http://qa.mandrakesoft.com/show_bug.cgi?id=5218
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|program |program
Product|initscripts |msec
Version|7.06-20mdk |0.40-1mdk
------- Additional Comments From [EMAIL PROTECTED] 2003-18-09 22:58 -------
well I've finally found how to change it manually in draksec for msec.
So : change bug from initscripts to msec
Two enhancements now :
- set it "Enabling logging of strange packets" by default to NO
- add in draksec some help to identify that strange packet are in fact "martian
source"
- add a comment in draksec documentation that it corresponds to martian source
Remember that the noobie may easily be alarmed by messages so difficult to
identify, not just because they are from martian source ;-) but because I had to
follow 3 source files to find it !
/etc/sysctl.conf
/sbin/msec
/usr/share/msec ; grep martian *
libmsec.py: set_zero_one_variable(SYSCTLCONF,
'net.ipv4.conf.all.log_martians', arg, 1, 'Enabling logging of strange packets',
'Disabling logging of strange packets')
Fichier binaire libmsec.pyo concorde
Well, to conclude, draksec has been enhanced (no more funny variables instead of
comments), but now it's very difficult to know what relates to what (need a
dictionnary draksec / sysctl.conf lol ;?)
Security is a matter of adherence to it, if the user is tempted to reverse to a
lower level just because s/he cannot know what is caused by what,
implementation of security is flawed !
In France, the "carte � puce" (chip card ?) worked because the user has not to
understand the algorithms behind (well they might not be that secure for the
purist, but that's better than giving away the number and have it be suficient
to get your account emptied...).
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: UNCONFIRMED
creation_date:
description:
At installing Mandrake 9.2rc1, I chose SECURE_LEVEL=2 ("�lev�e") which appears
in my /etc/sysconfig/msec.
Unfortunately, the file has changed compared to Mandrake 9.1
There was :
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.all.log_martians=0
Now there is :
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.log_martians=1
I don't care for rp_filter for the moment (I've read a doc explaining it there
http://www.linuxgazette.com/issue77/lechnyr.html ) but log_martians has a nasty
side effect on the eagle-usb driver for my Sagem Fast800 to access my ISP
freeadsl : it pollutes my /var/log/messages with many lines
Sep 2 23:03:54 BenAthlux kernel: martian source 82.65.237.156 from 127.0.0.1,
on dev ppp0
Sep 2 23:03:54 BenAthlux kernel: ll header: 45:00:00:28:0b:ea:00:00
Those lines are meaningless (coming from loopback, from no identified mac
address as it keeps changing) and may frighten the noobie (and me BTW).
>From 9 posts out of 10 on the subject that I googled, people ended turning off
this feature from out of space (like Z series: funny when you know what to
expect, boring otherwise... ever seen Ed Wood's ?)
That's confusing to put it there as it keeps reappearing after each reboot (the
only hint to turn it off I found was
echo 0 >/proc/sys/net/ipv4/conf/all/log_martians
which is clearly not suficient... Not that many noobies are going to become
network experts, this message is only understandable with a strong explanation.
BTW if you've have any idea how those packets can be produced... well... tell
the developper, it will help ! (that's for package adiusbadsl)
well that is with initscripts-7.06-19mdk but may still exist with 7.06-20mdk ?
Please ensure that it will not reappear in rc3 and release. keep
net.ipv4.conf.all.log_martians=0 thanks.
