Date: Wed, 29 Nov 2000 20:01:50 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: "Doug Young" <dougy@bryden.apana.org.au> Cc: questions@freebsd.org Subject: Re: 4.2 kernel security / httpd issue Message-ID: <14885.46350.162578.733532@guru.mired.org> In-Reply-To: <53152143@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Young <dougy@bryden.apana.org.au> types: > This is a multi-part message in MIME format. Please don't do that. Send plain text, so we don't have to look at things like this: > - ------=_NextPart_000_02D2_01C05A53.DA1134C0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_001_02D3_01C05A53.DA1134C0" > > > - ------=_NextPart_001_02D3_01C05A53.DA1134C0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > - ------=_NextPart_001_02D3_01C05A53.DA1134C0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> > <META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV> </DIV></BODY></HTML> > Now to the question: > Would someone suggest where to find information on the various kernel = > security levels available in 4.2 RELEASE ? I'm having trouble getting = > apache to start ..... it keeps giving error messages saying "httpd could = > not start" & fully qualified domain name could not be found" (the = > machine does have a public IP & FQDN)=20 It's in the init(8) man page. But I don't think that's the problem. > I don't recall having to mess with httpd.conf in earlier versions of = > FreeBSD, so I'm wondering if maybe the kernel security level is somehow = > responsible .=20 Given that, I'd check /etc/rc.conf for hostname info, /etc/host.conf to make sure your host name lookup is configured properly, and /etc/resolv.conf for dns setup. > It looks like ipfw is installed, posibly by default when the higher = > security levels are requested=20 > (theres what looks like an "ipfw" executable), "ipfw' spits out a page = > full of stuff, but theres nothing > about "ipfw" in "rc.conf That would be the security level in install, which is a different thing than the kernel security level, though the install security level you choose may set a kernel security level (sorry, I'm not familiar with install security levels). > I can't find anything that looks like a config file (maybe not relevant = > to ipfw ??), "man ipfw" doesn't help because its pretty vague, & the = > handbook isn't much better. "Man ipfw gives you a list of valid commands. > I've tried running "ipfw -a", "ipfw -t", "ipfw -N" plus combinations = > thereof, but they don't appear to do anything.=20 None of the ipfw invocation templates on the man page match any of those commands. They shouldn't do anything but spit out a help page - which also doesn't list any of those. Try "ipfw show" to see what rules you're using. If ipfw is causing the error you're seeing, it's because the firewall has screwed up your DNS. <mike -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Unix/FreeBSD consultant, email for rates. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14885.46350.162578.733532>