Just installed, or re-installed 8.1 personal. i was hacked so i thought i'd reinstall it.Not sure how i thought I started the firewall, but I saw six allowed's when I logged out But what happened to the firewall log? I checked log connections and attempts or whatever the choices were, in YAST2, but no /var/log/firewall, have they moved it on me? What is the command to see if the firewall is actually running? In 8.0 there was a way for KDE to automatically add new programs to the SuSE menu, but i can't find it in control center. i added apt, and synaptic but it didn't show up in the menu. i can add it manually but I'm not sure of the correct syntax, and # synaptic as root didn't work. I've gotten lazy with the gui. Also when i went to run YOU to upgrade the nvidia kernels It claimed that I had the latest version but i don't, any ideas. other than i did something wrong. franklin
nebbish@sprynet.com wrote:
Just installed, or re-installed 8.1 personal. i was hacked so i thought i'd reinstall it.Not sure how i thought I started the firewall, but I saw six allowed's when I logged out
Six allowed what? What led you to deduce you'd been cracked?
But what happened to the firewall log? I checked log connections and attempts or whatever the choices were, in YAST2, but no /var/log/firewall, have they moved it on me?
Assuming the syslogd daemon is running, firewall messages should be logged into /var/log/firewall. Check /etc/syslog.conf if they're not. In any case you can find the lot in /var/log/messages
What is the command to see if the firewall is actually running?
rcSuSEfirewall2 status //Anders
On Sun, 13 Oct 2002 03:37:33 +0200
Anders Johansson
Assuming the syslogd daemon is running, firewall messages should be logged into /var/log/firewall. Check /etc/syslog.conf if they're not. In any case you can find the lot in /var/log/messages
Look for firewall messages in /var/log/warn in 8.1 -- use Perl; #powerful programmable prestidigitation
On Sat, 2002-10-12 at 21:37, Anders Johansson wrote:
nebbish@sprynet.com wrote:
Just installed, or re-installed 8.1 personal. i was hacked so i thought i'd reinstall it.Not sure how i thought I started the firewall, but I saw six allowed's when I logged out
Six allowed what? What led you to deduce you'd been cracked?
sorry I shouldn't write when i'm tired, I thought the years of college would have trained me to express my thoughts clearly even though they're muddled due to lack of sleep. In the xconsole after I logged out I saw SuSE-FW-Accept or allow access, repeated six times, instead of the SuSE-FW-deny that I am used to seeing.I don't remember the exact phrase, or the ports they were testing. Not sure if they were able to accomplish anything, but just to be safe i reinstalled. it was probably just a kiddie scanning my isp's ip addresses. After reinstallng I went to check the firewall log, but it wasn't there, the log itself, not just any entries.
Assuming the syslogd daemon is running, firewall messages should be logged into /var/log/firewall. Check /etc/syslog.conf if they're not. In any case you can find the lot in /var/log/messages
There is no firewall in /var/log, it's not in syslog.conf, or there is no entry for it, so that explains why it's missing. I've read the man page but I have no clue what to add to the syslog.conf file, there isn't even a commented firewall portion. Do you know what I should enter to get the log back? I can $ cat /var/log/messages|grep SuSE-FW>>/home/framau/documents/firewall but i'd rather just be able to look at the log. Although it might be a good exercise to add this to cron, or make a cron job for it.
What is the command to see if the firewall is actually running?
rcSuSEfirewall2 status
it is running, thanks. In 8.0 i used to see the SuSE-FW-Deny-default messages, in xconsole, so i knew it was working. Without these messages i wasn't so sure, but now i know it is running, and know how to check it.. How do I brign back the xconsole? it has never started in 8.1. I remember it was in a kdm script but don't know where to look. i have to start taking notes! First entry rcSuSEfirewall2 status. Franklin
nebbish@sprynet.com wrote:
On Sat, 2002-10-12 at 21:37, Anders Johansson wrote:
nebbish@sprynet.com wrote:
Just installed, or re-installed 8.1 personal. i was hacked so i thought i'd reinstall it.Not sure how i thought I started the firewall, but I saw six allowed's when I logged out
Six allowed what? What led you to deduce you'd been cracked?
sorry I shouldn't write when i'm tired, I thought the years of college would have trained me to express my thoughts clearly even though they're muddled due to lack of sleep.
In the xconsole after I logged out I saw SuSE-FW-Accept or allow access, repeated six times, instead of the SuSE-FW-deny that I am used to seeing.I don't remember the exact phrase, or the ports they were testing. Not sure if they were able to accomplish anything, but just to be safe i reinstalled.
Wow, and I thought I was paranoid :)
There is no firewall in /var/log, it's not in syslog.conf, or there is no entry for it, so that explains why it's missing. I've read the man page but I have no clue what to add to the syslog.conf file, there isn't even a commented firewall portion. Do you know what I should enter to get the log back?
the entry in syslog.conf for 8.0 was kern.* -/var/log/firewall Anders
participants (3)
-
Anders Johansson
-
Franklin Maurer
-
zentara