LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 12-16-2005, 03:32 PM   #16
upchucky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 16

k i removed firestarter, and did apt-get update, i now have to wait another 24 hours to access the sat modem, as the update exceded my allowed download threshold. will try to install guarddog tomorow, or the next day depending on how much is left to download of the updates, if it again exceeds the threshold, i will be locked out for another 24 hours.

will keep tryin thanks
 
Old 12-17-2005, 06:01 PM   #17
upchucky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 16
ok i did apt-get update, and updated 468mb of my sys, I then did apt-get install guarddog, and no guarddog, it did this,

root@Electric:/home/Electric# apt-get install guarddog
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
akregator amor ark arts artsbuilder atlantik cervisia cpp-4.0 cupsys
cupsys-bsd cupsys-client dbus-qt-1c2 eyesapplet fifteenapplet filelight
freefem3d g++-4.0 gambas-gb-qt gcc-4.0 gcc-4.0-base gnome-about
gnome-cups-manager gnome-desktop-data gnome-menus gnome-panel
gnome-panel-data gs-common gs-esp gwenview kaddressbook kalarm kalzium
kamera kandy kappfinder karbon karm kasteroids kate katomic kbabel
kbabel-dev kbackgammon kbattleship kblackbox kbounce kbruch kcalc
kcharselect kchart kcoloredit kcontrol kcron kdat kde-i18n-bg kde-i18n-ca
kde-i18n-cs kde-i18n-da kde-i18n-de kde-i18n-el kde-i18n-es kde-i18n-et
kde-i18n-fi kde-i18n-fr kde-i18n-he kde-i18n-hu kde-i18n-it kde-i18n-ja
kde-i18n-nl kde-i18n-pl kde-i18n-pt kde-i18n-ptbr kde-i18n-ru kde-i18n-sk
kde-i18n-sl kde-i18n-sr kde-i18n-sv kde-i18n-tr kde-i18n-zhcn
kdeadmin-kfile-plugins kdeartwork-style kdeartwork-theme-window kdebase-bin
kdebase-data kdebase-kio-plugins kdeedu-data kdegraphics-kfile-plugins
kdelibs kdelibs-bin kdelibs-data kdelibs4-dev kdelibs4c2
kdenetwork-kfile-plugins kdepasswd kdepim kdepim-kfile-plugins
kdepim-kio-plugins kdepim-kresources kdepim-wizards kdeprint kdesktop kdessh
kdf kdiff3 kdissert kdm kdvi keduca kenolaba kfax kfilereplace kfind kfloppy
kformula kfouleggs kgamma kget kghostview kgoldrunner khangman khelpcenter
khexedit kicker kiconedit kile kile-i18n kimagemapeditor kiosktool
kipi-plugins kitchensync kiten kivio kivio-data kjumpingcube klaptopdaemon
klatin kleopatra klettres klettres-data klickety klines klinkstatus klipper
kmahjongg kmail kmailcvt kmenuedit kmessedwords kmines kmix kmoon kmplot
kmrml knode knotes kodo koffice-data koffice-dev koffice-libs kolf
kolourpaint kommander kommander-dev kompare konqueror konqueror-nsplugins
konquest konsole konsolekalendar kontact konversation kooka kopete
korganizer korn koshell kpackage kpager kpat kpdf kpercentage kpersonalizer
kpf kphone kpilot kpoker kppp kpresenter krdc kreversi krfb kruler krusader
ksame kscreensaver kscreensaver-xsavers kshisen ksim ksirtet ksmiletris
ksmserver ksnake ksnapshot ksokoban kspaceduel ksplash kspread kstars
kstars-data ksvg ksync ksysguard ksysguardd ksysv kteatime ktimer ktip ktnef
ktouch ktron ktuberling kturtle ktux kugar kuickshow kuser kvdr kverbos
kview kviewshell kvoctrain kweather kwifimanager kwin kwin4 kword kwordquiz
kworldclock kxsldbg libarts1-dev libarts1c2 libartsc0 libartsc0-dev
libbluetooth1 libcupsimage2 libcupsys2 libcupsys2-dev libcvsservice0
libedit2 libgadu3 libgcrypt11 libgcrypt11-dev libglib2.0-0 libglib2.0-data
libglib2.0-dev libgnome-desktop-2 libgnome-menu0 libgnomecups1.0-1
libgnomecupsui1.0-1c2a libgnomeprint2.2-0 libgnomeprint2.2-data
libgnomevfs2-0 libgnomevfs2-common libgnutls12 libgphoto2-2 libgphoto2-port0
libgsf-1 libjack0.100.0-0 libjack0.100.0-dev libkcal2b libkdeedu1
libkdegames1 libkdepim1a libkexif1c2 libkgantt0 libkipi0c2 libkiten1
libkleopatra0a libkmime2 libkonq4 libkpimexchange1 libkpimidentities1
libkscan1 libksieve0 libktnef1 libmagick9 libmimelib1c2 libopenexr-dev
libopenexr2c2 libpanel-applet2-0 libparted1.6-13 libpng12-0 libpng12-dev
libqcad0 libqt3-compat-headers libqt3-headers libqt3-mt libqt3-mt-dev
libqt3-mt-psql libselinux1 libsensors3 libsnmp-base libsnmp9 libssl0.9.8
libstdc++6 libstdc++6-4.0-dev libwnck16 libwpd8c2 libwv2-1c2 libxau6
libxcomposite1 libxdamage1 libxdmcp6 libxfixes3 libxinerama-dev libxinerama1
libxkbfile1 libxml2 libxml2-dev libxslt1-dev libxslt1.1 libxxf86dga1
libxxf86misc1 libxxf86vm1 lisa lsb-base lskat nethack-common nethack-console
nethack-qt nethack-x11 networkstatus noteedit noteedit-data openssh-client
openssh-server pinentry-qt qca-tls qcad qps qt3-dev-tools qtparted quanta
quanta-data samba samba-common scribus secpolicy smbclient smbfs ssh tora
tuxeyes umbrello xfprint4 xlibs-static-dev xlibs-static-pic
Suggested packages:
rar atlantikdesigner gcc-4.0-locales cupsys-driver-gutenprint
cupsys-driver-gimpprint foomatic-filters-ppds xpdf-korean xpdf-japanese
xpdf-chinese-traditional xpdf-chinese-simplified cups-pdf hplip gtklp
cupsys-pt xpp doc-central gcc-4.0-doc lib64stdc++6 libc6-dev-amd64 lib64gcc1
amd64-libs-dev kttsd konq-speaker kde kdepim-doc-html egroupware latex-ucs
latex-beamer prosper openoffice.org kicker-applets gallery mjpegtools
spamassassin bogofilter annoyance-filter wordnet knewsticker
libsoap-lite-perl gpg kedit krename xxdiff unace unrar rng-tools
libgcrypt11-doc libglib2.0-doc gnutls-bin libparted1.6-dev libparted1.6-i18n
libqt3-mt-mysql libqt3-mt-odbc libqt3-i18n qt3-doc lm-sensors
linux-image-2.6 kernel-image-2.6 lm-sensors-mod-2.9.2 lm-sensors-mod-2.9.1
lm-sensors-mod-2.9 libstdc++6-4.0-doc ssh-askpass rssh pinentry-doc
partlibrary gubed samba-doc scribus-template scribus-doc xspecs
Recommended packages:
ncompress zoo libmudflap0-dev kregexpeditor kdemultimedia-kio-plugins dcraw
kdeprinter ttf-kochi-gothic ttf-kochi-mincho openoffice.org-mimelnk ocrad
akode gamin phpdoc wdg-html-reference docbook-defguide smbldap-tools
The following packages will be REMOVED:
dbus-qt-1 digikam digikamimageplugins isdn-config jackd k3b k3blibs kaffeine
kate-plugins kbear kcmlinuz kde-amusements kde-i18n-fa kde-i18n-zhtw
kdeaddons-kfile-plugins kdebluetooth kdeedu kdelibs4
kdemultimedia-kfile-plugins kdevelop3 kdevelop3-data kdevelop3-plugins kig
kmymoney2 konq-plugins kxconfig libarts1 libcupsys2-gnutls10
libgnomecupsui1.0-1 libjack0.80.0-dev libkcal2a libkdepim1 libkexif1
libkipi0 libmimelib1a libopenexr2 libqt3c102-mt libqt3c102-mt-psql
libtse3-0.2.7 libwv2-1 lyx lyx-common lyx-qt lyx-xforms rosegarden4 vimpart
The following NEW packages will be installed:
dbus-qt-1c2 gnome-menus guarddog kdelibs4c2 libarts1c2 libcupsys2 libedit2
libgnome-menu0 libgnomecupsui1.0-1c2a libgnutls12 libjack0.100.0-0
libjack0.100.0-dev libkcal2b libkdepim1a libkexif1c2 libkipi0c2 libkiten1
libkmime2 libmagick9 libmimelib1c2 libopenexr2c2 libparted1.6-13 libqt3-mt
libqt3-mt-psql libsnmp9 libssl0.9.8 libwnck16 libwpd8c2 libwv2-1c2 libxau6
libxcomposite1 libxdamage1 libxdmcp6 libxfixes3 libxinerama-dev libxinerama1
libxkbfile1 libxxf86dga1 libxxf86misc1 libxxf86vm1 openssh-client
openssh-server
The following held packages will be changed:
kdelibs4-dev libqt3-mt-dev
The following packages will be upgraded:
akregator amor ark arts artsbuilder atlantik cervisia cpp-4.0 cupsys
cupsys-bsd cupsys-client eyesapplet fifteenapplet filelight freefem3d
g++-4.0 gambas-gb-qt gcc-4.0 gcc-4.0-base gnome-about gnome-cups-manager
gnome-desktop-data gnome-panel gnome-panel-data gs-common gs-esp gwenview
kaddressbook kalarm kalzium kamera kandy kappfinder karbon karm kasteroids
kate katomic kbabel kbabel-dev kbackgammon kbattleship kblackbox kbounce
kbruch kcalc kcharselect kchart kcoloredit kcontrol kcron kdat kde-i18n-bg
kde-i18n-ca kde-i18n-cs kde-i18n-da kde-i18n-de kde-i18n-el kde-i18n-es
kde-i18n-et kde-i18n-fi kde-i18n-fr kde-i18n-he kde-i18n-hu kde-i18n-it
kde-i18n-ja kde-i18n-nl kde-i18n-pl kde-i18n-pt kde-i18n-ptbr kde-i18n-ru
kde-i18n-sk kde-i18n-sl kde-i18n-sr kde-i18n-sv kde-i18n-tr kde-i18n-zhcn
kdeadmin-kfile-plugins kdeartwork-style kdeartwork-theme-window kdebase-bin
kdebase-data kdebase-kio-plugins kdeedu-data kdegraphics-kfile-plugins
kdelibs kdelibs-bin kdelibs-data kdelibs4-dev kdenetwork-kfile-plugins
kdepasswd kdepim kdepim-kfile-plugins kdepim-kio-plugins kdepim-kresources
kdepim-wizards kdeprint kdesktop kdessh kdf kdiff3 kdissert kdm kdvi keduca
kenolaba kfax kfilereplace kfind kfloppy kformula kfouleggs kgamma kget
kghostview kgoldrunner khangman khelpcenter khexedit kicker kiconedit kile
kile-i18n kimagemapeditor kiosktool kipi-plugins kitchensync kiten kivio
kivio-data kjumpingcube klaptopdaemon klatin kleopatra klettres
klettres-data klickety klines klinkstatus klipper kmahjongg kmail kmailcvt
kmenuedit kmessedwords kmines kmix kmoon kmplot kmrml knode knotes kodo
koffice-data koffice-dev koffice-libs kolf kolourpaint kommander
kommander-dev kompare konqueror konqueror-nsplugins konquest konsole
konsolekalendar kontact konversation kooka kopete korganizer korn koshell
kpackage kpager kpat kpdf kpercentage kpersonalizer kpf kphone kpilot kpoker
kppp kpresenter krdc kreversi krfb kruler krusader ksame kscreensaver
kscreensaver-xsavers kshisen ksim ksirtet ksmiletris ksmserver ksnake
ksnapshot ksokoban kspaceduel ksplash kspread kstars kstars-data ksvg ksync
ksysguard ksysguardd ksysv kteatime ktimer ktip ktnef ktouch ktron
ktuberling kturtle ktux kugar kuickshow kuser kvdr kverbos kview kviewshell
kvoctrain kweather kwifimanager kwin kwin4 kword kwordquiz kworldclock
kxsldbg libarts1-dev libartsc0 libartsc0-dev libbluetooth1 libcupsimage2
libcupsys2-dev libcvsservice0 libgadu3 libgcrypt11 libgcrypt11-dev
libglib2.0-0 libglib2.0-data libglib2.0-dev libgnome-desktop-2
libgnomecups1.0-1 libgnomeprint2.2-0 libgnomeprint2.2-data libgnomevfs2-0
libgnomevfs2-common libgphoto2-2 libgphoto2-port0 libgsf-1 libkdeedu1
libkdegames1 libkgantt0 libkleopatra0a libkonq4 libkpimexchange1
libkpimidentities1 libkscan1 libksieve0 libktnef1 libopenexr-dev
libpanel-applet2-0 libpng12-0 libpng12-dev libqcad0 libqt3-compat-headers
libqt3-headers libqt3-mt-dev libselinux1 libsensors3 libsnmp-base libstdc++6
libstdc++6-4.0-dev libxml2 libxml2-dev libxslt1-dev libxslt1.1 lisa lsb-base
lskat nethack-common nethack-console nethack-qt nethack-x11 networkstatus
noteedit noteedit-data pinentry-qt qca-tls qcad qps qt3-dev-tools qtparted
quanta quanta-data samba samba-common scribus secpolicy smbclient smbfs ssh
tora tuxeyes umbrello xfprint4 xlibs-static-dev xlibs-static-pic
316 upgraded, 42 newly installed, 46 to remove and 1328 not upgraded.
Need to get 0B/444MB of archives.
After unpacking 45.0MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Preconfiguring packages ...
(Reading database ... 355792 files and directories currently installed.)
Removing kdebluetooth ...
dpkg-divert: mismatch on divert-to
when removing `diversion of /usr/bin/kdesktop_lock to /usr/bin/kdesktop_lock_nobt by kdebluetooth'
found `diversion of /usr/bin/kdesktop_lock to /usr/bin/kdesktop_lock.orig by kdelock-knoppix'
dpkg: error processing kdebluetooth (--remove):
subprocess post-removal script returned error exit status 2
Errors were encountered while processing:
kdebluetooth
E: Sub-process /usr/bin/dpkg returned an error code (1)


where is guarddog?, and why did it do all of the above when i asked for guarddog?
Thank again
 
Old 12-17-2005, 06:27 PM   #18
michapma
Member
 
Registered: Oct 2003
Location: Zürich
Distribution: Debian
Posts: 537

Rep: Reputation: 39
Keep in mind there is a difference between updating your system (apt-get update) and upgrading your system (apt-get upgrade). Updating involves checking the repositories listed in /etc/apt/sources.list, and upgrading involves getting the most recent versions of packages (including security updates). You can read about the differences here:
http://www.debian.org/doc/manuals/ap...pt-get.en.html
You should really read that whole document, but chapters 2, 3 and 5 are really very helpful.

Updating would not fetch 468 MB of files, but upgrade might. Guarddog is designed to run under KDE, and depends on some of its core libraries (see here). From previous posts, it seems that you already have KDE installed. What apparently happened is that, while checking the dependencies of the package guarddog, apt-get for some reason decided that much of KDE needs to be upgraded. I can't think of any reason why this would be, unless you have upgraded from a previous version of Debian without doing a dist-upgrade (like from Sarge to testing). I'm not so sure on this one.

Please show us the output of this:
cat /etc/apt/sources.list
(this will tell us what version of Debian you're running)

and then of this:
apt-cache policy guarddog
(this will tell us what version of guarddog apt-get wants)

Edit: also let's have a look at the output of one of the main KDE packages apt-get wants to update:
apt-cache policy kdebase-bin

That will get us a step closer.

Last edited by michapma; 12-17-2005 at 06:31 PM.
 
Old 12-17-2005, 09:24 PM   #19
upchucky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 16
ok, finally after some beard growing, i got the firestarter working on sys boot, and the configuration wizard works on entry of root password. but it is reported by www.grc.com as only protecting a few ports. what should i expect to see?

I would have expected to see all ports closed, and only opened upon demand by authorised user?

many thanks to all
 
Old 12-18-2005, 01:13 AM   #20
Dead Parrot
Senior Member
 
Registered: Mar 2004
Distribution: Debian GNU/kFreeBSD
Posts: 1,597

Rep: Reputation: 46
I'd suggest that you should first try different config options in firestarter. If that doesn't change the http://www.grc.com/ reports, then check if firestarter has a switch that disables it starting at boot-time. If so, then you can disable firestarter and install firehol to see if it does any better job in protecting your computer. Firehol is not a GUI program, so it shouldn't have too many dependencies. Also, if firehol isn't any better than firestarter, you can easily remove it. Just make sure that you don't have two programs trying to configure your firewall at the same time.

Firehol (and I'd expect the same applies to firestarter) doesn't run as a background process but it makes an init script that sets your firewall rules on every system boot. You can install an ncurses-based utility called sysvconfig and use it to make sure that there's only one firewall config program that sets your firewall on system boot.
 
Old 12-20-2005, 12:54 PM   #21
upchucky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 16
K here is my sources list, if there are better sources could u please list them for me, i rem'ed out the ones that say testing, unstable, and experimental, I am tryin to temporarily shut down firestarter to try firehol, but i cant find a way to disable it.

As a last ditch attempt i can uninstall firestarter, (for all the good it seems to be doing anyway) and install firehol.

I gave up on trying to get guarddog downloaded and installed.

I have changed many settings on the firestarter control and it makes no difference in the tests, is it possible that my system is not detected properly on boot? I do have some errors on boot, but they are for the alsa, and wrong hdd detection, i have been meaning to find the errors and remove the references to them.


root@Electric:/home/Electric# cat /etc/apt/sources.list
# /etc/apt/sources.list for Knoppix
# If you want to do a "full upgrade", you should first
# upgrade the Packages from Debian/unstable (KDE & Co.)
# before doing a (dist-)upgrade for Debian/testing.
#
# See sources.list(5) for more information, especialy
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.

# Security updates for "stable"
deb http://security.debian.org stable/updates main contrib non-free
deb http://security.debian.org testing/updates main contrib non-free

# Stable
deb http://ftp.de.debian.org/pub/debian stable main contrib non-free

# the non-US branch doesn't exist anymore since sarge. -KK
# deb http://ftp.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free

# Stable Sources
deb-src http://ftp.de.debian.org/pub/debian stable main contrib non-free
# deb-src http://ftp.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free

# Testing
# deb http://ftp.de.debian.org/pub/debian testing main contrib non-free
# deb http://ftp.de.debian.org/pub/debian-non-US testing/non-US main contrib non-free

# Testing Sources
# deb-src http://ftp.de.debian.org/pub/debian testing main contrib non-free
# deb-src http://ftp.de.debian.org/pub/debian-non-US testing/non-US main contrib non-free

# Unstable
# deb http://ftp.de.debian.org/debian unstable main contrib non-free
# deb http://ftp.de.debian.org/debian-non-US unstable/non-US main contrib non-free

# Unstable Sources
# deb-src http://ftp.de.debian.org/debian unstable main contrib non-free
# deb-src http://ftp.de.debian.org/debian-non-US unstable/non-US main contrib non-free

# Experimental
# deb http://ftp.de.debian.org/debian ../project/experimental main contrib non-free

# Experimental Sources
# deb-src http://ftp.de.debian.org/debian ../project/experimental main contrib non-free

# ndiswrapper source
#................deb http://ndiswrapper.sourceforge.net/debian ./

# KDE 3.4 (not in sarge)
# deb http://pkg-kde.alioth.debian.org/kde-3.4.1/ ./
# deb-src http://pkg-kde.alioth.debian.org/kde-3.4.1/ ./

# Unichrome graphics driver
# deb http://www.physik.fu-berlin.de/~glaweh/debian/ unichrome/
# deb-src http://www.physik.fu-berlin.de/~glaweh/debian/ unichrome/

# NX stuff
# deb http://www.kalyxo.org/debian/ experimental main
# deb http://www.kalyxo.org/debian/ unstable main

# ndiswrapper
# deb http://rigtorp.se/debian unstable/
# deb-src http://rigtorp.se/debian unstable/

# Blades Repository (pppoeconf & co)
# deb http://people.debian.org/~blade/testing ./
# deb-src http://people.debian.org/~blade/testing ./

# deb cdrom:[Debian GNU/Linux 2.2 r3 _Potato_ - Official i386 Binary-1 (20010427)]/ unstable contrib main non-US/contrib non-US/main

# Knoppix special packages resource at LinuxTag HQ
# deb http://developer.linuxtag.net/knoppix ./
# deb-src http://developer.linuxtag.net/knoppix ./

# deb http://snapshot.debian.net/archive pool gcc
# deb-src http://snapshot.debian.net/archive pool gcc

# From the Kanotix archives
#............deb http://kanotix.com/files/debian/ ./
#............deb-src http://kanotix.com/files/debian/ ./

# Packages from ubuntu. CAUTION, they don't mix well with Debian
# deb http://de.archive.ubuntu.com/ubuntu hoary main universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu hoary main universe multiverse

root@Electric:/home/Electric#
 
Old 12-20-2005, 12:55 PM   #22
upchucky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 113

Original Poster
Rep: Reputation: 16
K here is my sources list, if there are better sources could u please list them for me, i rem'ed out the ones that say testing, unstable, and experimental, I am tryin to temporarily shut down firestarter to try firehol, but i cant find a way to disable it.

As a last ditch attempt i can uninstall firestarter, (for all the good it seems to be doing anyway) and install firehol.

I gave up on trying to get guarddog downloaded and installed.

I have changed many settings on the firestarter control and it makes no difference in the tests, is it possible that my system is not detected properly on boot? I do have some errors on boot, but they are for the alsa, and wrong hdd detection, i have been meaning to find the errors and remove the references to them.


root@Electric:/home/Electric# cat /etc/apt/sources.list
# /etc/apt/sources.list for Knoppix
# If you want to do a "full upgrade", you should first
# upgrade the Packages from Debian/unstable (KDE & Co.)
# before doing a (dist-)upgrade for Debian/testing.
#
# See sources.list(5) for more information, especialy
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.

# Security updates for "stable"
deb http://security.debian.org stable/updates main contrib non-free
deb http://security.debian.org testing/updates main contrib non-free

# Stable
deb http://ftp.de.debian.org/pub/debian stable main contrib non-free

# the non-US branch doesn't exist anymore since sarge. -KK
# deb http://ftp.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free

# Stable Sources
deb-src http://ftp.de.debian.org/pub/debian stable main contrib non-free
# deb-src http://ftp.de.debian.org/pub/debian-non-US stable/non-US main contrib non-free

# Testing
# deb http://ftp.de.debian.org/pub/debian testing main contrib non-free
# deb http://ftp.de.debian.org/pub/debian-non-US testing/non-US main contrib non-free

# Testing Sources
# deb-src http://ftp.de.debian.org/pub/debian testing main contrib non-free
# deb-src http://ftp.de.debian.org/pub/debian-non-US testing/non-US main contrib non-free

# Unstable
# deb http://ftp.de.debian.org/debian unstable main contrib non-free
# deb http://ftp.de.debian.org/debian-non-US unstable/non-US main contrib non-free

# Unstable Sources
# deb-src http://ftp.de.debian.org/debian unstable main contrib non-free
# deb-src http://ftp.de.debian.org/debian-non-US unstable/non-US main contrib non-free

# Experimental
# deb http://ftp.de.debian.org/debian ../project/experimental main contrib non-free

# Experimental Sources
# deb-src http://ftp.de.debian.org/debian ../project/experimental main contrib non-free

# ndiswrapper source
#................deb http://ndiswrapper.sourceforge.net/debian ./

# KDE 3.4 (not in sarge)
# deb http://pkg-kde.alioth.debian.org/kde-3.4.1/ ./
# deb-src http://pkg-kde.alioth.debian.org/kde-3.4.1/ ./

# Unichrome graphics driver
# deb http://www.physik.fu-berlin.de/~glaweh/debian/ unichrome/
# deb-src http://www.physik.fu-berlin.de/~glaweh/debian/ unichrome/

# NX stuff
# deb http://www.kalyxo.org/debian/ experimental main
# deb http://www.kalyxo.org/debian/ unstable main

# ndiswrapper
# deb http://rigtorp.se/debian unstable/
# deb-src http://rigtorp.se/debian unstable/

# Blades Repository (pppoeconf & co)
# deb http://people.debian.org/~blade/testing ./
# deb-src http://people.debian.org/~blade/testing ./

# deb cdrom:[Debian GNU/Linux 2.2 r3 _Potato_ - Official i386 Binary-1 (20010427)]/ unstable contrib main non-US/contrib non-US/main

# Knoppix special packages resource at LinuxTag HQ
# deb http://developer.linuxtag.net/knoppix ./
# deb-src http://developer.linuxtag.net/knoppix ./

# deb http://snapshot.debian.net/archive pool gcc
# deb-src http://snapshot.debian.net/archive pool gcc

# From the Kanotix archives
#............deb http://kanotix.com/files/debian/ ./
#............deb-src http://kanotix.com/files/debian/ ./

# Packages from ubuntu. CAUTION, they don't mix well with Debian
# deb http://de.archive.ubuntu.com/ubuntu hoary main universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu hoary main universe multiverse

root@Electric:/home/Electric#
 
Old 12-20-2005, 11:27 PM   #23
binary
LQ Newbie
 
Registered: Dec 2005
Distribution: Debian
Posts: 20

Rep: Reputation: 0
Because the 'root' can't start any gui program.
You could get into /etc/kde3/kdm, then edit the kdmrc:
ServerCmd=/usr/X11R6/bin/X
to:
ServerCmd=/usr/X11R6/bin/X -ac

Well, reboot, then the 'root' user can start gui program in command line.

Last edited by binary; 12-20-2005 at 11:28 PM.
 
Old 12-21-2005, 09:20 AM   #24
michapma
Member
 
Registered: Oct 2003
Location: Zürich
Distribution: Debian
Posts: 537

Rep: Reputation: 39
upchucky, I think you should stick with Firestarter until we are sure whether it is correctly configured. I personally think you should only switch to firehol if Firestarter is correctly configured but still not working. You've already looked there, but let's look again at the Firestarter docs. (Even though I've only used Firestarter once, I think the problem must be a configuration problem, because I set it up easily on Ubuntu and immediately got a perfect stealth rating at grc.com.)

Is the network device properly set up? (using modem or ethernet card?)
http://www.fs-security.com/docs/wizard.php

Any confusion on the status page, or do you understand everything there? Specifically, that the status is active and the network device(s) is/are recognized and configured correctly.
http://www.fs-security.com/docs/status-page.php

After looking at their tutorial and docs, I think you can skip the events and policy pages, although if you've been online for a while with open ports, you may well have an interesting event history.

From their tutorial (and my own recollection), it seems that the default settings are restrictive and should not leave any ports open. Thus, if Firestarter has been correctly configured and you've gone through the wizard, you should get a good result from grc.com.
Quote:
Having completed the wizard, click the save button on page final page. The firewall is now ready and running, and your machine has an added layer of security. Firestarter now works in its default mode, which is a restrictive policy for incoming traffic and a permissive stance towards outgoing connections. This means you are fully protected against connection attempts from the outside, but are still able to browse the web, read your email, etc. as normal. There is no need to further configure Firestarter if you are satisfied with these defaults.
http://www.fs-security.com/docs/tutorial.php

In this case, I'm skeptical of fooling with the configuration settings until the default settings are understood and work.

Quote:
ok, finally after some beard growing, i got the firestarter working on sys boot, and the configuration wizard works on entry of root password. but it is reported by www.grc.com as only protecting a few ports. what should i expect to see?
I still don't get it; why do you want to start firestarter on system boot? The firewall itself should of course start with the system, but Firestarter does not need to.
Quote:
A frequently asked is question is, what happens when you quit the program. The answer is that the firewall will keep functioning. If you are running Firestarter as a system service, which is automatically set up for you when installing Firestarter from a binary package, the firewall is in many cases even running before you start the program.


On a separate note, concerning your sources.list, most of it is commented out. Here is what the system sees when it reads your list file:
Code:
# Security updates for "stable"
deb http://security.debian.org stable/updates main contrib non-free
deb http://security.debian.org testing/updates main contrib non-free

# Stable
deb http://ftp.de.debian.org/pub/debian stable main contrib non-free

# Stable Sources
deb-src http://ftp.de.debian.org/pub/debian stable main contrib non-free
What is odd about that is that your system is only configured to get packages from stable, but you have also listed security updates for testing. You should comment out the line I have marked in bold. If you later upgrade to testing it will be useful again.

Anyway, this tells us that you are running stable. But, since you have decided against using Guarddog, this information is of secondary importance for this thread.


PS - binary, the method for executing GUI programs as root was covered earlier in this thread (use gksu).
 
Old 12-21-2005, 11:34 PM   #25
binary
LQ Newbie
 
Registered: Dec 2005
Distribution: Debian
Posts: 20

Rep: Reputation: 0
Quote:
Originally Posted by michapma
PS - binary, the method for executing GUI programs as root was covered earlier in this thread (use gksu).
Oh, I am sorry, I haven't seen the earlier carefully.
 
Old 12-26-2005, 01:25 PM   #26
dhlw
LQ Newbie
 
Registered: May 2005
Location: Brazil
Posts: 23

Rep: Reputation: 15
Just ran Steve Gibson's Shields UP!! Common Ports Probe for first time on a default Firestarter intallation (Ubuntu Breezy Badger with GNOME) after rebooting this HP notebook and got this summary

[HTML]----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-12-26 at 19:15:30

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------[/HTML]

Gibson says to close down my PING port to make me invisible:
Code:
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

I'll be grateful for any ideas how to do this in Firestarter. TIA.
 
Old 12-26-2005, 03:32 PM   #27
michapma
Member
 
Registered: Oct 2003
Location: Zürich
Distribution: Debian
Posts: 537

Rep: Reputation: 39
http://www.fs-security.com/docs/preferences.php
The section on ICMP filtering options talks about ping.
 
Old 12-26-2005, 05:27 PM   #28
dhlw
LQ Newbie
 
Registered: May 2005
Location: Brazil
Posts: 23

Rep: Reputation: 15
Quote:
Originally Posted by michapma
http://www.fs-security.com/docs/preferences.php
The section on ICMP filtering options talks about ping.
Thanks, michapma, for fast tip.

Ran Port Authority Edition – Internet Vulnerability Profiling test by Steve Gibson, Gibson Research Corporation where chose Common Ports button near the bottom of this page, after enabling ICMP filtering and PING checkboxes in Firestarter Preferences.

All OK and I recommend this check-out.

Quote:
Checking the Most Common and
Troublesome Internet Ports

PASSED TruStealth Analysis PASSED

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
I now feel safer, thanks. Probably can't do pings myself any more without disabling this in Firestarter but I can live with that OK.
 
Old 12-26-2005, 06:21 PM   #29
michapma
Member
 
Registered: Oct 2003
Location: Zürich
Distribution: Debian
Posts: 537

Rep: Reputation: 39
I don't know what it is exactly, but I somehow grasped Guarddog faster than Firestarter. Its interface just seemed more intuitive. Of course, it's also just the first one I tried, and i liked it. For what it's worth, I also get a perfect stealth rating at grc.com, but I'm able to ping.

On my Debian machine at work I used Firehol because it was recommended to me by some colleagues, and they helped me set it up. When I tested on grc.com, most of the ports were just closed and not stealth. One of the ISG guys (should definitely know what he's talking about) said that's how they have their machines (servers included I think) configured. Apparently using stealth can cause more problems than it helps, at least using the services on our network. Security is interesting stuff, and over my head for the moment. Really fun to learn about though.
 
Old 01-11-2006, 11:24 AM   #30
ultimatenoob
Member
 
Registered: May 2005
Location: Bellingham, WA
Distribution: Suse 10.2
Posts: 77

Rep: Reputation: 15
Quote:
Originally Posted by farslayer
that's odd you are having so much trouble with Firestarter on Debian

I have installed it ona number of machines apt-get install firestarter

When I click the icon to launch firestarter it asks for my root password ( I wouldn't want normal users changing security settings anyway ) once I enter the pass I can use firestarter..

Just wondering in regards to this post; is there a way to add a site to my apt-get connections list that i need?

I have been arguing with firestarter on and off since formatting a couple weeks ago, and have yet to get it installed succesfully. Currently, when i try and configure it, i get this response:
Code:
root@ntu:/usr/share/firestarter-1.0.3# ./configure
checking for intltool >= 0.30... 0.31.2 found
checking for perl... /usr/bin/perl
checking for XML::Parser... configure: error: XML::Parser perl module is required for intltool
Which is fine and dandy, but i have not had any luck isntalling a XML Parser.. i have downloaded and compiled Expat XML parser, but firestarter does not seem to recognize this...
Any recommendations?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need to understand Firestarter/firewall flashl Linux - Security 6 03-02-2005 06:30 AM
no firewall alerts - firestarter lumbrjackedpcj Linux - Security 3 01-21-2005 10:29 PM
firestarter firewall thelenko Linux - Software 8 05-30-2004 03:01 AM
help with firestarter firewall luap Linux - Networking 1 03-15-2003 11:09 AM
Help with user access behind Firestarter firewall TigerOC Linux - Networking 0 02-16-2003 08:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 03:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration