LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-11-2002, 03:52 PM   #1
bluediver
LQ Newbie
 
Registered: Oct 2002
Posts: 3

Rep: Reputation: 0
msec4 and no more SSH access


hi,

On mandrake 8.2, i use iptables and msec.
if i set security to msec 3, my ssh connection (from lan) is ok.
if i set security to msec 4 my ssh is rejected ??

I refer to http://www.mandrakesecure.net/en/docs/msec.php
without understanding where is the mistake (from me).



the reference advice a level 4 for my server connecting internet.
it specifies "This level will allow connections to pre-determined servers via remote,":
but how to specify this host that will be allowed to access with SSH.

any help appreciate, I 'm a beginner in linux.

Level 4: High. This is the recommended security level for network server systems or systems permanently connected to the internet. This level will allow connections to pre-determined servers via remote, and all locally. By default, a number of services are disabled, so as an administrator you will need to enable them by hand. The security checks msec performs are more advanced as well, as indicated by the above tables.
 
Old 10-11-2002, 09:01 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
I don't have Mandy, and if I get the sparse docs floating around msec changes a shedload of things per level. Chances are the firewall rules in /etc/rc.d/rc.firewall change as well. Gotta find out where they're stored in level 3 and how to add 'em to work in level 4. Did you try adding firewall rules for ssh in level 4? Also there was something about ssh only being available to members of the "ntools" group in level 4.

Let's hope some Mandy user will provide more accurate info...
 
Old 10-12-2002, 02:52 AM   #3
bluediver
LQ Newbie
 
Registered: Oct 2002
Posts: 3

Original Poster
Rep: Reputation: 0
Found ! (after no many hours searching and testing)
like so often the solution is not where you search it ...

/etc/hosts.allow define "hosts allow" !
# allow localhost and from one admin host on my lan
ALL : 127.0.0.1
ALL : 10.39.10.110


man mseclib : redirecting to
vi /usr/share/doc/msec-0.19/security.txt
and syntax tutorial on :
http://www.userlocal.com/securinginetdetc.shtml

see you guys !
you know what? I'm happy.....
 
Old 10-12-2002, 02:57 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Uhuh, TCPWrappers was the other thing I thought of, stupid I didn't post it as well. Btw, you could tighten acces by substituting "ssh" for "ALL" to allow only access to that service.
 
Old 10-13-2002, 01:54 PM   #5
bluediver
LQ Newbie
 
Registered: Oct 2002
Posts: 3

Original Poster
Rep: Reputation: 0
you are right, i will restrict to services i publish only.

by the way I have a ppp0 connection with adsl, and I just give all the we (quite 8 hours) and i have a daughter (poor she is this we, with no daddy..)

re.firewall does not let me access the net from lan ???
idiot is the solution (just found at this time)
I had put $InetFace = eth0 (my network card connected to adsl modem)
but NO, the one used should be ppp0 for iptables, because it is the interface (ifconfig) created to go on the net, and not the network card !!!

hope it could help another poor daddy blocked behind his screen and not playing with kids (18 months for mine ...)

tchao
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I need to allow ssh access Lsteele Linux - Newbie 16 11-30-2005 12:10 AM
allow access to ssh with dynamic ip lumbrjackedpcj Linux - Security 1 01-09-2005 03:08 PM
Denying access to SSH but allow access to FTP nemesisza Linux - Security 5 03-14-2004 11:25 PM
Restricting SSH Access ErocM Linux - Security 4 02-20-2004 11:52 AM
Is Restricted SSH Access Possible? retep Linux - Security 2 09-28-2003 12:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration