Re: [Fwbuilder-discussion] Installer and PuTTY under windows
Brought to you by:
mikehorn
From: <va...@vk...> - 2006-05-22 16:32:10
|
On May 22, 2006, at 8:11 AM, Sunny wrote: > On 5/19/06, Vadim Kurland =E2=9C=8D <va...@vk...> wrote: >> >> it complains that it can't chmod the script /etc/firewall/fwqa.fw ... >> Could you post the output of "ls -l /etc/firewall" command ? Also >> check if the script in that directory is in fact the script generated >> by the compiler >> >> There is also an option in the firewall settings dialog that turns on >> debugging output in the generated script. If you try that, the script >> should print a lot of debugging info when it is executed which seems >> to be the moment when you observe the pause with no output at all. >> >> Basically I want to check if the script really has been copied and if >> it has been activated at all. >> >> --vk >> > > The script is copied: > > sunny@fwqa:~> ls -l /etc/firewall > total 32 > -rwxrwxr-x 1 root fwadmin 15769 2006-05-22 09:57 fwqa.fw > -rwxrwxr-x 1 root fwadmin 12924 2006-05-15 12:20 fwqa.fw.old > > sunny@fwqa:~> ls -dl /etc/firewall > drwxrwxr-x 2 root fwadmin 4096 2006-05-19 12:44 /etc/firewall > > This is newly generated, just now, with the debugging output. The time > shows that it is the right script, as well, as the content. > > The user I'm using for ssh is member of fwadmin group, as I showed > before, so I do not know why it fails with the chmod command. > > Anyway, even with debug on, it does not display any output, and the > script is not executed, as the changes that I made are not applied. (I > just disabled one port for one address, to see if it works). If I run > the same script from a ssh console, it changes the rules as expected. > this is very strange. You say the script works when you run it from =20 the console. Do you see the debugging output when you do that ? It =20 should print literary every shell command it executes, there should =20 be a lot of output. try this: - log in to the firewall using putty, but make sure you ssh into =20 the firewall using its IP address 192.168.2.254 rather than its name - run command "sudo -l". See what it listed, the list should match =20 what you configured in the sudoers file. I just realized that chmod is _not_ listed in sudoers, that is =20 probably the reason it fails. Nevertheless I would like to verify =20 configuration of sudo and make sure the script itself really appears =20 in "sudo -l" output please send generated script fwqa.fw to me (in a private email) --vk > The output I see in fwbuilder is exactly the same as I post it last > week. And the behaviour is the same, i.e. a long delay after the > login, and after that it reports that the policy is applied, but it is > not: > > Copying C:/Documents and Settings/sunny/My Documents/ProdEnv/fwqa.fw > -> 192.168.2.254:/etc/firewall > Running command 'C:/Program Files/PuTTY/plink.exe -ssh -pw XXXXXX -v > -l sunny 192.168.2.254 echo '--**--**--';cat > /etc/firewall/fwqa.fw > &&chmod +x /etc/firewall/fwqa.fw;echo Done; ' > Server version: SSH-1.99-OpenSSH_4.2 > We claim version: SSH-2.0-PuTTY_Release_0.58 > Using SSH protocol version 2 > Doing Diffie-Hellman group exchange > Doing Diffie-Hellman key exchange > Host key fingerprint is: > ssh-rsa 1024 10:e0:8c:0b:1d:51:5b:ad:c4:c6:72:5d:5d:1c:e7:de > Initialised AES-256 client->server encryption > Initialised HMAC-SHA1 client->server MAC algorithm > Initialised AES-256 server->client encryption > Initialised HMAC-SHA1 server->client MAC algorithm > Using username "sunny". > Using keyboard-interactive authentication. > Access granted > Opened channel for session > Started a shell/command > --**--**-- > Logged in > Sent EOF message > Server sent command exit status 0 > Done > chmod: changing permissions of `/etc/firewall/fwqa.fw': Operation =20 > not permitted > All channels closed. Disconnecting > Server closed network connection > SSH session terminated, exit status: 0 > Activating new policy > Running command 'C:/Program Files/PuTTY/plink.exe -ssh -pw XXXXXX -v > -l sunny 192.168.2.254 echo '--**--**--'; sudo -S > /etc/firewall/fwqa.fw && sudo -S pkill shutdown; echo 'Policy > activated' ' > Server version: SSH-1.99-OpenSSH_4.2 > We claim version: SSH-2.0-PuTTY_Release_0.58 > Using SSH protocol version 2 > Doing Diffie-Hellman group exchange > Doing Diffie-Hellman key exchange > Host key fingerprint is: > ssh-rsa 1024 10:e0:8c:0b:1d:51:5b:ad:c4:c6:72:5d:5d:1c:e7:de > Initialised AES-256 client->server encryption > Initialised HMAC-SHA1 client->server MAC algorithm > Initialised AES-256 server->client encryption > Initialised HMAC-SHA1 server->client MAC algorithm > Using username "sunny". > Using keyboard-interactive authentication. > Access granted > Opened channel for session > Started a shell/command > --**--**-- > Logged in > sunny's password: > Policy activated > Server sent command exit status 0 > All channels closed. Disconnecting > Server closed network connection > SSH session terminated, exit status: 0 > Done > > Any ideas? > > -- > Svetoslav Milenov (Sunny) > > Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit > operating system originally coded for a 4-bit microprocessor by a > 2-bit company that can't stand 1 bit of competition. > > !DSPAM:4471d4d983301051931565! > |