Fedora Security :: Where Does Firestarter Get 'events'
Jul 18, 2009
Running Fedora 10 and 11. Using Firestarter firewall.Does anyone know where Firestarter gets the Events which it displays?I do not find anything in /etc/firestarter/.I suspect Firestarter looks in a log file which Fedora keeps somewhere.
Have homebrewed machine, was running Fedora 8. Installed Fedora 10.Firestarter firewall manager keeps crashing after about 5 minutes. Restarts, runs for a while, then crashes.Thought it might be an IPTABLES turf war with the native Fedora 10 gui firewall manager, so disabled that at System > Admin > Firewall. Also disabled SElinux. Still have problems.Firestarter firewall seems to work OK, just the gui Firestarter monitor/manager.If anyone has ideas as to cause, I'll take a clue.I could use Firestarter to generate the IPTABLES by ..manually editing the /etc/firestarter/inbound|outbound/allow-.. files and then../etc/init.d/firestarter restartBut I find the events log useful to look at. Anyone know where the events log file is kept in the file system?
I have an Asus 900 laptop that I put Ubuntu 9.10 on.I know it was made by the Chinese, but why are they trying to hack my pc?I currently put FIRESTARTER a linux firewall on board you can go here to get itNow I can see everyone's IP address and find out where they are and who they are!!
I was wondering if firestarter (software firewall) works out of the box or does it need some kind of configuration in order for it to provide protection? Is firestarter even needed with ubuntu?
im having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.
I am new to Ubuntu and till now I have chosen it to be my favorite distro. I use my laptop in various networks, home, work, school. When I run firestarter the wizard does not give me the option for wireless INTERNET, only ethernet.
I've been using Firestarter for a while and have used it to set-up inbound and outbound policies (which are probably way too restricitve) but since turning on boot logging the other day I have noted that the boot log contains the message:
Code: * Starting the Firestarter firewall [fail] I find this somewhat alarming. I have seen post[URL].ht= firestarter (although have not added it the auto startup list and do not wish to have it start without the root password). What I would like to know is as the computer boots up does it set the iptables to their last setting irrespective of whether firestarter starts or does firestarter need to start to set the iptables and therefore my policies?
I am running Ubuntu 10.10 I have an question about the firewall Firestarter, when checking the firewall it told me there are 9 serious incoming connections what must I do with this info. Inbound is normally blocked as standard i have also see that someone with port 1234 and 12345 have trying to attempt mine system but failed all trojan ports are fully blocked.
I am running Firestarter on Ubuntu 9.10 64 bit. I have noticed several times that after closing all web apps (Firefox, Thunderbird) that some entries remain under the heading "Active connections" on the Firestarter "Status" tab. Often these show no source program. Currently I have 2 showing which show Firefox as the source. These persist after Firefox is shut down. I have verified that no Firfox process is running. And both of the IPs point to google.I have Disconnected eht0 and they still show. I have logged out and back in and they still show. I must reboot the machine to make these entries go away. Which makes me think perhaps this is a bug in Firestarter(?) Is there another way I can identify truly active connections?
I gave a presentation on the Firestarter Firewall interface at my local LUG meeting tonight (another member followed with a presentation on iptables).You can download a copy of the handout from this link.
I am running ubuntu 10.10. I recently enabled the firewall and installed Firestarter to configure it. Bad decision apparently. I can't connect to the internet using Firefox unless I first stop the firewall using Firestarter. After I do that, Firefox connects to the internet just fine.
If I uninstall Firestarter, will the ubuntu firewall function as it did originally, before I configured it? Or will it continue to function the way it does right now, which doesn't allow me to connect to the internet?
Just want to stealth ports on my laptop. Had problems with firestarter when I installed in on 10.10. Set Firestater back to defaults and then dumped it with:
Code: sudo apt-get purge firestarter Set up Gufw to defaults and now am not sure what I am seeing with iptables. iptables -L shows .....
Do these settings look correct for default settings for Gufw? or do I still have some problems with the old firestarter settings not being removed. All I want is all ports stealthed. I know that ping is enabled but I believe that is a default setting in ufw. Could I restore iptables to default with:
Code: sudo iptables -F and then enable Gufw and set default?
I am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
I installed firestarter and then at a later date uninstalled/purged it, both actions via synaptic. I have a very verbose boot, I like to see what's going on, and noticed after the uninstall/purge that I was getting an error zooming up the screen containing firestarter in it. After many restarts I found that a file was left in /etc/network/if-up.d/50firestarter and this file was simply a script trying to restart firestarter. At this point I've commented out the calling line and followed the commented line with exit 0. This removes the error but there's still a link calling the file so, is this a bug or am I missing something? It appears the uninstall/purge wasn't entirely complete.
I've followed this guide [URL] after rebooting the system hang at: starting ati external events daemon [OK] This line start blinking for a while, then nothing happen. I am using a radeon hd 4225. (I'm booting with acpi=off).
After the update on 7/03/10 edge+mouse button combo's don't work anymore, keyboard short cuts for the same function are still working. Example "Scale", keyboard short-cut ctrl-s working, edge+mouse button Right Edge - Right Mouse Button no action. Worked before...
In Fedora 12, I am trying to use a program that uses uinput to inject mouse events to control X applications. This worked with Fedora 9, but doesn't with Fedora 12. I see the following in my Xorg.0.log:
(II) config/hal: Adding input device Prototype IRPointer Device (II) LoadModule: "synaptics" (II) Loading /usr/lib/xorg/modules/input/synaptics_drv.so (II) Module synaptics: vendor="X.Org Foundation" compiled for 1.7.1, module version = 1.2.1 Module class: X.Org XInput Driver ABI class: X.Org XInput driver, version 7.0
[Code]...
The device is not a synaptics touchpad, and so the X load of the driver is incorrect. But I don't know how to get X to ignore it's own driver and use evdev. (Or even if that's the right thing.) A general explanation of how hal and evdev are related, for the current X server,
I have the following machine : laptop : Dell Inspiron E1505 Wireless : Intel Pro Wireless 3945 (ipw3945-1.2.2 + ipw3945d-1.7.22 + ipw3945-ucode-1.14.2 / eth1) Printer : HP C4580 Photosmart wireless (hplip-3.9.8) Ethernet : Broadcom Corporation BCM4401-B0100Base-TX (b44.ko / eth0) External Modem : Siemens CL-110 ADSL OS : Fedora 6+11 (currently on fc6)
The external modem is connected via the laptop ethernet and provides the internet connection. The printer is connected via wireless adhoc to the laptop's IPW3945 wireless card. I use firestarter as firewall. When firestarter is disabled everything works fine. If enabled it blocks my printer. I have tried to open every possible port via firestarter (according to several other threads) with no luck. My printer is set (under system-config-printer) as :
I've noticed that when I open firefox I get really strange HTTP and HTTPS connections showing up in firestarter (which as I understand it is just a GUI for IPtables). They connect to various bits of a site listed as 1e100.net (when you use "lookup hostnames") such as wy-in-f18.1e100.net, they stay connected all the time as far as I can see unless I close firefox. I've heard people say they are connected to Google, but I can close all tabs after loging out of google and still see them... it's very odd.
i try today to install Firestarter , unfortunately i got some problems regarding of the following messages:
1- insufficient privileges : 2- how can i change and save the file /etc/sbin/firestarter with visudo cammand 3-i got this message when i try to run it through terminal Error reading /proc/net/ip_conntrack: No such file or directory
I am trying to setup auditing for NISPOM requirements using the built-in linux audit kernel which uses auditd and audit.rules for setup. I have been able to meet all other requirements, but I cannot find a way to audit user logout actions. My audit.rules file is listed below
Code: #This file contains the a sample audit configuration intended to # meet the NISPOM Chapter 8 rules.