Re: remote attack?
On Mon, 18 Dec 2000, Christian T. Steigies wrote: Hi, seems my machine was subject to an remote attack. I saw these in the logs: Dec 16 05:10:03 ap031 rpc.statd[21964]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 [...] How can I find out where the attack came from? Plus I hope that a woody machine is not vulnerable? Unless there was more in your logs, you don't find out where it came from. In any case, that attack was published in mid-July. Debian 2.2 and 2.3 are both listed as vulnerable. The fix (for Debian) was in nfs-common_0.1.9.1-1, so if you're running that version or later then you're safe. Otherwise, you might want to take a *very* close look at your system and consider reinstalling. For more information on the attack go to www.securityfocus.com and do a search on statd. HTH, Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: inetd questions
On Mon, 11 Dec 2000, Ethan Benson wrote: tell what is so damn insecure about these? $ while true ; do makepasswd --chars=12 ; done t2nWXiWynAU8 qdesULEdwzLG g3YfAxqxLG1d Well, since you asked there is no punctuation. Ideally, I would like to see control characters in passwords. Anyone know of a complete list of which are acceptable/unacceptable? Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: instalation manual
On Tue, 5 Dec 2000, Tom wrote:
My computer is 586 IBM CyrixInstead. Which Intall manual (in the page
http://www.debian.org/releases/stable/#new-inst of the Debian page) do I use
?
-Intel x86
This one. (For all practical purposes, x={3,4,5,6,...} and
Intel={Intel,AMD,Cyrix}
Damian Menscher
--
--==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: OT: port scan
On Tue, 28 Nov 2000, Pollywog wrote: On Tue, 28 Nov 2000 14:40:09 -0200 (EDT), Mario Olimpio de Menezes said: One computer where I have Debian installed was scanned recently. Someone probed several ports (~20), maybe trying to determine the running OS (something like nmap does). Do you think this *IS* an attack? I mean, should I report this as *AN* attack? If someone scans several ports, I usually do report it to their ISP, sending them log excerpts that include the time they occurred and also my time zone as reported by my computer. The ISP would probably warn the customer and even terminate the customer's account if they believe the customer was up to no good. I usually do not report attempts to connect to single ports. You might want to keep in mind that scans of all ports are often just general curiosity about what kind of stuff a computer is being used for, while scans of a single port (on every machine in your subnet) is often someone looking for a machine vulnerable to a *particular* exploit. So I'd say don't ignore the single-port scans. They are as (or more) serious. Of course, a connection to a single port on a single machine is probably just some idiot who mistyped an IP address Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: PPP keeps on acting *strangely* ...
On Mon, 27 Nov 2000, Kristian Rink wrote: --snip-- Nov 27 17:17:24 straylight chat[1054]: -- got it Nov 27 17:17:24 straylight chat[1054]: send (ATDT0192666210^M) Nov 27 17:17:25 straylight chat[1054]: expect (CONNECT) Nov 27 17:17:25 straylight chat[1054]: ^M Nov 27 17:17:52 straylight chat[1054]: ATDT0192666210^MECT 115200^M [snip] Nov 27 17:18:08 straylight chat[1054]: }%B#}%}%}um$} }'}}(}[EMAIL PROTECTED] }9} }} }*} } }#}%B#}%}%}um$} }'}}(}6k~~ Nov 27 17:18:10 straylight chat[1054]: alarm Nov 27 17:18:10 straylight chat[1054]: Failed Nov 27 17:18:11 straylight pppd[1053]: Exit. --snip-- After the last time I posted here I tried: --changing and trying to dial with different AT-init-commands --turning modem echo on / off --dialing with chat and wvdial --using differen providers to prevent problems with broken ppp servers --setting fixed speed (i.e. 57600) via pppconfig in dialup scripts Finally, *none* of this things changed anything about the modem behaviour. *Sometimes* it dials a hundred times without having any problems, sometimes it's almost impossible to connect for days without having errors like these. So it's obviously not solveable only by setting AT commands... Especially the marked line seems *strange* to me, what the h__k happens here??? I would guess that that is the echo coming back from the modem. It repeats the dial command you gave it ATDT, dials, connects, and tells you how fast it connected CONNECT 115200 (115.2k, including hardware compression, etc). I haven't been following your problem, and haven't used a modem in over a year, but. Have you made a log of connection speeds where you were [un]successful? Since the script is expecting it to say CONNECT and it gets only the last 10 chars of that string ECT 115200 it might be assuming an error condition. From my days of reading up on AT commands, I remember my modem had 4 options of verbosity of connect messages, ranging from a number, to CONNECT/BUSY/NO DIALTONE to the full range of CONNECT 300/CONNECT 1200/CONNECT 2400/CONNECT 9600/.. You might want to try setting yours to be less verbose so it says CONNECT instead of CONNECT 115200. Just a wild guess. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
teTeX path question
Not a specifically Debian question, but I just upgraded my version of teTeX to 1.0.6, and discovered it no longer seems to follow the TEXINPUTS environment variable to find various style files, etc. I need to get this to read in a revtex.cls file that I've added in, but don't know how to get this included in the search path. I've got a feeling it has something to do with the ls-R file, but don't know exactly what I'm doing there and don't want to mess things up. Could anyone provide any hints? Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: teTeX path question
On Sun, 26 Nov 2000, Damian Menscher wrote: I just upgraded my version of teTeX to 1.0.6, and discovered it no longer seems to follow the TEXINPUTS environment variable to find various style files, etc. I need to get this to read in a revtex.cls file that I've added in, but don't know how to get this included in the search path. I've got a feeling it has something to do with the ls-R file, but don't know exactly what I'm doing there and don't want to mess things up. Could anyone provide any hints? Sorry to answer my own question, but it appears that running the texhash command updates an internal database teTeX keeps on what files are where. (Oh, and to answer another question I hadn't gotten around to asking yet, you can change from the default papersize of A4 to letter by using the texconfig command. Dang I'm quick! ;) Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Using PuTTY with an SSH Server
On Sat, 25 Nov 2000, S.Salman Ahmed wrote: I am using the latest (stable) release of PuTTY on Win2000 Professional to connect to a Debian server running OpenSSH. I have also installed Hummingbird Exceed 6.2 on the Win2000 machine. It seems that PuTTY doesn't support X forwarding. So how do I go about displaying X clients on my Win2000 desktop which has a working X server (Exceed) ? I tried setting $DISPLAY to :0.0 while connected to my Debian server, but that didn't work ? :0.0 refers to the Debian server, not to your win2k machine. Instead, set $DISPLAY to win2k.machine.name:0 Keep in mind that these connections do NOT got through ssh, so anything you send through them can be sniffed! Therefore, don't open an xterm and su or ssh into another machine if you do things this way! Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: more than one .sty file in a tex document!?
On Thu, 23 Nov 2000, Manegold wrote: Manuel Hendel wrote: On Thu, Nov 23, 2000 at 09:44:40AM +0100, Manegold wrote: Manuel Hendel wrote: is it possible to use more than one .sty file in a tex document? For example, let's say I use g-brief as documentclass, but also want to use letter or dinbrief and a package called rechnung. yes and no. Some packages like footmisc, soul, which are not a document class can be used alonside each other. g-brief und dinbrief, however, are different documten classes. Same as you can't write a document based on book.cls and a letter (based on g-brief, letter, dinbrief or whatever) at the same time, you can't do that with different classes for a letter. This also applies for the different variants for reports, books or articles. If you tried, the last one will probably overwrite the previous if it does not give you an error. Actually I want to use the class g-breif, but I need the functions for the footer from the letter class or is there any package which I can add to my .tex file together with g-brief to get the footers? Well you can always try and see if it works. In your case try to input the letter class after the g-brief class. I don't think this will give the desired result though. The prelim2e package puts something at the lower edge of the each page that you can customize to what you want there. Maybe that does what you want. Depending on your skill level, and how much you really want this, you can try extracting the footer-related section from the letter class and putting that in the g-brief class (or inputting it separately). If you do this, just make a new class. I've done similar stuff with modifying the seminar.cls style to get rid of borders, or modifying bibliography styles to allow for a Bachelor's thesis. Just keep in mind that TeX really is a different language from LaTeX and you'll be fine Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: how to keep portmap from running?
On Thu, 23 Nov 2000, Robert A. Jacobs wrote: * Peter Jay Salzman [EMAIL PROTECTED] [231100 09:16]: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? This is more of a question to the readers of this thread than directly to you Pete, but: What are the ramifications of turning portmapper on or off? I've gotten the (perhaps mistaken) impression that portmapper presents some security risks but it almost seems like I have to have it running to get other services to work properly. Portmapper maps the RPC services to ports. The list of services it deals with are listed in /etc/rpc. Most of them deal with clustered computing, so you'll need to run portmap if you're using nfs, yp, or (I think) trying to do a beowulf-type setup. Otherwise, you probably don't need it. You could try doing a `rpcinfo -p localhost` to find out what your computer is making available. Is there an alternative to running portmapper? Portmap is a fairly big security risk, since it allows lots of new access to your machine. You may remember a recent rpc.statd exploit that could have been prevented if the target machine was not running portmap. Of course, if you need it, then you need it. Use TCP wrappers to protect yourself. If you're behind a firewall, this is less of an issue, but layered security is still the way to go. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Adding users
On Thu, 23 Nov 2000, Jeff Daniels wrote: I need to be able to add user accounts. Is there a simple way of doing this from the command line. Try using the adduser command. Or the useradd command. Hint: guessing command names can often be useful. Not all unix commands have names as cryptic as tar or cat, you know. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Help with cron settings?
On Sat, 18 Nov 2000, sc wrote: I'm having troubles getting my backups automated. I set up a file test in the cron.d directory with the settings... 5,10,15 * * * sunkcost /bin/tar -cf /home/sunkcost/test.tar /home/sunkcost/test.txt I thought that cron was supposed to check through its crontab and related files every minute or so, but nothing happens. I tried restarting cron manually, root as the user, and editing crontab directly, but no dice. I'm probably missing something really obvious for what seems like a straightforward setup, but I'm stuck. Can somebody give me some help here? man crontab You're supposed to use the crontab command to modify cron settings. Updating files by hand won't work. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: What is NAVIDAD.exe
On Tue, 14 Nov 2000, -|- Hurgh! -|- wrote: Is this a virus or something I have just got like heaps of messages from people on this group and they all have this file attached. What is it?? -|- Hurgh! -|- PS If you would like a copy of this file I will attach it but I would not run it, I have not yet ran it and I do not know what it does. If you want a copy let me know As you have suggested, DO NOT RUN IT. It is worm that targets idiots who run Windows. Note: not all idiots run windows, and not all who run windows are idiots. But all who run windows and execute NAVIDAD.EXE are idiots. Obviously there is at least one subscriber to the Debian-user list who meets this idiot criteria. I just hope the complaining servers stop battling soon. This is getting annoying. The following is the alert I received about this from McAfee: *** VIRUS ALERT - W32/[EMAIL PROTECTED] Dear McAfee.com Dispatch Subscriber: W32/[EMAIL PROTECTED] is an Internet worm that spreads using the Windows email program Outlook. McAfee AVERT has given it a risk assessment of MEDIUM-ON WATCH, due to a significant increase in infection levels worldwide. The email can come from addresses that you will recognize. Attached is a file named NAVIDAD.EXE and when it is run, it displays a dialog box entitled, Error which reads UI. A blue eye icon then appears in the system tray next to the clock in the lower right corner of the screen, and a copy of the worm is saved to the file winsvrc.vxd in the WINDOWS SYSTEM directory. If your PC becomes infected with the W32/[EMAIL PROTECTED] worm, all subsequent emails addressed to you will be responded to automatically with an email from your address with the W32/[EMAIL PROTECTED] worm as an attachment. Click here for detection and removal instructions: - http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=1956 Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: /usr/tmp instead of /tmp
On Tue, 14 Nov 2000, Debian User wrote: I'd like to switch /tmp to /usr/tmp because /tmp is to small. umount /tmp ; mv tmp tmp2 ; rewrite /tmp to /tmp2 in /etc/fstab mkdir /usr/tmp ; ln -s /usr/tmp /tmp ; chown 777 /usr/tmp ; chown 777 /tmp chmod root:sys /usr/tmp Well, swapping chown - chmod in what you wrote, you're pretty close. The permissions _should_ be 1777, not just 777. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Quick way to tell if online for use in cron script?
On Tue, 7 Nov 2000, Willy Lee wrote: I wanted to run 'ntpdate' periodically via a cron script. However, I would prefer if the script would only run ntpdate if I am online (my dialup account), in order to avoid filling up my logs with 'can't find xxx.xxx.xxx.xxx' messages. Is there something in /proc or a simple command that I could use to tell whether I'm dialed up? Currently I am simply running 'ifconfig ppp0' to see if I'm online, but that seems a little inelegant to me. Given that you're trying to see if you can access xxx.xxx.xxx.xxx how about using ping? That will protect you in the case you're dialed up but the ntp server is unreachable for some reason, too. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: i am hacked atm.. what's better thing to do?
On Mon, 6 Nov 2000, Livia Admin wrote: ey guys.. pls reply to my real email add cause i'm not in the lists i think i'm compromised. cause when i do netstat i see a telnet connection established to my box for almost 1 hour. i do ps but see only 'in.telnetd'. is there any way that i will know what he is doing before i'll disconnect him? A lot depends on whether you want to watch/trace/prosecute/learn from/annoy him, or if you just want him off your system. What I would do (since I like to do learn from the intrusions), is to follow him around for a while. At minimum, find out what IP address he is coming from and how he got into your machine. A simple packet sniffer for Debian can be obtained through `apt-get install sniffit`, and then run `sniffit -I`. This will at least tell you the open connections to your machine and the IP addresses. If you want to see what he's doing, run a packet sniffer (tcpdump, though sniffit can probably do it as well) to sniff packets to/from his IP. The syslog is probably the best place to find how he got into your system. But it might have been tampered with. If you think it's a fairly recent attack, look around your directories a bit with an `ls -lart` to show all recently-changed entries. Script kiddie tools are easily found this way, though better hackers can hide their tracks. Finally, don't trust the output of ps (it may be one that hides their tracks), login could have been replaced to have a backdoor and log your passwords, etc. You might run nmap against your own machine to check if any additional ports were enabled. Once figure out how your machine was compromised (watching other machines get attacked from your own may give a clue here) then check the IP he's coming from and see if it was compromised in the same way. If so, notify the owner. If not, then this is the hacker's home box and you should contact his ISP (or the authorities). Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
RE: Exec CGI
On Mon, 6 Nov 2000, Jason Holland wrote: Do you have this in your httpd.conf AddHandler cgi-script .cgi ?? You need this to map the cgi-script handler to all .cgi scripts. And you probably can take that extra Options line out, you don't need to tell apache Options ExecCGI twice. Also, your directory definition probably should look like this Directory /home/*/public_html So you grab everyone's home directory. Hope this helps. Alternatively, you can force your users to have a cgi-bin directory for their scripts, and use the ScriptAlias command. This is nice if you only want to allow _some_ CGIs for _some_ users. Damian Hi, I am wondering how to execute .cgi out of the users public_html directory. I thought I had it right by adding the line to access.conf file? Directory /home/username/public_html/ AllowOverride all Options ExecCGI Options Indexes FollowSymLinks ExecCGI Order allow,deny Allow from all /Directory I do have .cgi extentions working fine out of the main www directory. If I view the error.log I see a line that says that Option Exec is off?? Thanks Eileen Orbell Software Internet Applications Capitol College mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Don't Fear the Penguin. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: weird rpc.statd messages on potato
On Mon, 6 Nov 2000, Rob wrote: Getting the following in our /var/log/messages We use NFS between two Potato boxes, this appears on both : Nov 6 08:03:19 rudy Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ Nov 6 08:03:21 rudy 173Nov 6 08:03:21 /sbin/rpc.statd[152]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n1Àë|YA^PA^HþÀA^DÃþÀ^A°fͳ^BY^LÆA^NÆA^H^PI^DA^D^L^A°fͳ^D°fͳ^E0ÀA^D°fÍ Nov 6 08:03:21 rudy Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ Congratulations! Assuming you haven't patched past the default install, you've just been hacked! This is a well-known attack on rpc.statd that was first publicized on bugtraq in mid-July (you can search the archives at www.securityfocus.com). If you haven't updated your potato since then, you're probably a goner. According to the page www.debian.org/security/2000/2719a if you're running nfs-common 0.1.9.1-1 or later you should be safe. Otherwise reinstall and apt-get the security updates this time. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: MD5 Check (was Re: i am hacked atm.. what's better thing to do?)
On Mon, 6 Nov 2000, Chewie wrote: Here's a little known trick for a very minimalistic intrusion detection hack. Debian installs a file called package.md5sums in the directory /var/lib/dpkg/info/. If you move yourself to the root parition: bash$ cd / And run md5sum -c on the package files. bash$ for i in /var/lib/dpkg/info/*.md5sums ; do \ md5sum -c $i ; done /tmp/check.out You can pipe the output to an email to see if any of your installed programs have been tampered with. Tie it in with cron, and you've one more tool to use... ## Crontab entry for your user... 00 03 * * * cd /; for i in /var/lib/dpkg/info/*.md5sums ; do \ md5sum -c $i ; done Of course, this is no where near the same usefulness that running tripwire or aide might give you. If neither of these are installed, this trick may add a little more info to your clue box. A nice little trick, and something I was playing around with on some SGIs I manage. Not foolproof, though. They just have to install a trojan md5sum or update your md5sum database. But it is certainly a nice start, as no script kiddie will think to check your crontab for stuff like that! Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: weird rpc.statd messages on potato
On Mon, 6 Nov 2000, Rob wrote: Hmm, well we're on nfs-utils (1:0.1.9.1-1), so would that mean that someone is trying the exploit on us? Any way to tell where this is coming from? Given that you're running an up-to-date nfs-utils, they didn't get in. So the only info you have on them is the log messages. So no, there's no way to tell where it came from, unless you do some other sort of logging (like running a packet sniffer at the time of the attack). BTW, what was the exploit, some kind of overflow? Yes, it was an overflow. Basically overflowing a format string vulnerability when rpc.statd attempts to log to syslog(), which of course runs as root. More information can be found at www.securityfocus.com by clicking on Vulnerabilities and searching for keyword statd. Damian On Mon, Nov 06, 2000 at 10:29:04PM -0600, Damian Menscher wrote: On Mon, 6 Nov 2000, Rob wrote: Getting the following in our /var/log/messages We use NFS between two Potato boxes, this appears on both : Nov 6 08:03:19 rudy Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ Nov 6 08:03:21 rudy 173Nov 6 08:03:21 /sbin/rpc.statd[152]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n1Àë|YA^PA^HþÀA^DÃþÀ^A°fͳ^BY^LÆA^NÆA^H^PI^DA^D^L^A°fͳ^D°fͳ^E0ÀA^D°fÍ Nov 6 08:03:21 rudy Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ Congratulations! Assuming you haven't patched past the default install, you've just been hacked! This is a well-known attack on rpc.statd that was first publicized on bugtraq in mid-July (you can search the archives at www.securityfocus.com). If you haven't updated your potato since then, you're probably a goner. According to the page www.debian.org/security/2000/2719a if you're running nfs-common 0.1.9.1-1 or later you should be safe. Otherwise reinstall and apt-get the security updates this time. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: sticky bit, powersaving hdd spindown
On Sun, 5 Nov 2000, Damien wrote:
i've been working on a stand alone music player for the last couple
of months. it's currently a bit loud (being based around an old p166
with a very noisy hdd powersupply fan.
after reading another posting by someone else on how to quieten down
a computer, i finally got motivated to do so. but the first problem
that struck me was the hdd having to spin up all the time
currently my music player plays a series of files off a cd. it also
has a screen blanking option which due to the hackish nature of this
program, does a system('tput clear') (as i don't want to use the
ncurses routines to do this)
this call to tput is located on the hard disk and cached. yet after
playing a certain amount of music, this binary is swapped out, and
if accessed again, the hdd would have to spin down again.
i remember reading somewhere that the sticky bit could be used to
instruct certain unixs to permanently cache a program. is this the
case with linux? if not, can anyone offer any alternative solutions?
Under DOS there was the possibility of treating some of your RAM like a
disk (hence the name ramdisk). Not sure if Linux can do this, but if
so, then just copy the binary to a ramdisk and run it from there.
Just an idea, I don't know how to do it or even if it can be done.
Damian Menscher
--
--==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: hard drive error?
On Fri, 3 Nov 2000, Joey Tsai wrote:
Hi, right in the middle of my dist-upgrade-ing to xfree 4.0.1 (hurray!), I'm
getting a physical hard drive error.
My terminal says:
Setting up xfonts-100dpi (4.0.1-1) ...
md5sum: read error on stdin
dpkg: error processing xfonts-100dpi (--configure):
subprocess md5sum returned error exit status 2
the system log (at the read error, I believe) says:
Nov 3 17:05:27 corban kernel: hda: dma_intr: status=0x51 { DriveReady
SeekComplete Error }
Nov 3 17:05:27 corban kernel: hda: dma_intr: error=0x40 { UncorrectableError
}, LBAsect=18817, sector=18754
Nov 3 17:05:27 corban kernel: end_request: I/O error, dev 03:01 (hda),
sector 18754
If anyone has any suggestions on what to do, I'd really appreciate it.
Thanks!
Couple of choices:
1. Shutdown, reboot, hope to fsck successfully, then buy a new HD and
move to it asap.
2. Assuming this is a current problem, and you're stuck there right
now Is this an install you want to save? Do you not care much,
though, if you trash it? Do you not care if you trash your hard
drive? Do you just want to save some time of a fsck and possible
reinstall? Then pull the IDE and power cables from your drive, wait 5
secs, then plug back in. The computer will do an IDE bus reset, and
then continue on where it left off. Worked for me once YMMV
Note: I'm not responsible if suggestion 2 fries anything, including you!
Damian Menscher
--
--==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: sed question (bibtex problem)
On Fri, 3 Nov 2000, Brian May wrote:
bibtex likes to word-wrap/mangle/destroy my long lines (eg. URLs) into
this form:
\bibitem[Mic00]{Microsoft2000}
Microsoft.
\newblock Windows 2000 kerberos authentication.
\newblock White paper, Microsoft, January 2000.
\newblock
\url=http://www.microsoft.com/technet/win2000/win2ksrv/technote/kerberos.asp%
=.
which is interpreted by LaTeX to display a percent sign at the end of
the URL :-(
How about:
1. download source
2. fix source
3. send a patch to the maintainer
That way I won't have this problem when I use bibtex for urls in the
future. ;)
Hmm, I guess that wasn't very helpful. You might want to try adding a
'%' character to the end of your URL in your .bib file. This might
survive past bibtex, and will tell LaTeX to ignore the remainder of the
line. If the remainder of the line is just that extra character, it
might pull off what you're looking for. Or not. I haven't tested this.
Damian Menscher
--
--==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: /usr/bin before /usr/local/bin?
On Tue, 31 Oct 2000, Krzys Majewski wrote: Any opinions on which should go first in the path: /usr/bin or /usr/local/bin? For a user or for root? For a user, definitely put /usr/local/bin first. That way they can get all of your local customizations for that machine. For root, you want to have as little on your path as possible (to avoid trojans, etc). It is questionable whether /usr/local/bin should be there at all. Another argument is you don't want to have path problems in the event /usr/local fails to mount properly and you are forced to fix the problem as root. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: /usr/bin before /usr/local/bin?
On Tue, 31 Oct 2000, William T Wilson wrote: On 31 Oct 2000, Hubert Chan wrote: My sudoers file is basically just hubert ALL=(ALL) ALL This can be extremely convenient. But it also makes the security of the whole system equal to the security of your user account. If you are worried about security, and you have a situation like this, you have to take as much care with your personal account as you would with root. So you must never type passwords unencrypted over the network, leave yourself logged in, etc. unless you are sure that the situation is secure. You should behave in this manner anyway. A compromised user account is destined to become a compromised root account. There are too many local root exploits to ignore the danger. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: /bin/false (was Re: security questions)
On Mon, 30 Oct 2000, sena wrote:
I heard that Jonathan Markevich wrote this on 29/10/00:
32 bytes, huh? 24 for your source above (with spaces). Might as well
compile it yourself.
Or, as in C the return type of a function defaults to int, we could write:
main(){return 1;}
even if the compiler whines about it, the source is only 17 bytes long. How
many (kilo)bytes would be necessary to write that in BASIC? :)
Save a byte:
main(){exit(1);}
But we're pretty far off topic here
Damian Menscher
--
--==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Any help before I go and spend $49.99 on a Book with the disks?
On Thu, 26 Oct 2000 [EMAIL PROTECTED] wrote: I am about 10 seconds from going and buying a book with 1 CD in it. It may have more, who knows, I'm tired of sitting here with my laptop laughing at me. If it's an official CD you're looking for, go to CheapBytes.com and spend $6 for the 3-CD set. If you've got a nice network connection, you might be able to upgrade by setting your sources list to the appropriate places and doing an apt-get update apt-get upgrade But I'm not an expert, so it would be good if someone who is could comment. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: How to test HDD thoroughly? (Debian Linux unstable 2.2.16 k ernel)
On Thu, 26 Oct 2000 kmself@ix.netcom.com wrote: on Thu, Oct 26, 2000 at 11:13:44PM +0200, Shaul Karl ([EMAIL PROTECTED]) wrote: A week or two back it started misbehaving and I asked a few of you guys about the place about what Unknown vector XXX in CPU#0 and hda interrupt lost meant.. Some people said that it sounds like the hard disk is on the way out. What I want to know is, how do I test an ext2fs formatted hard disk more intensively than at just a filesystem level? If it is indeed the harddisk that has died, does anyone have any good-condition 1GB-8GB IDE drives? I don't think this old 486'll handle over 8GB, that and I'm not too crash hot on using some of that 'patch my bios on boot' master boot sector voodoo evil :) IIRC, you are located in Australia. Not sure you'd want to pay shipping for my old drive. ;) e2fsck I'll have to disagree. Agreed. [Side note: one of my pet peeves is people posting incorrect information to the list. Of course, more annoying is when they post a correct response but to the wrong question. Not sure which this one was, but] Many professional system administrators strongly recommend replacing hard drives at the first sign of failure. This may be overkill, but given the relative values of hardware to data contained, it probably makes a lot of sense. Think of it this way: you value your time at $100/hour, and a user's time at $1/hour. Say you have 100 users, and there's a hard drive failure on the partition with their home directories. You now face minimum 1 day downtime while you replace the drive and restore from backups. Your users lose 1 day's previous work, plus can't be productive for another day. Assuming they actually work 6 hours/day, that's $1200 right there. Factor in your time of 12 hours to get it back online, and it's another $1200. Would have been simpler to replace it earlier, costing your time only (and less of it). Of course, if it's a home system and you're the only user, most of this doesn't apply. Just keep regular backups and watch your system carefully. Other recommendations on hardware testing appreciated. I agree badblocks is probably the best, but you could also try bonnie and bonnie++. If you want to check the health of sectors already occupied by files, I suppose a dd if=/dev/hda of=/dev/null wouldn't hurt. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: setup xwindows with com1 mouse
On Tue, 24 Oct 2000, Nick wrote: what /dev would i use to accomplish this? /dev/ttyS0 (capital s, number zero) Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: GREP
On Fri, 20 Oct 2000, Erik Steffl wrote:
yes, that's true, are you asking what the '?' is or are you just
stating the fact? anyway, the other command is find, see manpages for
find and grep for more info. find is the one that finds file (based on
name, time last accessed, type and various other criteria), grep
searches the files for string (regular expression). xargs is often
useful in commands like this:
find / -name '*.h' -print | xargs grep '[sf]printf'
Just curious, but is this any better/worse than doing a
find / -name '*.h' -exec grep '[sf]printf' {} \;
My way seems more straightforward, but I'm not sure about differences in
processing time, when the first match would be found, etc.
Damian Menscher
--
--==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: GREP
On Fri, 20 Oct 2000, Erik Steffl wrote: the main difference is a sideeffect, sort of, if grep is called for with one file as an argument it only prints the line matched, not the filename, so you get bunch of lines (each successfull match) but you have no idea which files these lines are in... and probably some other more or less dirty tricks... ^^ Look in the grep manpage for the -l option ;) Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Debian box sick... hda lost interrupt Unknown vector 67
On Mon, 16 Oct 2000, Samuel Hathaway wrote: hogan wrote: I have a 486DX4/100 (Overdrive) with 32MB of RAM that I run Debian on.. Up until yesterday it was running like a dream.. Now it does stuff like Unknown vector 67 in CPU#0 and after that and something about idling says hda interrupt lost over and over and over again. My potato box had the hda interrupt lost problem after i kinda dropped it a few inches while doing a file copy. i had to do a cold reboot. bah. I had this happen to me while installing potato (has happened other times as well, btw). Not wanting to lose all the selections I'd made and restart the install, I unplugged both power and data cables to the IDE drive, waited 5 seconds, then plugged them back in. It did an IDE bus reset and completed the install. Machine works fine. Disclaimer -= kids, don't try this at home! Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Password Change Machine
On Mon, 16 Oct 2000, Jeremy Gaddis wrote: Set root's shell to whichever you prefer, and set the regular user's shell to /usr/bin/passwd. Yeah...I thought of this at first, but I need a solution that doesn't mess with the passwd file at all, as the passwd file is distributed to other machines on a regular basis, and the users actually need access to their shell there. :) I assume you'll have a cronjob of some sort running on the client machines which snags the password file off the server machine? No big deal, after it copies the password file, run a script on it to change their shells back to whatever you want. Nothing sed, awk, or perl couldn't handle. You seem to be thinking his master password file is stored on a machine other than the password-server machine. Try rereading his original request for help. You'll see that corrupting the master password file isn't such an intelligent thing to do. My suggestion follows: One possibility is to take advantage of NIS. On the server machine you have a second password file (passwd.nis or something) that is a normal password file. In the file /etc/passwd you have the lines root:0:0::/:/bin/bash +:0:0:::/bin/yppasswd and set the machine to get passwords from this NIS map (do a man on nsswitch.conf). In this way, you can have your cronjob scp the passwd.nis file around, but transparently substitute in this alternate shell when the users come in. I know I'm leaving out a LOT of details, but hopefully you can figure those out from this basic idea. Good luck. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Keyboard wierdness
Ok, this is *really* strange: I have a fairly new setup: woody + 2.4.0-test9 kernel. I had everything working fine. I wanted to move my computer, so I shut it down, carried it over to new location, and turn it back on. When it comes up into XDM I discover the keyboard does nothing. I try a second keyboard, still nothing. Rebooting shows the keyboards work fine while the system is booting, but when it gets into X they stop. Finally, I just booted into single user mode, and the keyboard is fine. Ideas??? Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Keyboard wierdness
On Fri, 13 Oct 2000, Gary Hennigan wrote: Damian Menscher [EMAIL PROTECTED] writes: I have a fairly new setup: woody + 2.4.0-test9 kernel. I had everything working fine. I wanted to move my computer, so I shut it down, carried it over to new location, and turn it back on. When it comes up into XDM I discover the keyboard does nothing. I try a second keyboard, still nothing. Rebooting shows the keyboards work fine while the system is booting, but when it gets into X they stop. Finally, I just booted into single user mode, and the keyboard is fine. Just a suggestion, don't start a new thread in the group by following up to a message in a different thread. To anyone using a thread-aware newsreader, eg., gnus, mutt, VM, your post looks like it belongs to the thread entitled DNS lookup looks for records.. started by Chris Niekel [EMAIL PROTECTED]. Not only is it annoying to thread-using readers, it makes your post less likely to be seen by someone that may be able to help with your problem. If you *HAVE* to start a new thread by following up to an old one make *SURE* you delete the References: line! Ahh, the things Pine does behind your back. Not remembering the address of the list, I replied, removed all content, etc. Forgot about the threading issue. [Damian makes a mental note] Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Keyboard wierdness
On Fri, 13 Oct 2000, Steve Juranich wrote: On Fri, 13 Oct 2000, Damian Menscher wrote: Ok, this is *really* strange: I have a fairly new setup: woody + 2.4.0-test9 kernel. I had everything working fine. I wanted to move my computer, so I shut it down, carried it over to new location, and turn it back on. When it comes up into XDM I discover the keyboard does nothing. I try a second keyboard, still nothing. Rebooting shows the keyboards work fine while the system is booting, but when it gets into X they stop. Finally, I just booted into single user mode, and the keyboard is fine. I experienced something similar a while ago. My problem turned out to be a faulty mouse cable. In my case, I had to shut down the computer, unplug the mouse, plug it back in and power up. I know this is a very Redmond-like solution, but it fixed my problem. It's a long shot, but you might try using a different mouse. Or a mouse at all ;) Knowing I wasn't going to use the mouse, I hadn't bothered plugging it in. I did that and everything is fine. Incidentally, this is only a problem with a PS/2 mouse, not a serial mouse. I'll have to figure out the proper place to send a bug report on this one [By the way, sorry about not giving *complete* information. It just seemed *so* irrelevant! Being a sysadmin, I should have known better.] Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: URGENT! Sendmail question (Redhat conversion) HELP!
On Thu, 12 Oct 2000, Ferrell, Tim wrote: Let me start by saying I am not a network admin... but I play one on TV Me too! FEATURE(`mailertable',`hash -o /etc/mail/mailertable') and in /etc/mail/mailertable I have the following line: mcgeecorp.comSMTP:[192.168.0.6] The config file builds ok (after squawking about empty dbs - access, relay_domains, and local_host_names) and sendmail runs. I receive mail but cannot send/relay - I get smtp Connection Refused errors in the mail.log. Also, under RedHat, the relay= section in the mail.log entries always showed the ip address of the host being relayed to (192.168.0.6) whereas now it shows mcgeecorp.com - why is this? Assuming the line you give above is what is really in your mailertable file, your problem would appear to be one of whitespace. Put some space between the parts so it reads something like: mcgeecorp.com SMTP:[192.168.0.6] BTW: if you're relaying for an entire domain, then you might want to put a dot (.) in front of mcgeecorp.com. See the README in the cf directory for details. HTH, Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Encrypt a file
On Mon, 9 Oct 2000, Samuli Suonpaa wrote: Damian Menscher [EMAIL PROTECTED] writes: On Mon, 9 Oct 2000, Brian May wrote: While there are pros and cons in both methods, I have to wonder what you need to encrypt files for. For most applications, asymmetric encryption is better. No, for most applications, symmetric encryption is better. It is stronger, faster, more standardized, better tested, etc. The asymmetric methods often use asymmetric encryption only to encrypt a key for a symmetric algorithm. Umm... As you state, most applications asymmetric only for the key and symmetric for data. How come you still consider symmetric encryption to be faster? I'm afraid I don't understand your question... but hopefully this question will help you understand: Why do you think the asymmetric algorithms are really just wrappers around a symmetric algorithm? (Answer: because the symmetric method is faster!) Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: ipchains
On Mon, 9 Oct 2000, Richard Morin wrote: I've quickly read the docs, but don't have the time to delve much further. Can anyone assist me with setting up rules to allow my masq'd machines to play netracinglive.com? They provide the ports which must be allowed, I don't think I'm far from understanding, perhaps if I had some examples of UDP+masq with ipchains.. Go to linuxdoc.org and look for a howto on ipchains. I think they gave an example of UDP masquerading in there. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: netscape crashes
On Sun, 8 Oct 2000, FIOL BONNIN Antonio wrote: The most fascinating thing is that now, most of the times it gets frozen, when I kill the window (I'm uning WindowMaker, and choose the Kill option on the window's menu), XF86_SVGA gets also killed. In fact, I have observed that XF86_SVGA only gets killed IF its CPU use is near to 100% at the moment I kill netscape. I mean, some of the netscape crashes make X to be CPU hungry, and if I kill netscape then, X crashes with it. For the record, I've seen this with RedHat 6.x also. It seems that if I clue in that netscape has gone berserk soon enough and kill it, I'm fine. But if I wait a minute, it hogs so many resources the only option is a reboot. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Encrypt a file
On Mon, 9 Oct 2000, Brian May wrote: Francois == Francois Fayard [EMAIL PROTECTED] writes: Francois Hi, Does anyone knows a software that encrypts files Francois with a password ? You seem to be asking specifically for symmetric encryption here (you use the same key to encrypt and decrypt), as opposed to asymmetric encryption (where you use a public to encrypt and a private key to decrypt). While there are pros and cons in both methods, I have to wonder what you need to encrypt files for. For most applications, asymmetric encryption is better. No, for most applications, symmetric encryption is better. It is stronger, faster, more standardized, better tested, etc. The asymmetric methods often use asymmetric encryption only to encrypt a key for a symmetric algorithm. That said, you might still consider using pgp, as I believe it has the ability to do symmetric encryption. Or, if you want *extremely* weak security (but enough to confuse your kid sister) then check out the unix command crypt. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: Simulating a mouse
On Sun, 8 Oct 2000, Colin Watson wrote: My mouse has recently developed an extreme reluctance to move the mouse pointer along the up/down axis; I'm assuming some sensor inside is dirty or something, but the cleaning I can do doesn't seem to make any difference. At some point I'll probably just get a new mouse, but in the meantime: There will be three rollers inside. Use a fingernail to scrape off any junk. It might look like a brown stripe of felt is supposed to be there. It isn't -- it's just dirt. In extremely bad cases it sometimes helps to clean the mouse ball as well, but that usually affects all directions of movement. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: 2.2.4pre9 and modules
On Fri, 6 Oct 2000, mallum wrote: To get support for my new ata100 drive , last night I installed the 2.2.4pre9 kernel ( using kernel-package ) . It all went fine (the drive worked) ... but then I noticed non of the modules Id selected seemed to be loading on boot. I checked /lib/modules/2.2.4pre9 and non of the modules Id selected during the kernel config were there. I tried again and again but alas no modules seemed to be getting compiled. I checked the docs for kernel-package and it said something about modules not being compiled when the kernel version has an epoch ? Just to be sure, did you remember to do a make modules make modules_install ? Once the modules are there in /lib/modules/release/ check that they are listed in your /etc/modules file. HTH, Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
2.4.0-test kernels?
Can anyone provide some info on how to get working with a 2.4 kernel? I need to switch so I can get my scsi card working with raid support. Other than the kernel, I'd prefer to have everything as stable as possible. So far I've learned that I need to get an updated modutils, but that causes all sorts of grief since the one in Woody depends on libc6, etc. And I've been unable (so far) to find any source .deb's. BTW: what's up with #debian being an invite-only channel? Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
