AW: apt-source (was Re: [zorp] Zorp Pro 2.0, post-installation)
Hi, to install and configure Zorp is not an easy thing, so no question is to easy with this software ;-) I have added following line into my last installation: deb https://<user>:<password>@apt.balabit.hu/zorp-os/ 2.1 zorp-os zorp zorp-common zms zms-gui zms-gui-common zms-agent satyr zas Additionally I had to add Acquire::https::Peer-Verify-Level "0"; into the /apt/apt/apt.conf (or something like that) file because I received an error message about an untrusted certificate. At the moment I try to get the new virusbuster module running, but without success. One problem I ran into lately where a configuration mistake with a transparent proxy. Hint: Do not use the same port for "proxy port" and "rule port" when creating a transparent listener. It will not work and the error message will not really help ;-) Regards Dominik
-----Ursprüngliche Nachricht----- Von: Michael D. (Mick) Bauer [mailto:darth.elmo@wiremonkeys.org] Gesendet: Dienstag, 2. Dezember 2003 22:57 An: zorp@lists.balabit.hu Betreff: apt-source (was Re: [zorp] Zorp Pro 2.0, post-installation)
Hi, Major.
Bazsi just gave me a username & password for the apt-source site. What should my new sources.list entry look like? (Pardon the newbie question, but I don't use Debian often.)
Thanks, Mick
On Tue, 2003-12-02 at 04:33, Michael D. (Mick) Bauer wrote:
By changing the OUTPUT default policy on my firewall to ACCEPT, I was able to connect from my ZMS client (actually I could've achieved the same thing by leaving it at DROP but by inserting an "accept established" rule in the OUTPUT chain, right? And shouldn't that be the default?).
Yes, it should be the default. (also by default we don't use DROP rule on OUTPUT chain)
But immediately after successful authentication, I received the error "Request: missing or invalid type", and my ZMS client quit.
It seems like you use zms-engine from the 2.0 series. Zms client for windows is not available from the 2.0 series, but from the 2.1. These are incompatible, so you have to upgrade your zms-engine to 2.1. The upgrade is available from the apt.balabit.hu apt-source, but it require username/password.
BTW: can you tell me the version of your installation CD? You can check it by booting from it, and pressing F9 on the bootscreen, or mount it on a working machine and view the file /cdrom/isolinux/version.scr.
MCS
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
Thanks again, Dominick, for your help -- I had been given an incorrect path for the apt-source site. I've now successfully upgraded to 2.1. Next question for the group: Is there current, English-language documentation for Zorp Pro 2.1? On the one hand, I'm personally just fine with configuring instances.conf and policy.py by hand. But my task at hand is to write a review of Zorp Pro for Linux Journal, and my readership's skill-levels vary widely. So far, I'm having a difficult time understanding zms -- in two hours of playing with it, I have yet to even *see* the word "policy..." Thanks, Mick P.S. I *did* install the zorp-pro-doc module (v.2.1.2), and am finding its zorp-tutorial to be useful. But for GUI info, it refers the reader to the "Getting Started" PDF, which as far as I can tell is outdated -- my copy covers "zui," not zms.
Hi,
to install and configure Zorp is not an easy thing, so no question is to easy with this software ;-) I have added following line into my last installation:
deb https://<user>:<password>@apt.balabit.hu/zorp-os/ 2.1 zorp-os zorp zorp-common zms zms-gui zms-gui-common zms-agent satyr zas
Additionally I had to add
Acquire::https::Peer-Verify-Level "0";
into the /apt/apt/apt.conf (or something like that) file because I received an error message about an untrusted certificate.
At the moment I try to get the new virusbuster module running, but without success.
One problem I ran into lately where a configuration mistake with a transparent proxy. Hint: Do not use the same port for "proxy port" and "rule port" when creating a transparent listener. It will not work and the error message will not really help ;-)
Regards Dominik
-----Ursprüngliche Nachricht----- Von: Michael D. (Mick) Bauer [mailto:darth.elmo@wiremonkeys.org] Gesendet: Dienstag, 2. Dezember 2003 22:57 An: zorp@lists.balabit.hu Betreff: apt-source (was Re: [zorp] Zorp Pro 2.0, post-installation)
Hi, Major.
Bazsi just gave me a username & password for the apt-source site. What should my new sources.list entry look like? (Pardon the newbie question, but I don't use Debian often.)
Thanks, Mick
On Tue, 2003-12-02 at 04:33, Michael D. (Mick) Bauer wrote:
By changing the OUTPUT default policy on my firewall to ACCEPT, I was able to connect from my ZMS client (actually I could've achieved the same thing by leaving it at DROP but by inserting an "accept established" rule in the OUTPUT chain, right? And shouldn't that be the default?).
Yes, it should be the default. (also by default we don't use DROP rule on OUTPUT chain)
But immediately after successful authentication, I received the error "Request: missing or invalid type", and my ZMS client quit.
It seems like you use zms-engine from the 2.0 series. Zms client for windows is not available from the 2.0 series, but from the 2.1. These are incompatible, so you have to upgrade your zms-engine to 2.1. The upgrade is available from the apt.balabit.hu apt-source, but it require username/password.
BTW: can you tell me the version of your installation CD? You can check it by booting from it, and pressing F9 on the bootscreen, or mount it on a working machine and view the file /cdrom/isolinux/version.scr.
MCS
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
_______________________________________________ zorp mailing list zorp@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/zorp
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Hired Goon Specializing in Information Security | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
participants (2)
-
Dominik Oestreicher
-
Michael D. (Mick) Bauer