MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dual booting Win98SE and Mandrake 9.1 on a PII 350 MHz machine with kernel version 2.4+.........i686;
On install, I accepted an automatic login as user to the KDE desktop environment. I am not afraid of the command line, however and have been hanging out in the Security section the last couple days as I have just convinced my ISA internal modem to connect to the INTERNET via KPPP and Mozilla and want to harden my system against attack. They have some real Sys Admins in there who got me lined up on how to check my exposed ports and so on and now I want to close down some automatic services running on boot.
Here is where the problem begins: I clic on Control Center and am asked for my root password and am offered Control Center's screen. I have tried use the Firewall configuring tool in Security and there seems to be no way to save the changes and indeed they are not even saved for the present session even no matter what I do. There seems to be button or drop down item to clic on to save changes.
A similar situation exists when I try to use the SysV-Admin configuration tool which has a real nice GUI showing all the services running on at run levels 0 through 6 with little "traffic signal" devices with a red or green showing if the service is running or stopped. Once again, I am asked for my root password in order to access this tool and I enter successfully. There is an interactive menu that lets you select a service for stopping or starting and at some time in the past, I have stopped one or two as I can see. But now, when I use the menu, it gives a pop-up informing me the KDEInit cannot open KWrite and what it amounts to is a refusal of permission.
Please do not tell me to just go to the command line for an intensive configuration here as I am trying to make the GUI work as advertised prior to posting a review and also wish to show some younger family members how to set up Mandrake etc. Of course, I am not here refusing to use the command line to fix the GUI problem. Any tips appreciated robertn
OK Micro420,
I gave it a long go using your suggestion; I unchecked the portmap service (check means start at startup) and tried all variations possible of logging off (not rebooting or shutting down) and logging back in,to wit:
1) leave the control panel window right where it is after unchecking portmap; what happens is that when I get back to KDE, there is a window demanding my root password to enter the Control Center which is of course asking to be opened. I provide it and notice that portmap is rechecked to run on startup.
2)Clic the OK button and leave the Control Center where it is to log off and log back on. Same result as in 1)
3) Clic OK and then close (or quit) the Control panel and then log off and log back on. No changes saved, but the Control Panel had to be accessed by providing password in order to find this out, since I quit it before logging off/on.
I also tried opening up a console and changing to root via the su command and entering the password and as root entering "drakconf" which does some probing and then gives the Control Panel GUI; results are the same, that is, nothing is saved after I close the console and log off/log back on.
Regarding Fishrink's comment, I get no message about changes being saved after logoff. The Control Center will not hold the changes even inside one session, i. e., I make changes to services as above and then clic to go to another tab in Control Center, say Security and it gives a messages that "changes in current session won't be saved" which is a little like wapping me in the face with a dead fish after what I have been doing
I am noticing that a service called "prelude" is not exiting properly and won't be killed on exiting; I am going to remove it from init.d. I think I installed when I was trying to make the modem work and was clicing on anything that said internet connect but am not sure. The only other way to stop services that I can see is to physically remove them from init.d or comment them out in init.d.
Stopping here for now; any further advice /comments welcomed
On this day, I am eating some humble pie and claiming to have solved the problems that started this thread:
quoting myself:
Here is where the problem begins: I clic on Control Center and am asked for my root password and am offered Control Center's screen. I have tried use the Firewall configuring tool in Security and there seems to be no way to save the changes and indeed they are not even saved for the present session even no matter what I do. There seems to be button or drop down item to clic on to save changes.
After days of playing with this, I must have finally clicked the correct sequence to get a system generated prompt that the service (Shorewall, the firewall, apparently) was not loaded and would I like to do so. I clicked OK and was prompted to put CDROM 1 in the bay which I did and bing bang boom. I now apparently have Shorewall as when I shutdown, I saw that it was shutting down and presumably will auto startup on next boot For other newbies reading this, let me reiterate that Mandrake Control Center was all set up in the KDE desktop showing a Security tab and everything as if the firewall option were available. This can lead you to assume that it was loaded. Make sure by the appropriate rpm command or going to install/uninstall software GUI interface and enter Shorewall in the search line to see if you are installed. Otherwise you wll look like me in this emoticon
Quoting me again in original thread start:
similar situation exists when I try to use the SysV-Admin configuration tool which has a real nice GUI showing all the services running on at run levels 0 through 6 with little "traffic signal" devices with a red or green showing if the service is running or stopped. Once again, I am asked for my root password in order to access this tool and I enter successfully. There is an interactive menu that lets you select a service for stopping or starting and at some time in the past, I have stopped one or two as I can see. But now, when I use the menu, it gives a pop-up informing me the KDEInit cannot open KWrite and what it amounts to is a refusal of permission.
Apparently, I completely missed studying the Menu line here ; there is an options or somesuch drop down that lets you check/uncheck toolbar or something and right there before one's eyes is a "save configuration" icon that looks like a floppy disk; if you clic it gives a little warning about starting/stopping services configuration changes possibly locking your system and then if one is bold, one just saves and it is real neat watching the run levels reset themselves. I was just editing runlevel 5 which is my normal log on run level and all changes that I made were saved.
I did get ahead of myself by failing to say that the changes are made by dragging and dropping the little stop/go traffic signals from the start to the stop window or vice versa. If you have things configured, there is a listing of available services on the far left from which you can presumably add services to run levels as desired. Caution advised, of course. This is fairly intuitive and again, I can't believe that I missed it, although the help manual referenced in the Help menu drop down "SysV-Init help" was not loaded on my system and what was in KDE was bare bones with no reference to dragging and dropping, etc.
I hope that I have made up for my "newbie-ness" in this followup post
Now I am going back to the Security Forum and continue trying to harden my system against attack while on the web; this was my original motivation in trying to use the tools discussed above.
Here I am again, replying to my own thread. After, confirming that my Shorewall had loaded automatically, I tried to venture out on the web. Mozilla would not find the google search engine and surfing was impossible. Also the Mozilla Messenger just looped as it tried to "resolve " the ISP mail connection. If I went to the Control Center and turned off the firewall entirely, then I was able to access google and mail seemed to "resolve" although I did not see my inbox contents which I know is there because I just looked at them in Outlook Express on my dual boot setup.
I did note that the procedure suggested by Micro420 is the method that I had to use to switch from firewall to "all ports available". So now I ask for help from this point. The firewall is either protecting me so much that I cannot access the web or it is totally down and no protection. Anybody want to coach me from here?
Pursuing security still is the goal and having spent more time in the Security forum and reading similar problems as above, I copied a basic "iptables" script named it rc.firewall with 755 permissions and placed it to /etc/rc.d/rc.firewall*
Next, i opened the file /etc/rc.d/rc.local in a text editorand added the text "/etc/rc.d/rc.firewall" (without quotes) on a new line at the end of the file and saved the file.
Then I went to MCC and set the firewall to "no firewall" settings. (so as not to conflict/overide what I was doing with the command. Remember, the GUI firewall is stuck at either "no firewall" or "no internet access as of now--I never resolved why this is so but read others complaining of the same
I also had made some changes to system startup services using the GUI SYSV-Init tool and so with all this done, I rebooted and lo and behold was able to go on the web and accessed one of the port testing services (Sygate), and it looks as if my efforts were rewarded with many ports "stealthed"--dropping probe packets and showing me with two open ports 6000 for X11 and 631 for CUPS.
Then I came back to Security Forum and learned to set add -nolisten tcp to the Xserver file so that port 6000 would not respond to probes. I rebooted and used "nmap -vv localhost" and sure enough, I was now only showing the CUPS port 631 as being of interest.
The only problem is now when I try to go out on the WWW, I am trapped inside my connection just like the situation when using the GUI firewall (still set to "no firewall" for this experiment)
as root, "drakconf" from the command line will give one the Control Center GUI and perhaps more control over saving changes. As to the original problem that drove me to control center (the Security tab and the Shorewall interface), let me say that what I did was remove shorewall from boot up but not from the system as it contains the iptables programs that can be accessed from the command line and which are necessary for any firewall to be possible.
Then I went to a HOWTO named Security Quick-Start HOWTO for Linux v.1.2, 2002-07-21 that accompanies the Shorewall/Iptables. I accessed these by going to the "install/remove programs" feature of "rpmdrake" at the command line or wherever at the GUI and searched for Shorewall and then allowed the rpmdrake to install it (about 2 MB) Make sure you get the documentation that goes with Shorewall.
It was in this HOWTO that I found an example of an IPTABLES script that I copied wholesale to a file named /etc/rc.d/rc.firewall. I executed "chmod 755 /etc/rc.d/rc.firewall" without quotes to make it executable. I tested it by entering "/etc/rc.d/rc.firewall" at the command line as root and then exited root. Going on the internet, I went to the Sygate port scan site and it showed all my ports blocked which is the way I wanted it for desktop websurfing. If you like the firewall, then you can add a line at the bottom of the /etc/rc.d/rc.local file "#/etc/rc.d/rc.firewall" without the quotes or the comment symbol #. This will automatically load the firewall at each boot-up. If you don't do this, you will have to remember to execute "/etc/rc.d/rc.firewall" each time you access the internet or be unprotected.
There are other #commented features available if one wishes to allow pings or access ftp routes and so on.
So all is well that ends well and I consider this thread closed
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Changes in Control Center not saved
and what it amounts to is a refusal of permission.
Any tips appreciated 
robertn
For other newbies reading this, let me reiterate that Mandrake Control Center was all set up in the KDE desktop showing a Security tab and everything as if the firewall option were available. This can lead you to assume that it was loaded. Make sure by the appropriate rpm command or going to install/uninstall software GUI interface and enter Shorewall in the search line to see if you are installed. Otherwise you wll look like me in this emoticon 
Continuing the adventure
