[zorp] Zorp Pro 2.1 documentation

Michael D. (Mick) Bauer zorp@lists.balabit.hu
Thu, 4 Dec 2003 06:55:36 -0600 (CST)


Thanks again, Dominick, for your help -- I had been given an incorrect
path for the apt-source site. I've now successfully upgraded to 2.1.

Next question for the group:

Is there current, English-language documentation for Zorp Pro 2.1? On the
one hand, I'm personally just fine with configuring instances.conf and
policy.py by hand. But my task at hand is to write a review of Zorp Pro
for Linux Journal, and my readership's skill-levels vary widely.

So far, I'm having a difficult time understanding zms -- in two hours of
playing with it, I have yet to even *see* the word "policy..."

Thanks,
Mick

P.S. I *did* install the zorp-pro-doc module (v.2.1.2), and am finding its
zorp-tutorial to be useful. But for GUI info, it refers the reader to the
"Getting Started" PDF, which as far as I can tell is outdated -- my copy
covers "zui," not zms.

> Hi,
>
> to install and configure Zorp is not an easy thing, so no question is to
> easy with this software ;-) I have added following line into my last
> installation:
>
> deb https://<user>:<password>@apt.balabit.hu/zorp-os/ 2.1 zorp-os zorp
> zorp-common zms zms-gui zms-gui-common zms-agent satyr zas
>
> Additionally I had to add
>
> Acquire::https::Peer-Verify-Level "0";
>
> into the /apt/apt/apt.conf (or something like that) file because I
> received an error message about an untrusted certificate.
>
> At the moment I try to get the new virusbuster module running, but
> without success.
>
> One problem I ran into lately where a configuration mistake with a
> transparent proxy. Hint: Do not use the same port for "proxy port" and
> "rule port" when creating a transparent listener. It will not work and
> the error message will not really help ;-)
>
> Regards
> Dominik
>
>> -----Ursprüngliche Nachricht-----
>> Von: Michael D. (Mick) Bauer [mailto:darth.elmo@wiremonkeys.org]
>> Gesendet: Dienstag, 2. Dezember 2003 22:57
>> An: zorp@lists.balabit.hu
>> Betreff: apt-source (was Re: [zorp] Zorp Pro 2.0, post-installation)
>>
>>
>> Hi, Major.
>>
>> Bazsi just gave me a username & password for the apt-source site. What
>> should my new sources.list entry look like? (Pardon the
>> newbie question,
>> but I don't use Debian often.)
>>
>> Thanks,
>> Mick
>>
>>
>> > On Tue, 2003-12-02 at 04:33, Michael D. (Mick) Bauer wrote:
>> >> By changing the OUTPUT default policy on my firewall to
>> ACCEPT, I was
>> >> able to connect from my ZMS client (actually I could've
>> achieved the
>> >> same thing by leaving it at DROP but by inserting an "accept
>> >> established" rule in the OUTPUT chain, right? And shouldn't that be
>> the default?).
>> >
>> >    Yes, it should be the default. (also by default we don't use DROP
>> > rule on OUTPUT chain)
>> >
>> >> But immediately after successful authentication, I
>> received the error
>> >> "Request: missing or invalid type", and my ZMS client quit.
>> >
>> >   It seems like you use zms-engine from the 2.0 series. Zms
>> client for
>> > windows is not available from the 2.0 series, but from the
>> 2.1. These
>> > are incompatible, so you have to upgrade your zms-engine to 2.1. The
>> upgrade is available from the apt.balabit.hu apt-source,
>> but it require
>> > username/password.
>> >
>> >   BTW: can you tell me the version of your installation CD? You can
>> > check it by booting from it, and pressing F9 on the
>> bootscreen, or mount
>> > it on a working machine and view the file
>> /cdrom/isolinux/version.scr.
>> >
>> > MCS
>> >
>> >
>> >
>> > _______________________________________________
>> > zorp mailing list
>> > zorp@lists.balabit.hu
>> > http://lists.balabit.hu/mailman/listinfo/zorp
>>
>>
>> /-------------------------------------------------\
>> | Michael D. (Mick) Bauer                         |
>> | Hired Goon Specializing in Information Security |
>> | Security Editor, Linux Journal                  |
>> | Dir. of Value-Subtracted Svcs., Wiremonkeys.org |
>> \-------------------------------------------------/
>>
>>
>> _______________________________________________
>> zorp mailing list
>> zorp@lists.balabit.hu
>> http://lists.balabit.hu/mailman/listinfo/zorp
>>
> _______________________________________________
> zorp mailing list
> zorp@lists.balabit.hu
> http://lists.balabit.hu/mailman/listinfo/zorp


/-------------------------------------------------\
| Michael D. (Mick) Bauer                         |
| Hired Goon Specializing in Information Security |
| Security Editor, Linux Journal                  |
| Dir. of Value-Subtracted Svcs., Wiremonkeys.org |
\-------------------------------------------------/