Re: [vox-tech] how to be not nice within C

[Peter Jay Salzman]

begin nbs <[EMAIL PROTECTED]> 
> On Mon, Mar 25, 2002 at 05:57:02PM -0800, Peter Jay Salzman wrote:
> > DOH!!!
> > 
> > why oh why does man 1 nice have to come before man 2 nice?!?   ;-)
> > 
> > thanks, bill!
> 
> Yeah.  Irritating.  Every time I want to man printf, I always end up
> with the shell 'printf' program's man page, not the C library one. ;)
 
heh.  good to know i'm not the only one that keeps making the same
mistakes.   there's hardly a week that goes by that i don't type, at
least once:

man printf
q
man 3 printf

pete
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] need to debug boot crash

[Charles Polisher]

On Sun, Mar 24, 2002 at 09:49:56PM -0800, eric nelson wrote:
> ME wrote:
> 
> > On Sun, 24 Mar 2002, eric nelson wrote:
> > > Its not panicking.  I'm doing an nfs mount of the os, and something went
> > > wrong init the initscripts.  The shift-pageup is a really good idea, I didn't
> > > know about that.  The problem is that so many errors spewed out that I
> > > coulldn't get far enough back.
> >
> > You doing network booting of a client with an NFS root from a server?
> >
> > We have about 80 diskless workstations doing net-booting here from the
> > same "ro" NFS export. What specific errors are being reported?
> 
> First, something about mount program didn't pass correct address, then
> RPC: sendmsg returned error 101
> nfs: RPC call returned error 101
>  over and over
> 
> There are so many errors, that I can't scroll back.  I'll need to redo the kernel
> w/ the option Peter Jay Salzman mentioned.
> 
> I'm not doing the kind of mount straight from the bios, but I want to learn how to
> do that one, later.  I have a boot floppy which loads a kernel, then gets an
> address from dhcp server, then mounts on nfs.  I'm sure the problem is in init
> scripts, or fstab or something.
> 
> It's good to know someone is doing this, it's a great approach.

If you can snoop the wire (from another box), the trace
might diagnose the problem.  Something like:

# tcpdump -i eth0 -nvvvxl -s100 host foo

where foo is the troubled host. Etherreal or some such utility might
be easier to interpret. Anyway, if you can watch the conversation
taking place between the host and client, the problem sometimes
jumps right out - eg., if it's an authentication error.

HTH,

Chuck Polisher
-- 
The best way to get information on Usenet is not by asking a question, but
by posting inaccurate information.


___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] need to debug boot crash

[eric nelson]

ME wrote:

> On Sun, 24 Mar 2002, eric nelson wrote:
> > First, something about mount program didn't pass correct address, then
> > RPC: sendmsg returned error 101
> > nfs: RPC call returned error 101
> >  over and over
> >
> > There are so many errors, that I can't scroll back.  I'll need to redo
> > the kernel w/ the option Peter Jay Salzman mentioned.
> >
> > I'm not doing the kind of mount straight from the bios, but I want to
> > learn how to do that one, later.  I have a boot floppy which loads a
> > kernel, then gets an address from dhcp server, then mounts on nfs.
> > I'm sure the problem is in init scripts, or fstab or something.
> >
> > It's good to know someone is doing this, it's a great approach.
>
> First, check out the netboot howto/docs.
>
> Second, make sure the server is exporting the filesystems in question on a
> non-netbooting box/session with normal
> # mount -t nfs host.name:/export/path /local/mount/point
>
> Why? You can make sure the server's /etc/hosts.[allow||deny] is set up in
> such a way to allow portmap and nfs stuff from a client's IP address to
> work.
>
> If that works, then try to test the next step. Start up a netbootable
> kernel with loadlin or lilo (special entry on a disk-booting system) to
> tell it to netboot instead of use the local disk. Certainly, it will still
> grab a kernel from the local disk but shyould do the rest over the network
> like it was diskless.
>
> Checkout /usr/src/linux/Documentation/nfsroot.txt
>
> You should be able to add an entry to lilo.conf (or at the lilo
> prompt) like:
>
> (Use IP addresses to eliminate DNS as yet another piece to work out.)
>
> LILO:
> Boot: mykernel root=/dev/nfs nfsroot=IP.Addr.Of.Srvr:/path/to/root/export
> ip=::*
>
> *= See the above mentioned linux kernel doc for this line.
>
> It is a good idea to test with a hand-enetered IP address for client and
> server as well as all other info to eliminate bootp/dhcp from the list of
> possible problems.
>
> And you could, of course, have added those items into a separate
> lilo.conf entry to save re-entry of those keystrokes every single time.
>
> If that works, then remove the client ip and let everything else be
> determined except for server ip,
>
> next drop server IP and let it all be dynamic, and then try to shift to
> let the special bootp/dhcp response include the nfsroot.
>
> (At this point, if all else works, then you would only be passing the:
> root=/dev/nfs
> )
>
> Next, if you want it to be true network booting (bootp/dhcp then tftp of
> kernel, and finally boting kernel get nfsroot and goes) then you will
> likely need some sort of modification to your final compiled kernel that
> would be dl via tftp (a boot strapper of sorts.) I use the netboot stuff
> with programmed EPROMS dropped into the ethernet cards. (
> http://sourceforge.net/projects/netboot )

Thanks for the major breakdown of the project.  It's going to take me a little
while to read these docs., and go through the whole process, but we want to use
this for two things:

1) testing an os we are putting together.  we can work on the os on a host
machine, then boot it on the target to test, so the target is a simple machine
and the host has full development enviroment.

2) we are developing a linux based product, which will net boot as an option,
so we need to understand the whole process very well.

I have read that people use this technique to boot multiple diskless
workstations.  Is that what you use it for?

>
>
> I have found testing each part, one-at-a-time save troubleshooting and
> leads to a steady advance to solutions.
>
> Of course, there is a great sense of accomplishment when you take a big
> project with lots of pieces, throw it all together and note that it all
> works the first time too. ]:>
>
> -ME
>
> -BEGIN GEEK CODE BLOCK-
> Version: 3.12
> GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-) C++$() U$(+$) P+$>+++
> L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
> t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++> h(++)>+ r*>? z?
> --END GEEK CODE BLOCK--
> decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
>
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech

___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] how to be not nice within C

[nbs]

On Mon, Mar 25, 2002 at 05:57:02PM -0800, Peter Jay Salzman wrote:
> DOH!!!
> 
> why oh why does man 1 nice have to come before man 2 nice?!?   ;-)
> 
> thanks, bill!

Yeah.  Irritating.  Every time I want to man printf, I always end up
with the shell 'printf' program's man page, not the C library one. ;)

-bill!
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] how to be not nice within C

[Peter Jay Salzman]

DOH!!!

why oh why does man 1 nice have to come before man 2 nice?!?   ;-)

thanks, bill!

pete


Oegin nbs <[EMAIL PROTECTED]> 
> On Mon, Mar 25, 2002 at 05:43:54PM -0800, Peter Jay Salzman wrote:
> > is there a way for an executable written in C to change its own nice
> > value?
> > 
> > is there a system call that does this sort of thing?
> 
> As seen in "man 2 nice":
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] how to be not nice within C

[nbs]

On Mon, Mar 25, 2002 at 05:43:54PM -0800, Peter Jay Salzman wrote:
> is there a way for an executable written in C to change its own nice
> value?
> 
> is there a system call that does this sort of thing?

As seen in "man 2 nice":

  NAME
   nice - change process priority

  SYNOPSIS
   #include 

   int nice(int inc);

  DESCRIPTION
   nice  adds  inc to the nice value for the calling pid.  (A
   large nice value means a low priority.)  Only  the  super
   user   may  specify  a  negative  increment,  or  priority
   increase.


(hoping that cut/pasted ok from man)

-bill!
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] how to be not nice within C

[Nicole Carlson]

On Mon, 25 Mar 2002, Peter Jay Salzman wrote:
> is there a way for an executable written in C to change its own nice
> value?
> is there a system call that does this sort of thing?

Not that I've tried this or anything, but have you tried
  system('renice 10');
?

(or whatever value you want, or sprintf(buffer, 'renice ', value) and
system(buffer) to get a variable in there)

--nicole twn
***
"I know it's only trouble, I know it makes us real; but I could use just a
month or two or ten to heal..."--Peter Mulvey
Visit Nicolopolis! http://wwwcsif.cs.ucdavis.edu/~carlsonn
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]

___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

[vox-tech] how to be not nice within C

[Peter Jay Salzman]

is there a way for an executable written in C to change its own nice
value?

is there a system call that does this sort of thing?

pete
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Before I do this...

[Rod Roark]

OK, thanks.  I work with a lot of different distribution releases
and like to put all the distribution-specific stuff in one
partition, and things like /home and /opt and /tmp elsewhere.

Since /var is more or less distribution-specific I tend to leave
it in the root filesystem for my own use.  It's just a 
convenience thing.

Cheers,

-- Rod
   http://www.sunsetsystems.com/

On Monday 25 March 2002 13:34, Rusty Minden wrote:
> It is not hard to fill a computer with a load of crap. When a partition
> is filled you can not do much with it until you get rid of the crap that
> has it filled like core dumps or like a recent problem a program taking
> up allot of space. Partitioning a hard drive for proper use is easy and
> results in more security. I go a little overboard, but I like it that
> way. I have /var separate / separate /usr separate /opt separate (I use
> SuSE) /home serpate (making upgrades nice I usually do not loose data
> when upgrading or even when trying out a new distro like Mandrake 8.2
> (IMHO a real dog). I also keep a partition /local that I have all of my
> iso's for the IF in.
>
> Beyond that I have read several times to do it so I do. I have done so
> since my second install and have not been unhappy with this decision. I
> have had an instance when /var was filled and I could not mount it. So I
> mounted it manually and removed a few of the backup files in /var that
> SuSE put there and I was off and running again in no time.
>
> Rusty
>
> On Monday 25 March 2002 01:09 pm, you wrote:
> > On Monday 25 March 2002 12:44, Rusty Minden wrote:
> > > ... Is it partitioned properly IE is /var and / on separate
> > > partitions this is a pet peeve of mine...
> >
> > I'm just curious to know why you feel so stongly about this.
> > I've heard it before and tend to think it's a good idea, but
> > never thought it was *that* big a deal.
> >
> > -- Rod
> >http://www.sunsetsystems.com/
> > ___
> > vox-tech mailing list
> > [EMAIL PROTECTED]
> > http://lists.lugod.org/mailman/listinfo/vox-tech
>
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Before I do this...

[Peter Jay Salzman]

i'd have to agree with rusty on this.

it's especially important for people with debian woody or sid.  most of
us upgrade our system multiple times a day.  package updates get
downloaded to /var/.  after a few months of updating your system, all
the cached packages can really eat up some hard drive.

it's much nicer to see:

apt-get: Not enough room to download requested packages.  Try using
 apt-get clean to clear up some space.

than to learn /var is full by getting "filesystem full" errors.

also, we've seen loads of people on vox-tech whose (for whatever reason)
logrotate daemon fails.  perhaps they dual boot and aren't running
anacron?  i dunno.  anyway, it doesn't create a HUGE problem (so i'd
agree it's not crucial).  but at least if /var is separate, you can use
vim without getting pesky "can't open temp file for writing" errors.

the only caveat for making /var its own partition is to make DAMN sure
it's big enough.  there's no worse feeling in the world than having a
system with a /var that's too small.

ok, a hyperbole to be sure, but i'm sure many of us here had the thought
"i wish /var were bigger" at some point or another.

it's especially important for people who are "X-drones".  people who
can't use linux if they don't have gnome or kde sapping up all their
cpu.  with a full /, their system won't even boot if the default
runlevel is 5.

and THAT'S a total bummer.   :-)

so:

* having a separate /var can be very useful but not crucial
* just make sure it's big enough

pete



begin Rusty Minden <[EMAIL PROTECTED]> 
> It is not hard to fill a computer with a load of crap. When a partition is 
> filled you can not do much with it until you get rid of the crap that has it 
> filled like core dumps or like a recent problem a program taking up allot of 
> space. Partitioning a hard drive for proper use is easy and results in more 
> security. I go a little overboard, but I like it that way. I have /var 
> separate / separate /usr separate /opt separate (I use SuSE) /home serpate 
> (making upgrades nice I usually do not loose data when upgrading or even when 
> trying out a new distro like Mandrake 8.2 (IMHO a real dog). I also keep a 
> partition /local that I have all of my iso's for the IF in.
> 
> Beyond that I have read several times to do it so I do. I have done so since 
> my second install and have not been unhappy with this decision. I have had an 
> instance when /var was filled and I could not mount it. So I mounted it 
> manually and removed a few of the backup files in /var that SuSE put there 
> and I was off and running again in no time.
> 
> Rusty
> 
> On Monday 25 March 2002 01:09 pm, you wrote:
> > On Monday 25 March 2002 12:44, Rusty Minden wrote:
> > > ... Is it partitioned properly IE is /var and / on separate
> > > partitions this is a pet peeve of mine...
> >
> > I'm just curious to know why you feel so stongly about this.
> > I've heard it before and tend to think it's a good idea, but
> > never thought it was *that* big a deal.
> >
> > -- Rod
> >http://www.sunsetsystems.com/
> > ___
> > vox-tech mailing list
> > [EMAIL PROTECTED]
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Before I do this...

[Rusty Minden]

It is not hard to fill a computer with a load of crap. When a partition is 
filled you can not do much with it until you get rid of the crap that has it 
filled like core dumps or like a recent problem a program taking up allot of 
space. Partitioning a hard drive for proper use is easy and results in more 
security. I go a little overboard, but I like it that way. I have /var 
separate / separate /usr separate /opt separate (I use SuSE) /home serpate 
(making upgrades nice I usually do not loose data when upgrading or even when 
trying out a new distro like Mandrake 8.2 (IMHO a real dog). I also keep a 
partition /local that I have all of my iso's for the IF in.

Beyond that I have read several times to do it so I do. I have done so since 
my second install and have not been unhappy with this decision. I have had an 
instance when /var was filled and I could not mount it. So I mounted it 
manually and removed a few of the backup files in /var that SuSE put there 
and I was off and running again in no time.

Rusty

On Monday 25 March 2002 01:09 pm, you wrote:
> On Monday 25 March 2002 12:44, Rusty Minden wrote:
> > ... Is it partitioned properly IE is /var and / on separate
> > partitions this is a pet peeve of mine...
>
> I'm just curious to know why you feel so stongly about this.
> I've heard it before and tend to think it's a good idea, but
> never thought it was *that* big a deal.
>
> -- Rod
>http://www.sunsetsystems.com/
> ___
> vox-tech mailing list
> [EMAIL PROTECTED]
> http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Before I do this...

[Rod Roark]

On Monday 25 March 2002 12:44, Rusty Minden wrote:
> ... Is it partitioned properly IE is /var and / on separate
> partitions this is a pet peeve of mine...

I'm just curious to know why you feel so stongly about this.
I've heard it before and tend to think it's a good idea, but
never thought it was *that* big a deal.

-- Rod
   http://www.sunsetsystems.com/
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Before I do this...

[Peter Jay Salzman]

begin Rusty Minden <[EMAIL PROTECTED]> 
> For what my limited advice is worth I would start by checking the install. Is 
> it partitioned properly IE is /var and / on separate partitions this is a pet 
> peeve of mine I like to start with proper partitioning, but that is only my 
> opinion. 

good advice, but i think you mean ie instead of IE, which could be
interpreted as something else.  ;)

> Check your system for proper patches and keep it to a minimum.

* actually, go hog wild on proper patches.  don't stop installing them,
  and keep on installing them until you've installed ALL of them.  :)

* keep /functionality/ to a minimum (which is what rusty was saying).
  this is pretty standard stuff:
  don't enable cgi's or SSI unless you use them.  don't load apache
  modules you won't use.  many distros turn everything on but the
  kitchen sink by default.

* disable directory browsing so people can't look at what files you have.

* install portsentry, at least for a few months just so that you educate
  yourself on what nasty traffic you have.  key point: DON'T FREAK OUT.
  you'll see lots of nasty stuff.  mostly doorknob twisting that you
  really don't need to care about.  but you should at *least* be aware
  of.

  once you have the ability to look at your portsentry logs and not want
  to vomit your breakfast all over your keyboard, then you can uninstall
  portsentry.

* use a log reader.  i use logcheck based on jeff's advice.  it's pretty
  good, but i don't think the filtering works 100% as advertised.

> The more 
> software you have installed the more can go wrong IE less is better than more 
> :-) Other than that keep good logs and check them monitor your traffic and 
> use programs like ntop to monitor your network flow and saint to look for 
> security holes like unused ports.

* yes.  use saint, or even better, nmap.  saint is kind of over the hill
  and not maintained well.  nmap is pretty much the defacto standard.

* other things you CAN use are cops and tara (both very out of date).

> You may also want to look into a good 
> security book. LUGOD has one that I donated a while back and I have "Hack 
> Proofing LINUX" by Syngress Press. I was impressed with it personally. Look 
> at http://www.nerdbooks.com for other good books Dave has a great book store.

excellent advice.  all the advice in the world can't equal reading a
good book.  and nerdbooks.com is the best place to go.  they're linux
friendly, lugod friendly and has an incredible assortment of books.

security is a tug of war between a tight system vs convenience and time
you want to spend thinking about security.  no clear cut value of how
much is enough.  but i think everything i mention here is prolly more
than enough for a home adsl user.

also, go to the vox-tech archives and read about mark kim's hacking
project he did for a class at ucdavis.  imho, it's in the top 10 "best
posts ever made to vox-tech".

pete
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

Re: [vox-tech] Before I do this...

[Rusty Minden]

For what my limited advice is worth I would start by checking the install. Is 
it partitioned properly IE is /var and / on separate partitions this is a pet 
peeve of mine I like to start with proper partitioning, but that is only my 
opinion. 

Make certain that you have the accessed files properly separated from the 
rest of your system and if you are accepting data from browsers check for 
overflows and such.

Check your system for proper patches and keep it to a minimum. The more 
software you have installed the more can go wrong IE less is better than more 
:-) Other than that keep good logs and check them monitor your traffic and 
use programs like ntop to monitor your network flow and saint to look for 
security holes like unused ports. You may also want to look into a good 
security book. LUGOD has one that I donated a while back and I have "Hack 
Proofing LINUX" by Syngress Press. I was impressed with it personally. Look 
at http://www.nerdbooks.com for other good books Dave has a great book store.

The last item keep backups. Do it offten and keep them for at least a few 
weeks cdr's are dirt cheep so don't shoot yourself in the foot by not backing 
up your system.

Rusty

On Monday 25 March 2002 10:09 am, you wrote:
> Please forgive a network newbie.
>
> I would like to set up one of the computers in my house as a webserver
> on port 8080.  I already know how to configure Apache on the computer,
> and the firewall on our router... But I also know that opening this
> computer to port 8080 will expose it to security risks and that I should
> take precautions on the computer in addition to the router.
>
> So...  What precautions should I take on the computer that will be
> hosting the website?
>
> For what it's worth, the computer in question is running RH7.2, and
> Apache 1.3.22.
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech

[vox-tech] Before I do this...

[Richard S. Crawford]

Please forgive a network newbie.

I would like to set up one of the computers in my house as a webserver
on port 8080.  I already know how to configure Apache on the computer,
and the firewall on our router... But I also know that opening this
computer to port 8080 will expose it to security risks and that I should
take precautions on the computer in addition to the router.

So...  What precautions should I take on the computer that will be
hosting the website?

For what it's worth, the computer in question is running RH7.2, and
Apache 1.3.22.

-- 
Sliante,
Richard S. Crawford

mailto:[EMAIL PROTECTED]  http://www.mossroot.com
AIM:  Buffalo2K   ICQ: 11646404  Yahoo!: rscrawford
MSN:  [EMAIL PROTECTED]

"It is only with the heart that we see rightly; what is essential is
invisible to the eye."  --Antoine de Saint Exupery

___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech