I am desperately looking for some direction. I have a Mandriva box with two network cards. One for loc and one for net. Every now and then and it is adhoc we are getting listed on CBL with the following description:

This IP is infected (or NATting for a computer that is infected) with the Conficker A or Conficker B botnet.

It is referring to IP 216.66.15.109

Is there in which I can block any and all traffic to this IP using shorewall?

I have squid, postfix, shorewall in place. Apparently according to CBL it uses port 80, here we have a transparent proxy in use.

Could anyone please help me out. Have battled for two weeks.

Thank you

Smitty

Yes, I understand the risks with doing things under root, but some things I find would be much easier doing graphically rather than in a console with su.

Also, in relation the Mandriva 2011 operating system.

Are there any addtional details I need to be aware of?

Thank You,

Leo54

[moved from Hardware by spinynorman]

I am currently looking for a Linux firewall that behaves just like Zone Alarm for Windows. I know about firestarter and mandriva's own interactive firewall, but what I need is something that immediately warns me of a program trying to connect to the internet so I can block it, for example.

Do you know of any way to achieve this with Linux?

[moved from Software by spinynorman]

"You have chosen not to trust "Verisign Class 3 International Server CA - G3", the issuer of the server's security certificate (SSL error 61)". Where do I go so that I can trust this certificate?

Myles.

[moved from Software by spinynorman]

in course of somebodies stupid joke with intrusion of mine privacy

i got a TROJAN (from some hackers) being therefore able to see content

of mine computer even through MS Windows.

Can u assist? I send all logs as necessary, ip adress and

possibility to check access. I dont know mineself to find

or remove virus from linux, i know very well i have it.

Which are available trojan options at all for Linux?

I have pressupossed impossibility of intrusion on linux

so with full security settings on, i thought it was nearly

impossible.

Well i know i got Trojan. I give u all neccessary access if required with

ip numbers (and allowance for Mandriva to do anything to mine provider

company that made breach possible). Please assist in getting trojan out.

I guess i should provise furhter technical details,

but i realy have no idea on internet security on linux,

not nooby, but pressuposed secure access to net on linux

and impossibility of brech.

Please help me get normal net access and privacy back.

All details will follow as requested.

Should i install clamav as antivirus app under linux file server (samba server). In another words is it necessary to use any antivirus application for samba servers. Thanks a lot.

Fahd

100611

[moved from Other Distros by spinynorman]

How can I, from scratch, install Mandriva 2010.0 with the root and home partition encrypted?

Either using LUKS or any other encryption method. I guess when I start up my box, it should ask me for a password before attempting to boot into Mandriva.

Please guide me through this. Thanks

1. Is this correct?

2. How can I prevent other/unauthorized users from doing this?

I read up on /etc/passwd and etc/shadow but not sure I'm understanding. Looked into etc/passwd and it lists user IDs and etc/shadow contains the password in encoded or encrypted form but you need root password to view /etc/shadow which is a good thing, but this doesn't seem to address the ability of an unauthorized person from entering single user mode at boot and changing the password using the command passwd.

I don't think I need to protect against cracking the root password per se (or maybe I do), but more against someone changing it.

Any other security tips appreciated. I don't think I'm ready to encrypt folders and files yet. One thing at a time for me right now.

Thanks

We are running Mandrake MNF 8.2.

Recently, the root password expired and was changed at the console. After changing it, it no longer worked, even the previous password. I could not boot into single-user mode, as it asked for a "maintenance password". I had to boot with a Linux live CD and edit /etc/passwd and /etc/shadow to blank out the root password.

This allowed me to enter single-user mode, as it no longer asked me for a maintenance password. At the prompt, I did passwd to reset the root password. Rebooted. The password still did not work when trying to log in as root at the console command line (no GUI). However - the new password does work as the maintenance password and also works when I issue the reboot command as a user. It does not work when I try to sudo though.

In summary:

- root password works for single user maintenance mode

- root password works when I issue reboot command as a user

- root password does not work when I try to log in as root at the console

Any thoughts on what the problem might be?

Regards -

Robert

msec1.txt

msec0.txt

Thank you.

I have installed a server on a USB key, and there is very little space available, so I want to write my firewall rules myself instead of installing a firewall front-end software.

I'm doing tests on my main PC, currently running Shorewall, so IMO I have to do some “house-cleaning†first, hence the flush at the start of my script. Before any attempt, here was the output from nmap:

[root@sedentaire ~]# nmap -sS -sU 192.168.1.21

Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-31 16:37 CET
Interesting ports on sedentaire (192.168.1.21):
Not shown: 1983 closed ports
PORT     STATE         SERVICE
22/tcp   open          ssh
139/tcp  open          netbios-ssn
143/tcp  open          imap
445/tcp  open          microsoft-ds
631/tcp  open          ipp
993/tcp  open          imaps
3128/tcp open          squid-http
6566/tcp open          unknown
8080/tcp open          http-proxy
68/udp   open|filtered dhcpc
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
177/udp  open|filtered xdmcp
631/udp  open|filtered ipp
3130/udp open|filtered squid-ipc
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds

Following explanations from linuxhomenetworking.com, I wrote this simple basic firewall, just as a test:

iptables -t filter -F
iptables -t filter -A OUTPUT -j ACCEPT
iptables -t filter -A FORWARD -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 51413 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 51413 -j ACCEPT
iptables -t filter -A INPUT -j DROP

But it does not work. Instead of telling me that one port is opened (51413), nmap seems to just hang…

What is wrong with my rules?

Yves.

I like to comment something here to see if someone can tell me what is going on.

I use a wireless connection to my dsl modem based over wep (I know that must be changed =p!)

the thing is this

the conections its running fine, surfing, downloading, ssh...whatever..but suddenly its stops the stream of data and freezes for a minutes then mandy says there has been and attack / port scanning under 55383/udp port, the interesting thing is that it comes from the same ip that its my gateway. By the way I setup the modem to use the dns from the service but it shows the same ip as dns/gateway.

What is this?

thanks in advance!!!

I am configuring my system (2010)to act as a gateway to the internet for other window/linux boxes connected to it via a LAN. The host and the box on the LAN can access the internet with Drakfirewall turned off. With Drakfirewall on, the host system cannot access the internet via a browser; but the host can still down load updates, new programs ect. The other box on the LAN (windows7) can access the internet with the firewall turned on via it's browser. What am I missing in my firewall config? I'm new to linux, its great! - like 1986 again learning DOS.

I wrote this elsewhere, I hope here someone would answer me....

Hi had to write some data in a TrueCrypt volume of a friend of mine, it was NTFS created with TrueCrypt x Windows.

TrueCrypt mounted it correctly on Linux (MDV2009.1), but only in read mode... so I checked my config and all seemed ok (no privileges problems, etc. etc.), then I tried with one of my NTFS TC volumes and all worked perfectly in r\w, the only difference was that my volume was 2GB, my friend's volume was 12GB.

So I did some tests with NTFS TC volumes (normal containers, no hidden volumes) and I noticed that all works perfectly on Linux TC, but only if the volume is almost under 3.8GB, if I create a 3.9GB TC volume NTFS it will be mounted only in read mode (I also tried with root privileges, but I doesn't seem to work).

Did I missed something or there's a problem with TrueCrypt under Linux?

Can someone answer me about that???

Thanks in advance

gagliem

[moved from Software by spinynorman]

Is it possible to get security.log to display in the log file viewer?

It appears to be readable only by root, so unsurprisingly log viewer (running with 'ordinary' user permissions) won't touch it.

I could open a terminal, then open it via sudo, but it would be nice to have a more user friendly way of taking a peek after the daily MSEC check :)

I usually get a pop up message from msec saying it has done a security check. Today i noticed a different pop up, to quick to catch properly but mentioned /var/log.

I've looked at /var/log/msec.log and found these entries.

2009-06-01 12:08:42 2009-06-01 10:50:26,505 WARNING: Enforcing permissions on /var/log/security/suid_root.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,506 WARNING: Enforcing permissions on /var/log/security/writable.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,506 WARNING: Enforcing permissions on /var/log/security/sgid.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,506 WARNING: Enforcing permissions on /var/log/security/open_port.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,507 WARNING: Enforcing permissions on /var/log/security/unowned_user.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,507 WARNING: Enforcing permissions on /var/log/security/suid_md5.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,507 WARNING: Enforcing permissions on /var/log/security/unowned_group.today to 640

2009-06-01 12:08:42 2009-06-01 10:50:26,707 WARNING: Wrong permissions of /etc/rc.d/init.d/acpid: should be 744

2009-06-01 12:08:42 2009-06-01 10:50:26,707 WARNING: Wrong permissions of /etc/rc.d/init.d/ip6tables: should be 744

2009-06-01 12:08:42 2009-06-01 10:50:26,708 WARNING: Wrong permissions of /etc/rc.d/init.d/ntpd: should be 744

2009-06-01 12:08:42 2009-06-01 10:50:26,708 WARNING: Wrong permissions of /dev: should be 755

2009-06-01 12:08:42 2009-06-01 10:50:26,708 WARNING: Wrong group of /var/log/btmp.1.gz: should be adm

2009-06-01 12:08:42 2009-06-01 10:50:26,709 WARNING: Wrong permissions of /var/log/btmp.1.gz: should be 640

2009-06-01 12:08:42 2009-06-01 10:50:26,709 WARNING: Wrong permissions of /etc/rc.d/init.d/xfs: should be 744

2009-06-01 12:08:42 2009-06-01 10:50:26,709 WARNING: Wrong permissions of /etc/rc.d/init.d/iptables: should be 744

2009-06-01 12:08:42 2009-06-01 10:50:26,709 WARNING: Wrong permissions of /etc/rc.d/init.d/mandi: should be 744

2009-06-01 12:08:42 2009-06-01 10:50:26,710 WARNING: Wrong permissions of /var/log/ConsoleKit/history: should be 640

2009-06-01 12:08:42 2009-06-01 10:50:26,710 WARNING: Wrong permissions of /etc/rc.d/init.d/shorewall: should be 744

2009-06-01 12:08:42 2009-06-01 11:01:01,620 INFO: Forbidding the X server to listen to tcp connection

2009-06-01 12:08:42 2009-06-01 11:01:01,638 INFO: Setting minimum password length 4

2009-06-01 12:08:42 2009-06-01 11:01:01,654 INFO: No changes in system files

2009-06-01 12:08:42 2009-06-01 12:01:01,226 INFO: Forbidding the X server to listen to tcp connection

2009-06-01 12:08:42 2009-06-01 12:01:01,265 INFO: Setting minimum password length 4

2009-06-01 12:08:42 2009-06-01 12:01:01,278 INFO: No changes in system files

Can't find anything similar in a search, any ideas what this means? is there a problem and if there is, what do i do?

Thanks

Kieth

A little background. I'm running a samba server on this system, and I think the guest user is there to allow printing, without a log in by the end users. ( my family ).

I found a sym link in /home pointing to my home directory. Just a guess, does this give anyone connecting as 'guest' access to my home directory?

Second question, is about the root passwd. If I open a konsole, and su, the password I use works, I get root privileges, as expected. If I use ctrl + alt + f1 to get a command prompt, type 'root' and use the password that works from a konsole and su, the password fails.

I don't understand why it works with su and not through a tty.

How can I fix this, I would like one password that works for both.

I must admit, security is not my long suite...

I'm sorry if this sounds like a dumb question but I've been searching for a while on the Net now and can't find anything that directly answers my paranoia.

A while back I learned of tools people can use to to reset the Administrator password on w2k and such.

Then it hit me recently, can this happen to me when I'm using MDK 10 official with ext3? What will happen if someone steals my computer with its hard disk contents? I've got a lot of stuff on it I care about and I do backups but only recently am I investigating encryption as part of the procedures.

I heard of something called loop, and also bestcrypt, but it seems I have to play around with them (compiling, etc.) to get them to work and quite frankly I'm way too newbie to try that stuff at the moment. Basically I tried the RPM & .tar.gz for bestcrypt but it spits out errors. The volunteers do a great job of putting everything so I can do urpmi but it seesm for bestcrypt I'm out lof luck.

It seems the only easy way to achieve my aims is to use gpg/gpa but it seems I have to specify each file explicitly which may not be the best, or write up some kind of script to recursively encrypt/decrypt whenver I'm done/beginning my work. Also, it makes me wonder if ext3 allows people to undelete stuff like windows.

Can someone out there help me sleep at night?

Thank you kindly,

Ben

# Authentication:

#LoginGraceTime 2m
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

I have 5 versions of Mandriva running, 2x2008.0, 2x2009.0 and 1x2009.1. All three of the later versions have that line included by default as does Linux Mint. Open suse and 2008.0 do not have the file written in the same manner.

Now it is perfectly possible that there is some reason that this is not insecure and that I just don't know about it, but you have to admit it doesn't exactly look secure does it?

I never allow the ssh daemon to run, so it doesn't bother me that much, but if I did use ssh, I think it would bother me. Why is the file written like this?

But with the state of wifi connectivity on linux today should I be looking at something else?

My router has the option of:

None

WEP

WPA-PSK [TKIP]

WPA2-PSK [AES]

WPA-PSK [TKIP] + WPA2-PSK [AES]

Any I should be looking at?

Ta

[moved from Software by spinynorman]

I have said enough about KDE4, I just don't want to use it and even if I did the present version of it refuses to update unless it removes kshowmail. For me that means that KDE4 is going to be removed, not kshowmail. But there comes the next problem. I have tried XFCE, I like it, but I can't make it do what I want to do. I have tried Gnome, I don't like it, but I can make it do what I want to do (with enough effort). So it is going to be Gnome for me in future like it or not. This finally leads me on to the point of this post.

Astonishingly Gnome does not have an equivalent to kshowmail. It has a bucketful of mail checkers, but nothing that will allow you to read and delete mail from the server as kshowmail does. Also I have failed in my attempts to get kshowmail to work on Gnome - I can get it to install and run but not to connect to a mail server. Since I do not want to change email servers (they do have a google mail applet that performs the function that I want but as I say I don't want to switch) I now will have to rely on filters in Thunderbird to sort junk mail unless somebody out there knows of a kshowmail like program that does run under Gnome?

Assuming such a program does not exist (and I have tried hard to find one) how do you set up filters (or otherwise deal with) the kind of spam that spoofs the 'From' address so that it is your own address that appears to be sending it? Blacklisting your own email address does not seem like a good idea, and trying to blacklist on 'Subject' is a guessing game that could go on for eternity. So what do you do?

Lastly a word to any Gnome devs out there. Please, pretty please, start working on 'gshowmail' - such a program is an absolute necessity in this day and age.

I try to install skins for VLC and it tells me to copy/paste them in certain folder. But I can't. It tells me that I don't have permission. I have tried a lot of things without success. Can you tell me how to do this, preferably in a graphic way?

Besides I would oike to ask where can I find a complete and detailed USER MANUAL. I have been searching everywhere and I can't find it. The Help files in my Mandriva don't cover this subject of copy-pasting where root privileges are requiered. Where is the up-to-date and detailed and complete Manual?

Thanks

EDIT: One more qustion. Many times I find answers but for Ubuntu. The Ubuntu code is not the same as the one for Mandriva, right? You need to learn either one or another but they don't work for the other, correct? I think that this makes Linux even harder and more atomized for finding help.

[moved from Software by spinynorman]

Mandriva 2009. average noob here, I'm new to Linux but we originally set it up here in our office (about 10 Windows XP users) to use as a file server. The Samba works great.

Since then we've started using it as an internet gateway also to share our cable modem connection. Internet goes in Eth1 and out Eth0 to the hub. We use the firewall to deny certain employees access to things like http and gnutella BUT still allow them to access SMTP and IM (because we use IM in the office.) Other employees who don't abuse the internet get to keep http and gnutella. BTW I use Firestarter to control the firewall.

What I want to know is there a way I can say a specific lan IP (Example: 192.168.2.100) is denied a connection to Myspace.com. I don't want to block myspace.com for all employees because not ALL employees abuse the privilege of moderate internet use during breaks and lunch and such.

I would like to be able to do this WITH firestarter because I'm not so great in the CLI, but if I have to use the CLI is there a way to make that change there but still keep firestarter, or will I have to through out firestarter all together and start editing the IPTABLES by hand all the time?

Thanks in Advance!

Beeson

I'm returning to Mandriva after installing 2009 One on a desktop and spare lappy; very impressed but with one problem that has me pulling my hair out. My wireless network is secured using WPA/PSK using a combination of numbers and uppercase letters. However, no matter what I do the configuration console immediately changes the letters to lowercase, so no way to connect. Just to test I setup a temporary network with a wholly lowercase password, no problems at all. I cannot change the password on the network as it affects too many people, plus it is such a silly problem I cannot be the first to experience it, surely?

Any help appreciated, thanks.

[moved from Software by spinynorman]

[moved from Software by spinynorman]

----------- SCAN SUMMARY -----------

Known viruses: 428525

Engine version: 0.94

Scanned directories: 2

Scanned files: 103

Infected files: 33

Data scanned: 1.30 MB

Time: 3.655 sec (0 m 3 s)

[randolph@localhost ~]$

I don't think there's any danger to my Mandriva. Most probably these viruses are to be there for some reason, but which one I have no idea. I wish someone would shed light on the issue.

I installed 2008.1 on my new laptop about 6 weeks ago. Last week, I realized that I hadn't copied my GPG keys over from my previous install. I retrieved the keys (I have 1 for personal use, 1 for work use) etc from my pre-upgrade backup and checked to make sure I could sign and encrypt plain text files with the keys.

Ever since then, whenever I log in to KDE, I get prompted for the passphrase for my personal GPG key. Where does this get launched from and how can I switch it off? I've trawled around in the startup scripts that I think are relevant, but I can't find anywhere that the prompt might be getting generated.

as a normal user then as root user I ran

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

gpg: requesting key 22458A98 from hkp server pgp.mit.edu

gpg: key 22458A98: duplicated user ID detected - merged

gpg: key 22458A98: public key "Mandriva Security Team <security@mandriva.com>" imported

gpg: no ultimately trusted keys found

gpg: Total number processed: 1

gpg: imported: 1

su

Password:

[root@]# gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

gpg: keyring `/root/.gnupg/secring.gpg' created

gpg: requesting key 22458A98 from hkp server pgp.mit.edu

gpg: key 22458A98: duplicated user ID detected - merged

gpg: key 22458A98: public key "Mandriva Security Team <security@mandriva.com>" imported

gpg: no ultimately trusted keys found

gpg: Total number processed: 1

gpg: imported: 1

My question (s) should I be concerned that gpg is responding with gpg: no ultimately trusted keys found

thanks in advance for your time in explaining this to me.

Thank You in advance.

What to do with bios? Add a password or let it boot into any traps set? How to prevent them from removing any installed OS etc

I am using Mandriva 2008 Spring KDE One. I want to know how to password protect and encrypt file archives, preferrably using the GUI.

Ark doesn't seem to be able to do this.

Please tell me how to do this.

[moved from Software by spinynorman]

The same applies to groups news, games. Surprisingly the group uucp owns some ttys in /dev/tty (I always thought uucp was the uold unix-to-unix-copy mail transfer system).

Any ideas.

I would really appreciate some assistance on the following issue:

Can you give me a hint of How can I effectivelly Hide my i.p. address under Mandriva/Firefox while browsing and sending e-mail.

Thank you.

[moved from Hardware by spinynorman]

is unnecessary in a linux setup. Am I becoming paranoid, or somthing? How likely is it that I've got some 'uninvited friend' ;) running about in the box?

If anyone could provide to this simple soul an explanation of what's going on (which might also reduce my state of concern), that would be greatly appreciated. Thanks.

I downloaded and installed Picasa, but it won't work. I uninstalled using thepackage manager, but the menu entry is still there under "graphics-[+]other" I tried to delete both the Picasa launch entry and the "[+]other" folded it resides in, but when I go to save the file, it won't write to the menu because I don't have permission. I tried opening a terminal within the /.config folder, and entered "su", then my root password, but it still wouldn't give me access to the folded (that has worked for me in the past).

Again, whay are root log ins not allowed in Mandriva???... I haven't had this problem with other distros. I prefer Mandriva over PCLOS, but things are easier to configure in PCLOS. Any help would be sincerely appreciated.

Note: I did quicly red through the FAQ's. I wasn't sure where in the forum to post this question. I apologize if I picked the wrong place.

When I lived in windowsland, I always used Sygate or Zone Alarm, when I moved to Linux I mostly used Firestarter. All three have one thing in common, they include a system tray icon. I recently ditched Firestarter on Mandriva in favour of the default Shorewall, and have found it to be very good (for me anyway) since it requires little or no configuration to make it work, it works well (according to Shields Up ), it starts automatically and it protects several interfaces (eth0,wlan0, ppp0). But boy do I miss that tray icon. For one thing it at least tells you that the firewall is running. I know I can check if the service is running with 'ps aux' or by looking in MCC, but that is a bit of a pain. Supposing the service failed to start, would I get any warning if I don't look for myself?? Then there is the possibility that the service might stop whilst in use (this happened regularly with Firestarter, usually when I changed interfaces and forgot to restart it).

I know Shorewall is an iptables front end, and I assume/hope that I am correct in the assumption that once it has set the iptable rules on start up, then even if the service itself failed the iptable rules would still be in place and therefore the machine would still be firewalled - is this correct? Secondly is there an easier way to know that the service has started in the first place or perhaps more importantly if it hasn't started in the first place?

I'm just wondering if someone has had similar problems. Ok, here's the situation:

I already have shorewall up and running and I'm gonna install mandi and mandi-ifw now. The main thing why I'm asking this is that I want to have an Interactive Firewall (mandi-ifw). So:

su root

<my_pwd>

urpmi mandi mandi-ifw

This part goes like it should, but problems start from here:

# service mandi start

Starting mandi daemon: mandi_daemon_add_watch(): READABLE

unable to open white list file

nl_bind_socket: No such file or directory

bind failed

unable to init netlink

unable to init "Interactive Firewall" plugin [FAILED]

Whitelist? Where should it be? I created a file called "whitelist" to /etc/shorewall but it didn't make things any better.

I'm using ra0 to connect to the internet, but capability for eth0 usage would be great too, as I use it sometimes.

Under Konqueror's navigation bar in home folders:

when logged in as user1, user1 has no access to user2 home directory

when logged in as user2, user2 has complete access to user1 home directory and subfolders.

I want user2 to have access to his own folders but no access to user1 home folder.

In addition to access to his own (user2) home folder, I want to block access to 3 of the subdirectories, but no luck. I thought about encryption but it seems excessive.

Any help appreciated.

[moved from Networking by spinynorman]

I am a network system administrator and I use Kernel 2.6 and iptables as a firewall and NAT. My company decided to install a Windows application called CYF (CALL YOU FREE) in all the desktops of the customer support and sales department. CALL YOU FREE is a communications application to answer incoming webcalls and chat contacts from our company’s website and we are using its freeware version.

The issue is that when I tested the application with my computer connected directly to the internet (public IP) it works fine. But when I connected my computer in a private IP behind the NAT I cannot even login to the system.

I conclude that there must be a firewall problem, so I opened all ports in the firewall and it works fine.

I would like to know how I can find out what port(s) does the application try to access. It seems to be an Asterisk based application using IAX protocol so I tried opening port 4569 but nothing happened.

I would appreciate your help because I really don’t know how to find out what port should I open, unless I try one by one, or it may use yet more than one port.

Thanks,

Ricardo Houssef.

PC2 Mandriva2008 @ 192.168.10.2

Connected on local LAN via ssh. I access files between the two PCs by invoking sftp://<address> from within Konqueror.

I would like to allow office staff to use PC2/scanner combo to update one or two specific folders inside the home folder on PC1. I do not want them to have access to other folders within my home folder. I tried setting permissions on all the folders I want protected, but when I ssh in to PC1 from PC2, I am able to access all home folders on PC1....BAD! Any ideas on the best way to do this?

Should I copy the one or two folders I want updated from PC1 to PC2 and then let them live on PC2 and be updated from there in which case I could then copy the folders back from PC2 to PC1, but then I would not know to what extent each file or folder within these directories had been updated. I suppose that when I copy these folders back to the original, Konq will alert me that some of the original folders and files already exist and I can choose to either overwrite all or autoskip files that are original, but this seems kind of sloppy and makes me nervous.

Or should I leave these folders on PC1 and attempt to scan (using xsane) to to PC1 from PC2 . I don't even know if xsane will do this, but I can try. ( there are about 6-10 folders within each of these two main directories I want worked on, and they are nested about 4-6 folders deep within each of those.)

Any suggestions on how to do this neatly without having scanned docs spread out on two PCs would be welcome. My main goal however is to limit access to only certain folders. If I copy those working folders to PC2, then my permissions issues are moot, but would still like to know how to do it.

Thanks

i want to make one of my computers into a firewall / router / AV server for all my computers in the home network.

i found how to make mandriva a DNS server / FTP server but i couldn't find how to make it a security server.

if it possible i would like to get some tutorials.

thanks,

igotnoluck ;)