Whilst I accept that it is a requirement of a secure system that the person configuring it understands how it works I hope that you're not seriously suggesting that a greater level of security is achieved by having to recreate every single aspect of a secure system rather than using some of the tools, where appropriate, that are readily available? That isn't true, is it. How secure would Knut have been if he hadn't realised that his firewal script wasn't loading when his machine started up? Having said that the exercise has been worthwhile in that he has gained a greater understanding of his system. The only thing I would add is that he needs to run an external scan of his system to make sure it's as closed as he thinks. Andy On Wednesday 30 July 2003 16:28, lars wrote:
exactly that is what I prefer ... yast is fine for the beginning, but as soon as you have learned enough about the system, it makes you feeling ill ;-)
hilsen & greetings
lars
Hi,
No problem...
Regarding the point in question, though, can I just enquire why Knut is 'cooking his own' script rather than using the SuSEfirewall and custom-script route. It's pretty flexible and you don't need to worry about how to start/stop them.
Andy
On Wednesday 30 July 2003 13:17, Maxim Cherniavsky wrote:
Andy Bennett wrote:
Hi,
Isn't this what the yast runlevel editor does for you??
Linux makes people lazy :)
Linux boot system is like classical System V, which consist of directrories rc1.d, rc2.d ... (run levels) where you have scripts which begins with "Snn" (statrup script) and "Knn" (kill script) In case of firewall i think the good way to start it after the network is up /etc/init.d/rc3.d/S05network start
P.S. I did not mean to offend anybody in any way :)
Andy
On Wednesday 30 July 2003 11:14, Ulrich Roth wrote:
Hi, Knut Erik,
Why is my fwscript not loaded at boot time? When i do these steps manually, it will work.
You should put your script into /etc/rc.d. Then you have to create a symbolic link in /etc/rc.d/rcX.d which points to your script. X is the number of your default runlevel. If you don't know your default runlevel, you can have a look at /etc/inittab. There it is defined. The name of the link should begin with S and a high number, e.g. S99, because it should be the last script to be executed. But take care if you install any additional packets afterwards. The system will compute the sequence of the startup scripts again, and your script will then start with S00. This is because some info in your script is missing which tells the system, namely the program insserv, which other scripts/services/daemons have to be started before. I haven't gone very deep into this subject yet. If the SuSE guys have additional info, I appreciate it. Bye Uli
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here