LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-05-2006, 05:19 PM   #1
dmcmahon
LQ Newbie
 
Registered: Apr 2004
Posts: 13

Rep: Reputation: 0
Angry Fedora Core 6 overly secure


This whole secure by default thing is really getting out of hand. So, I just installed FC 6 after having been running RH9 for many years. Now, ftp, telnet, rlogin, etc are all disabled, and despite my best efforts I can't get them to work. Apparently they are all "kerberized" now. Well that's just great, so how the sam hill is that supposed to work across different machines and OSes? All I want to do is ftp some friggin files from the machine where I backed everything up. Nothing seems to work. I've installed xinetd and edited the scripts in /etc/xinetd.d to "enable" ftp. No joy. I've also shut down xinetd and started vsftpd, again, no joy.
 
Old 11-05-2006, 06:51 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
Are you getting errors when you try and start them? What sort of messages are appearing in the log files (e.g. /var/log/messages, /var/log/vsftpd)?
 
Old 11-05-2006, 07:11 PM   #3
randyding
Member
 
Registered: May 2004
Posts: 552

Rep: Reputation: 31
For ftp you need to take away the -a option to the daemon.
Check the file /etc/xinetd.d/gssftp
Code:
change: server_args   = -l -a
to: server_args = -l
then restart the xinetd daemon.
Just read the man page for each of the services, and there is a way bypass the auth mechanisms.
 
Old 11-05-2006, 09:30 PM   #4
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 327Reputation: 327Reputation: 327Reputation: 327
Keep in mind the reason those services are disabled by default is that have the ability to send userids and passwords in clear text. Anyone between the client a server can see the login information (including wireless users, if you are on WiFi).

If you've just got an Ethernet cable between two machines, no problem. If you are sending information across the Internet, big problem.

Instead of using telnet/rlogin, you can use ssh. Instead of using ftp, you can use scp (uses ssh for transport). If the client is a Windows machine, you can install the free PuTTY program for ssh/scp.
 
Old 11-06-2006, 10:05 AM   #5
dmcmahon
LQ Newbie
 
Registered: Apr 2004
Posts: 13

Original Poster
Rep: Reputation: 0
I took out the -a, still no luck. Attempting to ftp (yes it's from a Windows machine) just hangs with no response. Attempting to ftp from the Linux box gives a litany of GSSAPI errors. It starts with

Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: unspecified GSS failure. Minor code may provide more information
GSSAPI error minor: no credentials cache found
...

I know all about the security issues, but this is a workstation accessed on a LAN not the internet. This is a collossal pain in the arse.
 
Old 11-06-2006, 11:16 AM   #6
dmcmahon
LQ Newbie
 
Registered: Apr 2004
Posts: 13

Original Poster
Rep: Reputation: 0
Also X port is not working

It's like all external port access is disable to the machine. I have the xserver running and I've issues the "xhost +" command. Yet, non-local connections are refused.
 
Old 11-06-2006, 12:11 PM   #7
dmcmahon
LQ Newbie
 
Registered: Apr 2004
Posts: 13

Original Poster
Rep: Reputation: 0
I'm beginning to suspect FC6 has installed a software firewall of some sort. Anyone know how to turn it off? There's nothing in the control panel.
 
Old 11-06-2006, 12:16 PM   #8
dmcmahon
LQ Newbie
 
Registered: Apr 2004
Posts: 13

Original Poster
Rep: Reputation: 0
And indeed, once I tumbled to that, the magic incantation is found to configure the friggin firewall:

system-config-securitylevel

Jeeze, would it be too much trouble to put the @#$%ing thing on the control panel or menu somewhere?
 
Old 11-06-2006, 12:20 PM   #9
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 327Reputation: 327Reputation: 327Reputation: 327
You mean menu System-Administration->Security Level and Firewall?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
procmail; recipe help; returning notification on overly large emails TheLinuxDuck Programming 2 02-05-2010 01:28 AM
Setup Fedora core 3 & Redhat 7.2 software development environment under Fedora core 5 powah Fedora 1 06-16-2006 10:25 AM
Upgrade Fedora Core 4 (FC4) to Fedora Core 5 (FC5) hangs vogelap Fedora - Installation 10 05-22-2006 09:00 AM
Overly sensitive trackball Lord Zoltar Linux - Hardware 12 07-23-2005 01:31 PM
Overly bright video? Pathian Linux - Software 1 03-24-2004 03:21 PM


All times are GMT -5. The time now is 01:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration