Re: [Cooker] Too many unneeded packages

2001-08-28 Thread Daniel Woods 

 Granted, gphoto2 is only 70k, libgphoto2 only 515k and efax is only some
 200k in size - but this adds up!

Not just that, but from a security point of view, the less stuff installed,
the less chance of being r00ted.  After all, if a vulnerability is later
found in a package you don't even use, a local or remote exploit won't
make you a happy camper.  However, a reported vulnerability for a package
you do NOT have installed can simply be ignored by you.

Thanks... Dan.

Re: [Cooker] Whois

2001-05-01 Thread Daniel Woods 

 Terrible Tom [EMAIL PROTECTED] writes:
  On Friday 27 April 2001 22:22, you wrote:
   bash: whois: command not found
   What happened to whois?
  
  take that back, you're right it is gone :(
 
 (chmou@no)[~]-% urpmf bin/whois
 fwhois:/usr/bin/whois

I recommend getting whois from
http://www.linux.it/~md/software/
http://www.linux.it/~md/software/whois_4.5.6.tar.gz

It will automatically grab the proper whois server
based on country code, and then pull up the record.
Works great !

Thanks... Dan.

Re: [Cooker] RC1 feedback

2001-04-11 Thread Daniel Woods 

 First off in the slides that run during the package installation,  The
 wording needs to change.
 "Thanks to have chosen Linux-Mandrake"  Just doen't sound right.  how
 about "Thank you for chosing Linux-Mandrake"  or something along those
 lines.

That should be...
"Thank you for choosing Linux-Mandrake"
  ^
Thanks... Dan.

[Cooker] help: ext2 superblock disk problems

2001-04-08 Thread Daniel Woods 

It appears I screwed up a LM7.1 campus production server
by trying to add a windows partition for backup purposes
with PowerQuest Drive Image 3.  At first I created ok at
the end of the disk, and DI3 saw that but would not write
the image file (of Linux partitions) to that C: drive.

I copied the contents of /dev/hda6 (/var) and /dev/hda7
(var/lib) to a scratch partition (/dev/hda10). Then
I used a win98 bootup disk, and Partition Magic 5 to
delete those partitions as a merged FAT32 partition.
When I tried to reboot, it complained about a kernel panic
with no init= set, and suggested passing it to Grub/Lilo.

I am able to win98 boot into it, however even the LM7.1
bootup disk did not work (same error as regular bootup).
I booted up with Tom's Root Boot disk, and I can mount
the windows partition, but none of the Linux ones.
I tried to mount the /boot partition with...
  # mount -t ext2 /dev/hda1 /mnt
  EXT2-fs: 03:0a:  couldn't mount because of unsupported
  optional features.
  mount: wrong fs type, bad option, bad superblock on
  /dev/hda1 or too many mounted filesystems.

I then tried...
  # e2fsck /dev/hda1
  Filesystem has unsupported features.
  The superblock could not be read or does not describe
  a correct superblock. Try using a different superblock
  size such as:[-b 8193]

Still no luck.

Ok, so using PM5 after I initially created the partitions
with 'fdisk' was not a smart move (in hindsight), but
how do I fix that now ?
Is there another utility that could help ?
Other suggestions ?

Thanks... Dan.

Re: [Cooker] Before you release 8.0 - RPM very huge bug!!!

2001-03-22 Thread Daniel Woods 

  (1) We assume that when you want a server installed, that most probably
  means that you want it activated because you will use it ;
 Not necessarily. The assumption was not 100% valid because the logic is:
 when I install something it doesn't mean that I want it to run right
 away. For example:

I agree with all points tha Prana made. Services should only be
started when they are PROPERLY and SECURELY configured.  Let the
user decide when that is, not the OS.

I still especially suggest that an expert install means that we
want the above before *we* are ready to let users use the service.
Experts know hoe to start the services they want, let us do it.

Just because we install a service, does not mean we are immediately
ready to run it. People who have worked in government, universities,
or large corporate companies will understand the politics involved,
and how sometimes decisions move slowly. Yuch!

Thanks... Dan.

University of Calgary
Library and Computing Services

RE: [Cooker] Mandrake 7.2 + 8.0 bloated and resource hog!

2001-03-09 Thread Daniel Woods 

Don,

 I see this as a VERY SERIOUS issue that needs to be looked
 into.  RPM CAN NOT re-enable services that I've disabled!

Strongly agree !

 There are some services that should be enabled by
 default, in my opinion:
 
 Workstation installs:
 xfs, cups/lpd, crond, drakfont, gpm, harddrake, kudzu,
 sound, network, usb, sshd (if installed), xinetd (but
 none of the services), numlock

This looks good.

 Development installs:
 Probably similar to the above..
 
 Server installs:
 cups/lpd, crond, network, usb, sshd, xinetd (maybe some
 of the services), nfs, smb, httpd, ypserv (if
 installed), ldap, mysql, named, postfix, portmap, etc.

Disagree. Yes, these can be part of the installation, but
absolutely do NOT turn on the services which are for remote
access, like nfs, smb, httpd, ypserv, mysql, named, ...

People installing servers are more knowledgeable about
Unix/Linux, and they (like me) will turn them on when
ready.  First an administrator needs to put security
TCP wrappers in place, one service at a time.

Thanks... Dan.

Re: [Cooker] shutdown on Linux

2000-12-11 Thread Daniel Woods 

 I want to allow non-root users to shutdown and reboot the PC. According to 
 the shutdown man page :
 
If shutdown  is  called with the -a argument (add this to the
invocation of shutdown in /etc/inittab), it checks to  see

- my /etc/inittab file contains...
# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -a -t3 -r now


if  the file /etc/shutdown.allow is present.  It then comĀ­

# cat /etc/shutdown.allow
root
dwoods

Thanks... Dan.

Re: [Cooker] CVS news

2000-12-07 Thread Daniel Woods 

 from the quill of Chmouel Boudjnah [EMAIL PROTECTED] on scroll
 [EMAIL PROTECTED]
  "Brian J. Murrell" [EMAIL PROTECTED] writes:
  
   Thanks Chmouel!  I think.  It looks and functions just like cvsweb. 
   What is better about it?
  
  try open .sh file to see colors...
 
 OK, cool.  Is that the extent of the difference to cvsweb though?  I
 don't mean to be critical, at all Chmouel.  I am just trying to find out
 what new cool stuff this tool does.
 -- 
 Brian J. Murrell

How about installing it and trying it out for yourself, and then you
can compare the differences for yourself.
It is always your choice as to which you want to use.

Thanks... Dan.

Re: [Cooker] xinetd problem in 7.2 ?

2000-11-23 Thread Daniel Woods 

 Yo,

Yo Yo,

Thanks to Chmouel and Geoffrey.  :)

 On Wed, Nov 22, 2000 at 03:56:56PM -0700, Daniel Woods wrote:
  I would like to find out more about xinetd, any docs besides man pages ?
  
  I got xinetd-2.1.8.9pre12-2mdk.i586.rpm from current 7.2 version.
  When trying to install xinet*, I get ...
  # rpm -ivh xinet*
  error: failed dependencies:
  /etc/init.d is needed by xinetd-2.1.8.9pre12-2mdk
  
  Why is it looking for /etc/init.d instead of /etc/rc.d/init.d
  on my LM7.1 system ?(I see nothing relevant in the changelog).
 
 Because of fhs compliance you need things like this.
 Install latest filesystem /initscripts and things should be gone.
 Be careful since these are base system packate, just warning so that you don't
 screw your system ..

I got the 7.2 version of initscripts and updated my 7.1 system and it works.
I was then able to install xinetd-* and update wu-ftpd-*

  I am trying to install 'wu-ftpd-2.6.1-7mdk.i586.rpm' which depends on
  error: failed dependencies:
  xinetd   is needed by wu-ftpd-2.6.1-7mdk
  
  Trying to install both at the same time still gives the /etc/init.d error
  on my LM7.1 server.
 
 xinetd is now the choice over inetd.

Any real world examples beyond the man pages ?
Mainly IP restricted ftp, telnet, pop3 and imap (yes, I mainly use ssh).

Thanks... Dan.

[Cooker] xinetd problem in 7.2 ?

2000-11-22 Thread Daniel Woods 

I would like to find out more about xinetd, any docs besides man pages ?

I got xinetd-2.1.8.9pre12-2mdk.i586.rpm from current 7.2 version.
When trying to install xinet*, I get ...
# rpm -ivh xinet*
error: failed dependencies:
/etc/init.d is needed by xinetd-2.1.8.9pre12-2mdk

Why is it looking for /etc/init.d instead of /etc/rc.d/init.d
on my LM7.1 system ?(I see nothing relevant in the changelog).

I am trying to install 'wu-ftpd-2.6.1-7mdk.i586.rpm' which depends on
error: failed dependencies:
xinetd   is needed by wu-ftpd-2.6.1-7mdk

Trying to install both at the same time still gives the /etc/init.d error
on my LM7.1 server.

Thanks... Dan.

Re: [Cooker] ext3

2000-11-17 Thread Daniel Woods 

  Is ext3 avalible during install on cooker and 7.2 or do you have to use ext2 
  then add ext3? Also what is involved with converting ext2 to ext3 partitions?
 
 ext3 is not available yet.

Currently Partition Magic, Drive Image, and Ghost have support for ext2.
Does anyone know if they will likely support ext3 before reiserfs ?

To me this is a good reason to make ext3 available to us in the next release.

Thanks... Dan.

Re: [Cooker] Apache Freshen killed my log files

2000-11-17 Thread Daniel Woods 

 I did a rpm -Fvh of my apache and it killed my log files How?!!
 
 Is it too much to ask that the installation scripts not delete apache log
 files ever? Please??
 Ciao
 ST Lim

Or even worse, the 3.14 rpm from 7.2 installed on top of LM7.1 changed
the httpd owner to a new user called 'apache' !  Frankly I would like
to know about changes like this *before* I upgrade, not after as I
scramble around to fix things.

The standard user for this purpose has always been nobody or www.
Could the install script not check if those are already being used,
and such a user exists, and then leave the current setup alone ?

Thanks... Dan.

Re: [Cooker] chrooted Bind

2000-11-15 Thread Daniel Woods 

   Is it possible to perform an installation of chrooted bind?? That is can
 I do rpm -ivh --prefix=chroot bind?
 
   I have a problem with the updated files for bind.  It is not able to
 perform named-xfers...  That is:
 1. I have the chroot directory install.
 2. Modified /etc/init.d/named so that it reads:
   daemon named -u named -g named -t chroot
 3. Added the file /usr/sbin/named-xfer to chroot/usr/sbin/named-xfer with
 permissions 0755.
 4. Restarted the server and got the message:
 Nov 14 13:11:49 www named[6343]: chrooted to chroot
 Nov 14 13:11:49 www named[6343]: group = named
 Nov 14 13:11:49 www named[6343]: user = named
 Nov 14 13:11:49 www named[6343]: Ready to answer queries.
 Nov 14 13:11:49 www named[6346]: can't exec
 /usr/sbin/named-xfer: Permission denied
 in syslog
 5. How??

I use user 'dns' instead of 'named' to not confuse it with the program.

Here's a listing of user 'dns'...
# ls -l /home/dns
drwx--2 dns  dns  4096 Sep  9 12:13 dev/
drwx--2 dns  dns  4096 Nov  2 12:32 etc/
drwx--2 dns  dns  4096 Nov 11 10:29 lib/
drwx--3 dns  dns  4096 Sep  4 17:30 usr/
drwx--5 dns  dns  4096 Nov 11 10:33 var/

### Each program/file is copied from the system so that it has 'dns' permission
### and any compromise is restricted to user 'dns'.
-rw-r--r--1 dns  dns  2048 Nov  2 12:32 /home/dns/etc/named.conf
-rwxr-x---1 dns  dns   5262426 Sep  5 18:33 /home/dns/lib/libc.so.6*
-rwxr-x---1 dns  dns483816 Sep  5 18:33 /home/dns/lib/ld-linux.so.2*
crw-rw-r--1 dns  dns1,   3 Sep  4 17:30 /home/dns/dev/null
-rwxr-x---1 dns  dns583356 Nov 10 14:09 /home/dns/usr/sbin/named*
-rwxr-x---1 dns  dns309116 Nov 10 14:09 /home/dns/usr/sbin/named-xfer*
-rwxr-x---1 dns  dns 39708 Nov 10 14:09 /home/dns/usr/sbin/ndc*
lrwxrwxrwx1 dns  dns18 Nov 11 10:33 /home/dns/var/named.log - 
/var/log/named.lo
-rw-r-1 dns  dns  2769 Sep  4 04:07 /home/dns/var/named/named.ca
-rw-r-1 dns  dns   330 Nov  2 11:11 /home/dns/var/named/named.local
-rw-r-1 dns  dns   828 Nov  2 11:16 /home/dns/var/named/com.mysite
-rw-r-1 dns  dns 0 Nov 11 10:41 /home/dns/var/lock/subsys/named

### I also made these links (ln -s) to make sure things point to the right place.
/etc/named.conf - /home/dns/etc/named.conf
/var/named - /home/dns/var/named/


### I modified /etc/rc.d/init.d/named (latest bind security fix) to look like this...
### (Perhaps Mandrake can make similar changes)

#!/bin/sh
#
# named   This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 2345 55 45
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true

CHROOT=/home/dns

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ]  exit 0

[ -f $CHROOT/usr/sbin/named ] || exit 0

[ -f $CHROOT/etc/named.conf ] || exit 0

RETVAL=0

# See how we were called.
case "$1" in
  start)
# Start daemons.
echo -n "Starting named: "
daemon $CHROOT/usr/sbin/named -u dns -g dns
  RETVAL=$?
  [ $RETVAL -eq 0 ]  touch $CHROOT/var/lock/subsys/named
  echo
;;
  stop)
# Stop daemons.
echo -n "Shutting down named: "
killproc $CHROOT/usr/sbin/named
  RETVAL=$?
  [ $RETVAL -eq 0 ]  rm -f $CHROOT/var/lock/subsys/named
echo
;;
  status)
  $CHROOT/usr/sbin/ndc status
  exit $?
  ;;
  restart)
  $0 stop
  $0 start
  ;;
  reload)
  $CHROOT/usr/sbin/ndc reload
  exit $?
  ;;
  probe)
  # named knows how to reload intelligently; we don't want linuxconf
  # to offer to restart every time
  $CHROOT/usr/sbin/ndc reload /dev/null 21 || echo start
  exit 0
  ;;

  *)
echo "Usage: $CHROOT/usr/sbin/named {start|stop|status|restart}"
exit 1
esac

exit $RETVAL


### This has been working well for me.

Thanks... Dan.

Re: [Cooker] Crufty Perl Installation in 7.2

2000-11-04 Thread Daniel Woods 

 I believe you need to get 
 perl-devel-5.600-17mdk
 to have the *.h files it may be looking for.

I should have double-checked first, but it appears that there is
no devel package as I thought. I don't have it on my system and
'perl -MCPAN -e shell'  works for me.

Thanks... Dan.

Re: [Cooker] postfix rpm loses man pages

2000-11-03 Thread Daniel Woods 

 I updated my LM7.1 version of postfix with the devel version
 postfix-19991231_pl08-5mdk.i586.rpm
 No problem updating, except that I no longer have man pages for
 any of the postfix programs
 ex: man postfix, man 1 postfix, man postmap, ...
 I installed the devel groff-* packages but the problem still
 exists for user root or non-root.
 I saw that the new files have group 'man' in /usr/share/man/man1
 -rw-r--r--1 root man   803 Oct  3 12:16 postlog.1.bz2
 -rw-r--r--1 root man  1704 Oct  3 12:16 postmap.1.bz2
 -rw-r--r--1 root man  1002 Oct  3 12:16 postsuper.1.bz2
 -rw-r--r--1 root root 2503 Sep 30 17:43 rand.1.bz2
 -rw-r--r--1 root root 8395 Sep 30 10:46 refer.1.bz2
 
 # ll /usr/bin/man 
 -rwxr-sr-x1 root man 36720 Jul  6 08:41 /usr/bin/man*
 
 Even changing the permission of the bz2 files to root does not help.
 I tried bunzip2'ing and re-bzip2'ing a file but no change. I still
 use the 7.1 /usr/lib/libbz2.so.0 file.
 
 I was not allerted of any other dependencies, so what else is there ?
 
 P.S. I want to upgrade via latest RPM because I discovered that the
 postfix version in 7.1 has a bug fixed in patch level 2 (as per Wietse).
 I was not able to send to [EMAIL PROTECTED] but [EMAIL PROTECTED] works.
 The LM7.2 version corrects the problem but I have no man pages :(

Could others verify if they get a man page with 'man postfix' !
Has anyone else seen this problem, or solved it ?

Thanks... Dan.

Re: [Cooker] Crufty Perl Installation in 7.2

2000-11-03 Thread Daniel Woods 

 One of the biggest timesavers that I had come across is years was the CPAN
 shell for installing perl modules (perl -MCPAN -e shell), ...

Yes, very nice !

 ... perl is broken on Mandrake 7.2, I am kind of at a loss here. Short of
 removing everything perl and perl related and recompiling perl from
 scratch,.. I'm not sure how to handle this.
 
 Any ideas?
 Thanks, Aaron Newsome

I believe you need to get 
perl-devel-5.600-17mdk
to have the *.h files it may be looking for.
Chances are that you had installed this in 7.1, and now you need to do
it again for 7.2

 BTW,.. rpm -q -a | grep perl reports 
 
 perl-base-5.600-17mdk
 perl-5.600-17mdk
 ...

Thanks... Dan.

[Cooker] postfix rpm loses man pages

2000-10-30 Thread Daniel Woods 

I updated my LM7.1 version of postfix with the devel version
postfix-19991231_pl08-5mdk.i586.rpm
No problem updating, except that I no longer have man pages for
any of the postfix programs
ex: man postfix, man 1 postfix, man postmap, ...
I installed the devel groff-* packages but the problem still
exists for user root or non-root.
I saw that the new files have group 'man' in /usr/share/man/man1
-rw-r--r--1 root man   803 Oct  3 12:16 postlog.1.bz2
-rw-r--r--1 root man  1704 Oct  3 12:16 postmap.1.bz2
-rw-r--r--1 root man  1002 Oct  3 12:16 postsuper.1.bz2
-rw-r--r--1 root root 2503 Sep 30 17:43 rand.1.bz2
-rw-r--r--1 root root 8395 Sep 30 10:46 refer.1.bz2

# ll /usr/bin/man 
-rwxr-sr-x1 root man 36720 Jul  6 08:41 /usr/bin/man*

Even changing the permission of the bz2 files to root does not help.
I tried bunzip2'ing and re-bzip2'ing a file but no change. I still
use the 7.1 /usr/lib/libbz2.so.0 file.

I was not allerted of any other dependencies, so what else is there ?

P.S. I want to upgrade via latest RPM because I discovered that the
postfix version in 7.1 has a bug fixed in patch level 2 (as per Wietse).
I was not able to send to [EMAIL PROTECTED] but [EMAIL PROTECTED] works.
The LM7.2 version corrects the problem but I have no man pages :(

Thanks... Dan.

Re: [Cooker] ssh

2000-10-26 Thread Daniel Woods 

 I personally think that it should default to secure, and only go 
 into "insecure" mode if a checkbox or other prompt is chosen for home 
 desktop pc.

Agreed !

 That would give a "best of both worlds" solution... leaving it up to the 
 user to decide what is best for him/her, and if they dont know what they 
 are doing, by choosing "home workstation" or Home Desktop or what-have-
 you, they are given the current non-ssh installation, but "expert" 
 and "custom" get ssh and disabled (to remote hosts) telnet.

Actually, I think the home users should have it turned on by default
since *they* are the ones that get r00ted !  Those of us doing server
or expert installs will also *expect* it.

Thanks... Dan.

[Cooker] Where's sounddrake ?

2000-10-26 Thread Daniel Woods 

I wanted to upgrade my LM7.1 version of sounddrake to see
if my sound card could be auto-recognized. However I don't
find *any* sounddrake in devel or cooker ? What happened ?

Thanks... Dan.

Re: [Cooker] Where's sounddrake ?

2000-10-26 Thread Daniel Woods 

 Am 2000-10-26, um 13:16:01 (-0600) schrieb Daniel Woods:
  I wanted to upgrade my LM7.1 version of sounddrake to see
  if my sound card could be auto-recognized. However I don't
  find *any* sounddrake in devel or cooker ? What happened ?
 
 You have to update detect-lst, detect and harddrake. SoundDrake like 
 EtherDrake are now wizards of HardDrake.
 Run HardDrake and go into the Soundcard submenu. Click on Run 
 configuration tool then.

Great. I uninstalled the LM7.1 rpms, and installed 7.2beta harddrake
RPM.  My sound card is in the list now (VT82c686 - via82cxxx_audio).
However trying to use it gave me "can't locate module sound-slot-0".
I don't know where that is, nor is via82cxxx_audio in 7.1.

Thanks... Dan.

Re: [Cooker] 7.1 Install chokes with NTFS partitions

2000-10-22 Thread Daniel Woods 

 It assigns sda1, sda5, sda6, sda7, sda8 and sda9 to the 6 
 partions on the SCSI drive.  It skips minor(?) numbers 2, 3 and 4.  Note 
 that there are 3 NTFS5 partitons on the drive but they are not 
 consecutive. The SCSI drive is set up, in order, as : fat32, ntfs5, 
 fat32, ntfs5, ntfs5, fat32.
 Furthermore, (the real problem) when partitioning and formatting the 
 blank IDE drive, Drakx assigns the partitions without using the minor 
 numbers 2, 3, and 4; i.e., the first partition gets assigned as hda1 but 
 the second is hda5, third is hda6, fourth is hda7, and so forth.

Perhaps who misunderstand how formating works. Your *primary* partitions
will be in hda1, hda2, hda3, hda4. *Logical* partitions start from hda5
and onwards. Most likely you first partition is primary partition 1
(hda1), and your second partition is an *extended* partition. Within
the extended partition, your *logical* partitions will start from hda5,
and so on... 

Thanks... Dan.

Re: [Cooker] i486 Release?

2000-10-18 Thread Daniel Woods 

 I'd like to see a 7.2/486 ISO not long after the
 7.2/586 is released. 
 Don Head  [[EMAIL PROTECTED]]

For that matter, why not also have a 686 version ;)

Thanks... Dan.

Re: [Cooker] security

2000-10-03 Thread Daniel Woods 

 I lent my 7.2b3 CDs to a friend of mine who is I have to say very happy
 with his Linux. I encountered some differences between his system and
 mine where security is concerned. I presume he just installed his
 version with a different install setting than myself. When he starts up
 his machine which is set to go straight into init 5, he is automatically
 logged in. On my system I get the GDM login screen (how it should be!).
 How can I set his computer *not* to automatically log him in. Another
 security feature is that his normal users are able to use commands like
 lsmod, whereas on my system I have to be root to do this. How do I make
 his system more secure? Is there a Mandrake tool to change Mandrake
 security levels? 

try 'msec 3'

and/or install the *secure* kernel version (look for crypto downloads).

Thanks... Dan.

Re: [Cooker] My request (including security) for Mandrake 7.2final

2000-10-03 Thread Daniel Woods 

  1) Security
  I will be really glad if most of the unnecessary services are turned off
  for default install, including but not limited to, inetd daemon. It
  minimizes or prevents the chance any attacks such as Denial of service
  and buffer overflow. Let's take a look at the last big security problem:
 
 It's done for most servers. Please give us a list of exact services you
 would like to see disabled, if you want more precise answer..

Definitely, all services should be off until the user can enable them
later when they actually need it.  Let newbie users learn on the newbie
list when they want to use something. If not, they WILL get cracked.
A newbie who installs a fresh LM7.1 and does not know to get updates,
WILL be r00ted because of rpd.statd and wu-ftpd services running.

No one except experts *may* need sunrpc (port 111) service, and they
want a chance to set it up before turning on the service.

The only service that should be on is sshd with tcp-wrappers set to
localhost or LAN. Have OpenSSH sshd installed by default for the user, and
prompt them for a passphrase, RSA (ssh1) and DSA (ssh2), to put in the
~user/.ssh/ directory.

The *ONLY* /etc/inetd.conf services possibly installed should be no more than
ftp and telnet WITH tcp-wrappers set to allow ONLY from localhost or LAN.

Setup a good default /etc/rc.d/rc.firewall (well commented) which blocks 
spoofing attempts, etc.

No users (not even server installs) need httpd, postfix, pop3, imap,, named,
snmpd, linuxconf, webmin, portmap, netfs, xfs (only for remote X-sessions),
kheader (?), pcmcia (only for laptops), pretty much all K* services,
etc until they NEED to use them and they configured them properly. If the
Mandrake install process has setup good (secure) defaults, then the user only
needs to 'service xxx start' to start using it.

Try and chroot jail as many services as possible, like postfix and named dns.

I only have the following in my rc3.d and rc5.d directories for a server
that has X installed...
S09sound - ../init.d/sound*
S10network - ../init.d/network*
S20random - ../init.d/random*
S30syslog - ../init.d/syslog*
S40crond - ../init.d/crond*
S50inet - ../init.d/inet*  # tcp-wrapped ftp and telnet
S55named - ../init.d/named*# chroot'ed DNS
S55sshd - ../init.d/sshd*
S80postfix - ../init.d/postfix*
S85httpd - ../init.d/httpd*
S85numlock - ../init.d/numlock*
S99local - ../rc.local*

I only turn on gpm (console mouse) and kudsu (hardware detect) as required.
I also install the secure kernel, msec 3, run bastille-linux, install
portsentry and logcheck (from http://www.psionic.com).

My 2+1 cents (tax in Canada) ;)

Thanks... Dan.

Re: [Cooker] Logitechl Cordless Wheel Mouse

2000-09-23 Thread Daniel Woods 

 On Sat, 23 Sep 2000, you wrote:
  Does anyone knows how the Logitech Cordless
  Wheel Mouse is compatible with, so that I can
  use the Wheel on it too ?
 
  Daniel
 
  PS: Basic "Mouse" Stuff is working fine, just the Wheel ;)

 I use it, wheels works and also last installer detect it(as logitech mouse 
 man : you need move mouse and wheel during test also if at beginning cursor 
 disappears...;o)
 -
 Franco Silvestro

I don't know about the 'cordless' part, but you can try reading
how to get a Logitech Wheel Mouse working at...
http://www.freezer-burn.org/stories.php?story=24

Thanks... Dan.

[Cooker] mouseconfig resets XF86Config

2000-09-13 Thread Daniel Woods 

I realize this is the cooker list for 7.2 testing, but thought
that someone else could test this problem on 7.2 and see if it
also happens with XFree86 4.x

Last night I was using mouseconfig to change the mouse setting.
After doing so, regular user accounts could no longer 'startx'.
This is on a recently re-installed LM7.1, with XFree86 3.3.6,
and medium security.

It seems that mouseconfig resets the permission of
/etc/X11/XF86Config back to 640, instead of 644 (root:root).

Thanks... Dan.

Re: [Cooker] Linux VPN Masquerade

2000-09-11 Thread Daniel Woods 

  Does anyone know if the VPM Masqarading patch is in any of the Mandrake
  kernels? If not, I'd like to put in a request for it. (I want to be able
  to work from home behind my IP masq box :)
  http://www.wolfenet.com/~jhardin/ip_masq_vpn.html
 
 Yup it's already merged in my current kernel tree

Just to confirm... do you mean your recently released 2.2.17 final kernel,
or do you mean your development version (not accessible to us yet) ?
Since you say "current", I am guessing you mean 2.2.17 final.

Thanks... Dan.

Re: [Cooker] Linux VPN Masquerade

2000-09-10 Thread Daniel Woods 

On Sat, 9 Sep 2000, Steve Fox wrote:
 Does anyone know if the VPM Masqarading patch is in any of the Mandrake
 kernels? If not, I'd like to put in a request for it. (I want to be able
 to work from home behind my IP masq box :)
 
 http://www.wolfenet.com/~jhardin/ip_masq_vpn.html

I would second that... a secure kernel with VPN support, please ;)

Thanks... Dan.

[Cooker] crypto cooker of sftp ?

2000-08-23 Thread Daniel Woods 

Where are the *secure* packages for cooker ?

I was looking for the Mandrake version of sftp from
http://www.xbill.org/sftp/download/sftp-0.9.5-1.i386.rpm

As well, the cooker versions of openssh.  Going to
ftp://ftp.linuxberg.com/pub/distributions/Mandrake/Mandrake-crypto/7.1/
shows me Netscape 4.73, openssh-2.1.1p3 (latest is openssh-2.1.1p4).
sftp here is still version 0.7-3mdk

Thanks... Dan.

Re: [Cooker] Bundle::CPAN install problems with openssl

2000-08-22 Thread Daniel Woods 

  However I still have the following problem (as before)...
 [...]
   Checking for OpenSSL-0.9.3a or newer...
   I could not find your OpenSSL in `/usr/local/ssl'
   Please provide OpenSSL-0.9.3a installation directory (get from
http://www.openssl.org/ if you don't have it; please note that
SSLeay is no longer supported, see README) (C-c to abort):
 
 do you have openssl-devel installed? also try and tell it that it's in
 /usr/lib/ssl

Did not, but now I installed openssl-devel-0.9.5a-3mdk from cooker.
Same problem exists when I tried /usr/lib/ssl 
CPAN.pm: Going to build S/SA/SAMPO/Net_SSLeay.pm-1.05.tar.gz
...
Checking for OpenSSL-0.9.3a or newer...
I could not find your OpenSSL in `/usr/local/ssl'
Please provide OpenSSL-0.9.3a installation directory (get from
http://www.openssl.org/ if you don't have it; please note that
SSLeay is no longer supported, see README) (C-c to abort):
  /usr/lib/ssl/
I could not find your OpenSSL in `/usr/lib/ssl/'

I looked into the Makefile.pl script and determined that it was
expecting {path}/bin/openssl  So trying /usr instead of /usr/bin
*did* work.  However, it hung when Net::SSLeay tried 'make test',
and refused to 'make install' (as part of cpan install). I then
went to the directory where cpan downloaded the source, and then
ran 'make install' from command line, and this worked.

After modifying "ssl=1" in /etc/webmin/miniserv.conf, I now have
secure SSL (https://) to my webmin web pages.

Thanks... Dan.

[Cooker] Bundle::CPAN install problems with openssl

2000-08-18 Thread Daniel Woods 

*** I am trying to update a Perl module using CPAN installation
alias cpan='perl -MCPAN -e shell'# auto-installing Perl modules via CPAN

*** I installed all the cooker Perl5.6-* RPMs required and openssl-*.
I want Net_SSLeay-* to have webmin more secure via SSL.

# cpan
cpan shell -- CPAN exploration and modules installation (v1.52)
ReadLine support enabled
cpan install Net::SSLeay
...
Net_SSLeay.pm-1.05/SSLeay.pm

  CPAN.pm: Going to build S/SA/SAMPO/Net_SSLeay.pm-1.05.tar.gz

Checking for OpenSSL-0.9.3a or newer...
I could not find your OpenSSL in `/usr/local/ssl'
Please provide OpenSSL-0.9.3a installation directory (get from
 http://www.openssl.org/ if you don't have it; please note that
 SSLeay is no longer supported, see README) (C-c to abort):
/usr/bin/

*** From here I can't get pass this to point to L-M's RPM of openssl
# rpm -ql openssl-0.9.5a-3mdk
/usr/bin/c_rehash
/usr/bin/openssl
/usr/doc/openssl-0.9.5a
/usr/doc/openssl-0.9.5a/CHANGES
/usr/doc/openssl-0.9.5a/LICENSE
/usr/lib/libcrypto.so.0
/usr/lib/libcrypto.so.0.9.5
/usr/lib/libssl.so.0
/usr/lib/libssl.so.0.9.5


*** And then I try to update my version of CPAN to 1.57
cpan install Bundle::CPAN
Running make for R/RB/RBS/File-Spec-0.82.tar.gz
...
File-Spec-0.82/Makefile.PL
Removing previously used /root/.cpan/build/File-Spec-0.82

  CPAN.pm: Going to build R/RB/RBS/File-Spec-0.82.tar.gz

Checking if your kit is complete...
Looks good

Error: Unable to locate installed Perl libraries or Perl source code.

It is recommended that you install perl in a standard location before
building extensions. Some precompiled versions of perl do not contain
these header files, so you cannot build extensions. In such a case,
please build and install your perl from a fresh perl distribution. It
usually solves this kind of problem.

(You get this message, because MakeMaker could not find 
"/usr/lib/perl5/5.6.0/i386-linux/CORE/perl.h")

*** I can't find any perl.h in /usr/lib/perl5/

*** Why does the cooker versions of Perl5.6 break the availability of using
CPAN for auto-installs (a common thing to use) ?

Thanks... Dan.

Re: [Cooker] Bundle::CPAN install problems with openssl

2000-08-18 Thread Daniel Woods 

On Fri, 18 Aug 2000, Daniel Woods wrote:
 *** I am trying to update a Perl module using CPAN installation
 alias cpan='perl -MCPAN -e shell'# auto-installing Perl modules via CPAN

I see this got posted 3 times, but I know for a fact I only sent it once.
So please don't yell at me for this.  Denis admitted on the expert list
that there are "bumps" right now with their systems.

Thanks... Dan.

[Cooker] ImageMagick and Netscape

2000-08-16 Thread Daniel Woods 

Being new to the cooker list, I would to get some feedback on
proper use and reporting expectations.

I wanted to update to Netscape 4.74 on my LM7.1 version.
I got the files from cooker and found it had dependancies,
which I got.  Problem was that at some point I found it hard
to figure out what RPMs I needed to get.  I found out about
rpmfind and this has helped.

Throughout the whole process (at some point), I was not able
to install ImageMagick-5_2_2-6mdk_i586.rpm because of 
rpm -Uvh ImageMagick-5_2_2-6mdk_i586.rpm 
error: failed dependencies:
ImageMagick-lib = 5.2.2 is needed by ImageMagick-5.2.2-6mdk
libdps.so.1 is needed by ImageMagick-5.2.2-6mdk
libdpstk.so.1 is needed by ImageMagick-5.2.2-6mdk

I installed ImageMagick-lib, and rpmfind told me it wanted to
install to transfer
ftp://rpmfind.net/linux/MandrakeCooker/cooker/Mandrake/RPMS/XFree86-libs-4.0.1-6mdk.i586.rpm

So it requires XFree86 version 4 to be installed. I am not ready
to install this now, so I have given up on ImageMagick (not important).
Same is true for perl-Magick-5_2_2-6mdk_i586.rpm

My questions...
1/ are cooker users expected to download and use *all* of the latest,
   or is it acceptable to grab only the wanted modules ?
2/ is the next release of LM expecting to use XFree86 version 4 only ?
3/ do I report problems with installs here, even if I don't use the
   full cooker distro ?

Thanks... Dan.

Re: [Cooker] PHP and MySQL problems

2000-08-16 Thread Daniel Woods 

On Sat, 12 Aug 2000 [EMAIL PROTECTED] wrote:
 There seems to be a definite problem with MySQL support in the latest
 PHP/Apache RPMs. I've got all of the RPMs installed and PHP support
 enabled, the php.ini says to load mysql.so, but no matter what, making
 MySQL calls fails with:

I also seemed to run into this problem (possibly already reported).
I installed the latest cooker Apache modules and MySQL-3.23.22-* versions.
When trying to install mod_php3-mysql-3_0_16-7mdk_i586.rpm , I get
error: failed dependencies:
mysql-shared-libs is needed by mod_php3-mysql-3.0.16-7mdk
libmysqlclient.so.6 is needed by mod_php3-mysql-3.0.16-7mdk

# rpmfind mysql-shared-libs(also libmysqlclient.so.6)
ftp://rpmfind.net/linux/Mandrake/7.1/Mandrake/RPMS2/MySQL-shared-libs-3.22.32-5mdk.i586.rpm

Thanks... Dan.