Nick Rout wrote:
first to find where firehol was installed, look in yast, it has a list of what files are installed.
or you can run the following on the command line;
rpm -ql firehol (assuming firehol is the name of the package) (if you cannot remember the name of the package try:
rpm -qa |grep fire)
Take a look at this book in the library:
http://librarydata.christchurch.org.nz/web2/tramp2.exe/goto/A06c27sl.002?screen=Record.html&server=1home&item=2&item_source=1home
On Wed, 15 Sep 2004 12:31:25 +1200 Ralph Stoker <[EMAIL PROTECTED]> wrote:
Can anyone recommend a good Linux for beginners book?
I've just been trying to install and configure the firehol firewall and run up against a brick wall...not so much with the program itself (which seemed quite logical from the description at http://firehol.sf.net) ...but trying to find where the program has been installed by YaST and how to get it to run and get to the command / configuration lines listed on the website.
This I realise is absolutely basic stuff to regular Linux users...I'm simply trying to move over from a Windows environment but not finding it at all intuitive.
Has the club considered offering a 'migration course' for other newbies?..just the basic but essential orientation:
Find / Run / Configure type stuff
I've always found that a few quick practical how to run throughs enhance knowledge and confidence of new users faster and to a far greater degree than books ever do...the superb CLUG installfest was a great example.
----- Original Message ----- From: "Sascha Beaumont" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 15, 2004 10:26 AM Subject: Re: Dial-up question
A simple firewall config will be all you need. I'd suggest using "firehol" it makes the creation of an IPTables firewall simple and easy to understand. http://firehol.sf.net
You can setup firehol on individual machines, or on a router machine. I'd suggest running it on your router at home, it just uses iptables (older linux firewalls use ipchains) and takes only minutes to setup yet is much easier to maintain than a "raw" iptables firewall. (approx 100 line firehol config generates a 500 line iptables config for our router at work)
Good good on using sudo, there are other ways to do it such as adding the user to the "dialout" group or something, but sudo is a perfectly acceptable way to do things. Just make sure you
- BAD sudo way (fine if you only want win95 level security) user ALL=(ALL) NOPASSWD: ALL
-GOOD sudo way user,user2,user3 ALL = PASSWD: /usr/bin/apt-get, /usr/bin/dpkg user,user2,user3 ALL = NOPASSWD: /usr/sbin/pppd
As for dial on demand, it can be a real pain at times from my experience. Having a button on a taskbar somewhere that you can just click is easier. I'm a fan of using wconnect/connectd for dialup access on a network rather than diald.
On Wed, 15 Sep 2004 10:08:01 +1200, Andrew Errington <[EMAIL PROTECTED]> wrote:
Hi,
I am proposing to set up a Debian based laptop for a friend. All they
need
is email and web from a dial-up ISP, so a fairly low-spec PC with KDE
from
Debian stable is adequate.
I have set up kppp on my laptop, which is similar to one I will get. To make it work I had to install 'sudo', so that an ordinary user can run
kppp
as root, and I had to remove 'auth' from /etc/ppp/options
Anyway, that works fine, and kppp will dial up when I press a button,
and
disconnect when I press another button. I think I would prefer dial-on-demand though, so I am going to try the instructions here:
http://www.davidpashley.com/tutorials/wvdial-pppd-dod.html
At home I am on cable, and I have a router box that basically acts as my firewall. I have no 'protection' on any of the machines on my home network, and I rely on the router for this.
What should I do to get the appropriate level of protection when I
connect
directly to the internet with a modem? My friend will not need to run
any
servers (e.g. ftp or web), but I would like them to have an ssh server
so I
can get in and administer the box.
Thanks for any advice,
Andy
-- Regards, Sascha
======================================================================= This email, including any attachments, is only for the intended addressee. It is subject to copyright, is confidential and may be the subject of legal or other privilege, none of which is waived or lost by reason of this transmission. If the receiver is not the intended addressee, please accept our apologies, notify us by return, delete all copies and perform no other act on the email. Unfortunately, we cannot warrant that the email has not been altered or corrupted during transmission. =======================================================================
