how to enable iptables from CLI - Security

This is a discussion on how to enable iptables from CLI - Security ; On Wed, 12 Apr 2006 03:01:25 -0700, linuxadmin wrote: >[...] > > I apologise for not being correct. The library is > ld-linux.so.2.. > > Thanks > Danish I'll go back to your last untrimmed post to reply, now....

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 33 of 33

Thread: how to enable iptables from CLI

  1. Re: how to enable iptables from CLI

    On Wed, 12 Apr 2006 03:01:25 -0700, linuxadmin wrote:

    >[...]
    >
    > I apologise for not being correct. The library is
    > ld-linux.so.2..
    >
    > Thanks
    > Danish


    I'll go back to your last untrimmed post to reply, now.

  2. Re: how to enable iptables from CLI

    On Tue, 11 Apr 2006 23:44:27 -0700, linuxadmin wrote:

    > Newsbox wrote:
    >> On Mon, 10 Apr 2006 12:18:00 -0400, Newsbox wrote:
    >>
    >> Just a note about the "punctuation marks". Different font faces render
    >> differently, and some things that look alike or almost alike might be
    >> insignificant in normal narrative text, but can be important to the "bash"
    >> shell interpreter. I _think_ IIRC, the single quotes in the line below
    >> might be either or both of two different characters:
    >>
    >> ` is the lc key to the left of "1" along the top of the keyboard
    >>
    >> ' is the lc key right of the ";"
    >>
    >> I don't want to mess around too much right now to be sure. But if you
    >> have trouble with it post back and I'm sure someone will help. ...Could
    >> be a real bump in the road for anyone who wasn't aware. (OTOH, I might be
    >> all wrong about this.)
    >>
    >> >
    >> > kill -SIGNAL 'cat /var/run/syslogd.pid'
    >> >
    >> > -- except with "-SIGNAL" replaced with "SIGHUP"
    >> >

    >
    > You know what, thank you for helping me out so much. Becasue had it not
    > been you I would never have found out this error.....
    >
    > .....Starting system logger: syslogd: error while loading shared
    > libraries: /lib/ld-linux.so.2: cannot apply additional memory
    > protection after relocation: Permission denied........
    >
    > This happened when I noticed that no new log messages were coming into
    > /var/log/messages.


    > So I did /etc/init.d/syslog restart..


    You need to follow the instructions in the man page for syslogd:

    $ man syslogd

    Look in the part titled "SIGNALS". This is the command to be run as root:

    # kill -SIGHUP `cat /var/run/syslogd.pid`

    Please note that syslogd is different than syslog:

    # which syslogd
    /sbin/syslogd
    # file /sbin/syslogd
    /sbin/syslogd: ELF 32-bit LSB shared object, Intel 80386, version 1
    (SYSV), for GNU/Linux 2.2.5, stripped
    # file /etc/init.d/syslog
    /etc/init.d/syslog: Bourne-Again shell script text executable

    > but then I got
    > the above error....but still the kernel logger starts..
    >
    > # /etc/init.d/syslog restart
    > Shutting down kernel logger: [ OK ]
    > Shutting down system logger: [FAILED]
    > Starting system logger: syslogd: error while loading shared libraries:
    > /lib/ld-linux.so.2: cannot apply additional memory protection after
    > relocation: Permission denied [FAILED]
    > Starting kernel logger: [ OK ]
    > ..........
    >
    > Below is the original /etc/syslog.cof file on my home system which has
    > the problem..
    >
    > # Log anything (except mail) of level info or higher.
    > # Don't log private authentication messages!
    > *.info;mail.none;authpriv.none;cron.none /var/log/messages
    >
    > # The authpriv file has restricted access.
    > authpriv.* /var/log/secure
    >
    > # Log all the mail messages in one place.
    > mail.* - /var/log/maillog
    >
    >
    > # Log cron stuff
    > cron.* /var/log/cron
    >
    > # Everybody gets emergency messages
    > *.emerg *
    >
    > # Save news errors of level crit and higher in a special file.
    > uucp,news.crit /var/log/spooler
    >
    > # Save boot messages also to boot.log
    > local7.* /var/log/boot.log
    >


    This file looks alright.

    >
    > Thanks
    > Danish


    Let us know if this works for you.

  3. Re: how to enable iptables from CLI

    Newsbox wrote:
    > On Tue, 11 Apr 2006 23:44:27 -0700, linuxadmin wrote:
    >
    > > Newsbox wrote:
    > >> On Mon, 10 Apr 2006 12:18:00 -0400, Newsbox wrote:
    > >>
    > >> Just a note about the "punctuation marks". Different font faces render
    > >> differently, and some things that look alike or almost alike might be
    > >> insignificant in normal narrative text, but can be important to the "bash"
    > >> shell interpreter. I _think_ IIRC, the single quotes in the line below
    > >> might be either or both of two different characters:
    > >>
    > >> ` is the lc key to the left of "1" along the top of the keyboard
    > >>
    > >> ' is the lc key right of the ";"
    > >>
    > >> I don't want to mess around too much right now to be sure. But if you
    > >> have trouble with it post back and I'm sure someone will help. ...Could
    > >> be a real bump in the road for anyone who wasn't aware. (OTOH, I might be
    > >> all wrong about this.)
    > >>
    > >> >
    > >> > kill -SIGNAL 'cat /var/run/syslogd.pid'
    > >> >
    > >> > -- except with "-SIGNAL" replaced with "SIGHUP"
    > >> >

    > >
    > > You know what, thank you for helping me out so much. Becasue had it not
    > > been you I would never have found out this error.....
    > >
    > > .....Starting system logger: syslogd: error while loading shared
    > > libraries: /lib/ld-linux.so.2: cannot apply additional memory
    > > protection after relocation: Permission denied........
    > >
    > > This happened when I noticed that no new log messages were coming into
    > > /var/log/messages.

    >
    > > So I did /etc/init.d/syslog restart..

    >
    > You need to follow the instructions in the man page for syslogd:
    >
    > $ man syslogd
    >
    > Look in the part titled "SIGNALS". This is the command to be run as root:
    >
    > # kill -SIGHUP `cat /var/run/syslogd.pid`
    >
    > Please note that syslogd is different than syslog:
    >
    > # which syslogd
    > /sbin/syslogd
    > # file /sbin/syslogd
    > /sbin/syslogd: ELF 32-bit LSB shared object, Intel 80386, version 1
    > (SYSV), for GNU/Linux 2.2.5, stripped
    > # file /etc/init.d/syslog
    > /etc/init.d/syslog: Bourne-Again shell script text executable
    >
    > > but then I got
    > > the above error....but still the kernel logger starts..
    > >
    > > # /etc/init.d/syslog restart
    > > Shutting down kernel logger: [ OK ]
    > > Shutting down system logger: [FAILED]
    > > Starting system logger: syslogd: error while loading shared libraries:
    > > /lib/ld-linux.so.2: cannot apply additional memory protection after
    > > relocation: Permission denied [FAILED]
    > > Starting kernel logger: [ OK ]
    > > ..........
    > >
    > > Below is the original /etc/syslog.cof file on my home system which has
    > > the problem..
    > >
    > > # Log anything (except mail) of level info or higher.
    > > # Don't log private authentication messages!
    > > *.info;mail.none;authpriv.none;cron.none /var/log/messages
    > >
    > > # The authpriv file has restricted access.
    > > authpriv.* /var/log/secure
    > >
    > > # Log all the mail messages in one place.
    > > mail.* - /var/log/maillog
    > >
    > >
    > > # Log cron stuff
    > > cron.* /var/log/cron
    > >
    > > # Everybody gets emergency messages
    > > *.emerg *
    > >
    > > # Save news errors of level crit and higher in a special file.
    > > uucp,news.crit /var/log/spooler
    > >
    > > # Save boot messages also to boot.log
    > > local7.* /var/log/boot.log
    > >

    >
    > This file looks alright.
    >
    > >
    > > Thanks
    > > Danish

    >
    > Let us know if this works for you.


    Hi,
    I apologise for writing in so late. My Linux box was not working.

    I looked into man syslogd but nowhere is it mentioned that do this
    incase you do not find the /lib/ld-linux.so.2. Doing a kill would only
    work if the syslod is running i think.

    thanks
    Danish


  4. Re: how to enable iptables from CLI

    On Thu, 13 Apr 2006 21:59:10 -0700, linuxadmin wrote:


    >> Let us know if this works for you.

    >
    > Hi,
    > I apologise for writing in so late. My Linux box was not working.
    >
    > I looked into man syslogd but nowhere is it mentioned that do this
    > "? you do not find the /lib/ld-linux.so.2. Doing a kill would only
    > work if the syslod is running i think.
    >
    > thanks
    > Danish


    Hi Danish,
    I am not abandoning you. But this thread is simply so old that new
    messages are not showing up in my newsreader anymore unless I really go
    and look for them. I just did that and found your message. I have no
    problem trying to help you. But it seems that NNTP might not be the best
    method. See the sig for my address and e-mail me, so that I have your
    e-mail address at which to reach you.

    Why was your Linux box not working? Please tell details.

    One step at a time, and I am now one step ahead of what I can actually
    answer.

    You may have crashed something. There are ways to find that out, what has
    crashed, and how to fix it from CLI. Until you know those things, the
    fastest way is to restart your system. Nothing is valid while something
    is crashed.

    You are hung up on the /lib/ld-linux.so.2. Actually, the fastest help is
    on IRC. But not to change the subject, e-mail me. Then I will ask the
    questions that are needed to know how to resolve your issues.

    No guarantees. No charge. Take it it leave it.

    What is "incase"? Please remember that exact lettering is important to
    computers, and is also important to me. Everything needs to be exactly
    letter-perfect. Typos are OK for secretaries, but not alright for system
    administrators. That is what you said that you wanted to be, is it not?

    Let me know.

    --
    colloquy_no_9 {at-sign} spam-mailingaddress.org
    eliminate the spam-

  5. Re: how to enable iptables from CLI


    Newsbox wrote:
    > On Thu, 13 Apr 2006 21:59:10 -0700, linuxadmin wrote:
    >
    >
    > >> Let us know if this works for you.

    > >
    > > Hi,
    > > I apologise for writing in so late. My Linux box was not working.
    > >
    > > I looked into man syslogd but nowhere is it mentioned that do this
    > > "? you do not find the /lib/ld-linux.so.2. Doing a kill would only
    > > work if the syslod is running i think.
    > >
    > > thanks
    > > Danish

    >
    > Hi Danish,
    > I am not abandoning you. But this thread is simply so old that new
    > messages are not showing up in my newsreader anymore unless I really go
    > and look for them. I just did that and found your message. I have no
    > problem trying to help you. But it seems that NNTP might not be the best
    > method. See the sig for my address and e-mail me, so that I have your
    > e-mail address at which to reach you.
    >
    > Why was your Linux box not working? Please tell details.
    >
    > One step at a time, and I am now one step ahead of what I can actually
    > answer.
    >
    > You may have crashed something. There are ways to find that out, what has
    > crashed, and how to fix it from CLI. Until you know those things, the
    > fastest way is to restart your system. Nothing is valid while something
    > is crashed.
    >
    > You are hung up on the /lib/ld-linux.so.2. Actually, the fastest help is
    > on IRC. But not to change the subject, e-mail me. Then I will ask the
    > questions that are needed to know how to resolve your issues.
    >
    > No guarantees. No charge. Take it it leave it.
    >
    > What is "incase"? Please remember that exact lettering is important to
    > computers, and is also important to me. Everything needs to be exactly
    > letter-perfect. Typos are OK for secretaries, but not alright for system
    > administrators. That is what you said that you wanted to be, is it not?
    >
    > Let me know.
    >
    > --
    > colloquy_no_9 {at-sign} spam-mailingaddress.org
    > eliminate the spam-


    Hi,
    Ive written an email to you at the above address..

    Danish


  6. Re: how to enable iptables from CLI

    On Mon, 17 Apr 2006 07:25:38 -0700, linuxadmin wrote:
    [...]
    >> --
    >> colloquy_no_9 {at-sign} spam-mailingaddress.org
    >> eliminate the spam-

    >
    > Hi,
    > Ive written an email to you at the above address..
    >
    > Danish

    Hi,
    I'll look for it, but it hasn't arrived yet.

  7. Re: how to enable iptables from CLI


    Newsbox wrote:
    > On Mon, 17 Apr 2006 07:25:38 -0700, linuxadmin wrote:
    > [...]
    > >> --
    > >> colloquy_no_9 {at-sign} spam-mailingaddress.org
    > >> eliminate the spam-

    > >
    > > Hi,
    > > Ive written an email to you at the above address..
    > >
    > > Danish

    > Hi,
    > I'll look for it, but it hasn't arrived yet.


    Sad....just to let you know.....
    your email id I used:
    colloquy_no_9@mailingaddress.org

    Anyway! My email address is
    me.linuxadmin@gmail.com
    Danish


  8. Re: how to enable iptables from CLI

    On Mon, 17 Apr 2006 22:41:40 -0700, linuxadmin wrote:


    > Newsbox wrote:
    >> On Mon, 17 Apr 2006 07:25:38 -0700, linuxadmin wrote: [...]
    >> >> --
    >> >> colloquy_no_9 {at-sign} spam-mailingaddress.org eliminate the spam-
    >> >
    >> > Hi,
    >> > Ive written an email to you at the above address..
    >> >
    >> > Danish

    >> Hi,
    >> I'll look for it, but it hasn't arrived yet.

    >
    > Sad....just to let you know.....
    > your email id I used:
    > xxx@xxx.xxx
    >
    > Anyway! My email address is
    > xx.xxx@gmail.com
    > Danish


    Yes, I received and answered your e-mail.

    Thanks a heap (NOT!!), Danish. Because of that message both our e-mail
    addresses will now be spam targets.

    No problem, except I'll deep-6 that address and you won't be able to reach
    me. Why do you think people obfusticate their e-mail addresses on usenet,
    anyway? Did that question ever come into your mind? (mind?, mind? mind?
    .... ) ;/

    No not your fault. I should have known better. Won't do that again.

  9. Re: how to enable iptables from CLI


    Newsbox wrote:
    > On Mon, 17 Apr 2006 22:41:40 -0700, linuxadmin wrote:
    >
    >
    > > Newsbox wrote:
    > >> On Mon, 17 Apr 2006 07:25:38 -0700, linuxadmin wrote: [...]
    > >> >> --
    > >> >> colloquy_no_9 {at-sign} spam-mailingaddress.org eliminate the spam-
    > >> >
    > >> > Hi,
    > >> > Ive written an email to you at the above address..
    > >> >
    > >> > Danish
    > >> Hi,
    > >> I'll look for it, but it hasn't arrived yet.

    > >
    > > Sad....just to let you know.....
    > > your email id I used:
    > > xxx@xxx.xxx
    > >
    > > Anyway! My email address is
    > > xx.xxx@gmail.com
    > > Danish

    >
    > Yes, I received and answered your e-mail.
    >
    > Thanks a heap (NOT!!), Danish. Because of that message both our e-mail
    > addresses will now be spam targets.
    >
    > No problem, except I'll deep-6 that address and you won't be able to reach
    > me. Why do you think people obfusticate their e-mail addresses on usenet,
    > anyway? Did that question ever come into your mind? (mind?, mind? mind?
    > ... ) ;/
    >
    > No not your fault. I should have known better. Won't do that again.


    Im extremely sorry. I really didnt do that on purpose. So stupid of
    me.....
    Well, thats all I can say now...I guess
    Thank you very much for all your help

    Danish


  10. Re: how to enable iptables from CLI

    In comp.os.linux.security linuxadmin :
    > Hi everyone,
    > Ive got RHEL4 on my linuxbox. During its installation I had disabled
    > iptables..so now when I want to enable it again I will have to go to
    > the GUI option of Security and from there will have to enable it.
    > I wanted to know is there a way to enable iptables from the command
    > line rather than using the GUI


    Enter 'lokkit' as root from shell.

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 298: Not enough interrupts

  11. Re: how to enable iptables from CLI


    Michael Heiming wrote:
    > In comp.os.linux.security linuxadmin :
    > > Hi everyone,
    > > Ive got RHEL4 on my linuxbox. During its installation I had disabled
    > > iptables..so now when I want to enable it again I will have to go to
    > > the GUI option of Security and from there will have to enable it.
    > > I wanted to know is there a way to enable iptables from the command
    > > line rather than using the GUI

    >
    > Enter 'lokkit' as root from shell.
    >
    > --
    > Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    > mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    > #bofh excuse 298: Not enough interrupts


    Thanks
    Danish


  12. Re: how to enable iptables from CLI

    In article ,
    Newsbox wrote:

    >For security purposes, trust no one (other than one's
    >self), at least until you know what every single bit of this stuff is
    >about.


    Which means not trusting the poster of this message.

    Face it, _all_ security is based on trust. Without trust, there can be
    no security.

  13. Re: how to enable iptables from CLI

    On Wed, 19 Apr 2006 21:45:19 +1200, Lawrence D'Oliveiro wrote:

    > In article ,
    > Newsbox wrote:
    >
    >>For security purposes, trust no one (other than one's
    >>self), at least until you know what every single bit of this stuff is
    >>about.

    >
    > Which means not trusting the poster of this message.
    >
    > Face it, _all_ security is based on trust. Without trust, there can be
    > no security.


    Right. But it's important who and what is trusted, and it can be a fine
    line practically and semantically. Perhaps it is better said to trust,
    but verify (which is fairly close to "do not trust").

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2