Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: AW: [suse-security] Loading firewall script on boot time
  • From: Andy Bennett <andy@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 30 Jul 2003 17:55:03 +0100
  • Message-id: <200307301755.03937.andy@xxxxxxxxxxxxxxxxxxxxx>
Whilst I accept that it is a requirement of a secure system that the person
configuring it understands how it works I hope that you're not seriously
suggesting that a greater level of security is achieved by having to recreate
every single aspect of a secure system rather than using some of the tools,
where appropriate, that are readily available?

That isn't true, is it.

How secure would Knut have been if he hadn't realised that his firewal script
wasn't loading when his machine started up?

Having said that the exercise has been worthwhile in that he has gained a
greater understanding of his system.

The only thing I would add is that he needs to run an external scan of his
system to make sure it's as closed as he thinks.

Andy

On Wednesday 30 July 2003 16:28, lars wrote:
> exactly that is what I prefer ... yast is fine for the beginning, but as
> soon as you have learned enough about the system, it makes you feeling ill
> ;-)
>
> hilsen & greetings
>
> lars
>
> > Hi,
> >
> > No problem...
> >
> > Regarding the point in question, though, can I just enquire why Knut is
> > 'cooking his own' script rather than using the SuSEfirewall and
> > custom-script route. It's pretty flexible and you don't need to worry
> > about how to start/stop them.
> >
> > Andy
> >
> > On Wednesday 30 July 2003 13:17, Maxim Cherniavsky wrote:
> >> Andy Bennett wrote:
> >>> Hi,
> >>>
> >>> Isn't this what the yast runlevel editor does for you??
> >>
> >> Linux makes people lazy :)
> >>
> >> Linux boot system is like classical System V, which consist of
> >> directrories rc1.d, rc2.d ... (run levels)
> >> where you have scripts which begins with "Snn" (statrup script) and
> >> "Knn" (kill script)
> >> In case of firewall i think the good way to start it after the network
> >> is up /etc/init.d/rc3.d/S05network start
> >>
> >> P.S. I did not mean to offend anybody in any way :)
> >>
> >>> Andy
> >>>
> >>> On Wednesday 30 July 2003 11:14, Ulrich Roth wrote:
> >>>> Hi, Knut Erik,
> >>>>
> >>>>> Why is my fwscript not loaded at boot time? When i do these steps
> >>>>> manually, it will work.
> >>>>
> >>>> You should put your script into /etc/rc.d. Then you have to
> >>>> create a symbolic link in /etc/rc.d/rcX.d which points to your script.
> >>>> X is the number of your default runlevel. If you don't know your
> >>>> default runlevel, you can have a look at /etc/inittab. There it is
> >>>> defined. The name of the link should begin with S and a high number,
> >>>> e.g. S99, because it should be the last script to be executed.
> >>>> But take care if you install any additional packets afterwards.
> >>>> The system will compute the sequence of the startup scripts
> >>>> again, and your script will then start with S00. This is because
> >>>> some info in your script is missing which tells the system, namely
> >>>> the program insserv, which other scripts/services/daemons have
> >>>> to be started before. I haven't gone very deep into this subject yet.
> >>>> If the SuSE guys have additional info, I appreciate it.
> >>>> Bye
> >>>> Uli
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >