NetFilter P-O-M

Protecting your Linux box

NetFilter P-O-M

Postby mansoor17177 » Fri Jun 02, 2006 8:13 pm

SALAM every one,

I need help, how to PATCH netfilter ?
I'm using Fedora core 5, and i already downloaded latest p-o-m.

Can any one tell me the step by step configuration from downloding patch to appling patch, or if i just install iptables from source downloaded from netfilter's website will all extention i need become available for me?

thanks
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Re: NetFilter P-O-M

Postby nomankhn » Sat Jun 03, 2006 10:09 am

mansoor17177 wrote:SALAM every one,

I need help, how to PATCH netfilter ?
I'm using Fedora core 5, and i already downloaded latest p-o-m.

Can any one tell me the step by step configuration from downloding patch to appling patch, or if i just install iptables from source downloaded from netfilter's website will all extention i need become available for me?

thanks


Dear Mansoor

http://www.linuxsecurity.com/content/view/117370/49/
http://www.linuxpakistan.net/forum2x/vi ... tch++matic

I am sure your problem will be resolved.

but still their are alot of issues with that, so its not easy to configure and implement it until person have programming experience to settle down the problems.

Regards
Noman Khanzada
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mansoor17177 » Sat Jun 03, 2006 11:52 am

SALAM Noman,

Thanks for ur reply, i just patch iptables p-o-m with source kernel and configure the kernel option and save the config file , but now i hav problem with compiling the kernel, I tried the method which is given by u in link http://www.linuxpakistan.net/forum2x/viewtopic.php?t=3998&highlight=patch++matic
but i got some error " # make dep " " *** Warning: make dep is unnecessary now."

i'm using FC5 source kernel and p-o-m & iptables from netfilter

now tell me what i did wrong, below is step which i done

1. I downloaded the patch and iptables source code from netfilter website
2. in p-o-m dir i issued the command " #./runme base "
3. select the kernel source dir
4. select the iptables source
5. when p-o-m starts selects the required module and then quit
6. in kernel source dir issue this command " # make xconfig "
7. select the NEW option in netfilter configuration and then save the config file
8. then " # make dep" and it gives me error " *** Warning: make dep is unnecessary now."

plz help me in this bcoz i need time function in netfilter

thanks
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Postby nomankhn » Sat Jun 03, 2006 12:55 pm

mansoor17177 wrote:SALAM Noman,

Thanks for ur reply, i just patch iptables p-o-m with source kernel and configure the kernel option and save the config file , but now i hav problem with compiling the kernel, I tried the method which is given by u in link http://www.linuxpakistan.net/forum2x/viewtopic.php?t=3998&highlight=patch++matic
but i got some error " # make dep " " *** Warning: make dep is unnecessary now."

i'm using FC5 source kernel and p-o-m & iptables from netfilter

now tell me what i did wrong, below is step which i done

1. I downloaded the patch and iptables source code from netfilter website
2. in p-o-m dir i issued the command " #./runme base "
3. select the kernel source dir
4. select the iptables source
5. when p-o-m starts selects the required module and then quit
6. in kernel source dir issue this command " # make xconfig "
7. select the NEW option in netfilter configuration and then save the config file
8. then " # make dep" and it gives me error " *** Warning: make dep is unnecessary now."

plz help me in this bcoz i need time function in netfilter

thanks


Dear

Which kernel version you are using.
and which p-o-m repository u download tell me that.
paste ur all commands here


Regards
Noman Khanzada
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mansoor17177 » Sat Jun 03, 2006 1:29 pm

SALAM,

Brother I'm very much confused now,
i just need time functionality in netfilter , kindly tell me steps how to do thats.

1. i'm using FC5, source kernel already installed in " /usr/src/kernels/2.6.15-1.2054_FC5-smp-i686 "

2. i downloaded " iptables-1.3.5-20060602 " from netfilter website
3. i downloaded " patch-o-matic-20041009.tar.bz2 " from netfilter website

now tell me what to do?

thanks
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Postby nomankhn » Sat Jun 03, 2006 2:01 pm

mansoor17177 wrote:SALAM,

Brother I'm very much confused now,
i just need time functionality in netfilter , kindly tell me steps how to do thats.

1. i'm using FC5, source kernel already installed in " /usr/src/kernels/2.6.15-1.2054_FC5-smp-i686 "

2. i downloaded " iptables-1.3.5-20060602 " from netfilter website
3. i downloaded " patch-o-matic-20041009.tar.bz2 " from netfilter website

now tell me what to do?

thanks


Dear

Its better to download 2.6 kernel from kernel.org and use iptables source code and download the patch-o-matic from below website

svn co https://svn.netfilter.org/netfilter/tru ... o-matic-ng

so

then
go to /usr/src/
tar -jxvf linux-2.6.tar.bz2
tar -jxvf iptables-1.3.4*
cd linux-2.6*
make menuconfig and press ecape key and save ur setting that create .config file

cd pach-o-mati*
set ur kernel or iptables full path like

export IPTABLES_PATH=/usr/src/iptables-1.34/
same for kernel and export both paths

./runme extra

after patching turn ON those settings on /usr/src/linux-2.6
make bzImage
make modules
make modules_install
cp /usr/src/linux-2.6/arch/i386/boot/bzImage /boot/vmlinuz-2.6
mkinitrd -f -v /boot/initrd-2.6.img 2.6 ( 2.6 ur kernelname)

set ur grub.conf
re boot your system

i am sure your problem will be resolved

regards
noman


mkinitrd -f -v /boot/initrd-2.4.21.img 2.4.21
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mansoor17177 » Sat Jun 03, 2006 4:55 pm

Dear Noman,

after following ur instruction , when i issued the command " make bzImage "
it gives me this error.

"CHK include/linux/version.h
SPLIT include/linux/autoconf.h -> include/config/*
make[1]: *** No rule to make target `init/main.o', needed by `init/built-in.o'. Stop.
make: *** [init] Error 2
"
and by the way i'm doing all this in GUI mode so i used " make xconfig " instead of menuconfig
and i'm using kernel 2.6.15-1.2054_FC5-smp-i686 and success fully save the changes and create .config file.

plz tell me wats the problem now.

thanks
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Postby nomankhn » Sat Jun 03, 2006 8:20 pm

mansoor17177 wrote:Dear Noman,

after following ur instruction , when i issued the command " make bzImage "
it gives me this error.

"CHK include/linux/version.h
SPLIT include/linux/autoconf.h -> include/config/*
make[1]: *** No rule to make target `init/main.o', needed by `init/built-in.o'. Stop.
make: *** [init] Error 2
"
and by the way i'm doing all this in GUI mode so i used " make xconfig " instead of menuconfig
and i'm using kernel 2.6.15-1.2054_FC5-smp-i686 and success fully save the changes and create .config file.

plz tell me wats the problem now.

thanks


Dear ,

I gave u the command line step by step idea, but i think u should learn some course of understanding, i mean to say dahan sa step by step, smbhal kar, but u want to implement it thats why u are moving like F-16, not following on the screen whats going on.

Kernel compilation for this problem is not so difficult, but for understanding this u have to recompile kernel around 20 times than u can understand the thing.

Regards
Noman Khanzada
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mansoor17177 » Sun Jun 04, 2006 12:35 pm

SALAM Noman,

I just recompiled the kernel as per ur instruction, now problem is that which function i setup in kernel configuration still not working,
how can i check the current kernel that the option i'm looking for is included or NOT

when i was compiling the kernel i saw that module to load, and tell me how to configure GRUB, in grub i just put another label and path of initrd and vmlinuz, bcoz i didnt want to disturb the current kernel, is it enough or i have to configure some more options too.

thanks for so much help
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Re:

Postby LinuxFreaK » Mon Jun 05, 2006 9:04 am

Dear mansoor17177,
Salam,

FYI, http://www.linuxpakistan.net/forum2x/vi ... 3998#20528

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby nomankhn » Mon Jun 05, 2006 11:46 am

mansoor17177 wrote:SALAM Noman,

I just recompiled the kernel as per ur instruction, now problem is that which function i setup in kernel configuration still not working,
how can i check the current kernel that the option i'm looking for is included or NOT

when i was compiling the kernel i saw that module to load, and tell me how to configure GRUB, in grub i just put another label and path of initrd and vmlinuz, bcoz i didnt want to disturb the current kernel, is it enough or i have to configure some more options too.

thanks for so much help



Dear Mansoor,

Afer Recompilation of kernel and after generating initrd image update ur grub.conf according to your kernel version.


This is my grub.conf

[root@ns1 iftop-0.17]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/hda2
# initrd /initrd-version.img
#boot=/dev/hda
default=1
timeout=1
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux ES (2.6.9-5.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/
initrd /initrd-2.6.9-5.EL.img
title Red Hat Enterprise Linux ES (Noman Liaquat Khanzada)
root (hd0,0)
kernel /vmlinuz-2.6.14.4 ro root=LABEL=/ selinux=0
initrd /initrd-2.6.14.4.img


Regards
Noman Khanzada
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mansoor17177 » Mon Jun 05, 2006 11:50 am

Dear Farukh,

Here are steps which i done.
1. download p-o-m from website
2. download iptables source
3. download kernel from kernel.org
4. in p-o-m directory i run this command " # ./runme extra " then it ask for kernel dir path and then iptables source path.
5. after that i goto the kernel dir and run this command " # make xconfig " bcoz i'm using GUI, and then i select the module listed as a NEW and then save the configuration file " .config "
6. then kernel dir i run this command " # make bzImage "
7. then make module
8. make module_install
9. cp /usr/src/linux-2.6.16/arch/i386/boot/bzImage /boot/vmlinuz-2.6.16
10. mkinitrd -f -v /boot/initrd-2.6.img 2.6.16
11. edit grub.conf file
here is my old grub.conf file

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
   root (hd0,0)
   kernel /xen.gz-2.6.15-1.2054_FC5
   module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5smp.img


here is my new grub.conf

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
   root (hd0,0)
   kernel /xen.gz-2.6.15-1.2054_FC5
   module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5smp.img
title Fedora Core Custom (2.6.16)
   root (hd0,0)
   kernel /vmlinuz-2.6.16 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.16.img


12. then reboot, after rebooting i select the new kernel from grub list to boot, but i check the command but it did work giving error of missing module.


Kindly tell me where i done wrong and i already check the topic which link u provided

thanks for all ur help
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Postby nomankhn » Mon Jun 05, 2006 7:37 pm

mansoor17177 wrote:Dear Farukh,

Here are steps which i done.
1. download p-o-m from website
2. download iptables source
3. download kernel from kernel.org
4. in p-o-m directory i run this command " # ./runme extra " then it ask for kernel dir path and then iptables source path.
5. after that i goto the kernel dir and run this command " # make xconfig " bcoz i'm using GUI, and then i select the module listed as a NEW and then save the configuration file " .config "
6. then kernel dir i run this command " # make bzImage "
7. then make module
8. make module_install
9. cp /usr/src/linux-2.6.16/arch/i386/boot/bzImage /boot/vmlinuz-2.6.16
10. mkinitrd -f -v /boot/initrd-2.6.img 2.6.16
11. edit grub.conf file
here is my old grub.conf file

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
   root (hd0,0)
   kernel /xen.gz-2.6.15-1.2054_FC5
   module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5smp.img


here is my new grub.conf

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
   root (hd0,0)
   kernel /xen.gz-2.6.15-1.2054_FC5
   module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
   root (hd0,0)
   kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.15-1.2054_FC5smp.img
title Fedora Core Custom (2.6.16)
   root (hd0,0)
   kernel /vmlinuz-2.6.16 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.16.img


12. then reboot, after rebooting i select the new kernel from grub list to boot, but i check the command but it did work giving error of missing module.


Kindly tell me where i done wrong and i already check the topic which link u provided

thanks for all ur help


Dear Mansoor,

You have alot of grub entries why, hey first thing is that when u will get errors during compilation then its impossible to install and configure a new kernel so its better to do according to my steps. second thing is that lockhelp.h is not available in current kernel source code so u will copy them from your fedora #5 if lockhelp.h is present there and third thing is that than again start #make bzImage, i am sure you are missing small things thats why you are getting error.

Regards
Noman Khanzada
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mansoor17177 » Tue Jun 06, 2006 11:49 am

Dear Noman,

I didnt got any error during compilation, it goes smooth as per ur steps, but i'm not getting time function in netfilter, plz tell me how to check current installed kernel for required module, in kernel source when i check for required module its there, and after that i compiled the kernel but i'm not getting wat i want.

actually i installed complete FC5 thats y grub has lot of entries.

And what is lockhelp.h?

waiting for ur reply
thanks
mansoor17177
Naik
 
Posts: 67
Joined: Thu May 26, 2005 11:14 am
WLM: mm2000_pk@hotmail.com
Yahoo Messenger: mm2000_pk@yahoo.com
Location: Peshawar

Postby nomankhn » Tue Jun 06, 2006 2:36 pm

mansoor17177 wrote:Dear Noman,

I didnt got any error during compilation, it goes smooth as per ur steps, but i'm not getting time function in netfilter, plz tell me how to check current installed kernel for required module, in kernel source when i check for required module its there, and after that i compiled the kernel but i'm not getting wat i want.

actually i installed complete FC5 thats y grub has lot of entries.

And what is lockhelp.h?

waiting for ur reply
thanks


Dear

after make bzImage
tell me your steps and paste your errors here

Regards
Noman Liaquat Khanzada Rajput
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron