From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: Guardian 2 - Correction Date: Mon, 18 Jul 2016 16:03:51 +0200 Message-ID: <1468850631.4663.66.camel@ipfire.org> In-Reply-To: <578AC0F1.5060109@dailydata.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5058550407962817597==" List-Id: --===============5058550407962817597== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Thanks for testing and pointing this out. I've re-packed the latest version and uploaded the new tarballs with fixed permissions. -Stefan > A partial fix would be to run the following bash commands. The reason > I > say partial is because I got the permissions from a different > firewall > that does not have Guardian installed on it, so it could not > determine > the correct permissions for any of those directories. > > This was taken from the output of a perl script I threw together. It > is > NOT commented (sorry) but pretty straight forward. Simply gets the > permissions and ownership from each directory (and parent directory) > out > of an array based on Matthias' research. I did NOT check to verify > the > permissions were not already set. The output is simply a list of > commands to set permissions from one machine to the same as the > permissions on another. > > The originating script is temporarily stored at > http://unixservertech.com/fixPermissions.pl > That is a web site in progress. Feel free to download and run it on a > machine that has Guardian (after looking at it and making sure I > didn't > do something stoopid). No guarantee it won't eat your firewall, but I > ran it on a production machine, then ran the output on my test router > and it appears to have worked. > ====================================================== > chown 0:0 /etc > chmod 0755 /etc > > chown 0:0 /etc/logrotate.d > chmod 0755 /etc/logrotate.d > > chown 0:0 /etc/rc.d > chmod 0755 /etc/rc.d > > chown 0:0 /etc/rc.d/init.d > chmod 0755 /etc/rc.d/init.d > > chown 0:0 /etc/rc.d/init.d/networking > chmod 0755 /etc/rc.d/init.d/networking > > chown 0:0 /etc/rc.d/init.d/networking/red.up > chmod 0755 /etc/rc.d/init.d/networking/red.up > > chown 0:0 /etc/rc.d/init.d/snort > chmod 0754 /etc/rc.d/init.d/snort > > chown 0:0 /etc/rc.d/rc0.d > chmod 0755 /etc/rc.d/rc0.d > > chown 0:0 /etc/rc.d/rc3.d > chmod 0755 /etc/rc.d/rc3.d > > chown 0:0 /etc/rc.d/rc6.d > chmod 0755 /etc/rc.d/rc6.d > > chown 0:0 /opt > chmod 0755 /opt > > chown 0:0 /opt/pakfire > chmod 0755 /opt/pakfire > > chown 0:0 /opt/pakfire/db > chmod 0755 /opt/pakfire/db > > chown 0:0 /opt/pakfire/db/installed > chmod 0755 /opt/pakfire/db/installed > > chown 0:0 /srv > chmod 0755 /srv > > chown 0:0 /srv/web > chmod 0755 /srv/web > > chown 0:0 /srv/web/ipfire > chmod 0755 /srv/web/ipfire > > chown 0:0 /srv/web/ipfire/cgi-bin > chmod 0755 /srv/web/ipfire/cgi-bin > > chown 0:0 /srv/web/ipfire/cgi-bin/ids.cgi > chmod 0755 /srv/web/ipfire/cgi-bin/ids.cgi > > chown 0:0 /usr > chmod 0755 /usr > > chown 0:0 /usr/bin > chmod 0755 /usr/bin > > chown 0:0 /usr/lib > chmod 0755 /usr/lib > > chown 0:0 /usr/lib/perl5 > chmod 0755 /usr/lib/perl5 > > chown 0:0 /usr/lib/perl5/site_perl > chmod 0755 /usr/lib/perl5/site_perl > > chown 0:0 /usr/lib/perl5/site_perl/5.12.3 > chmod 0755 /usr/lib/perl5/site_perl/5.12.3 > > chown 0:0 /usr/lib/perl5/site_perl/5.12.3/Net > chmod 0755 /usr/lib/perl5/site_perl/5.12.3/Net > > chown 0:0 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi > chmod 0755 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi > > chown 0:0 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread- > multi/auto > chmod 0755 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread- > multi/auto > > chown 0:0 /usr/sbin > chmod 0755 /usr/sbin > > chown 0:0 /var > chmod 0755 /var > > chown 0:0 /var/ipfire > chmod 0755 /var/ipfire > > chown 0:0 /var/ipfire/backup > chmod 0755 /var/ipfire/backup > > chown 0:0 /var/ipfire/backup/addons > chmod 0755 /var/ipfire/backup/addons > > chown 0:0 /var/ipfire/backup/addons/includes > chmod 0755 /var/ipfire/backup/addons/includes > > chown 0:0 /var/ipfire/langs > chmod 0755 /var/ipfire/langs > > chown 0:0 /var/ipfire/langs/de.pl > chmod 0644 /var/ipfire/langs/de.pl > > chown 0:0 /var/ipfire/langs/en.pl > chmod 0644 /var/ipfire/langs/en.pl > > chown 0:0 /var/ipfire/menu.d > chmod 0755 /var/ipfire/menu.d > > chown 0:0 /var/log > chmod 0755 /var/log > ====================================================== > --===============5058550407962817597== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlhqT0hIQUFvSkVFN1hUaFdQazdMZWhxZ1FBTHVyY1pJYXQ3M01Pc29LeTVFSHYxUEUK S2kyUHcxL3lPY1Rxa2REL2U5Vm1SWWhrUFk2UUdSN3pEeUZDL1Yza1R2OU5Da0ZqcDVDWDFIVlZw Ti8wUCtzSwozYmNtWWtDVzRwUXRlRWZObERWWXpiY3BvVVU4OHBXcHMrLzhvU1Z1QnZQY0lya1lm UmhtQ214R0RERjdVZzVjClhDbWp0U3EyMkxudGIwS0txSHFLcGpMenQ2SEwzS1dnTjhaRm5iWEJw U1FEM1k2WlFkenl5cVBFdDBWTHJoV1UKQ2Z2L2J2bGxka1VTa2ZocThPV1M2UTA4TkVUdnUxRXVk K2MrY0dFV0puNWRVc0JNWFJpUmNBNWw1dDJVYTFiMApVc1c5SC8rTERHS2tpSURqRkUrcXkrTFN6 Q0RrL3BlZ0lQWldscmVRUFQrOXNkUkROWFZnRjZJZzc4YXBIbGtkCjdqYjdJQjQ0VS9CTDBtVnF3 M29Wem9Fd3RTaFFZZElaUVlRTWtsamQ3YURPUG0vQXBLbWd3TmRYdXZjajUrUUoKeXhZK1V0Wkly UnFtNXIrcDNFWW04blgyMitWOUQzeUhqa00yMXg0QktIc1daUFJ0VEZPZ3hpY29aQjhFTWV5bQpQ d1dZcFpWR3QyWFFsTkRQYlZtdk8yU3NYd3hIM0RqZ0hCcFZGcW1vcy9YbTNzQ1diQmc3YmZERGlp WFg1YUZPCks1YzR1V2JOV1FORmk2aktDSERkTVEzclZ5c3ZrbWRMSGFCK1lZUS84RzRyYlFIbE1n aUtJQW9KVnpUQ0NLcUkKeDZoT29RM1lFMFBVTE1Vc0lxTm9Ra2N1QjVVYnZtU2gvOWVnVjh4YzBT am5qRUI1Wk0yN0JHN2pqaU14bmtySApTbzZHcS9CeEVMZ2pOR241SFVIeQo9aHVXcgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============5058550407962817597==--