search for: securitylevel

Hey every one, Over the past week I have been exploring puppet and had been ignoring an oddity in its output that Luke helped me figure out today. It all started with trying to configure puppet to configure iptables using redhats utility system-config-securitylevel-tui on rhel4. I was able to get it up and running using the following configuration: node default{ firewall {rhel4: ports => [ "22:tcp", # ssh "8139:tcp", # puppetd ] }tables using redhats utility } define firewall($...

Hi, I'm using the generic system-config-securitylevel-tui program on a remote server to configure my firewall. So far it's been fairly decent, allowing me to open up ports and whatnot. But I want to start blocking a couple of outgoing ports on my machine. I want to lock it down so the only traffic going in our out of my machine is stuff tha...

Hello CentOS, I'm curious... there seems to be a couple of default firewall rules that I'm not familiar with in the CentOS 4.0 # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-...

Hi Ignacio, apology for my English... my name is George Ginis... what you mean running/accessible via firewall and system-config-securitylevel? in XP or CentOS? and what is this? the PuTTY I have in XP or in CentOS? thank for your answer... By default CentOS doesn't have ftp, telnet, nor rlogin services running/accessible via firewall. Use an ssh client such as PuTTY. And don't forget to use system-config-securitylevel to open...

I'm trying to NFS-mount a CentOS directory on my Fedora laptop, but I find I can only do this is I turn off the firewall on the CentOS server. If instead I go to system-config-securitylevel-tui on the server, and allow NFS4, this does not do the trick. Nor does allowing port 2049. What do I need to allow? [I should say that the CentOS server is remote, and difficult to access directly; that is why I used system-config-securitylevel-tui, rather than system-config-securitylevel .] -...

Hello I have set up NAT with iptables for an openvpn connection, so that the VPN server could give VPN clients access to the entire sub-net of the server. The probelm is if I start system-config-securitylevel to say disable the firewall, and then again to enable it, my iptable rules are gone ! I did run `service iptables save` before. Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ? Thank you, Ti...

Hi, I'm using the preconfigured firewall that comes with CentOS 5. I configure it with system-config-securitylevel-tui, close all ports except SSH, and then open only the ones I need. Right now, on one of my desktops, I've installed AMSN, which requires opening a series of ports. I've configured the app to use ports 7000 to 7010 (TCP and UDP). When running system-config-securitylevel-tui, the last...

Hi, When browsing the (excellent) deployment guide I found the following broken links: http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-basic-firewall-securitylevel-enable.html ('Next' link from http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-basic-firewall-securitylevel.html) http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s2-iptables-options-commands.html ('Next' link from http://www.centos.org/docs/5/html/5.2/Deployment_Gui...

...o my /etc/sysconfig/iptables file is pretty standard/straightforward. my question is: how is this config file initially generated? i'd like to re-create it, and add a couple of rules .... so i don't want to lose what's in there already. i see that my /etc/sysconfig/system-config-securitylevel has three entries, which explains how the port 80 and 22 rules get into the config: --enabled --port=22:tcp --port=80:tcp ... and i see the basic /etc/sysconfig/iptables-config file, but i'm unclear as to how the rest of the stuff gets in there: e.g.: # Firewall configuration writte...

So I use Samba on my home network. I open the samba ports in the GUI tool for CentOS 4. Here is the problem. Every time I reboot I'm forced to run system-config-securitylevel to get firewall ports open again. So like if I reboot samba won't work. I go into that tool either via command line or via the GUI and I simply click "ok" and samba is suddenly open. Does anyone know what is happening? I've tried iptables -save or whatever. Nothing seems to work...

In following up on the rsh "problem" I was having earlier, I decided to try out the suggestion Felipe sent about using system-config-securitylevel-tui to open up ports 513 and 514, but that doesn't seem to do the job, either. # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source...

...has resulted in yum geting repo information for packages with versions that only exist in the base repository of centos 5.2. The following snippet shows the beginning of yum update on a x86_64 server. It has noticed python-2.4.3-21.el5.x86_64, ltrace-0.5-7.45svn.el5.x86_64 and system-config-securitylevel-tui.x86_64 0:1.6.29.1-2.1.el5 which are a CentOs 5.2 package. On a workstation yum update resulted in upgrade of firefox from 1.5 to 3.0-0 beta5. Can I stop this from happening? Ideally I would like to stay on a particulare version of CentOS eg 5.2 until we can do a controlled upgrade. Mayb...

.../sysconfig/iptables are the lines: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT and there are not any deny lines above these. I think those lines were added when I ran system-config-securitylevel-tui. Those are the only lines that I can find that mention port 2049 or nfs. Those lines look to me like they are for accepting incoming connections only. Is that correct? What do I need to do so that I can do the nfs export out of this box? -- Doug Registered Linux User #285548 (http://counter....

[root at hwdltsaloli ~]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-...

Can someone point me to a step-by-step on samba w/FC4? Honestly, I'm only trying a basic share, no rocket science. I've already a samba server on RH9 with the same clients and users trying to access a share on FC4. Logs and testparm returns everything fine. Had SELINUX on and off. Cannot browse even home directories. Thanks, exasperated

Hello, When i did the basic CentOS install i selected incoming ssh, ftp, www, and smtp in the configuration dialog. Now my needs have changed and i'd like to add to those rules with samba, this box runs it, and bacula the client. I was wondering a howto on what to put, i know the ports i need, or a web configuration util? Thanks. Dave.

Hi, I'm planning to use CentOS 6.x on a handful of LAN servers. So far I've been using Slackware64 14.0 and 14.1 for the job. I wonder what's the orthodox/recommended way of configuring and iptables firewall with CentOS. I understand there's the system-config-securitylevel-tui NCurses interface which allows defining a basic set of rules. But what about the handful of more advanced rules I have to configure? Here's an example of an /etc/rc.d/rc.firewall script that I might use with Slackware. It contains mostly basic rules, and a couple of more advanced rules...

...sshd with pidfile /var/run/sshd.pid start program "/etc/init.d/sshd start" stop program "/etc/init.d/sshd stop" if failed port 22 protocol ssh then restart if 5 restarts within 5 cycles then timeout (I also enabled the 2812 port using CentOS's "system-config-securitylevel" command, which added the right IPtables entries, which I see okay on "iptables -L") -- Also on LinkedIn?? Feel free to connect if you too are an open networker: scubacuda at gmail.com

iptables -I INPUT -s 0.0.0.0/0 -p tcp --dport 5901 -j ACCEPT I'm going strictly off memoy here so you may need to man iptables. :) hadi motamedi <motamedi24 at gmail.com> wrote: >Dear All >To open a port , I know that I need to go to "System -> Administration -> >Security Level and Firewall" -> Other ports and then I can open port-5901 as >tcp

Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH Is this because of the way the RedHat tool sets up the firewall? Thanks for any responses. -- "The