Re: [expert] UDP Port 4156?
Todd Lyons grabbed a keyboard and wrote: Sevatio wrote on Mon, Sep 23, 2002 at 03:47:33PM -0700 : LM8.2 Tcpdump is showing me a great deal of activity on udp port 4156. The problem is that it's clogging my network and slowing everything down. What is this port? It's a new variant on the Slapper worm. See: http://online.securityfocus.com/archive/75/292799/2002-09-20/2002-09-26/0 --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lost the art of ping
On Mon, 2002-09-23 at 22:17, bascule wrote: suddenly the box i've been setting apache up on is invisible to pings, i can ssh onto it, it serves web pages locally, it's behind the firewall and has no firewall software on it that i can find, i can ping all the other boxes from all the other boxes and the web server itself can ping out, but no box can ping the web server, issue the ping command and the console just stays blank until ctrl-c any ideas? bascule -- The Auditors avoided death by never going so far as to get a life (The Thief of Time) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Bascule, Cat /proc/sys/net/ipv4 icmp_echo* and see if they are set to 1 or 0 at 0 ping works at 1 it starts to shut ignore. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba printing - Help!
Ivailo Josifov wrote: Find the workgroup configuration on you XP machine and then change it in your samba configuration. The two workgroups must be the same. I think it should help. I. Josifov Brian, Also, you may want to turn off allow hosts at least for now so that all hosts can connect and handle the restrictions through your firewall. I'd also turn off wins and just allow the machines to connect to the samba server normally. also set the null passwords to no. If you can see it, but permission is being denied I have a real good feeling the first two things I mentioned are the culprits. The third thing can only serve to muddy the waters. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba printing - Help!
I've found that the samba settings work best with options "use encrypted passwords" enabled and "allow null passwords" enabled as well. Also keep in mind that you may have to capture a printer port and browse to the network printer rather than installing the printer as a pure network printer (this applies when printing to a linux box from a windows machine). Some printers (esp HP laserjet) will not install in windows unless it first detects the printer on a "port". Shouldn't apply in the reverse situation though. Hopefully I don't confuse you more. I have less experience printing from linux to windows than windows to linux to be honest. Todd Mark Weaver wrote: Ivailo Josifov wrote: Find the workgroup configuration on you XP machine and then change it in your samba configuration. The two workgroups must be the same. I think it should help. I. Josifov Brian, Also, you may want to turn off "allow hosts" at least for now so that all hosts can connect and handle the restrictions through your firewall. I'd also turn off wins and just allow the machines to connect to the samba server normally. also set the "null passwords" to "no". If you can see it, but permission is being denied I have a real good feeling the first two things I mentioned are the culprits. The third thing can only serve to muddy the waters. Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lost the art of ping
1s indeed, but now i have to wonder, 'how did that happen'? i didn't do it becasue until just now i had no idea about /proc/sys/net/ipv4 icmp_echo* is there some known action or software install that would also set this? bascule On Tuesday 24 September 2002 8:53 am, you wrote: Cat /proc/sys/net/ipv4 icmp_echo* and see if they are set to 1 or 0 at 0 ping works at 1 it starts to shut ignore. James -- Another world, another day, another dawn. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] UDP Port 4156?
This is a multi-part message in MIME format... =_1032842397-30049-15 Content-Type: text/plain; charset=us-ascii Where are you finding portsentry for Mandrake? I just looked at about 5 mirror sites and couldn't locate it. I found it on the 8.1 set of RPMS I downloaded a while ago. portsentry-1.1-3mdk Michael Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Where can I get help? 8-??
Hallo! As I haven't received any answer about my problem installing MDK into a Compaq Presario 905 I am wondering if you know any other mailing list or web site where I could find help. Thanks in advance. Es Dissabte 21 Setembre 2002 22:30, en Joan Tur va escriure: Hallo! A friend's Compaq Presario 905 is having the following problem while trying to boot from CD (tested with 8.2, 9rc2 and 9rc3): ... ALI15X3: IDE controller on PCI bus 00 dev 80 PCI: no IRQ known for interrupt pin A of device 00:10.0. Please try using pci=biosirq ... Partition check: hda: spurious 8259A interrupt: IRQ7 ... I've tryed booting linux pci=biosirq with no luck. He hasn't got the option in bios to assingn irqs manually. Last: we've found that booting linux ide=nodma reaches the following step (Enabling PCMCIA extension cards). Then it shows the following: Bank 3: b400083b at 01fc0003b0 Kernel panic: Unable to continue. As it's got 256Mb ram and the video card is 32Mb we've added mem=224M and mem=223M to boot parameters with no luck. HELP! He's going back to windowss... Thanks in advance ;) -- Joan Tur. Eivissa-Spain AOL quini2k, ICQ 11407395 www.ClubIbosim.org Linux: usuari registrat 190.783 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Where can I get help? 8-??
http://mobilix.org/mylaptops.html --Sandeep Joan Tur wrote: Hallo! As I haven't received any answer about my problem installing MDK into a Compaq Presario 905 I am wondering if you know any other mailing list or web site where I could find help. Thanks in advance. Es Dissabte 21 Setembre 2002 22:30, en Joan Tur va escriure: Hallo! A friend's Compaq Presario 905 is having the following problem while trying to boot from CD (tested with 8.2, 9rc2 and 9rc3): ... ALI15X3: IDE controller on PCI bus 00 dev 80 PCI: no IRQ known for interrupt pin A of device 00:10.0. Please try using pci=biosirq ... Partition check: hda: spurious 8259A interrupt: IRQ7 ... I've tryed booting "linux pci=biosirq" with no luck. He hasn't got the option in bios to assingn irqs manually. Last: we've found that booting "linux ide=nodma" reaches the following step ("Enabling PCMCIA extension cards"). Then it shows the following: Bank 3: b400083b at 01fc0003b0 Kernel panic: Unable to continue. As it's got 256Mb ram and the video card is 32Mb we've added "mem=224M" and "mem=223M" to boot parameters with no luck. HELP! He's going back to windowss... Thanks in advance ;) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com -- Sandeep Khanna Professional Software Developer Java, Linux, PHP, XML professional BeyondBooks.com Contact Number: (Home) 1-610-964-1320 (Office) 1-877-946-4622 Ext (106) Quote of the day: Failure is the foundation of truth. It teaches us what isn't true, and that is a great beginning. To fear failure is to fear the possibility of truth. --Joan Chittister Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] kill a process
On Monday 23 September 2002 11:40 pm, you wrote: twas as i was begining to expect, since i don't own server class kit, just old stuff i'm coopting - so i assume it will crash at some point:-), what would be better - intr or soft as an nfs mount option? bascule Hi bascule. I just setup NFS on my 3-comp LAN a couple of months ago. According to the LInux Administration For Dummies book I used as a reference, (this book was written just for me!!!), here is what they have to say about mounting: 'I recommend that you always use hard-mounting with an intr option whenever possible. The idea is to prevent possible sticky situations when there's an NFS server problem. Without intr the Linux client will try to mount the volume until the universe comes to an end, even during the NFS problem or power outage. If you've determined that waiting for cosmic implosion might take too long, you'll probably end up having to do a rather gory reboot if you don't have that handy intr option in place.' I took their advice, and used these /etc/fstab entries for my setup: darkforce:/home/darklord/tmp/home/jeremy/public nfs rw,hard,intr 0 0 darkforce:/home/darklord/tmp/home/zerocool/public nfs rw,hard,intr 0 0 (keeping in mind that my main machine is the server, and my 2 sons comps are clients) I can verify that no matter what combination of the 3 comps are turned off or on, or running or not, they will start up and shutdown gracefully, with no hangups. Hope this helps! :-) -- /\ Dark Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to send mail between 3 comp LAN?
On Tuesday 24 September 2002 12:00 am, you wrote: when you say set up, do you mean a dns server or a local /etc/hosts file on the 192.168.0.1 machine, if the latter then 'darkforce2.com' will definitely not be treated the same as 'darkforce2' unless you have set it up deliberately to be so, when you ping the other machine do you use .com or not; why .com anyway? is that a domain you own or just an internal fiction, 'cos the mail program won't care about that per se bascule Hi bascule. Yes, I believe that you would have to call it, as you say, a fiction. I can ping the machines anyway, so that: ping darkforce ping darkforce.com ping 192.168.0.1 all work. Just seemed handier, thats all. I did want to have the IP address in numerical form, because from what I've read, that can be found when a lot of other stuff isn't working. Do you think this would cause a problem somewhere? It doesn't seem to have so far. Thanks for all your advice! -- /\ Dark Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to send mail between 3 comp LAN?
On Monday 23 September 2002 11:51 pm, you wrote: Edit /var/spool/postfix/etc/hosts and add your other 2 computers to it. That's the file that postfix uses to resolve stuff that isn't on DNS. Vox Hi Vox. Thanks for the reply. Well, there is no /etc/hosts in /var/spool/postfix. Should I mkdir this and add that file? If so, how should the format go? Like: darkforce2.com 192.168.0.2 darkforce3.com 192.168.0.3 Mucho thanks! :-) -- /\ Dark Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lost the art of ping
Hi, Do you have checked your rules of iptables or ipchains for something like: proto ICMP type 8 DENY (ping request) Best regards Thierry suddenly the box i've been setting apache up on is invisible to pings, i can ssh onto it, it serves web pages locally, it's behind the firewall and has no firewall software on it that i can find, i can ping all the other boxes from all the other boxes and the web server itself can ping out, but no box can ping the web server, issue the ping command and the console just stays blank until ctrl-c any ideas? bascule Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Slapper Worm New Variants
http://linuxtoday.com/news_story.php3?ltsn=2002-09-24-017-26-SC-SV Title: Linux Today - Vnunet: Two on New Slapper Worm Developments Alt Text Breaking NewsPreferencesContributeLink UsSearchAboutJobsPR LinuxCentral LinuxToday LinuxPlanet PHPBuilder BSDCentral Linuxnewbie.org ApacheToday AllLinux Devices BSDToday Enterprise LinuxToday SITE DESCRIPTIONS :Vnunet: Two on New Slapper Worm Developments Vnunet: Two on New Slapper Worm DevelopmentsSep 24, 2002, 15 :47 UTC (0 Talkback[s]) (320 reads)(Other stories by James Middleton and Iain Thomson) Vnunet: Arrest for Slapper Author "A suspect has been arrested on suspicion of authoring the Slapper worm. "But although the threat of the worm seems to have been shortlived, a new variant is already set to take up where its predecessor left off. "Slapper mailed the addresses of infected machines back to an email address in the Ukraine, [ISS senior consultant David Morgan] said. This email was checked from a traceable location and, as a result, a 21-year-old male has been arrested by the authorities... Complete Story Third Slapper Worm Hits the Street "Barely 24 hours after the Slapper B worm started to show up on antivirus monitoring stations, a new variant has cropped up. "According to security specialist ISS, Slapper C has infected 1,500 servers already and is spreading, although a source point has not been identified at this time..." Complete Story Related Stories: Common Criteria: Slapper Worm Stops Slapping(Sep 23, 2002) Symantec/LinuxSecurity.com: Apache Advisory: OpenSSL(Sep 14, 2002) Mail this storyPrint this story BRU for BSD Personal Edition 17.0 BRU Personal Edition 17.0 Backup Restore Utility is a functionally-rich backup solution designed for single or networked systems used in the home. BRU's proven data verification and error recovery ... Get it from Linux Central The /root. for Linux Resources Current Newswire: ZDNet: Ballmer: Well Outsmart Open Source SECURITY: Vnunet: Two on New Slapper Worm Developments Mozilla.org: New Mozilla-Based Phoenix Browser Released Linux Journal: Software Freedom for Macedonia? ExtremeTech: Red Hats Heresy GrepLaw.org: Don Marti on Free Software, Patents and the Internet Kernel Traffic #185 By Zack Brown Kernel Cousin Wine #136 By Brian Vincent AbiWord Weekly News #110 by Eric A. Zen Release Digest: GNOME, September 23, 2002 No talkbacks posted. Home | Search Talkbacks | Customize View Top of Page Enter your comments below. Your Name: Your Email Address: Subject: CC: [will also send this talkback to an E-Mail address] Comments: Tags allowed:I,B and U. See our talkback-policy for more about talkback content. Site DigestsNewslettersMedia KitSecurityTriggersLogin All times are recorded in UTC.Linux is a trademark of Linus Torvalds.Powered by Linux, Apache and PHP Copyright 2002 Jupitermedia Corporation All Rights Reserved. Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Slapper Worm New Variants
http://linuxtoday.com/news_story.php3?ltsn=2002-09-24-017-26-SC-SV Title: Linux Today - Vnunet: Two on New Slapper Worm Developments Breaking NewsPreferencesContributeLink UsSearchAboutJobsPR LinuxToday LinuxPlanet LinuxCentral PHPBuilder ApacheToday Linuxnewbie.org AllLinux Devices BSDToday BSDCentral Enterprise LinuxToday SITE DESCRIPTIONS :Vnunet: Two on New Slapper Worm Developments Vnunet: Two on New Slapper Worm DevelopmentsSep 24, 2002, 15 :47 UTC (0 Talkback[s]) (326 reads)(Other stories by James Middleton and Iain Thomson) Vnunet: Arrest for Slapper Author "A suspect has been arrested on suspicion of authoring the Slapper worm. "But although the threat of the worm seems to have been shortlived, a new variant is already set to take up where its predecessor left off. "Slapper mailed the addresses of infected machines back to an email address in the Ukraine, [ISS senior consultant David Morgan] said. This email was checked from a traceable location and, as a result, a 21-year-old male has been arrested by the authorities... Complete Story Third Slapper Worm Hits the Street "Barely 24 hours after the Slapper B worm started to show up on antivirus monitoring stations, a new variant has cropped up. "According to security specialist ISS, Slapper C has infected 1,500 servers already and is spreading, although a source point has not been identified at this time..." Complete Story Related Stories: Common Criteria: Slapper Worm Stops Slapping(Sep 23, 2002) Symantec/LinuxSecurity.com: Apache Advisory: OpenSSL(Sep 14, 2002) Mail this storyPrint this story BRU for BSD Personal Edition 17.0 BRU Personal Edition 17.0 Backup Restore Utility is a functionally-rich backup solution designed for single or networked systems used in the home. BRU's proven data verification and error recovery ... Get it from Linux Central The /root. for Linux Resources Current Newswire: ZDNet: Ballmer: Well Outsmart Open Source SECURITY: Vnunet: Two on New Slapper Worm Developments Mozilla.org: New Mozilla-Based Phoenix Browser Released Linux Journal: Software Freedom for Macedonia? ExtremeTech: Red Hats Heresy GrepLaw.org: Don Marti on Free Software, Patents and the Internet Kernel Traffic #185 By Zack Brown Kernel Cousin Wine #136 By Brian Vincent AbiWord Weekly News #110 by Eric A. Zen Release Digest: GNOME, September 23, 2002 No talkbacks posted. Home | Search Talkbacks | Customize View Top of Page Enter your comments below. Your Name: Your Email Address: Subject: CC: [will also send this talkback to an E-Mail address] Comments: Tags allowed:I,B and U. See our talkback-policy for more about talkback content. Site DigestsNewslettersMedia KitSecurityTriggersLogin All times are recorded in UTC.Linux is a trademark of Linus Torvalds.Powered by Linux, Apache and PHP Copyright 2002 Jupitermedia Corporation All Rights Reserved. Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Any new subdirectories created by the users will automatically have the sgid bit set. Unfortunately, it's not simple to automatically recurse all the directories and set the sgid bit. But a oneline bash command will do it for you: ls -R | grep :$ | sed 's#:$##' | awk '{print \$0\}' | xargs chmod g+s Work through the logic and it will start to make sense. The awk statement is included for the sole purpose of putting quotes around the name incase it contains spaces or funky characters. Although I think this would be much cleaner to use... find /var/www -type d -exec chmod g+s {} \; Thanks... Dan. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba printing - Help!
Brian Parish wrote on Fri, Sep 20, 2002 at 02:04:55PM +1000 : I am getting a little desperate for some help with a Samba printing issue. I have configured a number of systems for this without difficulty, but this one seems to have a mind of its own! I can see the printer from W$ XP, but access is denied. I see nmb errors in the log like: I assume that you applied the registry patch to XP to disable the sign or seal function? I found that just applying the registry patch didn't quite disable it. I had to manually edit the registry in three places (because the patch was only modifying one of the three). It's in the samba package somewhere in /usr/share/doc/samba* Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk msg58017/pgp0.pgp Description: PGP signature
Re: [expert] Virtual Hosting Question
Daniel Woods wrote on Tue, Sep 24, 2002 at 10:46:22AM -0600 : all the directories and set the sgid bit. But a oneline bash command will do it for you: ls -R | grep :$ | sed 's#:$##' | awk '{print \$0\}' | xargs chmod g+s Work through the logic and it will start to make sense. The awk statement is included for the sole purpose of putting quotes around the name incase it contains spaces or funky characters. Although I think this would be much cleaner to use... find /var/www -type d -exec chmod g+s {} \; Does it work if the directory name or path contains spaces? I am unable to test at the moment (short on time). Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Never take no as an answer from someone who's not authorized to say yes. --Ben Reser on Cooker ML Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk msg58018/pgp0.pgp Description: PGP signature
Re: [expert] Bad signatures on 9.0rc3 RPMS?
PlugHead wrote on Mon, Sep 23, 2002 at 11:26:45PM -0400 : Is it just me? I'm seeing alot of things like: [root@jack-in etc]# urpmi chkrootkit The following packages have bad signatures: /mirror/sunet/cooker/RPMS2/chkrootkit-0.37-1mdk.i586.rpm Do you want to continue installation ? (y/N) N Anyone else seeing this? Does anyone know what's going on here? (That RPMS in contribs (ie the RPMS2 subdirectory) are not signed. Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk msg58019/pgp0.pgp Description: PGP signature
Re: [expert] UDP Port 4156?
Vox wrote on Mon, Sep 23, 2002 at 11:31:54PM -0500 : It's a worm that seems to have started on Saturday and infects linux boxes. http://online.securityfocus.com/archive/75/292529/2002-09-20/2002-09-26/2 http://www.der-keiler.de/Mailing-Lists/securityfocus/incidents/2002-09/ Uhm...slapper doesn't use 4156...it uses 2002 udp...so I don't think it's slapper. It's a new variant of slapper apparently. Sophos antivirus just released some virus signatures for Slapper-B and it detects Slapper-B and Slapper-C. So I'll assume there are two variants out now beyond the original Slapper. Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Never take no as an answer from someone who's not authorized to say yes. --Ben Reser on Cooker ML Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk msg58020/pgp0.pgp Description: PGP signature
Re: [expert] ACL support in 8.2/9.0?
Sylvestre Taburet wrote on Tue, Sep 24, 2002 at 11:39:08AM +0200 : Is there build-in ACL support for ext2/ext3 and Samba in LM8.2? If not 8.2: ACls for XFS 9.0: ACLs for XFS, EXT2/3 Oooo, I didn't know about the Ext2/3 ACL support. Can you provide a url with more info? Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk msg58021/pgp0.pgp Description: PGP signature
Re: [expert] How to send mail between 3 comp LAN?
On 24 Sep 2002 at 11:58, Ronald J. Hall wrote: Hi Vox. Thanks for the reply. Well, there is no /etc/hosts in /var/spool/postfix. You won't have the /var/spool/postfix/etc directory unless you're running Postfix chrooted,otherwise postfix uses the file in /etc so you might the exact syntax you have in /etc/hosts. Ray Warren Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
At 05:08 PM 9/23/2002 -0700, you wrote: Assuming that you use user apache and group apache to run the webserver: chmod -R 750 /usr/www chgrp -R apache /usr/www chmod g+s /usr/www chmod g+s /usr/www/* But you better make damn sure that apache can read those files before you consider yourself done. Thank you! I am also going to test the response of PHP pages with this config. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] directory permissions
Or, if you are familar with Octal you can coorilate the octal bits with the respective permissions. On Monday 23 September 2002 10:06 pm, you wrote: Hi. R means the person has the ability to read the files contents. X means the user can exicute the file as a program. Personally, I find working with the numbers is much easier to work with. Keep in mind you have three columns you need to fill in with permissions. You have user, group, and other. 0: no permissions. 1: Execute. 2: write. 4: Read. 5: Read, execute. 6: Read, write. 7: Read, write, execute. So let's say you want a file/directory to be set with read write for user and group you would write. chmod 660 filename If you want to make something accessible to one user you would do this. chown username filename chmod 600 filename - Original Message - From: bascule [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 23, 2002 8:21 PM Subject: [expert] directory permissions i think i'm coming unstuck about the difference between 'r' - read permission and 'x' -enter perm for a directory, what exactly is the difference? bascule -- Yes, it's the right planet, all right, he said again. Right planet, wrong universe. --- - Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Daniel Woods wrote on Tue, Sep 24, 2002 at 10:46:22AM -0600 : all the directories and set the sgid bit. But a oneline bash command will do it for you: ls -R | grep :$ | sed 's#:$##' | awk '{print \$0\}' | xargs chmod g+s Work through the logic and it will start to make sense. The awk statement is included for the sole purpose of putting quotes around the name incase it contains spaces or funky characters. Although I think this would be much cleaner to use... find /var/www -type d -exec chmod g+s {} \; Does it work if the directory name or path contains spaces? I am unable to test at the moment (short on time). Yes. # mkdir '/tmp/test with spaces' # find /tmp -type d -exec echo {} \; . ./.font-unix ./BACKUP ./BACKUP/SQL ./kde-dwoods ./.ICE-unix ./test with spaces # rm -rf '/tmp/test with spaces' Thanks... Dan. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Daniel Woods wrote on Tue, Sep 24, 2002 at 01:58:42PM -0600 : find /var/www -type d -exec chmod g+s {} \; Does it work if the directory name or path contains spaces? I am unable to test at the moment (short on time). Yes. I tested and verified that it does work. But I have one comment about what you posted below: # mkdir '/tmp/test with spaces' # find /tmp -type d -exec echo {} \; . ./.font-unix ./BACKUP ./BACKUP/SQL ./kde-dwoods ./.ICE-unix ./test with spaces What you have done here does not prove the test. I get the same results by doing: echo dir owned by todd echo dir owned by todd # rm -rf '/tmp/test with spaces' See how you had to put quotes around the path? That's what my awk did. I had to do that because the following are not identical because the space is normally an argument delimiter: rm -rf /tmp/test with spaces rm -rf /tmp/test with spaces And after testing, I verified that the find command when it replaces the {} argument with the value that it is currently processing, it does in fact quote it, so that answers my question: [root@fiji ~]# mkdir dir1 [root@fiji ~]# cd dir1 [root@fiji ~/dir1]# mkdir this is a test [root@fiji ~/dir1]# mkdir this is test 2 [root@fiji ~/dir1]# mkdir ouch [root@fiji ~/dir1]# cd .. [root@fiji ~]# find dir1 -type d -exec chmod g+s {} find: missing argument to `-exec' [root@fiji ~]# find dir1 -type d -exec chmod g+s {} \; [root@fiji ~]# vdir dir1 total 12 drwxr-sr-x2 root root 4096 Sep 24 14:51 ouch drwxr-sr-x2 root root 4096 Sep 24 14:51 this\ is\ a\ test drwxr-sr-x2 root root 4096 Sep 24 14:51 this\ is\ test\ 2 Thanks for the command and thanks for making me think about it thanks for letting me verbalize what was going through my head. I actually did try to use the find command originally, but I kept getting that damned missing argument to -exec error message. I am an idiot sometimes. I forgot all about escaping the ; at the end. :( Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Mandrake: An amalgam of good ideas from RedHat, Debian, and MandrakeSoft. All in all, IMHO, an unbeatable combination. --Levi Ramsey on Cooker ML Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk msg58026/pgp0.pgp Description: PGP signature
[expert] Unpatched LM82 is susceptible to SSL vulnerability
Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] (Inserted CRs) Unpatched LM82 is susceptible to SSL vulnerability
(sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSL vulnerability
If you just block port 443 with your firewall. (and you are not using SSL) you won't have a problem either.. I have several unpatched openssl boxes, but all of them are blocked by the firewalls.. and none have gotten the worm. As I understand it, the worm sends a header to port 80 to see if its apache, if it is, it then tries port 443 and tries the hack.. if the firewall blocks port 443, it won't get anywhere. just a thought.. Most of the boxes I setup are basic firewall/gateway or samba servers, so I don't patch stuff I'm not running.. and none of them show any signs of problems.. if you close your firewall right down to only things it most access.. and don't run services you are not using, you are usually pretty safe with linux... but its still important to patch services you are running, and watch the security sites. (although not securityfocus anymore since its now owned by symentec and will no doubt be biased towards them now... (in my opinion and several others I have read about.) rgds Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Twu Sent: Wednesday, 25 September 2002 8:43 AM To: [EMAIL PROTECTED] Subject: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSL vulnerability (sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSLvulnerability
And in addition to patching up... (Always the best move no matter what.) I've read where going into /tmp and doing touch bugtaq bugtraq.c chmod 400 bugtraq bugtraq.c Seems to fool the program into thinking this is an already cracked box (Havent proof this works but a little extra precaution always makes me feel better.) James On Tue, 2002-09-24 at 17:42, Jeffrey Twu wrote: (sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lost the art of ping
On Tue, 2002-09-24 at 05:48, bascule wrote: 1s indeed, but now i have to wonder, 'how did that happen'? i didn't do it becasue until just now i had no idea about /proc/sys/net/ipv4 icmp_echo* is there some known action or software install that would also set this? bascule Could be (but not sure on some) msec bastille or your firewall rules that set this this way. Personally on my webservers I just turn ping off... stops DoDs smurf attacks, gives the box a certain small level of obscurity on the net. (when crackers flood ping a subnet to see if there is anything there.. mine don't show up.) I figure is I can ssh to them and/or the web pages show up... the box must be working so I don't need ping. James On Tuesday 24 September 2002 8:53 am, you wrote: Cat /proc/sys/net/ipv4 icmp_echo* and see if they are set to 1 or 0 at 0 ping works at 1 it starts to shut ignore. James -- Another world, another day, another dawn. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSLvulnerability
On 24 Sep 2002, James Sparenberg wrote: And in addition to patching up... (Always the best move no matter what.) I've read where going into /tmp and doing touch bugtaq bugtraq.c chmod 400 bugtraq bugtraq.c Seems to fool the program into thinking this is an already cracked box (Havent proof this works but a little extra precaution always makes me feel better.) Since there are a number of varients out there, this is not going to help a whole lot. Fixing the hole is the first priority. BTW, this is not the only issue you need to be concerned about. There are problems in glibc, php and others that need to be updated as well. Keeping up on the bug fixes is a neverending process. Just when you think you have them all, a new group shows up to bedevil you. James On Tue, 2002-09-24 at 17:42, Jeffrey Twu wrote: (sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to send mail between 3 comp LAN?
Dark, Creating the names on the subnet you are using shouldn't be a hassle. To you or anyone else, since it is on an unrouted subnet (192.168) Only time it would be a problem is if you ever try to go to a real domain named darkforce.com ... you'll keep getting your box. (Yes I've seen that happen years ago..) But heck ya gotta name em sumpin. :) James On Tue, 2002-09-24 at 08:50, Ronald J. Hall wrote: On Tuesday 24 September 2002 12:00 am, you wrote: when you say set up, do you mean a dns server or a local /etc/hosts file on the 192.168.0.1 machine, if the latter then 'darkforce2.com' will definitely not be treated the same as 'darkforce2' unless you have set it up deliberately to be so, when you ping the other machine do you use .com or not; why .com anyway? is that a domain you own or just an internal fiction, 'cos the mail program won't care about that per se bascule Hi bascule. Yes, I believe that you would have to call it, as you say, a fiction. I can ping the machines anyway, so that: ping darkforce ping darkforce.com ping 192.168.0.1 all work. Just seemed handier, thats all. I did want to have the IP address in numerical form, because from what I've read, that can be found when a lot of other stuff isn't working. Do you think this would cause a problem somewhere? It doesn't seem to have so far. Thanks for all your advice! -- /\ Dark Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSLvulnerability
True enough... but this little trick seems to be a file that all variants use James On Tue, 2002-09-24 at 11:25, alan wrote: On 24 Sep 2002, James Sparenberg wrote: And in addition to patching up... (Always the best move no matter what.) I've read where going into /tmp and doing touch bugtaq bugtraq.c chmod 400 bugtraq bugtraq.c Seems to fool the program into thinking this is an already cracked box (Havent proof this works but a little extra precaution always makes me feel better.) Since there are a number of varients out there, this is not going to help a whole lot. Fixing the hole is the first priority. BTW, this is not the only issue you need to be concerned about. There are problems in glibc, php and others that need to be updated as well. Keeping up on the bug fixes is a neverending process. Just when you think you have them all, a new group shows up to bedevil you. James On Tue, 2002-09-24 at 17:42, Jeffrey Twu wrote: (sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to send mail between 3 comp LAN?
On Tuesday 24 September 2002 10:45 pm, you wrote: Dark, Creating the names on the subnet you are using shouldn't be a hassle. To you or anyone else, since it is on an unrouted subnet (192.168) Only time it would be a problem is if you ever try to go to a real domain named darkforce.com ... you'll keep getting your box. (Yes I've seen that happen years ago..) But heck ya gotta name em sumpin. :) James Okay, thanks! (now if I can just get mail between the 3 to work!) ;-) -- /\ Dark Lord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSLvulnerability
On 24 Sep 2002, James Sparenberg wrote: True enough... but this little trick seems to be a file that all variants use Trust me. They don't. James On Tue, 2002-09-24 at 11:25, alan wrote: On 24 Sep 2002, James Sparenberg wrote: And in addition to patching up... (Always the best move no matter what.) I've read where going into /tmp and doing touch bugtaq bugtraq.c chmod 400 bugtraq bugtraq.c Seems to fool the program into thinking this is an already cracked box (Havent proof this works but a little extra precaution always makes me feel better.) Since there are a number of varients out there, this is not going to help a whole lot. Fixing the hole is the first priority. BTW, this is not the only issue you need to be concerned about. There are problems in glibc, php and others that need to be updated as well. Keeping up on the bug fixes is a neverending process. Just when you think you have them all, a new group shows up to bedevil you. James On Tue, 2002-09-24 at 17:42, Jeffrey Twu wrote: (sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says this is not vulnerable, as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com