On Sunday 19 October 2003 11:25 pm, Michael Holt wrote: > Ok, I�ve read all the posts I could find and it looks like no one > has had any luck with msec? I�ve been doing fine forever at > �high� security; now a friend from work is dogging me about making > things more secure. Since he�s an m$ guy, I want to prove how > much better *nix can do things and so I am off and ready to make > that server of mine so secure that you can�t get ANYTHING done! > Well, I�ve succeeded! I can�t get anything done! > > Ok, sorry �bout that; now here�s my problem: > When I go to msec level 4 - I can�t login to squirrelmail, use > ssh, use ftp - I�m just about completely locked out. I�ve tried > commenting out the line msec put in /etc/hosts.deny denying all, > but it gets overwritten. I read a post about using chattr +i, but > I�m using xfs so that�s no good. I tried adding > �authorize_services (all)�, but that didn�t help. I would really > like to have secure level 4 or maybe even 5, but I need to be able > to use my computer and I don�t know how to manually set the same > environments without using msec. What can I do to fix this mess? > I want the wheel group, etc.
Msec level 4 denies everything by default. Therefore, you must explicitly allow the things that you want to allow in the hosts.allow file. This will override the hosts.deny file so that anything that is not allowed is denied. I had the same problem with my web server, once you understand that the default behavior is to deny, it makes perfect sense. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
