Re: [newbie] mcc - security: options dun stick
On Wednesday 08 Oct 2003 5:03 am, stormjumper wrote: - Original Message - From: Derek Jennings [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 18:00 Subject: Re: [newbie] mcc - security: options dun stick On Tuesday 07 Oct 2003 6:05 am, Stormjumper wrote: referring to Derek's post on 27 Sep 2003, regarding exploits, i attempted to follow advice on putting an email address and clicking the check box for Security Alerts in Mandrake Control Center - Security - Basic however, the check box option reverts to unchecked (unticked) and the Security Administrator reverts to default the next time i enter the MCC - Security Panel. is there any reason for this, or any way to work around the non-registering settings? or can i enter the values manually in a config file somewhere instead? i looked inside /etc/security and /etc/security/msec, but couldn't identify the corresponding config file. can someone direct me as to what values to enter in which file? btw, i'm running 9.1. thanks I don't know why your settings are not sticking, but you can edit the /etc/security/msec/security.conf file directly insert the line MAIL_USER= Also to get mails about failed cron jobs edit /etc/crontab and insert MAILTO= Don't forget for the mails to be sent you need a mail server such as postfix to be running. If you do not have a mail server then install ssmtp RPM and edit the mailhub parameter in /etc/ssmtp/ssmtp.conf to send mails to your ISP thanks derek. i did as instructed, and inserted the MAIL_USER= line in /etc/security/msec/security.conf. now if i return to mcc, it shows the correct email address, but the check box for Security Alerts in Mandrake Control Center - Security - Basic is still unchecked. i believe i need another parameter to activate that option. strangely, security.conf is a totally empty file before i editted it. alternatively, can someone (preferably running at standard security level) attach a their security.conf file for reference? or direct me to a web resource that contains descriptions of wat parameters do what in security.conf? i've checked 'man msec', which directed me to /usr/share/doc/msec-???/security.txt, but that only provided a description of what the various security levels meant. thanks. Now I am getting confused too. My desktop computer has a mail address in security.conf , but I am not getting mails from it. Yet my server does *not* have a mail address defined in security.conf. Yet I *am* getting emails from msec !! Also in my server setting a mail address in mcc does not stick as you found. There is something I do not understand here, so I shall dig deeper. derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] mcc - security: options dun stick
I'll jump into the thread without having followed it, just to add confusion :-) My security.comf is empty, my level.local (same directory) reads: from mseclib import * enable_log_strange_packets(0) set_security_conf(MAIL_USER, [EMAIL PROTECTED]) I do get msec mails sent to the address above. I don't know what MCC shows, I did not use it to configure security, I edited level.local directly instead. Check man mseclib for details of level.local. raffaele [EMAIL PROTECTED] wrote: On Wednesday 08 Oct 2003 5:03 am, stormjumper wrote: Now I am getting confused too. My desktop computer has a mail address in security.conf , but I am not getting mails from it. Yet my server does *not* have a mail address defined in security.conf. Yet I *am* getting emails from msec !! Also in my server setting a mail address in mcc does not stick as you found. There is something I do not understand here, so I shall dig deeper. derek Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] mcc - security: options dun stick
On Wednesday 08 Oct 2003 5:03 am, stormjumper wrote: SNIP i did as instructed, and inserted the MAIL_USER= line in /etc/security/msec/security.conf. now if i return to mcc, it shows the correct email address, but the check box for Security Alerts in Mandrake Control Center - Security - Basic is still unchecked. i believe i need another parameter to activate that option. strangely, security.conf is a totally empty file before i editted it. alternatively, can someone (preferably running at standard security level) attach a their security.conf file for reference? or direct me to a web resource that contains descriptions of wat parameters do what in security.conf? i've checked 'man msec', which directed me to /usr/share/doc/msec-???/security.txt, but that only provided a description of what the various security levels meant. thanks. OK I think I have got to the bottom of how msec sends mails. The file /etc/security/msec/security.conf supports these parameters :- MAIL_WARN=yes [EMAIL PROTECTED] MAIL_EMPTY_CONTENT=no For reasons as yet unknown to me the draksec GUI fails to write these parameters to the file when you ask for mail alerts. But that is not the end of it. msec actually uses the configuration file /var/lib/msec/security.conf and the parameters in /etc/security/msec/security.conf have to get copied over to /var/lib/msec/security.conf So if you add those parameters to both files, then hopefully there will be an email sitting in your intray tomorrow. derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] mcc - security: options dun stick
On Wednesday 08 Oct 2003 10:47 am, Raffaele Belardi wrote: I'll jump into the thread without having followed it, just to add confusion :-) My security.comf is empty, my level.local (same directory) reads: from mseclib import * enable_log_strange_packets(0) set_security_conf(MAIL_USER, [EMAIL PROTECTED]) I do get msec mails sent to the address above. I don't know what MCC shows, I did not use it to configure security, I edited level.local directly instead. Check man mseclib for details of level.local. raffaele Yes I think you are correct that should work too. I have been looking a bit deeper. I do not think you need worry about /var/lib/msec/security.conf That seems to be where the defaults for your security level are stored. They can be overridden by /etc/security/msec/security.conf, or by level.local. There seems to be a bug in /etc/sbin/draksec which is stopping the MAIL_WARN and MAIL_USER parameters from being written to file. I have raised Bug 6103 to report it. If you want its visibility raised with the developers go to http://qa.mandrakesoft.com/show_bug.cgi?id=6103 and vote for it. derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] mcc - security: options dun stick
On Wednesday 08 Oct 2003 12:59 pm, Derek Jennings wrote: SNIP There seems to be a bug in /etc/sbin/draksec which is stopping the MAIL_WARN and MAIL_USER parameters from being written to file. I have raised Bug 6103 to report it. If you want its visibility raised with the developers go to http://qa.mandrakesoft.com/show_bug.cgi?id=6103 and vote for it. derek Golly I am impressed. 39 minutes after I posted bug 6103 tvignaud from mandrakesoft posted a patch to fix it. I have tested it and it works fine (for me). If anyone wants to try it, download the patch from http://qa.mandrakesoft.com/show_bug.cgi?id=6103 , save it as for example msec.patch. Make a backup of the old file just in case you screw it up cp /usr/lib/libDrakX/security/msec.pm /usr/lib/libDrakX/security/msec.pm.bak Then apply the patch patch /usr/lib/libDrakX/security/msec.pm msec.patch (Note: It cautions about the patch ending in the middle of a line) Works for me with drakxtools-9.2-16mdk I do not know about earlier versions. Nice to see the system works :-) derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] mcc - security: options dun stick
On Tuesday 07 Oct 2003 6:05 am, Stormjumper wrote: referring to Derek's post on 27 Sep 2003, regarding exploits, i attempted to follow advice on putting an email address and clicking the check box for Security Alerts in Mandrake Control Center - Security - Basic however, the check box option reverts to unchecked (unticked) and the Security Administrator reverts to default the next time i enter the MCC - Security Panel. is there any reason for this, or any way to work around the non-registering settings? or can i enter the values manually in a config file somewhere instead? i looked inside /etc/security and /etc/security/msec, but couldn't identify the corresponding config file. can someone direct me as to what values to enter in which file? btw, i'm running 9.1. thanks I don't know why your settings are not sticking, but you can edit the /etc/security/msec/security.conf file directly insert the line MAIL_USER= Also to get mails about failed cron jobs edit /etc/crontab and insert MAILTO= Don't forget for the mails to be sent you need a mail server such as postfix to be running. If you do not have a mail server then install ssmtp RPM and edit the mailhub parameter in /etc/ssmtp/ssmtp.conf to send mails to your ISP derek -- -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] mcc - security: options dun stick
- Original Message - From: Derek Jennings [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 18:00 Subject: Re: [newbie] mcc - security: options dun stick On Tuesday 07 Oct 2003 6:05 am, Stormjumper wrote: referring to Derek's post on 27 Sep 2003, regarding exploits, i attempted to follow advice on putting an email address and clicking the check box for Security Alerts in Mandrake Control Center - Security - Basic however, the check box option reverts to unchecked (unticked) and the Security Administrator reverts to default the next time i enter the MCC - Security Panel. is there any reason for this, or any way to work around the non-registering settings? or can i enter the values manually in a config file somewhere instead? i looked inside /etc/security and /etc/security/msec, but couldn't identify the corresponding config file. can someone direct me as to what values to enter in which file? btw, i'm running 9.1. thanks I don't know why your settings are not sticking, but you can edit the /etc/security/msec/security.conf file directly insert the line MAIL_USER= Also to get mails about failed cron jobs edit /etc/crontab and insert MAILTO= Don't forget for the mails to be sent you need a mail server such as postfix to be running. If you do not have a mail server then install ssmtp RPM and edit the mailhub parameter in /etc/ssmtp/ssmtp.conf to send mails to your ISP thanks derek. i did as instructed, and inserted the MAIL_USER= line in /etc/security/msec/security.conf. now if i return to mcc, it shows the correct email address, but the check box for Security Alerts in Mandrake Control Center - Security - Basic is still unchecked. i believe i need another parameter to activate that option. strangely, security.conf is a totally empty file before i editted it. alternatively, can someone (preferably running at standard security level) attach a their security.conf file for reference? or direct me to a web resource that contains descriptions of wat parameters do what in security.conf? i've checked 'man msec', which directed me to /usr/share/doc/msec-???/security.txt, but that only provided a description of what the various security levels meant. thanks. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] mcc - security: options dun stick
referring to Derek's post on 27 Sep 2003, regarding exploits, i attempted to follow advice on putting an email address and clicking the check box for Security Alerts in Mandrake Control Center - Security - Basic however, the check box option reverts to unchecked (unticked) and the Security Administrator reverts to default the next time i enter the MCC - Security Panel. is there any reason for this, or any way to work around the non-registering settings? or can i enter the values manually in a config file somewhere instead? i looked inside /etc/security and /etc/security/msec, but couldn't identify the corresponding config file. can someone direct me as to what values to enter in which file? btw, i'm running 9.1. thanks Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
