RE: Possibly OT: Postfix stopped working (firestarter problem???)
Thank you for your answer, unfortunately you're quite right :( It didn't even cross my mind until I read your mail and checked the homepage of my ISP, and there it stood, the announcement of blocking the port 25. That sucks, but I guess there's not much I can do except change my ISP... Hi Juha, This sucks indeed. I've been having this problem for over two years now, and the only reasonable solution I could think of (except changing ISP) is setting up something with a befriended server (say B) with an isp that doesn't block port 25. The setup would be that B receives your e-mail (i.e. you have to change your MX records) and forwards it to your box on another (non-blocked) port, for instance 10025. For outgoing traffic it is probably easiest to use your ISP's mailserver. The above is actually very easy to set up with postfix. Good luck, Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Possibly OT: Postfix stopped working (firestarter problem???)
I have this strange problem that Postfix stopped working all of a sudden. Actually, it does work locally but remotely, both sending and receiving don't work. And this seems to (or could) be more of a problem with my firewall (firestarter) than that of postfix. Because even as I have allowed connections to SMTP port (25), the internet port scanner programs see that port in stealth mode. And I don't understand how my firewall would stop postfix from sending email (since its now blocked). It could be the case that your ISP all of a sudden decided it is a very bad idea to have a mailserver, and thus decided to block all incoming traffic to port 25, and all outgoing traffic to port 25. This would at least explain why internet port scanners see port 25 in stealth mode. It appears this is kind of common practice since various worms and viruses contain their own mailserver. HTH, Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Shell script wierd behaviour
The exact same problem was reported earlier on this mailing list - see http://lists.debian.org/debian-user/2004/11/msg03080.html HTH Dan -Oorspronkelijk bericht- Van: Robert Parker [mailto:[EMAIL PROTECTED] Verzonden: donderdag 25 november 2004 22:47 Aan: Debian User Onderwerp: Shell script wierd behaviour I'm running Woody. Just did apt-get update/upgrade and sudo was updated. Since then when I run a shell script I get the following: Looking at PWD=/home/neti... Looking at XAUTHORITY=/home/neti/.Xauthority... Looking at SESSION_MANAGER=local/debian:/tmp/.ICE-unix/926... Looking at GDMSESSION=KDE... Looking at BROWSER=/usr/bin/opera... Looking at USER=neti... etc etc What does on? Bob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: apache being hit
Er... sorry to all, but I just noticed that I am STILL getting a lot of requests (sorry for marking this as solved!... my mistake). Maybe some of the websites 'abusing' you still have you listed as an open proxy. This would mean the requests are made, but not succesfully answered by your server. For example, you should worry if your access log shows: 10.0.0.31 - - [09/Nov/2004:17:27:01 +0100] GET /apache2-default/ HTTP/1.1 200 1969 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Since the '200' after the request (the GET) means succesfull. However, you should not worry if your access log shows: 193.147.68.144 - - [09/Nov/2004:02:14:22 +0100] GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir 404 346 - - 193.147.68.141 - - [09/Nov/2004:08:16:54 +0100] GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir 404 346 - - Since the '404' after the request (the GET) means failed. HTH Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Limiting User Commands
I feel the need to learn something new today. How could the user replace the root owned files in a directory that they own? Suppose the root-owned file (readable for non-root user) is a. Then one does 'cp a b; rm a; mv b a' and we have the same file a owned by the regular user. Key observation here is that the non-root user ownes the directory, hence can remove files. HTH Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Limiting User Commands
For example, as I mentioned in an earlier reply, I might not want normal users to be able to run ftp, telnet, ssh, wget, gcc, or any other number of commands. I still want users to be able to run the bulk of the commands available on the system, though. I might also want to allow another set of users to be able to run the commands unavailable to normal users. In other words, I'd like to restrict normal users more than the default permissions setup. You'd have to realize that although you might be able to forbid people to run /usr/bin/someprogram, you very likely won't be able to forbid them to download something (maybe someprogram, or anything else) to their home directory, and then execute that program, thus making your restrictions void. If you want to enable the users to run only say 4 or 5 different programs, you might want to write a script presenting a menu, where they can make a selection, and then one of the five programs is ran. Then, you set the user's shell to that script. As stated above, I doubt if you can restrict them enough if you give them a bash shell. HTH Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: client side DNS
http://www.debian.org/distrib/packages#search_contents Alexis I don't think the package you're looking for is in that search result, though. However, a google search on 'debian package dig' leads one to http://lists.ethernal.org/dunlug-0204/msg00077.html, which tells you that what you're looking for is in dnsutils. Indeed: http://packages.debian.org/dns-utils Ciao Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: client side DNS
Indeed: http://packages.debian.org/dns-utils Pardon me: http://packages.debian.org/dnsutils Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: big boot problem with sid i-386 installer
Hi, First,I installed win xp pro in /dev/hda1, then installed debian with sid net-installer, and partitioned for linux with installer, everything went well.But after rebooted ,grub just couldn't recognize the NTFS partition and wouldn't boot the windows xp. Even worse,i couldn't install xp with windows xp cd again, xp installation can't merge the grub,so i couldn't proceed. You would really help us help you solve the problem if you could post 1) The error grub generates when he doesn't recognize the NFTS partition 2) Your grub configuration ( /boot/menu/grub.lst on my debian testing) My guess would be problems arise because grub is not in /dev/hda1, but I'm not sure if that really is (or should be) a problem. Ciao, Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Pse explain apt-get msg
#apt-get update #apt-get dist-upgrade Reading Package Lists... Done Building Dependency Tree... Done Calculating Upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. It means you're totally up to date and don't have to do anything! You're done! Go and have coffee! ;) Ciao, Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: New user Q: Best way to stay up to date on testing?
Hi, I am wondering what the best way is to go about staying up to date. If I run apt-get -s upgrade I'm told that apt wants to upgrade about 15 packages, most of which seem to be related to X (we won't ever be using X on this server. it wasn't originally installed and Id like to get rid of it but some other package I installed had a dependancy on some gtk thing that had one on X. Oh well). You should just uninstall all the packages related to X, then ;) Could anyone confirm that upgrade is the right way to stay up to date. I'm not going to run it automatically, and I'll always do a test run first to make sure nothing disastrous is going to happen. Is running upgrade on a regular basis a bad idea for any reason? On the contrary: I think running upgrade on a regular basis is a very good idea. I've been running debian testing for a few weeks now, and I 'have' to do updates once about every two days. Never had any problems - you just run 'apt-get update; apt-get upgrade' and get a cup of coffee, and everything just keeps working perfectly. Certainly if you're going to check which updates are being done, I don't see what could go wrong. By the way - my stable system needs updates once about every two weeks, just so you know. Because I got tired of checking if updates were needed by hand (not something you're willing to do if updates are , I wrote a small cronjob that runs 'apt-get update; apt-get -s upgrade' and checks if the output contains 0 packages upgraded, 0 newly installed, 0 to remove. If it doesn't, it sends me an e-mail :) It just seems like I'll need to be as up to date as possible when Sarge is declared stable in order to make a smooth transition to Sarge/Stable. Correct me if I'm wrong. I've always found it better to update packages a little at a time rather than wait till there's dozens of updates to install. I think this is the way to go, though I'm not exactly sure about the entire debian testing/sarge/woody/etc system. I do agree that it's better to update packages a little at a time rather than lots and lots and lots of packages at once. If anyone has advise on how to keep a Testing system secure, I'd really like to hear it. If security is really an issue to you: lots of websites exist on how to make a linux system secure, involving very strict SSH settings, firewalls, etc. For the average user (such as myself) though, I think it should be enough to update your programs (packages) regularly, in order to not be harmed by script kiddies exploiting recent security leaks. Good luck, Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: New user Q: Best way to stay up to date on testing?
The only thing that might cause a problem would be if it updates a large package (say Apache or Perl) and has a small configuration bug that makes you run around and pull your hair out trying to figure out what's changed and how to fix it. This is when reading the Debian-user list regularly is very helpful. However, Sarge is getting close enough to release that I haven't noticed anything major like that in the five or several months that I've been using it. While we're at it - suppose someone is the only administrator of a debian (stable) system connected to the internet permanently, with SSH, Postfix and Bind exposed to the 'big bad' world. Say that someone is lucky enough to take a vacation, and is not able to connect to the machine for two weeks. How dangerous is it to have 'apt-get update; apt-get upgrade' ran automatically every day? No, this scenario is not entirely hypothetically ;) Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Cache DNS...??
So you can use the pdnsd package or, as Andrew suggested, the
dnsmasq. I'm not sure but even bind9 should have some caching system
of the resolved domain...
I believe the default behaviour of bind9 is a caching-only name server.
You'd only need to adjust the allow-query-directive in order to allow DNS
queries from the entire LAN instead of the localhost only. If you apt-get
install bind9 you will have a decent installation, and you only need to
change allow-query { 127.0.0.1; }; to allow-query { 192.168.0.0/16; };
or whatever your LAN's IPs are, and you should have a caching name server.
However, as you have to change your dhcp-settings then, too, to make the
clients use your local DNS instead of the ISP's, this 'dnsmasq' package
might be a lot easier ;)
Good luck
Dan
--
The only skills I have the patience to learn are those that have no real
application in life. -- Calvin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: syslog MARKs interval change
How is it possible to adjust the frequency of such entries? I'd like to make it less frequent than 20 minutes. Googling on 'mark interval syslog' gives: http://lists.debian.org/debian-security/2000/10/msg00027.html which says: You can change the interval of the --Mark-- by adding something like this to your /etc/init.d/sysklogd or editing the line you may have: SYSLOGD=-m 60 Regards Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: syslog MARKs interval change
RTM So my post should have started with 'STW'? ;) Regards Dan -- There's never enough time to do all the nothing you want. -- Calvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: kernel panic on remote server after security update
Then the machine rebooted itself and it has come up with a kernel panic. My guess is that this is related to some problem with the bootloader or LILO. I was just hoping that someone could refer me to a likely fix for this since I'm not even in the city with the machine and I have to forward this to my partner who helps to run it so that he can work on it when he goes to the co-locate. I had a similar problem here - I'm running the testing disto here, and compiled a 2.6.8 kernel myself recently. Yesterday (or the day before, I don't remember) I took a deep breatht and ran an apt-get upgrade, updating lots and lots of packages (positively including kernel-sources, maybe including kernel-image). I then rebooted, and the box didn't come back online. The problem was easily determined: some script (debconf??) took the liberty of editing my /boot/grub/menu.lst, adding a few old (and unused) kernel images that I didn't remove from /boot yet. Unfortunately, these were added on top of the list, so grub defaulted to booting to a non-working image. Maybe something like that happened to you?? In that case you should be able to pick a different kernel image from the terminal when booting the machine? Good luck Dan -- If we wanted more leisure, we'd invent machines that do things less efficiently. -Calvin's dad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
