• Registered: 2009-05-31
  • Posts: 11

Topic: Need more documentation.

Hi.

These days i'm using netsecl2.4 and found it very well made.
But i found very difficult to setup snort configuration with that firewall.
I've read all the documentation laying around the filesysem/iso/website/configfiles, but that hasn't helped too much.

I wish the important documents for this distro to be in one visible place, expecially about setting up firewall, snort, and about some tweaks that can be made to grsecuirty policy. (http://rsync.netsecl.com/docu/netsecldocu.html imho it is only a list of some tool and features).

I can't understand, also, if firewall 2.4 files has to be applied after installation or they are already there and just to be configured.

Thank in advance for supporting.

  • Registered: 2008-04-13
  • Posts: 83

Re: Need more documentation.

Hi,

Well I guess you missed some stuff smile. First if you noticed in the firewall release i mentioned the archive is only for other distros. The firewall is integrated in NetSecL - you need only to configure 2 variables to use snort:
1. etc/rc.d/rc.firewall set to Y the use of the advance script

NOTE: when you set this you will no longer use the standart script so this means any changes to the settings you made there,  you  will have to make to the rc.advanced script

2. In your /etc/snort_inline.conf. The default value of HOME_NET is [192.168.0.0/16] - you can change that to only your IP with a mask of 32 or with a lower mask to have your network.

and then all you have to do is restart or:
cd /etc/rc.d/
./rc.advanced stop
./rc.advanced start

and then everything should be ok.

We are discussing on how to make documentation easier, we'll look into this. Currently we are planing to migrate the whole site to something else that will make it easy for me and the users - you can check the new design in the general discussion. Thanks for asking - we will put an FAQ out of the questions wink

Yuriy

  • Registered: 2009-05-31
  • Posts: 11

Re: Need more documentation.

Hi,

thanks a lot for the reply.
Yep, i haven't seen the firewall files on your mirror are only for other distros. smile
The funny thing is that i tested that firewall (standart) on my slackware before knowing this...and works great!

Now on netsecl system i'm reading rc.advanced to know what are the differencies in policy, and packet filtering...
With rc.advanced system starded correctly with those changes you have written.

thx again for the support.

  • Registered: 2008-04-13
  • Posts: 83

Re: Need more documentation.

I've put an FAQ in the FAQ section if you have any other questions please ask so I can put the answers there wink.

Yuriy