuff can be changed in /etc/sysconfig/msec, but the perm files are where you really customize behaviour (for instance if you want a shared GID-writable directory under /home you'll need to change the policy file). Thanks Jack. I've been poking around those directories a little. So far I havn't found what changes the to the defaults will give me the options I want in security level 4. I'm thinking of going to security level 2, and hardening the system by hand. I'm looking for someplace that I can make a change for a more acceptable hosts.deny file. One other issue I had was with the Postfix install, but I've installed drakwizard on a test system here and see that the wizard provides the proper postfix configuration files. I don't actually have the time anymore to figure out what it adds, so I'm going to have to drive to my system (20 miles away) and install and run the wizard manually rather than by webmin or ssh. Very disappointing. I use Mandrake specifically because it has been easy to administer remotely. Rod. huh? I've never used the wizard for postfix, so I can't say what it does I've never used it before either. This is the first time, and I only did it because Postfix wasn't working right out of the box. It's strange. Postfix now appears accessible, but there are still silly issues like I can't add aliases properly. Failed to save alias : Failed to regenerate table /etc/postfix/aliases: 13. This is from a brand spanking new pristine install I just did not 30 minutes ago. Rod. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com