LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-20-2004, 08:37 PM   #1
JohnLocke
Member
 
Registered: Jun 2004
Location: Denver, Colorado
Distribution: Ubuntu
Posts: 221

Rep: Reputation: 30
MDK 9.2 sysctl.conf being reset by shorewall?


I can periodically look in sysctl.conf and see that my echo_ignore_all and echo_ignore_broadcast variables have been reset to 1. This doesn't seem to be associated with a network restart or computer reboot, and in fact, are fixed by either after I've re-edited this file.

(to see exactly what I'm talking about)
Code:
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.conf.all.log_martians=1
kernel.sysrq=0
I'd like the ignore_all variable to stay set at zero for now while I'm troubleshooting my network ... so I can ping this box from others. Somewhere, somehow, however ... and I suspect shorewall ... this variable is reset to 1, and suddenly ... no ping! I haven't witnessed an exact timing on this yet, but it seems to be on the order of hours (one or a few). Most recently, I changed this to zero and noticed the machine was unpingable about 2 hours later.

Anyone know of a cron or structure that gets set up to rewrite this file?
 
Old 07-24-2004, 08:23 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Sounds like msec. I'm not an msec guru, but I believe you can either lower the security setting or modify the msec config file to skip that specific check. Here's a some good msec docs:

http://www.mandrakesecure.net/en/docs/msec.php
http://www.davideous.com/misc/david_...msec_docs.html

--EDIT--
You should be able to directly select those settings using DrakeSec as seen here:
http://doc.mandrakelinux.com/Mandrak...l/draksec.html

Last edited by Capt_Caveman; 07-24-2004 at 08:46 PM.
 
Old 07-24-2004, 08:59 PM   #3
JohnLocke
Member
 
Registered: Jun 2004
Location: Denver, Colorado
Distribution: Ubuntu
Posts: 221

Original Poster
Rep: Reputation: 30
Thank you so much! That's been getting on my nerves and looks like it's the fix I've been looking for.

I was blind not to think of it what with msec running all the time. THanks for pointing it out!
 
Old 07-24-2004, 09:02 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Sure. I wish mandrake would document those features of msec better, as it does seem to cause alot of problems for Mandy users.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/Sysctl.conf really I need it? Beised Linux - Software 2 08-25-2004 08:36 AM
sysctl.conf resets itself? JohnLocke Linux - Newbie 1 07-14-2004 10:24 PM
/etc/sysctl.conf ??? biscristi Linux - Software 0 06-03-2004 09:50 AM
sysctl.conf nocturnal *BSD 4 12-11-2003 06:43 PM
help! the /etc/sysctl.conf darkstarreddiam Linux - Networking 2 05-08-2003 09:55 PM


All times are GMT -5. The time now is 10:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration