Need help please Firestarter might have ruined my mbr
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Need help please Firestarter might have ruined my mbr
I attempted to install a firewall - firestarter to be exact. I did not like the firewall, and decided to remove it by using the apt-get remove firestarter command. I UN installed the firewall, restarted the computer then all the sudden the pc stopped, and would not boot to the Internet. I did not know what to do or which files to edit so I Re- installed Firestarter, again, and now the pc is working fine, however the Pc will not boot to the Internet without firestarter, if I remove firestarter the pc will not connect to the Internet. Also every time I boot the pc a error messages comes up saying >>Detecting<<
eth1 not found
eth0 found connecting to the Internet
The pc then proceeds to connect to the Internet via eth0 "after taking 4 minuets to search for eth1." it takes a good 4- 4 and a half minuets for the pc to stop searching for eth1 and switch to eth0 is there a way to stop the pc, at boot prompt, from searching for this eth1 also is there a way to remove firestarter, and all of it components without compromising my Internet connection ? firestarter must have left components behind after it was removed from the computer... @ lest I think it did ? I am using Sarge Debian, stable with a DSL Internet connection.
Any help on how to fix this problem will be much appreciated.
Thanks for the reply I could not locate a folder named rcX.d (X=0 .. 6)
The only folder matching that description is ac rc0d rc1d all the way through rc6d
I goggled the net, and found web sites that said the script was located inside the etc folder, I search all over, and could not find that particular so I am assuming that the folder- directory dose not exist.
I do see fire-starter and guradog , I though about deleting those files but decided not to just in case. I have a lot of data on this computer, and don't want to loose it.
I might have to install Debian again but that is the last resort
Sorry for being such a noob I don't know what else to do.
First of all; firestarter is just a firewall management tool; so it wouldn't have touched your MBR in any way whatsoever...
When you tried to remove it, there was a script that may have been left behind in your default runlevel, and it may be trying to start that . I believe debian defaults to runlevel 3; so check in rc3.d and see if there is a firestarter startup script in there. You can just delete it cause it is only a pointer (link) to the actual script elsewhere in init.d. NOTE: To be sure that your default runlevel is "3", cat the /etc/inittab file, and look for a line like this: "id:3:initdefault:", the number "3" (in this case) signifies your default runlevel. Edit the appropriate runlevel.
I wouldn't bother removing Firestarter itself, just deleting the startup script will be enough. Besides; you mention guardog, that is also another firewall management tool. You should probably be using that instead - since it probably was the default.
About eth1, sounds like you have a second NIC in your machine, and you have it set to activate on boot. If you don't have a second card, just delete the "ifcfg-eth1" file. If you do have a second card but don't want to activate it on boot, just edit the "ifcfg-eth1" file and change "ONBOOT=yes" to "ONBOOT=no".
The ifcfg-eth* files are usually located in /etc/sysconfig/network-scripts... But, your path may be slightly different than what I have. TIP: To find a file on the system, type "locate <filename>". If you don't have "locate" installed, try using: "find / -name <filename>" (as root), replacing <filename> with the file that you are looking for...
Thanks for the replies I tried just about everything from commands, goggle, and still no go I was not able to find>> /etc/sysconfig/network-scripts I looked everywhere been doing this for 6 hours lol
I also tried to locate the file by typing locate " the file name" in the terminal, as root, and received this error message that is pasted below this paragraph.
warning: database `/var/cache/locate/locatedb' is more than 8 days old
I didn't know what that is supposed to mean I have been using Debian for probably over a year now, and never had any problems with the Os until I installed Firestarter.
I am starting to wounder if the install had been corrupted from the beginning because I am also receiveing the error message, that is pasted below this paragraph when typing gedit into the terminal as root, ( maybe that's why I am not able to edit files.)
(gedit:5071): GnomeUI-WARNING **: While connecting to session manager:
Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.
Would I be better off erasing the entire hard disk and installing Debian again ?
I would really hate to do that unless there is no other choice but if I have to I will. Somethings gotta give because I tried everything.
Thanks again for the replies I appreciate then very much.
No, it doesn't sound like your distro is broken. It just sounds like you have a few wrinkles that need to be ironed out...
For the "warning: database `/var/cache/locate/locatedb' is more than 8 days old linux:/home/username# ifcfg-eth1" error message, run "updatedb" to update the locate database. It's possible that it was never run on the system to begin with. Set up a cron job as "root" to run updatedb on a nightly basis.
Now try "locate ifcfg" again.
I don't have a Debian distro in front of me at the moment, but if I remember correctly, Debian stores the ifcfg scripts in /etc/sysconfig/networking, instead of in /etc/sysconfig/network-scripts.
For the "gedit" error; gedit is a gnome based editor that requires X to be running. You say that you are typing it into a terminal, you don't mention if it's an X terminal. If it's a regular terminal, then you'll need to use some text editor like "pico" or "vi" instead. If you are using an X terminal, then it's a resource/permissions issue. Are you su'ing to root and trying to run "gedit"? Then, root doesn't have the permissions to run X apps in the users environment. Again, (for the quick answer) try using a text based editor like "pico" or "vi" in the shell.
I'm sorry being too buzy to have alook at firestarter.
I think this gnome error message might be caused by trying to run gedit as root, while using the desktop ... or may be using kde desktop and missing some crucial gnome stuff.
It is really not that important to this topic.
now I suggest following
if you have kpackage start it if not make as root
apt-get install kpackage
than run kpackage and find thi firestarter thing.
go to the filelist tab and see which files are being installed and where
may be this will help you ... I thought I'll find some time to do this, but was too buzy untill than you can try it yourself