Tuesday, 19 January 2010

Enabling ping, NFS and ssh in Mandrake at server-grade security levels

You have installed Mandrake Linux and have discovered that you cannot ping the machine or ssh onto it.

To enable pings, do this:
Add/Edit /etc/security/msec/level.local
add the line: accept_icmp_echo(yes)

Edit /etc/sysctl.conf

change the line:
net.ipv4.icmp_echo_ignore_all=1
to
net.ipv4.icmp_echo_ignore_all=0

and then run sysctl -p


To enable ssh, ensure that you have ssh installed (urpmi ssh). Mandrake does not automatically enable ssh at
server-grade security levels. The key here is the /etc/hosts.allow file. Ensure that you have this line in /etc/hosts.allow:
sshd : ALL




There is a similar problem if you run NFS mounts on your machine. Your portmap is disabled by default at certain security levels. The key here is to enable NFS ONLY for those IPs that need access to that machine. Here is an example of enabling portmap for a subnet and also the server itself (LOCAL) within the /etc/hosts.allow file:
portmap : 111.222.333.444/255.255.255.0, LOCAL



Honeypot: spam@kieser.net
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)