You are not logged in.
- Topics: Active | Unanswered
#1 2004-08-04 03:45:32
- longhornxtreme
- Member
- Registered: 2004-07-10
- Posts: 131
Firestarter's hit list stays blank when portscanned locally
I have no real understanding of Iptables and just realized that after switching to AL I needed to set up some sort of firewall on my desktop.
So I pacman'd firestarted, found it in /opt/gnome/bin and ran the gui app
I set up everything according to how I wanted it to act and then dropped it down into KDE's tray.
I hopped over to one of my other local computers and scanned it with nmap and Xscan and both turned up blanks. Thats great... but Firestarter's hitlist is staying blank. Not a single notification has popped up as it should, the home LAN has numerous M$ and *nix boxes.... and our public IP is scanned quite regularly by kiddies out there....
Is there some configuration I need to carry out? I've read the manual at Firestarter's homepage and drew a blank.
Anyone seen this behavior with firestarter? It will stay running on the comp as its keeping my desktop slightly less vulnerable but I'd really like to gain full functionality from the program.
If ya'll need any more information please don't hesitate to ask... Or a URL to go read at... I've drawn a blank on google and linuxquestions.org....
Appreciate any replies,
James
Offline
#2 2004-08-04 04:01:51
- ghostwalker
- Member
- From: Tacoma, WA
- Registered: 2004-07-28
- Posts: 140
Re: Firestarter's hit list stays blank when portscanned locally
Take a look at /var/log/kernel that is where my iptable logging is ending up. I have used firestarter for sometime now. It is the easiest to firewall to setup and is somewhat extensive. I just use tail -f /var/log/kernel.
Walt
P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux
Offline
#3 2004-08-04 04:05:42
- longhornxtreme
- Member
- Registered: 2004-07-10
- Posts: 131
Re: Firestarter's hit list stays blank when portscanned locally
Thanks for the quick reply...
But I don't quite understand what the tail -f /var/log/kernel command does....
I'll check out the kernel log once i get home from school....
Offline
#4 2004-08-04 04:27:38
- ghostwalker
- Member
- From: Tacoma, WA
- Registered: 2004-07-28
- Posts: 140
Re: Firestarter's hit list stays blank when portscanned locally
At the root prompt in a terminal tail -f /var/log/kernel will display any new messages that reported as the datat is appended to the end of kernel file, let alone any file.
Walt
P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux
Offline
#5 2004-08-05 03:04:02
- longhornxtreme
- Member
- Registered: 2004-07-10
- Posts: 131
Re: Firestarter's hit list stays blank when portscanned locally
That still doesn't help me out with the GUI functionality at all...
I would still like to be able to monitor my firewall without digging through log files but I appreciate the help anyways!
Offline
#6 2004-08-05 06:39:29
- IceRAM
- Member
- From: Bucharest, Romania
- Registered: 2004-03-04
- Posts: 772
- Website
Re: Firestarter's hit list stays blank when portscanned locally
I would still like to be able to monitor my firewall without digging through log files but I appreciate the help anyways!
I use normal iptables logging (the LOG chain) [from gShield (PKGBUILD available on the forums)] and I redirect all my kernel output to vc12 from within syslog-ng. I could create a filter for those messages in syslog-ng to show, for example, the firewall messages on vc11, but haven't looked in the configs yet.
Or, now I've thought of something else. You can create a FIFO with mkfifo and pipe all the firewall messages to that (also using a filter in syslog-ng). Let's assume you've created it with
mkfifo /var/log/iptables_pipeConfig your syslog-ng (I don't know if syslog is so flexible) to redirect iptables messages to /var/log/iptables_pipe (I can't tell you how to do this, because I haven't tried it yet).
Do (in a console)
while read line; do echo $line; done < /var/log/iptables_pipeand you'll have live report from iptables.
^ I think this should work, but haven't tested it yet (as I've said).
Good luck.
IceRAM
P.S.1. There are some more advanced programs (as far as I remember) for detecting intrusions on Linux. I don't remember these advanced programs having a GUI, probably because they're enough complicated on the inside to create an interface for them. They just put the output in a log, you follow it whatever you want. You won't see much interactivity from the Linux firewalls, mostly because they were supposed to just sit on a machine and do their work.
P.S.2. I haven't seen on linux a GUI firewall on linux doing popups and so on. This is probably because the components are well defined, the firewall runs as root and you probably log in as a normal user. Allowing a normal user to modify live the firewall rules creates a security hole.
:: / my web presence
Offline
#7 2004-08-06 08:18:35
- longhornxtreme
- Member
- Registered: 2004-07-10
- Posts: 131
Re: Firestarter's hit list stays blank when portscanned locally
I joined Firestarter's mailing list and found a solution...
The key was to edit the firestarter script in /root/.gnome2/firestarter
by adding these two lines to the end of it... fixed the GUI functionality right up....
[Files]
syslog=/var/log/kernel
Thanks a bunch for all your help!
Offline
#8 2004-08-21 02:00:13
- steveed
- Member
- From: State College, PA USA
- Registered: 2004-07-25
- Posts: 25
Re: Firestarter's hit list stays blank when portscanned locally
Hello these tips helped me get firestarter .92 working fine, but since the update I have not been able to get .93 working correctly. I followed the instructions from the firestarter-user mailing list which stated that you should issue the following command:
In Firestarter 0.9.3, as root, run "gconftool-2 --set --type string /apps/firestarter/client/system-log /var/log/syslog".
I tried using both the kernel and the iptables logs as well with no luck. Anyone have any experience with this.
Offline
#9 2004-08-21 03:04:20
- ghostwalker
- Member
- From: Tacoma, WA
- Registered: 2004-07-28
- Posts: 140
Re: Firestarter's hit list stays blank when portscanned locally
Hey I tried it. Also what happens when you try tail -f /var/log/kernel ?
P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux
Offline
#10 2004-08-21 11:44:14
- steveed
- Member
- From: State College, PA USA
- Registered: 2004-07-25
- Posts: 25
Re: Firestarter's hit list stays blank when portscanned locally
Hey I tried it. Also what happens when you try tail -f /var/log/kernel ?
Thanks, if I do "tail -f /var/log/kernel.log" I get a the hit list along with the other kernel info, so I guess this provides the information. Hopefully this will work the other way soon.
-Stephen
Offline
#11 2004-08-24 20:21:42
- wickedlester
- Member
- From: Texas, USA
- Registered: 2004-07-22
- Posts: 144
Re: Firestarter's hit list stays blank when portscanned locally
steveed: try changing this "gconftool-2 --set --type string /apps/firestarter/client/system-log /var/log/syslog" to this
"gconftool-2 --set --type string /apps/firestarter/client/system_log /var/log/kernel" thats how mine is in gconf-editor.
edit: note the - between system log is changed to underscore_
Offline