Security :: Netfilter Hook - Kernel Module - Skb_transport_header - Tcphdr Fields Wrong Values
Apr 1, 2010
We are trying to implement a firewall as kernel module through netfilter hooking (in C). In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet. On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.
We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).
[Code]....
View 1 Replies
ADVERTISEMENT
Jan 30, 2011
I need to install module u32 into the netfilter module for kernel 2.6.27.
I did not see the source code in the kernel version I have. where can I find the code for U32 module.
I have checked "netfilter.org" and looks like POM is discontinued. Is the u32 module committed to kernel version 2.6.27 or need to patch it. If yes, where can I find the patch?
I building the kernel for a MIPS processor.
View 3 Replies
View Related
Jan 24, 2011
I have a few mail servers (CentOS 5.5) that are running OSSEC Active Response (2.5.1) on Iptables (1.3.5-5.3.el5_4.1). We are currently having a problem where we get loop hook errors:Jan 24 04:15:03 servername kernel: iptables: loop hook 1 pos 464080 00000022 this is the firewall-drop.sh we are currently using:
Code:
#!/bin/sh
# Adds an IP to the iptables drop list (if linux)
# Adds an IP to the ipfilter drop list (if solaris, freebsd or netbsd)
# Adds an IP to the ipsec drop list (if aix)
[Code]...
View 4 Replies
View Related
May 17, 2009
I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
View 3 Replies
View Related
Jul 15, 2011
This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:
Code:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:
[code]....
View 3 Replies
View Related
Dec 14, 2010
I'm tasked with creating a base image of ubuntu (one for server, one for workstation) that is locked down and has all the fluff taken out (naturally workstation will have more fluff left in it than server). Task list looks about like this:
1. Create list of deb packages "allowed", write script to list/uninstall everything else.
2. Hook the logins into either enterprise kerberos or Active Directory (yuck).
3. Write scripts to check things like setuid/setguid, disabling su, checking sudo permissions, configure iptables, etc.
4. Use a scanner to scan the system from outside the system (was thinking of using backtrace).
5. Custom-compile the kernel to strip out all the unneeded modules.
Before embarking on this awesome task I figured I'd check with you guys to see if you know of some resources that would make this task easier/quicker. I'm sure someone out there has already headed down this branch.
PS My boss *loves* ubuntu and isn't to keen on going with a deb (or other) distro that is already "security trimmed" without some serious convincing. I'm sure there are some out there, and if you want to pass along a couple for consideration, I'll check them out, but no guarantees he'll let me use it.
View 4 Replies
View Related
Apr 22, 2010
I want to add some code in existing linux2.6.33.2 to enhance kernelI want to know how to start and where to add code.
View 2 Replies
View Related
Feb 11, 2010
I have a system running openSUSE 11.2 with Desktop and XEN kernel, as well as Windows 7 (not by choice though...). I have noticed a strange time issue, with Windows 7 and the desktop kernel the time is correct (like for example now: 1:32 PM) but in the XEN kernel it is ahead several hours (6:32 PM). If it was an issue between openSUSE and windows then I would think that it is a problem with the system clock but I don't know what would cause a time issue between kernels like that.
View 6 Replies
View Related
Mar 3, 2010
What is the default kernel paramtre valus for linux RHEL Machine?
View 5 Replies
View Related
Feb 4, 2010
Recently I was going through some chmod manipulations and found the umask values to be 0002 by default in Fedora 11 distro. What I knew about the default values to be 022. I don't know whether this is a kernel modification in this distro or my system is in compromise(I doubt for the latter option, but not confirmed).
View 4 Replies
View Related
Feb 10, 2010
I installed openSUSE 11.2 on virtualbox. My host is windows 7. I tried to install the guest additions, but i get an error saying
Code:
Building VirtualBox Guest Additions Kernel Modules...Failed
(Your system does not seem to be set up to build kernel modules)
How should i go about to let my system build kernel modules?
View 7 Replies
View Related
Jul 5, 2010
I think I've messed my SELinux boolean values. How to restore default boolean values?
Modified boolean values are stored in
Code:
/etc/selinux/targeted/modules/active/booleans.local
Can I just delete the file and reboot to get the defaults?
View 1 Replies
View Related
Jan 24, 2010
I have a problem with my custom kernel when I want to create the Nvidia kernel module.After this finished I installed the image and headers and created the Nvidia kernel module. Everything worked fine.However, if I remove the linux-source from my home directory then I can't create the kernel module.Even though I have the headers for the kernel installed.
View 2 Replies
View Related
Jan 6, 2010
I'm running Virtualbox from the Sun website (need the USB support) and it breaks after each kernel update.The problem is that I installed a lot of Ubuntu systems for transitioning windows users with Windows in virtualbox to ease the migration but I have to rerun vboxdrv setup after each kernel patch.
View 2 Replies
View Related
Apr 18, 2011
I ran two scans in Zenmap: 1) Quick scan plus and 2) Quick Traceroute. Quick scan plus, under the Nmap Output tab, has a field called "Network Distance". The Quick Traceroute report under the same tab lists the HOP and RTT time. I was thinking that for a given server, the value for the Network Distance would be the same as the HOP field when initiating the scans from the same server, but they are not.
View 5 Replies
View Related
Feb 22, 2010
What is the error "invalid module format" and the message "insert kernel module" mean? And whats the reason for the same?
View 8 Replies
View Related
Jul 26, 2009
When I installed fedora 11 the other day using the live CD it installed the i586 kernel and not the i686, despite the fact that smolt seems to know that that the hardware is i686 (well, actually it's x86, but I'm not going to argue because I forgot to get that one...). Why would it install the i586 one though? (uname -r 2.6.29.6-213.fc11.i586) But more importantly, are there any specific issues which this version can cause that I should be aware of? I can't really be bothered to change it at the moment if there is no real issue with it but I'm not too sure what difference it makes? Is it slower? It seems to know that I have a quad-core processor and seems to use them fine.
View 10 Replies
View Related
Aug 19, 2010
I've snort_inline2.4.5 and didn't found snort rules-snapshot-2.4.5.tar.gz at snort home what i do
View 2 Replies
View Related
Dec 8, 2010
According to the man page, the "recent" match of iptables accepts certain parameters (e.g. "ip_list_tot"). I'd like to change the values of some of them.
All the solutions found on the web were about changing parameters for module, but my kernel was compiled without modules support (such that it can be used for installation booting as well).
How can I change the match parameters for my non-modular kernel ?
View 2 Replies
View Related
Jan 9, 2010
Just installed Fedora 12 on my Dell Precision M4400 and I'm trying to install the Broadcom wireless driver. When I try to compile the driver, I get:make: *** /lib/modules/2.6.31.5-127.fc12.i686/build: No such file or
directory. Stop.So I followed the link and /lib/modules/2.6.31.5-127.fc12.i686/build is a soft link:lrwxrwxrwx. 1 root root 47 2009-11-09 14:17 build -> ../../../usr/src/kernels/2.6.31.5-127.fc12.i686But in /usr/src/kernels all I see is:
total 12
drwxr-xr-x. 3 root root 4096 2010-01-09 11:56 .
drwxr-xr-x. 4 root root 4096 2009-11-09 14:10 ..
[code]....
View 5 Replies
View Related
Mar 5, 2009
It points to the old Fedora kernel, and needs to be directed to the pre-installed kernel. What will the new menu entry be after it loads?
View 1 Replies
View Related
Aug 7, 2010
My distro is ClearOS, which is RHEL so I assume this is the right place.I moved my sytem from an old PATA-drive to a bigger SATA. ClearOS uses LVM for the root directory and the swap directory, so this VolumeGroup was moved using lv-commands. I left the old hda drive in for the time being and hda also remained the BIOS start up disk. /boot is at hda2.Now, clearly there are 2 VolGroup00/ LogVol00 's: on hda and sda.
Eventually I wanted to unload my hda. I copied /boot from the hda disk to sda, changed (hd0,1) to (hd0,0) as /boot is in different locations, later found out that I needed to do the same for the location of the splash image and did that as well, but I don't get access to my new VolGroup.I did an /sbin/mkinitrd and a grub-install on the new sda but no luck. I have seen various error messages. The latter one is that grub loader 1.5 is active, giving me a grub prompt.
View 2 Replies
View Related
May 2, 2011
I'm running Scientific Linux 5.5 (equivalent to CentOS 5.5), and over the past two weeks, I have had a problem with my root partition filling up, preventing anyone from logging into the server.After searching for large files, and finding none, I was mystified when du told me that the root partition had only 660 MB of disk space used, whilst df showed it full. The problem was this: the /var/crash directory had been filled up by an 8GB crash file. Now, I'm a 'proper' sysadmin and make sure that /var has its own mount point, so the crash should not have touched the root partition at all. Except it did - instead of writing to /var/crash on /dev/mapper/VolGroup00-LogVol04 which is mounted as /var, it wrote the file to /dev/md0 directly, so when all the file systems were mounted, those files were hidden under the mounted /var.
View 4 Replies
View Related
Sep 16, 2010
With kernel 2.6.35 I get wrong readings on lm_sensors. They are about 20C off than the real values (e.g. if the CPU is at 50C, lm_sensors will show 70C). If I boot with any other kernel (like 2.6.32) I get the correct values. I'm using the 'coretemp' module on an Acer 7720 laptop. My distro is 64-bit Arch Linux.
View 2 Replies
View Related
Dec 7, 2010
I have two HP Quard core high end server.
OS : Red Hat Enterprise Linux Server release 5.2 (Tikanga)
Kernel : kernel-2.6.18-92.el5
From last couple of days I found entry in dmesg:
###########################################
Oct 11 15:03:46 kernel: schedule_timeout: wrong timeout value ffefda64 from c05a784e
Oct 11 15:03:46 last message repeated 2 times
[code]...
View 4 Replies
View Related
Aug 13, 2010
I just installed Slackware 13.1 x86 on a new laptop (you probably remember me from my audio post). I am having one other issue. My root file system is formatted as EXT4. When my computer boots, it tries to mount it as EXT3 then EXT2, fails both types and then tries EXT4. Here are the messages.
Code:
EXT3-fs (sda2): error: couldn't mount because of unsupported optional features (240)
EXT2-fs (sda2): error: couldn't mount because of unsupported optional features (240)
EXT4-fs (sda2): mounted filesystem with ordered data mode
So, eventually / is mounted correctly, but I think this is slowing down my boot time. Does anyone know how to fix this.
View 13 Replies
View Related
Aug 23, 2010
I want that in the phase of "login" and in the phase of "lock screen", if password is wrong, then Ubuntu runs my custom command.
View 3 Replies
View Related
Feb 7, 2011
Is there a way to have the system shut down automatically after a set number of wrong user password entries? Am using ubuntu and kubuntu on two different machines. Am thinking it would make sense to have this feature on an encrypted laptop system in case someone were to take it whilst it's on suspend, screenlock, hibernate or login screen and hence the disk is vulnerable.
View 6 Replies
View Related
Mar 9, 2011
I am starting to learn how to create and manage users in my computer. I created a new user and changed users
I then tried to install a package with this user to confirm that it needs su rights, and when asked for the password, I entered it wrong
john is not in the sudoers file. This incident will be reported.
It says that the incident will be reported, but where can I find the information of this incident? where is it stored or how is it reported?
View 3 Replies
View Related
Aug 18, 2009
I'm trying to add simple policy to system - Fedora 11 x86_64 updated.Where is my error? I can't add any module.
View 14 Replies
View Related
