Re: Technical problem -- please help.
On Tue, 1 Feb 2000, [iso-8859-1] J?r?me Loisel wrote: Hi! I am having a rather technical problem with my GNU/Linux system. I have tried really hard to resolve this on my own, and am out of luck. The sad thing is I'm not running Debian, but RedHat... However, I don't have commercial support, and the people on this list feel like The Most Likely to Actually Be Able to Help Me(TM)... So please help. For RedHat-specific questions, you might try the RedHat list. I don't remember the subscribe address, but it can be found on RedHat's web site. Just like this list, there are many helpful folks on there. -- hypnos mailto:[EMAIL PROTECTED]
Re: Possible convert
On Tue, 1 Feb 2000 [EMAIL PROTECTED] wrote: I have thinking for sometime switching over to linux. Before I do a total conversion I want to test the waters a little bit. I have an old Gateway, 486 66 machine with about 16 megs of RAM, 1 gig of hard disk and 8X cd player. Could iLinux be installed on such a machine? I don't want to upgrade the hardware but I can if it will make a real difference. Thank you for any advice. Kevin Jennings The machine that I am composing this message on is an IBM ValuePoint 486dx2/66, with 16 MB RAM, and only a 120 MB HD. I am mounting all the main partitions over NFS until I can get a bigger drive to put in here. This machine works great, and runs the X Window System fairly nice. My gateway/firewall/server/ipmasq box is a 486sx/25, with 20 MB RAM, and a 1.2 GB HD. Both run Debian very nicely. I have considered taking 8 MB out of the other box and adding to this one (to give it 24 MB RAM), but yet to do so. I think you'll find that Debian will run very nice on that machine. -- hypnos mailto:[EMAIL PROTECTED]
Re: db2 installation
On Mon, 31 Jan 2000, Shane Wegner wrote: Hi all, I was just looking at IBM's DB2 package and would like to install it on Debian. However, it looks like it is going to use rpm to install the packages and as I understand it, you can't do that on Debian. Does anyone know of a db2 installer Debian package or how I can patch db2setup and db2_install so that they use alien to convert the rpm files to deb and then install them that way. You can use `alien`, which will convert an .rpm to a .deb, which you then can install with `dpkg -i file.deb`. -- hypnos mailto:[EMAIL PROTECTED]
why does ifconfig -a show aliased ips?
Why doesn't `ifconfig -a` show the aliased IPs on my eth0 device on my server/firewall/gateway? [EMAIL PROTECTED]:tty3:~]$ ifconfig -a loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:3731 errors:0 dropped:0 overruns:0 frame:0 TX packets:3731 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 eth0 Link encap:Ethernet HWaddr 00:20:AF:24:79:8C inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 Interrupt:10 Base address:0x300 ppp0 Link encap:Point-to-Point Protocol inet addr:63.29.189.158 P-t-P:206.115.223.117 Mask:255.255.255.255 POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1 RX packets:515 errors:0 dropped:0 overruns:0 frame:0 TX packets:659 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 [EMAIL PROTECTED]:tty3:~]$ ifconfig eth0:0 eth0:0Link encap:Ethernet HWaddr 00:20:AF:24:79:8C inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 Interrupt:10 Base address:0x300 [EMAIL PROTECTED]:tty3:~]$ uname -a Linux gatekeeper 2.2.13 #5 Sat Jan 22 19:06:16 EST 2000 i486 unknown [EMAIL PROTECTED]:tty3:~]$ ifconfig --version net-tools 1.45 ifconfig 1.33 (1998-03-02) Thanks -- hypnos mailto:[EMAIL PROTECTED]
Re: ipchains diagnostics
On Mon, 24 Jan 2000, Michel D?nzer wrote: /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ The IP address looks funny. Sure it's private? That's the private Class A network address. It does look like he is using a Class C network 10.0.0 though. If not, it should be 10.0.0.0/8 instead. -- hypnos mailto:[EMAIL PROTECTED]
apt's entry for non-US?
Can someone provide me with an entry to add to my sources file for apt so it will get a list of non-US packages? I've been screwing with it and can't figure it out. Mainly I just want to be able to install apache w/ ssl. Thanks -- hypnos mailto:[EMAIL PROTECTED]
Re: how many users per apache proc?
On Wed, 19 Jan 2000, aphro wrote: i was wondeirng if anyone knew approx how many connection 1 apache process could handle? just 1? or is it more.. IIRC, apache forks a new process for each incoming connection, but I seem to remember seeing something in the config files about this. Well, a quick grep through my config files finds nothing, but if I'm wrong, I'm sure someone will correct me. :) -- hypnos mailto:[EMAIL PROTECTED]
ATTN: aphro [OT]: probs w/ your mail server
Sorry to post this to the list, but I just got an error after sending a mail to [EMAIL PROTECTED] Specifically: - The following addresses had permanent fatal errors - [EMAIL PROTECTED] - Transcript of session follows - ... while talking to mail.firetrail.com.: MAIL From:[EMAIL PROTECTED] 550 Your mail is rejected. 554 [EMAIL PROTECTED]... Service unavailable You may want to check to see if everything is ok with your mx host. -- hypnos mailto:[EMAIL PROTECTED]
ssh encryption
I started sshd with the -d (debug) option to try to figure this out, and I think I have my answer, but I want to make sure. Am I correct in assuming that the encryption between client/server is started before any exchange of data takes place? Specifically, I'm wondering if the username is passed in clear-text or encrypted when using the -l username option to ssh client. Thanks -- hypnos mailto:[EMAIL PROTECTED]
Re: anacron jobs for users
On Tue, 11 Jan 2000, Philip Lehman wrote: Is there a way to set up anacron jobs as a non-root user? There doesn't seem to be an equivalent to the user crontab files and I couldn't find any other obvious solution. $ crontab -e allows a user to create/edit their own crontab. -- hypnos mailto:[EMAIL PROTECTED]
Re: fetchmail and multiple users in one POP3 box
On Sun, 9 Jan 2000, Steve George wrote: Basically I need fetchmail to look at the username in front of the @ symbol and then deliver the mail tothe correct user, for example: [EMAIL PROTECTED] is john here [EMAIL PROTECTED] is bert here ~/.fetchmailrc: poll pop3.domain.com using protocol pop3 user a there is john here password secret; poll pop3.domain.com using protocol pop3 user b there is bert here password blah; ? -- hypnos mailto:[EMAIL PROTECTED]
bind: how to *not bind* to interfaces?
I have Bind running on my one of my machines here, and when it starts, it binds to port 53 of each interface (lo, eth0, ppp0). How can I change this so that the interface it listens on is eth0? lemnos:/var/named/pz# named -v named 8.2.2-P5-NOESW Fri Nov 19 12:28:17 CST 1999 [EMAIL PROTECTED]:/debian/home/bdale/slink/bind-8.2.2p5/src/bin/named lemnos:/var/named/pz# netstat -nta Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 209.43.67.86:53 0.0.0.0:* LISTEN tcp0 0 192.168.1.1:53 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:530.0.0.0:* LISTEN Thanks -- hypnos mailto:[EMAIL PROTECTED]
Re: fetchmail and multiple users in one POP3 box
On Sun, 9 Jan 2000, Jeff Flowers wrote: Can this command be run everytime that I connect to the internet? Yep, put that stuff (that I snipped) into .fetchmailrc in your home directory, and add something like this to your /etc/ppp/ip-up fetchmail -f /home/jeff/.fetchmailrc That will run fetchmail once each time you connect, to have it keep checking mail while you're online, add '-d xxx' to the command above. 'xxx' is the interval (in seconds) between mail checks. For example, -d 600 will call fetchmail once every 10 minutes. If you use the -d option, you will want to put fetchmail -q in your /etc/ppp/ip-down file. to stop it when you disconnect. -- hypnos mailto:[EMAIL PROTECTED]
Re: Setting up 20 equal linux boxes
On Wed, 5 Jan 2000, Konrad Mierendorff wrote: To allow flexible usage the home direcories of all users should be stored on the fileserver and should be mounted when users log into the clients. The User-Database could be an LDAP-Server. It is very easy to setup the machines to use the same home directory. Your server machine would have to run the nfs daemon and export /home to all the clients. The clients then mount the /home directory off the fileserver. I use this setup on my home LAN. It's smaller than your school's LAN, but still the same concept. -- hypnos mailto:[EMAIL PROTECTED]
Re: installing apache from source
On Mon, 3 Jan 2000, Steve Rothanburg wrote: I thought all you had to do was install (and configure) ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/web/php3_3.0.5-3.deb to get php3 to work. Could be. Seems I read somewhere that apache had to be compiled with php3 support. I guess slink's apache is. On the systems I've used it on, all I did was install it, uncomment the php3 line from apaches config file, and edit the php3 config file so it could find the rest of the php3 stuff I'd installed. I haven't tried php3 on a slink system so I don't know if there is much more to do to get it to work. Are you saying that doesn't work under slink or is there a benefit of compiling from scratch? This could very well work, and does, obviously, if you've done it. As for any benefits, I don't know. Anyway, If you mark the package to be Purged instead of removed it'll remove the config files also. If you're REALLY paranoid about this stuff you could always make a backup copy of the config files... Yeah, I know purge would remove them, I just wanted to make sure the 'remove' wouldn't. I don't think a backup will be necessary, I'll just fetch the php3 package from slink. Thanks -- hypnos mailto:[EMAIL PROTECTED]
installing apache from source
I'm gonna be downloading the sources for apache and php3, so that I can compile apache with support for php3. I currently have apache installed (from slink .deb) on the machine. What's the best way to go about this change? I don't want my new installation of apache to conflict with the current installation. Should I use dselect to remove the current apache installation, and then install from source? I believe that [R]emove (from dselect) will not delete my configuration files, so I should still be able to use those with the new installation, right? Thanks -- hypnos mailto:[EMAIL PROTECTED]
Re: Yahoo messenger
Does anybody know if yahoo messenger (java version) works fine in UNIX? Is there any other instant messenger such as ICQ, or ATT I am here for Linux? The Java version of Yahoo Messenger works for me. Debian slink, Kernel 2.0.36, Netscape Navigator 4.5. and for me, running debian gnu/linux 2.1 (slink), kernel 2.2.13, and netscape v3.04 also, there are a bunch of icq clients for linux. i have micq (www.freshmeat.net) installed, though i hardly ever use it. -- hypnos mailto:[EMAIL PROTECTED]
Re: a couple of questions
Try launching it as non-root. I installed Netscape 4.07 from the tar format on RedHat and it wouldn't let me run Netscape as root. Its possible your encountering the same security issue. Supposedly, there is a way to allow root to run Netscape but I don't recall where that setting is made. Running Netscape Navigator v3.4 [from /usr/bin/X11/netscape] # # Don't allow running netscape as root # if [ $UID -eq 0 -o $EUID -eq 0 ]; then echo $0: Cannot be run an root (for security reasons) exit 1 fi -- hypnos mailto:[EMAIL PROTECTED]
Re: (fqdn) hostname resolution when using DHCP
No Message Collected
Re: Mail Delivery Failure
On Thu, 30 Dec 1999, Mark Wagnon wrote: Hi all- I'm getting warning messages from my mailer-daemon about how it can't deliver mail. I've only sent three over the last few days, so that's all that have been postponed. My mail system was working as late as a week ago, but now seems to have stopped. I normally use exim and the exim.conf file is still intact. The only thing that I have done has been to upgrade my installation (potato) periodically. Did exim get hosed or something? i use sendmail instead of exim, but i suspect your warning message says something to the effect that it was unable to send your message within 'x' hours, but that it will continue to try to send it. sendmail here is configured to send a warning after 8 hrs and to continue trying for 5 days. this sometimes happens when people don't use their real email address, or their mail server has problems. i have a message in my outgoing queue that's been there about 2 1/2 days, because sendmail got an error (to be exact, reply: read error from ..com) while trying to deliver it. it'll probably be there until the 5 days is up, then it'll be deleted, and i'll got another message saying so. as a test, you might try sending message to yourself ([EMAIL PROTECTED]) and see if you get it back without any errors. if you do get a warning message, it's probably a problem with exim. -- hypnos mailto:[EMAIL PROTECTED]
Re: crontab
On Thu, 30 Dec 1999, Dave Sherohman wrote: what do i have to write into /etc/crontab that cron will cp a file every 5 mins?? i have 5 * * * * root cp ... but this copies just every hour. crontab entries define patterns that the time has to match for it to execute, not intervals. So you need to use 0,5,10,15,20,25,30,35,40,45,50,55 * * * * root cp ... or the shorter: */5 * * * * root cp ... -- hypnos mailto:[EMAIL PROTECTED]
Re: Unrecognized option: --helpRe: email grabbed by RMAIL emacs
On Fri, 31 Dec 1999, Patrick Kirk wrote: $ mail-to-mail RMAIL Archives bash: mail-to-mail: command not found Did I do something wrong? $ ./mail-to-mail RMAIL Archives bash will search your PATH (echo $PATH) trying to find mail-to-mail, but if the current directory isn't in your path (probably isn't) it won't find it. you have to tell it that it is in the current directory (via ./) hth -- hypnos mailto:[EMAIL PROTECTED]
Re: BIND security question
On Fri, 31 Dec 1999, Robert Varga wrote: I installed the Debian package for BIND, and I just checked and it does appear to be running as root :( I will have to read the docs to determine if I can change that without compiling it myself. Just append -- -u named how does this work? because only superuser can bind to privileged ports (1024) right? so does named start as root, then switch to the user specified? i may look into changing my named to run as other than root also. -- hypnos mailto:[EMAIL PROTECTED]
Re: Netscape
On Fri, 31 Dec 1999, Don Cavaiani wrote: To get Netscape to work on X, must I download a part of it directly from the Netscape web site? something about netscape's licensing (i think) prohibits it from being distributed with debian, so you have to download the actual netscape archive file from their web/ftp site. there's an installer package, however, in debian. download the file from netscape's site, put it in /tmp and run the installer, it should take care of it. -- hypnos mailto:[EMAIL PROTECTED]
Re: nfs
On Wed, 29 Dec 1999, Brian Minton wrote: do you know if there is a publicly available nfs or smb server that is a debian mirror? Are you asking for an nfs or smb server software package? Or are you trying to find a server that export their filesystems that the mirror is on via nfs/smb? I don't think you'll find any mirrors like that. -- hypnos mailto:[EMAIL PROTECTED]
Re: Access problem solved
On Thu, 30 Dec 1999, Carl Fink wrote: As a listmember pointed out, the problem was in my hosts.deny file, not hosts.allow. Once I read the man page carefully I changed the line to ALL: ALL and telnet/ftp/smtp were locked. /etc/hosts.allow and /etc/hosts.deny are used by tcpd and only affects services that are run thru inetd. inetd is a so-called super server in that it monitors the ports for various services, and when incoming connections occur, it passes control on to the actual server daemon. however, if you have tcpd installed (which you do), inetd is tricked (sort of) into passing control on to tcpd. tcpd then consults hosts.allow and hosts.deny such as: [from man 5 hosts_access]: - Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file. - Otherwise, access will be denied when a (dae- mon,client) pair matches an entry in the /etc/hosts.deny file. - Otherwise, access will be granted. Oddly, this *didn't* lock http (port 80), though. A quick check of inetd.conf indicated that inetd doesn't handle http connections. So I edited boa.conf to only listen for connections from 127.0.0.1. (I only have a web server at all to handle dwww.) Now all ports are closed. httpd is (usually, and in your case) run as a stand-alone server, and not through inetd, as most web servers handle lots of requests and it would waste system resources to run it through inetd. and httpd itself listens on the port, and control never gets passed on to tcpd, so it can't refuse the connection. Interestingly, the scanner at www.gsr.com still shows my ftp, smtp, and telnet ports as open. My tests indicate that one can connect to the port, but not actually do anything before my host closes the connection again. as stated above, the connection *DOES* get established. then tcpd gets control and checks it's access rules. if it finds that the client should not be allowed to connect, it immediately drops the connection, so you get something like this: [EMAIL PROTECTED]:tty3:~]$ telnet localhost Trying 127.0.0.1... Connected to lemnos. Escape character is '^]'. Connection closed by foreign host. also, your mail server, running on port 25, probably also runs stand-alone. it will not be affected by hosts.allow or hosts.deny either, so you may want to double check that it's not open. Someone suggested using IPCHAINS. The thing is, my only goal is to lock *everyone* outside my local LAN out, while trusting everyone within 198.162. If I need more complex rules, I will investigate IPCHAINS. ipchains is very useful. it takes a little bit to get used to its syntax, and remember the various options, but once you do it's very powerful. in my /etc/ppp/ip-up file (executed when a ppp link is established), a total of 5 lines which create various firewall rules. there's one line for each of: mail server, dns server, web server, sql server, and x windows server. they block incoming connections on those ports from any packets coming in over the ppp0 interface, so anything on the lan isn't affected. i also have access rules in hosts.allow and hosts.deny, but to get that far, they have to make it through the firewall. :) hope this little (?) explanation helps you to understand a bit :) -- hypnos mailto:[EMAIL PROTECTED]
Re: [Solved] Re: syslog and hostname ?
On Wed, 29 Dec 1999, aphro wrote: i just removed the 'aphro' from my /etc/hosts's line that was 127.0.0.1 localhost aphro and restarted syslogd and it was back to 'normal' if i add aphro back and restart again it goes back to localhost ..odd! (just tried this just now) Try putting aphro first, as in: 127.0.0.1 aphro localhost I remember doing that before for some reason, I'm not sure if that's why or not. -- hypnos mailto:[EMAIL PROTECTED]
Re: Possible hosts.allow problem
On Wed, 29 Dec 1999, aphro wrote: carlf ALL: PARANOID carlf carlf Surely that should be blocking anything not on my local LAN. What's carlf up? that line blocks ALL incoming connections(or at least tries) to daemons in /etc/inetd.conf from all hosts, no matter where they are. if what you are trying to do is ipmasq that does not connect to any services on the linux box only passes through the kernel's firewall rules. $ man 5 hosts_access PARANOID Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (default mode), it drops requests from such clients even before looking at the access control tables. Build without -DPARANOID when you want more control over such requests. This doesn't block *all* incoming connections, only those whose hostname name does not match its address. ALL: ALL should be used to block all hosts. -- hypnos mailto:[EMAIL PROTECTED]
Re: mail ?
On Wed, 29 Dec 1999, luis wrote: how can i send by mail a file, in only one line ? Assume the file you want to send is called file, use something like: mail -s subject [EMAIL PROTECTED] file -s is for subject (optional) and change the email address and filename to suit your needs -- hypnos mailto:[EMAIL PROTECTED]
Re: Logging user's logging in
On Sat, 25 Dec 1999 [EMAIL PROTECTED] wrote: **Please CC all replies to me - I'm not currently subscribed** Furthermore, I might also want to JUST log when root logs in, or when someone's sus into root - how would I do this? I believe this is a default in Debian. At least, my system logs these automatically, and I don't recall ever configuring it to. Dec 26 13:50:40 debian login[11524]: ROOT LOGIN on `tty4' Dec 26 13:52:11 debian su[17277]: + tty2 hypnos-root The first line shows a root login on tty4. The second line shows that on tty2, hypnos su'd to root.
Re: FTP Installation Instructions
On Sat, 25 Dec 1999, Hagen Finley wrote: site. However, in spite of that, I remain unclear where I deposit the Debian ftp download and how I initiate the installation. Do I create a boot floppy and point it to a installation directory? Can someone point me to some documentation that addresses installing from a ftp download? This is why I think Debian is the distribution which is easiest to install. If you are going to an FTP install, you only need to download approximately 10 MB of files (the base files). If you are installing Debian onto a machine that is in a networked environment (such as your work place, where you have access to other *nix machines), you can copy these files to one of those other machines (if you can mount one of their directories via NFS). Otherwise, you'll need to copy the base files to floppies (I believe it takes 7 3.5 floppies). And, of course, you'll need a boot floppy. You start the installation with the boot floppy, tell it (the installation program) where the base files are located (on floppies, on an NFS share, etc.) and it will install those. Debian's automated installation then takes over. You go through the list of available packages and select which ones you want installed. The installation program will then connect to an FTP server, download the packages you selected, and install them, without any work from you. I tried to explain it briefly and simply, but it sounds more complicated than it is. When I was new to linux, I tried installing both Slackware and Redhat, having different problems with each. I then moved to Debian, and I've been running it on multiple machines every since. HTH.