[TriLUG] Changing Red Hat security settings

William Sutton william at trilug.org
Wed Mar 2 14:48:10 EST 2005 

Hmm....Please see responses interspersed below:

On Wed, 2 Mar 2005, John Berninger wrote:

> On Wed, 02 Mar 2005, William Sutton wrote:
> 
> > I have a Red Hat ES 2.1 server that I set up some time in distant memory 
> > (say 6 months ago).  When I set it up, I believe did the good admin policy 
> > of saying "no ftp".  Now it seems I need an ftp server on the system.  
> > I've (attempted to) install the rpms that came with the CDs (wu-ftpd?  
> > Even my RH9 system at home has vsftpd), but it doesn't seem to take.
> > 
> > Questions:
> > 1.  Is this a security setting (I think so, but want to confirm)?
>         Possible ; more below.
> 
> > 2.  If this is a security setting, how do I go about changing it?  What 
> > I've found via google says "redhat-config-security*", but neither the 
> > system nor its CD isos (which I kindly left on the hard disk for later 
> > usage) appear to have such a command (and rpmfind.net doesn't list any for 
> > ES 2.1)).
>         RHEL 2.1 is based on RHL 7.2, so if you want vsftpd, you'd
> likely have to roll your own.

Nice...Was there a reason for doing this other than the dependency hell 
that seemed to be part of RH8.x and RH9?

> 
> > 3.  Not related directly:  Which is preferable?  vsftpd or wu-ftpd?  If 
> > vsftpd, where can I get an rpm that will work on ES 2.1?
>         vsftpd is way more secure, but <support drone>it's not supported
> on RHEL 2.1</drone>.

figures...

> 
>         Your best bet is to make sure the package is installed by
> running an "rpm -q <pkg>".  Then make sure it's set to start -
> "chkconfig --list <service>".  Then make sure it's started - "service
> <service> status" and if not start it - "service <service> start".  If
> it's started and you can't connect, check your firewall settings -
> "iptables -L" and/or "ipchains -L".

ok, some checking:

# rpm -qa |grep -i 'wu-ftp'
wu-ftpd-2.6.1-20

# chkconfig --list  |grep -i ftp
        wu-ftpd:        on

# service wu-ftpd status
wu-ftpd: unrecognized service

ntsysv doesn't have anything resembling an ftp service

and finally,

# iptables -L
/lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o: 
init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, 
including invalid IO or IRQ parameters
/lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o: insmod 
/lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o: insmod 
ip_tables failed
iptables v1.2.5: can't initialize iptables table `filter': iptables who? 
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

All sounds very ominous.  Perhaps I should consider bumping this up to RH 
ES 3.something?

-- 
William Sutton
M: 919.604.2502

More information about the TriLUG mailing list