It's alright saying that robert0380, but it would be nice to be able to use my dsl under linux, as I can under window$ i.e. always on.

I have yet to gain enough knowledge (I'm probably just thick) or confidence (general disasters system wide/lack of an "undo" facility/generally "excessive" complexity of linux to the newbie and unintelligibility of man pages, HOWTO's etc - again as a newbie!).

One of the prevoius posts said about using "tinyfirewall" and while I have managed to get this facility running (I think), it appears that I have no way of knowing whether it is actually working or not!

In fact it appears that most of my critisicm of linux is because in the past, linux has been aimed at the academics/educated/IT knowledgable types out there.

And while this point is considered by the "linux cognescenti" to be weak, I maintain that until someone/some company really wants to make linux proper competition for M$ products, it has to be made "easier".

Point and click people (myself, well at the moment anyway) are here to stay, and while some of the distro producers have gone someway to address the complexity of linux, I am of the opinion that they still have a long way to go.

In other words, point and click SHOULD be the default facility, with all of linux's other abilities as a choice which can be enabled/disabled.

Hence, your pull the plug remark doesn't really hold water (my view)

Nevertheless, thank you for posting the suggestion.

regards

John

p.s. It should also be mentioned that because point and click people out number knowledgable type by many thousands to one, we have the buying power to drive the markets in whichever direction is easiest for us. This is not always recognised by the "knowledgable types" who in the past have wasted a lot of "breath" ranting about poor quality/insecurity etc etc of M$ products. But, because they are relatively easy to use poor quality/insecure products, they, for the foreseeable future are gonna keep selling.

Personally, I am trying to learn this mountain called linux mainly because I am disgusted with the M$ "strong arm, monopolistic and intransigent" business tactics and corporate policies.

Yeah, screw THE MAN. THE MAN needs to stop trying to bring us down! huh huh, just kidding John.

I don't know much either, but I would try

ps -e | less

to get the process id of whatever you want to kill (xxx), then run

kill xxxx

or ps -eH to help w/ which one to kill

I don't think you should be killing a process if you want to end Internet connection. It's never the proper way.

"One of the prevoius posts said about using "tinyfirewall" and while I have managed to get this facility running (I think), it appears that I have no way of knowing whether it is actually working or not!" - I don't understand 95% of how my car works, but it works and it keeps running. tinyfirewall is running as soon as MDK gets past the boot screen. You could see it running by typing

ps -a | more

Hit spacebar.

If you've closed all unnecessary ports, in my case, all but 8000 proxy (ad-filtering) and set up tiny, you can sit back & relax. There is no way a script kiddie could get in. Either case, your box will probably still be running fine.

I'm not sure why you should worry about more what's inside your box than what's going out of the box. Everything is pretty much plain text on the Web. Zero privacy. If you're worried about your privacy, subscribe to something like anonymizer.com(platform-independent). I know it's an issue over in UK.

Thanks for the assist jetblackz, I will have a look at that ps -a | more that you mentioned, i understand what you are driving at, but, until I actually can follow it, I would rather be able to make sure that it is as secure as I can feasibly make it. I know that "virii?" are not as prevalent under linux as they are under window$, but it's more to do with the FACT that linux people are much much more "au fait" with the more technical (and potentially mischief making - no this is NOT an accusation) than your average scriptie or window$ drone!

As I have previously said, due to my lack of linux knowledge, I am getting stuck over and over again. For example, I tried some of the stuff that someone else said about getting process ID's and got this impressive looking mountain of info, on studying it, it gave me what appeared to be an ever changing "PID" and whichever number I tried to "kill", the bash refused to recognise any of it.

I, also, would be more than happy to leave it connected if I am confident that the "tinyfirewall" was working (and I now should be able to!), this, at the moment is one of my "soap box" subjects, because under window$, I get to see a nice little icon, that tells me that not only is the firewall up and running, but also an indication of when traffic is crossing it, and alarms for when someone gives it a "nudge" or when the system is trying to send something out. All point and click, all very visible and reassuring, and as far as my impression of it, all very EASY!

I have observed around the forums that you are a "v clued up cookie" this is a type of knowledge that I am envious of, hence my arsehole comment on my signature. But, your knowledge enables you to give me 1001 reasons why my opinion of M$ software is a misjudgement on my part, but I would hasten to add, that if it wasn't for the likes of the Microsoft Taliban, the net would have nowhere near as much stuff out there. It has given nugget's like me the "access" and ability to be part of the driving market forces.

Lets face it, their s**t has given the committed/knowledgable (you) and the disaffected moron (me), one hell of a lot of stuff to play with. The difference being that you know how to play with it and what the rules of the game are, whereas, I have only just started to learn were the pieces are placed on the game board.

Keep up the good works and prepare yourself for more stupid questions from the likes of me!

regards and thanks

John

You need a nice simple firewall script. Mandy should be running IPtables, tinyfirewall is just a frontend so far as I am aware. I'm not on the right machine to get the details now, but I can send you my adsl firewall and NAT (connection sharing) script if you want. Basically just runs at startup, and forget about security, I leave my DSL up 24/7, no sign of problems (touching wood!). Used zone alarm on windoze until I figured the slug setup (pig to do), millions of scans. Now, I'm just a black hole!

Jim

I'm running Mandy 8.1, so 8.2 may not have all the stuff I'll mention, but if it does, try this:

1. Log in as root using the KDE window manager (I think that's the default for Mandy).

2. Run the Mandrake Control Center, which will be on the start menu that pops up when you click the left end of the task bar a la Windows.

3. Select "Services" from its set of icons and wait a while for it to set itself up. You'll get a whole list of services, with a status that says whether it's running. For each one that's running, click the Stop button. If the "start at boot" checkbox seems to be pressed in, click it so that it pops out. This will keep that service from starting automatically.

4. When you have them all turned off, click the OK button to get back to the main MCC area.

5. Select "Security" from the list of icons.

6. Follow the point-and-click wizard to set up maximum security.

This should make your box about as secure as it's possible to get. To check it, open a web browser, go to http://www.grc.com, and use his "Shields Up!" service to check out your system. You should see all ports reported as "stealth" and if you do, nobody will be able to break in. Symantec also runs a port-scan-testing service that's free.

Don't worry about disconnecting from the DSL line unless you're being charged for it by the minute. I leave mine up 24x7; my firewall and detection schemes show attempts to enter on an average of 3 or 4 times a day, but none getting through the defenses...

Not to blame anybody, but NEVER LOGIN AS ROOT INTO THE GRAPHICAL ENVIRONMENT WITH BROADBAND CONNECTION ON WITHOUT ANYTHING TO DEFFENCE YOURSELF. It's like introducing yourself to a general public and standing before it in underwear, some would laugh, some would get ashemed, some would throw rotten tomatos at you. Less words - use root wisely and as needed. The trick with Control Center can be done without login in as root - login as a regular user novigate to the services in Control Center and click either modify button or it will ask you root password. Another point - not running anything doesn't make you more secure, there are ways to get around, for instance when you browse the net there is always port open on your system (you must communicate somehow with the server on the other end, mustn't you? and such). So remeber when running a system broadband connection without any firewall/security tools you're not a thread to your own system only, you are a danger to others (your system might participate in a DDoS - distributed denial of service attack and you'll be the last one to know about it). So keep it in mind. As for a basic security scan, I found that grc is not a good option as it performs basic nmap scan of tcp and maybe udp ports on your system. If you have an access to another PC (it doesn't matter if it is linux or windows PC) try running nmap against your machine (you need the IP address of your machine). Nmap is available for download free at http://www.insecure.org it is available as a linux RPM or source as well as windows client binary.

True, I should have listed before step 1: "Unplug the DSL connection from the phone line." Then after turning off all services AND selecting maximum security via MCC (which will install a very restrictive IpTables firewall), "Reconnect DSL and test against GRC and/or Symantec."

And you're right that there's no need to log in as root to use MCC, because it will ask for the root password and set itself as root only when it must.

I agree that there are better tests than the Gibson Research Corporation site, but it does test the ports most frequently hit by the script kiddies. The Symantec site does a more thorough test. From the thread I gathered that BigJohn really didn't want to get down to trying to interpret an nmap log or tcpdump output!

Whoa, bogus!!!!!!!!!!!!!!!!!!(please excuse the "bill 'n ted" mentality)

it would appear that all three (drjimstuckinwin, neo77777 and JimKyle) are right, as well as having some mega ideas for me to try.

Yes, outstanding advice from one and all. Though JimKyle has hit the nail on the head when he says but the words "didn't want to" would need to be changed to "doesn't know how to or what it all would mean".

Some of the assistance that I have received for other snags that I have had has been very good, but when I try the advice, I end up with a massive amount of bash response to try and interpret. That is usually where it goes "pear shaped". as the only thing that I can do is to read it and see if there is anything that looks familiar and hope that is what I am looking for.

I can do quite a nice line of advice as far as troubleshooting the daily running for a 44 ton mercedes artic/semi trailer, but when it comes to IT (especially linux) its better to have someone who knows how to wipe my a**e before they put a new nappy (diaper) on me!!!!!!!! - and thats not forgetting that most of the officially published assistance (mandrake, o'reilly, man pages, etc etc) are written in Sanskrit, as far as the uninitiated (me) are concerned.

I usually ask for help, and stipulate that any offered assistance should be written in "monkey see, monkey do" terms and in a "teaching granny to suck eggs" way. Patronising may be very annoying to some, right now, its manna from heaven to me!.

I'll post back with an update when I have been able to try your advice.

Again, thank you all

regards

John

Any time.

"because under window$, I get to see a nice little icon, that tells me that not only is the firewall up and running, but also an indication of when traffic is crossing it, and alarms for when someone gives it a "nudge" or when the system is trying to send something out." - of course there's a Linux equivalent of that. In KDE, go Start/K menu> System or Utilities> kpm.

http://docs.kde.org/2.2.2/kdeutils/kpm/using-kpm.html

You could also see a graphical representation of your NIC activities. I'm not sure where it is. Maybe K>Network> setup.

To get you a crash course of Mandrake, go to

http://www.mandrakelinux.com/en/demos/

also, check out gkrellm, it's a pretty neat looking system monitor. I start it by putting
"exec /usr/local/bin/gkrellm -w &"
in $HOME/.xinitrc (before exec <window-manager-of-choice>)

Hi thread,

well, by using ps -e | less as suggested by adam_boz, I have managed to get the "pid" to be able to kill the net connection when I'm not infront of the screen.

I have then done the "tinyfirewall" thing suggested by jetblackz and after doing the netstat -an | grep LISTEN command I now get

[root@localhost bigjohn]# netstat -an | grep LISTEN
tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2401 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:98 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9098 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9099 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:13 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:19 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 3997 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 10391 /tmp/ksocket-bigjohn/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 10421 /tmp/ksocket-bigjohn/klauncherFh1Yra.slave-socket
unix 2 [ ACC ] STREAM LISTENING 10481 /tmp/mcop-bigjohn/localhost_localdomain-0d74-3d66c232
unix 2 [ ACC ] STREAM LISTENING 10398 /tmp/.ICE-unix/dcop3429-1030144560
unix 2 [ ACC ] STREAM LISTENING 10328 /tmp/medusa-idled-service
unix 2 [ ACC ] STREAM LISTENING 10525 /tmp/.ICE-unix/3484
unix 2 [ ACC ] STREAM LISTENING 3636 /tmp/.font-unix/fs-1
unix 2 [ ACC ] STREAM LISTENING 3491 /dev/gpmctl

and when I try going into the mandy control centre etc, all I get is a list of services (the written list that tells me whats running/stopped/starts on boot etc etc).

So how do I make sure that I have stopped 111,6000, 80, 119 and 25? I am not sure whether I need to stop the 631 (cups?) thingy as it appears that I need that to run my printer ??? Also, does anyone know what the other numbers that come up on the netstat are, the ones that I have listed are from the previous post about this!

And also, yes please drjimstuckinwin, I would be greatful if you could send the firewall script. Though how I get it out of the mail system is a bit of a mystery, because I have yet managed to sus how I configure kmail for my mail account? the difference in terminology used between m$ OE and kmail means that being the nugget that I am, I don't follow which bits of info go where!

I have also read somewhere that to firewall mandy, I need to install/setup iptables and bastille. They both appear to be in the system, but again, "white man make big heap magic." Yes, you've guessed it, I haven't got a scooby what to do.

I was looking at the mandrake site and saw that I could send off for the manuals/paperwork etc, but I presume that apart from being easier to read on paper instead of staring at a screen, they would tell me the same ZERO, that their online stuff tells me!


I have also tried the ps -a | more thing that jetblackz suggested but all I get is
[root@localhost bigjohn]# ps -a | more
PID TTY TIME CMD
3559 pts/3 00:00:00 su
3562 pts/3 00:00:00 bash
3610 pts/3 00:00:00 ps
3611 pts/3 00:00:00 bash
[root@localhost bigjohn]#

obviously, I get naff all when I hit the space bar so again what do I need to do to see if the "tinyfirewall" is working?

Ideas and advice much appreciated, and as usual, in "monkey see, monkey do" language please (the teaching granny to suck eggs would appear to be the only way I can follow what you may be trying to tell me! and i wish to apologise for permanently stuck in "nugget mode 1 alpha")

thanks and regards

John

p.s. sorry if this seems like 3000000 questions in one post, but as far as I can work out, it's all interrelated (I think)

Ok first thing first:
netstat - potential security holes:
port # service contermeasure
---------------------------------------------
7 echo turn off echo
19 chargen turn off chargen
111 sunrpc turn off portmaper
873 rsync turn off rsync
2401 cvspserver turn off cvs
6000 X startx -nolisten tcp only if you boot to runlevel3
and bring the GUI by issuing startx

Other ports timeserver (port 525), daytime (port 13) turn them off if they are not needed - look up ksysv
ok now how to turn off portmapper - ksysv as root locate portmap and kill it in every runlevel possible
echo, chargen, rsync - as root with su go to
/etc/xinetd.d
locate the files with these names and make sure the line that says
"disable = no" is changed to "disable = yes"
as for other ports I don't know what they are - possibility exists that they are a backdoors left by developers or crackers. You need a stronger firewall rules, and there is happened to be one called ... stronger firewall
http://www.tldp.org/HOWTO/IP-Masquer...-examples.html
copy the part which is relevent to iptables (everything that starts with # is a comment and ignored), as your $EXTIF place ppp0 - it is eth0 in the script (as I remeber you were struggling with Alcatech USB ADSL modem it uses PPPoE and ppp0 interface), start script as root (make sure you have placed executable bit on it with
chmod 755 filename
and run it
./filename
As for consequitive questions in your post I'll be back in the next 8 hrs (it is 3:15 in the morning here in NYC, I gotta get some sleep)
So I'll talk to you soon.
Regards, Boris.