Re: [expert] Just checking to see if I'm still subscribed (second try)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 engage wrote on Tue, Nov 26, 2002 at 08:12:19PM -0700 : It seems that my hosts.deny file keeps getting modified with ALL:ALL You selected security level of standard and msec is enforcing the permissions that go along with that. You can edit files in /usr/share/msec and make it stop doing that. Blue skies... Todd - -- ...and I will strike down upon thee with great vengeance and furious anger, those who attempt to poison and destroy my binaries, and you will know my name is root, when I lay my vengeance upon thee. Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-0.4mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE95RUxlp7v05cW2woRAnLJAJ97QK+pNMvtZgnLABxm253yf3F2ZwCgr7zh 2bpTPOJPzk597T32ss/66S0= =mMKy -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Just checking to see if I'm still subscribed (second try)
That was my problem. I simply executed msec 3 from the CLI and that resolved this issue. But, it was my understanding from the installation instructions that msec 4 was a good choice if you are going to run servers. I didn't expect it to prevent access to the servers! What good is having that security level if no clients can access the servers? I'm glad I didn't try level 5! On Wednesday 27 November 2002 11:55 am, you wrote: engage wrote on Tue, Nov 26, 2002 at 08:12:19PM -0700 : It seems that my hosts.deny file keeps getting modified with ALL:ALL You selected security level of standard and msec is enforcing the permissions that go along with that. You can edit files in /usr/share/msec and make it stop doing that. Blue skies... Todd Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Just checking to see if I'm still subscribed (second try)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 engage wrote on Wed, Nov 27, 2002 at 12:26:44PM -0700 : That was my problem. I simply executed msec 3 from the CLI and that resolved this issue. But, it was my understanding from the installation instructions that msec 4 was a good choice if you are going to run servers. I didn't expect it to prevent access to the servers! What good is having that security level if no clients can access the servers? I'm glad I didn't try level 5! Because you are are supposed to specifically allow which services you want people to connect to in the hosts.deny file. I suggest that you read up on tcp wrappers. The system reads in hosts.deny, but allows you to override that with hosts.allow. hosts.deny ALL:ALL hosts.allow httpd:ALL sshd:192.168.1. Then the only two services that people can connect to are httpd and sshd. You allow anyone to connect to httpd, but only people on the local lan to connect to sshd. 'man hosts_access' for more information. Instead of 192.168.1., I could have also done 192.168.1.0/255.255.255.0. Blue skies... Todd - -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-0.4mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE95STXlp7v05cW2woRAnRTAKCXb1EO9eAKvPYoEZOkRXXYlQIodwCfa/04 c5SwL5mKcLbxZbIUZtgvMKo= =jfA6 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Just checking to see if I'm still subscribed (second try)
On Wednesday 27 November 2002 01:02 pm, you wrote: engage wrote on Wed, Nov 27, 2002 at 12:26:44PM -0700 : That was my problem. I simply executed msec 3 from the CLI and that resolved this issue. But, it was my understanding from the installation instructions that msec 4 was a good choice if you are going to run servers. I didn't expect it to prevent access to the servers! What good is having that security level if no clients can access the servers? I'm glad I didn't try level 5! Because you are are supposed to specifically allow which services you want people to connect to in the hosts.deny file. I suggest that you read up on tcp wrappers. The system reads in hosts.deny, but allows you to override that with hosts.allow. hosts.deny ALL:ALL hosts.allow httpd:ALL sshd:192.168.1. Then the only two services that people can connect to are httpd and sshd. You allow anyone to connect to httpd, but only people on the local lan to connect to sshd. 'man hosts_access' for more information. Instead of 192.168.1., I could have also done 192.168.1.0/255.255.255.0. Blue skies... Todd I tried that, it didn't work - even after a network restart and then I tried a reboot - hosts.allow still didn't overide hosts.deny. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Just checking to see if I'm still subscribed (second try)
It seems that my hosts.deny file keeps getting modified with ALL:ALL Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Just checking to see if I'm still subscribed (second try)
engage wrote: It seems that my hosts.deny file keeps getting modified with ALL:ALL Take a look at your msec program, and/or any kind of firewall application you are running, such as Bastille. Look at your crontab for any programs that are running, such as msec. drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
