[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad File Permission

Subject: Re: Bad File Permission
From: Martin P Holland <nospam [at] noether.freeserve.co.uk>
Date: Sep 22 1999 10:09:23 EDT

On Tue, 21 Sep 1999, Richard wrote:

> I've started X as the user and I'm getting the following when I try
>to start Kisdn to connect to the internet.....
>
> Bad file permission
>
>I can't set the correct permission of the config file
>/home/user/kde/share/config/kisdnrc
>It should be readable, only writable by the owner,
>because the passwords for your ISPs are stored there

What do you get for ls -l /home/user/.kde/share/config/kisdnrc?

> On a different but related theme I've been able to enable the
>firewall with ipchains -P input DENY. This works fine but doesn't
>allow me to view web pages or send and receive e-mail. And what
>about ftp ?? What's the correct syntax to allow my web browser to
>work ? I have to connect to port 3128 at my ISP. E-mail download is
>on port 110 and send is on port 25.

I have quite a good generic firewall (thankyou dejanews). Invoke it in
ip-up.local. Try modifying it for your needs. You'll have to change ppp+ to
the right device(s) for isdn. Is that ippp+?

You should be able to send and receive mail, browse the web etc. with no
extra configuration. For ftping _out_ you have to remember to use passive mode.
Annoyingly this can't be done centrally but you have to set it up in every ftp
app. But on the plus side ftp clients in browsers etc will use passive mode
automatically.

#!/bin/sh
#
#script to set up firewall.
#
#flush all chains and delete user defined chains
/sbin/ipchains -F
/sbin/ipchains -X
#allow all local connections
/sbin/ipchains -A input -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
#set default policies
/sbin/ipchains -P input DENY
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward DENY
#create chain to monitor ppp connections
/sbin/ipchains -N ppp-in
#direct all incoming ppp traffic to ppp-in chain
/sbin/ipchains -A input -i ppp+ -j ppp-in
#allow all tcp packets to unprivileged ports
#except those requesting connection
/sbin/ipchains -A ppp-in -p tcp ! -y -s 0/0 -d 0/0 1024: -j ACCEPT

#allow udp for DNS
# Sometimes they use tcp so watch for that
# Make sure to use IP adresses here. You can't do lookups until after this step
#;-)

/sbin/ipchains -A ppp-in -p udp -s ns1.for.your.isp 53 -d 0/0 1024: -j ACCEPT
/sbin/ipchains -A ppp-in -p udp -s ns2.for.your.isp 53 -d 0/0 1024: -j ACCEPT

# Now just allow entry for specific ports, e.g.
# Allow ssh from somewhere
/sbin/ipchains -A ppp-in -p tcp -s somewhere -d 0/0 22 -j ACCEPT

#all done
echo filtering firewall active
#allow ping and unreachables
/sbin/ipchains -A ppp-in -p icmp -s 0/0 -d 0/0 0 -j ACCEPT
/sbin/ipchains -A ppp-in -p icmp -s 0/0 -d 0/0 1 -j ACCEPT
/sbin/ipchains -A ppp-in -p icmp -s 0/0 -d 0/0 3 -j ACCEPT
#log all unauthorised packets
/sbin/ipchains -l -A ppp-in -p tcp -j DENY
/sbin/ipchains -l -A ppp-in -p udp -j DENY
/sbin/ipchains -l -A ppp-in -p icmp -j DENY
echo logging all unauthorised packets
#everything else is caught by input policy DENY
# end of script

It's quite interesting to see how often people try to crack into your box
by looking at /var/log/messages :-)

atb
Martin

--
http://www.shef.ac.uk/~pm1mph

Start your own FREE mailing list at

&copy; 2000 Microsoft Corporation. All Rights Reserved

Prev by Date: Re: Corel Linux
Next by Date: Re: Bad File Permission
Prev by thread: Bad File Permission
Next by thread: Re: Bad File Permission
Index(es):
- Date
- Thread