slackware 10.0 og ipkungfu

[Scrim]

Jeg har lagt inn slackware 10.0 og kjører ipkungfu som er et firewall script til iptables. Jeg har konfigurert det, og alt skal stemme. Problemet er at jeg starter ipkungfu, og ifølge ipkungfu -c så er den loadet. Problemet er at jeg ikke ser ipkungfu når jeg tar ps x, hverken som vanlig eller som su. Jeg mener bestemt at jeg fikk opp ipkungfu når jeg brukte mandrake, men det kan godt hende at jeg husker feil. Det kan være at ikke alt stemmer i ipkungfu confen min, jeg kan poste den:

 

# Please read the README and FAQ for more information

 

# Some distros (most notably Redhat) don't have

# everything we need in $PATH so we specify it here.

# Make sure modprobe, iptables, and route are here,

# as well as ordinary items such as echo and grep.

# Default is as shown in the example below.

#PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin

 

# Your external interface

# This is the one that connects to the internet.

# Ipkungfu will detect this if you don't specify.

EXT_NET="eth0"

#EXT_NET="eth1"

#EXT_NET="ppp0"

 

# Your internal interfaces, if any. If you have more

# than 1 internal interface, separate them with

# spaces. If you only have one interface, put "lo"

# here. Default is auto-detected.

#INT_NET="eth0"

#INT_NET="eth1"

#INT_NET="lo"

 

# IP Range of your internal network. Use "127.0.0.1"

# for a standalone machine. Default is a reasonable

# guess.

LOCAL_NET="********/255.255.255.***"

 

# Set this to 0 for a standalone machine, or 1 for

# a gateway device to share an Internet connection.

# Default is 1.

GATEWAY=0

 

# TCP ports you want to allow for incoming traffic

# Don't add ports here that you intend to forward.

# This should be a list of tcp ports that have

# servers listening on them on THIS machine,

# separated by spaces. Default is none.

ALLOWED_TCP_IN="21 22"

 

# UDP ports to allow for incoming traffic

# See the comments above for ALLOWED_TCP_IN

 

# Temporarily block future connection attempts from an

# IP that hits these ports (If module is present)

FORBIDDEN_PORTS="135 137 139"

 

# Drop all ping packets?

# Set to 1 for yes, 0 for no. Default is no.

#BLOCK_PINGS=0

 

# Possible values here are "DROP", "REJECT", or "MIRROR"

#

# "DROP" means your computer will not respond at all. "Stealth mode"

#

# "REJECT" means your computer will respond with a

# message that the packet was rejected.

#

# "MIRROR", if your kernel supports it, will swap the source and

# destination IP addresses, and send the offending packet back

# where it came from. USE WITH EXTREME CAUTION! Only use this if you fully

# understand the consequences.

#

# The safest option, and the default in each case,, is "DROP". Don't change

# unless you fully understand this.

 

 

# What to do with 'probably malicious' packets

#SUSPECT="REJECT"

SUSPECT="DROP"

 

 

# What to do with obviously invalid traffic

# This is also the action for FORBIDDEN_PORTS

#KNOWN_BAD="REJECT"

KNOWN_BAD="DROP"

 

# What to do with port scans

#PORT_SCAN="REJECT"

 

# How should ipkungfu determine your IP address? The default

# answer, "NONE", will cause ipkungfu to not use the few

# features that require it to know your external IP address.

# This option is good for dialup users who run ipkungfu on

# bootup, since dialup users rarely use the features that

# require this, and the IP address for a dialup connection

# generally isn't known at bootup. "AUTO" will cause

# ipkungfu to automatically determine the IP address of

# $EXT_NET when it is started. If you have a static IP

# address you can simply enter your IP address here.

# If you do port forwarding and your ISP changes your IP

# address, choose NONE here, or your port forwarding

# will break when your IP address changes. Default is

# "NONE".

#GET_IP="NONE"

#GET_IP="AUTO"

GET_IP="*******"

 

# If the target for identd (113/tcp) is DROP, it can take

# a long time to connect to some IRC servers. Set this to

# 1 to speed up these connections with a negligible cost

# to security. Identd probes will be rejected with the

# 'reject-with-tcp-reset' option to close the connection

# gracefully. If you want to actually allow ident probes,

# and you're running an identd, and you've allowed port

# 113 in ALLOWED_TCP_IN, set this to 0. Default is 0.

#DONT_DROP_IDENTD=0

# Set this to 0 if you're running ipkungfu on a machine

# inside your LAN. This will cause private IP addresses

# coming in on $EXT_NET to be identified as a spoof,

# which would be inaccurate on intra-LAN traffic

# This will cause private IP addresses coming in on

# $EXT_NET to be identified as a spoof. Default is 1.

#DISALLOW_PRIVATE=1

 

# For reasons unknown to me, ipkungfu sometimes causes

# kernel panics when run at init time. This is my

# attempt to work around that. Ipkungfu will wait

# the specified number of seconds before starting, to

# let userspace/kernel traffic catch up before executing.

# Default is 0.

WAIT_SECONDS=5

 

# This option, if enabled, will cause ipkungfu to set

# the default policy on all builtin chains in the filter

# table to ACCEPT in the event of a failure. This is

# intended for remote administrators who may be locked

# out of the firewall if ipkungfu fails. A warning to

# this effect will be echoed so that the situation can be

# rectified quickly. This is the same as running

# ipkungfu with --failsafe. Default is 0.

#FAILSAFE=0

 

Så hvis noen vet hva som kan være feil, så gi meg tilbakemelding, liker ikke tanken på at kanskje ikke ipkungfu kjører allikevel, selvom ikungfu -c gir meg det inntrykket at den kjører i og med at det står ipkungfu is loaded, ikke vet jeg.

[Bøb]

Hvis det har noe med iptables å gjøre så kan du da alltids sjekke om det er oppe via iptables -L.

[Cronius]

GNU/Linux behøver ikke et eget program til å fungere som brannvegg, den har brannvegg bygget rett inn i kjernen og bruker iptables til å konfigurere denne (ikke skyt meg for feil terminilogi nå )

 

Du kan bruke en av de mange gratis tjeneste på nettet for å sjekke om brannveggen på pcen din funker som den skal, som f.eks. Sheilds Up. Alle "standard" *nix brannvegg-instillinger bør få perfekt på slike tester.

[Scrim]

Jeg fikk failed på denne:

 

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.

 

Hvordan stenger jeg det?

[Bøb]

# TCP ports you want to allow for incoming traffic

# Don't add ports here that you intend to forward.

# This should be a list of tcp ports that have

# servers listening on them on THIS machine,

# separated by spaces. Default is none.

ALLOWED_TCP_IN="21 22"

 

Det er nok dette den reagerer på. Ettersom du har disse portene åpne vil portscanner'n til Shields Up klare å lage en connection til de, og stryker deg pga det. Ikke det at det er så veldig mye å bekymre seg over - bare forsikre deg om at ftp-server'n er sikker (ie, ingen anonyme logins eller eldgamle versjoner - Slackware 10.0.0 bruker ProFTPd, så det er nok lettere sagt enn gjort takket være den ubegripelige dokumentasjonen), mens ssh bør kun tillate protokoll 2 og ikke tillate root logins (login som vanlig bruker først, og bruk "su -". Alt dette kan ordnes i /etc/ssh/sshd.conf)

[Scrim]

Ok, nå får jeg: PASSED:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

 

Vil det si at min firewall fungerer som den skal og holder alle ute?

[Bøb]

Vel, alle portene den scannet var stealthed iallefall