Quote:
Originally Posted by unSpawn
Log in where? How? (Note root should not be allowed to log in over any networks.)
|
I don't use root to login, i use only its permissions with "su" command to set iptables after login with "user uid 1000" and for upgrading system with "slackpkg" command.
Quote:
Originally Posted by unSpawn
Show us "evidence" of that? (Preferably using "-j LOG" rules to show its a NetFilter problem.)
|
iptables -nvL
pkts bytes target prot opt in out source destination
3461 623K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 1000
2 136 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0 limit: avg 1/min burst 2 LOG flags 8 level 5 prefix "OUT uid=0 log -> "
5118 305K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 0
8 404 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 2 LOG flags 8 level 5 prefix "OUT uid blocked -> "
710 37299 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
I have posted only the table "OUT_UID"
some logs there:
dmesg | grep "OUT uid=0 log"
[ 3667.797536] OUT uid=0 log -> IN= OUT=eth1 SRC=MY_IP DST=MY_ROUTER_IP LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=39075 DF PROTO=UDP SPT=53121 DPT=53 LEN=48 UID=0 GID=0
[ 3667.860791] OUT uid=0 log -> IN= OUT=eth1 SRC=MY_IP DST=MY_ROUTER_IP LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=39076 DF PROTO=UDP SPT=48624 DPT=53 LEN=48 UID=0 GID=0
.....
[ 5895.957592] OUT uid=0 log -> IN= OUT=eth1 SRC=MY_IP DST=193.206.140.37 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=50821 DF PROTO=TCP SPT=49357 DPT=80 WINDOW=1973 RES=0x00 ACK URGP=0 UID=0 GID=0
[ 5896.959192] OUT uid=0 log -> IN= OUT=eth1 SRC=MY_IP DST=193.206.140.37 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=51229 DF PROTO=TCP SPT=49357 DPT=80 WINDOW=3816 RES=0x00 ACK URGP=0 UID=0 GID=0
this packets are logged when i used "slackpkg update" command after obtaining root permissions with "su" command.
this packets show UID and GID extactly like i expected
dmesg | grep "OUT uid blocked"
[ 3332.552057] OUT uid blocked -> IN= OUT=eth1 SRC=MY_IP DST=93.184.220.29 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=24803 DF PROTO=TCP SPT=49615 DPT=80 WINDOW=115 RES=0x00 ACK URGP=0
[ 3392.532610] OUT uid blocked -> IN= OUT=eth1 SRC=MY_IP DST=149.3.177.58 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46183 DF PROTO=TCP SPT=60642 DPT=443 WINDOW=204 RES=0x00 ACK URGP=0
this packets doesn't show UID and GID and are blocked by the DROP rule above.
So my question is why they doesn't have UID?
Quote:
Originally Posted by unSpawn
If they don't then they are logged by some other rule?
|
as shown above packets logged by rule with --log-prefix="OUT uid blocked -> " option
Quote:
Originally Posted by unSpawn
What happens? Logging in as root? (Note root should not be allowed to use desktop applications, use an unprivileged user account.) Dropped packets? Could it be you're misunderstanding "-m owner"? A lot of daemons will happily drop privileges and run as lesser or unprivileged users but some just can't so "--uid-owner 0" will be affecting all of them...
|
I never login with root only used its permission with su command in a bash shell.
Sorry bad english and unclear previous message.
Thanks for help!