Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-16-2003, 12:01 AM
|
#1
|
Senior Member
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,852
|
Cannot disable firewall
I have a system that was recently setup with Red Hat 8. The user needs to connect to several UNIX systems (all non-Linux) and start up X clients to display on the RH8 system. The trouble I'm running into is that the RH8 system has the firewall setting at the highest security level which blocks remote X client access. ``No problem'', I say, ``We'll just disable the firewall and you can open the windows to the remote systems.'' (The RH8 system is inside a firewall already and there is no need to establish yet another firewall on this host.) Sounds simple enough. But Red Hat refuses to change the firewall security level. When I log in as root, go int o the ``System Settings -> Security Level'', and change the setting to `no firewall' and exit, no change is actually made. Reentering the security level dialog shows that it's still set to `High'. Going through this sequence just prior to a reboot results in the same end result.
(I've noticed that this is happening at home as well but has gone unnoticed as I don't have any other hosts on the home LAN running X applications.)
Anyone got any ideas as to what's preventing this change from being made?
TIA,
Rick
|
|
|
03-16-2003, 12:05 AM
|
#2
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
It is probably just showing high but not actually set at high.
However you can do this
chkconfig iptables off
chkconfig ipchains off
|
|
|
03-16-2003, 12:50 AM
|
#3
|
Senior Member
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,852
Original Poster
|
Quote:
Originally posted by DavidPhillips
It is probably just showing high but not actually set at high.
However you can do this
chkconfig iptables off
chkconfig ipchains off
|
I know that ipchains wasn't selected during installation. The iptables startup was disabled using `chkconfig --level 12345 iptables off' but I will definitely verify this -- to be absloutely sure -- on the other user's system on Monday. (Luckily, the user is out of the office on Monday so I am free to do whatever it takes to get this puppy working properly. Provided no other fires erupt, that is. :-) )
Later...
Rick
|
|
|
03-18-2003, 08:52 PM
|
#4
|
Senior Member
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,852
Original Poster
|
Checked the service configuration and iptables was shut off across the board but still had some problems. Decided on a reinstallation -- which I normally hate to resort to but which solved the problem of a somewhat undersized /usr partition as well -- and the problem hasn't recurred. I basically did a full, select-everything installation this time instead of tailoring the installation to only the essentials for what the user is doing. Wasted some space but she's much happier now that X clients are working.
|
|
|
03-18-2003, 08:53 PM
|
#5
|
Senior Member
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503
Rep:
|
Doh' did you check /etc/hosts.allow and /etc/hosts.deny? I hate to see somebody reinstall.
|
|
|
03-18-2003, 10:43 PM
|
#6
|
Senior Member
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,852
Original Poster
|
Quote:
Originally posted by Crashed_Again
Doh' did you check /etc/hosts.allow and /etc/hosts.deny?
|
Those shouldn't come into play for X clients. I don't have anything in those files but I have a bunch of system that I manage via X connections and all I use is xhost to enable access. And we had done ``xhost +'' to let any xclients connect and sometimes it would work but eventually it'd crap out. It was the weirdest darned thing I'd seen in a while.
Quote:
I hate to see somebody reinstall.
|
Believe me, not any more than the guy whose just done it. :-) Luckily, this was a freshly installed system (replaced an aging and unsupported Sparcstation) and no user data was on the system; it's waiting to be untarred off the LAN. So it wasn't disruptive to anyone but me -- the user had taken St. Patrick's Day off -- and I was only inconvenienced to the extent that I had to pop in from time to time to see if it was time to swap CDs.
|
|
|
03-19-2003, 08:55 PM
|
#7
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
I know what you mean, I hate to even reboot mine. It's several kernels behind now though and the day must come.
|
|
|
All times are GMT -5. The time now is 04:30 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|