redhat-config-securitylevel constantly on "high"...
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
redhat-config-securitylevel constantly on "high"...
good news everybody...
i know i'm new to this forum, so be assured i checked every possibility for duplicate threads.
my problem is quite similar to this thread:
LinuxQuestions.org > Forums > Linux - Security > Bypassing lokkit, gnome-lokkit and redhat-config-securitylevel on RedHat 8.0
i am running an yet unmodified/not updated redhat 8 (psyche).
though here the problem of the above given thread persists.
when i try to regulate the securitylevel of the machine, it accepts the changes
and quits. if i re-run the tool everything is back to the old defaults.
by checking this: bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72678
(since i'm a new member i can't post URLs...)
i found out that it is a common bug in gnome-lokkit.
though with my machine it causes more trouble, because i cannot change the settings at all.
that means, that everytime i restart xinetd (after making the security changes) the ethx interface refuses to start up.
even if i pass a static ip to the interface, it comes up but can't reach the outer perimeter of the network. within the same subnet i can ping. not so with a public address...
i disabled all iptables and everything that could have influence on the process.
you know there is two things that can happen to a racedriver:
either you run out of road or out of talent... :-)
i guess i'm running out of talent...
thanks for readin'
tom
----------------------
please sign here!
Last edited by tom_on_linux; 07-01-2004 at 01:05 PM.
@ppuru: thanks for the answer... though that didn't help...
i don't think this is an iptables problem, it persists even with iptables switched off.
more i think it has something to do with the redhat-config-securitylevel binary.
this thing just doesn't work right i guess...
can anyone tell me which files this script modifies and/or it has a *.conf file (i didn't find one...)?
the interface still wouldn't come up at boottime.
this is a result of the "securitylevel = high" setting, which i can also see (but not change!) in the GUI version of
redhat-config-securitylevel.
besides the mentioned bug it somehow does not affect ANY settings i make and remains in
the state of high-protection.
thus the eth0 interface is not a trusted device and may not be started. neither at boottime nor
afterwards. this kinda sucks...
[there's a catch though concerning DHCP:
if i assign the int eth0 an ip manually and bring it up, i can ping the inner network, not the public address room ==> "network is unreachable..."]
how does the system define itself as highly protected?
i mean there must be some location that is constantly altered by the default settings from
redhat-config-securitylevel / gnome-lokkit...
yeah, i tried that before... with no accepptable result.
i mean, i can get a dhcp address with/without iptables enabled.
somehow the int gets its ip and i can ping the router but not across it.
(yeah, i checked all configs on the router, other clients also on linux pass through correctly...)
metric and bcast are set correctly.
at boottime the int fails with the error: LINK FAIL, check media...
of course the cable is attached, a knoppix boot works just fine... (can browse inet and so forth)
iptables is disabled at boottime and also afterwards (makes no difference if ena/disa).
this problem is a little quaint, cause i even tried a fresh install and also updated the packages
lokkit and redhat-config-securitylevel.
what i cannot identify is the trusted state of eth0...
where can i check the settings if a device is trusted or not?
i figure that this might be the bottom line...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.