Re: [vox-tech] how to be not nice within C
begin nbs <[EMAIL PROTECTED]> > On Mon, Mar 25, 2002 at 05:57:02PM -0800, Peter Jay Salzman wrote: > > DOH!!! > > > > why oh why does man 1 nice have to come before man 2 nice?!? ;-) > > > > thanks, bill! > > Yeah. Irritating. Every time I want to man printf, I always end up > with the shell 'printf' program's man page, not the C library one. ;) heh. good to know i'm not the only one that keeps making the same mistakes. there's hardly a week that goes by that i don't type, at least once: man printf q man 3 printf pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] need to debug boot crash
On Sun, Mar 24, 2002 at 09:49:56PM -0800, eric nelson wrote: > ME wrote: > > > On Sun, 24 Mar 2002, eric nelson wrote: > > > Its not panicking. I'm doing an nfs mount of the os, and something went > > > wrong init the initscripts. The shift-pageup is a really good idea, I didn't > > > know about that. The problem is that so many errors spewed out that I > > > coulldn't get far enough back. > > > > You doing network booting of a client with an NFS root from a server? > > > > We have about 80 diskless workstations doing net-booting here from the > > same "ro" NFS export. What specific errors are being reported? > > First, something about mount program didn't pass correct address, then > RPC: sendmsg returned error 101 > nfs: RPC call returned error 101 > over and over > > There are so many errors, that I can't scroll back. I'll need to redo the kernel > w/ the option Peter Jay Salzman mentioned. > > I'm not doing the kind of mount straight from the bios, but I want to learn how to > do that one, later. I have a boot floppy which loads a kernel, then gets an > address from dhcp server, then mounts on nfs. I'm sure the problem is in init > scripts, or fstab or something. > > It's good to know someone is doing this, it's a great approach. If you can snoop the wire (from another box), the trace might diagnose the problem. Something like: # tcpdump -i eth0 -nvvvxl -s100 host foo where foo is the troubled host. Etherreal or some such utility might be easier to interpret. Anyway, if you can watch the conversation taking place between the host and client, the problem sometimes jumps right out - eg., if it's an authentication error. HTH, Chuck Polisher -- The best way to get information on Usenet is not by asking a question, but by posting inaccurate information. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] need to debug boot crash
ME wrote: > On Sun, 24 Mar 2002, eric nelson wrote: > > First, something about mount program didn't pass correct address, then > > RPC: sendmsg returned error 101 > > nfs: RPC call returned error 101 > > over and over > > > > There are so many errors, that I can't scroll back. I'll need to redo > > the kernel w/ the option Peter Jay Salzman mentioned. > > > > I'm not doing the kind of mount straight from the bios, but I want to > > learn how to do that one, later. I have a boot floppy which loads a > > kernel, then gets an address from dhcp server, then mounts on nfs. > > I'm sure the problem is in init scripts, or fstab or something. > > > > It's good to know someone is doing this, it's a great approach. > > First, check out the netboot howto/docs. > > Second, make sure the server is exporting the filesystems in question on a > non-netbooting box/session with normal > # mount -t nfs host.name:/export/path /local/mount/point > > Why? You can make sure the server's /etc/hosts.[allow||deny] is set up in > such a way to allow portmap and nfs stuff from a client's IP address to > work. > > If that works, then try to test the next step. Start up a netbootable > kernel with loadlin or lilo (special entry on a disk-booting system) to > tell it to netboot instead of use the local disk. Certainly, it will still > grab a kernel from the local disk but shyould do the rest over the network > like it was diskless. > > Checkout /usr/src/linux/Documentation/nfsroot.txt > > You should be able to add an entry to lilo.conf (or at the lilo > prompt) like: > > (Use IP addresses to eliminate DNS as yet another piece to work out.) > > LILO: > Boot: mykernel root=/dev/nfs nfsroot=IP.Addr.Of.Srvr:/path/to/root/export > ip=::* > > *= See the above mentioned linux kernel doc for this line. > > It is a good idea to test with a hand-enetered IP address for client and > server as well as all other info to eliminate bootp/dhcp from the list of > possible problems. > > And you could, of course, have added those items into a separate > lilo.conf entry to save re-entry of those keystrokes every single time. > > If that works, then remove the client ip and let everything else be > determined except for server ip, > > next drop server IP and let it all be dynamic, and then try to shift to > let the special bootp/dhcp response include the nfsroot. > > (At this point, if all else works, then you would only be passing the: > root=/dev/nfs > ) > > Next, if you want it to be true network booting (bootp/dhcp then tftp of > kernel, and finally boting kernel get nfsroot and goes) then you will > likely need some sort of modification to your final compiled kernel that > would be dl via tftp (a boot strapper of sorts.) I use the netboot stuff > with programmed EPROMS dropped into the ethernet cards. ( > http://sourceforge.net/projects/netboot ) Thanks for the major breakdown of the project. It's going to take me a little while to read these docs., and go through the whole process, but we want to use this for two things: 1) testing an os we are putting together. we can work on the os on a host machine, then boot it on the target to test, so the target is a simple machine and the host has full development enviroment. 2) we are developing a linux based product, which will net boot as an option, so we need to understand the whole process very well. I have read that people use this technique to boot multiple diskless workstations. Is that what you use it for? > > > I have found testing each part, one-at-a-time save troubleshooting and > leads to a steady advance to solutions. > > Of course, there is a great sense of accomplishment when you take a big > project with lots of pieces, throw it all together and note that it all > works the first time too. ]:> > > -ME > > -BEGIN GEEK CODE BLOCK- > Version: 3.12 > GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-) C++$() U$(+$) P+$>+++ > L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP > t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++> h(++)>+ r*>? z? > --END GEEK CODE BLOCK-- > decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html > > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] how to be not nice within C
On Mon, Mar 25, 2002 at 05:57:02PM -0800, Peter Jay Salzman wrote: > DOH!!! > > why oh why does man 1 nice have to come before man 2 nice?!? ;-) > > thanks, bill! Yeah. Irritating. Every time I want to man printf, I always end up with the shell 'printf' program's man page, not the C library one. ;) -bill! ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] how to be not nice within C
DOH!!! why oh why does man 1 nice have to come before man 2 nice?!? ;-) thanks, bill! pete Oegin nbs <[EMAIL PROTECTED]> > On Mon, Mar 25, 2002 at 05:43:54PM -0800, Peter Jay Salzman wrote: > > is there a way for an executable written in C to change its own nice > > value? > > > > is there a system call that does this sort of thing? > > As seen in "man 2 nice": ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] how to be not nice within C
On Mon, Mar 25, 2002 at 05:43:54PM -0800, Peter Jay Salzman wrote: > is there a way for an executable written in C to change its own nice > value? > > is there a system call that does this sort of thing? As seen in "man 2 nice": NAME nice - change process priority SYNOPSIS #include int nice(int inc); DESCRIPTION nice adds inc to the nice value for the calling pid. (A large nice value means a low priority.) Only the super user may specify a negative increment, or priority increase. (hoping that cut/pasted ok from man) -bill! ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] how to be not nice within C
On Mon, 25 Mar 2002, Peter Jay Salzman wrote: > is there a way for an executable written in C to change its own nice > value? > is there a system call that does this sort of thing? Not that I've tried this or anything, but have you tried system('renice 10'); ? (or whatever value you want, or sprintf(buffer, 'renice ', value) and system(buffer) to get a variable in there) --nicole twn *** "I know it's only trouble, I know it makes us real; but I could use just a month or two or ten to heal..."--Peter Mulvey Visit Nicolopolis! http://wwwcsif.cs.ucdavis.edu/~carlsonn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] how to be not nice within C
is there a way for an executable written in C to change its own nice value? is there a system call that does this sort of thing? pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
OK, thanks. I work with a lot of different distribution releases and like to put all the distribution-specific stuff in one partition, and things like /home and /opt and /tmp elsewhere. Since /var is more or less distribution-specific I tend to leave it in the root filesystem for my own use. It's just a convenience thing. Cheers, -- Rod http://www.sunsetsystems.com/ On Monday 25 March 2002 13:34, Rusty Minden wrote: > It is not hard to fill a computer with a load of crap. When a partition > is filled you can not do much with it until you get rid of the crap that > has it filled like core dumps or like a recent problem a program taking > up allot of space. Partitioning a hard drive for proper use is easy and > results in more security. I go a little overboard, but I like it that > way. I have /var separate / separate /usr separate /opt separate (I use > SuSE) /home serpate (making upgrades nice I usually do not loose data > when upgrading or even when trying out a new distro like Mandrake 8.2 > (IMHO a real dog). I also keep a partition /local that I have all of my > iso's for the IF in. > > Beyond that I have read several times to do it so I do. I have done so > since my second install and have not been unhappy with this decision. I > have had an instance when /var was filled and I could not mount it. So I > mounted it manually and removed a few of the backup files in /var that > SuSE put there and I was off and running again in no time. > > Rusty > > On Monday 25 March 2002 01:09 pm, you wrote: > > On Monday 25 March 2002 12:44, Rusty Minden wrote: > > > ... Is it partitioned properly IE is /var and / on separate > > > partitions this is a pet peeve of mine... > > > > I'm just curious to know why you feel so stongly about this. > > I've heard it before and tend to think it's a good idea, but > > never thought it was *that* big a deal. > > > > -- Rod > >http://www.sunsetsystems.com/ > > ___ > > vox-tech mailing list > > [EMAIL PROTECTED] > > http://lists.lugod.org/mailman/listinfo/vox-tech > > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
i'd have to agree with rusty on this. it's especially important for people with debian woody or sid. most of us upgrade our system multiple times a day. package updates get downloaded to /var/. after a few months of updating your system, all the cached packages can really eat up some hard drive. it's much nicer to see: apt-get: Not enough room to download requested packages. Try using apt-get clean to clear up some space. than to learn /var is full by getting "filesystem full" errors. also, we've seen loads of people on vox-tech whose (for whatever reason) logrotate daemon fails. perhaps they dual boot and aren't running anacron? i dunno. anyway, it doesn't create a HUGE problem (so i'd agree it's not crucial). but at least if /var is separate, you can use vim without getting pesky "can't open temp file for writing" errors. the only caveat for making /var its own partition is to make DAMN sure it's big enough. there's no worse feeling in the world than having a system with a /var that's too small. ok, a hyperbole to be sure, but i'm sure many of us here had the thought "i wish /var were bigger" at some point or another. it's especially important for people who are "X-drones". people who can't use linux if they don't have gnome or kde sapping up all their cpu. with a full /, their system won't even boot if the default runlevel is 5. and THAT'S a total bummer. :-) so: * having a separate /var can be very useful but not crucial * just make sure it's big enough pete begin Rusty Minden <[EMAIL PROTECTED]> > It is not hard to fill a computer with a load of crap. When a partition is > filled you can not do much with it until you get rid of the crap that has it > filled like core dumps or like a recent problem a program taking up allot of > space. Partitioning a hard drive for proper use is easy and results in more > security. I go a little overboard, but I like it that way. I have /var > separate / separate /usr separate /opt separate (I use SuSE) /home serpate > (making upgrades nice I usually do not loose data when upgrading or even when > trying out a new distro like Mandrake 8.2 (IMHO a real dog). I also keep a > partition /local that I have all of my iso's for the IF in. > > Beyond that I have read several times to do it so I do. I have done so since > my second install and have not been unhappy with this decision. I have had an > instance when /var was filled and I could not mount it. So I mounted it > manually and removed a few of the backup files in /var that SuSE put there > and I was off and running again in no time. > > Rusty > > On Monday 25 March 2002 01:09 pm, you wrote: > > On Monday 25 March 2002 12:44, Rusty Minden wrote: > > > ... Is it partitioned properly IE is /var and / on separate > > > partitions this is a pet peeve of mine... > > > > I'm just curious to know why you feel so stongly about this. > > I've heard it before and tend to think it's a good idea, but > > never thought it was *that* big a deal. > > > > -- Rod > >http://www.sunsetsystems.com/ > > ___ > > vox-tech mailing list > > [EMAIL PROTECTED] > > http://lists.lugod.org/mailman/listinfo/vox-tech > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
It is not hard to fill a computer with a load of crap. When a partition is filled you can not do much with it until you get rid of the crap that has it filled like core dumps or like a recent problem a program taking up allot of space. Partitioning a hard drive for proper use is easy and results in more security. I go a little overboard, but I like it that way. I have /var separate / separate /usr separate /opt separate (I use SuSE) /home serpate (making upgrades nice I usually do not loose data when upgrading or even when trying out a new distro like Mandrake 8.2 (IMHO a real dog). I also keep a partition /local that I have all of my iso's for the IF in. Beyond that I have read several times to do it so I do. I have done so since my second install and have not been unhappy with this decision. I have had an instance when /var was filled and I could not mount it. So I mounted it manually and removed a few of the backup files in /var that SuSE put there and I was off and running again in no time. Rusty On Monday 25 March 2002 01:09 pm, you wrote: > On Monday 25 March 2002 12:44, Rusty Minden wrote: > > ... Is it partitioned properly IE is /var and / on separate > > partitions this is a pet peeve of mine... > > I'm just curious to know why you feel so stongly about this. > I've heard it before and tend to think it's a good idea, but > never thought it was *that* big a deal. > > -- Rod >http://www.sunsetsystems.com/ > ___ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
On Monday 25 March 2002 12:44, Rusty Minden wrote: > ... Is it partitioned properly IE is /var and / on separate > partitions this is a pet peeve of mine... I'm just curious to know why you feel so stongly about this. I've heard it before and tend to think it's a good idea, but never thought it was *that* big a deal. -- Rod http://www.sunsetsystems.com/ ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
begin Rusty Minden <[EMAIL PROTECTED]> > For what my limited advice is worth I would start by checking the install. Is > it partitioned properly IE is /var and / on separate partitions this is a pet > peeve of mine I like to start with proper partitioning, but that is only my > opinion. good advice, but i think you mean ie instead of IE, which could be interpreted as something else. ;) > Check your system for proper patches and keep it to a minimum. * actually, go hog wild on proper patches. don't stop installing them, and keep on installing them until you've installed ALL of them. :) * keep /functionality/ to a minimum (which is what rusty was saying). this is pretty standard stuff: don't enable cgi's or SSI unless you use them. don't load apache modules you won't use. many distros turn everything on but the kitchen sink by default. * disable directory browsing so people can't look at what files you have. * install portsentry, at least for a few months just so that you educate yourself on what nasty traffic you have. key point: DON'T FREAK OUT. you'll see lots of nasty stuff. mostly doorknob twisting that you really don't need to care about. but you should at *least* be aware of. once you have the ability to look at your portsentry logs and not want to vomit your breakfast all over your keyboard, then you can uninstall portsentry. * use a log reader. i use logcheck based on jeff's advice. it's pretty good, but i don't think the filtering works 100% as advertised. > The more > software you have installed the more can go wrong IE less is better than more > :-) Other than that keep good logs and check them monitor your traffic and > use programs like ntop to monitor your network flow and saint to look for > security holes like unused ports. * yes. use saint, or even better, nmap. saint is kind of over the hill and not maintained well. nmap is pretty much the defacto standard. * other things you CAN use are cops and tara (both very out of date). > You may also want to look into a good > security book. LUGOD has one that I donated a while back and I have "Hack > Proofing LINUX" by Syngress Press. I was impressed with it personally. Look > at http://www.nerdbooks.com for other good books Dave has a great book store. excellent advice. all the advice in the world can't equal reading a good book. and nerdbooks.com is the best place to go. they're linux friendly, lugod friendly and has an incredible assortment of books. security is a tug of war between a tight system vs convenience and time you want to spend thinking about security. no clear cut value of how much is enough. but i think everything i mention here is prolly more than enough for a home adsl user. also, go to the vox-tech archives and read about mark kim's hacking project he did for a class at ucdavis. imho, it's in the top 10 "best posts ever made to vox-tech". pete ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Before I do this...
For what my limited advice is worth I would start by checking the install. Is it partitioned properly IE is /var and / on separate partitions this is a pet peeve of mine I like to start with proper partitioning, but that is only my opinion. Make certain that you have the accessed files properly separated from the rest of your system and if you are accepting data from browsers check for overflows and such. Check your system for proper patches and keep it to a minimum. The more software you have installed the more can go wrong IE less is better than more :-) Other than that keep good logs and check them monitor your traffic and use programs like ntop to monitor your network flow and saint to look for security holes like unused ports. You may also want to look into a good security book. LUGOD has one that I donated a while back and I have "Hack Proofing LINUX" by Syngress Press. I was impressed with it personally. Look at http://www.nerdbooks.com for other good books Dave has a great book store. The last item keep backups. Do it offten and keep them for at least a few weeks cdr's are dirt cheep so don't shoot yourself in the foot by not backing up your system. Rusty On Monday 25 March 2002 10:09 am, you wrote: > Please forgive a network newbie. > > I would like to set up one of the computers in my house as a webserver > on port 8080. I already know how to configure Apache on the computer, > and the firewall on our router... But I also know that opening this > computer to port 8080 will expose it to security risks and that I should > take precautions on the computer in addition to the router. > > So... What precautions should I take on the computer that will be > hosting the website? > > For what it's worth, the computer in question is running RH7.2, and > Apache 1.3.22. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Before I do this...
Please forgive a network newbie. I would like to set up one of the computers in my house as a webserver on port 8080. I already know how to configure Apache on the computer, and the firewall on our router... But I also know that opening this computer to port 8080 will expose it to security risks and that I should take precautions on the computer in addition to the router. So... What precautions should I take on the computer that will be hosting the website? For what it's worth, the computer in question is running RH7.2, and Apache 1.3.22. -- Sliante, Richard S. Crawford mailto:[EMAIL PROTECTED] http://www.mossroot.com AIM: Buffalo2K ICQ: 11646404 Yahoo!: rscrawford MSN: [EMAIL PROTECTED] "It is only with the heart that we see rightly; what is essential is invisible to the eye." --Antoine de Saint Exupery ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech