Firestarter On Startup


Recommended Posts

  Matt said:
This is very strange.... I just ran hackerwatch.org and shields up scan after a new boot. This time, it is again telling me that my ports are closed, but insecure as opposed to when I start manually and scan. I don't get it at all.

I did notice that if I manually run Firestarter, and then 'Exit' it, my port scan comes up as secure--so I know that it can run in the background.

Maybe I haven't configured Firestarter correctly.

Here's this, if that's of any help (before manually starting it):

matt@linux:~$ ps -ef | grep firestarter
matt 5768 5746 0 19:33 pts/0 00:00:00 grep firestarter

Edit: I just rebooted yet again, went to shields up, and it is reporting that my ports are secure. It seems as though it is inconsistent on whether or not it actually loads on bootup.

try this command when it looks like it is not running

udo /etc/init.d/firestarter status

Link to post
Share on other sites
  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

  iccaros said:
try this command when it looks like it is not running

sudo /etc/init.d/firestarter status

this is the content of his /etc/init.d/firestarter file. We just added this file ourselves. I don't think the "status" argument will work in this case :-)

#!/bin/bash
/etc/firestarter/firestarter.sh start #don't use sudo

Link to post
Share on other sites

hmm, that could be the problem. the system does not start things in /etc/inint.d

it runs scripts in the /etc/rc.d/ folder depending on startup level

RC3 is normaly network for Linux so it would be

/etc/rc.d/rc3.d

also your script Should start with a "S" to signify startup as "K" is shutdown and a number to show boot order example

S29FireStarter would execute at startup after script < 28

when firestarter what installed it should have put in a boot script and then you softlink it to /etc/init.d

note ubuntu and debian use /etc/rcS.d/ as its initiation folder

so you may be stepping on the startscript..

here is the start script for fedora

#!/bin/sh
#
# Init file for the Firestarter firewall
#
# chkconfig: 2345 11 92
#
# description: Starts, stops, and lock the firewall
#
# Script Authors:
# Tomas Junnonen <majix@sci.fi>
# Paul Drain <pd@cipherfunk.org>
#
# config: /etc/firestarter/configuration

# Source function library.
. /etc/init.d/functions

# Source networking configuration
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

FS_CONTROL="/etc/firestarter/firestarter.sh"

[ -x $FS_CONTROL ] || exit 0
[ -s /etc/firestarter/configuration ] || exit 0

RETVAL=0

start() {
echo -n "Starting the Firestarter firewall: "
$FS_CONTROL start > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi
echo
return $RETVAL
}

stop() {
echo -n "Stopping the Firestarter firewall:"
$FS_CONTROL stop > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi
echo
return $RETVAL
}

lock() {
echo -n "Locking the Firestarter firewall:"
$FS_CONTROL lock > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
else
failure
fi
echo
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
lock)
lock
RETVAL=$?
;;
status)
if [ -e /var/lock/subsys/firestarter -o -e /var/lock/firestarter ]; then
echo "Firestarter is running..."
else
echo "Firestarter is stopped"
fi
RETVAL=$?
;;
*)
echo "Usage: firestarter {start|stop|restart|lock|status}"
exit 1
esac
exit $RETVAL

here is the debian/ubuntu start script

#!/bin/sh
#
# Init file for the Firestarter firewall
#
# chkconfig: 2345 11 92
#
# description: Starts, stops, and lock the firewall
#
# Script Authors:
# Tomas Junnonen <majix@sci.fi>
# Paul Drain <pd@cipherfunk.org>
#
# config: /etc/firestarter/configuration

FS_CONTROL="/etc/firestarter/firestarter.sh"

[ -x /usr/sbin/firestarter ] || exit 0
[ -x $FS_CONTROL ] || exit 0
[ -s /etc/firestarter/configuration ] || exit 0

RETVAL=0

start() {
echo -n "Starting the Firestarter firewall: "
$FS_CONTROL start > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo done.
else
echo failed.
fi
return $RETVAL
}

stop() {
echo -n "Stopping the Firestarter firewall:"
$FS_CONTROL stop > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo done.
else
echo failed.
fi
return $RETVAL
}

lock() {
echo -n "Locking the Firestarter firewall:"
$FS_CONTROL lock > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo done.
else
echo failed.
fi
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
force-reload)
stop
start
RETVAL=$?
;;
lock)
lock
RETVAL=$?
;;
status)
if [ -e /var/lock/subsys/firestarter -o -e /var/lock/firestarter ]; then
echo "Firestarter is running..."
else
echo "Firestarter is stopped"
fi
RETVAL=$?
;;
*)
echo "Usage: firestarter {start|stop|restart|force-reload|lock|status}"
exit 1
esac
exit $RETVAL

Edited by iccaros
Link to post
Share on other sites

I think I gave out bad advice. I told Matt to delete the firestarter init file(I thought it was the one I created). On my ubuntu system, I used apt-get to uninstall and reinstall firestarter, but the /etc/init.d/firestarter file is not being created. Any ideas why?

Link to post
Share on other sites
  shanenin said:
I think I gave out bad advice. I told Matt to delete the firestarter init file(I thought it was the one I created). On my ubuntu system, I used apt-get to uninstall and reinstall firestarter, but the /etc/init.d/firestarter file is not being created. Any ideas why?

is it in /etc/rcS.d ?

somethings like S19firestarter

Link to post
Share on other sites

I just copied the init script you posted, and placed it in /etc/init.d. I then used the command update-rc.d firestarter defaults. This command will create the sym links for all runlevels. That seemed to work.

to answer your question, it is not in that directory

Link to post
Share on other sites

Sorry Matt for my unruley advice.

I just tested this on my ubuntu system and it seems to work.

First lets remove the crap I had you do

rm /etc/init.d/firestarter
update-rc.d -f firestarter remove

now make a file that contains the ubuntu init script iccaros posted, then name it "firestarter"

Assuming you saved this newly made script in you /home/matt directory. You now need to make it executable

chmod +x /home/matt/firestarter

next you need to copy it to /etc/init.d

cp /home/matt/firestarter /etc/init.d

now add it to your startup with the update-rc.d command

update-rc.d firestarter defaults

now at reboot it should start

edit added later//

for complete stealth protection. make sure you choose under preferences--->imcp filtering, then check "enable icmp filtering"

Link to post
Share on other sites

*sigh* Well, on what we had before shanenin, my scans were at least showing up sometimes as the firewall functioning properly. At first try at this, shields up shows that it didn't work. There is a chance that I did something wrong I suppose. Is there something I can paste for you to check that it was done correctly?

Link to post
Share on other sites

the way we were doing it was kind of dirty. The way I just posted seems to be a more correct solution. I would be happy to look, but think it would be better just to use the method above. I actually tested it on my machine and it seems to work flawlessly.

Link to post
Share on other sites

Lets see if we can figure this out

what does the output of this show

cat /etc/init.d/firestarter

What does the output of this show

ls -l /etc/init.d | grep fire

what does the output of this show

ls -l /etc/rc2.d | grep fire

what does the output of this show

cat /etc/inittab | grep initdefault

Link to post
Share on other sites

matt@linux:~$ cat /etc/init.d/firestarter
#!/bin/sh
#
# Init file for the Firestarter firewall
#
# chkconfig: 2345 11 92
#
# description: Starts, stops, and lock the firewall
#
# Script Authors:
# Tomas Junnonen <majix@sci.fi>
# Paul Drain <pd@cipherfunk.org>
#
# config: /etc/firestarter/configuration

FS_CONTROL="/etc/firestarter/firestarter.sh"

[ -x /usr/sbin/firestarter ] || exit 0
[ -x $FS_CONTROL ] || exit 0
[ -s /etc/firestarter/configuration ] || exit 0

RETVAL=0

start() {
echo -n "Starting the Firestarter firewall: "
$FS_CONTROL start > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo done.
else
echo failed.
fi
return $RETVAL
}

stop() {
echo -n "Stopping the Firestarter firewall:"
$FS_CONTROL stop > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo done.
else
echo failed.
fi
return $RETVAL
}

lock() {
echo -n "Locking the Firestarter firewall:"
$FS_CONTROL lock > /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo done.
else
echo failed.
fi
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
force-reload)
stop
start
RETVAL=$?
;;
lock)
lock
RETVAL=$?
;;
status)
if [ -e /var/lock/subsys/firestarter -o -e /var/lock/firestarter ]; then
echo "Firestarter is running..."
else
echo "Firestarter is stopped"
fi
RETVAL=$?
;;
*)
echo "Usage: firestarter {start|stop|restart|force-reload|lock|status}"
exit 1
esac
exit $RETVAL

matt@linux:~$ ls -l /etc/init.d | grep fire
-rwxr-xr-x 1 root root 1636 2007-08-08 21:48 firestarter

matt@linux:~$ ls -l /etc/rc2.d | grep fire
lrwxrwxrwx 1 root root 21 2007-08-08 21:49 S20firestarter -> ../init.d/firestarter

matt@linux:~$ cat /etc/inittab | grep initdefault
cat: /etc/inittab: No such file or directory

*Matt eyes that last one

Link to post
Share on other sites

the output you showed me seems correct. It is identical to my configuration. I should not matter when you typed the commands. The only thing that seems odd it you do not have the file /etc/inittab. I thought all versions of linux use it.

You restarted your system since following the method using the init script iccaros posted, right?

Link to post
Share on other sites

I followed your instructions using the 2nd start script that iccaros posted.

This may seem silly, but would system -> Preferences ->Sessions and adding sudo /usr/sbin/firestarter as a startup do any good? Or would this not work because there won't be the correct sudo privileges?

Edit: give me a sec, I'll try that command on reboot

Link to post
Share on other sites

I do have an old version of ubuntu, maybe the init system works differently.

as to your question, I don't think that would matter.

edit added later//

I am currently downloading verison 7.04. Is that what you are using?

Link to post
Share on other sites

hi shanenin. I'm wondering if there is a better way to go about following the steps I followed in my original post (editing sudoers or visudo). I'm also wondering if I should scrap Firestarter all together and go with something else that you might recommend?

I'll wait for your reply. If this is a fight you think we can keep going at, then I'm all for it! :) If you think something else might be better, I can do that too.

Thanks so much for the time an effort you've put into this thus far.

Link to post
Share on other sites

As to the time and effort, I enjoy messing with other peoples systems :-) I hardly do anything with linux anymore, so I enjoy tweaking it. I already downloaded the iso, I will definitely get around to installing it. Then I can do some experimenting with some different techniques.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.