From owner-freebsd-questions Wed Nov 29 18: 2: 6 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id CFCEE37B400 for ; Wed, 29 Nov 2000 18:01:50 -0800 (PST) Received: (qmail 13852 invoked by uid 100); 30 Nov 2000 02:01:50 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14885.46350.162578.733532@guru.mired.org> Date: Wed, 29 Nov 2000 20:01:50 -0600 (CST) To: "Doug Young" Cc: questions@freebsd.org Subject: Re: 4.2 kernel security / httpd issue In-Reply-To: <53152143@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Message: You should get a better mailer. Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Doug Young types: > This is a multi-part message in MIME format. Please don't do that. Send plain text, so we don't have to look at things like this: > - ------=_NextPart_000_02D2_01C05A53.DA1134C0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_001_02D3_01C05A53.DA1134C0" > > > - ------=_NextPart_001_02D3_01C05A53.DA1134C0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > - ------=_NextPart_001_02D3_01C05A53.DA1134C0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > charset=3Diso-8859-1"> > > > > >
 
> Now to the question: > Would someone suggest where to find information on the various kernel = > security levels available in 4.2 RELEASE ? I'm having trouble getting = > apache to start ..... it keeps giving error messages saying "httpd could = > not start" & fully qualified domain name could not be found" (the = > machine does have a public IP & FQDN)=20 It's in the init(8) man page. But I don't think that's the problem. > I don't recall having to mess with httpd.conf in earlier versions of = > FreeBSD, so I'm wondering if maybe the kernel security level is somehow = > responsible .=20 Given that, I'd check /etc/rc.conf for hostname info, /etc/host.conf to make sure your host name lookup is configured properly, and /etc/resolv.conf for dns setup. > It looks like ipfw is installed, posibly by default when the higher = > security levels are requested=20 > (theres what looks like an "ipfw" executable), "ipfw' spits out a page = > full of stuff, but theres nothing > about "ipfw" in "rc.conf That would be the security level in install, which is a different thing than the kernel security level, though the install security level you choose may set a kernel security level (sorry, I'm not familiar with install security levels). > I can't find anything that looks like a config file (maybe not relevant = > to ipfw ??), "man ipfw" doesn't help because its pretty vague, & the = > handbook isn't much better. "Man ipfw gives you a list of valid commands. > I've tried running "ipfw -a", "ipfw -t", "ipfw -N" plus combinations = > thereof, but they don't appear to do anything.=20 None of the ipfw invocation templates on the man page match any of those commands. They shouldn't do anything but spit out a help page - which also doesn't list any of those. Try "ipfw show" to see what rules you're using. If ipfw is causing the error you're seeing, it's because the firewall has screwed up your DNS.