MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I just installed Mandrake 9.2 on a PIII-450 system. This is my
first linux install, but I am a developer, so I know some things
about Unix (albeit more from a user not an admin perspective).
First of all, I am setting this machine up to be a web server,
to host some sites I have under development.
The install went fine. I did pick some non-default things, since
I am a customize freak. I made sure to install Apache2, and
set Apache service up to run at start-up. Perhaps this was
premature, since I do not have any web app configured to
run under it...
Anyway, the system will not boot up in "linux-secure", which
is the lilo default. The console startup goes to a black blank
screen right after xinetd loads/configures... the X window
environment does not appear. I have to CTRL-ALT-DEL to
reboot to get out of this state.
When I choose "linux" in lilo, the system boots to the X desktop
and everything seems fine.
I guess my first question is what is the difference between
"linux-secure" and "linux" options? Then, of course, does
anyone know why I can the Black screen with linux-secure?
So, all you did was reinstall with the internet firewall package
included, and linux-secure booted OK? Or did you just remove
X windows from the installation to make it work... that's probably
all I need is cmd line - I can telnet or ssh to this box from my pc
to start and stop Apache and Tomcat, etc...
I installed the secured version with firewall, yes.
If you can ssh the box, do as I did : edit your /etc/inittab file and change the default from 5 to 3 to start without X11. If you run it as a server, you wont need X11. I would be interested by some explanations on the "X11 with linux-secure" problem, i've not investigated much to be honest.
The reason it does this is something to do with GRSecurity.. (www.grsecurity.net) . I found this out by running startx and then looking in the log files.. (/var/log/messages) which said Kernel PaX had terminated this process.. A short search of google with the words XFree and PaX quickly turned up the culprit.
From what I've read this program is a hacker prevention tool.. If a hacker gains access to your system as root, they still dont have complete access to your system.. The way I see it you need to configure your server in Xfree in linux (not linux-secure) mode.. and then reboot into linux secure mode. This will stop hackers tampering with your now locked down server.. only catch is that now you can't run X.. which for me at least is kind of frustrating since I use my server as a desktop occasionally too..
dont have a solution for this one yet?? can anyone post a simple fix for this?? (ie, run linux secure mode, run xfree and still have it be secure)??
You dont need to ssh into your server to change from 5 to 3.. just hit Ctrl-Alt-F1 and you'll switch to the command prompt .. log in and you'll be at a terminal (remember that you cant login as root if you have a high security level) .. then after you've logged in as a user with SU priviliges switch to root by typing 'su -l' type in root passwd and voilla! you're now root...
I just followed the steps recommended by anubus21.
First, I could not execute the chpax command while running X.
It gave me an error like "text file in use". So I rebooted into
'failsafe' mode and then executed ./chpax -p /usr/X11R6/bin/XFree86
as root. It gave no error. Then I rebooted and chose
linux-secure. I again came to the blank screen, but was
prompted to login (in text mode) once I hit a key. I can log in,
but I was expecting X to boot as it does when just running the
linux boot option. Is this the expected behavior? I cannot SSH
to the box and if I type 'startx', it goes back to the blank screen
Has anyone else gotten this to work?
I tried this again tonight, and it does work! I boot into
failsafe, login as root, run the chpax command, then exit. When
I exit, the X environment loads and runs. I checked the
configuration tool and saw that I was indeed at "Higher"
security level (just below paranoid). However, the effects
of chpax are only good for that one login session. When I
logout and reboot into linux-secure, I am faced with the
blank screen again.
Hmmm... When I used HP-UX at work a few years back, I
could modify a .login file to perform certain actions upon
login. There must be a system start-up file that the chpax
command can be placed into that will run when linux-secure
I will go digging for info on this (I am sure it is simple to do,
once you know where to do it). If anyone else knows a solution,
please post! Thanks - we are almost there!
If you go to update your packages (in the mandrake updater) I noticed that it resets the permissions on XFree so you cant get into it again.. you just need to run the chpax -ps command again on XFree86 to fix it..
Thanks... So, is there any other site besides www.grsecurity.net
that I should look at? So far this higher level of security has just been
a pain to deal with. I had to play with /etc/hosts etc., to allow an
incoming SSH connection to my linux server. Now I have installed
Java, but the secure settings evidently don't allow Java to run!
If I invoke java -version, all I get is "Killed" in response. When
I boot up in standard linux (lower security), it works fine...