How can I tell if my firewall services are running. I am used to using iptables as a heavy red hat user. Suse firewall is a little bit of a learning curve for me. According to my system services in yast my firewall services are not running?
SuSEfirewall2_init running NO
SuSEfirewall2_setup running NO
Well someone switched it off, because it’s enabled by default.
Go to Yast Security and Users - Firewall and switch it on.
As a former RH user you should know these two:
man insserv
man chkconfig
//Edit:
OK, perhaps only the second one (which is the preferred method anyway).
So it was off. Thats what I thought. How did that happen?!?!?
The only one who can tell you this is the administrator of that box.
If that is you, then you did it, it is on by default so you must have turned it off at some point.
Hummm must have somehow hapened after I updated to kde 4.3 because before that it was always running.
how is the physical security of your box (anyone else have access to
it?)…
you might wanna seriously consider going on a root kit hunt…
do you have tripwire or similar?
rkhunter?
–
platinum
Well, I have a fresh install of OpenSuSE 11.1 and it seems to me that the firewall is NOT running by default. I’ve run all the updates and upgraded to KDE 4.3, none of which should have switched the firewall off. I’ve just gone in to check if the firewall is running, and it’s not. I never touched it though! Weirdly, though, if I run some internet based “is your firewall working” page, it seems to think it is. But YaST certainly thinks it isn’t.
You might be mistaken. What does it look like here for you:
http://thumbnails22.imagebam.com/5290/0af36c52898637.gif](http://www.imagebam.com/image/0af36c52898637)
My dialogue was as follows:
Firewall is NOT running
Start Firewall now.
Stop Firewall greyed out.
The only thing that I might have done that might have been unusual is I had to separately configure the network card as YaST didn’t seem to pick it up automatically like it usually does. Maybe when you configure the network card manually it doesn’t start the firewall? Bit silly if you ask me.
Someone switched it off. It’s ON by default.
caf4926 wrote:
> Someone switched it off. It’s ON by default.
and, if you didn’t turn it off then THAT is the reason i suggested (a
week ago) you hunt for the root kit that did/might have…
–
palladium
This occurred to me also but that would just lead to a discussion like: Have you logged in as root?..
rkhunter will do the job on rootkits
caf4926 wrote:
> palladium;2053354 Wrote:
>> caf4926 wrote:
>>> Someone switched it off. It’s ON by default.
>> and, if you didn’t turn it off then THAT is the reason i suggested (a
>> week ago) you hunt for the root kit that did/might have…
>>
>> –
>> palladium
>
> This occurred to me also but that would just lead to a discussion like:
> Have you logged in as root?..
>
> rkhunter will do the job on rootkits
>
>
I never install any of those.
One should not think too highly about rkhunter and other such scripts.
They are basically useless, that has been discussed a lot during years.
All you get is false positives and false feeling of security.
Don’t trust them. Use them if you like, rather not.
Quickly looking for reference to back up my statement I only came across
this old thread from alt.os.linux.suse, but there’s a lot more if you
investigate:
“Sunrise 8:14am (EEST), sunset 5:54pm (EEST) at Espoo, Finland (9:40
hours daylight)”
http://waxborg.servepics.com
Linux 2.6.25.20-0.5-default #1 SMP 2009-08-14 01:48:11 +0200 x86_64
6:39pm up 29 days 1:19, 17 users, load average: 1.23, 1.29, 1.27
> One should not think too highly about rkhunter and other such scripts.
> They are basically useless, that has been discussed a lot during years.
agree mostly…the best way to find a root kit is to NOT install it
in the first place…
–
palladium
Well, I downloaded Opensuse from the website, verified its checksum, and installed it. Then ran the updates. So you’re suggesting the repositories install a rootkit that disable the firewall? If that’s the case, I’m very worried, and maybe we should all abandon OpenSuSE, as they’re doing something very nasty. I’m hoping it happened when I set up the network.
How else could a rootkit get on my computer? How should I find it?
I’d like to add that the rootkit doesn’t seem to bothered about trying to disable the firewall again, if it exists.
relax. you should be fine
A rootkit is unlikely unless you have been running as root.
No, I log in as root occasionally, but don’t run as root. Even I’m not that silly :-).
Actually I’ve just tried a quick test. If you do the following:
then the firewall gets disabled. So it’s obviously a bug in YaST, which is a relief!
Would be interested if anyone else has the same behaviour to confirm this though!
Nick
