LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-11-2005, 10:44 PM   #1
1702fp
Member
 
Registered: Feb 2005
Location: California
Distribution: Slackware
Posts: 82

Rep: Reputation: 15
Need help please Firestarter might have ruined my mbr


I attempted to install a firewall - firestarter to be exact. I did not like the firewall, and decided to remove it by using the apt-get remove firestarter command. I UN installed the firewall, restarted the computer then all the sudden the pc stopped, and would not boot to the Internet. I did not know what to do or which files to edit so I Re- installed Firestarter, again, and now the pc is working fine, however the Pc will not boot to the Internet without firestarter, if I remove firestarter the pc will not connect to the Internet. Also every time I boot the pc a error messages comes up saying >>Detecting<<
eth1
eth1
eth1
eth1
eth1

eth1 not found

eth0 found connecting to the Internet

The pc then proceeds to connect to the Internet via eth0 "after taking 4 minuets to search for eth1." it takes a good 4- 4 and a half minuets for the pc to stop searching for eth1 and switch to eth0 is there a way to stop the pc, at boot prompt, from searching for this eth1 also is there a way to remove firestarter, and all of it components without compromising my Internet connection ? firestarter must have left components behind after it was removed from the computer... @ lest I think it did ? I am using Sarge Debian, stable with a DSL Internet connection.


Any help on how to fix this problem will be much appreciated.
 
Old 09-12-2005, 02:34 AM   #2
deloptes
Member
 
Registered: Feb 2004
Location: AT
Distribution: debian etch and SUSE 10.2
Posts: 123

Rep: Reputation: 15
Hi,
I am not using firestarter, but I can imagine what happened.

First of all, let me give you an advice : "read the documentation before installing something you dont' know what it is doing" Especially on critical issues like OS-libraries, Internet, Graphic etc.

Now specifically to the firestarter.

There should be scripts in rcX.d (X=0 .. 6) remove those scripts.

After removing the filestarter, rerun lilo (or grub) to fix the MBR (if touched by firestarter)

It is likely that there are some scripts running (looking for eth1)
Rename them, remove them, or comment the content, so those actions are not performed again.

Code:
/etc/default
shoud be checked too

Regards
 
Old 09-12-2005, 04:35 AM   #3
1702fp
Member
 
Registered: Feb 2005
Location: California
Distribution: Slackware
Posts: 82

Original Poster
Rep: Reputation: 15
Thanks for the reply I could not locate a folder named rcX.d (X=0 .. 6)

The only folder matching that description is ac rc0d rc1d all the way through rc6d

I goggled the net, and found web sites that said the script was located inside the etc folder, I search all over, and could not find that particular so I am assuming that the folder- directory dose not exist.

I do see fire-starter and guradog , I though about deleting those files but decided not to just in case. I have a lot of data on this computer, and don't want to loose it.

I might have to install Debian again but that is the last resort

Sorry for being such a noob I don't know what else to do.
 
Old 09-12-2005, 06:10 AM   #4
deloptes
Member
 
Registered: Feb 2004
Location: AT
Distribution: debian etch and SUSE 10.2
Posts: 123

Rep: Reputation: 15
hi as i said rcX.d I meant rcS.d rc0.d etc.

do not delete anything, but if than make a backup instead and than delete, as you don't want to have to isntall again

seondly don't ever do tests on production system (where you have data) do this only if you are 1000% sure of what you are doing.

I'll have a look at the package this evening, and see what I can do

regards
 
Old 09-12-2005, 11:29 AM   #5
linuxles
Member
 
Registered: Mar 2004
Location: Austin, TX
Distribution: CentOS Fedora RHEL SLES Knoppix
Posts: 78

Rep: Reputation: 15
First of all; firestarter is just a firewall management tool; so it wouldn't have touched your MBR in any way whatsoever...

When you tried to remove it, there was a script that may have been left behind in your default runlevel, and it may be trying to start that . I believe debian defaults to runlevel 3; so check in rc3.d and see if there is a firestarter startup script in there. You can just delete it cause it is only a pointer (link) to the actual script elsewhere in init.d. NOTE: To be sure that your default runlevel is "3", cat the /etc/inittab file, and look for a line like this: "id:3:initdefault:", the number "3" (in this case) signifies your default runlevel. Edit the appropriate runlevel.

I wouldn't bother removing Firestarter itself, just deleting the startup script will be enough. Besides; you mention guardog, that is also another firewall management tool. You should probably be using that instead - since it probably was the default.

About eth1, sounds like you have a second NIC in your machine, and you have it set to activate on boot. If you don't have a second card, just delete the "ifcfg-eth1" file. If you do have a second card but don't want to activate it on boot, just edit the "ifcfg-eth1" file and change "ONBOOT=yes" to "ONBOOT=no".

The ifcfg-eth* files are usually located in /etc/sysconfig/network-scripts... But, your path may be slightly different than what I have. TIP: To find a file on the system, type "locate <filename>". If you don't have "locate" installed, try using: "find / -name <filename>" (as root), replacing <filename> with the file that you are looking for...

HTH,
/Les

Last edited by linuxles; 09-12-2005 at 11:39 AM.
 
Old 09-12-2005, 10:46 PM   #6
1702fp
Member
 
Registered: Feb 2005
Location: California
Distribution: Slackware
Posts: 82

Original Poster
Rep: Reputation: 15
Thanks for the replies I tried just about everything from commands, goggle, and still no go I was not able to find>> /etc/sysconfig/network-scripts I looked everywhere been doing this for 6 hours lol

I also tried to locate the file by typing locate " the file name" in the terminal, as root, and received this error message that is pasted below this paragraph.

warning: database `/var/cache/locate/locatedb' is more than 8 days old
linux:/home/username# ifcfg-eth1

I didn't know what that is supposed to mean I have been using Debian for probably over a year now, and never had any problems with the Os until I installed Firestarter.

I am starting to wounder if the install had been corrupted from the beginning because I am also receiveing the error message, that is pasted below this paragraph when typing gedit into the terminal as root, ( maybe that's why I am not able to edit files.)

(gedit:5071): GnomeUI-WARNING **: While connecting to session manager:
Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.

Would I be better off erasing the entire hard disk and installing Debian again ?

I would really hate to do that unless there is no other choice but if I have to I will. Somethings gotta give because I tried everything.

Thanks again for the replies I appreciate then very much.

Last edited by 1702fp; 09-12-2005 at 10:50 PM.
 
Old 09-13-2005, 05:56 PM   #7
linuxles
Member
 
Registered: Mar 2004
Location: Austin, TX
Distribution: CentOS Fedora RHEL SLES Knoppix
Posts: 78

Rep: Reputation: 15
No, it doesn't sound like your distro is broken. It just sounds like you have a few wrinkles that need to be ironed out...

For the "warning: database `/var/cache/locate/locatedb' is more than 8 days old linux:/home/username# ifcfg-eth1" error message, run "updatedb" to update the locate database. It's possible that it was never run on the system to begin with. Set up a cron job as "root" to run updatedb on a nightly basis.

Now try "locate ifcfg" again.

I don't have a Debian distro in front of me at the moment, but if I remember correctly, Debian stores the ifcfg scripts in /etc/sysconfig/networking, instead of in /etc/sysconfig/network-scripts.

For the "gedit" error; gedit is a gnome based editor that requires X to be running. You say that you are typing it into a terminal, you don't mention if it's an X terminal. If it's a regular terminal, then you'll need to use some text editor like "pico" or "vi" instead. If you are using an X terminal, then it's a resource/permissions issue. Are you su'ing to root and trying to run "gedit"? Then, root doesn't have the permissions to run X apps in the users environment. Again, (for the quick answer) try using a text based editor like "pico" or "vi" in the shell.

/Les
 
Old 09-13-2005, 07:07 PM   #8
deloptes
Member
 
Registered: Feb 2004
Location: AT
Distribution: debian etch and SUSE 10.2
Posts: 123

Rep: Reputation: 15
Lightbulb

I'm sorry being too buzy to have alook at firestarter.

I think this gnome error message might be caused by trying to run gedit as root, while using the desktop ... or may be using kde desktop and missing some crucial gnome stuff.

It is really not that important to this topic.

now I suggest following

if you have kpackage start it if not make as root
Code:
apt-get install kpackage
than run kpackage and find thi firestarter thing.
go to the filelist tab and see which files are being installed and where
may be this will help you ... I thought I'll find some time to do this, but was too buzy untill than you can try it yourself

regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Ruined My PC!!!!!!!!!!!! wasabi Fedora 72 01-18-2006 02:44 PM
AOL ruined my Christmas! bulliver General 39 12-23-2004 08:56 AM
MBR with WinXP and Linux Dual Boot Ruined...! truhuska Linux - Newbie 7 04-29-2004 11:49 PM
Oops, I ruined my computer skedmd Linux - Laptop and Netbook 2 10-17-2003 11:45 PM
Ruined my font-system? mcsmurf Linux - Software 0 10-12-2003 03:23 AM


All times are GMT -5. The time now is 11:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration