Re: Firestarter

To: debian-user-french@lists.debian.org
Subject: Re: Firestarter
From: Raphaël Sauvain <raphael.sauvain@bluewin.ch>
Date: Fri, 09 Jun 2006 17:39:22 +0200
Message-id: <[🔎] e6c4ln$d71$1@sea.gmane.org>
In-reply-to: <[🔎] 200606090107.13474.lolo@system-linux.net>
References: <[🔎] 44887F29.30607@free.fr> <[🔎] 44888863.5060608@free.fr> <[🔎] 20060608212326.GD4018@steed.jfs.dt> <[🔎] 200606090107.13474.lolo@system-linux.net>

laurent besson a écrit :
> Le jeudi 8 Juin 2006 23:23, JF Straeten a écrit :
>> Et quant tu lances l'interface graphique, il ne te demande pas ton pwd
>> de root ?  C'est le comportement que j'ai constaté sur une sarge en
>> tout cas.
> 
> Et c'est normal, parce que jusqu'a preuve du contraire l'administrateur sous 
> linux c'est root !
> 
> 
Non, non,

Voici le mode d'emploi que j'avais pris sur le site officiel :

> Q: How can I get Firestarter to load automatically when I log in as a regular user?
> Firestarter running in the system tray
> 
> Normally when you start Firestarter by clicking an icon or manually from a terminal, the system will prompt you for your root user's password. However, this is a bit of a hassle, especially if you want to run Firestarter all the time when logged in. In that case Firestarter can be loaded in the background when you log in with your regular user, without asking a password and minimized to the system tray (pictured right).
> Giving the user permission to launch Firestarter without the root password
> 
> In order for a regular user to be able to launch Firestarter, the user must be given additional privileges. Edit your /etc/sudoers file in your favorite text editor and add the following line at the end:
> username ALL= NOPASSWD: /usr/bin/firestarter
> 
> Note: Debian users should replace /usr/bin/firestarter with /usr/sbin/firestarter in the above line.
> 
> Simply replace username with whatever your login is. The specified user is now able to launch Firestarter without being prompted for a password using the command sudo firestarter.
> 
> A note on the security aspects: This method makes a trade off in local security for convenience. If your user account becomes compromised the attacker will be able to control the firewall. However this method is preferable to having a shared root user password in a multiuser setting. It is also preferable if the alternative is not to run Firestarter at all.
> Launching Firestarter minimized to the tray on login
> 
> Having performed the above configuration of permissions, the system can further be set up to load Firestarter when you log in with your regular user account. Firestarter will in that case load directly into the system tray without user intervention, after which the main interface can be accessed by clicking the tray icon.
> 
> Using GNOME:
> The GNOME sessions manager
> 
> Open up your GNOME menu, select Preferences followed by Sessions. Switch to the Startup programs tab, pictured right.
> 
> Click Add and enter
> sudo firestarter --start-hidden
> as the startup command. Click OK and you're done.
> 
> To stop Firestarter from loading on login, simply remove its entry from the startup programs listing.
> 
> Using KDE:
> 
> Open a terminal and execute the following two commands:
> 
> echo -e '#'\!'/bin/sh\nsudo firestarter --start-hidden' > ~/.kde/Autostart/firestarter
> chmod a+x ~/.kde/Autostart/firestarter
> 
> Firstarter will now load automatically when KDE starts. To stop Firestarter from loading when you log in, remove the ~/.kde/Autostart/firestarter file.
> 
> 
> 
> Q: How can I test if the firewall is working for sure?
> 
> The only way to know for sure if your firewall coverage is complete is for an outside party to test it. You can not run nmap or some other network tool to test the firewall from the firewall host itself.
> 
> There are many free sites on the Internet that will provide a remote scan of your system. Here are a few that we have found useful, as well as the expected result with the Firestarter default policy loaded:
> 
>     * Sygate Security Scan : http://scan.sygatetech.com/
>       The scan will report Unable to detect any running services!
>     * Shields Up! : https://grc.com/x/ne.dll?bh0bkyd2
>       The scan will report all ports as stealted
> 
> Why you might not be getting the results you expect
> 
> If some specific port is reported as Closed instead of Stealthed by Shields Up, your Internet service provider is probably blocking the port before the scanner even connects to your machine. This is typical for ports such as 25 (SMTP) and 80 (HTTP) that your ISP prohibits you from running services on.
> 
> If you have a DSL or cable modem box that provides Network Address Translation services, it is possible that the scan does not reflect the status of Firestarter but that of the box.

Reply to:

Follow-Ups:
- Re: Firestarter
  - From: laurent besson <lolo@system-linux.net>

References:
- Machine virtuelle Java
  - From: fallen <fallen.angels1@free.fr>
- Firestarter
  - From: fallen <fallen.angels1@free.fr>
- Re: Firestarter
  - From: JF Straeten <jfstraeten@tiscali.be>
- Re: Firestarter
  - From: laurent besson <lolo@system-linux.net>

Prev by Date: mise à jour etch impossible : xlibmesa-gl-dev boucle entre les champs Conflicts et Pre-Depends
Next by Date: Re: aptitude trop zélé
Previous by thread: Re: Firestarter
Next by thread: Re: Firestarter
Index(es):
- Date
- Thread