Potresti postarci il contenuto di init.d? 
Grazie
Iptables nei servizi del centro di controllo
Lun, 21/03/2005 - 18:32
#12
Lun, 21/03/2005 - 18:41
#13
Eccolo:
alsa*
functions*
keytable*
mtink*
partmon*
usb*
atd*
guarddog*
kheader*
netfs*
portmap*
xfs*
bluetooth*
halt*
killall*
netplugd*
rawdevices*
xinetd*
crond*
harddrake*
mandrake_consmap
network*
single*
dm*
hidd*
mandrake_everytime*
numlock*
sound*
dund*
hotplug*
mandrake_firstime*
oki4daemon*
syslog*
freepops*
iptables*
messagebus*
pand*
ude
Lun, 21/03/2005 - 18:52
#14
Se provassi ad attivarlo così:
$chkconfig --level 5 iptables on
Lun, 21/03/2005 - 19:23
#15
Forse hai già provato a farlo ma potresti provare a riavviare il sistema e, senza digitare nessun altro comando, provare a fare iptables -L e fare un test su questo sito.
Posta i risultati di entrambi i test. :-P
Lun, 21/03/2005 - 19:45
#16
[nomeutente@localhost nomeutente]$ iptables -L
bash: iptables: command not found
[root@localhost cesaris]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
srcfilt all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
s1 all -- anywhere anywhere
Chain f0to1 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:4662 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:4666
logdrop all -- anywhere anywhere
Chain f1to0 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:http state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:http-alt state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:8888 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:4661 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:4662 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:cvsup dpt:4665
ACCEPT udp -- anywhere anywhere udp spts:1024:cvsup dpt:4666
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:pop3 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:https state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:cvsup dpts:6660:6669 state NEW
logdrop all -- anywhere anywhere
Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain logdrop (4 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
DROP all -- anywhere anywhere
Chain logdrop2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROPPED '
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
logreject2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain logreject2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `REJECTED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere localhost
logdrop all -- anywhere anywhere
Chain s1 (1 references)
target prot opt source destination
f1to0 all -- anywhere anywhere
Chain srcfilt (2 references)
target prot opt source destination
s0 all -- anywhere anywhere
Il test ShieldsUp l'ho effettuato una miriade di volte ed è andato sempre a buon fine:
Netbios:
Your Internet port 139 does not appear to exist!
Unable to connect with NetBIOS to your computer.
All service ports:
Stealth.
Lun, 21/03/2005 - 20:39
#17
A me sembra tutto a posto.
Lun, 21/03/2005 - 21:40
#18
Allora adesso se vorrei ad esempio disabilitare portmap e qualche altro servizio,mi conviene farlo dal centro di controllo,servizi,cliccando su stop?
Lun, 21/03/2005 - 23:42
#19
Sì, ma credo che così facendo ne bloccheresti l'attività solo per quella sessione (credo..), altro non so dirti poichè è un pezzo che non metto mano al MCC (problema di perl-gtk2 che risolverò tra un paio di settimane quando arriverà l'ADSL di BBIP.it :-P).
Se non è presente qualche opzione che faccia in modo che il servizio non desiderato si avvii al boot successivo puoi sempre andare a rimuovere i link simbolici da rcX.d (dove X è un numero compreso fra 0 e 6 :-P).
Mar, 22/03/2005 - 00:32
#20
Se invece trovo l'opzione al boot selezionata che faccio,la deseleziono e poi elimino il link simbolico?Se usassi anche il comando #pkill nomeprocesso?
Ho visto nel file boot.log ed in 10 gg riguardo ad iptables ho trovato ben poco:
Mar 21 14:05:19 localhost iptables: Eliminazione di tutti i chain: succeeded
Mar 21 14:05:19 localhost iptables: Rimozione dei chain definiti dall'utente: succeeded
Mar 21 14:05:19 localhost iptables: Reimpostazione chain predefiniti alla politica ACCEPT succeeded
Non si è mai avviato,invece guarddog si...anche nell'elenco dei processi attivi non appare:
[root@localhost nomeutente]# ps axf
PID TTY STAT TIME COMMAND
1 ? S 0:01 init [5]
2 ? SN 0:00 [ksoftirqd/0]
3 ? S< 0:00 [events/0]
4 ? S< 0:00 \_ [khelper]
5 ? S< 0:00 \_ [kblockd/0]
29 ? S 0:00 \_ [pdflush]
30 ? S 0:00 \_ [pdflush]
32 ? S< 0:00 \_ [aio/0]
27 ? S 0:00 [kapmd]
31 ? S 0:00 [kswapd0]
140 ? S 0:00 [kseriod]
265 ? S 0:00 [kjournald]
381 ? S 741 ? S 0:00 [khubd]
918 ? S 0:00 [kjournald]
927 ? S 0:00 [kjournald]
2331 ? Ss 0:00 portmap
2345 ? Ss 0:00 syslogd -m 0
2367 ? Ss 0:00 klogd -2
2459 ? Ss 0:00 xfs -port -1 -daemon -droppriv -user xfs
2474 ? Ss 0:00 dbus-daemon-1 --system
2492 ? Ss 0:00 hcid: processing events
2506 ? Ss 0:00 sdpd
2518 ? S< 0:00 [krfcommd]
2568 ? S 0:00 /usr/bin/mdkkdm -nodaemon
2586 ? S 0:52 \_ /etc/X11/X -deferglyphs 16 -auth /var/run/xauth/A
2638 ? S 0:00 \_ -:0
3574 ? S 0:00 \_ /bin/sh /usr/bin/startkde
3630 ? S 0:00 \_ /usr/bin/bluez-pin --dbus
3651 ? S 0:04 \_ /usr/bin/perl /usr/bin/net_applet
3696 ? S 0:00 \_ magicdev
3746 ? S 0:00 \_ kwrapper ksmserver
2570 ? Ss 0:00 /usr/sbin/atd
2590 ? Ss 0:00 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid
3730 ? Ss 0:00 \_ famd
2868 ? Ss 0:00 crond
2909 ? Ss 0:00 /usr/bin/freepopsd -v -d -l /var/log/freepopsd
3107 tty1 Ss+ 0:00 /sbin/mingetty tty1
3108 tty2 Ss+ 0:00 /sbin/mingetty tty2
3109 tty3 Ss+ 0:00 /sbin/mingetty tty3
3110 tty4 Ss+ 0:00 /sbin/mingetty tty4
3111 tty5 Ss+ 0:00 /sbin/mingetty tty5
3112 tty6 Ss+ 0:00 /sbin/mingetty tty6
3675 ? S 0:00 dbus-launch --sh-syntax --exit-with-session
3680 ? Ss 0:00 dbus-daemon-1 --fork --print-pid 8 --print-address 6
3692 ? Ss 0:00 s2u --daemon=yes
3710 ? S 0:00 /usr/lib/gconfd-2 13
3718 ? Ss 0:00 kdeinit: Running...
3726 ? S 0:00 \_ kdeinit: klauncher
3738 ? S 0:00 \_ /usr/bin/artsd -F 10 -S 4096 -s 1 -m artsmessage
3749 ? R 0:03 \_ kdeinit: kwin -session 117f0000010001110569350000
3766 ? S 0:00 \_ kwikdisk -session 117f000001000111056935400000037
3810 ? S 0:02 \_ kdeinit: konsole
3811 pts/0 Ss 0:00 | \_ /bin/bash
3845 pts/0 S 0:00 | | \_ su
3851 pts/0 S+ 0:00 | | \_ bash
4987 pts/4 Ss 0:00 | \_ bash
5025 pts/4 S 0:00 | \_ su
5031 pts/4 R 0:00 | \_ bash
5080 pts/4 R+ 0:00 | \_ ps axf
4419 ? S 0:00 \_ /bin/sh /home/nomeutente/firefox-installer/firefox -
4430 ? S 0:00 | \_ /bin/sh /home/nomeutente/firefox-installer/run-m
4435 ? Sl 0:35 | \_ /home/nomeutente/firefox-installer/firefox-b
4517 ? S 0:05 \_ kdeinit: konqueror --silent
4550 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-nomeutente/klaun
5068 ? SN 0:00 \_ kdeinit: kio_thumbnail thumbnail /tmp/ksocket-ces
5072 ? S 0:01 \_ kdeinit: kwrite /home/nomeutente/installazioni
5073 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-nomeutente/klaun
3721 ? S 0:00 kdeinit: dcopserver --nosid
3729 ? R 0:01 kdeinit: kded
3742 ? S 0:00 kdeinit: knotify
3748 ? S 0:00 kdeinit: ksmserver
3751 ? S 0:02 kdeinit: kdesktop
4563 ? S 0:00 \_ kdesu konqueror
4577 pts/3 Ss+ 0:00 \_ /bin/su root -c /usr/bin/kdesu_stub -
4580 pts/3 S+ 0:00 \_ /usr/bin/kdesu_stub
4583 ? Ss 0:05 \_ konqueror
3756 ? S 0:05 kdeinit: kicker
3767 ? R 0:00 kdeinit: khotkeys
3769 ? S 0:00 kdeinit: kmix -session 117f00000100011105693540000003
3771 ? S 0:00 krandrtray -session 117f00000100011105693560000003703
3772 ? S 0:00 korgac --miniicon korganizer
4348 pts/0 S 4406 ? S 4549 ? S 0:00 kdeinit: kio_uiserver
4568 ? S 0:00 /usr/bin/kdesud
4588 ? Ss 0:00 kdeinit: Running...
4594 ? S 0:00 \_ kdeinit: klauncher
4600 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-root/klaunche
4601 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-root/klaunche
4603 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-root/klaunche
4611 ? SN 0:00 \_ kdeinit: kio_thumbnail thumbnail /tmp/ksocket-roo
4612 ? S 0:10 \_ kdeinit: kwrite /var/log/boot.log
4618 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-root/klaunche
4592 ? S 0:00 kdeinit: dcopserver --nosid --suicide
4596 ? R 0:00 kdeinit: kded
4617 ? S 0:00 kdeinit: kio_uiserver
4638 ? S 0:00 kdeinit: knotify
4641 ? S 0:05 /usr/bin/artsd -F 10 -S 4096 -s 60 -m artsmessage -l
Che faccio?
"Ehi tu, lo sai che la tua faccia somiglia a quella di uno che vale duemila dollari?" "Già, ma tu non assomigli a quello che li incassa!" (Il buono il brutto il cattivo)