Re: Guardian 2 - Correction

[Matthias Fischer <matthias.fischer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 7645 bytes --]

Hi,

it seems that this problem is yours... ;-)

I just added a few hosts manually and had no problem 'Unblocking all'.

Which process uses 'xtables' on IPFire? GeoIP?

Where do you get this message? On the GUI?

Just to be sure, to see if everything is (hopefully) ok regarding the
rights I would do a:
' find / -user samba -group samba'

But I just found another one: RAM usage. On my production machine, the
old guardian takes about *2529 KB* RAM. On my OFFLINE testmachine the
NEW guardian claims to use *90011 KB*. Confirm?

Best,
Matthias

On 17.07.2016 14:12, Mark Coolen wrote:
> I set the /var/ipfire/guardian permissions to nobody:nobody and everything
> started to work.
> 
> Now I have other problems ;-)
> 
> I tried 'Unblock all' and got:
> 
> Another app is currently holding the xtables lock. Perhaps you want to use
> the -w option?, referer: https://10.46.235.1:444/cgi-bin/guardian.cgi
> 
> On Sun, Jul 17, 2016 at 1:43 AM, Matthias Fischer <
> matthias.fischer(a)ipfire.org> wrote:
> 
>> Hi,
>>
>> another suggestion:
>>
>> Delete ALL files in '/var/ipfire/guardian' and reload
>> '/srv/web/ipfire/cgi-bin/guardian.cgi'. If these files don't exist, they
>> will be created with standard settings.
>>
>> Perhaps GUI can't load because of already wrong file permissions...
>>
>> HTH,
>> Matthias
>>
>> On 17.07.2016 02:56, R. W. Rodolico wrote:
>> > Do the following:
>> >
>> > Open a command prompt on the router, via whatever means you have, and
>> > issue the command:
>> >
>> > tail -f /var/log/httpd/error_log
>> >
>> > Note the latest timestamp of the entry
>> >
>> > Now, open a web browser and browse to the Guardian page, but nothing
>> else.
>> >
>> > Copy the text from the command prompt after the timestamp you noted
>> > above. You can send that directly to me if you like, or reply here.
>> >
>> > If I can not suggest a fix, I'll be happy to work with you via
>> > messaging, email, or if you're in the US, phone.
>> >
>> > Rod
>> >
>> > On 07/16/2016 07:42 PM, Mark Coolen wrote:
>> >> I'm still getting nothing but a blank page. Everything else seems to
>> >> still be working fine, but I'm a bit afraid I'll mess something up
>> >> really badly with all this playing around.
>> >>
>> >> On Sat, Jul 16, 2016 at 7:19 PM, R. W. Rodolico <rodo(a)dailydata.net
>> >> <mailto:rodo(a)dailydata.net>> wrote:
>> >>
>> >>     A partial fix would be to run the following bash commands. The
>> reason I
>> >>     say partial is because I got the permissions from a different
>> firewall
>> >>     that does not have Guardian installed on it, so it could not
>> determine
>> >>     the correct permissions for any of those directories.
>> >>
>> >>     This was taken from the output of a perl script I threw together.
>> It is
>> >>     NOT commented (sorry) but pretty straight forward. Simply gets the
>> >>     permissions and ownership from each directory (and parent
>> directory) out
>> >>     of an array based on Matthias' research. I did NOT check to verify
>> the
>> >>     permissions were not already set. The output is simply a list of
>> >>     commands to set permissions from one machine to the same as the
>> >>     permissions on another.
>> >>
>> >>     The originating script is temporarily stored at
>> >>     http://unixservertech.com/fixPermissions.pl
>> >>     That is a web site in progress. Feel free to download and run it on
>> a
>> >>     machine that has Guardian (after looking at it and making sure I
>> didn't
>> >>     do something stoopid). No guarantee it won't eat your firewall, but
>> I
>> >>     ran it on a production machine, then ran the output on my test
>> router
>> >>     and it appears to have worked.
>> >>     ======================================================
>> >>     chown 0:0 /etc
>> >>     chmod 0755 /etc
>> >>
>> >>     chown 0:0 /etc/logrotate.d
>> >>     chmod 0755 /etc/logrotate.d
>> >>
>> >>     chown 0:0 /etc/rc.d
>> >>     chmod 0755 /etc/rc.d
>> >>
>> >>     chown 0:0 /etc/rc.d/init.d
>> >>     chmod 0755 /etc/rc.d/init.d
>> >>
>> >>     chown 0:0 /etc/rc.d/init.d/networking
>> >>     chmod 0755 /etc/rc.d/init.d/networking
>> >>
>> >>     chown 0:0 /etc/rc.d/init.d/networking/red.up
>> >>     chmod 0755 /etc/rc.d/init.d/networking/red.up
>> >>
>> >>     chown 0:0 /etc/rc.d/init.d/snort
>> >>     chmod 0754 /etc/rc.d/init.d/snort
>> >>
>> >>     chown 0:0 /etc/rc.d/rc0.d
>> >>     chmod 0755 /etc/rc.d/rc0.d
>> >>
>> >>     chown 0:0 /etc/rc.d/rc3.d
>> >>     chmod 0755 /etc/rc.d/rc3.d
>> >>
>> >>     chown 0:0 /etc/rc.d/rc6.d
>> >>     chmod 0755 /etc/rc.d/rc6.d
>> >>
>> >>     chown 0:0 /opt
>> >>     chmod 0755 /opt
>> >>
>> >>     chown 0:0 /opt/pakfire
>> >>     chmod 0755 /opt/pakfire
>> >>
>> >>     chown 0:0 /opt/pakfire/db
>> >>     chmod 0755 /opt/pakfire/db
>> >>
>> >>     chown 0:0 /opt/pakfire/db/installed
>> >>     chmod 0755 /opt/pakfire/db/installed
>> >>
>> >>     chown 0:0 /srv
>> >>     chmod 0755 /srv
>> >>
>> >>     chown 0:0 /srv/web
>> >>     chmod 0755 /srv/web
>> >>
>> >>     chown 0:0 /srv/web/ipfire
>> >>     chmod 0755 /srv/web/ipfire
>> >>
>> >>     chown 0:0 /srv/web/ipfire/cgi-bin
>> >>     chmod 0755 /srv/web/ipfire/cgi-bin
>> >>
>> >>     chown 0:0 /srv/web/ipfire/cgi-bin/ids.cgi
>> >>     chmod 0755 /srv/web/ipfire/cgi-bin/ids.cgi
>> >>
>> >>     chown 0:0 /usr
>> >>     chmod 0755 /usr
>> >>
>> >>     chown 0:0 /usr/bin
>> >>     chmod 0755 /usr/bin
>> >>
>> >>     chown 0:0 /usr/lib
>> >>     chmod 0755 /usr/lib
>> >>
>> >>     chown 0:0 /usr/lib/perl5
>> >>     chmod 0755 /usr/lib/perl5
>> >>
>> >>     chown 0:0 /usr/lib/perl5/site_perl
>> >>     chmod 0755 /usr/lib/perl5/site_perl
>> >>
>> >>     chown 0:0 /usr/lib/perl5/site_perl/5.12.3
>> >>     chmod 0755 /usr/lib/perl5/site_perl/5.12.3
>> >>
>> >>     chown 0:0 /usr/lib/perl5/site_perl/5.12.3/Net
>> >>     chmod 0755 /usr/lib/perl5/site_perl/5.12.3/Net
>> >>
>> >>     chown 0:0 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi
>> >>     chmod 0755 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi
>> >>
>> >>     chown 0:0
>> /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto
>> >>     chmod 0755
>> /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto
>> >>
>> >>     chown 0:0 /usr/sbin
>> >>     chmod 0755 /usr/sbin
>> >>
>> >>     chown 0:0 /var
>> >>     chmod 0755 /var
>> >>
>> >>     chown 0:0 /var/ipfire
>> >>     chmod 0755 /var/ipfire
>> >>
>> >>     chown 0:0 /var/ipfire/backup
>> >>     chmod 0755 /var/ipfire/backup
>> >>
>> >>     chown 0:0 /var/ipfire/backup/addons
>> >>     chmod 0755 /var/ipfire/backup/addons
>> >>
>> >>     chown 0:0 /var/ipfire/backup/addons/includes
>> >>     chmod 0755 /var/ipfire/backup/addons/includes
>> >>
>> >>     chown 0:0 /var/ipfire/langs
>> >>     chmod 0755 /var/ipfire/langs
>> >>
>> >>     chown 0:0 /var/ipfire/langs/de.pl <http://de.pl>
>> >>     chmod 0644 /var/ipfire/langs/de.pl <http://de.pl>
>> >>
>> >>     chown 0:0 /var/ipfire/langs/en.pl <http://en.pl>
>> >>     chmod 0644 /var/ipfire/langs/en.pl <http://en.pl>
>> >>
>> >>     chown 0:0 /var/ipfire/menu.d
>> >>     chmod 0755 /var/ipfire/menu.d
>> >>
>> >>     chown 0:0 /var/log
>> >>     chmod 0755 /var/log
>> >>     ======================================================
>> >>
>> >>     --
>> >>     Rod Rodolico
>> >>     Daily Data, Inc.
>> >>     POB 140465
>> >>     Dallas TX 75214-0465
>> >>     214.827.2170 <tel:214.827.2170>
>> >>     http://www.dailydata.net
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >>  _  _           _     ___         _
>> >>  )\/,) ___  __  )L,   ))  __  __  )) __ _ _
>> >> ((`(( ((_( (|  ((\   ((__((_)((_)(( (('((\(
>> >
>>
>>
> 
>