- 论坛徽章:
- 0
|
环境:
linux ES4.5
[root@aytel01 /]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.12/K2.6.9-55.ELsmp (netkey)
Checking for IPsec support in kernel [OK]
Testing against enforced SElinux mode [FAILED]
SElinux is running in 'enforced' mode. Since no working SElinux
policies exist for Openswan, SElinux should be disabled.
echo "0" > /selinux/enforce (or edit /etc/sysconfig/selinux)
Hardware RNG detected, testing if used properly [FAILED]
Hardware RNG is present but 'rngd' is not running.
No harware random used!
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking NAT and MASQUERADEing [N/A]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: aytel01.localdomain [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 149.93.67.193.in-addr.arpa. |
|
免费注册
发表于 2008-04-08 16:47