initiate personal firewall and apply config files
3 items; how does one go about initiating the personal-firewall the first time for suse8.0? Yast2 will start configuration for suseFirewall2 but there isn't any source help for initiating the personal firewall. calling it from /sbin does nothing. Second, I need to configure certain /etc files, for instance I want only certain local users in access.conf. When I make the changes the system doesn't recognize that the files have been changed. Likewise I tried setting su to group wheel for admin only and chmod to 4750 so only wheel can use it, and on reboot it allows everyone to attempt login again, it reset itself. thanks, Susan
** Reply to message from Susan Buczak <sbuczak2@comcast.net> on Sat, 28 Sep 2002 21:35:22 -0400 **how does one go about initiating the personal-firewall the first time **for suse8.0? IIRC it's in the network configuration stuff on yast2 yep! just peeked at it .. it's in hte dsl configuration ... go figure . I think it was in the setup for the dialup too , it's a checkbox activate firewall hope that is somewhat useful info for ya... it should give you a place to start looking anyway <G> -- j afterthought No amount of careful planning will ever replace dumb luck.
On Sat, Sep 28, 2002 at 09:35:22PM -0400, Susan Buczak wrote:
how does one go about initiating the personal-firewall the first time for suse8.0? Yast2 will start configuration for suseFirewall2 but there isn't any source help for initiating the personal firewall. calling it from /sbin does nothing.
From /etc/sysconfig/SuSEfirewall2:
"# Should the Firewall be started? # # This setting is done via the links in the /etc/init.d/rc?.d runlevel # directories, which can be tweaked with a runlevel editor (or manually)" otto@fubar:~> locate fire | grep init.d /etc/init.d/personal-firewall.final /etc/init.d/personal-firewall.initial /etc/init.d/rc2.d/K02personal-firewall.final /etc/init.d/rc2.d/K23personal-firewall.initial /etc/init.d/rc2.d/S01personal-firewall.initial /etc/init.d/rc2.d/S22personal-firewall.final /etc/init.d/rc3.d/K02personal-firewall.final /etc/init.d/rc3.d/K23personal-firewall.initial /etc/init.d/rc3.d/S01personal-firewall.initial /etc/init.d/rc3.d/S22personal-firewall.final /etc/init.d/rc5.d/K02personal-firewall.final /etc/init.d/rc5.d/K23personal-firewall.initial /etc/init.d/rc5.d/S01personal-firewall.initial /etc/init.d/rc5.d/S22personal-firewall.final /etc/init.d/SuSEfirewall2_final /etc/init.d/SuSEfirewall2_init /etc/init.d/SuSEfirewall2_setup Looks like you should take a lookt at /etc/init.d/SuSEfirewall2_init, /etc/init.d/SuSEfirewall2_setup and possibly /etc/init.d/SuSEfirewall2_final.
Second, I need to configure certain /etc files, for instance I want only certain local users in access.conf. When I make the changes the system doesn't recognize that the files have been changed.
Strange, it works for me, I can just uncomment the following line and only peeps in group wheel can login on the console: -:ALL EXCEPT wheel shutdown sync:console Does this work for you? Do you see anything in your log files?
Likewise I tried setting su to group wheel for admin only and chmod to 4750 so only wheel can use it, and on reboot it allows everyone to attempt login again, it reset itself.
There are 2 (and probably more ways) how to achieve only wheel from being able to use su. You already tried the first the second is to add the following line to /etc/pam.d/su: auth required /lib/security/pam_wheel.so group=wheel Does this work for you? Maybe someone more familliar with Suse could explain why chgrp-ing /bin/su to wheel, and then chmod-ing it 4750 does not work for you.. On a side note: sudo enables you a much finer control over who is able to do what on your systems. Next to finer control it also features a better logging system. Best regards, -- Otto
On Mon, Sep 30, 2002 at 12:05:24PM -0700, Otto Jongerius wrote:
There are 2 (and probably more ways) how to achieve only wheel from being able to use su. You already tried the first the second is to add the following line to /etc/pam.d/su: auth required /lib/security/pam_wheel.so group=wheel Does this work for you? Maybe someone more familliar with Suse could explain why chgrp-ing /bin/su to wheel, and then chmod-ing it 4750 does not work for you..
just guessing: some cronjob? SuSEConfig? sorry, no 8.x box handy. but: SuSE has the concept of /etc/permissons{,.easy,.secure,.paranoid,.local} files, so try and list your desired local settings in /etc/permissions.local, do a chkstat -set /etc/permissions.local and grep in suses config files for CHECK_PERMISSIONS PERMISSION_SECURITY or the like (thus named where the variables in /etc/rc.config prior to 8.0) to make it persistent. cheers, Lars-Gunnar
On Thu, Oct 03, 2002 at 06:22:50AM +0200, Lars Ellenberg wrote:
SuSE has the concept of /etc/permissons{,.easy,.secure,.paranoid,.local} files, so try and list your desired local settings in /etc/permissions.local, do a chkstat -set /etc/permissions.local and grep in suses config files for CHECK_PERMISSIONS PERMISSION_SECURITY or the like (thus named where the variables in /etc/rc.config prior to 8.0) to make it persistent.
Right, that should be the way to do it. Permissions are fixed according to /etc/permissons* at every reboot. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (5)
-
jfweber@eternal.net -
Lars Ellenberg -
Olaf Kirch -
Otto Jongerius -
Susan Buczak