Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.


  Search this Thread
Old 09-21-2004, 12:27 PM   #1
LQ Newbie
Registered: Sep 2004
Posts: 2

Rep: Reputation: 0
SSH and msec level 4 - MDK 10.0

man mseclib

Authorize all services controlled by tcp_wrappers (see
hosts.deny(5)) if arg = ALL. Only local ones if arg = LOCAL and
none if arg = NONE. To authorize the services you need, use
/etc/hosts.allow (see hosts.allow(5)).

hehe finally found it... took forever. was mad cause msec kept killing my hosts.allow. sshd needs to be a listsed service in hosts.allow

root@widmer msec]# cat /etc/hosts.allow
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.

[root@widmer msec]# cat /etc/security/msec/level.local
allow_root_login (no)
authorize_services (ALL)

Now msec will not overwrite /etc/hosts.allow

-gabe w
screw the caps!

Last edited by gabedude; 09-21-2004 at 12:31 PM.
Old 09-13-2005, 09:18 AM   #2
LQ Newbie
Registered: Apr 2003
Location: Belgium
Distribution: Mandrake 10.0
Posts: 17

Rep: Reputation: 0
Hi there!

Thank you so much for this info. At last I was able to ssh again to my machine with msec at 4.

I'm using Mdk 10.0 and I still have another issue I like to see resolved.
I want to stay at level 4 (server), but also want to be able to su to root from any user.
Right now I get the message: Incorrect password. And I'm sure the pass is correct, since I can login as root from the login menu.

This is my level.4 file:

accept_bogus_error_responses no
accept_broadcasted_icmp_echo no
accept_icmp_echo no
allow_autologin no
allow_issues LOCAL
allow_reboot no
allow_remote_root_login without_password
allow_root_login yes
allow_user_list no
allow_x_connections NONE
allow_xserver_to_listen no
authorize_services LOCAL
enable_at_crontab no
enable_console_log yes
enable_dns_spoofing_protection yes
enable_ip_spoofing_protection yes
enable_log_strange_packets yes
enable_msec_cron yes
enable_pam_wheel_for_su yes
enable_password yes
enable_promisc_check yes
enable_security_check yes
enable_sulogin yes
password_aging 60 30
password_history 0
password_length 6 1 1
set_root_umask 022
set_secure_level 4
set_security_conf CHECK_OPEN_PORT yes
set_security_conf CHECK_PASSWD yes
set_security_conf CHECK_PERMS yes
set_security_conf CHECK_PROMISC yes
set_security_conf CHECK_SECURITY yes
set_security_conf CHECK_SGID yes
set_security_conf CHECK_SHADOW yes
set_security_conf CHECK_SUID_MD5 yes
set_security_conf CHECK_SUID_ROOT yes
set_security_conf CHECK_UNOWNED yes
set_security_conf CHECK_WRITABLE yes
set_security_conf CHKROOTKIT_CHECK yes
set_security_conf MAIL_EMPTY_CONTENT yes
set_security_conf MAIL_WARN yes
set_security_conf RPM_CHECK yes
set_security_conf SYSLOG_WARN yes
set_security_conf TTY_WARN yes
set_shell_history_size 10
set_shell_timeout 3600
set_user_umask 077

And this is my level.local file:

enable_pam_wheel_for_su (yes)
allow_root_login (yes)
enable_at_crontab (yes)

Oh yeah, when I use tcsh, no command is recognized anymore. Using bash, everything works ....

Any help to get su working agin is very much appreciated!!!

Josh (noob)


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
2 MDk PC network- ping OK - ssh not Trio3b Linux - Networking 2 10-23-2005 10:26 PM
MDK 9.2 Ndiswrapper + Kernel level. camorri Linux - Laptop and Netbook 1 03-27-2005 06:04 PM
Security level and SSH maxo Linux - Security 1 12-17-2004 06:05 PM
Can't ssh to MDK 10 w/ Security at higher? jonin Mandriva 8 10-05-2004 07:04 AM
msec in MDK 10 makes me lose permissions mid-session johngcarlsson Mandriva 2 07-19-2004 08:00 PM > Forums > Linux Forums > Linux - Distributions > Mandriva

All times are GMT -5. The time now is 12:56 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration