Forums Search Login Register
Login
Username
Password
New Posts Todays Posts Find Users Posts Unanswered Threads Help Mark Forums as Read

Thread Options  Subscribe to this thread Subscribed Users  Add Reply 
Posts: 1,441
Trophies:
1
Hi Ubuntonians,

I have been getting messages sent to /var/mail/root saying with the subject-line "[psad-status] firewall setup warning on _CHANGEME_!"


Code:
You may just need to add a default logging rule to the
    'filter' 'INPUT' chain on _CHANGEME_.  For more information,
    see the file "FW_HELP" in the psad sources directory or visit:

with a link to cipherdyne.

The help page does not but a bit of digging has directed my attention to ufw logging: psad analyzes ufw logs, if there are no ufw logs, psad complains and does nothing.

Various sources unanimously assert that while ufw is installed on ubuntu by default and enabled (ie firewall function is active), logging is not automatically enabled and the user must do this manually.

Continuing, I find that there are two recommended ways to enable ufw logging, which are essentially equivalent in their actions:

Method 1: iptables


Code:
# iptables -A INPUT -j LOG
# iptables -A FORWARD -j LOG
# ip6tables -A INPUT -j LOG
# ip6tables -A FORWARD -j LOG
Method 2: edit rules
The files /etc/ufw/before.rules and /etc/ufw/before6.rules are to be edited directly by inserting two lines into the file immediately before the last line, which is the COMMIT command.

So, for /etc/ufw/before.rules:

Code:
ln 70 -- # allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
ln 71 -- # is uncommented)
ln 72 -- -A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
ln 73 --
ln 74 -- # don't delete the 'COMMIT' line or these rules won't be processed
ln 75 -- COMMIT
Becomes:

Code:
ln 70 -- # allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
ln 71 -- # is uncommented)
ln 72 -- -A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
ln 73 --
ln 74 -- # enable ufw logging and suppress psad error message
ln 75 -- -A INPUT -j LOG
ln 76 -- -A FORWARD -j LOG
ln 77 --
ln 78 -- # don't delete the 'COMMIT' line or these rules won't be processed
ln 79 -- COMMIT
In either case follow with

Code:
# ufw disable
# ufw enable
The reboot leaves me without internet access.

From journalctl we have this:

Code:
ufw-init[495]: iptables-restore v1.8.4 (legacy): no command specified
ufw-init[495]: Error occurred at line: 77
ufw-init[495]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
ufw-init[565]: Problem running '/etc/ufw/before.rules'
systemd[1]: ufw.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: ufw.service: Failed with result 'exit-code'.
Hence no network.

I have deleted the edits. The network now functions as normal, and psad is again telling me that I should enable logging.

We observe that the fail is at the blank line 77. The original before.rules had 76 lines. It may be that the blank line is the problem, but I am wondering whether there is a file integrity system which needs to be told about the edit and the edited file recognised as allowed. The system logs don't provide any information on this.

It may be relevant that I have tiger running on the system, but there is nothing to show that tiger is active at that stage of the boot.
Alternatively, should I recalculate eg md5sums for the new before.rules?

My questions are:
(1) Why does the recommended enablement fail?
(2) Is there a file integrity system which would be active at the boot when ufw is initialised, and which is blocking the processing of /etc/ufw/before.rules?

Many Thanks & Best Regards,

xiguus2
07-30-2020, 10:57 AM
Reply
Subscribe to this thread Subscribed Users  Add Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  TP-Link TL-WN821N stoped working no "enable WiFi" in networking pop down eranfields77 0 9 07-31-2020 06:34 AM
Last Post: eranfields77
  [ubuntu] How do I enable bluetooth in ubu 11.10 KevynB1947 2 209 04-09-2020 07:23 PM
Last Post: FrankJScott
  [ubuntu] recordmydesktop has exited with status: 3328 Shiney 2 568 04-06-2020 01:07 PM
Last Post: FrankJScott
  cryptsetup resize returns device not active despite cryptdisk status returning active KevynB1947 0 33 09-29-2019 06:00 PM
Last Post: KevynB1947
  [ubuntu] How to enable serial port profile for the bluetooth service on ubuntu 18.04 jindymas11 0 44 09-19-2019 09:40 AM
Last Post: jindymas11
  [UbuntuGnome] Ubuntu 18.04 suddenly logging me out QuailC1945 1 159 06-20-2018 04:50 AM
Last Post: Meeniwo9471
  [xubuntu] Re-enable the microphone in PulseAudio in Xubuntu 16.04 lailacoleman7 0 170 05-11-2018 02:47 PM
Last Post: lailacoleman7
  [ubuntu] Trouble logging in thorhelicalremedial 0 177 05-08-2018 11:24 PM
Last Post: thorhelicalremedial
  [64 bit] "Error: unexpectedly disconnected from boot status daemon" on startup Stephen 2 7,610 04-03-2018 09:44 PM
Last Post: ylq
  [ubuntu] Ubuntu logging out when I sign in after sleep mode gandalou1 0 166 12-17-2017 09:15 PM
Last Post: gandalou1

Forum Jump:



User(s) browsing this thread: 1 Guest(s)



Contact Us Privacy Policy Top RSS
Forum Software By: MyBB, © 2002-2020