Server aholed after ASL update?
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
So I can't edit ASL-INPUT like that in easy mode? I have to use advanced mode only? The hardware is 5 years old so I'm on the ASL 27 kernel as the newest one doesn't work with this machine. That's why I wanted to recompile the new one. 348 I think it is. I have to migrate to new hardware.
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
Well I deleted port 30000 and 20 and now my server is offline. D'oh!
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Server aholed after ASL update?
No, you can not edit the ASL-* chains, they are dynamically generated and your changes will be lost, or worse.So I can't edit ASL-INPUT like that in easy mode? I have to use advanced mode only? The hardware is 5 years old so I'm on the ASL 27 kernel as the newest one doesn't work with this machine. That's why I wanted to recompile the new one. 348 I think it is. I have to migrate to new hardware.
There is a new alpha testing firewall feature that may do what you want without using the firewall rule manager. Please see this forum post:
https://atomicorp.com/forum/viewtopic.php?f=25&t=6636
Keep in mind this is an alpha feature, and it may change based on feedback from testing.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
Yep but why do they have the edit button in there man if you can't do that? Anyways. My server is down and I better fix it. I don't know why deleting iptables and those 2 rules locked me and everyone else out. I'll boot into recuse mode and add myself to the ACL list and see if it works then.
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
It's just me that's locked out by the look of it. I'm still getting emails. Not so bad.
Re: Server aholed after ASL update?
well the documentation does say not to do it.Yep but why do they have the edit button in there man if you can't do that?
If everything was easy, then the world wouldn't need engineers.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Server aholed after ASL update?
The reason we allow editing is that we may need to have ask a customer to change a generated rule to debug a different issue.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
I was just looking at the ui and it would be tricky to make it work any other way without having 2 separate screens for easy and advanced mode or using some script in there to tell the difference between asl generated rules and others.
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
I think I know what's going on now. You can edit the rules that way but they won't be saved because they are generated from the asl config screen and will be lost the at the next update. That's why you say don't do it that way. That makes sense.
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
You know what you should do with the asl config screen? Make another form field that allows users to put in the ip addresses they want to allow access along with the port numbers. Then you would have a super easy mode
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Server aholed after ASL update?
We agree, we're working on adding that in too.You know what you should do with the asl config screen? Make another form field that allows users to put in the ip addresses they want to allow access along with the port numbers. Then you would have a super easy mode
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
Mine never had a /etc/asl/firewall/tortixd-access-list? So I made one and it seems to work.
Now it's crying about a kernel that never existed as far as I can tell.
--> Missing Dependency: kernel-uname-r = 2.6.32.60-36.art.i686.PAE is needed by package kmod-xtables-addons-2.6.32.60-36.art.i686.PAE-1.47.1-3.36.el5.i686 (asl-3.0)
So I skipped that package and now it says:
Transaction Check Error:
file /usr/lib/mysql/libmysqlclient.so.18.0.0 from install of mysql-libs-5.5.30-15.el5.art.i386 conflicts with file from package mysqlclient18-5.5.28-6.el5.art.i386
Anyway, nice app you have, very nice. I don't know how I survived all these years without something like ASL
Now it's crying about a kernel that never existed as far as I can tell.
--> Missing Dependency: kernel-uname-r = 2.6.32.60-36.art.i686.PAE is needed by package kmod-xtables-addons-2.6.32.60-36.art.i686.PAE-1.47.1-3.36.el5.i686 (asl-3.0)
So I skipped that package and now it says:
Transaction Check Error:
file /usr/lib/mysql/libmysqlclient.so.18.0.0 from install of mysql-libs-5.5.30-15.el5.art.i386 conflicts with file from package mysqlclient18-5.5.28-6.el5.art.i386
Anyway, nice app you have, very nice. I don't know how I survived all these years without something like ASL
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Server aholed after ASL update?
Please see this FAQ:Transaction Check Error:
file /usr/lib/mysql/libmysqlclient.so.18.0.0 from install of mysql-libs-5.5.30-15.el5.art.i386 conflicts with file from package mysqlclient18-5.5.28-6.el5.art.i386
https://www.atomicorp.com/wiki/index.ph ... ysqlclient
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
What do yous reckon about this? I fixed the dependency problem by removing asl and the mysql lib package that was crying and did a yum update. All is well everything working. Reinstalled asl. All is well everything working. Rebooted to load the asl kernel, no go because of old hardware and no modules, fair enough, I'll reboot back into the centOS kernel. It boots up everything is up and then after 1 minute the server shuts down. Change to another centOS kernel, same thing. After 1 minute the server shuts down as if someone gave it the shutdown command. No matter what I do it won't stay up for more than a minute. It only stays up when I boot into rescue. I can't see anything wrong in the logs.
That's what it was doing last week and I thought it had been aholed so I reinstalled everything. How come it keeps shutting down? It's weird. Any ideas?
Thanks
That's what it was doing last week and I thought it had been aholed so I reinstalled everything. How come it keeps shutting down? It's weird. Any ideas?
Thanks
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: Server aholed after ASL update?
It looks there is something wrong with the hosting company's hardware or control panel