Re: packages: apache, gd, mysql...
Yeah, see if I go ahead and try to install "php4-mysql", I have to install the unstable version which I wouldn't want because it will also upgrade a lot of other packages to the unstable version. How come I can't have mysql support with php4 and be stable??? So just for me to have php4 and mysql support with apache, is it worth doing all these updates to unstable?? My system is for personal use only as I use it for learning and experimenting purposes, but I still wouldn't want to have a system that crashes at random. Seems unfortunate to have to upgrade all those packages to unstable just to get mysql support... I wish all programs would just support postgres! Bart
packages: apache, gd, mysql...
I tried doing an "apt-get install php4-mysql" but got the following error message... --- Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: php4-mysql: Depends: phpapi-20020918 Depends: php4-common (= 4:4.3.10-16) but 4:4.4.0-2 is to be installed E: Broken packages --- These are the php related packages i have installed: ii libapache-mod-php4 4.4.0-2 ii libapache2-mod-php44.4.0-2 ii php-db 1.7.6-2 ii php-http 1.3.6-2 ii php-mail 1.1.6-2 ii php-net-smtp 1.2.6-2 ii php-net-socket 1.0.6-2 ii php-pear 5.0.5-1 ii php-xml-parser 1.2.6-2 ii php4-common4.4.0-2 ii php4-gd4.4.0-2 ii php4-imagick 0.9.11-2 ii php4-pear 4.4.0-2 ii php4-pgsql 4.4.0-2 ii php5-cli 5.0.5-1 ii php5-common5.0.5-1 I'm having doubts about this whole package system. Seems like a lot of people are having problems with it. Wouldn't it be better if everyone just learned how to do things from source?? If anyone knows why this problem came up I would appreciate some suggestions. Otherwise, I think I'm going to pursue the source route.. Thanks Bart
packages: apache, gd, mysql...
Hello, Currently I have apache2 installed on my debian as per the default installation, thus it shows up as installed in the list of packages according to "dpkg -l", but I am unsure about all this output: (descriptions omitted for clarity) ii apache-common 1.3.33-8 ii apache22.0.54-5 ii apache2-common 2.0.54-5 ii apache2-doc2.0.54-5 ii apache2-mpm-prefork2.0.54-5 ii apache2-utils 2.0.54-5 ii libapache-mod-php4 4.4.0-2 ii libapache2-mod-perl2 1.999.21-1 ii libapache2-mod-php44.4.0-2 ii libapache2-mod-python 3.1.3-3 ii libapache2-mod-python2.3 3.1.3-3 If I would like to remove all traces of apache2 and associated modules, what command would I have to run? If I simulate "apt-get remove apache2" I only get one package for removal, but if I simualte "apt-get remove apache2*" then I get all kinds of additional lines besides the ones I got listed there. My main interest is to have GD and MYSQL support enabled for apache2, so is this possible with a few additional apt-get installs for these modules?? Otherwise, I would like to remove all package traces of apache2 and do a straight source install with whatever modules I want using the configure script. Also another question, is it possible for me to do a source install of apache2 as a separate instance of this one installed via the package system? Or would there be some kind of conflict I would have to work around?? Thanks Bart
iptables at boot
Hi, I was wondering if someone would be able to give me the correct way of disabling all network activity (iptables commands/script) during the boot process so that my network is inoperable during bootup until I activate it manually. I'm unsure in which startup script I would place this on debian. Thanks Bart
firewall init prior network init
Hello, I'm trying to set up a firewall using iptables, and i ran across some documentation which recommends disabling the network altogether during boot time until our firewall script is loaded. Some of this implementation's commands included: Block ICMP redirects for CONF in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $CONF done # Block IP Source Routing for CONF in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $CONF done # Block IP spoofing for CONF in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $CONF Does anyone have any suggestions, maybe some that would be better suited for Debian?? Bart
Re: network logs: trace strange address
Router DHCP clients list shows only the two correct computers, but it is configured for a maximum of 50 such clients. The thing I'm worried about, is that if someone has already compromised my debian system, they would have access to my router login information as well when I went to administer it sometime ago. So, someone could basically reverted my system back to normal and maintained my router login info. Is it possible to let these little routers to forward my packets to some external ips? > have you looked at the routers config to see what it has in its dhcp clients? > is this thing wireless and cracked? > > A > > > > > Bart > > > > >
network logs: trace strange address
Hi All, I have encountered something different in my /var/log/snort/alert logs, and I am curious where on my system I can find further traces of this strange activity. First off, I noticed entries such as the following when I did a grep in my snort alert logs: ... 02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21 02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834 ... 02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80 02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941 02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55 02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705 .. I do'nt know where the "192.168.1.102, 192.168.1.103" came from, because I only have two computers hooked up to my blue linksys dsl router, whose ip addresses are constantly bound to 192.168.1.100 and 192.168.1.101 by DHCP. I checked the logs of both systems to check if they bound to this 102/103 address before, and never. These two computers cannot see eachother, they just use the router to share the net. Realizing this is not a networking problems mailing list, I am curious where on the debian system I could further find traces of this IP if it is actually valid for my networking setup. Bart
network logs: trace strange address
Hi All, I have encountered something different in my /var/log/snort/alert logs, and I am curious where on my system I can find further traces of this strange activity. First off, I noticed entries such as the following when I did a grep in my snort alert logs: ... 02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21 02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834 ... 02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80 02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941 02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55 02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705 .. I do'nt know where the "192.168.1.102, 192.168.1.103" came from, because I only have two computers hooked up to my blue linksys dsl router, whose ip addresses are constantly bound to 192.168.1.100 and 192.168.1.101 by DHCP. I checked the logs of both systems to check if they bound to this 102/103 address before, and never. These two computers cannot see eachother, they just use the router to share the net. Realizing this is not a networking problems mailing list, I am curious where on the debian system I could further find traces of this IP if it is actually valid for my networking setup. Bart
Re: Is my system compromised
I did as you mention by booting from a knoppix cd and try to check the hard drive partitions with chkrootkit. Chkrootkit however did not run in the same typical manner as it does when I invoke it from my Debian console: it complained about not being able to do everything it's supposed to, I can't remember the details. Also I gave a quick try to install some virus scanner from the Knoppix software install menu, but I lost my interest into figuring all that out and did not perform a virus scan. I did not find any specific instructions on google for dealing with compromised systems using knoppix, other than what I tried to do. Does anyone have any links or specific hints regarding this?? Bart I'd not run anything else from a hard drive I suspect is compromised. Reboot with a liveCD and examine it fromthere.Tony--To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
empty root history file
Hello, I have logged in today to discover my root history file to be nicely empty. However my main user 'bart' .bash_history file still contains all the previous commands.. I know I didn't delete this myself, is there any debian management process that archives the history contents? Or should I suspect something else here? Thanks Bart
Re: strange disk access
I checked my logs and noticed nothing out of the ordinary routine anywwhere. At the time I did as you recommend to run top and ps but my system was operating so poorly all I got to see was a sad load average of 3+ during all the chaos in GNOME... Thanks a lot for recommending atop, it looks like a really good tool. Although I still need to install the 'cnt' patch to my 2.4 kernel so I can track disk and network activity on a per process basis with it. I do not have any experience doing this so it should be fun learning. Any quick pointers for good tutorials or howtos on debian kernel upgrading etc would be appreciated. Thanks for the replies BartOn 1/31/06, Andreas Rippl <[EMAIL PROTECTED]> wrote: On Mon, Jan 30, 2006 at 05:22:55PM -0400, BTP wrote:> Hello, I hope maybe one of you can point me in the right direction to do my> research here...>> on my debian system (on my laptop) for the first time and for no reason my > disk accesses started going crazy and really bogging down the system for> about half a minute. I couldn't even open a terminal window to check the> process tasks...>> How would I go about tracking down exactly what this disk access was all > about? It might have been just swapping but I don't know if it would get> that bad and whether it normally swaps without such problems...>> BartHi Bart,my first guess is a cron job. So I'd look in the /etc/cron.* directories (if I knew the time of the disk access). Also in 1.5 minutes, there isplenty of time to start 'top' or 'ps' to see the processes acting up.And finally there is 'atop', which records the running processes. CPU usage etc for later perusal. So you can just let it run and examine whathappened later.Hth--Andreas Rippl -- GPG messages preferred Key-ID: 0x81073379-BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux)iD8DBQFD37KLRs5I5IEHM3kRArQxAKCKxA83QqvFTMbNtsxAtcpd2Ht7lACfU5KYBiKp6iCxZZLdL405xDI8uac==6T2j-END PGP SIGNATURE-
strange disk access
Hello, I hope maybe one of you can point me in the right direction to do my research here... on my debian system (on my laptop) for the first time and for no reason my disk accesses started going crazy and really bogging down the system for about half a minute. I couldn't even open a terminal window to check the process tasks... How would I go about tracking down exactly what this disk access was all about? It might have been just swapping but I don't know if it would get that bad and whether it normally swaps without such problems... Bart
Re: error in script
Check out http://www.tldp.org/LDP/abs/html/ a bash scripting guide that should answer all your questions and show you plenty of examples. You also might want to look up the "find" command in the man pages that might be better suited for your task. On 1/25/06, Jon Miller <[EMAIL PROTECTED]> wrote: Trying to run a test to see if certain files exists in a certain locationusing the following:# Check files at locationLOCSAV="/usr/local/sop"if [ -e $(ls -l $LOCSAV/*.ide) ]it comes up with an error, can some lend a hand in fixing this? Thanks
gxine package removal
Hello, I have been running mostly stable versions of software on my Debian system, and when I decided to do an apt-get install gxine I had to upgrade mozilla and install some other packages. (apt-get output is included below.) My question is, if I want to undo what I have done, what would be the best course of action? I already did (apt-get --purge remove gxine) and that really didn't undo all the other package mangling. If I do (apt-get --purge remove [all additional packages that were forced to install]) then I get all kinds of unpredictable package mangling. Is it even worth dealing with this apt-get package management? Seems like I could get more control with just source installs. Also on the gxine web page I did not find any quick solution to adding plugins when going with the debian package route. I don't really care about fixing these issues as much as I care about knowing the best way to install a media player that will work with the most amount of supported video formats out there. If anyone could throw any advice my way it would be appreciated. Thanks. = The following extra packages will be installed: libnspr4 libnss3 libsmjs1 libxaw8 mozilla-browser mozilla-psm Suggested packages: realplayer libdvdcss2 libdvdcss xprt latex-xft-fonts The following NEW packages will be installed: gxine libsmjs1 libxaw8 The following packages will be upgraded: libnspr4 libnss3 mozilla-browser mozilla-psm 4 upgraded, 3 newly installed, 0 to remove and 812 not upgraded. Need to get 11.2MB of archives. After unpacking 519kB disk space will be freed. =
Re: rpc.statd paranoia
Ah, what I did was: 362 apt-get --purge remove portmap -s 370 update-rc.d -f portmap remove 412 update-rc.d -f fam remove 443 apt-get --purge remove portmap -s So either the removal of portmap from boot sequence or the removal of fam from boot sequence affected GNOME related package dependencies when I tested to remove the portmap package. I did not remove the gnome package or fam, just out of the init scripts. From what you mentioned I imagine we should blame the fam. Interesting... thanks. Bart On 1/18/06, Marty <[EMAIL PROTECTED]> wrote: BTP wrote:> Sorry, I don't know where, but I must have made a mistake somewhere> regarding this.>> I checked my bash history and I looked where i could have done this but saw> nothing... >> I again simulated the removal of portmap with apt-get and things seemed> normal this time... no removal of GNOME. Put that in the x-files section.>> :/gnome-desktop-environment requires portmap through dependency on fam. Did you by any chance remove gnome-desktop-environment in the meantime?--To UNSUBSCRIBE, email to [EMAIL PROTECTED]with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rpc.statd paranoia
Sorry, I don't know where, but I must have made a mistake somewhere regarding this. I checked my bash history and I looked where i could have done this but saw nothing... I again simulated the removal of portmap with apt-get and things seemed normal this time... no removal of GNOME. Put that in the x-files section. :/On 1/18/06, Greg Norris <[EMAIL PROTECTED]> wrote: On Wed, Jan 18, 2006 at 04:41:02PM -0400, BTP wrote:> apt-get --purge remove portmap reported a required removal of GNOME> which I did not want, so I instead used the "update-rc.d portmap> remove" alternative. Interesting. I've got gnome installed (although I currently use xfce4 :)with portmap purged... I don't recall having to do anything special.-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDzsdogrEMyr8Cx2YRAkitAJ0Th706PlmE9F0vAFOVhvg6q/2YhgCdEi6xHZ07cZoQkJoWLpURVMyPzB0==/ulb-END PGP SIGNATURE-
Re: rpc.statd paranoia
On 1/18/06, Johannes Wiedersich <[EMAIL PROTECTED] > wrote: If you are paranoid, you should also install/activate a firewall... Yes, I am looking into firewall software. Although, I am behind a linksys little router I bought from future-shop, but I think it might have been tampered with it if they successfully logged into it by guessing my pw and possibly now set it back to normal. I'm not an expert on firewalls so I don't know how much protection this gives... If you don't have special requirements, like a bank, ainternet provider... you shouldn't start worrying too much. Yes, that's typically true... Having said all that, it's good practice to only install thoseservices/packages that you actually use. I agree, but I initially installed this sytem to have as a toy with all kinds of bells and whistles so I could learn about it all, but now I am interested in finding out whether it has been compromised or not. So I'm currently downloading a fresh Knoppix to do some testing. And during this whole process I am still trying to learn as much as possible about administration and security.. Thanks for all the replies, much appreciated.
Re: rpc.statd paranoia
My solution was "apt-get --purge remove portmap"... apt will let youknow if you have any packages installed which actually require it. apt-get --purge remove portmap reported a required removal of GNOME which I did not want, so I instead used the "update-rc.d portmap remove" alternative. However, this did stop nmap from reporting this which I don't need: 111/tcp open rpcbind But, I still have: 732/tcp open unknown 742/tcp open netrcs So, lsof and netstat inform me that: famd 1828 bart 3u IPv4 2593 TCP localhost.localdomain:732 (LISTEN) rpc.statd 1832 root 6u IPv4 2685 TCP *:742 (LISTEN) So I did: update-rc.d -f fam remove But the "rpc.statd" is still confusing to me and my research so far didn't bring me to a straightforward solution as the other items
rpc.statd paranoia
Hi All, This is my first time posting to the list as I am a beginning my journey into the realm of Linux. One of the first things I'd like to establish is the security of my system. nmap revealed the following: 779/tcp open unknown 789/tcp open unknown and I think I tracked it down correctly to rpc.statd and it has something to do with NFS, which I have no intention of using right now. Does anybody know the correct procedure for eliminating this daemon from booting? Should I be using update-rc.d or do I have to manually edit config files? Bart