Re: SSH Daemon failing
It appears to run fine to begin with, loading libraries and reading config
files, these are the last few lines. It tries to fork, and then just dies.
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 672) = 672
_llseek(3, 0, [0], SEEK_SET)= 0
fcntl64(3, F_GETFL) = 0x8000 (flags
O_RDONLY|O_LARGEFILE)
fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 672
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 451
--- SIGCHLD (Child exited) ---
_exit(0)
On a box where SSH is working
fstat(3, {st_mode=S_IFREG|0600, st_size=668, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 668
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 6632
_exit(0)= ?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
- Original Message -
From: "Jean-Francois Dive" <[EMAIL PROTECTED]>
To: "Andrew Tait" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, February 25, 2002 4:24 PM
Subject: Re: SSH Daemon failing
> strace it to see what's in there , could be meaningfull..
>
> JeF
>
> On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote:
> > Hi All,
> >
> > A few days ago SSH just failed on me, out of the blue.
> >
> > Everytime I start ssh (/etc/init.d/ssh start), this appears in the
auth.log
> > file:
> >
> > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success
> >
> > I can run ssh in debug mode (sshd -d) or by telling it not to detach
> > (sshd -D) and it runs fine. It just when it tried to daemonise itself
that
> > it fails, as you can see by the log files. Other processes such as
syslogd
> > start/stop fine.
> >
> > Any suggestions?
> >
> > Andrew Tait
> > System Administrator
> > Country NetLink Pty, Ltd
> > E-Mail: [EMAIL PROTECTED]
> > WWW: http://www.cnl.com.au
> > 30 Bank St Cobram, VIC 3644, Australia
> > Ph: +61 (03) 58 711 000
> > Fax: +61 (03) 58 711 874
> >
> > "It's the smell! If there is such a thing." Agent Smith - The Matrix
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
> >
>
> --
> -> Jean-Francois Dive
> --> [EMAIL PROTECTED]
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>
Re: SSH Daemon failing
strace it to see what's in there , could be meaningfull.. JeF On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? > > Andrew Tait > System Administrator > Country NetLink Pty, Ltd > E-Mail: [EMAIL PROTECTED] > WWW: http://www.cnl.com.au > 30 Bank St Cobram, VIC 3644, Australia > Ph: +61 (03) 58 711 000 > Fax: +61 (03) 58 711 874 > > "It's the smell! If there is such a thing." Agent Smith - The Matrix > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED]
Re: SSH Daemon failing
That only affects the SSH client, the problem I am having is with the SSH server. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "Donovan Baarda" <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; Sent: Monday, February 25, 2002 4:10 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > > > I have already tried purging the package and downloading it again (will > > check the MD5 sums afterward to make sure). > > It might have something to do with running ssh without suid-root set... > > run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. > > > -- > -- > ABO: finger [EMAIL PROTECTED] for more info, including pgp key > -- >
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > I have already tried purging the package and downloading it again (will > check the MD5 sums afterward to make sure). It might have something to do with running ssh without suid-root set... run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: true x86 PCI bus speeds/specs
On Sat, 23 Feb 2002 20:14, Jeff S Wheeler wrote: > The most common PCI bus is 32 bits wide, and operates at 33MHz. Its Actually it's usually 33.333MHz (which means it divides into the CPU FSB speed which is designed to divide into the CPU core speed which is a multiple of 100MHz). Not sure whether the specs say 33.33 or 33. But most machines seem to work fine at 33.33. > to 528MBytes/sec. And numerous motherboard implementations have more > than one PCI bus, so you could but high-bandwidth perhipherals on each > of the two buses, and not substantially impact performance or cause them > to compete for resources. The motherboards that have multiple busses are too expensive for most people. If you want a home-user type machine then expect to spend an extra $300 (10% of the cost of the machine and more than most people will be prepared to pay). If you want a rack-mount server machine then you may be looking at a $5K vs $15K price difference!!! My prices may be a bit outdated, but I expect that the differences still apply. > Now, all card/driver combinations have some overhead associated with > them. The bus isn't 100% efficient, but on many "consumer-grade" > mainboards the 32 bit / 33MHz bus will push 110MBytes/sec or more in > real-world use. If you don't believe me, check the 3ware RAID card > reviews on storagereview.com (assuming SR is still up). Or just test a regular IDE drive on a regular IDE controller (the IDE interface on the motherboard is bridged through the PCI bus). Having 2 IDE drives each delivering 25MB/s at the same time is easy, even on old hardware. > This means a 100Mbit/sec network througput, which is 12.5MBytes/sec, > will easily fit within the maximum throughput of the PCI bus. The real > issue is kernel efficiency. Zero-copy TCP and things like that are > going to improve linux network performance by leaps and bounds. Going > from a 132MByte/sec bus to a 528MByte/sec bus will disappoint you :-) 12MB/s isn't THAT much, I would hope that even a 2.2.x kernel running on a Pentium could sustain that! The hard part comes when you have a large number of network cards. There is kernel support for copying data between network cards, but I don't think it works with packet filtering yet. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
Re: SSH Daemon failing
The machine is running woody and is up to date, SSH version 3.0.2p1-6. I have already tried purging the package and downloading it again (will check the MD5 sums afterward to make sure). Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: Sent: Monday, February 25, 2002 3:36 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > > Hi All, > > > > A few days ago SSH just failed on me, out of the blue. > > > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > > file: > > > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > > it fails, as you can see by the log files. Other processes such as syslogd > > start/stop fine. > > > > Any suggestions? > > What version of ssh? If you have a machine with the exact same sshd > binary, compare the md5sums. If you were running ssh v1, you may have been > hacked, and a trojaned sshd installed. > > Tim > > -- > > >< >>> Tim Sailer (at home) >< Coastal Internet,Inc. << >>> Network and Systems Operations >< PO Box 671 << >>> http://www.buoy.com >< Ridge, NY 11961 << >>> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)924-3728 (888) > 924-3728 << > >< >
Re: LSM or GRSecurity
On Sat, 23 Feb 2002 20:30, Jason Lim wrote: > Okay... i'm not sure if there has ever been a "religious" flame war > between the two camps supporting either LSM or GRSecurity, so I stress > this is not my intention. I originally packaged the GR Security kernel patch for Debian and I'm working on SE-Linux (which is one of the security modules for LSM). I have not been having religious arguements with myself. ;) > However, which security model is more suited to an ISP/Webhosting > environment (anyone ever done a head-to-head comparison between the two? > And which is easier to integrate with Debian, as such? I think Russell was > working on something like this, so perhaps he could expand a bit (or > whomever is in charge of this). If you want a nice easy way of locking down chroot's then GRSec is what you want. If you want a kernel patch that has a heap of different security improvements that are easy to use then GRSec is what you want. If you want something that you can deploy on your server right now then LSM is not an option. LSM is a modular security architecture that currently supports SE-Linux and (in 2.5.5) LIDS. It does not have some of the features of GRSec (network security improvements, chroot lock-down, easy lock-down of "ps aux" and "dmesg"), but apart from the network security patches it can all be done in SE Linux configuration. SE Linux is much harder to configure than GRSec. At the moment there is a lack of documentation and a lack of sample files for the common cases. Expect to spend at least a week of full-time work if you want to get SE Linux configured for your system! Also my packages of SE Linux programs are experimental and some of them break things... -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
Re: How fast can Linux-Firewalls be?
On Sat, 23 Feb 2002 15:10, Peter Billson wrote: > [EMAIL PROTECTED] wrote: > > What minimum characteristics would a Linux IP Masquerading Firewall > > Box need, to run a 100 Mbps link without slowing down traffic. > > There was some discussion last January (2001) about this type of > thing. The problem you will run into if you are using POTS Intel > hardware is the PCI bus speed, so you are going to have a tough time A 33MHz 32bit PCI bus can do 133MB/s in burst mode, a 66MHz bus allows 267MB/s, and a 66MHz 64bit bus (I've never seen a 64bit PCI network card so this is academic) can do up to 533MB/s. > filling one 100Mbs connection with an old Pentium - assuming an old > 66Mhz PCI bus. You can forget about filling two or more. Also, cheap No. Saturating a 100baseT (10MB/s) network link on an old Pentium is not a challenge. > NICs will do more to kill your max. throughput. Cheap NICs are unreliable, sometimes need to be reset to recover from hardware glitches (causing an interruption to traffic), and use more CPU time. If you have a sufficiently fast CPU and a small number of network cards then you'll probably get the same wire speed from cheap and expensive cards (apart from when the cheap card needs to be reset). If you want 6 network cards in a machine then you should get something half decent (clone Tulip card for example). > That being said, I run old Pentium 133s with 64Mb RAM in several > applications as routers and can notice no network latency on a 100BaseT > network, but I have never benchmarked the machines. Usually the My experience is that latency is noticable, but throughput remains the same. Compare pinging a P-133 vs pinging a 1.4GHz Athlon. You'll see a ping time difference, but you won't expect to see any real performance difference when routing through a couple of 100baseT network cards. But for firewalling the real issue is the number of firewall rules that have to be traversed. If each packet has to be checked against 1000 rules then even the newest Athlon machine may have problems. Have only 2 or 3 rules needed for most traffic and a Pentium will do the job. Make sure you order your rules so that the first rules traversed will be the most common ACCEPT rules. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? What version of ssh? If you have a machine with the exact same sshd binary, compare the md5sums. If you were running ssh v1, you may have been hacked, and a trojaned sshd installed. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet,Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << ><
SSH Daemon failing
Hi All, A few days ago SSH just failed on me, out of the blue. Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log file: Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success I can run ssh in debug mode (sshd -d) or by telling it not to detach (sshd -D) and it runs fine. It just when it tried to daemonise itself that it fails, as you can see by the log files. Other processes such as syslogd start/stop fine. Any suggestions? Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix
Re: desired webserver setup
On Sat, 23 Feb 2002 16:15, Matt Andreko wrote: > I'm trying to reorganize everything I have on all my servers, because > I'm going to be switching webservers soon. > Currently I have my websites in a "hacked up" manner. I have the main > site at /var/www, and then others at such as /var/www-sitename > > Can anyone give me a good standard way of putting websites in? I've seen > /www/sitename.com/ and such, which seems fair enough, but I was wanting > to see what everyone thought. Do it in a way that works with Apache bulk virtual hosting. > I'm going to basically have apache (with php, perl, & mysql) , proftpd, > and ssh on this machine. What would be an optimized way of setting > these up? And if anyone has some shell scripts or web-based scripts, > could I see those too? I'm probably going to end up developing my own > one day here, but if there's already a solution, why reinvent the wheel? Everything that I use is in my logtools package. See the doc directory for it. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
Re: Access Concentrator for PPPoE
On Thu, 1 Jan 1970 01:00, Rodrigo Cesar Herefeld wrote: > Does anyone knows a GPL`ed access concentrator for debian > GNU Linux > I`ve seen the comercial server of rp-pppoe and it`s interesting , but > controls too much what i can or cannot do.I wantende sth to implement on a > running debian system so i can control my wireless user in the ISP. I plan to add support for this to Portslave. Let me know if you're interested in helping code... -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
Re: SSH Daemon failing
It appears to run fine to begin with, loading libraries and reading config
files, these are the last few lines. It tries to fork, and then just dies.
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 672) = 672
_llseek(3, 0, [0], SEEK_SET)= 0
fcntl64(3, F_GETFL) = 0x8000 (flags
O_RDONLY|O_LARGEFILE)
fstat64(3, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 672
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 451
--- SIGCHLD (Child exited) ---
_exit(0)
On a box where SSH is working
fstat(3, {st_mode=S_IFREG|0600, st_size=668, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
_llseek(3, 0, [0], SEEK_CUR)= 0
read(3, "-BEGIN DSA PRIVATE KEY-\n"..., 4096) = 668
close(3)= 0
munmap(0x40016000, 4096)= 0
fork() = 6632
_exit(0)= ?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
- Original Message -
From: "Jean-Francois Dive" <[EMAIL PROTECTED]>
To: "Andrew Tait" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, February 25, 2002 4:24 PM
Subject: Re: SSH Daemon failing
> strace it to see what's in there , could be meaningfull..
>
> JeF
>
> On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote:
> > Hi All,
> >
> > A few days ago SSH just failed on me, out of the blue.
> >
> > Everytime I start ssh (/etc/init.d/ssh start), this appears in the
auth.log
> > file:
> >
> > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success
> >
> > I can run ssh in debug mode (sshd -d) or by telling it not to detach
> > (sshd -D) and it runs fine. It just when it tried to daemonise itself
that
> > it fails, as you can see by the log files. Other processes such as
syslogd
> > start/stop fine.
> >
> > Any suggestions?
> >
> > Andrew Tait
> > System Administrator
> > Country NetLink Pty, Ltd
> > E-Mail: [EMAIL PROTECTED]
> > WWW: http://www.cnl.com.au
> > 30 Bank St Cobram, VIC 3644, Australia
> > Ph: +61 (03) 58 711 000
> > Fax: +61 (03) 58 711 874
> >
> > "It's the smell! If there is such a thing." Agent Smith - The Matrix
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
> >
>
> --
> -> Jean-Francois Dive
> --> [EMAIL PROTECTED]
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
strace it to see what's in there , could be meaningfull.. JeF On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? > > Andrew Tait > System Administrator > Country NetLink Pty, Ltd > E-Mail: [EMAIL PROTECTED] > WWW: http://www.cnl.com.au > 30 Bank St Cobram, VIC 3644, Australia > Ph: +61 (03) 58 711 000 > Fax: +61 (03) 58 711 874 > > "It's the smell! If there is such a thing." Agent Smith - The Matrix > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
That only affects the SSH client, the problem I am having is with the SSH server. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "Donovan Baarda" <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, February 25, 2002 4:10 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > > > I have already tried purging the package and downloading it again (will > > check the MD5 sums afterward to make sure). > > It might have something to do with running ssh without suid-root set... > > run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. > > > -- > -- > ABO: finger [EMAIL PROTECTED] for more info, including pgp key > -- > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:52:24PM +1100, Andrew Tait wrote: > The machine is running woody and is up to date, SSH version 3.0.2p1-6. > > I have already tried purging the package and downloading it again (will > check the MD5 sums afterward to make sure). It might have something to do with running ssh without suid-root set... run "dpkg-reconfigure ssh" and turn on suid root when the option comes up. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: true x86 PCI bus speeds/specs
On Sat, 23 Feb 2002 20:14, Jeff S Wheeler wrote: > The most common PCI bus is 32 bits wide, and operates at 33MHz. Its Actually it's usually 33.333MHz (which means it divides into the CPU FSB speed which is designed to divide into the CPU core speed which is a multiple of 100MHz). Not sure whether the specs say 33.33 or 33. But most machines seem to work fine at 33.33. > to 528MBytes/sec. And numerous motherboard implementations have more > than one PCI bus, so you could but high-bandwidth perhipherals on each > of the two buses, and not substantially impact performance or cause them > to compete for resources. The motherboards that have multiple busses are too expensive for most people. If you want a home-user type machine then expect to spend an extra $300 (10% of the cost of the machine and more than most people will be prepared to pay). If you want a rack-mount server machine then you may be looking at a $5K vs $15K price difference!!! My prices may be a bit outdated, but I expect that the differences still apply. > Now, all card/driver combinations have some overhead associated with > them. The bus isn't 100% efficient, but on many "consumer-grade" > mainboards the 32 bit / 33MHz bus will push 110MBytes/sec or more in > real-world use. If you don't believe me, check the 3ware RAID card > reviews on storagereview.com (assuming SR is still up). Or just test a regular IDE drive on a regular IDE controller (the IDE interface on the motherboard is bridged through the PCI bus). Having 2 IDE drives each delivering 25MB/s at the same time is easy, even on old hardware. > This means a 100Mbit/sec network througput, which is 12.5MBytes/sec, > will easily fit within the maximum throughput of the PCI bus. The real > issue is kernel efficiency. Zero-copy TCP and things like that are > going to improve linux network performance by leaps and bounds. Going > from a 132MByte/sec bus to a 528MByte/sec bus will disappoint you :-) 12MB/s isn't THAT much, I would hope that even a 2.2.x kernel running on a Pentium could sustain that! The hard part comes when you have a large number of network cards. There is kernel support for copying data between network cards, but I don't think it works with packet filtering yet. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
The machine is running woody and is up to date, SSH version 3.0.2p1-6. I have already tried purging the package and downloading it again (will check the MD5 sums afterward to make sure). Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: <[EMAIL PROTECTED]> To: "Andrew Tait" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, February 25, 2002 3:36 PM Subject: Re: SSH Daemon failing > On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > > Hi All, > > > > A few days ago SSH just failed on me, out of the blue. > > > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > > file: > > > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > > it fails, as you can see by the log files. Other processes such as syslogd > > start/stop fine. > > > > Any suggestions? > > What version of ssh? If you have a machine with the exact same sshd > binary, compare the md5sums. If you were running ssh v1, you may have been > hacked, and a trojaned sshd installed. > > Tim > > -- > > >< >>> Tim Sailer (at home) >< Coastal Internet,Inc. << >>> Network and Systems Operations >< PO Box 671 << >>> http://www.buoy.com >< Ridge, NY 11961 << >>> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << > >< > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LSM or GRSecurity
On Sat, 23 Feb 2002 20:30, Jason Lim wrote: > Okay... i'm not sure if there has ever been a "religious" flame war > between the two camps supporting either LSM or GRSecurity, so I stress > this is not my intention. I originally packaged the GR Security kernel patch for Debian and I'm working on SE-Linux (which is one of the security modules for LSM). I have not been having religious arguements with myself. ;) > However, which security model is more suited to an ISP/Webhosting > environment (anyone ever done a head-to-head comparison between the two? > And which is easier to integrate with Debian, as such? I think Russell was > working on something like this, so perhaps he could expand a bit (or > whomever is in charge of this). If you want a nice easy way of locking down chroot's then GRSec is what you want. If you want a kernel patch that has a heap of different security improvements that are easy to use then GRSec is what you want. If you want something that you can deploy on your server right now then LSM is not an option. LSM is a modular security architecture that currently supports SE-Linux and (in 2.5.5) LIDS. It does not have some of the features of GRSec (network security improvements, chroot lock-down, easy lock-down of "ps aux" and "dmesg"), but apart from the network security patches it can all be done in SE Linux configuration. SE Linux is much harder to configure than GRSec. At the moment there is a lack of documentation and a lack of sample files for the common cases. Expect to spend at least a week of full-time work if you want to get SE Linux configured for your system! Also my packages of SE Linux programs are experimental and some of them break things... -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How fast can Linux-Firewalls be?
On Sat, 23 Feb 2002 15:10, Peter Billson wrote: > [EMAIL PROTECTED] wrote: > > What minimum characteristics would a Linux IP Masquerading Firewall > > Box need, to run a 100 Mbps link without slowing down traffic. > > There was some discussion last January (2001) about this type of > thing. The problem you will run into if you are using POTS Intel > hardware is the PCI bus speed, so you are going to have a tough time A 33MHz 32bit PCI bus can do 133MB/s in burst mode, a 66MHz bus allows 267MB/s, and a 66MHz 64bit bus (I've never seen a 64bit PCI network card so this is academic) can do up to 533MB/s. > filling one 100Mbs connection with an old Pentium - assuming an old > 66Mhz PCI bus. You can forget about filling two or more. Also, cheap No. Saturating a 100baseT (10MB/s) network link on an old Pentium is not a challenge. > NICs will do more to kill your max. throughput. Cheap NICs are unreliable, sometimes need to be reset to recover from hardware glitches (causing an interruption to traffic), and use more CPU time. If you have a sufficiently fast CPU and a small number of network cards then you'll probably get the same wire speed from cheap and expensive cards (apart from when the cheap card needs to be reset). If you want 6 network cards in a machine then you should get something half decent (clone Tulip card for example). > That being said, I run old Pentium 133s with 64Mb RAM in several > applications as routers and can notice no network latency on a 100BaseT > network, but I have never benchmarked the machines. Usually the My experience is that latency is noticable, but throughput remains the same. Compare pinging a P-133 vs pinging a 1.4GHz Athlon. You'll see a ping time difference, but you won't expect to see any real performance difference when routing through a couple of 100baseT network cards. But for firewalling the real issue is the number of firewall rules that have to be traversed. If each packet has to be checked against 1000 rules then even the newest Athlon machine may have problems. Have only 2 or 3 rules needed for most traffic and a Pentium will do the job. Make sure you order your rules so that the first rules traversed will be the most common ACCEPT rules. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Daemon failing
On Mon, Feb 25, 2002 at 03:27:07PM +1100, Andrew Tait wrote: > Hi All, > > A few days ago SSH just failed on me, out of the blue. > > Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log > file: > > Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success > > I can run ssh in debug mode (sshd -d) or by telling it not to detach > (sshd -D) and it runs fine. It just when it tried to daemonise itself that > it fails, as you can see by the log files. Other processes such as syslogd > start/stop fine. > > Any suggestions? What version of ssh? If you have a machine with the exact same sshd binary, compare the md5sums. If you were running ssh v1, you may have been hacked, and a trojaned sshd installed. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet,Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631)924-3728 (888) 924-3728 << >< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SSH Daemon failing
Hi All, A few days ago SSH just failed on me, out of the blue. Everytime I start ssh (/etc/init.d/ssh start), this appears in the auth.log file: Feb 25 13:50:44 porky sshd[453]: fatal: daemon() failed: Success I can run ssh in debug mode (sshd -d) or by telling it not to detach (sshd -D) and it runs fine. It just when it tried to daemonise itself that it fails, as you can see by the log files. Other processes such as syslogd start/stop fine. Any suggestions? Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: desired webserver setup
On Sat, 23 Feb 2002 16:15, Matt Andreko wrote: > I'm trying to reorganize everything I have on all my servers, because > I'm going to be switching webservers soon. > Currently I have my websites in a "hacked up" manner. I have the main > site at /var/www, and then others at such as /var/www-sitename > > Can anyone give me a good standard way of putting websites in? I've seen > /www/sitename.com/ and such, which seems fair enough, but I was wanting > to see what everyone thought. Do it in a way that works with Apache bulk virtual hosting. > I'm going to basically have apache (with php, perl, & mysql) , proftpd, > and ssh on this machine. What would be an optimized way of setting > these up? And if anyone has some shell scripts or web-based scripts, > could I see those too? I'm probably going to end up developing my own > one day here, but if there's already a solution, why reinvent the wheel? Everything that I use is in my logtools package. See the doc directory for it. -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Access Concentrator for PPPoE
On Thu, 1 Jan 1970 01:00, Rodrigo Cesar Herefeld wrote: > Does anyone knows a GPL`ed access concentrator for debian > GNU Linux > I`ve seen the comercial server of rp-pppoe and it`s interesting , but > controls too much what i can or cannot do.I wantende sth to implement on a > running debian system so i can control my wireless user in the ISP. I plan to add support for this to Portslave. Let me know if you're interested in helping code... -- Signatures >4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
UNSUBSCRIBE
Re: samba and PAM/LDAP
On Thu, Feb 21, 2002 at 10:22, [EMAIL PROTECTED] wrote: > On Thu, Feb 21, 2002 at 09:38:30PM -0500, Eric-Olivier Lamey wrote: > > On Wed, Feb 20, 2002 at 06:17, [EMAIL PROTECTED] wrote: > > > Hi, Folks. > > > I'm in the process of helping create a fully PAMified box with > > > LDAP authentication, and one thing I can not figure out how to work > > > is SAMBA and PAM. We've recompiled samba with PAM support, ldd shows > > > the pam libs linked, but authentication fails, and we never see any hits > > > on the LDAP server. Has anyone gone down this road before? > > > > Hi, > > You can get a nice Samba/LDAP setup by following the instructions > > on this web site: http://samba.idelax.org. It is RedHat oriented but > > should work nicely with Debian too :) > > idelax.org is an unknown domain... Oops, it is: http://samba.idealx.org/ -- Eric-Olivier Lamey
UNSUBSCRIBE
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba and PAM/LDAP
On Thu, Feb 21, 2002 at 10:22, [EMAIL PROTECTED] wrote: > On Thu, Feb 21, 2002 at 09:38:30PM -0500, Eric-Olivier Lamey wrote: > > On Wed, Feb 20, 2002 at 06:17, [EMAIL PROTECTED] wrote: > > > Hi, Folks. > > > I'm in the process of helping create a fully PAMified box with > > > LDAP authentication, and one thing I can not figure out how to work > > > is SAMBA and PAM. We've recompiled samba with PAM support, ldd shows > > > the pam libs linked, but authentication fails, and we never see any hits > > > on the LDAP server. Has anyone gone down this road before? > > > > Hi, > > You can get a nice Samba/LDAP setup by following the instructions > > on this web site: http://samba.idelax.org. It is RedHat oriented but > > should work nicely with Debian too :) > > idelax.org is an unknown domain... Oops, it is: http://samba.idealx.org/ -- Eric-Olivier Lamey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ping6 bug ?
Hello, I think I found bug in iputils-ping ping6 app: ping6 6bone-gw.ze.tarnow.pl -c2 PING 6bone-gw.ze.tarnow.pl(6bone-gw.ze.tarnow.pl) 56 data bytes >From 3ffe:81d0::2::13 icmp_seq=1 Destination unreachable: Address unreachableFrom 3ffe:81d0::2::13 icmp_seq=2 Destination unreachable: Address unreachable summary doesn't show until CTRL-C key pressed debian user Andrius K.
ping6 bug ?
Hello, I think I found bug in iputils-ping ping6 app: ping6 6bone-gw.ze.tarnow.pl -c2 PING 6bone-gw.ze.tarnow.pl(6bone-gw.ze.tarnow.pl) 56 data bytes >From 3ffe:81d0::2::13 icmp_seq=1 Destination unreachable: Address unreachableFrom 3ffe:81d0::2::13 icmp_seq=2 Destination unreachable: Address unreachable summary doesn't show until CTRL-C key pressed debian user Andrius K. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Webserver with php and cgi and suexec or cgiwrap - php-cgiwrap
Hi there, I am searching now for weeks to find the best way to secure my webserver. I want users to be able to run cgi and php scripts. For the securtity all the scripts have to run under there own names. All the users that may use scripts, have a virtual host. I tried with suexec. It works perfect, no problem. But at the tot of every php script, you have to add #!/usr/bin/php, witch gives a lot of trouble to users, by example when scripts are run by webserver from outside and the same script is also included (that the line should not exist). I couldn't find with the suexec configuration how to "solve" this. Anybody has an idea. Next thing i tried was the cgiwrapper. With a patch you can make 2, a cgiwrap and a php-cgiwrap, and then the first line isn't nesesarry anymore. Problem now, He looks after directory names, so all virtualhosts doesn't work, because he can't find the right user. The question now. What is the best and most secure way to solve this? Greetings, Casper Gondelach
Re: That antivirus spam...
*cough* Excuse me, my antivirus software went mental. I'm always doing things like this right after joining lists... Sorry, folks... Cheers, James -- James McDonald <[EMAIL PROTECTED]> > -Original Message- > From: MMEX_SA_ASP > Sent: 24 February 2002 08:44 > To: z-deb-isp > Subject: MailMonitor for Exchange delivery from quarantine > > MailMonitor for Exchange 2000 has found a virus or encrypted content in > the email. > Your mail administrator has removed the affected attachment(s) or part(s) > of the email before sending it to you. > For more details, contact your mail administrator.
Antigen found =*.eml file
Antigen for Exchange found Re%3A webhosting.EML matching =*.eml file filter. The file is currently Removed. The message, "MailMonitor for Exchange delivery from quarantine", was sent from [EMAIL PROTECTED] and was discovered in IMC Queues\Inbound located at The MASIE Center/LEARNING/KNOWLES.
MailMonitor for Exchange delivery from quarantine
MailMonitor for Exchange 2000 has found a virus or encrypted content in the email. Your mail administrator has removed the affected attachment(s) or part(s) of the email before sending it to you. For more details, contact your mail administrator.--- Begin Message --- Um...this here is the ISP listaint there a users lista around somewhere? real easy... By default, debian's apache comes with ~username directories enabled you can start there www.yourserver.com/~dude1/ should bring up /home/dude1/public_html/index.htmlthats there for free...in default About giving hosting as per domainname, the easy way to do this is to go and dl webmin from webmin.com, install it and go to the apache moduleits pretty much self explanatory after that... Okay...go to the bottom and put the name of the host (dude1.yourserver.com) and your own ip address (you want name based virtual hosting since its easyer). In that servers document root, there should be the web directory that will be accesed by said dude1/home/dude1/public_html php is enabled by simply apt-get install php4 and uncommenting the corresponding AddModule directive in /etc/apache/httpd.conf perl is somehow the same but its a little bit different and i wont get myself into it now (STFW?, RTFM?) ftp is installed by doing apt-get install proftpd and presto, each user has an ftp account by default...you just tell them tu upload to public_html dir. Mail is much different with virtual hosts and i wont go into that (see above) >Thank you for any message. Im surprised you got one but heyim in the mood Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- End Message ---
Re: webhosting
Um...this here is the ISP listaint there a users lista around somewhere? real easy... By default, debian's apache comes with ~username directories enabled you can start there www.yourserver.com/~dude1/ should bring up /home/dude1/public_html/index.htmlthats there for free...in default About giving hosting as per domainname, the easy way to do this is to go and dl webmin from webmin.com, install it and go to the apache moduleits pretty much self explanatory after that... Okay...go to the bottom and put the name of the host (dude1.yourserver.com) and your own ip address (you want name based virtual hosting since its easyer). In that servers document root, there should be the web directory that will be accesed by said dude1/home/dude1/public_html php is enabled by simply apt-get install php4 and uncommenting the corresponding AddModule directive in /etc/apache/httpd.conf perl is somehow the same but its a little bit different and i wont get myself into it now (STFW?, RTFM?) ftp is installed by doing apt-get install proftpd and presto, each user has an ftp account by default...you just tell them tu upload to public_html dir. Mail is much different with virtual hosts and i wont go into that (see above) >Thank you for any message. Im surprised you got one but heyim in the mood Alex
Webserver with php and cgi and suexec or cgiwrap - php-cgiwrap
Hi there, I am searching now for weeks to find the best way to secure my webserver. I want users to be able to run cgi and php scripts. For the securtity all the scripts have to run under there own names. All the users that may use scripts, have a virtual host. I tried with suexec. It works perfect, no problem. But at the tot of every php script, you have to add #!/usr/bin/php, witch gives a lot of trouble to users, by example when scripts are run by webserver from outside and the same script is also included (that the line should not exist). I couldn't find with the suexec configuration how to "solve" this. Anybody has an idea. Next thing i tried was the cgiwrapper. With a patch you can make 2, a cgiwrap and a php-cgiwrap, and then the first line isn't nesesarry anymore. Problem now, He looks after directory names, so all virtualhosts doesn't work, because he can't find the right user. The question now. What is the best and most secure way to solve this? Greetings, Casper Gondelach
Re: That antivirus spam...
*cough* Excuse me, my antivirus software went mental. I'm always doing things like this right after joining lists... Sorry, folks... Cheers, James -- James McDonald <[EMAIL PROTECTED]> > -Original Message- > From: MMEX_SA_ASP > Sent: 24 February 2002 08:44 > To: z-deb-isp > Subject: MailMonitor for Exchange delivery from quarantine > > MailMonitor for Exchange 2000 has found a virus or encrypted content in > the email. > Your mail administrator has removed the affected attachment(s) or part(s) > of the email before sending it to you. > For more details, contact your mail administrator. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Antigen found =*.eml file
Antigen for Exchange found Re%3A webhosting.EML matching =*.eml file filter. The file is currently Removed. The message, "MailMonitor for Exchange delivery from quarantine", was sent from [EMAIL PROTECTED] and was discovered in IMC Queues\Inbound located at The MASIE Center/LEARNING/KNOWLES. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
MailMonitor for Exchange delivery from quarantine
MailMonitor for Exchange 2000 has found a virus or encrypted content in the email. Your mail administrator has removed the affected attachment(s) or part(s) of the email before sending it to you. For more details, contact your mail administrator. --- Begin Message --- Um...this here is the ISP listaint there a users lista around somewhere? real easy... By default, debian's apache comes with ~username directories enabled you can start there www.yourserver.com/~dude1/ should bring up /home/dude1/public_html/index.htmlthats there for free...in default About giving hosting as per domainname, the easy way to do this is to go and dl webmin from webmin.com, install it and go to the apache moduleits pretty much self explanatory after that... Okay...go to the bottom and put the name of the host (dude1.yourserver.com) and your own ip address (you want name based virtual hosting since its easyer). In that servers document root, there should be the web directory that will be accesed by said dude1/home/dude1/public_html php is enabled by simply apt-get install php4 and uncommenting the corresponding AddModule directive in /etc/apache/httpd.conf perl is somehow the same but its a little bit different and i wont get myself into it now (STFW?, RTFM?) ftp is installed by doing apt-get install proftpd and presto, each user has an ftp account by default...you just tell them tu upload to public_html dir. Mail is much different with virtual hosts and i wont go into that (see above) >Thank you for any message. Im surprised you got one but heyim in the mood Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- End Message ---
