locking down proxy setting in red hat
I am starting a new thread to hopefully help other new to Linux..
OK now I stumbled on something and we have to figure out how to lock down individual users from setting a proxy server. Its a server not a WS so it should never go to the internet. I want to lock down the system side and firefox 5 settings. Love Linux... This is getting fun... researching this solution now |
found this link but its a bit confusing. I want to lock the system and mozilla
http://kb.mozillazine.org/Locking_preferences I tired this and put the local-setting.js in and now the firefox wont start at all. "failed to read the configuration file. Please contact your system administrator. So I did contact myself.. I was out getting coffee so could not help... :) Seriously on to more debugging... |
well read several sites that all say to do the same thing but they are talking windows and mac so may be i am missing something being Linux...
So what I did was create a file called /usr/lib64/firefox-3.0.12/defaults/profile more mozilla.txt // lockPref("network.proxy.type", 5); <----setting to system setting but I really want to lock it out completely encrypted is more mozilla.cfg // ybpxCers("argjbex.cebkl.glcr", 5); set the x bit on the file. -rwxr-xr-x 1 root root 39 Feb 16 09:26 mozilla.cfg created this file /usr/lib64/firefox-3.0.12/defaults/preferences/local-setting.js more local-setting.js pref("general.config.filename", "mozilla.cfg"); set the x bit -rwxr-xr-x 1 root root 49 Feb 16 09:26 local-setting.js Still get error... this link explains what the setting 0-5 are used for http://kb.mozillazine.org/Network.proxy.type if someone wants to chime in feel free :) |
So i thought this might be a permission issue and did a 777 on the local-setting.js file.
Still get the error |
bump still looking for an answer
|
I think you can just point your proxy to localhost in the /etc/hosts file and make it read via root itself. Normal users will be able to look at the file.
-- Prasanta |
i am not sure what you are referring to. I want to set a system wide proxy server (or not set one in tis case) and prevent people form entering one in the firefox settings
|
What I meant to say is that users will be using some domain name in the proxy server configuration in the firefox. Normally all users will use the same for an organization. Internally, you set the proxy to resolve to the localhost ip, which you can set it in /etc/hosts.
The other option is to have the whole proxy configuration disabled. This works for firefox3. In `/etc/firefox-3.0/pref` open the file, `firefox.js`, and insert the following line, lockPref("network.proxy.type", 0); This will disable proxy settings. You can disable any setting using the `lockPref` tag. Hope this helps. -- Prasanta |
Quote:
If I add that line firefox will not start. I do not have an /etc/firefoxXXXX dir. for grins i tried as you suggested but modified the /usr/lib64/firefox-3.0.12/defaults/preferences/firefox.js I can still change the proxy settings |
If it's a server, why would it be running a browser?? Alternatively add SQUID to your gateway and block all outbound traffic from that server (use the server's IP).
Actually, you might be able to just use iptables for that.. |
I am not sure when was Firefox 5 released. Did you use lockPref. Please check this below mentioned link,
http://kb.mozillazine.org/Lock_Prefs -- Prasanta |
Quote:
Also we plan on using webmin/usermin in the future. |
Quote:
I tried that but i get the error i posted. |
You can still use my suggestions. They all apply to the gateway system, not the server.
|
Quote:
|
All times are GMT -5. The time now is 02:47 AM. |