On Sunday 03 November 2002 18:59, Matthew Saltzman wrote:
> Date: Sun, 3 Nov 2002 16:55:25 -0500 (EST)
> From: Matthew Saltzman <mjs@ces.clemson.edu>
> To: <psyche-list@redhat.com>
> Subject: Re: security level not changing
> Reply-To: psyche-list@redhat.com
>
> On Sun, 3 Nov 2002, w wrote:
> > On Sunday 03 November 2002 14:02, Matthew Saltzman wrote:
> > > On Sun, 3 Nov 2002, w wrote:
> > > > I can't get the security level to change when using
> > > > redhat-config-securitylevel .. it just stays at 'High" all the
> > > > time. I don't think it's actually high though, because I can use
> > > > real player through the web, and the manual says that it should
> > > > not work on 'High' security. I have iptables installed, but not
> > > > ipchains, and when I check services, iptable is running. I also
> > > > tried entering '/sbin/service iptables restart' after trying to
> > > > make a config change, but when I called up the config, it was
> > > > still sitting on 'High'. Any suggestions as to how I might get
> > > > this working as intended?
> > >
> > > redhat-config-securitylevel is a front end for lokkit. lokkit is a
> > > write-only app--it does not initialize itself to your current
> > > configuration, it always starts the same way. So it's not a very
> > > good way to see what your current config is.
> > >
> > > Use "/etc/service iptables status" to see the current iptables
> > > configuration. The configuration is stored in
> > > /etc/sysconfig/iptables.
> >
> > This is very curious .. I don't have a file /etc/sysconfig/iptables,
> > and when I enter /etc/service iptables status, nothing appears. 'rpm
> > -qa|grep lokkit' shows: lokkit-0.50-18 ... I don't have gnome-lokkit
> > installed. I wonder what's going on here? What should I do to
> > restore it to working order (perhaps reload iptables, lokkit ..
> > anything else?).
>
> First, sorry for my typo. It should be "/sbin/service iptables
> status". If that isn't the problem, continue.
>
> Let's get the obvious out of the way first:
>
> Make sure that iptables is set to start at boot ("/sbin/chkconfig
> --list iptables") and turn it on if it is not ("/sbin/chkconfig
> iptables on"). Make sure it is actually running ("/sbin/service
> iptables start"). Run redhat-config-securitylevel or lokkit all the way
> through. Then check again.
Thanks for the help.
That works .. at least now when I enter 'no firewall', I get:
[root /root]$ service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
and when I set firewall at 'High', I get:
[root /root]$ cat /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 198.6.1.60 --sport 53 -d 0/0 -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 198.6.1.70 --sport 53 -d 0/0 -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
but, either way, I still don't have the sysconfig/iptables file:
[root /root]$ cat /etc/sysconfig/iptables
cat: /etc/sysconfig/iptables: No such file or directory
Is this still a problem?
I also notice that the security window always says 'High' regardless of
current status .. but that's ok now that I know it's not supposed to be
an indicator.
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
