On Sat, Jul 16, 2016 at 7:19 PM, R. W. Rodolico <rodo@dailydata.net> wrote:

A partial fix would be to run the following bash commands. The reason I
say partial is because I got the permissions from a different firewall
that does not have Guardian installed on it, so it could not determine
the correct permissions for any of those directories.

This was taken from the output of a perl script I threw together. It is
NOT commented (sorry) but pretty straight forward. Simply gets the
permissions and ownership from each directory (and parent directory) out
of an array based on Matthias' research. I did NOT check to verify the
permissions were not already set. The output is simply a list of
commands to set permissions from one machine to the same as the
permissions on another.

The originating script is temporarily stored at
http://unixservertech.com/fixPermissions.pl
That is a web site in progress. Feel free to download and run it on a
machine that has Guardian (after looking at it and making sure I didn't
do something stoopid). No guarantee it won't eat your firewall, but I
ran it on a production machine, then ran the output on my test router
and it appears to have worked.
======================================================
chown 0:0 /etc
chmod 0755 /etc

chown 0:0 /etc/logrotate.d
chmod 0755 /etc/logrotate.d

chown 0:0 /etc/rc.d
chmod 0755 /etc/rc.d

chown 0:0 /etc/rc.d/init.d
chmod 0755 /etc/rc.d/init.d

chown 0:0 /etc/rc.d/init.d/networking
chmod 0755 /etc/rc.d/init.d/networking

chown 0:0 /etc/rc.d/init.d/networking/red.up
chmod 0755 /etc/rc.d/init.d/networking/red.up

chown 0:0 /etc/rc.d/init.d/snort
chmod 0754 /etc/rc.d/init.d/snort

chown 0:0 /etc/rc.d/rc0.d
chmod 0755 /etc/rc.d/rc0.d

chown 0:0 /etc/rc.d/rc3.d
chmod 0755 /etc/rc.d/rc3.d

chown 0:0 /etc/rc.d/rc6.d
chmod 0755 /etc/rc.d/rc6.d

chown 0:0 /opt
chmod 0755 /opt

chown 0:0 /opt/pakfire
chmod 0755 /opt/pakfire

chown 0:0 /opt/pakfire/db
chmod 0755 /opt/pakfire/db

chown 0:0 /opt/pakfire/db/installed
chmod 0755 /opt/pakfire/db/installed

chown 0:0 /srv
chmod 0755 /srv

chown 0:0 /srv/web
chmod 0755 /srv/web

chown 0:0 /srv/web/ipfire
chmod 0755 /srv/web/ipfire

chown 0:0 /srv/web/ipfire/cgi-bin
chmod 0755 /srv/web/ipfire/cgi-bin

chown 0:0 /srv/web/ipfire/cgi-bin/ids.cgi
chmod 0755 /srv/web/ipfire/cgi-bin/ids.cgi

chown 0:0 /usr
chmod 0755 /usr

chown 0:0 /usr/bin
chmod 0755 /usr/bin

chown 0:0 /usr/lib
chmod 0755 /usr/lib

chown 0:0 /usr/lib/perl5
chmod 0755 /usr/lib/perl5

chown 0:0 /usr/lib/perl5/site_perl
chmod 0755 /usr/lib/perl5/site_perl

chown 0:0 /usr/lib/perl5/site_perl/5.12.3
chmod 0755 /usr/lib/perl5/site_perl/5.12.3

chown 0:0 /usr/lib/perl5/site_perl/5.12.3/Net
chmod 0755 /usr/lib/perl5/site_perl/5.12.3/Net

chown 0:0 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi
chmod 0755 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi

chown 0:0 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto
chmod 0755 /usr/lib/perl5/site_perl/5.12.3/i586-linux-thread-multi/auto

chown 0:0 /usr/sbin
chmod 0755 /usr/sbin

chown 0:0 /var
chmod 0755 /var

chown 0:0 /var/ipfire
chmod 0755 /var/ipfire

chown 0:0 /var/ipfire/backup
chmod 0755 /var/ipfire/backup

chown 0:0 /var/ipfire/backup/addons
chmod 0755 /var/ipfire/backup/addons

chown 0:0 /var/ipfire/backup/addons/includes
chmod 0755 /var/ipfire/backup/addons/includes

chown 0:0 /var/ipfire/langs
chmod 0755 /var/ipfire/langs

chown 0:0 /var/ipfire/langs/de.pl
chmod 0644 /var/ipfire/langs/de.pl

chown 0:0 /var/ipfire/langs/en.pl
chmod 0644 /var/ipfire/langs/en.pl

chown 0:0 /var/ipfire/menu.d
chmod 0755 /var/ipfire/menu.d

chown 0:0 /var/log
chmod 0755 /var/log
======================================================

--
Rod Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
214.827.2170
http://www.dailydata.net

_ _           _     ___         _
)\/,) ___ __ )L,   )) __ __ )) __ _ _
((`(( ((_( (| ((\   ((__((_)((_)(( (('((\(