Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,803
Rep:
Cannot disable firewall
I have a system that was recently setup with Red Hat 8. The user needs to connect to several UNIX systems (all non-Linux) and start up X clients to display on the RH8 system. The trouble I'm running into is that the RH8 system has the firewall setting at the highest security level which blocks remote X client access. ``No problem'', I say, ``We'll just disable the firewall and you can open the windows to the remote systems.'' (The RH8 system is inside a firewall already and there is no need to establish yet another firewall on this host.) Sounds simple enough. But Red Hat refuses to change the firewall security level. When I log in as root, go int o the ``System Settings -> Security Level'', and change the setting to `no firewall' and exit, no change is actually made. Reentering the security level dialog shows that it's still set to `High'. Going through this sequence just prior to a reboot results in the same end result.
(I've noticed that this is happening at home as well but has gone unnoticed as I don't have any other hosts on the home LAN running X applications.)
Anyone got any ideas as to what's preventing this change from being made?
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,803
Original Poster
Rep:
Quote:
Originally posted by DavidPhillips It is probably just showing high but not actually set at high.
However you can do this
chkconfig iptables off
chkconfig ipchains off
I know that ipchains wasn't selected during installation. The iptables startup was disabled using `chkconfig --level 12345 iptables off' but I will definitely verify this -- to be absloutely sure -- on the other user's system on Monday. (Luckily, the user is out of the office on Monday so I am free to do whatever it takes to get this puppy working properly. Provided no other fires erupt, that is. :-) )
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,803
Original Poster
Rep:
Checked the service configuration and iptables was shut off across the board but still had some problems. Decided on a reinstallation -- which I normally hate to resort to but which solved the problem of a somewhat undersized /usr partition as well -- and the problem hasn't recurred. I basically did a full, select-everything installation this time instead of tailoring the installation to only the essentials for what the user is doing. Wasted some space but she's much happier now that X clients are working.
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,803
Original Poster
Rep:
Quote:
Originally posted by Crashed_Again Doh' did you check /etc/hosts.allow and /etc/hosts.deny?
Those shouldn't come into play for X clients. I don't have anything in those files but I have a bunch of system that I manage via X connections and all I use is xhost to enable access. And we had done ``xhost +'' to let any xclients connect and sometimes it would work but eventually it'd crap out. It was the weirdest darned thing I'd seen in a while.
Quote:
I hate to see somebody reinstall.
Believe me, not any more than the guy whose just done it. :-) Luckily, this was a freshly installed system (replaced an aging and unsupported Sparcstation) and no user data was on the system; it's waiting to be untarred off the LAN. So it wasn't disruptive to anyone but me -- the user had taken St. Patrick's Day off -- and I was only inconvenienced to the extent that I had to pop in from time to time to see if it was time to swap CDs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.