Firestarter On Startup

[Matt]

Here's what I've got:

matt@linux:~$ cd /etc/firestarter
matt@linux:/etc/firestarter$ sudo ./firestarter.sh start
Firewall started

It needed sudo

[shanenin]

Were getting close :-) The main problem we had was the lack for the "start" parameter. This should work. Instead of placing your firestarter.sh script in /etc/init.d, we should just replace it with a bash script the starts the script

Change to your home directory, then use a text editor to create this script, then save it as firestarter.sh

the script should contain the following

#!/bin/bash
/etc/firestarter/firestarter.sh start  #don't use sudo

now you need to copy and make executable this newly made script to /etc/init.d. it should delete the script we put their earlier.

sudo cp firestarter.sh /etc/init.d
chmod +x /etc/init.d/firestarter.sh

Now we might be in business. reboot and see what happens.

Edited August 2, 2007 by shanenin

[Matt]

Hi shane. I'm about to leave the house and will be out of town for a few days. I'll try this when I get back and let you know how it goes. Thanks so much for the help thus far!

[shanenin]

Enjoy your time away. As to the help, I have fun doing it.

[Matt]

Change to your home directory

is that /home ?

[shanenin]

When I said your home directory, it was not very clear, yours would be /home/matt . It does not really matter what directory you do it from. I just wanted to make sure you were not in the directory /etc/firestarter. If you would would have created the file called firetstarter.sh there, it would have over written the one already there.

One other reason I had you do it that way. You have done some scripting so no the difference(I think) between absolute and relative paths. I gave you the command sudo cp firestarter.sh /etc/init.d, for this to work you both need to be in your directory, /home/matt, for the copy to work properly.

edit adder later//

in retrospect, I would have done this in a less confusing way , by using other names then firestarter.sh.

Edited August 6, 2007 by shanenin

[jwbirdsong]

Also back to your original issue...next time you need to edit /etc/sudoers (and you will)

use the command sudo visudo...

IIRC you MUST use visudo to edit /etc/sudoers..

Some other distros allow you can change that but I don't think you can in Ubuntu.

[Matt]

shanenin: the script didn't appear to work

[shanenin]

When you have some time. try the following. Maybe we can pinpoint where it is failing.

First could you post the output of the cat command. It will show the contents of the script

cat /etc/init.d/firestarter.sh

could you also post the output of ls -l, this will show the permissions of the script, in particular, if it is executable

ls -l /etc/init.d/firestarter.sh

[Matt]

Here you go:

matt@linux:~$ sudo cat /etc/init.d/firestarter.sh
#!/bin/bash
/etc/firestarter/firestarter.sh start  #don't use sudo

matt@linux:~$ ls -l /etc/init.d/firestarter.sh
-rwx--x--x 1 root root 67 2007-08-07 11:06 /etc/init.d/firestarter.sh

Small question: if I understand correctly, I was editing sudoers before because firestarter required a sudo pass to be started, and we were bypassing that. How are we attempting to bypass that now?

[shanenin]

All scripts which are run from the directory /etc/init.d are run by the system at bootup. These are run with full admin privileges. In that case sudo is not needed, it may have even break the script.

if you reboot and then run the following command

does it start your firewall?

sudo /etc/init.d/firestarter.sh

[Matt]

It does (after asking for a password). Is it running as a daemon when it does this? No GUI appears, but the firewall seems to function.

[shanenin]

Since the script works, this seems as if it is not being started by the init system.

[shanenin]

what does this output show

ls -l /etc/rc2.d | grep fire

[Matt]

matt@linux:~$ ls -l /etc/rc2.d | grep fire
lrwxrwxrwx 1 root root  21 2007-07-31 20:39 S20firestarter -> ../init.d/firestarter
lrwxrwxrwx 1 root root  24 2007-08-02 09:27 S20firestarter.sh -> ../init.d/firestarter.sh

[shanenin]

Thats odd. I am not sure why you have two entries for firestarter.

lets try this. We are going to delete all the symlinks first.

sudo update-rc.d -f firestarter.sh remove
sudo update-rc.d -f firestarter remove

now we will rename the firestarter script from firestarter.sh to firestarter(I think the .sh might be causing a problem)

sudo mv /etc/init.d/firestarter.sh  /etc/init.d/firestarter

now lets create the needed symlinks so this starts at bootup(hopefully)

sudo update-rc.d firestarter defaults

you can try a reboot and see what happens.

[Matt]

It still didn't work

[shanenin]

lets check and see if the script, "/etc/init.d/firestarter" is being started at bootup. currently the script has this content:

#!/bin/bash
/etc/firestarter/firestarter.sh start  #don't use sudo

add one line. to make it look like this

#!/bin/bash
/etc/firestarter/firestarter.sh start  #don't use sudo
touch /home/matt/itworked

the touch command will create a empty file called "itworked". If after rebooting, assuming the script is being run, it should create the file called "itworked" in your home directory. Let me know if that file is being created.

[Matt]

itworked was created

[shanenin]

are you sure the firewall is not running

See my point. We know, if you run the script directly, it is starting the firewall. We also know the script in being run. Now I am just dumbfounded to why it is not working

Assuming the firewall is not running, one more time, try running it directly to see if it is being started

sudo /etc/init.d/firestarter

[Matt]

matt@linux:~$ sudo /etc/init.d/firestarter
Password:
Firewall started

I don't believe that it does run automatically. The reason for this is when I bot and go to hackerwatch.org and do a port scan, most of my ports return "Closed but visible". When I manually start the firewall, the scan returns all ports as "secure".

Yes I do see your point. The script is obviously being executed, or that file would not have been created. The file even states that it was created by root, so we know that root privs are being used.

Just to double check, here's my /etc/init.d/firestarter

#!/bin/bash
/etc/firestarter/firestarter.sh start  #don't use sudo

[Matt]

Hold up shanenin. I just rebooted again and went back to hackerwatch.org. This time, it is showing my ports as secure, and I did not manually start the firewall.

It appears to be working!

Is there a way I can see what processes/services/daemons (or whatever we call them in linux) are actively running to make sure the firewall is active?

[iccaros]

ps -ef

as root

or just see of firestarter is running

ps -ef | grep firestarter

top will also show you processes, but if firestarter is not in the top 10 - 15 you may not see it.

[shanenin]

I don't think firestarter actually runs all the time. It is just a frontend to help create an iptables script. Simply said, iptables create your firewall rules, using the iptables command along with NetFilter.

here is another post that may help

http://ubuntuforums.org/showthread.php?t=337024

[Matt]

This is very strange.... I just ran hackerwatch.org and shields up scan after a new boot. This time, it is again telling me that my ports are closed, but insecure as opposed to when I start manually and scan. I don't get it at all.

I did notice that if I manually run Firestarter, and then 'Exit' it, my port scan comes up as secure--so I know that it can run in the background.

Maybe I haven't configured Firestarter correctly.

Here's this, if that's of any help (before manually starting it):

matt@linux:~$ ps -ef | grep firestarter
matt	  5768  5746  0 19:33 pts/0	00:00:00 grep firestarter

Edit: I just rebooted yet again, went to shields up, and it is reporting that my ports are secure. It seems as though it is inconsistent on whether or not it actually loads on bootup.