LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-05-2004, 01:34 PM   #1
orgee
Member
 
Registered: Sep 2004
Distribution: slack-10 / kernel-2.6.81
Posts: 43

Rep: Reputation: 15
Security kernel option: Default Linux Capabilities


I transferred to Linux so I can work on 3d graphics so I took the necessary steps to get my 3d acceleration working and all my periphirals getting detected and working to my liking. I decided to recompile the kernel so I can compile it for my cpu and I saw an option in the Security options called "Default Linux Capabilities".. I turned that ON (not knowing what it really does, but it sounded like I needed it for some reason) and then built the kernel.. Now with this new nice kernel I'm having problems connecting to other types of connection besides HTTP. For example, attempting to connect to my FTP server in my website so I can upload my artwork doesnt work anymore. I also cannot connect to GAIM or any instant messaging. And now it takes longer to connect to IRC servers such as Freenode that I usually connect to instantly..

So what I'm thinking here is that "Default Linux Capabilities" did something to my system which made it more strict, which is good.. But now I need to enable access to some of those connections i said above such as FTP, Instant Messaging, but I don't know how to do it with this new security thing.

I googled Google for default linux capabilities and all i got is a description or article about it being integrated in kernel 2.6.

I have another option which is to recompile the kernel and exclude that security option so its not built in my kernel..(but why would I do such a thing?)

If you could help me out by telling me by pointing me to the right direction as to how I can enable access to those connections or a website showing a quick and dirty way on how to configure it, that would be great.

Last edited by orgee; 10-05-2004 at 01:36 PM.
 
Old 10-10-2004, 07:55 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,991
Blog Entries: 54

Rep: Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744
What you choose was part of the Linux Security Module framework (properly TLA'ed to LSM) which is std from kernel version 2.6.x on. If you're sure you need LIDS, SELinux, Dazuko or other security framework modules, please read up on them before activating any. If not, disable them and please check out the LQ FAQ: Security references on how to secure your box.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
security = domain option in smb.conf requires the user have an account on linux nlong1 Linux - Newbie 10 12-08-2004 01:02 PM
Multi-User Linux Capabilities Baryonic Being Linux - General 11 08-27-2004 12:18 PM
How to enable linux filesystem capabilities for kernel 2.24.18 toubo Linux - General 8 08-20-2004 10:09 AM
mysql entry in catalina.policy when using security option gschrade Linux - Software 5 03-23-2004 11:23 AM
Linux multiuser capabilities for one user? mlhammer Linux - Newbie 4 11-10-2003 09:41 PM


All times are GMT -5. The time now is 10:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration