PDA

View Full Version : Unusual problem with Bastille. Knoppix works, Sarge not!



FelixDzerzhinsky
08-02-2004, 02:06 PM
I am not very experienced with linux. I have previously installed debian using Knoppix as an installer.

After installing I immediatly install tripwire and bastille and chkrootkit and poff the internet.

I then, chkrootkit, dpkg-reconfigure tripwire and InteractiveBastille. I reboot (necessary only for Bastille.

My first point of call is www.grc.com to check my firewall is working correctly. This is where it gets wierd. With knoppix installed to the hard drive I get a "True Stealth" response and a pat on the back saying my common ports don't respond to pings etc.

I did the same with debian sarge netinstalled and I FAIL the True Stealth test. No long afterwards I recieve a rootkit! Reinstalling begins.

My network configuration doesn't change whether using debian Sarge or knoppix-hdinstall.

My question is as knoppix is based on Sarge why am I getting such a different reponse after setting up Bastille? I did this two or three times. what am I doing wrong?

What other info would you need to diagnose this problem?

Otherwise the new debian installer works for me in expert mode, once I sussed out how the partitioning worked. The only annoying thing was it kept asking me about my pcmcia after I told it no twice!

FelixDzerzhinsky
08-03-2004, 04:56 PM
This is the www.grc.com report with knoppix.


GRC Port Authority Report created on UTC: 2004-08-03 at 15:54:32

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

FelixDzerzhinsky
08-25-2004, 02:26 PM
Over the weekend I experimented with installing debian woody, sarge with new installer, Libranet and Knoppix-installer. Then I ran Bastille as above. With Libranet and Knoppix bastille appears to give me "True Stealth" as defined by www.grc.com while the 'real' debian installs failed to be secured by Bastille or any other firewall that I tried.

Can anybody think why this is so?

Am I failing to install a module when I do a regular debian install?