CentOS7 firewall?
-
The current status is that a default minimal install leaves the system exposed. My only guess is that they decided that with the move to a new management interface that they decided that people needed to choose which to install before moving forward no matter what?
-
@anonymous said:
@MattSpeller a minimal install should be minimal install regardless of media used.
Ah I didn't understand that was the issue, thought you were doing full install from full media
-
@JaredBusch said:
@JaredBusch said:
@scottalanmiller said:
@anonymous said:
@scottalanmiller But it is no firewall is running by default
Ah, it is installed but not running.
no, it is not installed at all see my above screen shot..
and wow that post keeps moving down..
Yeah, I htought that you were posting it over and over. Then I realized it just woudn't leave teh bottom . Very odd.
-
Should we contact someone about this? Does anyone care? It seems like a huge security problem to me, but I tend to over react
-
@anonymous said:
Need to know if I need to rebuild all my servers
Just install the firewalld component, I would assume.
-
@scottalanmiller said:
@JaredBusch said:
@JaredBusch said:
@scottalanmiller said:
@anonymous said:
@scottalanmiller But it is no firewall is running by default
Ah, it is installed but not running.
no, it is not installed at all see my above screen shot..
and wow that post keeps moving down..
Yeah, I htought that you were posting it over and over. Then I realized it just woudn't leave teh bottom . Very odd.
did an F5 and it stopped doing that.
-
@JaredBusch said:
@scottalanmiller said:
@JaredBusch said:
@JaredBusch said:
@scottalanmiller said:
@anonymous said:
@scottalanmiller But it is no firewall is running by default
Ah, it is installed but not running.
no, it is not installed at all see my above screen shot..
and wow that post keeps moving down..
Yeah, I htought that you were posting it over and over. Then I realized it just woudn't leave teh bottom . Very odd.
did an F5 and it stopped doing that.
Yeah, same here. Very weird that we both got the same glitch and it appeared to be on the client side!
-
@scottalanmiller said:
@anonymous said:
@JaredBusch Do you know of anyway to compare the two installs to see what packages are different? It would be interesting to know.
rpm -ql >> list
On each box. The do a
diff
on the two lists.[root@testcos7 ~]# rpm -ql rpm: no arguments given for query
-
@MattSpeller I was doing a minimal install from the minimal install media. Regardless, you should get the same result if you do a minimal install from the DVD media. You do not, and this makes me a sad panda.
-
@anonymous said:
@MattSpeller I was doing a minimal install from the minimal install media. Regardless, you should get the same result if you do a minimal install from the DVD media. You do not, and this makes me a sad panda.
Once I figure out how to get the package lists I will get the differences for you.
-
-
@anonymous said:
yum list installed >> list
This works, I just tried it to make sure
[root@testcos7dvd ~]# diff listdvd listmin 5d4 < NetworkManager-team.x86_64 1:1.0.6-27.el7 @anaconda 6a6 > NetworkManager-wifi.x86_64 1:1.0.6-27.el7 @anaconda 61d60 < ebtables.x86_64 2.0.10-13.el7 @anaconda 74d72 < firewalld.noarch 0.3.9-14.el7 @anaconda 124,125d121 < iwl7265-firmware.noarch 22.0.7.0-43.el7 @anaconda < jansson.x86_64 2.4-6.el7 @anaconda 170d165 < libnl3-cli.x86_64 3.2.21-10.el7 @anaconda 177d171 < libselinux-python.x86_64 2.2.2-6.el7 @anaconda 185d178 < libsysfs.x86_64 2.1.0-16.el7 @anaconda 187d179 < libteam.x86_64 1.17-5.el7 @anaconda 259,260d250 < python-slip.noarch 0.4.0-2.el7 @anaconda < python-slip-dbus.noarch 0.4.0-2.el7 @anaconda 264d253 < rdma.noarch 7.2_4.1_rc6-1.el7 @anaconda 289d277 < teamd.x86_64 1.17-5.el7 @anaconda [root@testcos7dvd ~]#
-
The Minimal ISO contains this not in the DVD ISO
NetworkManager-wifi.x86_64 1:1.0.6-27.el7
The DVD ISO contains all of these not in the Minimal ISO.
NetworkManager-team.x86_64 1:1.0.6-27.el7
ebtables.x86_64 2.0.10-13.el7
firewalld.noarch 0.3.9-14.el7
iwl7265-firmware.noarch 22.0.7.0-43.el7
jansson.x86_64 2.4-6.el7
libnl3-cli.x86_64 3.2.21-10.el7
libselinux-python.x86_64 2.2.2-6.el7
libsysfs.x86_64 2.1.0-16.el7
libteam.x86_64 1.17-5.el7
python-slip.noarch 0.4.0-2.el7
python-slip-dbus.noarch 0.4.0-2.el7
rdma.noarch 7.2_4.1_rc6-1.el7
teamd.x86_64 1.17-5.el7
-
Installing firewalld catches a bunch of those.
[root@testcos7 ~]# yum install firewalld Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.sanctuaryhost.com * extras: mirror-centos.hostingswift.com * updates: mirror.nexcess.net Resolving Dependencies --> Running transaction check ---> Package firewalld.noarch 0:0.3.9-14.el7 will be installed --> Processing Dependency: python-slip-dbus for package: firewalld-0.3.9-14.el7.noarch --> Processing Dependency: ebtables for package: firewalld-0.3.9-14.el7.noarch --> Running transaction check ---> Package ebtables.x86_64 0:2.0.10-13.el7 will be installed ---> Package python-slip-dbus.noarch 0:0.4.0-2.el7 will be installed --> Processing Dependency: python-slip = 0.4.0-2.el7 for package: python-slip-dbus-0.4.0-2.el7.noarch --> Running transaction check ---> Package python-slip.noarch 0:0.4.0-2.el7 will be installed --> Processing Dependency: libselinux-python for package: python-slip-0.4.0-2.el7.noarch --> Running transaction check ---> Package libselinux-python.x86_64 0:2.2.2-6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================ Package Arch Version Repository Size ================================================================================================================================ Installing: firewalld noarch 0.3.9-14.el7 base 476 k Installing for dependencies: ebtables x86_64 2.0.10-13.el7 base 122 k libselinux-python x86_64 2.2.2-6.el7 base 247 k python-slip noarch 0.4.0-2.el7 base 30 k python-slip-dbus noarch 0.4.0-2.el7 base 31 k Transaction Summary ================================================================================================================================ Install 1 Package (+4 Dependent packages) Total download size: 907 k Installed size: 3.5 M Is this ok [y/d/N]:
-
Then it all works.
[root@testcos7 ~]# systemctl start firewalld [root@testcos7 ~]# systemctl enable firewalld [root@testcos7 ~]#
-
So if you follow my guides, you will simply need to add
yum -y install firewalld
or addfirewalld
to one of the existing lines where i install packages.and then add the start and enable commands also.
yum -y install firewalld systemctl enable firewalld systemctl start firewalld
-
That is annoying as f[moderated] though.
-
@JaredBusch Agreed!
-
@JaredBusch said:
The Minimal ISO contains this not in the DVD ISO
NetworkManager-wifi.x86_64 1:1.0.6-27.el7
The DVD ISO contains all of these not in the Minimal ISO.
NetworkManager-team.x86_64 1:1.0.6-27.el7
ebtables.x86_64 2.0.10-13.el7
firewalld.noarch 0.3.9-14.el7
iwl7265-firmware.noarch 22.0.7.0-43.el7
jansson.x86_64 2.4-6.el7
libnl3-cli.x86_64 3.2.21-10.el7
libselinux-python.x86_64 2.2.2-6.el7
libsysfs.x86_64 2.1.0-16.el7
libteam.x86_64 1.17-5.el7
python-slip.noarch 0.4.0-2.el7
python-slip-dbus.noarch 0.4.0-2.el7
rdma.noarch 7.2_4.1_rc6-1.el7
teamd.x86_64 1.17-5.el7
Why would they include WiFi in the minimal? That doesn't seem to make any sense.
-
@johnhooks said:
@JaredBusch said:
The Minimal ISO contains this not in the DVD ISO
NetworkManager-wifi.x86_64 1:1.0.6-27.el7
The DVD ISO contains all of these not in the Minimal ISO.
NetworkManager-team.x86_64 1:1.0.6-27.el7
ebtables.x86_64 2.0.10-13.el7
firewalld.noarch 0.3.9-14.el7
iwl7265-firmware.noarch 22.0.7.0-43.el7
jansson.x86_64 2.4-6.el7
libnl3-cli.x86_64 3.2.21-10.el7
libselinux-python.x86_64 2.2.2-6.el7
libsysfs.x86_64 2.1.0-16.el7
libteam.x86_64 1.17-5.el7
python-slip.noarch 0.4.0-2.el7
python-slip-dbus.noarch 0.4.0-2.el7
rdma.noarch 7.2_4.1_rc6-1.el7
teamd.x86_64 1.17-5.el7
Why would they include WiFi in the minimal? That doesn't seem to make any sense.
Agreed.