Re: LDAP postfix
On Wed, 11 Aug 2004 20:18:02 EDT, Fraser Campbell writes: Does anyone know of a step-by-step howto of setting up LDAP for use with postfix? http://www.postfix.org/LDAP_README.html ? http://www.google.com/search?q=postfix+ldap+howto ? I have users in LDAP and now I want to define aliases virtual domains within LDAP. I'd be happy to write the howto once I get the basics down ... What MDA are you using? I've just set up postfix/OpenLDAP/courier for a customer. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpXNuzk4hzK1.pgp Description: PGP signature
Re: LDAP postfix
On Thu, 12 Aug 2004 07:57:17 EDT, Fraser Campbell writes: What MDA are you using? I've just set up postfix/OpenLDAP/courier for a customer. Exactly what I would like to use. My problem is mainly with LDAP, I've set up postfix many times using mysql for account storage and using virtual users. This time around I want to store accounts in LDAP and use real accounts (as opposed to the postfix virtual delivery agent). Any chance you could show me the LDAP setup along with a dump (LDIF) of how a few accounts are set up? Sure. main.cf: alias_maps = hash:/etc/aliases ldap:ldapsource ... virtual_mailbox_base = / virtual_mailbox_maps = ldap:ldapsource virtual_uid_maps = static:8 virtual_gid_maps = static:8 virtual_minimum_uid = 8 virtual_mailbox_size = 1000 ... ldapsource_server_host = localhost ldapsource_search_base = ou=virtualusers,dc=XXX,dc=at ldapsource_query_filter = ((mail=%s)(objectClass=CourierMailAccount)) ldapsource_result_attribute = homeDirectory ldapsource_result_filter = %s/Maildir/ ldapsource_scope = sub ldapsource_bind = yes ldapsource_bind_dn = cn=postfix,ou=daemons,dc=XXX,dc=at ldapsource_bind_pw = xxx # ldapsource_debuglevel = 99 courier is pretty straightforward, I only had grief with shared IMAP folders. If you need that config, too, I'll need to find half an hour to dig out the necessary bits. In LDAP I have objects for both courier and postfix, like dn: cn=courier,ou=daemons,dc=XXX,dc=at objectClass: top objectClass: applicationProcess objectClass: simpleSecurityObject cn: courier userPassword:: XXX creatorsName: cn=admin createTimestamp: 20040708123655Z modifiersName: cn=admin modifyTimestamp: 20040708123655Z And dn: ou=virtualusers,dc=XXX,dc=at objectClass: organizationalUnit ou: virtualusers creatorsName: cn=admin createTimestamp: 20040708123730Z modifiersName: cn=admin modifyTimestamp: 20040708123730Z And users like dn: cn=waldner,ou=virtualusers,dc=XXX,dc=at creatorsName: cn=admin createTimestamp: 20040708124820Z userPassword:: XXX objectClass: top objectClass: CourierMailAccount mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] uidNumber: 8 gidNumber: 8 homeDirectory: /var/mail/waldner/ clearPassword: XXX modifiersName: cn=admin modifyTimestamp: 20040723110831Z I've extended an ldap-scheme I found somewhere[0] a bit, because I needed other, and more, stuff (like vacation info, but I'll not include that here). OpenLDAP itself didn't need more tweaking than is obvious in the config-files. 0: google for ISPEnv2.schema cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpNWEAQr7lu4.pgp Description: PGP signature
Re: IIS worms and apache
On Tue, 10 Aug 2004 20:50:13 +1000, Russell Coker writes: Maybe the thing to do would be to write a server that establishes the HTTP protocol and then sets the TCP window size to zero (to tar-pit connections). Such a server program could listen on every IP address that's not used for a real web server and tie up resources on the zombie machines without wasting space in log files. Why limit yourself to HTTP? http://packages.debian.org/testing/net/labrea .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. a sticky honeypot and IDS LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets stuck, sometimes for a very long time. -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpALl6m2kTkA.pgp Description: PGP signature
Re: Cloning disks with dd and netcat
On Tue, 27 Jul 2004 13:13:22 +0200, Volker Tanger writes: What happens if you do the partitioning manually and image the partitions (/dev/hda1, /dev/hda2, ...) one-by-one instead of the complete disc? Well, doing the partitioning manually, you could RSYNC the server instead of DD+NETCATing, which probably is faster and fails more gracefully. But would mean mucking around with the bootloader, which usually is the point for doing _complete_ disc-images. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpmWLH05wE9Q.pgp Description: PGP signature
Re: Cloning disks with dd and netcat
On Tue, 27 Jul 2004 14:05:14 +0200, Volker Tanger writes: True - but DDing a 200GB system disc disc takes quite some time, while manually handling partition+mkfs+lilo plus RSYNCing 1.2GB usually is LOTS faster... Upgrading to servers with newer/bigger discs is also less painful than with imaging. But for mostly uniform hardware or testlabs (with frequent system bashing) it's the leisure-factor that is heavily in favour of DD images, I confess... ;-) That's why I often do dump/restore followed by dd'ing the first couple bytes ;) cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgp9BrqwQxo0N.pgp Description: PGP signature
Re: Christian Hammers ch@lathspell.de
On Tue, 20 Jul 2004 22:06:01 +1000, Russell Coker writes: (host mail3av.westend.com[212.117.79.67] said: 450 [EMAIL PROTECTED]: Recipient address rejected: Greylisted for 300 seconds... (in reply to RCPT TO command)) [EMAIL PROTECTED] Christian's mail server is broken. Why would you conclude that? It doesn't want your mail _at this moment_ and tells you correctly that this is a temporary condition so you (or your MTA) know that trying again later would be perfectly OK. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpqDsI8vtVFN.pgp Description: PGP signature
Re: Eth*'s and they corresponding hardwares
On Tue, 04 May 2004 04:49:39 -0300, UnKnown writes: But I was wondering if there is a way to bind a sertein ethernet hardware to an specific eth device. I just compile the drivers as modules and load them in the desired order. If you do it otherwise, you're always at the mercy of the BIOS anyway. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgp0.pgp Description: PGP signature
Re: Eth*'s and they corresponding hardwares
On Tue, 04 May 2004 04:49:39 -0300, UnKnown writes: But I was wondering if there is a way to bind a sertein ethernet hardware to an specific eth device. I just compile the drivers as modules and load them in the desired order. If you do it otherwise, you're always at the mercy of the BIOS anyway. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpHlnLW4iIzd.pgp Description: PGP signature
Re: Considering Debian (currently using Red Hat)
On Wed, 14 Jan 2004 09:56:35 EST, Fred Whipple writes: I'll answer just the points I have opinions/knowledge on. 2.) A related reason we used Red Hat was that practically anything you could want to use was pre-packaged in a simple to install RPM. And they were typically pretty high quality RPM's, and very often well maintained. Do admins typically find that they're able to find Debian packages for most software they're typically interested in using? I realise this varries greatly between markets, but I guess what I'm asking is do you usually find 70% of the packages you're interested in in Debian package format, and well maintained? 80%? Just a general idea. Debian uses the .deb package format. I'd guess that well over 90 % of the software we need can be found pre-packaged (and well-maintained) as .deb's. 3.) I read quite a bit of the Web site, and see that in general, releases seem to be very far and few between. This is advantageous to ISP's, of course, because we want things to just work. Is my perception correct in that releases are far apart? Stable releases are quite far apart, yes. When is the next release expected? How significant is the difference from, say, 3.0 and 3.1. Can you just install a bunch of packages and call it an upgrade, or do you have to go through a whole ordeal as you do between Red Hat .X versions? Upgrading to a new release is just an `apt-get dist-upgrade` away. I've personally upgraded a box through every release from 1.mumble to 3.0 . 4.) How long are previous versions maintainaned with patches and such? Or to restate this, how long after a new version is released are you FORCED to upgrade in order to maintain security? A couple months at least, usually about half a year. How drastic are the changes in between minor version increments (say, 3.0 to 3.1)? For example, Red Hat has tended to make significant kernel upgrades and glibc upgrades in minor version changes, and has caused significant incompatibilities that have caught us by surprise. Debian focuses on security and stability in the stable branch, so there never should be any problems with that as long as you track stable (the testing and unstable releases are another matter, just as their names suggest). The trade-off, of course, is that new software (resp. new versions of software) takes its time to make it into the stable branch. 6.) And finally, if you care to toss in any ideas or info, I'm very glad and excited to hear it. For instance, if you were going to switch all your systems within the next year, would you choose something else? A BSD port? Go back to Solaris? Novell? SCO? Just kidding. IMHO Debians main advantage is the packaging. You can track security-updates of _all_ installed packages with a simple `apt-get upgrade`, and there should never be any surprising side-effect to it. Re-installs of the system for upgrading purposes are unknown for Debian (unless you're upgrading _to_ Debian ;) ). Another advantage is that there's no integrated admin-tool which will destroy your precious hand-crafted config files, no yast or suseconfig or somesuch. The downside to that is that you have to know how to use an editor, of course, and there's mostly no setup wizards to guide you. Packages do, of course, come with mostly sensible (and secure) default configs, though. Should an upgrade have the necessity to change a config-file, it'll ask you if you want it to (it can also show you a diff first) or not. Plus. according to policy, there's at least a man-page for everything in *bin and /etc, and some documentation for _eachevery_ installed package in /usr/share/doc/package. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgp0.pgp Description: PGP signature
Re: Considering Debian (currently using Red Hat)
On Wed, 14 Jan 2004 09:56:35 EST, Fred Whipple writes: I'll answer just the points I have opinions/knowledge on. 2.) A related reason we used Red Hat was that practically anything you could want to use was pre-packaged in a simple to install RPM. And they were typically pretty high quality RPM's, and very often well maintained. Do admins typically find that they're able to find Debian packages for most software they're typically interested in using? I realise this varries greatly between markets, but I guess what I'm asking is do you usually find 70% of the packages you're interested in in Debian package format, and well maintained? 80%? Just a general idea. Debian uses the .deb package format. I'd guess that well over 90 % of the software we need can be found pre-packaged (and well-maintained) as .deb's. 3.) I read quite a bit of the Web site, and see that in general, releases seem to be very far and few between. This is advantageous to ISP's, of course, because we want things to just work. Is my perception correct in that releases are far apart? Stable releases are quite far apart, yes. When is the next release expected? How significant is the difference from, say, 3.0 and 3.1. Can you just install a bunch of packages and call it an upgrade, or do you have to go through a whole ordeal as you do between Red Hat .X versions? Upgrading to a new release is just an `apt-get dist-upgrade` away. I've personally upgraded a box through every release from 1.mumble to 3.0 . 4.) How long are previous versions maintainaned with patches and such? Or to restate this, how long after a new version is released are you FORCED to upgrade in order to maintain security? A couple months at least, usually about half a year. How drastic are the changes in between minor version increments (say, 3.0 to 3.1)? For example, Red Hat has tended to make significant kernel upgrades and glibc upgrades in minor version changes, and has caused significant incompatibilities that have caught us by surprise. Debian focuses on security and stability in the stable branch, so there never should be any problems with that as long as you track stable (the testing and unstable releases are another matter, just as their names suggest). The trade-off, of course, is that new software (resp. new versions of software) takes its time to make it into the stable branch. 6.) And finally, if you care to toss in any ideas or info, I'm very glad and excited to hear it. For instance, if you were going to switch all your systems within the next year, would you choose something else? A BSD port? Go back to Solaris? Novell? SCO? Just kidding. IMHO Debians main advantage is the packaging. You can track security-updates of _all_ installed packages with a simple `apt-get upgrade`, and there should never be any surprising side-effect to it. Re-installs of the system for upgrading purposes are unknown for Debian (unless you're upgrading _to_ Debian ;) ). Another advantage is that there's no integrated admin-tool which will destroy your precious hand-crafted config files, no yast or suseconfig or somesuch. The downside to that is that you have to know how to use an editor, of course, and there's mostly no setup wizards to guide you. Packages do, of course, come with mostly sensible (and secure) default configs, though. Should an upgrade have the necessity to change a config-file, it'll ask you if you want it to (it can also show you a diff first) or not. Plus. according to policy, there's at least a man-page for everything in *bin and /etc, and some documentation for _eachevery_ installed package in /usr/share/doc/package. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpQSWq23fGDV.pgp Description: PGP signature
Re: using spamassassin in an isp environment ?
On Wed, 09 Apr 2003 11:42:48 +0200, =?iso-8859-1?q?Tom=E0s=20N=FA=F1ez=20Lirola I've thought several times about using DNSRBLs, but I don't know nothing ab= out=20 them... Do you recommend them to me? Are they difficult to add to my=20 sendmail? Any doc where I can get more info about them? http://www.google.com/search?q=sendmail.mc+dnsbl+blackholes.mail-abuse.org cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
cyrus/pam_userdb, how to let users change their own passwords
Hi! I use cyrus together with pam_userdb.so (to not have every mail-user also have a local system account). Now I need to let my mail-users change their own passwords, preferrably via a web-interface. Before I hack together a perl script that does the checking and furtheron recreates the .db-file for pam_userdb, is there already something Out There which does this? google and freshmeat only turned up stuff for changing system passwords (or doing everything in mysql/ postgresql, which I really can't do on the system in question). TIA for any hints. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
pam_userdb and version of .db-file
(I'm not really sure this belongs here, but it seems at least as fitting as -user, where I didn't get an answer. If this is the wrong place, just tell me to shut the f**k up ;) - although in that case I'd appreciate pointers on where to best ask this) Hi! One of the latest updates to my i386/stable-box gave me severe headaches wrt the subject. I run cyrus for providing a small handful of users with POP3/ IMAP4-access, and since I do not want all of them to have shells on my box, I authenticate them via pam_userdb and a separate password-file. Until recently this just worked. I'd create the .db-file with sendmails makemap from a keywhitespacevalue\n-style source. Now makemap produces Version 8 (libdb3?) files, which pam_userdb cannot read. After much debugging I've now resorted to creating a Version 5 .db-file with db_load (from libdb2-util). This seems like an ugly kludge (it's far from intuitive, and db_load wants paired lines of input which means I have to rewrite all my little helper-scripts). Is there a standard or preferred way of doing this? Maybe one which has some probability of surviving the next libdb-/sendmail-upgrade? TIA+cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: Kuvert Application Problem
(I think this really belongs on -user, so CC, full-quote, and reply-to) On Mon, 05 Aug 2002 18:12:57 CDT, Daniel J. Rychlik writes: I have recently installed the kuvert application from debian. I'm running Debian testing on a 2.4 kernel. When I run the kuvert application from command line, I get this error - Sh: /tmp/kuvert.0.26244/subprocess: No such file or directory Cant clean /tmp/kuvert.0.26244: cant opedir/tmpkuver.0.26244: No such file or directory. Any Ideas? I guess the permissions on your /tmp-directory are off, should be something like drwxrwxrwt8 root root 2048 Aug 6 11:17 tmp Also, which version of kuvert are you using? cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
Re: MLM solution?
On Tue, 09 Jul 2002 12:52:14 +0200, Thomas -Balu- Walter writes: Mailinglistmanager that supports - virtual hosts (and different setups for each) - translation / customization of all automatic generated messages - Newsletter-style setups - automatic handling of bounces - administrative web-pages (for the customers) - .deb :) ... What about ecartis(listar) or mailman? Do they meet the requirements? Yes, ecartis meets those. You probably don't want to use the .deb, though (but it's a straightforward install even without). Oh, and before anyone else brings it up: yes, the 8bit-q/p - flaws are finally fixed ;) . cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MLM solution?
On Tue, 09 Jul 2002 14:31:07 +0200, Thomas -Balu- Walter writes: I've tried ecartis a while ago (half a year?) and one thing I did not like were those messages (not translateable - one of the biggest feature-requests at that time :)) a user had to reply to be subscribed. Is that possible by now? I think you can do that on a per-list basis with texts in the $list/ texts - directory, but as I don't use that particular feature.. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MLM solution?
On Tue, 09 Jul 2002 12:52:14 +0200, Thomas -Balu- Walter writes: Mailinglistmanager that supports - virtual hosts (and different setups for each) - translation / customization of all automatic generated messages - Newsletter-style setups - automatic handling of bounces - administrative web-pages (for the customers) - .deb :) ... What about ecartis(listar) or mailman? Do they meet the requirements? Yes, ecartis meets those. You probably don't want to use the .deb, though (but it's a straightforward install even without). Oh, and before anyone else brings it up: yes, the 8bit-q/p - flaws are finally fixed ;) . cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MLM solution?
On Tue, 09 Jul 2002 14:31:07 +0200, Thomas -Balu- Walter writes: I've tried ecartis a while ago (half a year?) and one thing I did not like were those messages (not translateable - one of the biggest feature-requests at that time :)) a user had to reply to be subscribed. Is that possible by now? I think you can do that on a per-list basis with texts in the $list/ texts - directory, but as I don't use that particular feature.. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RCS control for config files
On 01 Jul 2002 16:41:25 CDT, Alex Borges writes: Ive finnaly come to a point where i think im needing revision control for my configuration files on some servers So i thought id come in and ask you guys if there is some vertical stuff explicitly for this purpose or if you yourselves simply cvs ci your /etc directory et all.. Or any tips would be appreciated (like i use emacs and rcs...works for me) :) waldner@beren-~ $ cat `which rcsvi` #!/bin/sh /usr/bin/co -l $1 /usr/bin/vi $1 ; /usr/bin/ci -u $1 exit cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RCS control for config files
On 01 Jul 2002 16:41:25 CDT, Alex Borges writes: Ive finnaly come to a point where i think im needing revision control for my configuration files on some servers So i thought id come in and ask you guys if there is some vertical stuff explicitly for this purpose or if you yourselves simply cvs ci your /etc directory et all.. Or any tips would be appreciated (like i use emacs and rcs...works for me) :) [EMAIL PROTECTED]~ $ cat `which rcsvi` #!/bin/sh /usr/bin/co -l $1 /usr/bin/vi $1 ; /usr/bin/ci -u $1 exit cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Cyrus IMAP
On Fri, 28 Jun 2002 09:40:02 CDT, Gregory Wood writes: I am trying to configure IMAP for a customer. I used dselect and got the= 'required' Cyrus IMAP server. The first thing that struck me as strange is= that it didn't generate any config files. So, I went to the Cyrus home= page and got the install instructions and started working through that.= One line says, 'tools/mkimap'. Only there is not tools directory and no= mkimap script anywhere on my system. Where have I gone wrong? 1st: You've sent your mail in both text and HTML. DO NOT send HTML-mail, PLEASE. http://expita.com/nomime.html 2nd: Have a look at /etc/imapd.conf 3rd: Configure cyrus (cyrdeliver) as delivery agent (MDA) in your MTAs config. 4th: Setup some IMAP-mailboxes (`cyradm localhost`, make sure the cyradm-user exists in whatever way you configured via imapd.conf), create the cyrus-mailboxes per `cm user.$mailboxname` in cyradm. 5th: Have fun! cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: webmail
On Sun, 16 Jun 2002 23:09:44 +0200, Russell Coker writes: What's a good webmail system to use? squirrelmail has proved the least painful (they _all_ are) for me. There are several in Debian, I've had experience with IMP, but that experience has been mostly painful. Upgrading it is always difficult, and the packages insist on Postgresql even though it's not needed at all unless you have a cluster. How do the other webmail systems compare? I've had acmemail running for some time, but it's bugginess and _slw_ness closely resemble certain MS-prdoucts. All the others I've had a look at required something I'm not willing to install on my servers, so it got to be one that's either perl, C, or PHP, and actually _works_. squirrelmail was the only one I could find which matched those requirements, but YMMV, of course. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgprIB1Qxnoi8.pgp Description: PGP signature
Re: DNS weirdness
On Thu, 18 Apr 2002 14:13:57 +0200, Russell Coker writes: I've attached a brief tcpdump snippet showing an unusually large DNS delay. And there are way more packets involved than should be necessary. Could you post (or just send me) a full dump (in binary format), snaplen 1500? cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg06138/pgp0.pgp Description: PGP signature
Re: web-based/gui firewall administration
On Mon, 15 Apr 2002 14:12:03 PDT, Jeremy C. Reed writes: I have a customer that wants a easy-to-use interface for configuring a firewall. Basically, the firewall will do IP forwarding, maybe IP masquerading, and packet filtering. I already know how to do it manually. But we are looking for configuring the address translation and selecting what ports to allow, etc. Have a look at fwbuilder, .deb's are in testing and unstable. Basically, it (kind of) emulates a Checkpoint GUI. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg06124/pgp0.pgp Description: PGP signature
Re: tool(s) to analyze contents of tcp-sessions
On Mon, 04 Mar 2002 17:53:12 +0100, Olivier Macchioni writes: I'm looking for a tool with which I could analyze the contents (payload) of captured tcp-sessions. tcpflow Ah, yes. That one comes _very_ close to what I need. Thanks. BTW, ethereal I already know, but it's not too useful when only the payload of packets are of interest and you have to analyze ~ 20 MB of data out of ~ 30 different, mostly simultaneous, connections. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05638/pgp0.pgp Description: PGP signature
Re: Best mail setup?
On Thu, 28 Feb 2002 19:41:16 EST, D. Clarke writes: I was wondering what your recommendations would be for 50 (and growing) virtual hosts. We want something that doesn't require a seperate system user for each virt-user account, and something that's relatively easy to configure. Your preferred MTA (sendmail, postfix, whatever) and cyrus as MDA+IMAP4/ POP3-server. No need for shell-accounts et al and runs stable whereever I've used it. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05588/pgp0.pgp Description: PGP signature
Re: Traffic monitoring/logging question
On 01 Mar 2002 14:22:43 +1100, Kevin Littlejohn writes: Be aware that on-the-wire counting will give you traffic counts inclusive of packet overhead, whereas counting in squid will give you only the size of the content in question. Don't do math on these things, as one rather large provider used to do ;) Why go to trouble with accounting in squid? Just account on the insode interfaces, compare with the totals of outside and you're set. ipac-ng can do this, only the png-generation is severely broken at the moment (I'm debugging it right now). Be aware of media-specific packet wrapping sizes, and be aware of the difference between the size of the content, and the size of the content + IP headers. Just account on the same layer everywhere and you can split the bill from the ISP in the proper %s. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05589/pgp0.pgp Description: PGP signature
Re: Best mail setup?
On Thu, 28 Feb 2002 19:41:16 EST, D. Clarke writes: I was wondering what your recommendations would be for 50 (and growing) virtual hosts. We want something that doesn't require a seperate system user for each virt-user account, and something that's relatively easy to configure. Your preferred MTA (sendmail, postfix, whatever) and cyrus as MDA+IMAP4/ POP3-server. No need for shell-accounts et al and runs stable whereever I've used it. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpAzCnVreHzI.pgp Description: PGP signature
Re: Traffic monitoring/logging question
On 01 Mar 2002 14:22:43 +1100, Kevin Littlejohn writes: Be aware that on-the-wire counting will give you traffic counts inclusive of packet overhead, whereas counting in squid will give you only the size of the content in question. Don't do math on these things, as one rather large provider used to do ;) Why go to trouble with accounting in squid? Just account on the insode interfaces, compare with the totals of outside and you're set. ipac-ng can do this, only the png-generation is severely broken at the moment (I'm debugging it right now). Be aware of media-specific packet wrapping sizes, and be aware of the difference between the size of the content, and the size of the content + IP headers. Just account on the same layer everywhere and you can split the bill from the ISP in the proper %s. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgphoJBZrUaNf.pgp Description: PGP signature
Re: webmail for debian
On Fri, 08 Feb 2002 14:52:29 +0100, [EMAIL PROTECTED] writes: does anybody know some webmail system for debian? squirrelmail (from unstable, but getting it to work on a stable box is a one-line - fix) works pretty well here. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05303/pgp0.pgp Description: PGP signature
Re: webmail for debian
On Fri, 08 Feb 2002 10:52:47 -0400, [EMAIL PROTECTED] writes: Any hint about the fix for squirrel? dpkg -i squirrelmail-package vi /var/lib/dpkg/status change the dependency from perl-base to perl or perl-5.005 (or the other way around, can't remember) apt-get install squirrelmail cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05305/pgp0.pgp Description: PGP signature
Re: webmail for debian
On Fri, 08 Feb 2002 14:52:29 +0100, [EMAIL PROTECTED] writes: does anybody know some webmail system for debian? squirrelmail (from unstable, but getting it to work on a stable box is a one-line - fix) works pretty well here. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpOb6wH1bLPc.pgp Description: PGP signature
Re: webmail for debian
On Fri, 08 Feb 2002 10:52:47 -0400, [EMAIL PROTECTED] writes: Any hint about the fix for squirrel? dpkg -i squirrelmail-package vi /var/lib/dpkg/status change the dependency from perl-base to perl or perl-5.005 (or the other way around, can't remember) apt-get install squirrelmail cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpnKI9brVRGH.pgp Description: PGP signature
Re: woody's sendmail on potato
On Mon, 04 Feb 2002 15:00:45 +0100, Davi Leal writes: Not sure but it's safe to use Postfix, so why not use that? Let's not get into religious arguments, since that's not the question asked. He's got a running sendmail config; upgrading to a new version is less work than converting to a different mail system. Yes, this is the point. However, I failed at this conversion, so I'm now running the stable sendmail on a testing/unstable box... cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05218/pgp0.pgp Description: PGP signature
Re: woody's sendmail on potato
On Mon, 04 Feb 2002 15:00:45 +0100, Davi Leal writes: Not sure but it's safe to use Postfix, so why not use that? Let's not get into religious arguments, since that's not the question asked. He's got a running sendmail config; upgrading to a new version is less work than converting to a different mail system. Yes, this is the point. However, I failed at this conversion, so I'm now running the stable sendmail on a testing/unstable box... cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpq9QBx7uuJa.pgp Description: PGP signature
Re: PPOP3 Webmail
On Sun, 20 Jan 2002 12:08:46 EST, [EMAIL PROTECTED] writes: I agree! I have squirrelmail (which is still broken in Debian), ... What exactly is broken in squirrelmail? Works just fine here: ii cyrus-admin1.5.19-2 Cyrus mail system (administration tool) ii cyrus-common 1.5.19-2 Cyrus mail system (common files) ii cyrus-imapd1.5.19-2 Cyrus mail system (IMAP support) ii cyrus-pop3d1.5.19-2 Cyrus mail system (POP3 support) ii squirrelmail 1.2.2-1Webmail for nuts ii php4 4.0.3pl1-0pota A server-side, HTML-embedded scripting langu cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg04947/pgp0.pgp Description: PGP signature
Re: BGP / Zebra
On Fri, 11 Jan 2002 10:39:01 +0100, =?iso-8859-1?Q?Anders_Gj=E6re?= writes: I have a router running BGP / Zebra, and it seems like the maximum throughput is 25Mbit/s BGP and Zebra using 100% cpu together, and alternating on witch using most. The machine is a pII 233 with 196mb ram. What hardware/config-changes do i need to be able to route 100Mbit/s? Uhm, someone correct me if I'm wrong, but shouldn't Zebra just update the kernel's routing-table and let it then handle the actual packet-juggling? If that is so, your problem probably lies elsewhere... cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg04806/pgp0.pgp Description: PGP signature
Re: BGP / Zebra
On Fri, 11 Jan 2002 10:39:01 +0100, =?iso-8859-1?Q?Anders_Gj=E6re?= writes: I have a router running BGP / Zebra, and it seems like the maximum throughput is 25Mbit/s BGP and Zebra using 100% cpu together, and alternating on witch using most. The machine is a pII 233 with 196mb ram. What hardware/config-changes do i need to be able to route 100Mbit/s? Uhm, someone correct me if I'm wrong, but shouldn't Zebra just update the kernel's routing-table and let it then handle the actual packet-juggling? If that is so, your problem probably lies elsewhere... cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgperlqvhfkmH.pgp Description: PGP signature
Re: naver-mailer
On Mon, 31 Dec 2001 20:53:03 +0100, Russell Coker writes: On Mon, 31 Dec 2001 15:28, Russell Coker wrote: Every time I post here I get a response that looks like a bounce in a strange language from naver-mailer. Here's the headers: Here's my solution to the naver-mailer problem: ipchains -A input -j DENY -s 211.218.150.15 They are persistant bastards and have multiple machines in that netblock. So I've changed it to the following: ipchains -A input -j DENY -s 211.218.150.0/24 So they will deliver their annoying bounces via the backup-MXs... This is something wich IMHO should be addressed at MTA-level, not IP. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg04665/pgp0.pgp Description: PGP signature
Re: naver-mailer
On Mon, 31 Dec 2001 20:53:03 +0100, Russell Coker writes: On Mon, 31 Dec 2001 15:28, Russell Coker wrote: Every time I post here I get a response that looks like a bounce in a strange language from naver-mailer. Here's the headers: Here's my solution to the naver-mailer problem: ipchains -A input -j DENY -s 211.218.150.15 They are persistant bastards and have multiple machines in that netblock. So I've changed it to the following: ipchains -A input -j DENY -s 211.218.150.0/24 So they will deliver their annoying bounces via the backup-MXs... This is something wich IMHO should be addressed at MTA-level, not IP. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpwknyfIY3uC.pgp Description: PGP signature
Re: Mailinglist software recommendations?
On Sat, 08 Dec 2001 20:57:17 +1100, Jeremy Lunn writes: On Fri, Dec 07, 2001 at 03:41:11PM +0100, Marcel Hicking wrote: ... b) Some admin web interface for the guys going to use and feed the lists. Need to be able to add lists, Ecartis has this packaged in listar-cgi. c) A web interface to (un)subscribe to lists (which I could probably do myself ;-) Not the ability to add/remove lists, though. But that's the only thing missing from your list, AFAICT. I wouldn't want that anyway as it would imply to mangle with the MTA (aliases!), and I'd rather do that myself, thankyouverymuch. I think you can do this with listar-cgi but if not then as you say it's not much effort to add this functionality. You can do - (un/)subscribe - manage user(s)list config(s) ... listar/ecartis not only work great, but the main developer is also very responsive when it comes to bugs and/or new features. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpCmYPZyGTUY.pgp Description: PGP signature
Re: HTTP put
On Thu, 06 Dec 2001 14:29:24 +0100, Markus Garscha writes: I'm interested in the technology behind this. how does it work? do these providers use redirectors - but how to configure when every dialup user gets a dyn. ip??? On Thu, 06 Dec 2001 15:26:27 +0100, Frank Thesen (serve-it) writes: I can't tell the technique, but I can tell you examples: I you go to www.freenet.de or to www.arcor.de to get them as acess providers. If you tell me, what I should do, to figure out the technique, I will do it. Every one of the big access-concentrators can do that. Technically it's a simple filter that is put out of service as soon as it's hit the first time. Redback, Cisco, ... they're all able to do that since, oh, ages.. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg04374/pgp0.pgp Description: PGP signature
Re: HTTP put
On Thu, 06 Dec 2001 14:29:24 +0100, Markus Garscha writes: I'm interested in the technology behind this. how does it work? do these providers use redirectors - but how to configure when every dialup user gets a dyn. ip??? On Thu, 06 Dec 2001 15:26:27 +0100, Frank Thesen (serve-it) writes: I can't tell the technique, but I can tell you examples: I you go to www.freenet.de or to www.arcor.de to get them as acess providers. If you tell me, what I should do, to figure out the technique, I will do it. Every one of the big access-concentrators can do that. Technically it's a simple filter that is put out of service as soon as it's hit the first time. Redback, Cisco, ... they're all able to do that since, oh, ages.. cheers, rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ [EMAIL PROTECTED] | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgp2pAcoNZaIS.pgp Description: PGP signature
Re: Remote IP for inetd daemon
On Wed, 19 Sep 2001 15:06:24 +0200, Marcel Hicking writes:
The problem is the redirect.
When redirecting, the prog doesn't
get peername anymore.
Ah, thanks!
So now I simply send the IP to stderr and everything´s fine:
if (getpeername((int) 1,
(struct sockaddr *) name, (socklen_t *) namelen) == 0) {
if ((temp_domain = (char *) inet_ntoa(name.sin_addr)))
fprintf (stderr,%s, temp_domain);
test.sh:
#!/bin/bash
/usr/local/bin/getpeername 2/tmp/peer.ip
exit
It isn´t too useful to have the information but being unable to use it
;-)
cheers,
rw
--
/ Ing. Robert Waldner | [EMAIL PROTECTED] \
\ Xsoft GmbH | T: +43 1 796 36 36 692 /
PGP signature
Re: current cpu usage
On Thu, 06 Sep 2001 09:00:37 EDT, Peter Billson writes: sorry, I should have been more specific, I need to get the output in a forma t a script could use. I have tried the uptime command however I'm a bit lost at what the numbers displayed represent ( how to turn these into a percentage). (If indeed this is a good way to do this) /usr/bin/top -bin 1 cat /proc/meminfo cat /proc/loadavg hth+cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: current cpu usage
On Thu, 06 Sep 2001 09:34:05 EDT, Peter Billson writes: cat /proc/meminfo cat /proc/loadavg The meminfo would help him but he posted that he didn't understand load average and, anyway, needs percent of CPU used. You can not calculate CPU usage from load average. Not to mention the deep dark magic by which loadavg is generated. I still don´t understand that completely ;-) And yep, that should´ve read cat /proc/stat instead. (And no, I don´t know what the values in the first line exactly mean, but as soon as I set up mrtg again, I´m gonna read up on the kernel-sources) You could use /proc to get CPU usage but it would be rather involved to do and why bother when the nice man who wrote top has already done it for you. :-) ´cause it´s *fun* ;-) cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: SOS Bind
On Tue, 04 Sep 2001 13:12:45 +0200, Craig writes: I have a debian box running Bind, acting as a primary DNS server. I have update the serial numbers on the zone files but nothing is propagating out. Its been about 72 hours now and still has the old IP of the server. Bind version 8.2.3 Any help would be great appreciated :) First of all: have you reloaded the zone (`ndc reload $zonemame`)? What do the logs tell? cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: Confused
Open my firewall for 113 Auth ... has worked, now i need someone or some docs to explain what/how and why :) Simply put something along the lines of auth stream tcp nowait nobody /bin/dd dd if=/dev/urandom bs=32 count=1 in inetd.conf, this will not break anything, leave programs that depend on some auth-answer happy, and doesn´t open any security-holes (that I´m aware of, someone correct me if I´m wrong). You could also use that for ident et al (although for ident I use fake_identd). cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: Confused
On Thu, 16 Aug 2001 10:58:37 +0200, Michael Wood writes: Simply put something along the lines of auth stream tcp nowait nobody /bin/dd dd if=/dev/urandom bs=32 count=1 in inetd.conf, this will not break anything, leave programs that depend on some auth-answer happy, and doesn?t open any security-holes (that I?m aware of, someone correct me if I?m wrong). hmmm... well, it might break insecure programs connecting to your ident server. Also, you're wasting the entropy in your random number generator. Why not just cat blah or something instead? sure, where I´m worried about the entropy I just generate a file, for example there´s waldner@ka:~$ ls -al /home/apache/default.ida -rw-rw-r-- 1 waldner waldner 10240119 Jul 19 19:34 /home/apache/default.ida Some friends of mine swear by cat´ing their kernel-sources, some by /dev/zero. But personally I think that /dev/urandom provides most fun ;-) , although the following is nice, too: ident stream tcp nowait nobody /usr/bin/nc nc www.microsoft.com 80 Imagine the confusion of the script-kiddies... (and yes, I know that with doing that an open proxy for www.microsoft.com is created, this is just an example, don´t use it like that) cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: q ad ftp- w/o system-accounts
On Tue, 31 Jul 2001 10:17:56 CDT, Haim Dimermanas writes: Hmm, I don´t want to cope with LDAP and/or MySQL just for a bunch of ftp-accounts (~ 30). Flat berkeley-db-files are much more appealing for such small numbers (they´re definitely not supposed to grow, not on this box, it´s just that I´m much more security-aware since it was hacked not long ago). I agree. 30 accounts is not much. Now to say that it's not enough for you to deploy a scalable (and very secure) solution that would solve your problem(s), I disagree. I wrote a doc explaining how to install MySQL step by step. If you keep your installation current and up-to-date, you should be ok when it comes to security. I tried, but MySQL is Just Too Much for that box (it´s a lowly 486 w/ 32 MB RAM and already running at load 0.8++ most of the time[0]). Anyway, I´ve now got it (mentioning it here for the sake the search-engines): proftpd.conf: AuthUserFile/etc/proftpd.users AuthGroupFile /etc/proftpd.groups RequireValidShell no PersistentPasswdoff Usernobody Group nogroup DefaultRoot ~ proftpd.users: waldner:crypt()-pw:1000:1000:Robert Waldner,,,:/home/waldner:/bin/false et voila. 0: mailhub for ~ 3k mails/day, webserver for ~ 400 hits/day, approx. 1200 dns-queries/day. Man, I *like* the hardware-requiremnts of sane OSs. cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: q ad ftp- w/o system-accounts
Robert Waldner wrote: (This is probably a PAM-question, too, but..) I just got cyrus to work w/o having system- (eg shell-) accounts, but now I need to get ftp to work also :/ proftpd uses PAM, which is good as there´s pam_userdb.so. This far I´m sufficiently clued. But I don´t get how I can tell it to set the userdir to, let´s say, /home/$luser/ftp based an the key out of the .db-file. On Mon, 30 Jul 2001 08:12:42 EDT, Haim Dimermanas writes: I strongly suggest you take a look at ProFTPd with the LDAP or MySQL modules. You can put all your users information in a directory or an SQL database (homedir, username, pass, etc) and have the FTP server look in there. Hmm, I don´t want to cope with LDAP and/or MySQL just for a bunch of ftp-accounts (~ 30). Flat berkeley-db-files are much more appealing for such small numbers (they´re definitely not supposed to grow, not on this box, it´s just that I´m much more security-aware since it was hacked not long ago). For more info on how to set it up, take a look at the doc I wrote: http://dudle.linuxroot.org/docs/proftpd/ Well-written and, seemingly, quite complete, even if I won´t try that on my box (see above) ;-) cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
q ad ftp- w/o system-accounts
Hi! (This is probably a PAM-question, too, but..) I just got cyrus to work w/o having system- (eg shell-) accounts, but now I need to get ftp to work also :/ proftpd uses PAM, which is good as there´s pam_userdb.so. This far I´m sufficiently clued. But I don´t get how I can tell it to set the userdir to, let´s say, /home/$luser/ftp based an the key out of the .db-file. Any hints? cheers+tia, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: Remote Execution of Scripts
On Tue, 24 Jul 2001 19:01:31 EDT, Gene Grimm writes: As I am a relative novice system administrator, perhaps someone more experienced can guide me to the proper way of securely invoking a script on a remote server. We have two facilities presently, with most of our equipment in our main office. I am attempting to automate account maintenance and would like to find information on the proper way to have one Perl script begin remote execution of scripts on another Linux server. I´d go for something like system(ssh someotherhost command); You can easily limit the commands the user under which your script on the first host runs with prepending the command in the authorizid_keys-file on the remote host. See the recent debian-user - archives for the exact syntax. cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: ATT public router
On Wed, 27 Jun 2001 02:14:41 EDT, Chris Wagner writes: A while back, ATT had a publicly accessible router for doing route lookups and stuff like that. It supposedly knew about the whole world. The special thing about this router was that you didn't need a user name or password to log on with. It just gave you the IOS prompt. I haven't been on this router for a long time and I can't remember the exact name of it. It was something like ip-router.att.net or route.world.att.net. Does anybody remember this thing and have the host name? Thanks. Why not simply use one of the dozen´s publicly available looking glasses instead? www.traceroute.org cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / PGP signature
Re: ATT public router
On Wed, 27 Jun 2001 02:14:41 EDT, Chris Wagner writes: A while back, ATT had a publicly accessible router for doing route lookups and stuff like that. It supposedly knew about the whole world. The special thing about this router was that you didn't need a user name or password to log on with. It just gave you the IOS prompt. I haven't been on this router for a long time and I can't remember the exact name of it. It was something like ip-router.att.net or route.world.att.net. Does anybody remember this thing and have the host name? Thanks. Why not simply use one of the dozen´s publicly available looking glasses instead? www.traceroute.org cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / pgpgd3tEf7a0v.pgp Description: PGP signature
Re: What Happened to ORBS?
(please don´t send html-mails, thankyouverymuch) On Tue, 05 Jun 2001 06:46:31 CDT, s u r f l o r i d a writes: Does anyone know what happened to http://www.orbs.org/ and the mail servers they had on their blacklist? Is someone taking it over? I have searched the news sites and have came up with nothing. see attached mail. cheers, rw ---BeginMessage--- On Fri, 01 Jun 2001 17:44:11 EDT, Noah L. Meyerhans writes: On Fri, Jun 01, 2001 at 11:21:37PM +0200, Robert Waldner wrote: On Fri, 01 Jun 2001 12:04:27 EDT, Noah L. Meyerhans writes: Does anybody know what happened to ORBS? http://www.orbs.org simply shows Due to circumstances beyond our control, the ORBS website is no longer available. There's no further explanation. Well, according to Alan Brown they were served with 2 NZ High court injunctions ordering the removal of several ORBS listings against sites inside New Zealand. I´d guess a connection there. I would think so as well, except for the fact that their database is still working. It seems that only their web server is down. It's odd. Yup. Alan, would you care to comment? cheers, rw -- -- I think you should defend to the death their right to -- march, and then go down and meet them with baseball bats. -- [Woody Allen ueber den Ku Klux Klan] pgpJUmhD1Ige0.pgp Description: PGP signature ---End Message--- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 /
Re: routing routable IPs over non-routable IPs
On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: We should probably clarify non-routable by saying non-publicly routable. Well, we could also say RFC1918, couldn´t we ;-? Routers have no concept of restricted ip ranges other than what is programed into them. As long as you are debugging from a place that knows about your private ip's, there shouldn't be a problem. At GE we cross privates to go from public to public all the time. Well, there are several issues, none of them really bad, but if you want a clean setup..: - DNS, you´ll have to set up split DNS for your RFC1918- and external IPs - in Real Life, you sometimes _will_ have to debug from the outside of your network - in Real Life, someone else _will_ debug from the outside (and quite probably complain about the RFC1918-IPs or simply be fed up) cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 /
Re: routing routable IPs over non-routable IPs
On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: We should probably clarify non-routable by saying non-publicly routable. Well, we could also say RFC1918, couldn´t we ;-? Routers have no concept of restricted ip ranges other than what is programed into them. As long as you are debugging from a place that knows about your private ip's, there shouldn't be a problem. At GE we cross privates to go from public to public all the time. Well, there are several issues, none of them really bad, but if you want a clean setup..: - DNS, you´ll have to set up split DNS for your RFC1918- and external IPs - in Real Life, you sometimes _will_ have to debug from the outside of your network - in Real Life, someone else _will_ debug from the outside (and quite probably complain about the RFC1918-IPs or simply be fed up) cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: I know this isn't Debian specific. But I'm just wondering if it's fine to route routable IP addresses over non-routable IP addresess. Yes, although many would consider it bad practice (I am an example), because you´ll face trouble when you have to debug something, and have non-routable IPs on some path. So is it just a matter of setting up something like /sbin/route -net 10.1.2.0/24 gw 172.16.5.2 on the gateway? Yes, but you should specify the netmask in 255.x.x.x-notation, route on linux sometimes tends to get classful when facing /-notation... cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 /
Re: routing routable IPs over non-routable IPs
On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: I know this isn't Debian specific. But I'm just wondering if it's fine to route routable IP addresses over non-routable IP addresess. Yes, although many would consider it bad practice (I am an example), because you´ll face trouble when you have to debug something, and have non-routable IPs on some path. So is it just a matter of setting up something like /sbin/route -net 10.1.2.0/24 gw 172.16.5.2 on the gateway? Yes, but you should specify the netmask in 255.x.x.x-notation, route on linux sometimes tends to get classful when facing /-notation... cheers, rw -- / Ing. Robert Waldner | [EMAIL PROTECTED] \ \ Xsoft GmbH | T: +43 1 796 36 36 692 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: load logging package
On Mon, 26 Feb 2001 18:45:27 -0300, Felipe Alvarez Harnecker writes: is there a deb package for load logging ? i mean a lightweight one, not a cron job that do cat /proc/loadavg some.log every minute. Well, not in any aspect very lightweight, but rather useful: mrtg... I´m graphing Load-1 and number of processes, which is extremely useful for identifying prime times et al..see http://de.stats.san.ka.schas.net/ for an example. cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | DSA key ID: C33A2BC0 /
Re: load logging package
On Mon, 26 Feb 2001 18:45:27 -0300, Felipe Alvarez Harnecker writes: is there a deb package for load logging ? i mean a lightweight one, not a cron job that do "cat /proc/loadavg some.log" every minute. Well, not in any aspect very lightweight, but rather useful: mrtg... Im graphing Load-1 and number of processes, which is extremely useful for identifying prime times et al..see http://de.stats.san.ka.schas.net/ for an example. cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | DSA key ID: C33A2BC0 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ADSL problem...
On Thu, 01 Feb 2001 21:43:24 +0100, Jason Quigley writes: On Thursday, February 1, 2001, at 05:58 PM, Robert Waldner wrote: Ah, I guess this 3com-stuff comes in form of a PCI-card which connects directly to the copper-wire, then? It's actually an external modem which is connected to a peecee either with a l an card or usb. When it´s connected to you PC via a LAN card it has to use some protocol other than PPPoA on the LAN side. PPPoA is fine between modem and DSLAM but not for the LAN side. Are you really sure that it doesn´t use PPPoE[0] on the ethernet side? cheers, rw 0: or something like PPTP, which is just plain sick, but in use here in .at nonetheless. -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 /
Re: ADSL problem...
On Fri, 02 Feb 2001 10:21:01 +0100, Jason Quigley writes: I understand what you're saying. The software for windoze does use pppoe. It's a really bizarre utility which creates a pseudo lan device and routes between that and the physical lan card. I cannot, however, use an adsl router configu red for pppoe bring up a connection. All I really need, I guess, is a way to force the modem to start it's pppoa co nnection and then connect to the modem via pppoe. As I say, this is a guess - a really big guess! :) Just install the PPPoE-package, the modem does (simplified) nothing else then to deencapsulate the PPP out of the E, then reencapsulates it in A ;-) So, the proper way to get the modem to initiate the PPPoA-connection is to connect to the modem with PPPoE. cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 /
Re: ADSL problem...
On Fri, 02 Feb 2001 19:19:58 +0100, Jason Quigley writes: I'm not sure if it'll work as I have an ADSL router which does pppoe. This doe sn't connect so I don't really see what I'll gain from the deb pkg. sorry I didn´t get that first time. your setup is as follows PC--- Router --- Modem ? Well if your router doesn´t connect I guess you´ll have to talk either to your ISP or the router vendor...your PC only has to speak plain IP/ ethernet. The dirty work is done by modem and router. Also, the docs (if they can be called that) which come with the modem tell me that you can connect multiple machines to the modem over the lan as long as on ly one at a time is using a connection to the internet Now it depends on your setup: if it´s PC --- modem only one PC at a time may talk PPPoE to the modem, but sequentially it doesn´t matter if there´s one PC or many. But if the setup is PC--- Router --- Modem and your router can do NAT you can connect as much PCs as you want. I think the basic problem is that 3com stuff is crap - always has been IMHO. I 've never liked playing with it - except the Palm Pilot, but then, they didn't create and code it! ;-) Ahemm, maybe you want to do a little ASCII-art so we really understand your setup...before you blame 3com (they make rock-solid ethernet-cards, at least. the 3c509-series was some fscking great stuff). cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 /
Re: ADSL problem...
On Thu, 01 Feb 2001 16:23:22 +0100, Jason Quigley writes: The problem is that the ISP is using PPPoA, as in PPP over ATM. Ah, I guess this 3com-stuff comes in form of a PCI-card which connects directly to the copper-wire, then? (btw: PPPoA stands for PPP over AAL5, not ATM. Thats a rather psychic difference, but one nonetheless ;-) RFC2364) cheers, rw I have been supplied with a 3com homeconnect dual link adsl modem by my is p. Does anybody know of any Debian (or other Linux distros) to control this rotten equipment -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ADSL modems that work in linux ??
On Wed, 24 Jan 2001 18:54:40 +1300, Daniel Free writes: short of this what other adsl options to people know of other than buying an ADSL router ?? ie other modem setups, USB or whatever. here in .at the telco supplies external adsl-modems which connect to your equipment via PPTP/ethernet. they are not exactly routers, but rather function as a kind of bridge...while this method being *far* from optimal there are pptp-clients for linux and they work (Im writing this over such a connection ;) ), AFAIR the modems can also do PPPoE, but the telco doesnt support this (yet). manufacturer is Alcatel, my model (for adsl/isdn) is called a "SpeedTouch 1000 ADSL", look at http://www.alcatel.com/consumer/dsl/supuser.htm , maybe you can find something there which fits your needs. hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail sorting tool
On Sat, 06 Jan 2001 13:03:19 +1100, Craig Sanders writes: because POP is not a mail transport protocol. it's not designed to be one, and can not even be reliably kludged to act like one. ack. I already stand corrected. see Message-id: [EMAIL PROTECTED]. I never ran into that sort of problems because I´m not on any lists or the like at home. Does your ISP offer some kind of smtp-queuing? We do (mail is put into a queue, there´s a script watching the dialin-logs, when it sees that there´s a queue for that user, sendmail is started with on-the-fly rewritten options for that queue, eg smarthost set to the dynamic IP). Way easier than UUCP (imho) and even working for exhaust^Wexchange-boxes at the customer. cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Web interface for mail reading?
On Sat, 06 Jan 2001 09:12:03 EST, John Ackermann writes: I'd like to set up something along the lines of the "mail2web" site for my users that would allow them to read and send messages via their POP account using a web interface. The web and mail servers reside on the same machine, if that makes it any easier. Anyone know of a package that will provide that kind of functionality? I like (and use) acmemail for that, easy to set up and quite flexible. http://www.astray.com/acmemail/ hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail sorting tool
On Thu, 04 Jan 2001 11:44:57 +0100, Stephane Bortzmeyer writes: On Wednesday 3 January 2001, at 15 h 29, the keyboard of Robert Waldner [EMAIL PROTECTED] wrote: Uh, why? As far as I understood, Martin has _one_ POP-account (domain-in-a-box this feature is called by us) with his ISP. Yes. This is what cannot works (despite what ISPs say). I had that setup running myself, so I can speak both as a user and as an ISP... He now can use fetchmail to get the mails, and fetchmail will deliver it to localhost:25, no matter what´s in From, To, Cc, whereever. Bcc: ? Mailing lists ? I repeat: it cannot work. jup, you´re right there. lart($self). only to and cc work. cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail sorting tool
On Wed, 03 Jan 2001 14:52:39 +0100, Stephane Bortzmeyer writes: On Wednesday 3 January 2001, at 14 h 41, the keyboard of Martin Man [EMAIL PROTECTED] wrote: small company. Let's say we're getting email for our domain via POP from one POP account and I've to distribute appropriate email messages to appropriate mailboxes according to To: and Cc: headers. Why don't you use a proper domain and normal mail forwarding? make your local mailer (sendmail, exim, whatever) feeling "responsible" for the domain and simply use fetchmail to pop the mails and hand them over to your local mailer. easy and reliable... hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mail sorting tool
On Wed, 03 Jan 2001 15:21:56 +0100, Stephane Bortzmeyer writes: On Wednesday 3 January 2001, at 15 h 15, the keyboard of Robert Waldner [EMAIL PROTECTED] wrote: make your local mailer (sendmail, exim, whatever) feeling "responsible" for the domain and simply use fetchmail to pop the mails This needs an account on the ISP's machine for every local user. Inconvenient. Uh, why? As far as I understood, Martin has _one_ POP-account (domain-in-a-box this feature is called by us) with his ISP. He now can use fetchmail to get the mails, and fetchmail will deliver it to localhost:25, no matter what´s in From, To, Cc, whereever. Only one account needed. The only problem with a setup like this is, that it´s exploitable by spammers, as they can set whatever they wnat in To: or Bcc: and deliver it into the box, the local mailer only sees the mails coming from localhost and will usually happily deliver them all (but, hey, that´s the intention with the local MTA, isn´t it? ;-) ). But as the ISPs mailservers are usually quite hardened, this shouldn´t be too much of a problem. hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian Slink
On Sat, 30 Dec 2000 03:13:06 +0100, Tobias Geijersson writes: I have a little problem, I'm using Debian 2.1 on one of our production servers and now I need to add some packages and don't want to uppgrade to a newer distribution just yet (we will soon move our servers and make som big changes so I will do it then). Well, you could just point your sources.list to potato, apt-get update, apt-get install insert needed new packages here and you will upgrade only what´s really needed for the new packages. I´m doing this on 2 of my servers since potato hit stable and it works just fine (except samba...). Another try would be searching for an old package (you should find some in /var/cache/apt-/archives) via http://ftpsearch.ntnu.no and hope to find that some mirror still holds slink. hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian Slink
On Sat, 30 Dec 2000 04:47:51 EST, Debian Ghost writes: What kind of problems does samba have in potato? I was considering doing some samba stuff, but I run potato on my servers. none if you run real potato, but when just ever upgrading from slink to the latest packages, eg still running a 2.0.x-kernel, samba2.0.5a-1 won´t run because it depends on kernel 2.2. so the real gotcha is that this doesn´t show up in the dependencies... cheers, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS error
thardferr.com. IN SOA 207.174.232.178. abakar.thardferr.com. ( 965335400 10800 3600 432000 38400 ) thardferr.com. IN NS 207.174.232.178 thardferr.com. IN A 207.174.232.177 www.thardferr.com. IN CNAME thardferr.com. mail.thardferr.com. IN CNAME thardferr.com. thardferr.com. IN MX 10 thardferr.com ^^ perhaps a typo, but should there not be a dot after this? you can also s/"thardferr\.com\."/"@"/ which is much more readable. I can remember seeing something, that neither SOA nor NS-records may point to ip-addresses, only to a-records, so you might want to try that... Another try is to set up a 2nd NS, it´s error-logs are often much more verbose than that of the master. hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
OT: working with cisco gear (Re: CISCO -- debian tool(s))
On Sat, 18 Nov 2000 15:08:02 +0100, Dariush Pietrzak writes: I was wondering if there were any debian tools used for working with Cisco there is wonderfull perl module for configuring Cisco routers. besides that you've got all default tools like telnet;),snmp utils like mrtg etc.. which are useful unless you have to manage lots of those boxes, maintaining (+backuping!) their configuration, both locally and in general, upgrading them with the latest security fixes etc pp. a bunch of fleas can´t be _that_ much more work ;-) ... rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OT: working with cisco gear (Re: CISCO -- debian tool(s))
On Sat, 18 Nov 2000 17:18:31 +0100, Dariush Pietrzak writes: which are useful unless you have to manage lots of those boxes, I wouldn't know. but isn't that what OpenView is for? and is unbeatable in that field? I consider BrokenView to be in the field of BigBuckMoneyBurn-ware ... If you´re (for whatever reason) already forced to use expensive (and much too often crappy) cisco-gear, I´d guess you don´t want to strangle yourself further with moremore not-open-source-software. rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: CISCO -- debian tool(s)
On Fri, 17 Nov 2000 15:47:54 +0100, Stephane Bortzmeyer writes: On Friday 17 November 2000, at 9 h 25, the keyboard of Debian Ghost [EMAIL PROTECTED] wrote: I was wondering if there were any debian tools used for working with Cisco routers and/or other Cisco gear. Everything is in Debian packages: m4 (to create configuration files) mrtg (to get stats from the boxes) mon (to monitor the boxes) telnet (just in case) and, of course, there´s rtrmon http://www.vix.com/vix/rtrmon/, though afaik not yet debian´ized, it does a great job if you have to cope with large numbers of routers (especially criscos). hth, rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ [EMAIL PROTECTED] |KPNQwest/AT | Diefenbachg. 35, A-1150 / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
