Re: [expert] Sendmail in Mandrake 9.0
On Sun, 2002-11-03 at 09:11, . wrote:
I could use some help with msec. I found in the documentation how
you can use the /etc/security/msec/perm.local file to allow for
modifying permissions of a file. My problem is with modifying a file.
I've got a firewall running at security level 3. I want to modify
some
files like /etc/syslogd.conf and /etc/issue{.net}; However, msec
keeps
undoing my changes.
Any help would be greately appreciated.
I've got the same problem I think. It appears to me that msec and
shorewall for instance, work against each other. I think the idea
behind msec is good, but somehow I think it's default configuration is a
little overboard.
Rod.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Sendmail in Mandrake 9.0
On Sun, 2002-11-03 at 11:55, Jack Coates wrote:
On Sun, 2002-11-03 at 07:18, Rod Giffin wrote:
On Sun, 2002-11-03 at 09:11, . wrote:
I could use some help with msec. I found in the documentation how
you can use the /etc/security/msec/perm.local file to allow for
modifying permissions of a file. My problem is with modifying a file.
I've got a firewall running at security level 3. I want to modify
some
files like /etc/syslogd.conf and /etc/issue{.net}; However, msec
keeps
undoing my changes.
Any help would be greately appreciated.
I've got the same problem I think. It appears to me that msec and
shorewall for instance, work against each other. I think the idea
behind msec is good, but somehow I think it's default configuration is a
little overboard.
Rod.
Haven't had any problems here -- what are you seeing?
I'm now sure that I should not have included Shorewall in the statement
above. It is working as advertised. It's msec I'm having the biggest
problem with.
Just for example, during the install process (and afterwords in the
configuration center) I told the system I wanted higher security - the
instructions say that this is sufficient security for a server connected
to the internet. Apparantly you can't believe everything you read,
because that setting causes the line: ALL:ALL EXCEPT 127.0.0.1:DENY
to be added to hosts.deny. That is inappropriate for a server that
might say, be used as a dns/e-mail server. I havn't found out where to
change this yet, and any change I do in that file are commented out by
crond's msec scripts every hour.
Short of removing the msec's scripts from crond, which is also self
defeating, I'm at a loss. There is a bit of documentation on msec on
www.mandrakesecure.net, but the fix for my problem isn't exactly jumping
off of the page at me. At the moment, the only solution I can see is
changing the security level from 4 back to 2 and hope Shorewall drops
any unwanted traffic on the floor. At least it will allow my remote
users to retrieve their e-mail, and my dns will work.
One other issue I had was with the Postfix install, but I've installed
drakwizard on a test system here and see that the wizard provides the
proper postfix configuration files. I don't actually have the time
anymore to figure out what it adds, so I'm going to have to drive to my
system (20 miles away) and install and run the wizard manually rather
than by webmin or ssh. Very disappointing. I use Mandrake specifically
because it has been easy to administer remotely.
Rod.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Sendmail in Mandrake 9.0
On Sun, 2002-11-03 at 14:06, Jack Coates wrote: On Sun, 2002-11-03 at 09:57, Rod Giffin wrote: You can make permanent detailed changes to its behavior by editing the /usr/share/msec/perm.[level] files. Some high-level stuff can be changed in /etc/sysconfig/msec, but the perm files are where you really customize behaviour (for instance if you want a shared GID-writable directory under /home you'll need to change the policy file). Thanks Jack. I've been poking around those directories a little. So far I havn't found what changes the to the defaults will give me the options I want in security level 4. I'm thinking of going to security level 2, and hardening the system by hand. I'm looking for someplace that I can make a change for a more acceptable hosts.deny file. One other issue I had was with the Postfix install, but I've installed drakwizard on a test system here and see that the wizard provides the proper postfix configuration files. I don't actually have the time anymore to figure out what it adds, so I'm going to have to drive to my system (20 miles away) and install and run the wizard manually rather than by webmin or ssh. Very disappointing. I use Mandrake specifically because it has been easy to administer remotely. Rod. huh? I've never used the wizard for postfix, so I can't say what it does I've never used it before either. This is the first time, and I only did it because Postfix wasn't working right out of the box. It's strange. Postfix now appears accessible, but there are still silly issues like I can't add aliases properly. Failed to save alias : Failed to regenerate table /etc/postfix/aliases: 13. This is from a brand spanking new pristine install I just did not 30 minutes ago. Rod. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
