You are not logged in.

#1 2004-08-04 03:45:32

longhornxtreme
Member
Registered: 2004-07-10
Posts: 131

Firestarter's hit list stays blank when portscanned locally

I have no real understanding of Iptables and just realized that after switching to AL I needed to set up some sort of firewall on my desktop. 

So I pacman'd firestarted, found it in /opt/gnome/bin and ran the gui app

I set up everything according to how I wanted it to act and then dropped it down into KDE's tray. 

I hopped over to one of my other local computers and scanned it with nmap and Xscan and both turned up blanks.  Thats great... but Firestarter's hitlist is staying blank.  Not a single notification has popped up as it should, the home LAN has numerous M$ and *nix boxes.... and our public IP is scanned quite regularly by kiddies out there....

Is there some configuration I need to carry out?  I've read the manual at Firestarter's homepage and drew a blank. 

Anyone seen this behavior with firestarter?  It will stay running on the comp as its keeping my desktop slightly less vulnerable but I'd really like to gain full functionality from the program. 

If ya'll need any more information please don't hesitate to ask...  Or a URL to go read at... I've drawn a blank on google and linuxquestions.org....

Appreciate any replies,
James

Offline

#2 2004-08-04 04:01:51

ghostwalker
Member
From: Tacoma, WA
Registered: 2004-07-28
Posts: 140

Re: Firestarter's hit list stays blank when portscanned locally

Take a look at /var/log/kernel that is where my iptable logging is ending up. I have used firestarter for sometime now. It is the easiest to firewall to setup and is somewhat extensive. I just use tail -f /var/log/kernel.

Walt


P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux

Offline

#3 2004-08-04 04:05:42

longhornxtreme
Member
Registered: 2004-07-10
Posts: 131

Re: Firestarter's hit list stays blank when portscanned locally

Thanks for the quick reply...

But I don't quite understand what the  tail -f /var/log/kernel  command does....

I'll check out the kernel log once i get home from school....

Offline

#4 2004-08-04 04:27:38

ghostwalker
Member
From: Tacoma, WA
Registered: 2004-07-28
Posts: 140

Re: Firestarter's hit list stays blank when portscanned locally

At the root prompt in a terminal tail -f /var/log/kernel will display any new messages that reported as the datat is appended to the end of kernel file, let alone any file.

Walt


P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux

Offline

#5 2004-08-05 03:04:02

longhornxtreme
Member
Registered: 2004-07-10
Posts: 131

Re: Firestarter's hit list stays blank when portscanned locally

That still doesn't help me out with the GUI functionality at all...

I would still like to be able to monitor my firewall without digging through log files but I appreciate the help anyways!

Offline

#6 2004-08-05 06:39:29

IceRAM
Member
From: Bucharest, Romania
Registered: 2004-03-04
Posts: 772
Website

Re: Firestarter's hit list stays blank when portscanned locally

longhornxtreme wrote:

I would still like to be able to monitor my firewall without digging through log files but I appreciate the help anyways!

I use normal iptables logging (the LOG chain) [from gShield (PKGBUILD  available on the forums)] and I redirect all my kernel output to vc12 from within syslog-ng. I could create a filter for those messages in syslog-ng to show, for example, the firewall messages on vc11, but haven't looked in the configs yet.

Or, now I've thought of something else. You can create a FIFO with mkfifo and pipe all the firewall messages to that (also using a filter in syslog-ng). Let's assume you've created it with

mkfifo /var/log/iptables_pipe

Config your syslog-ng (I don't know if syslog is so flexible) to redirect iptables messages to /var/log/iptables_pipe (I can't tell you how to do this, because I haven't tried it yet).
Do (in a console)

while read line; do echo $line; done < /var/log/iptables_pipe

and you'll have live report from iptables.
^ I think this should work, but haven't tested it yet (as I've said).

Good luck.

IceRAM

P.S.1. There are some more advanced programs (as far as I remember) for detecting intrusions on Linux. I don't remember these advanced programs having a GUI, probably because they're enough complicated on the inside to create an interface for them. They just put the output in a log, you follow it whatever you want. You won't see much interactivity from the Linux firewalls, mostly because they were supposed to just sit on a machine and do their work.
P.S.2. I haven't seen on linux a GUI firewall on linux doing popups and so on. This is probably because the components are well defined, the firewall runs as root and you probably log in as a normal user. Allowing a normal user to modify live the firewall rules creates a security hole.

Offline

#7 2004-08-06 08:18:35

longhornxtreme
Member
Registered: 2004-07-10
Posts: 131

Re: Firestarter's hit list stays blank when portscanned locally

I joined Firestarter's mailing list and found a solution...

The key was to edit the firestarter script in /root/.gnome2/firestarter

by adding these two lines to the end of it... fixed the GUI functionality right up....

[Files]
syslog=/var/log/kernel


Thanks a bunch for all your help!

Offline

#8 2004-08-21 02:00:13

steveed
Member
From: State College, PA USA
Registered: 2004-07-25
Posts: 25

Re: Firestarter's hit list stays blank when portscanned locally

Hello these tips helped me get firestarter .92 working fine, but since the update I have not been able to get .93 working correctly. I followed the instructions from the firestarter-user mailing list which stated that you should issue the following command:
In Firestarter 0.9.3, as root, run "gconftool-2 --set --type string  /apps/firestarter/client/system-log /var/log/syslog".

I tried using both the kernel and the iptables logs as well with no luck.  Anyone have any experience with this.

Offline

#9 2004-08-21 03:04:20

ghostwalker
Member
From: Tacoma, WA
Registered: 2004-07-28
Posts: 140

Re: Firestarter's hit list stays blank when portscanned locally

Hey I tried it. Also what happens when you try tail -f /var/log/kernel ?


P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux

Offline

#10 2004-08-21 11:44:14

steveed
Member
From: State College, PA USA
Registered: 2004-07-25
Posts: 25

Re: Firestarter's hit list stays blank when portscanned locally

ghostwalker wrote:

Hey I tried it. Also what happens when you try tail -f /var/log/kernel ?

Thanks,  if I do "tail -f /var/log/kernel.log" I get a the hit list along with the other kernel info, so I guess this provides the information. Hopefully this will work the other way soon.
-Stephen

Offline

#11 2004-08-24 20:21:42

wickedlester
Member
From: Texas, USA
Registered: 2004-07-22
Posts: 144

Re: Firestarter's hit list stays blank when portscanned locally

steveed: try changing this "gconftool-2 --set --type string /apps/firestarter/client/system-log /var/log/syslog" to this
"gconftool-2 --set --type string /apps/firestarter/client/system_log /var/log/kernel" thats how mine is in gconf-editor.

edit: note the - between system log is changed to underscore_

Offline

Board footer

Powered by FluxBB