Re: packages: apache, gd, mysql...

[BTP]

Yeah, see if I go ahead and try to install "php4-mysql", I have to
install the unstable version which I wouldn't want because it will
also upgrade a lot of other packages to the unstable version. How come
I can't have mysql support with php4 and be stable???

So just for me to have php4 and mysql support with apache, is it worth
doing all these updates to unstable?? My system is for personal use
only as I use it for learning and experimenting purposes, but I still
wouldn't want to have a system that crashes at random.

Seems unfortunate to have to upgrade all those packages to unstable
just to get mysql support... I wish all programs would just support
postgres!

Bart

packages: apache, gd, mysql...

[BTP]

I tried doing an "apt-get install php4-mysql" but got the following
error message...

---
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
  php4-mysql: Depends: phpapi-20020918
  Depends: php4-common (= 4:4.3.10-16) but 4:4.4.0-2 is to
be installed
E: Broken packages
---
These are the php related packages i have installed:


ii  libapache-mod-php4 4.4.0-2
ii  libapache2-mod-php44.4.0-2
ii  php-db 1.7.6-2
ii  php-http   1.3.6-2
ii  php-mail   1.1.6-2
ii  php-net-smtp   1.2.6-2
ii  php-net-socket 1.0.6-2
ii  php-pear   5.0.5-1
ii  php-xml-parser 1.2.6-2
ii  php4-common4.4.0-2
ii  php4-gd4.4.0-2
ii  php4-imagick   0.9.11-2
ii  php4-pear  4.4.0-2
ii  php4-pgsql 4.4.0-2
ii  php5-cli   5.0.5-1
ii  php5-common5.0.5-1


I'm having doubts about this whole package system. Seems like a lot of
people are having problems with it. Wouldn't it be better if everyone
just learned how to do things from source??

If anyone knows why this problem came up I would appreciate some
suggestions.  Otherwise, I think I'm going to pursue the source
route..

Thanks

Bart

packages: apache, gd, mysql...

[BTP]

Hello,

Currently I have apache2 installed on my debian as per the default
installation, thus it shows up as installed in the list of packages
according to "dpkg -l", but I am unsure about all this output:

(descriptions omitted for clarity)

ii  apache-common  1.3.33-8
ii  apache22.0.54-5
ii  apache2-common 2.0.54-5
ii  apache2-doc2.0.54-5
ii  apache2-mpm-prefork2.0.54-5
ii  apache2-utils  2.0.54-5
ii  libapache-mod-php4 4.4.0-2
ii  libapache2-mod-perl2   1.999.21-1
ii  libapache2-mod-php44.4.0-2
ii  libapache2-mod-python  3.1.3-3
ii  libapache2-mod-python2.3   3.1.3-3

If I would like to remove all traces of apache2 and associated
modules, what command would I have to run? If I simulate "apt-get
remove apache2" I only get one package for removal, but if I simualte
"apt-get remove apache2*" then I get all kinds of additional lines
besides the ones I got listed there.

My main interest is to have GD and MYSQL support enabled for apache2,
so is this possible with a few additional apt-get installs for these
modules??

Otherwise, I would like to remove all package traces of apache2 and do
a straight source install with whatever modules I want using the
configure script.

Also another question, is it possible for me to do a source install of
apache2 as a separate instance of this one installed via the package
system? Or would there be some kind of conflict I would have to work
around??

Thanks

Bart

iptables at boot

[BTP]

Hi,

I was wondering if someone would be able to give me the correct way of
disabling all network activity (iptables commands/script) during the
boot process so that my network is inoperable during bootup until I
activate it manually.

I'm unsure in which startup script I would place this on debian.

Thanks

Bart

firewall init prior network init

[BTP]

Hello,

I'm trying to set up a firewall using iptables, and i ran across some
documentation which recommends disabling the network altogether during
boot time until our firewall script is loaded.

Some of this implementation's commands included:

Block ICMP redirects
for CONF in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $CONF
done

# Block IP Source Routing
for CONF in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $CONF
done

# Block IP spoofing
for CONF in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $CONF

Does anyone have any suggestions, maybe some that would be better
suited for Debian??

Bart

Re: network logs: trace strange address

[BTP]

Router DHCP clients list shows only the two correct computers, but it
is configured for a maximum of 50 such clients.

The thing I'm worried about, is that if someone has already
compromised my debian system, they would have access to my router
login information as well when I went to administer it sometime ago.
So, someone could basically reverted my system back to normal and
maintained my router login info.

Is it possible to let these little routers to forward my packets to
some external ips?

> have you looked at the routers config to see what it has in its dhcp clients? 
> is this thing wireless and cracked?
>
> A
>
> >
> > Bart
> >
>
>
>

network logs: trace strange address

[BTP]

Hi All,

I have encountered something different in my /var/log/snort/alert
logs, and I am curious where on my system I can find further traces of
this strange activity.

First off, I noticed entries such as the following when I did a grep
in my snort alert logs:
...
02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21
02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834
...
02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80
02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941
02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55
02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705
..

I do'nt know where the "192.168.1.102, 192.168.1.103" came from,
because I only have two computers hooked up to my blue linksys dsl
router, whose ip addresses are constantly bound to 192.168.1.100 and
192.168.1.101 by DHCP. I checked the logs of both systems to check if
they bound to this 102/103 address before, and never. These two
computers cannot see eachother, they just use the router to share the
net.

Realizing this is not a networking problems mailing list, I am curious
where on the debian system I could further find traces of this IP if
it is actually valid for my networking setup.

Bart

network logs: trace strange address

[BTP]

Hi All,

I have encountered something different in my /var/log/snort/alert
logs, and I am curious where on my system I can find further traces of
this strange activity.

First off, I noticed entries such as the following when I did a grep
in my snort alert logs:
...
02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21
02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834
...
02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80
02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941
02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55
02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705
..

I do'nt know where the "192.168.1.102, 192.168.1.103" came from,
because I only have two computers hooked up to my blue linksys dsl
router, whose ip addresses are constantly bound to 192.168.1.100 and
192.168.1.101 by DHCP. I checked the logs of both systems to check if
they bound to this 102/103 address before, and never. These two
computers cannot see eachother, they just use the router to share the
net.

Realizing this is not a networking problems mailing list, I am curious
where on the debian system I could further find traces of this IP if
it is actually valid for my networking setup.

Bart

Re: Is my system compromised

[BTP]

I did as you mention by booting from a knoppix cd and try to check the
hard drive partitions with chkrootkit. Chkrootkit however did not run
in the same typical manner as it does when I invoke it from my Debian
console: it complained about not being able to do everything it's
supposed to, I can't remember the details.

Also I gave a quick try to install some virus scanner from the Knoppix
software install menu, but I lost my interest into figuring all that
out and did not perform a virus scan.

I did not find any specific instructions on google for dealing with
compromised systems using knoppix, other than what I tried to do.

Does anyone have any links or specific hints regarding this??
Bart
I'd not run anything else from a hard drive I suspect is
compromised.  Reboot with a liveCD and examine it fromthere.Tony--To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

empty root history file

[BTP]

Hello, I have logged in today to discover my root history file to be nicely empty.

However my main user 'bart' .bash_history file still contains all the previous commands..

I know I didn't delete this myself, is there any debian management process that archives the history contents?
Or should I suspect something else here?

Thanks

Bart

Re: strange disk access

[BTP]

I checked my logs and noticed nothing out of the ordinary routine anywwhere.
At the time I did as you recommend to run top and ps but my system was
operating so poorly all I got to see was a sad load average of 3+
during all the chaos in GNOME...

Thanks a lot for recommending atop, it looks like a really good tool.
Although I still need to install the 'cnt' patch to my 2.4 kernel so I
can track disk and network activity on a per process basis with it. I
do not have any experience doing this so it should be fun learning. Any
quick pointers for good tutorials or howtos on debian kernel upgrading
etc would be appreciated.

Thanks for the replies

BartOn 1/31/06, Andreas Rippl <[EMAIL PROTECTED]> wrote:
On Mon, Jan 30, 2006 at 05:22:55PM -0400, BTP wrote:> Hello, I hope maybe one of you can point me in the right direction to do my> research here...>> on my debian system (on my laptop) for the first time and for no reason my
> disk accesses started going crazy and really bogging down the system for> about half a minute. I couldn't even open a terminal window to check the> process tasks...>> How would I go about tracking down exactly what this disk access was all
> about? It might have been just swapping but I don't know if it would get> that bad and whether it normally swaps without such problems...>> BartHi Bart,my first guess is a cron job. So I'd look in the /etc/cron.* directories
(if I knew the time of the disk access). Also in 1.5 minutes, there isplenty of time to start 'top' or 'ps' to see the processes acting up.And finally there is 'atop', which records the running processes. CPU
usage etc for later perusal. So you can just let it run and examine whathappened later.Hth--Andreas Rippl -- GPG messages preferred Key-ID: 0x81073379-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)iD8DBQFD37KLRs5I5IEHM3kRArQxAKCKxA83QqvFTMbNtsxAtcpd2Ht7lACfU5KYBiKp6iCxZZLdL405xDI8uac==6T2j-END PGP SIGNATURE-

strange disk access

[BTP]

Hello, I hope maybe one of you can point me in the right direction to do my research here...

on my debian system (on my laptop) for the first time and for no reason
my disk accesses started going crazy and really bogging down the system
for about half a minute. I couldn't even open a terminal window to
check the process tasks...

How would I go about tracking down exactly what this disk access was
all about? It might have been just swapping but I don't know if it
would get that bad and whether it normally swaps without such
problems...

Bart

Re: error in script

[BTP]

Check out

http://www.tldp.org/LDP/abs/html/

a bash scripting guide that should answer all your questions and show you plenty of examples.

You also might want to look up the "find" command in the man pages that might be better suited for your task.
On 1/25/06, Jon  Miller <[EMAIL PROTECTED]> wrote:
Trying to run a test to see if certain files exists in a certain locationusing the following:# Check files at locationLOCSAV="/usr/local/sop"if [ -e $(ls -l $LOCSAV/*.ide) ]it comes up with an error, can some lend a hand in fixing this?
Thanks

gxine package removal

[BTP]

Hello,

I have been running mostly stable versions of software on my Debian system, and when I decided to do an
    apt-get install gxine
I had to upgrade mozilla and install some other packages.
(apt-get output is included below.)

My question is, if I want to undo what I have done, what would be the best course of action?
I already did (apt-get --purge remove gxine) and that really didn't undo all the other package mangling.
If I do (apt-get --purge remove [all additional packages that were forced to install]) then I get all kinds of unpredictable
package mangling.

Is it even worth dealing with this apt-get package management? Seems
like I could get more control with just source installs. Also on the
gxine web page I did not find any quick solution to adding plugins when
going with the debian package route.

I don't really care about fixing these issues as much as I care about
knowing the best way to install a media player that will work with the
most amount of supported video formats out there.

If anyone could throw any advice my way it would be appreciated. Thanks.

=
The following extra packages will be installed:
  libnspr4 libnss3 libsmjs1 libxaw8 mozilla-browser mozilla-psm

Suggested packages:
  realplayer libdvdcss2 libdvdcss xprt latex-xft-fonts

The following NEW packages will be installed:
  gxine libsmjs1 libxaw8

The following packages will be upgraded:
  libnspr4 libnss3 mozilla-browser mozilla-psm

4 upgraded, 3 newly installed, 0 to remove and 812 not upgraded.
Need to get 11.2MB of archives.
After unpacking 519kB disk space will be freed.
=

Re: rpc.statd paranoia

[BTP]

Ah, what I did was:

362  apt-get --purge remove portmap -s
370  update-rc.d -f portmap remove
412  update-rc.d -f fam remove
443  apt-get --purge remove portmap -s

So either the removal of portmap from boot sequence or the removal of
fam from boot sequence affected GNOME related package dependencies when
I tested to remove the portmap package.

I did not remove the gnome package or fam, just out of the init
scripts. From what you mentioned I imagine we should blame the fam.

Interesting... thanks.

Bart
On 1/18/06, Marty <[EMAIL PROTECTED]> wrote:
BTP wrote:> Sorry, I don't know where, but I must have made a mistake somewhere> regarding this.>> I checked my bash history and I looked where i could have done this but saw> nothing...
>> I again simulated the removal of portmap with apt-get and things seemed> normal this time... no removal of GNOME. Put that in the x-files section.>> :/gnome-desktop-environment requires portmap through dependency on fam.  Did you
by any chance remove gnome-desktop-environment in the meantime?--To UNSUBSCRIBE, email to [EMAIL PROTECTED]with a subject of "unsubscribe". Trouble? Contact 
[EMAIL PROTECTED]

Re: rpc.statd paranoia

[BTP]

Sorry, I don't know where, but I must have made a mistake somewhere regarding this.



I checked my bash history and I looked where i could have done this but saw nothing...


I again simulated the removal of portmap with apt-get and things seemed
normal this time... no removal of GNOME. Put that in the x-files
section.



:/On 1/18/06, Greg Norris <[EMAIL PROTECTED]> wrote:
On Wed, Jan 18, 2006 at 04:41:02PM -0400, BTP wrote:> apt-get --purge remove portmap reported a required removal of GNOME> which I did not want, so I instead used the "update-rc.d portmap> remove" alternative.
Interesting.  I've got gnome installed (although I currently use xfce4 :)with portmap purged... I don't recall having to do anything special.-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDzsdogrEMyr8Cx2YRAkitAJ0Th706PlmE9F0vAFOVhvg6q/2YhgCdEi6xHZ07cZoQkJoWLpURVMyPzB0==/ulb-END PGP SIGNATURE-

Re: rpc.statd paranoia

[BTP]

On 1/18/06, Johannes Wiedersich <[EMAIL PROTECTED]
> wrote:
If you are paranoid, you should also install/activate a firewall...
Yes, I am looking into firewall software. Although, I am behind a
linksys little router I bought from future-shop, but I think it might
have been tampered with it if they successfully logged into it by
guessing my pw and possibly now set it back to normal. I'm not an
expert on firewalls so I don't know how much protection this gives...

 If you don't have special requirements, like a bank, ainternet provider... you shouldn't start worrying too much.

Yes, that's typically true...

Having said all that, it's good practice to only install thoseservices/packages that you actually use.

I agree, but I initially installed this sytem to have as a toy with all
kinds of bells and whistles so I could learn about it all, but now I am
interested in finding out whether it has been compromised or not. 
So I'm currently downloading a fresh Knoppix to do some testing. And
during this whole process I am still trying to learn as much as
possible about administration and security..

Thanks for all the replies, much appreciated.

Re: rpc.statd paranoia

[BTP]

My solution was "apt-get --purge remove portmap"... apt will let youknow if you have any packages installed which actually require it.


apt-get --purge remove portmap reported a required removal of GNOME
which I did not want, so I instead used the "update-rc.d portmap
remove" alternative.

However, this did stop nmap from reporting this which I don't need:
 
 111/tcp  open  rpcbind

But, I still have:

    732/tcp  open  unknown
    742/tcp  open  netrcs

So, lsof and netstat inform me that:

famd 
1828    bart   
3u IPv4  
2593  
TCP localhost.localdomain:732 (LISTEN)
rpc.statd 1832   
root    6u
IPv4  
2685  
TCP *:742 (LISTEN)
So I did:
    update-rc.d -f fam remove

But the "rpc.statd" is still confusing to me and my research so far
didn't bring me to a straightforward solution as the other items

rpc.statd paranoia

[BTP]

Hi All,

This is my first time posting to the list as I am a beginning my journey into the realm of Linux.

One of the first things I'd like to establish is the security of my system.

nmap revealed the following:

779/tcp  open  unknown
789/tcp  open  unknown

and I think I tracked it down correctly to rpc.statd and it has
something to do with NFS, which I have no intention of using right now.

Does anybody know the correct procedure for eliminating this daemon
from booting? Should I be using update-rc.d or do I have to manually
edit config files?

Bart