August 2003 - openSUSE Security - openSUSE Mailing Lists

Suse Firewall
by Neal Haas 24 Aug '03

24 Aug '03

I was getting hacked from three IP's so I turned on suse firewall. I set the configurations as th screen said. But know I cannot access the web pages, not ssh in (sometimes yes, sometimes NO) Ftp is the same way!!! What other ways can I configure the firewall? You do select the items that you want to turn on right? Neal Haas Information Services Technical Analyst Fresno Pacific University 559-453-2254 Fax 559-252-8847

2 1

[suse-security] YOU wont work since some days
by dag Danczul Georg 23 Aug '03

23 Aug '03

Hi! Well, I have also a problem with YOU. It does the "init FTP/HTTP Update" and then I get a TIMEOUT from ftp.leo.org (Err .... use another SuSE Server) How can I use another server? Is it a known Problem? THX georg

4 3

Re: [suse-security] Is SuseFirewall2 available on 7.3?
by CHColmenares＠netscape.net 22 Aug '03

22 Aug '03

Vaclav, Andreas, Thank you very much for your help on this. I'll play with it this weekend. Carlos "Vaclav Brunnhofer" <vbru(a)entu.cas.cz> wrote: >> > I'm currently running version 7.3 Personal on my laptop, using the >> > basic firewall. I was wondering if the SuseFirewall2 is available >> > with my current version. I've been looking in the Suse website and >> > in google and haven't seen anything (yet). > >ftp://ftp.suse.com/pub/suse/i386/7.3/suse/sec1/SuSEfirewall2.rpm > >Works O.K. > >S pozdravem > >Vaclav Brunnhofer > >=============================================================== >| Entomologicky ustav e-mail: vbru(a)entu.cas.cz | >| Akademie Ved Ceske Republiky tel.: 038 7775251 | >| Branisovska 31 fax: 038 5310354 | >| 370 05 Ceske Budejovice mobil: +420 606 632822 | >============================================================== > > >-- >Check the headers for your unsubscription address >For additional commands, e-mail: suse-security-help(a)suse.com >Security-related bug reports go to security(a)suse.de, not here > > __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

1 0

How To Block Kazaa with SuSEFirewall2 in 8.2 ?
by Oxiel Contreras 22 Aug '03

22 Aug '03

Hello. That's it!!, don't know where to look. By default SuSEfirewall its letting every traffic from inside to outside, but i need to block: kazza, imesh and similars, because my clients are sucking all the bandwith downloading mp3, videos, etc. eth0 -> internal lan 192.168.2.2 eth1 -> external lan 192.168.1.2 in /etc/sysconfig/SuSEfirewall, only changed these, everything else is as default. FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.2.0/24" FW_SERVICES_INT_TCP="ssh" FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/scripts/SuSEfirewall2-custom, modified/added these, everything else is as default. fw_custom_after_antispoofing() { for target in LOG DROP; do for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do iptables -A $chain -j $target -p tcp --dport 31337 iptables -A $chain -j $target -p udp --dport 31337 iptables -A $chain -j $target -p tcp --dport 12345:12346 iptables -A $chain -j $target -p udp --dport 12345:12346 iptables -A $chain -j $target -p tcp --sport 2932 # incp iptables -A $chain -j $target -p udp --sport 2932 # incp iptables -A $chain -j $target -p tcp --sport 1081:1082 # pvuniwien:amt-esd-prot iptables -A $chain -j $target -p udp --sport 1081:1082 #pvuniwien:amt-esd-prot done done true } tcpdump showed me that kazaa used 2932, 1081 and 1082 ports to establish connection with kazaa internet servers. Please give me an advice, a direction where to look or even better the solution. Best regards. Oxiel

5 5

Squid 2.5.STABLE1 with User Authentication
by Junge, Stefan 22 Aug '03

22 Aug '03

Hello, I have installed SuSE 8.2 with 2.5.STABLE1. I would like to authenticate my users with PAM. The configuration since squid 2.4 has hanged. I followed the notes in /etc/squid.conf and I tried to use the "auth_param" directive # TAG: auth_param # This is used to pass parameters to the various authentication # schemes. # format: auth_param scheme parameter [setting] # # auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd # would tell the basic authentication scheme it's program parameter. # # The order that authentication prompts are presented to the client_agent # is dependant on the order the scheme first appears in config file. # IE has a bug (it's not rfc 2617 compliant) in that it will use the basic # scheme if basic is the first entry presented, even if more secure schemes # are presented. For now use the order in the file below. If other browsers # have difficulties (don't recognise the schemes offered even if you are using # basic) then either put basic first, or disable the other schemes (by commenting # out their program entry). # # Once an authentication scheme is fully configured, it can only be shutdown # by shutting squid down and restarting. Changes can be made on the fly and # activated with a reconfigure. I.E. You can change to a different helper, # but not unconfigure the helper completely. # # === Parameters for the basic scheme follow. === # # "program" cmdline # Specify the command for the external authenticator. Such a # program reads a line containing "username password" and replies # "OK" or "ERR" in an endless loop. If you use an authenticator, # make sure you have 1 acl of type proxy_auth. By default, the # basic authentication sheme is not used unless a program is specified. # # If you want to use the traditional proxy authentication, # jump over to the ../auth_modules/NCSA directory and # type: # % make # % make install # # Then, set this line to something like # # auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd I have used the following entries: auth_param basic program /usr/sbin/pam_auth and appropriate acl`s. (Because pam_auth worked properly with squid 2.4 and I could not find the directory auth_modules) This does not work ! I have searched for the "auth_modules" directory .... but where is it ? I can not find the directory to do the "traditional proxy authentication..." What about the files /etc/pam.d/squid and /usr/sbin/pam_auth ? Are they no longer used ? I have used this with squid 2.4. What to do now ? CU Stefan

1 0

SuSEfirewall2 and personal-firewall
by joe.knall＠gmx.net 21 Aug '03

21 Aug '03

Hi all, my firewall-setup with ipsec etc didn't work though I knew the configuration worked with the previous installation... the error was the line REJECT_ALL_INCOMING_CONNECTIONS="ippp0 isdn0 ippp1" in /etc/sysconfig/personal-firewall I never edited this file, probably yast set it there due to "activate firewall" in isdn-setup. May this help somebody googeling for susefirewall, ipsec, klips Could someone add this hint to the docu? Thanks, Joe

1 0

YOU wont work since I set-up SuSEfirewall2 ?
by Philip B Cook 21 Aug '03

21 Aug '03

I set up SuSEfirewall2 on my linux box, which is used as a router / firewall for my small home network. It runs a DHCP server, SuSEfirewall2, Squid. All the browsers on the local network (including the linux box) use squid as their http proxy. I have not set up an ftp proxy (unless this is a default installation option and I have missed it). Are there any settings I need to watch out for regarding FTP in order to carry out an on-line update using YOU. It may be a co-incidence but since setting up the firewall YOU keeps timing out. It spends some time getting a list of mirror FTP sites to use (10 minutes) but then times out after 20-30 minutes trying to fetch the list of patches available. How can I figure out what is going wrong ? Oh I have SuSE Linux 8.2 Professional. Would appreciate any advice that can be offered. Thanks .. Philip

2 2

(no subject)
by unknown＠example.com 21 Aug '03

21 Aug '03

3 2

RE: [suse-security] Blocking Kazaa and other P2P communication tools.
by Knut Erik Hauslo 21 Aug '03

21 Aug '03

Use a sniffer and watch which ports are being used. I cannot tell you which ports, because the corporate firewall that I manage is not SuSEs Firewall2, but I have only defined which ports to accept outbound (SMTP, HTTP(S), etc) and Kazaa does not work here. Not very useful maybe, but talking with users to have them stop using Kazaa is i think more complicated. -KEH -----Original Message----- From: Johannes Bretscher [mailto:bretscher@5sl.org] Sent: Tuesday, August 19, 2003 3:11 PM To: Josef.Fuchs(a)leykam.com Cc: suse-security(a)suse.com Subject: Re: [suse-security] Blocking Kazaa and other P2P communication tools. On Tue, Aug 19, 2003 at 02:57:34PM +0200, Josef.Fuchs(a)leykam.com wrote: > Hi, Security List Subscribers. > > Can somebody tell me if it?s possible to block all Kazaa communication > at my SuSE Firewall-Box? Talk to the users of this program. Trying to block Kazaa, Emule and similar programs technically you will always be a step behind them. > thanks in advance > > Josef Fuchs HTH Johannes -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, Historical Review of Pennsylvania, 1759. -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help(a)suse.com Security-related bug reports go to security(a)suse.de, not here

5 5

FW_MASQ_NETS
by Paul Elliott 20 Aug '03

20 Aug '03

I need to know if I have setup FW_MASQ_NETS correctly. I want computers on my internal net 192.168.86.* to be able to access my ISP's 2 dns servers 199.170.88.29 199.170.88.10. I want people on these computers to run browsers and be identified by auth/identd. Is this correct? lines broken by \ for legibility but I do not know if it is legal in the firewall script. (left out there) FW_MASQ_NETS="192.168.86.0/24,199.170.88.29/32,tcp,domain \ 192.168.86.0/24,199.170.88.29/32,udp,domain \ 192.168.86.0/24,199.170.88.10/32,tcp,domain \ 192.168.86.0/24,199.170.88.10/32,udp,domain \ 192.168.86.0/24,0/0,tcp,ident \ 192.168.86.0/24,0/0,tcp,www" Thnak you. -- Paul Elliott 1(512)837-1096 pelliott(a)io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117

1 0