Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: initiate personal firewall and apply config files
  • From: Otto Jongerius <otto@xxxxxxxxx>
  • Date: Mon, 30 Sep 2002 12:05:24 -0700
  • Message-id: <20020930190524.GF29034@xxxxxxxxxxxxxxx>
On Sat, Sep 28, 2002 at 09:35:22PM -0400, Susan Buczak wrote:
> how does one go about initiating the personal-firewall the first time
> for suse8.0? Yast2 will start configuration for suseFirewall2 but there
> isn't any source help for initiating the personal firewall. calling it
> from /sbin does nothing.

>From /etc/sysconfig/SuSEfirewall2:

"# Should the Firewall be started?
#
# This setting is done via the links in the /etc/init.d/rc?.d runlevel
# directories, which can be tweaked with a runlevel editor (or manually)"

otto@fubar:~> locate fire | grep init.d
/etc/init.d/personal-firewall.final
/etc/init.d/personal-firewall.initial
/etc/init.d/rc2.d/K02personal-firewall.final
/etc/init.d/rc2.d/K23personal-firewall.initial
/etc/init.d/rc2.d/S01personal-firewall.initial
/etc/init.d/rc2.d/S22personal-firewall.final
/etc/init.d/rc3.d/K02personal-firewall.final
/etc/init.d/rc3.d/K23personal-firewall.initial
/etc/init.d/rc3.d/S01personal-firewall.initial
/etc/init.d/rc3.d/S22personal-firewall.final
/etc/init.d/rc5.d/K02personal-firewall.final
/etc/init.d/rc5.d/K23personal-firewall.initial
/etc/init.d/rc5.d/S01personal-firewall.initial
/etc/init.d/rc5.d/S22personal-firewall.final
/etc/init.d/SuSEfirewall2_final
/etc/init.d/SuSEfirewall2_init
/etc/init.d/SuSEfirewall2_setup

Looks like you should take a lookt at /etc/init.d/SuSEfirewall2_init,
/etc/init.d/SuSEfirewall2_setup and possibly /etc/init.d/SuSEfirewall2_final.

> Second, I need to configure certain /etc files, for instance I want only
> certain local users in access.conf. When I make the changes the system
> doesn't recognize that the files have been changed.

Strange, it works for me, I can just uncomment the following line and
only peeps in group wheel can login on the console:
-:ALL EXCEPT wheel shutdown sync:console

Does this work for you? Do you see anything in your log files?

> Likewise I tried setting su to group wheel for admin only and chmod to
> 4750 so only wheel can use it, and on reboot it allows everyone to
> attempt login again, it reset itself.

There are 2 (and probably more ways) how to achieve only wheel from being
able to use su. You already tried the first the second is to add the
following line to /etc/pam.d/su:
auth required /lib/security/pam_wheel.so group=wheel
Does this work for you? Maybe someone more familliar with Suse could explain
why chgrp-ing /bin/su to wheel, and then chmod-ing it 4750 does not work
for you..

On a side note: sudo enables you a much finer control over who is able to
do what on your systems. Next to finer control it also features a better
logging system.

Best regards,

--
Otto

< Previous Next >
References