# [solved] hardened env samba NT_STATUS_BAD_NETWORK_NAME

## ping-uino

[/code]Hi gurus and not, i need your help.

I made an hardened gentoo installation and everything seems fine except samba.

The goal is to make a share for guest users (i know an hardened enviroment for that is stupid, but it's an hard life...)

If i try to connect to a share a receive:

```

server ~ # smbclient -L //127.0.0.1 -N                                         

Domain=[SERVER] OS=[Unix] Server=[Samba 3.0.27a]

tree connect failed: NT_STATUS_BAD_NETWORK_NAME

```

an extract of logs says:

```

[2007/11/30 09:44:04, 5] auth/auth_util.c:debug_nt_user_token(454)

  NT user token of user S-1-5-21-336031323-1654025876-3359635413-501

  contains 5 SIDs

  SID[  0]: S-1-5-21-336031323-1654025876-3359635413-501

  SID[  1]: S-1-22-2-1000

  SID[  2]: S-1-1-0

  SID[  3]: S-1-5-2

  SID[  4]: S-1-5-32-546

  SE_PRIV  0x0 0x0 0x0 0x0

[2007/11/30 09:44:04, 5] auth/auth_util.c:debug_unix_user_token(474)

  UNIX token of user 1000

  Primary group is 1000 and contains 1 supplementary groups

  Group[  0]: 1000

[2007/11/30 09:44:04, 5] smbd/uid.c:change_to_user(273)

  change_to_user uid=(1000,1000) gid=(0,1000)

[2007/11/30 08:44:04, 0] smbd/service.c:make_connection_snum(1003)

  '/tmp' does not exist or permission denied when connecting to [IPC$] Error was Permission denied

[2007/11/30 08:44:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2007/11/30 08:44:04, 5] auth/auth_util.c:debug_nt_user_token(448)

  NT user token: (NULL)

[2007/11/30 08:44:04, 5] auth/auth_util.c:debug_unix_user_token(474)

  UNIX token of user 0

  Primary group is 0 and contains 0 supplementary groups

[2007/11/30 08:44:04, 5] smbd/uid.c:change_to_root_user(288)

  change_to_root_user: now uid=(0,0) gid=(0,0)

[2007/11/30 09:44:04, 3] smbd/connection.c:yield_connection(69)

  Yielding connection to IPC$

[2007/11/30 09:44:04, 3] smbd/error.c:error_packet_set(106)

  error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME

```

Then the smb.conf

```

[global]

  workgroup = WORKGROUP

  netbios name = server

  map to guest = bad user

  security = user

  log file = /var/log/samba/%m.log

  log level = 10

  guest account = samba

## share definitions

[ciao]

  path = /data

  public = yes

  only guest = yes

  writable = yes

  printable = no

#  msdfs proxy = no

```

is NOT a basic permission problem:

```

server ~ # ls -ld /data/

drwxrwxrwx 3 samba samba 72 2007-11-29 11:06 /data/

server ~ # ls -ld /tmp/

drwxrwxrwt 5 samba samba 352 2007-11-30 09:56 /tmp/

```

user samba exists (in many of my tries i created a different user instead of use nobody)

```

server ~ # grep samba /etc/passwd /etc/group

/etc/passwd:samba:x:1000:1000::/dev/null:/bin/bash

/etc/group:samba:x:1000:

```

if i try a different server connection everything works (obfuscade for security):

```

server ~ # smbclient -L //192.168.1.x -N                                                                                                     

Domain=[LINUX] OS=[Unix] Server=[Samba 3.0.24]

        Sharename       Type      Comment

        ---------       ----      -------

        print$          Disk      

        pxxxxxxx        Disk      

        bxxxxx          Disk      

        wxxs            Disk      

        IPC$            IPC       IPC Service (Samba 3.0.24)

Domain=[LINUX] OS=[Unix] Server=[Samba 3.0.24]

        Server               Comment

        ---------            -------

        Workgroup            Master

        ---------            -------

        MSHOME               QWLM2F66RPBXBIU

        Txxxx                LxxxX

        Txxxxxxx             Sxxxxx

        WORKGROUP            Sxxxxx

```

After many hours, I discover a trace: if i map guest user to root everything works fine; then i believe i misconfigured something in the kernel (i strip out useless commented parts)

here is my .config

```

#

# Automatically generated make config: don't edit

# Linux kernel version: 2.6.22-hardened-r8

# Fri Nov 30 00:31:32 2007

#

CONFIG_X86_32=y

CONFIG_GENERIC_TIME=y

CONFIG_CLOCKSOURCE_WATCHDOG=y

CONFIG_GENERIC_CLOCKEVENTS=y

CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y

CONFIG_LOCKDEP_SUPPORT=y

CONFIG_STACKTRACE_SUPPORT=y

CONFIG_SEMAPHORE_SLEEPERS=y

CONFIG_X86=y

CONFIG_MMU=y

CONFIG_ZONE_DMA=y

CONFIG_QUICKLIST=y

CONFIG_GENERIC_ISA_DMA=y

CONFIG_GENERIC_IOMAP=y

CONFIG_GENERIC_BUG=y

CONFIG_GENERIC_HWEIGHT=y

CONFIG_ARCH_MAY_HAVE_PC_FDC=y

CONFIG_DMI=y

CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"

#

# Code maturity level options

#

CONFIG_EXPERIMENTAL=y

CONFIG_BROKEN_ON_SMP=y

CONFIG_INIT_ENV_ARG_LIMIT=32

#

# General setup

#

CONFIG_LOCALVERSION=""

CONFIG_LOCALVERSION_AUTO=y

CONFIG_SWAP=y

CONFIG_SYSVIPC=y

CONFIG_SYSVIPC_SYSCTL=y

CONFIG_POSIX_MQUEUE=y

CONFIG_IKCONFIG=y

CONFIG_IKCONFIG_PROC=y

CONFIG_LOG_BUF_SHIFT=18

CONFIG_SYSFS_DEPRECATED=y

# CONFIG_RELAY is not set

CONFIG_BLK_DEV_INITRD=y

CONFIG_INITRAMFS_SOURCE=""

CONFIG_CC_OPTIMIZE_FOR_SIZE=y

CONFIG_SYSCTL=y

# CONFIG_EMBEDDED is not set

CONFIG_UID16=y

CONFIG_SYSCTL_SYSCALL=y

CONFIG_KALLSYMS=y

# CONFIG_KALLSYMS_ALL is not set

# CONFIG_KALLSYMS_EXTRA_PASS is not set

CONFIG_HOTPLUG=y

CONFIG_PRINTK=y

CONFIG_BUG=y

CONFIG_ELF_CORE=y

CONFIG_BASE_FULL=y

CONFIG_FUTEX=y

CONFIG_ANON_INODES=y

CONFIG_EPOLL=y

CONFIG_SIGNALFD=y

CONFIG_EVENTFD=y

CONFIG_SHMEM=y

CONFIG_VM_EVENT_COUNTERS=y

CONFIG_SLAB=y

# CONFIG_SLUB is not set

# CONFIG_SLOB is not set

CONFIG_RT_MUTEXES=y

# CONFIG_TINY_SHMEM is not set

CONFIG_BASE_SMALL=0

#

# Loadable module support

#

CONFIG_MODULES=y

CONFIG_MODULE_UNLOAD=y

CONFIG_MODULE_FORCE_UNLOAD=y

CONFIG_KMOD=y

#

# Block layer

#

CONFIG_BLOCK=y

#

# IO Schedulers

#

CONFIG_IOSCHED_NOOP=y

CONFIG_IOSCHED_AS=y

CONFIG_IOSCHED_DEADLINE=y

CONFIG_DEFAULT_AS=y

CONFIG_DEFAULT_IOSCHED="anticipatory"

#

# Processor type and features

#

CONFIG_TICK_ONESHOT=y

CONFIG_NO_HZ=y

CONFIG_HIGH_RES_TIMERS=y

CONFIG_X86_GENERICARCH=y

CONFIG_X86_CYCLONE_TIMER=y

CONFIG_MPENTIUMIII=y

CONFIG_X86_GENERIC=y

CONFIG_X86_CMPXCHG=y

CONFIG_X86_L1_CACHE_SHIFT=7

CONFIG_X86_XADD=y

CONFIG_RWSEM_XCHGADD_ALGORITHM=y

CONFIG_GENERIC_CALIBRATE_DELAY=y

CONFIG_X86_WP_WORKS_OK=y

CONFIG_X86_INVLPG=y

CONFIG_X86_BSWAP=y

CONFIG_X86_POPAD_OK=y

CONFIG_X86_ALIGNMENT_16=y

CONFIG_X86_GOOD_APIC=y

CONFIG_X86_INTEL_USERCOPY=y

CONFIG_X86_USE_PPRO_CHECKSUM=y

CONFIG_X86_TSC=y

CONFIG_X86_CMOV=y

CONFIG_X86_MINIMUM_CPU_MODEL=4

CONFIG_HPET_TIMER=y

CONFIG_HPET_EMULATE_RTC=y

CONFIG_PREEMPT_NONE=y

CONFIG_X86_LOCAL_APIC=y

CONFIG_X86_IO_APIC=y

CONFIG_VM86=y

CONFIG_MICROCODE=y

CONFIG_MICROCODE_OLD_INTERFACE=y

CONFIG_X86_MSR=y

CONFIG_X86_CPUID=y

#

# Firmware Drivers

#

CONFIG_NOHIGHMEM=y

CONFIG_PAGE_OFFSET=0xC0000000

CONFIG_ARCH_POPULATES_NODE_MAP=y

CONFIG_SELECT_MEMORY_MODEL=y

CONFIG_FLATMEM_MANUAL=y

CONFIG_FLATMEM=y

CONFIG_FLAT_NODE_MEM_MAP=y

CONFIG_SPLIT_PTLOCK_CPUS=4

CONFIG_ZONE_DMA_FLAG=1

CONFIG_NR_QUICK=1

CONFIG_MTRR=y

CONFIG_SECCOMP=y

CONFIG_HZ_250=y

CONFIG_HZ=250

CONFIG_PHYSICAL_START=0x200000

CONFIG_PHYSICAL_ALIGN=0x100000

CONFIG_COMPAT_VDSO=y

#

# Power management options (ACPI, APM)

#

CONFIG_PM=y

CONFIG_PM_LEGACY=y

#

# ACPI (Advanced Configuration and Power Interface) Support

#

CONFIG_ACPI=y

CONFIG_ACPI_BUTTON=y

CONFIG_ACPI_PROCESSOR=y

CONFIG_ACPI_THERMAL=y

CONFIG_ACPI_BLACKLIST_YEAR=2001

CONFIG_ACPI_EC=y

CONFIG_ACPI_POWER=y

CONFIG_ACPI_SYSTEM=y

CONFIG_X86_PM_TIMER=y

#

# Bus options (PCI, PCMCIA, EISA, MCA, ISA)

#

CONFIG_PCI=y

CONFIG_PCI_GOANY=y

CONFIG_PCI_BIOS=y

CONFIG_PCI_DIRECT=y

CONFIG_PCI_MMCONFIG=y

CONFIG_ARCH_SUPPORTS_MSI=y

CONFIG_ISA_DMA_API=y

#

# Executable file formats

#

CONFIG_BINFMT_ELF=y

#

# Networking

#

CONFIG_NET=y

#

# Networking options

#

CONFIG_PACKET=y

CONFIG_UNIX=y

CONFIG_INET=y

CONFIG_IP_MULTICAST=y

CONFIG_IP_FIB_HASH=y

CONFIG_SYN_COOKIES=y

CONFIG_INET_DIAG=y

CONFIG_INET_TCP_DIAG=y

CONFIG_TCP_CONG_CUBIC=y

CONFIG_DEFAULT_TCP_CONG="cubic"

CONFIG_NETFILTER=y

#

# Core Netfilter Configuration

#

CONFIG_NF_CONNTRACK_ENABLED=m

CONFIG_NF_CONNTRACK=m

CONFIG_NF_CONNTRACK_MARK=y

CONFIG_NF_CONNTRACK_FTP=m

CONFIG_NF_CONNTRACK_NETBIOS_NS=m

CONFIG_NETFILTER_XTABLES=m

CONFIG_NETFILTER_XT_TARGET_MARK=m

CONFIG_NETFILTER_XT_TARGET_TCPMSS=m

CONFIG_NETFILTER_XT_MATCH_CONNMARK=m

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m

CONFIG_NETFILTER_XT_MATCH_TCPMSS=m

#

# IP: Netfilter Configuration

#

CONFIG_NF_CONNTRACK_IPV4=m

CONFIG_NF_CONNTRACK_PROC_COMPAT=y

CONFIG_IP_NF_IPTABLES=m

CONFIG_IP_NF_MATCH_IPRANGE=m

CONFIG_IP_NF_MATCH_ADDRTYPE=m

CONFIG_IP_NF_FILTER=m

CONFIG_IP_NF_TARGET_REJECT=m

CONFIG_IP_NF_TARGET_ULOG=m

CONFIG_NF_NAT=m

CONFIG_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=m

CONFIG_IP_NF_TARGET_NETMAP=m

CONFIG_NF_NAT_FTP=m

#

# Bridge: Netfilter Configuration

#

CONFIG_BRIDGE=m

CONFIG_LLC=m

#

# Generic Driver Options

#

CONFIG_STANDALONE=y

CONFIG_PREVENT_FIRMWARE_BUILD=y

CONFIG_FW_LOADER=y

#

# Plug and Play support

#

CONFIG_PNP=y

#

# Protocols

#

CONFIG_PNPACPI=y

#

# Block devices

#

CONFIG_BLK_DEV_LOOP=y

CONFIG_BLK_DEV_RAM=y

CONFIG_BLK_DEV_RAM_COUNT=16

CONFIG_BLK_DEV_RAM_SIZE=4096

CONFIG_BLK_DEV_RAM_BLOCKSIZE=1024

#

# Misc devices

#

CONFIG_IDE=y

CONFIG_BLK_DEV_IDE=y

#

# Please see Documentation/ide.txt for help/info on IDE drives

#

CONFIG_BLK_DEV_IDEDISK=y

CONFIG_IDEDISK_MULTI_MODE=y

CONFIG_BLK_DEV_IDECD=y

CONFIG_BLK_DEV_IDEACPI=y

CONFIG_IDE_PROC_FS=y

#

# IDE chipset support/bugfixes

#

CONFIG_IDE_GENERIC=y

CONFIG_BLK_DEV_IDEPCI=y

CONFIG_IDEPCI_PCIBUS_ORDER=y

CONFIG_BLK_DEV_IDEDMA_PCI=y

CONFIG_BLK_DEV_PIIX=y

CONFIG_BLK_DEV_IDEDMA=y

#

# Multi-device support (RAID and LVM)

#

CONFIG_MD=y

CONFIG_BLK_DEV_MD=y

CONFIG_MD_LINEAR=m

CONFIG_MD_RAID1=y

CONFIG_MD_FAULTY=m

CONFIG_BLK_DEV_DM=y

CONFIG_DM_MIRROR=y

CONFIG_DM_ZERO=m

CONFIG_DM_MULTIPATH=m

#

# Network device support

#

CONFIG_NETDEVICES=y

CONFIG_TUN=m

CONFIG_PHYLIB=y

#

# MII PHY device drivers

#

CONFIG_LXT_PHY=m

CONFIG_FIXED_PHY=m

#

# Ethernet (10 or 100Mbit)

#

CONFIG_NET_ETHERNET=y

CONFIG_MII=y

#

# Tulip family network device support

#

CONFIG_NET_PCI=y

CONFIG_E100=m

CONFIG_8139TOO=m

#

# Input device support

#

CONFIG_INPUT=y

#

# Userland interfaces

#

CONFIG_INPUT_MOUSEDEV=y

CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024

CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768

#

# Input Device Drivers

#

CONFIG_INPUT_KEYBOARD=y

CONFIG_KEYBOARD_ATKBD=y

#

# Hardware I/O ports

#

CONFIG_SERIO=y

CONFIG_SERIO_I8042=y

CONFIG_SERIO_LIBPS2=y

#

# Character devices

#

CONFIG_VT=y

CONFIG_VT_CONSOLE=y

CONFIG_HW_CONSOLE=y

#

# Serial drivers

#

CONFIG_SERIAL_8250=y

CONFIG_SERIAL_8250_CONSOLE=y

CONFIG_SERIAL_8250_PCI=y

CONFIG_SERIAL_8250_PNP=y

CONFIG_SERIAL_8250_NR_UARTS=4

CONFIG_SERIAL_8250_RUNTIME_UARTS=4

#

# Non-8250 serial port support

#

CONFIG_SERIAL_CORE=y

CONFIG_SERIAL_CORE_CONSOLE=y

CONFIG_UNIX98_PTYS=y

CONFIG_LEGACY_PTYS=y

CONFIG_LEGACY_PTY_COUNT=256

#

# IPMI

#

CONFIG_HW_RANDOM=y

CONFIG_HW_RANDOM_INTEL=y

CONFIG_HW_RANDOM_VIA=y

CONFIG_RTC=y

CONFIG_HPET=y

CONFIG_HPET_MMAP=y

#

# TPM devices

#

CONFIG_DEVPORT=y

#

# Display device support

#

CONFIG_FB=y

CONFIG_FB_CFB_FILLRECT=y

CONFIG_FB_CFB_COPYAREA=y

CONFIG_FB_CFB_IMAGEBLIT=y

CONFIG_FB_DEFERRED_IO=y

#

# Frame buffer hardware drivers

#

CONFIG_FB_VESA=y

#

# Console display driver support

#

CONFIG_VGA_CONSOLE=y

CONFIG_VGACON_SOFT_SCROLLBACK=y

CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=128

CONFIG_VIDEO_SELECT=y

CONFIG_DUMMY_CONSOLE=y

CONFIG_FRAMEBUFFER_CONSOLE=y

CONFIG_FONT_8x8=y

CONFIG_FONT_8x16=y

CONFIG_LOGO=y

CONFIG_LOGO_LINUX_VGA16=y

CONFIG_LOGO_LINUX_CLUT224=y

#

# USB support

#

CONFIG_USB_ARCH_HAS_HCD=y

CONFIG_USB_ARCH_HAS_OHCI=y

CONFIG_USB_ARCH_HAS_EHCI=y

#

# File systems

#

CONFIG_EXT2_FS=y

CONFIG_EXT2_FS_XATTR=y

CONFIG_EXT2_FS_POSIX_ACL=y

CONFIG_EXT3_FS=m

CONFIG_EXT3_FS_XATTR=y

CONFIG_EXT3_FS_POSIX_ACL=y

CONFIG_JBD=m

CONFIG_FS_MBCACHE=y

CONFIG_REISERFS_FS=y

CONFIG_REISERFS_FS_XATTR=y

CONFIG_REISERFS_FS_POSIX_ACL=y

CONFIG_FS_POSIX_ACL=y

CONFIG_INOTIFY=y

CONFIG_INOTIFY_USER=y

CONFIG_DNOTIFY=y

CONFIG_AUTOFS4_FS=y

CONFIG_FUSE_FS=m

#

# CD-ROM/DVD Filesystems

#

CONFIG_ISO9660_FS=y

#

# DOS/FAT/NT Filesystems

#

CONFIG_FAT_FS=m

CONFIG_MSDOS_FS=m

CONFIG_VFAT_FS=m

CONFIG_FAT_DEFAULT_CODEPAGE=437

CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"

#

# Pseudo filesystems

#

CONFIG_PROC_FS=y

CONFIG_PROC_KCORE=y

CONFIG_PROC_SYSCTL=y

CONFIG_SYSFS=y

CONFIG_TMPFS=y

CONFIG_HUGETLBFS=y

CONFIG_HUGETLB_PAGE=y

CONFIG_RAMFS=y

#

# Miscellaneous filesystems

#

#

# Network File Systems

#

CONFIG_SMB_FS=m

CONFIG_CIFS=m

#

# Partition Types

#

CONFIG_MSDOS_PARTITION=y

#

# Native Language Support

#

CONFIG_NLS=y

CONFIG_NLS_DEFAULT="iso8859-1"

CONFIG_NLS_CODEPAGE_437=y

CONFIG_NLS_CODEPAGE_850=y

CONFIG_NLS_ASCII=y

CONFIG_NLS_ISO8859_1=y

CONFIG_NLS_ISO8859_15=y

CONFIG_NLS_UTF8=y

#

# Kernel hacking

#

CONFIG_TRACE_IRQFLAGS_SUPPORT=y

# CONFIG_PRINTK_TIME is not set

CONFIG_ENABLE_MUST_CHECK=y

CONFIG_MAGIC_SYSRQ=y

CONFIG_UNUSED_SYMBOLS=y

# CONFIG_DEBUG_FS is not set

# CONFIG_HEADERS_CHECK is not set

CONFIG_DEBUG_KERNEL=y

# CONFIG_DEBUG_SHIRQ is not set

CONFIG_DETECT_SOFTLOCKUP=y

# CONFIG_SCHEDSTATS is not set

# CONFIG_TIMER_STATS is not set

# CONFIG_DEBUG_SLAB is not set

# CONFIG_DEBUG_RT_MUTEXES is not set

# CONFIG_RT_MUTEX_TESTER is not set

# CONFIG_DEBUG_SPINLOCK is not set

# CONFIG_DEBUG_MUTEXES is not set

# CONFIG_DEBUG_LOCK_ALLOC is not set

# CONFIG_PROVE_LOCKING is not set

# CONFIG_DEBUG_SPINLOCK_SLEEP is not set

# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set

# CONFIG_DEBUG_KOBJECT is not set

CONFIG_DEBUG_BUGVERBOSE=y

# CONFIG_DEBUG_INFO is not set

# CONFIG_DEBUG_VM is not set

# CONFIG_DEBUG_LIST is not set

# CONFIG_FRAME_POINTER is not set

# CONFIG_FORCED_INLINING is not set

# CONFIG_RCU_TORTURE_TEST is not set

# CONFIG_FAULT_INJECTION is not set

CONFIG_EARLY_PRINTK=y

CONFIG_DEBUG_STACKOVERFLOW=y

# CONFIG_DEBUG_STACK_USAGE is not set

# CONFIG_4KSTACKS is not set

CONFIG_X86_FIND_SMP_CONFIG=y

CONFIG_X86_MPPARSE=y

CONFIG_DOUBLEFAULT=y

#

# Security options

#

#

# Grsecurity

#

CONFIG_GRKERNSEC=y

# CONFIG_GRKERNSEC_LOW is not set

# CONFIG_GRKERNSEC_MEDIUM is not set

# CONFIG_GRKERNSEC_HIGH is not set

# CONFIG_GRKERNSEC_HARDENED is not set

CONFIG_GRKERNSEC_CUSTOM=y

#

# Address Space Protection

#

# CONFIG_GRKERNSEC_KMEM is not set

# CONFIG_GRKERNSEC_IO is not set

# CONFIG_GRKERNSEC_BRUTE is not set

# CONFIG_GRKERNSEC_MODSTOP is not set

# CONFIG_GRKERNSEC_HIDESYM is not set

#

# Role Based Access Control Options

#

# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set

CONFIG_GRKERNSEC_ACL_MAXTRIES=3

CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#

# Filesystem Protections

#

# CONFIG_GRKERNSEC_PROC is not set

# CONFIG_GRKERNSEC_LINK is not set

# CONFIG_GRKERNSEC_FIFO is not set

# CONFIG_GRKERNSEC_CHROOT is not set

#

# Kernel Auditing

#

# CONFIG_GRKERNSEC_AUDIT_GROUP is not set

# CONFIG_GRKERNSEC_EXECLOG is not set

# CONFIG_GRKERNSEC_RESLOG is not set

# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set

# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set

CONFIG_GRKERNSEC_AUDIT_MOUNT=y

CONFIG_GRKERNSEC_AUDIT_IPC=y

CONFIG_GRKERNSEC_SIGNAL=y

CONFIG_GRKERNSEC_FORKFAIL=y

CONFIG_GRKERNSEC_TIME=y

# CONFIG_GRKERNSEC_PROC_IPADDR is not set

#

# Executable Protections

#

CONFIG_GRKERNSEC_EXECVE=y

CONFIG_GRKERNSEC_SHM=y

CONFIG_GRKERNSEC_DMESG=y

# CONFIG_GRKERNSEC_TPE is not set

#

# Network Protections

#

# CONFIG_GRKERNSEC_RANDNET is not set

# CONFIG_GRKERNSEC_SOCKET is not set

#

# Sysctl support

#

CONFIG_GRKERNSEC_SYSCTL=y

# CONFIG_GRKERNSEC_SYSCTL_ON is not set

#

# Logging Options

#

CONFIG_GRKERNSEC_FLOODTIME=10

CONFIG_GRKERNSEC_FLOODBURST=4

#

# PaX

#

CONFIG_PAX=y

#

# PaX Control

#

# CONFIG_PAX_SOFTMODE is not set

CONFIG_PAX_EI_PAX=y

CONFIG_PAX_PT_PAX_FLAGS=y

CONFIG_PAX_NO_ACL_FLAGS=y

# CONFIG_PAX_HAVE_ACL_FLAGS is not set

# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#

# Non-executable pages

#

# CONFIG_PAX_NOEXEC is not set

#

# Address Space Layout Randomization

#

# CONFIG_PAX_ASLR is not set

#

# Miscellaneous hardening features

#

# CONFIG_PAX_MEMORY_SANITIZE is not set

# CONFIG_KEYS is not set

# CONFIG_SECURITY is not set

#

# Cryptographic options

#

CONFIG_CRYPTO=y

CONFIG_CRYPTO_ALGAPI=y

CONFIG_CRYPTO_BLKCIPHER=m

CONFIG_CRYPTO_MANAGER=m

CONFIG_CRYPTO_SHA256=y

CONFIG_CRYPTO_ECB=m

CONFIG_CRYPTO_CBC=m

CONFIG_CRYPTO_PCBC=m

#

# Hardware crypto devices

#

#

# Library routines

#

CONFIG_BITREVERSE=y

CONFIG_CRC32=y

CONFIG_PLIST=y

CONFIG_HAS_IOMEM=y

CONFIG_HAS_IOPORT=y

CONFIG_HAS_DMA=y

CONFIG_GENERIC_HARDIRQS=y

CONFIG_GENERIC_IRQ_PROBE=y

CONFIG_X86_BIOS_REBOOT=y

CONFIG_KTIME_SCALAR=y

```

the firewall is compiled in (as module), but not started.

```

server ~ # lsmod

Module                  Size  Used by

8139too                19435  0 

server ~ # rc-update -s | grep iptables

           (none)

server ~ # rc-update del iptables

 * 'iptables' not found in any of the specified runlevels

```

Please, help me...

if you need more info, just ask.

----------

## djinnZ

```
[global]

host allow = 192.168. 127.
```

----------

## ping-uino

YEAH! Now it works!!!

I leave a message for someone else that fall in trouble with this.

It's my fault and it's quite stupid (now that i know)   :Embarassed: 

```

server ~ # ls -ld /                                                        

drwxr-x--- 21 root root 544 2007-11-26 18:23 /

```

should be:

```

server ~ # chmod o+rx /

server ~ # ls -ld /

drwxr-xr-x 21 root root 544 2007-11-26 18:23 /

```

the problem was caused by the deploy server that i used to create the server. (rsync do the right job, copy all permissions also the wrong one)

----------

