good news everybody...

i know i'm new to this forum, so be assured i checked every possibility for duplicate threads.

my problem is quite similar to this thread:
LinuxQuestions.org > Forums > Linux - Security > Bypassing lokkit, gnome-lokkit and redhat-config-securitylevel on RedHat 8.0


i am running an yet unmodified/not updated redhat 8 (psyche).
though here the problem of the above given thread persists.
when i try to regulate the securitylevel of the machine, it accepts the changes
and quits. if i re-run the tool everything is back to the old defaults.

by checking this: bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72678
(since i'm a new member i can't post URLs...)

i found out that it is a common bug in gnome-lokkit.

though with my machine it causes more trouble, because i cannot change the settings at all.
that means, that everytime i restart xinetd (after making the security changes) the ethx interface refuses to start up.

even if i pass a static ip to the interface, it comes up but can't reach the outer perimeter of the network. within the same subnet i can ping. not so with a public address...

i disabled all iptables and everything that could have influence on the process.


you know there is two things that can happen to a racedriver:
either you run out of road or out of talent... :-)

i guess i'm running out of talent...

thanks for readin'
tom



----------------------
please sign here!

This may provide some starting ground

http://www.linuxquestions.org/questi...55#post1017255

Comment out (# at the beginning of the line) the line "iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT"

Also have a look at the docs at http://www.netfilter.org

http://www.linuxquestions.org/questi...threadid=45261

@ppuru: thanks for the answer... though that didn't help...

i don't think this is an iptables problem, it persists even with iptables switched off.

more i think it has something to do with the redhat-config-securitylevel binary.
this thing just doesn't work right i guess...

can anyone tell me which files this script modifies and/or it has a *.conf file (i didn't find one...)?

the interface still wouldn't come up at boottime.
this is a result of the "securitylevel = high" setting, which i can also see (but not change!) in the GUI version of
redhat-config-securitylevel.

besides the mentioned bug it somehow does not affect ANY settings i make and remains in
the state of high-protection.
thus the eth0 interface is not a trusted device and may not be started. neither at boottime nor
afterwards. this kinda sucks...

[there's a catch though concerning DHCP:
if i assign the int eth0 an ip manually and bring it up, i can ping the inner network, not the public address room ==> "network is unreachable..."]

how does the system define itself as highly protected?
i mean there must be some location that is constantly altered by the default settings from
redhat-config-securitylevel / gnome-lokkit...


help is greatly appriciated...

tom

the redhat security level binary creates a config for iptables at /etc/sysconfig/iptables.

When you start iptables, it reads this file to setup the filters.

Lokkit only facilitates building this file.

Can we think your situation as iptables impeding your system's ability to procure a DHCP address from your ISP.

Request you try this ... shut down iptables, restart the network.

#service iptables stop
#service network restart

Check whether you can get a DHCP Address.

#/sbin/ifconfig -a

yo, been gone for a few days...

yeah, i tried that before... with no accepptable result.
i mean, i can get a dhcp address with/without iptables enabled.

somehow the int gets its ip and i can ping the router but not across it.
(yeah, i checked all configs on the router, other clients also on linux pass through correctly...)
metric and bcast are set correctly.

at boottime the int fails with the error: LINK FAIL, check media...
of course the cable is attached, a knoppix boot works just fine... (can browse inet and so forth)
iptables is disabled at boottime and also afterwards (makes no difference if ena/disa).

this problem is a little quaint, cause i even tried a fresh install and also updated the packages
lokkit and redhat-config-securitylevel.

what i cannot identify is the trusted state of eth0...
where can i check the settings if a device is trusted or not?
i figure that this might be the bottom line...


greetings earthlings
TOM