Re: [expert] Mozilla Language packs??
IE exported charsets have not been a problem for me. make sure your fonts are installed in X etc. Btw, sugest your translator uses mozilla/composer in ms-windows, then at least your html files you get from him will be clean. I sugest you use UTF-8 for all your html files. Regards JG Jason Greenwood wrote: As a followup to my question, I have a question about translation done in MS word. We have a local translator who does website translation for us and they use MS Word with language support packs. The problem is, AFAIK this translation (once output to HTML by Word) is only viewable in IE with language support due to the proprietary nature of almost all MS shite. My question is, is there an OSS way of doing things?? Can I use OO or similar to create docs in other languages (then output them to html) that are cross browser compatible?? Is this possible or are my only options to use MS means and just expect people to use IE to view the docs in other languages?? The only other way I can see to do it is to take a screen shot from within Winblows and crop it and add the text as images to the docs. Then ALL browsers can see the images. I just wonder if there is not a better more oss friendly way to do things?? Besides, I don't want to have to use MS Word just to type text in other languages!! Thanks for any advice. Jason Jason Greenwood wrote: How do you install/download language packs for Mozilla?? I mean to DISPLAY pages created with different languages, not locals. If know there are language packs for Mozilla but these seem to change the language for all of Mozilla. I just want to be able to display text in other languages. For example, I remember way back when I used Winblows that if I visited a page I didn't have a language pack to display, IE would prompt to download the pack to display it. How does Moz handle it?? I went to a Korean site and it looks like gibberish (and not Korean gibberish either). Ideas?? Cheers Jason Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Xawtv and UK tv channels
UK is PAL-M right? JG Lorne wrote: Make sure you have the right frequency table set. I think it may default to us-cable. There are like 11 different choices. Long shot here. :) On Wednesday 08 January 2003 10:11 am, Roger Munoz wrote: Hi I've have installed a hauppauge wintv card on my mandrake 9.0 system. On install there were no problems encountered, but the problem is, when i a channel scan nothing comes back!. The card works fine in windoze and i can see all the UK channels in the London region. Is there any reason why i cant pick up channels from the London region (or any channel for that matter !) in mandrake? Roger London, ENGLAND Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SSH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Geeze, when is Mandrake going to get a decent per-ethernet card GUI firewall configurator with an advanced option that covers GUI configuration for all the protocols for say port 1000 and below, an Internet Connection Shareing on/off button as well as a configure button. Heck, I could probably write it and I can't even get a Samba-LDAP PDC to run. ;-) They do. It's called Multi-Network Firewall... - -- Mark Watts Systems Engineer QinetiQ TIM St Andrews Road, Malvern GPG Public Key available on request. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+HqZWBn4EFUVUIO0RAtrBAJ9ucNiV8xADAIRGCKCEIJOFXTP83ACfSXf8 mD8+zd6GKScczRwki5PNF4E= =b9Ef -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] scanner not detected if not switched on upon startup
On Thu, 09 Jan 2003 13:46:30 +, Pierre Fortin wrote: On Thu, 09 Jan 2003 10:47:09 +0100 Udo Rader [EMAIL PROTECTED] wrote: hi all, I've a scsi-scanner here (umax astra) that works like a charm. My only problem is that I have to turn it on before I boot the computer, otherwise it is simply not detected (sane-find-scanner). The only solution I've come around so far is to rmmod my scsi-module as root, turn on the scanner, insmod my scsi-module again as root and then thats it. Giving root-access to all the people that use the machine is not an option, so are there any other possibilities to detect the scanner as a normal user? thanks udo I have SCSI disks on the same busas my scanner, so rmmod might cause problems with those. I use the following script -- it was intended to get a disk back online in earlier LM versions; but it works for the scanner too... just pass it the lun of the scanner -- adjust the other parameters if your scanner is on anything but the first SCSI adapter. #!/bin/sh # enable a SCSI drive which was offline at bootup echo scsi add-single-device 0 0 $1 0 /proc/scsi/scsi You could create a cron task that checks for the scanner in /proc/scsi/scsi and re-enable it if off. HTH, Pierre hi pierre, thanks for your suggestion which does not completely make me happy but this is a nice workaround I can life with :-) udo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin + CommuniGate Pro config
On Fri, 10 Jan 2003 07:12 am, Brian York wrote: If anyone is using these two together would someone please send me some configuration files. I have a teriable time getting it to work. If they go in more than one place zip them in the file structure in the place were they should go. Brian, go to this site: http://www.communigatefaq.com/cgatefaq/SpamAssassin print the page out take some quality time with your linux setup :) -- john in sydney Mandrake Linux 9.0, Kernel version: 2.4.19-16mdk OpenPGP key available on www.keyserver.net 1024D/3E4A902F B38A AB0F 8658 D9E1 4900 3050 08FA D4FA 3E4A 902F Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Local CUPS printer S..L..O..W
hmmm, in hosts, is localhost defined? and in MCC hardware, printer, cups
configuration, did you allow auto Cups Configuration? or does it have an IP
or name? maybe the easiest _answer_ would be to remove the current cups
printer and then add new printer but that sounds so mickysoft.
On Friday 10 January 2003 12:04 am, Pierre Fortin wrote:
My local parallel attached printer takes over a minute to start printing
jobs. Here's part of strace on xpp... my question is WHY should CUPS be
trying to access my gateway to print locally. There is nothing in
printerdrake that takes an IP address for a local printer. Even
printerdrake takes a long time to get its info... what gives??
To get a more complete trace, I did:
$ ps aux | grep xpp
pfortin 29339 0.0 0.0 00 ?Z23:27 0:00 [xpp
defunct]
pfortin 30031 2.5 0.5 5584 2788 ?S23:50 0:00 xpp
The defunct process was from the previous print job...
send(5, POST / HTTP/1.1\r\n, 17, 0) = 17
send(5, Content-Length: 202\r\n, 21, 0) = 21
send(5, Content-Type: application/ipp\r\n, 31, 0) = 31
send(5, Host: localhost\r\n, 17, 0) = 17
send(5, \r\n, 2, 0) = 2
time(NULL) = 1042174357
send(5, \1\1\0\v\0\0\0\1, 8, 0) = 8
time(NULL) = 1042174357
send(5, \1G\0\22attributes-charset\0\niso-8859..., 34, 0) = 34
time(NULL) = 1042174357
send(5, H\0\33attributes-natural-language\0\5..., 37, 0) = 37
time(NULL) = 1042174357
send(5, E\0\vprinter-uri\0\33ipp://localhost/..., 43, 0) = 43
time(NULL) = 1042174357
send(5, B\0\24requested-attributes\0\25printer..., 79, 0) = 79
time(NULL) = 1042174357
send(5, \3, 1, 0) = 1
recv(5, HTTP/1.1 200 OK\r\nDate: Fri, 10 J..., 2048, 0) = 2048
time(NULL) = 1042174357
[snip]
time(NULL) = 1042174357
brk(0x80be000) = 0x80be000
time(NULL) = 1042174357
recv(5, iptI\0\0\0\33application/vnd.cups-ras..., 1714, 0) = 1714
brk(0x80bf000) = 0x80bf000
brk(0x80c) = 0x80c
time(NULL) = 1042174357
uname({sys=Linux, node=gypsy.pfortin.com, ...}) = 0
close(5)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
gettimeofday({1042174357, 791686}, NULL) = 0
time(NULL) = 1042174357
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4) = 0
connect(5, {sin_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr(192.168.1.1)}}, 16
#stalls here
) = -1 ETIMEDOUT (Connection timed out)
#well DUH!! The gateway is a LinkSys router -- no port 631
close(5)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
gettimeofday({1042174546, 789969}, NULL) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 5
connect(5, {sin_family=AF_UNIX, path=/var/run/.nscd_socket}, 110) = -1
ENOENT (No such file or directory)
close(5)= 0
open(/etc/hosts, O_RDONLY)= 5
fcntl64(5, F_GETFD) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=192, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(5, 192.168.1.1\t\tr41.pfortin.com r41..., 4096) = 192
read(5, , 4096) = 0
close(5)= 0
munmap(0x40014000, 4096)= 0
time(NULL) = 1042174546
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4) = 0
connect(5, {sin_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr(127.0.0.1)}}, 16) = 0
send(5, POST / HTTP/1.1\r\n, 17, 0) = 17
send(5, Content-Length: 202\r\n, 21, 0) = 21
send(5, Content-Type: application/ipp\r\n, 31, 0) = 31
send(5, Host: localhost\r\n, 17, 0) = 17
send(5, \r\n, 2, 0) = 2
time(NULL) = 1042174546
send(5, \1\1\0\v\0\0\0\1, 8, 0) = 8
time(NULL) = 1042174546
send(5, \1G\0\22attributes-charset\0\niso-8859..., 34, 0) = 34
time(NULL) = 1042174546
send(5, H\0\33attributes-natural-language\0\5..., 37, 0) = 37
time(NULL) = 1042174546
send(5, E\0\vprinter-uri\0\33ipp://localhost/..., 43, 0) = 43
time(NULL) = 1042174546
send(5, B\0\24requested-attributes\0\25printer..., 79, 0) = 79
time(NULL)
Re: [expert] SSH
On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: Pierre Fortin wrote: Stop or remove shorewall -- sure wish Mdk would have made it more obvious during install/upgrade that it was going to add a firewall without asking... :^Pierre problem is...what does one use on a Mandrake 9.0 box if not shorewall because I've had a terrible time in the past trying to get Bastille to work on an MDK 9 box, which led me swiftly back to an 8.2 installation for server use. and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. -- Ken Thompson Payette, Idaho Email: [EMAIL PROTECTED] Linux- Coming Soon To A Desktop Near You Registered Linux User #183936 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] X: 2 mouses with different speeds?
On Thu, 2003-01-09 at 13:55, Joan Tur wrote: -BEGIN PGP SIGNED MESSAGE- I've modified XF86Config-4 in order for me to be able to use both integrated (it's a laptop) and usb mouses, and it now works. The problem is that the usb mouse moves too fast. How can I slow only the usb one? 8-? I have a similar config, but I have listed my USB mouse first in the XF86Config-4 file, I'm not sure if this would make a difference, but both mice are usable and I do not have any speed problems. Hope this helps. Section InputDevice Identifier Mouse1 Driver mouse Option Protocol IMPS/2 Option Device /dev/usbmouse Option ZAxisMapping 4 5 EndSection Section InputDevice Identifier Mouse2 Driver mouse Option Protocol PS/2 Option Device /dev/psaux Option Emulate3Buttons Option Emulate3Timeout 50 EndSection -- ...Rob -- Failure is the foundation of truth. It teaches us what isn't true, and that is a great beginning. To fear failure is to fear the possibility of truth. -- Joan Chittister = Robert Goshko Axis Computer Consulting Services, Inc President Sherwood Park, Alberta, Canada http://www.axis-dev.ca/ Supporting the Revolution In Your World = Registered Linux User #260513GNU/Linux i686 2.4.20-2mdk-725ca 7:40am up 27 min, 4 users, load average: 1.89, 1.67, 1.04 signature.asc Description: This is a digitally signed message part
Re: [expert] SSH
On Fri, 2003-01-10 at 07:50, Ken Thompson wrote: On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: Pierre Fortin wrote: Stop or remove shorewall -- sure wish Mdk would have made it more obvious during install/upgrade that it was going to add a firewall without asking... :^Pierre problem is...what does one use on a Mandrake 9.0 box if not shorewall because I've had a terrible time in the past trying to get Bastille to work on an MDK 9 box, which led me swiftly back to an 8.2 installation for server use. and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. I used an old 486, 32MB, and a bootable floppy running Eigerstein LRP (Linux Router Project - http://leaf.sourceforge.net/) for two years, until the machine died. That forced my upgrade, I have a machine that is too overpowerd now for a firewall (PII 200) but I can now run the Bootable CD version of Dachstein LRP, still no HD so the machine is quite. -- ...Rob -- A closed mouth gathers no foot. = Robert Goshko Axis Computer Consulting Services, Inc President Sherwood Park, Alberta, Canada http://www.axis-dev.ca/ Supporting the Revolution In Your World = Registered Linux User #260513GNU/Linux i686 2.4.20-2mdk-725ca 8:37am up 1:24, 4 users, load average: 1.76, 1.81, 1.67 signature.asc Description: This is a digitally signed message part
Re: [expert] SSH
On Friday 10 January 2003 02:50 pm, Ken Thompson wrote: On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. I have been using EigerStein from the LRP on a 486-66 w16mb, and NO HDD for about 2 years with no problem. Since it boots from floppy, once running, you pop out the disk, and even if by chance someone hacks the F/W, you can just reboot. I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Xawtv and UK tv channels
On Friday 10 January 2003 03:05 am, J. Grant wrote: UK is PAL-M right? Dang! I was afraid you would ask me that! :) I honestly don't know. us-cable over here in the states. Hopefully someone reading will know. I did some searching on Google but didn't find anything right away. I'd think it should be out there somewhere if a guy knew where to look. JG Lorne wrote: Make sure you have the right frequency table set. I think it may default to us-cable. There are like 11 different choices. Long shot here. :) On Wednesday 08 January 2003 10:11 am, Roger Munoz wrote: Hi I've have installed a hauppauge wintv card on my mandrake 9.0 system. On install there were no problems encountered, but the problem is, when i a channel scan nothing comes back!. The card works fine in windoze and i can see all the UK channels in the London region. Is there any reason why i cant pick up channels from the London region (or any channel for that matter !) in mandrake? Roger London, ENGLAND Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SSH
On Friday 10 January 2003 03:54 am, Mark Watts wrote: Geeze, when is Mandrake going to get a decent per-ethernet card GUI firewall configurator with an advanced option that covers GUI configuration for all the protocols for say port 1000 and below, an Internet Connection Shareing on/off button as well as a configure button. Heck, I could probably write it and I can't even get a Samba-LDAP PDC to run. ;-) They do. It's called Multi-Network Firewall... Or MNF yes? :) I am in the process of setting it up now with 3 nics. SO far it looks VERY good! The only thing that seems glaringly absent is tripwire. I'm trying to configure that now and should have it on line in the next week or so. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Firewall stuff SSH
On Friday 10 January 2003 12:58 am, Ken Hawkins wrote: On Friday 10 January 2003 02:50 pm, Ken Thompson wrote: On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. I have been using EigerStein from the LRP on a 486-66 w16mb, and NO HDD for about 2 years with no problem. Since it boots from floppy, once running, you pop out the disk, and even if by chance someone hacks the F/W, you can just reboot. I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins ***ALERT*** I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, don't trust it too much. :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] How to update linux without a GUI in 8.2 and 9.0
Helo. I have a couple of firewalls, one running 8.2 and another running 9.0. I don't run X on my firewalls, so I was wondering if there was a way to use 8.2 and 9.0 update features from the command line? I know how to add update locations using the urpmi type commands, but I can't figure out if there's an easy way to get updates for installed packages like through the gui. Any help would be greately appreciated. Thanks, Cory Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Xawtv and UK tv channels
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 UK is PAL-B. In xawtv, set the frequency selection to 'western europe' If you have problems viewing UK terrestrial tv signals, mail me at m.watts at mrw.demon.co.uk. (I have a Hauppauge WinTV PCI Nicam which is working fine in the UK) Mark. On Friday 10 January 2003 03:05 am, J. Grant wrote: UK is PAL-M right? Dang! I was afraid you would ask me that! :) I honestly don't know. us-cable over here in the states. Hopefully someone reading will know. I did some searching on Google but didn't find anything right away. I'd think it should be out there somewhere if a guy knew where to look. JG Lorne wrote: Make sure you have the right frequency table set. I think it may default to us-cable. There are like 11 different choices. Long shot here. :) On Wednesday 08 January 2003 10:11 am, Roger Munoz wrote: Hi I've have installed a hauppauge wintv card on my mandrake 9.0 system. On install there were no problems encountered, but the problem is, when i a channel scan nothing comes back!. The card works fine in windoze and i can see all the UK channels in the London region. Is there any reason why i cant pick up channels from the London region (or any channel for that matter !) in mandrake? Roger London, ENGLAND --- - Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com - -- Mark Watts Systems Engineer QinetiQ TIM St Andrews Road, Malvern GPG Public Key available on request. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+HvQaBn4EFUVUIO0RAk2+AJ9LuSiutz2npZLSJaDBWnvW+06EXwCfb4+V WM/uO0C/uNNiuWGP4pFKrjI= =NrDF -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to update linux without a GUI in 8.2 and 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Helo. I have a couple of firewalls, one running 8.2 and another running 9.0. I don't run X on my firewalls, so I was wondering if there was a way to use 8.2 and 9.0 update features from the command line? I know how to add update locations using the urpmi type commands, but I can't figure out if there's an easy way to get updates for installed packages like through the gui. Any help would be greately appreciated. Add an ftp source for a /Mandrake/updates/version source. Use urpmi --auto-select to find any installed packages that need updating. Mark. - -- Mark Watts Systems Engineer QinetiQ TIM St Andrews Road, Malvern GPG Public Key available on request. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+HvRkBn4EFUVUIO0RAn+EAJ4uNp++C+o6bp/Mh9FR+GlNvqJ/GACg1LJh tubq20igEI1kWj8CmvPozDg= =vc7n -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mandrake snf mnf and Tripwire
On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh? Later I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? Thanks in adance. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Friday 10 January 2003 04:15 pm, Lorne wrote: On Friday 10 January 2003 12:58 am, Ken Hawkins wrote: SNIP A WHOLE LOT OUT I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins ***ALERT*** I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, don't trust it too much. :) OR: Sure I'm paranoid...but am I paranoid enough? Sorry, didn't mean to imply that I was invulnerable...just that it was a cheap easy solution to be MUCH more secure that most people out there. Remember that there are millions of users out there still with windblows machines plugged straight into their DSL/Cable modems with NO firewalls. When you say they were poking around, had they been able to install s/w, read documents, change configs? Or was it just port scanning, rattling the doorknobs so to speak? Ken Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What happened with Mandrake eXPerience?
Oh no you're right. And he had the best WineX tutorial I had found! Does anyone else know where there is a simularly extensive WineX tutorial? You know, one that covers compiling from CVS and finding all the dependancies needed, etc... --- James Sparenberg [EMAIL PROTECTED] wrote: it seems that his computer 216.86.64.33 is up but his webserver is down James On Wed, 2003-01-08 at 16:03, Francisco Alcaraz Ariza wrote: The pages of Mandrake eXPerience seems to be not longer accesible :-( Does anyone know if they have a new URL??? Thanks so much in advance Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mandrake snf mnf and Tripwire
On Fri, 2003-01-10 at 08:29, Lorne wrote: On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh? Later I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? Going way out on a limb, and I should really look it up in Ye Olde Textbook, but I would guess that the directory level check only alerts that something in the directory changed, but not what that file was, whereas a file-level check would tell you /bin/ls just got updated or backd00red. I'm probably wrong though :-) -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] X: 2 mouses with different speeds?
KDE has some configure options for this. However, i have the same problem as you. kde scale 0-10 i think it was anything more than 1 was too quick. and it goes up in steps of 1 ! i've emailed them, but no reply JG Robert Goshko wrote: On Thu, 2003-01-09 at 13:55, Joan Tur wrote: -BEGIN PGP SIGNED MESSAGE- I've modified XF86Config-4 in order for me to be able to use both integrated (it's a laptop) and usb mouses, and it now works. The problem is that the usb mouse moves too fast. How can I slow only the usb one? 8-? I have a similar config, but I have listed my USB mouse first in the XF86Config-4 file, I'm not sure if this would make a difference, but both mice are usable and I do not have any speed problems. Hope this helps. Section InputDevice Identifier Mouse1 Driver mouse Option Protocol IMPS/2 Option Device /dev/usbmouse Option ZAxisMapping 4 5 EndSection Section InputDevice Identifier Mouse2 Driver mouse Option Protocol PS/2 Option Device /dev/psaux Option Emulate3Buttons Option Emulate3Timeout 50 EndSection Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] MNF vs SNF
Hi all, Perhaps this is a newbie question, but I would really like your expert opinion :) - (I can repost to newb-list if it gets to hot in here) My question is: what are the main differences between MNF and SNF? I believe I heard MNF was built on mdk 8.2 and is for larger networks while SNF was built on mdk 7.2 and works best for small networks. I have played around with MNF and am very impressed with the easy to use web-based GUI! However, I have two concerns before I research to heavily into this: 1) MNF may be overkill. While I will need as heavy protection as possible, there is only one network (20-30 WS), and one to five servers including an email server...for now. 2) MNF is not free. Well sort of. Correct me if I'm wrong here, but I thought I read somewhere that the updates must be payed for after the 1st 6 mo. Free is a critical component at this stage. Based on what I've put here, would you guys suggest SNF? If so, is it available on most MDK mirros? Thanks in advance... __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Gigabyte EV-7VKML mobo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Sparenberg wrote on Thu, Jan 09, 2003 at 05:42:30PM -0800 : Todd I think I found the sound thread... title is RC3:ESD produces digital noise Seems to be something with esd sound and alsa drivers. I know this was on RC3 but it's possible that the problems with this sound card are continuous. I'm using arts and ALSA, but I won't dismiss the above because it could be some common underlying problem. I'm going to be doing all manners of BIOS tweaking/flashing and trying different RAM. We'll see if it makes any difference. Blue skies... Todd - -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ Favourite shell: bash, though I also like 'init=/usr/bin/emacs' --Andrew Tridgell Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+HwnUlp7v05cW2woRAkbtAJ9T6X5pSFOT37hfxSZ28bicXmA0iACbB/+H sLKC83pbcIjUYqWHPzuPw+0= =zyQF -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] redirecting to a port. Minor Modification.
Mark Weaver wrote on Thu, Jan 09, 2003 at 10:08:49PM -0500 : Hey Todd? What is it about your message (including the gpg sig) that causes Mozilla to crash every time I attempt to open one of your messages? I can open other signed message no problem but yours consistantly cause Mozilla no end of heartache! Well could be a couple of things: 1) I'm using mutt 1.5.3i (from CVS head of a couple days ago). 2) I'm doing inline signing instead of mime attachment type signing. I've turned it off for this message. If need be, we can exchange a few messages offlist and possibly file a bug report with either mozilla or mutt. Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] pgp sigs
Mark Watts wrote on Fri, Jan 10, 2003 at 04:26:02PM + : -BEGIN PGP SIGNED MESSAGE- snip -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+HvQaBn4EFUVUIO0RAk2+AJ9LuSiutz2npZLSJaDBWnvW+06EXwCfb4+V WM/uO0C/uNNiuWGP4pFKrjI= =NrDF -END PGP SIGNATURE- Mark, your messages are not recognized by mutt as being signed messages. I can tell this because I can see your pgp sig as quoted above instead of being verified. Could we do some offlist email exchanges to see what is the culprit in this? I can see possibly filing a bug report to the mutt guys. When I send messages, I'm using inline signing as well. Does your mail client show that it's signed or no? Blue skies... Todd -- MandrakeSoft USA http://www.mandrakesoft.com Mandrake: An amalgam of good ideas from RedHat, Debian, and MandrakeSoft. All in all, IMHO, an unbeatable combination. --Levi Ramsey on Cooker ML Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, Geez, you should be sitting there with tcpdump running nearly non-stop and logging to a seperate host so that you can see exactly is occurring. Get active and into it and you'll learn a LOT about security. You may _think_ you know a lot now, but when you watch a box getting 'sploited, and then pull the plug and figure it all out, you'll come out of it with some invaluable knowledge that you can put to use immediately! Just a suggestion at any rate. Blue skies... Todd - -- MandrakeSoft USA http://www.mandrakesoft.com Easy things should be easy, and hard things should be possible. --Larry Wall Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Hw07lp7v05cW2woRArzrAJ9PRdcmTWiQg5dTKDGDRPoOhrcJcwCfd9N4 Sta7D9pmRrfVFAQNY+mdByg= =Bgaf -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] pgp sigs
On Fri, 10 Jan 2003 10:05:45 -0800 Todd Lyons [EMAIL PROTECTED] wrote: Mark, your messages are not recognized by mutt as being signed messages. I can tell this because I can see your pgp sig as quoted above instead of being verified. Could we do some offlist email exchanges to see what is the culprit in this? I can see possibly filing a bug report to the mutt guys. Isn't he just using clear sign Charles printk(KERN_WARNING %s: Short circuit detected on the lobe\n, dev-name); 2.4.0-test2 /usr/src/linux/drivers/net/tokenring/lanstreamer.c -- Mandrake Linux 9.1 Kernel- 2.4.21-1mdk -- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] pgp sigs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles A Edwards wrote on Fri, Jan 10, 2003 at 01:22:15PM -0500 : Mark, your messages are not recognized by mutt as being signed messages. I can tell this because I can see your pgp sig as quoted above instead of being verified. Could we do some offlist email exchanges to see what is the culprit in this? I can see possibly filing a bug report to the mutt guys. Isn't he just using clear sign Yes, but so am I. Mine get verified. His don't (at least not on my system). So I'm trying to figure out who's non-compliant, mutt or mozilla or kmail or sylpheed or etc. Blue skies... Todd - -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+HxBtlp7v05cW2woRAmV7AJ9ArNHYuCFDoCsZsVUjeuBE5qLJggCfZMbw 1fTlxn60hVpg/uUIftGuTwM= =3qdx -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] kernel and headers versions does not match
Sorry for posting this again, but got no answer the first time... :-( but I think this time I will as it should be easy and just another stupidity from me ;-)) When I compile some programs they complain that kernel version (2.4.19-8mdkcustom) differs from headers one (2.4.18) and fail to install. How can I make kernel and header versions match? Thank you very much. -- Diego Dominguez __/\__ | | Andalucia /\ Spain \/ |__ __| \/ ___ Yahoo! Postales Felicita las Navidades con las postales más divertidas desde http://postales.yahoo.es Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Local CUPS printer S..L..O..W
Wondering one thing. If this is related to something I've noticed on my
systems here. I've got a single printer and multiple linux boxes. So
what happens is that box one a windows box has the printer local. Box 2
3 and 4 all do remote printing... So far so good.. Except each box has 3
printers 2 are the remote printers listed as remote cups printers, which
are actually the other Linux boxes on the net and 1 is the real
printer. No Matter what I do I cannot remove the remote cups printers
(even though the one on the windows box is a remote samba print.) If I
do somehow manage to remove them... it get auto restored later on. IF
I don't specify the samba printer as the default all over the place I
can have this same time problem. At the office it's all linux boxes and
1 has the printer 5 others do remote, and yes even the box that has the
local printer refuses to release those remote printers from it's
database. Again I have to make sure I connect a default all over the
box. Funny part is ... I can print to any one of them.. just takes
longer.
James
On Fri, 2003-01-10 at 06:48, et wrote:
hmmm, in hosts, is localhost defined? and in MCC hardware, printer, cups
configuration, did you allow auto Cups Configuration? or does it have an IP
or name? maybe the easiest _answer_ would be to remove the current cups
printer and then add new printer but that sounds so mickysoft.
On Friday 10 January 2003 12:04 am, Pierre Fortin wrote:
My local parallel attached printer takes over a minute to start printing
jobs. Here's part of strace on xpp... my question is WHY should CUPS be
trying to access my gateway to print locally. There is nothing in
printerdrake that takes an IP address for a local printer. Even
printerdrake takes a long time to get its info... what gives??
To get a more complete trace, I did:
$ ps aux | grep xpp
pfortin 29339 0.0 0.0 00 ?Z23:27 0:00 [xpp
defunct]
pfortin 30031 2.5 0.5 5584 2788 ?S23:50 0:00 xpp
The defunct process was from the previous print job...
send(5, POST / HTTP/1.1\r\n, 17, 0) = 17
send(5, Content-Length: 202\r\n, 21, 0) = 21
send(5, Content-Type: application/ipp\r\n, 31, 0) = 31
send(5, Host: localhost\r\n, 17, 0) = 17
send(5, \r\n, 2, 0) = 2
time(NULL) = 1042174357
send(5, \1\1\0\v\0\0\0\1, 8, 0) = 8
time(NULL) = 1042174357
send(5, \1G\0\22attributes-charset\0\niso-8859..., 34, 0) = 34
time(NULL) = 1042174357
send(5, H\0\33attributes-natural-language\0\5..., 37, 0) = 37
time(NULL) = 1042174357
send(5, E\0\vprinter-uri\0\33ipp://localhost/..., 43, 0) = 43
time(NULL) = 1042174357
send(5, B\0\24requested-attributes\0\25printer..., 79, 0) = 79
time(NULL) = 1042174357
send(5, \3, 1, 0) = 1
recv(5, HTTP/1.1 200 OK\r\nDate: Fri, 10 J..., 2048, 0) = 2048
time(NULL) = 1042174357
[snip]
time(NULL) = 1042174357
brk(0x80be000) = 0x80be000
time(NULL) = 1042174357
recv(5, iptI\0\0\0\33application/vnd.cups-ras..., 1714, 0) = 1714
brk(0x80bf000) = 0x80bf000
brk(0x80c) = 0x80c
time(NULL) = 1042174357
uname({sys=Linux, node=gypsy.pfortin.com, ...}) = 0
close(5)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
gettimeofday({1042174357, 791686}, NULL) = 0
time(NULL) = 1042174357
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4) = 0
connect(5, {sin_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr(192.168.1.1)}}, 16
#stalls here
) = -1 ETIMEDOUT (Connection timed out)
#well DUH!! The gateway is a LinkSys router -- no port 631
close(5)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
gettimeofday({1042174546, 789969}, NULL) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 5
connect(5, {sin_family=AF_UNIX, path=/var/run/.nscd_socket}, 110) = -1
ENOENT (No such file or directory)
close(5)= 0
open(/etc/hosts, O_RDONLY)= 5
fcntl64(5, F_GETFD) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=192, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(5, 192.168.1.1\t\tr41.pfortin.com r41..., 4096) = 192
read(5, , 4096) = 0
close(5)= 0
[expert] Samba 2.2.7a packages
Hey Mandrake, I see there is still no regular update to Samba to fix the very nasty 2gb file limit. So, I checked cooker. There -is- one in there, but the cooker packages won't install on a 9.0 machine! I'm getting endless dependencies. What's up with this? Is it possible to ask for an update to at least the 9.0 samba packages to fix this problem? Thanks. Bob Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Local CUPS printer S..L..O..W
Hi! Okay, I think I know what you've got going on here. Do you have your systems set to automagically share their printers over the network? If so, what is happening is that the linux boxes with no local printer are attempting to share the network printer back to the box hosting the printer. So essentially each computer is trying to share the network printer with all the other computers, which is why you have so many ghost printers showing up that still work to print to. Another way to look at it: Computer 1 is sharing its printer with computers 2 and 3. Computers 2 and 3 see the network printer. Computers 2 and 3 also try to share their printers, which just so happens to be the network printer, with the other computers. Since Computer 1 does not recognize either of these shared printers as actually being its own printer, it goes ahead and makes them available locally. Therefore, if you print to one of the remote printers from computer 1, the print job goes from computer 1 to computer 2 or 3, then back to computer 1 before it hits the printer. The only computer that should be running printer sharing is the one acting as the printer host, that is, the computer local to the printer. All the other computers *should not* have printer sharing turned on. I'm not quite sure where you change this setting at since I'm not using Mandrake 9, but it should clear up the problem of the local printer showing up as a remote printer repeatedly. Hope this helps! Jon 8^) - Where is the horse and the rider? Where is the horn that was blowing? They have passed like rain on the mountain, like wind in the meadow; The days have gone down in the West, behind the hills into shadow. How did it come to this? -- Theoden King, The Two Towers [EMAIL PROTECTED] 01/10/03 01:51PM Wondering one thing. If this is related to something I've noticed on my systems here. I've got a single printer and multiple linux boxes. So what happens is that box one a windows box has the printer local. Box 2 3 and 4 all do remote printing... So far so good.. Except each box has 3 printers 2 are the remote printers listed as remote cups printers, which are actually the other Linux boxes on the net and 1 is the real printer. No Matter what I do I cannot remove the remote cups printers (even though the one on the windows box is a remote samba print.) If I do somehow manage to remove them... it get auto restored later on. IF I don't specify the samba printer as the default all over the place I can have this same time problem. At the office it's all linux boxes and 1 has the printer 5 others do remote, and yes even the box that has the local printer refuses to release those remote printers from it's database. Again I have to make sure I connect a default all over the box. Funny part is ... I can print to any one of them.. just takes longer. James On Fri, 2003-01-10 at 06:48, et wrote: hmmm, in hosts, is localhost defined? and in MCC hardware, printer, cups configuration, did you allow auto Cups Configuration? or does it have an IP or name? maybe the easiest _answer_ would be to remove the current cups printer and then add new printer but that sounds so mickysoft. On Friday 10 January 2003 12:04 am, Pierre Fortin wrote: My local parallel attached printer takes over a minute to start printing jobs. Here's part of strace on xpp... my question is WHY should CUPS be trying to access my gateway to print locally. There is nothing in printerdrake that takes an IP address for a local printer. Even printerdrake takes a long time to get its info... what gives?? To get a more complete trace, I did: $ ps aux | grep xpp pfortin 29339 0.0 0.0 00 ?Z23:27 0:00 [xpp defunct] pfortin 30031 2.5 0.5 5584 2788 ?S23:50 0:00 xpp The defunct process was from the previous print job... send(5, POST / HTTP/1.1\r\n, 17, 0) = 17 send(5, Content-Length: 202\r\n, 21, 0) = 21 send(5, Content-Type: application/ipp\r\n, 31, 0) = 31 send(5, Host: localhost\r\n, 17, 0) = 17 send(5, \r\n, 2, 0) = 2 time(NULL) = 1042174357 send(5, \1\1\0\v\0\0\0\1, 8, 0) = 8 time(NULL) = 1042174357 send(5, \1G\0\22attributes-charset\0\niso-8859..., 34, 0) = 34 time(NULL) = 1042174357 send(5, H\0\33attributes-natural-language\0\5..., 37, 0) = 37 time(NULL) = 1042174357 send(5, E\0\vprinter-uri\0\33ipp://localhost/..., 43, 0) = 43 time(NULL) = 1042174357 send(5, B\0\24requested-attributes\0\25printer..., 79, 0) = 79 time(NULL) = 1042174357 send(5, \3, 1, 0) = 1 recv(5, HTTP/1.1 200 OK\r\nDate: Fri, 10 J..., 2048, 0) = 2048 time(NULL) = 1042174357 [snip]
Re: [expert] Local CUPS printer S..L..O..W
and in MCC hardware, printer, cups configuration, did you allow auto Cups Configuration? James ought to spec the IP number of the one box with the printer attached, and not do auto config I just think James ought give up one the winboxen-printerserver grin Do you have your systems set to automagically share their printers over the network? If so, what is happening is that the linux boxes with no local printer are attempting to share the network printer back to the box hosting the printer. So essentially each computer is trying to share the network printer with all the other computers, which is why you have so many ghost printers showing up that still work to print to. Another way to look at it: Computer 1 is sharing its printer with computers 2 and 3. Computers 2 and 3 see the network printer. Computers 2 and 3 also try to share their printers, which just so happens to be the network printer, with the other computers. Since Computer 1 does not recognize either of these shared printers as actually being its own printer, it goes ahead and makes them available locally. Therefore, if you print to one of the remote printers from computer 1, the print job goes from computer 1 to computer 2 or 3, then back to computer 1 before it hits the printer. The only computer that should be running printer sharing is the one acting as the printer host, that is, the computer local to the printer. All the other computers *should not* have printer sharing turned on. I'm not quite sure where you change this setting at since I'm not using Mandrake 9, but it should clear up the problem of the local printer showing up as a remote printer repeatedly. Hope this helps! Jon 8^) yep that's correct, we were wondering just where that setting is best changed. I just think James ought give up one the winboxen-printerserver grin [EMAIL PROTECTED] 01/10/03 01:51PM Wondering one thing. If this is related to something I've noticed on my systems here. I've got a single printer and multiple linux boxes. So what happens is that box one a windows box has the printer local. Box 2 3 and 4 all do remote printing... So far so good.. Except each box has 3 printers 2 are the remote printers listed as remote cups printers, which are actually the other Linux boxes on the net and 1 is the real printer. No Matter what I do I cannot remove the remote cups printers (even though the one on the windows box is a remote samba print.) If I do somehow manage to remove them... it get auto restored later on. IF I don't specify the samba printer as the default all over the place I can have this same time problem. At the office it's all linux boxes and 1 has the printer 5 others do remote, and yes even the box that has the local printer refuses to release those remote printers from it's database. Again I have to make sure I connect a default all over the box. Funny part is ... I can print to any one of them.. just takes longer. James On Fri, 2003-01-10 at 06:48, et wrote: hmmm, in hosts, is localhost defined? and in MCC hardware, printer, cups configuration, did you allow auto Cups Configuration? or does it have an IP or name? maybe the easiest _answer_ would be to remove the current cups printer and then add new printer but that sounds so mickysoft. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba Bug Found!!!
I haven't tried any of the newer versions. Just the one from MandrakeUpdate packages from mdk 8.2. I was considering updating samba to 2.2.7 because I would like to avoid the security problem. -Dave On 01/09/03 22:11 -0500, Mark Weaver wrote: Dave Seff wrote: It looks like Mandrake's latest patch/package (samba-2.2.3a-10.1mdk) for Samba has a bug. If you use Samba as a PDC, New users added will not be able to +log on to the domain. The problem lies in the NT password hash section of the smbpasswd file. I have rolled back to the stock mdk8.2 RPM And readded the +users and then it was ok. I haven't had a chance to look through any source, so If anyone from Mandrake reads this, I hope you get a chance to look at it. Cheers, -Dave Dave, I'm using 2.2.6-1.1mdk. is that same bug present in this version of Samba? Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] kernel and headers versions does not match
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ddc_prueba wrote on Fri, Jan 10, 2003 at 07:49:53PM +0100 : When I compile some programs they complain that kernel version (2.4.19-8mdkcustom) differs from headers one (2.4.18) and fail to install. This is probably due to the programs doing the wrong thing. 1) When compiling kernel modules, they use headers from /usr/src/linux/include. Period. 2) When compiling applications, they use headers from /usr/include or /usr/local/include or any place *OTHER THAN* /usr/src/linux/include. If your app is trying to directly include kernel headers, or if your kernel module is trying to directly include /usr/include/linux headers, it will fail. This is at Linus' decree. It's not a Mandrake issue that we comply with the big guy. The issue is complicated because kernel-headers doesn't supply the current kernel headers. I know, I know. The kernel headers are actually provided by the kernel-source rpm. The kernel-headers rpm actually provides the headers that were used to compile glibc. It only changes when glibc changes, so it's natural that kernel-headers-* is a different version than kernel-*. In cooker, this has already been changed so that it's much simpler to make sense of in your mind. snip 7 line signature Blue skies... Todd - -- | MandrakeSoft USA | Sometimes you get what you want. | | http://www.mandrakesoft.com | Sometimes you get experience.| | http://www.mandrakelinux.com |--unknown origin | Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD4DBQE+HzTTlp7v05cW2woRAp9vAJiTRZFgEm+tsw7NeFThpRynmu+iAKCGzLwR pdzW4KHAoeMzUz+Z4oBqFg== =wyKL -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba Bug Found!!!
On Fri, 10 Jan 2003, Dave M Seff wrote: I haven't tried any of the newer versions. Just the one from MandrakeUpdate packages from mdk 8.2. I was considering updating samba to 2.2.7 because I would like to avoid the security problem. You will want to upgrade Squid as well, if you use it. The same authentication code was used for squid in 2.4-stable6. -Dave On 01/09/03 22:11 -0500, Mark Weaver wrote: Dave Seff wrote: It looks like Mandrake's latest patch/package (samba-2.2.3a-10.1mdk) for Samba has a bug. If you use Samba as a PDC, New users added will not be able to +log on to the domain. The problem lies in the NT password hash section of the smbpasswd file. I have rolled back to the stock mdk8.2 RPM And readded the +users and then it was ok. I haven't had a chance to look through any source, so If anyone from Mandrake reads this, I hope you get a chance to look at it. Cheers, -Dave Dave, I'm using 2.2.6-1.1mdk. is that same bug present in this version of Samba? Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What happened with Mandrake eXPerience?
Are you talking about this site? http://www.geocities.com/desktopmandrake/articles.htm It might be a mirror. Jim On Friday January 10, 2003 04:46 pm, T E wrote: Oh no you're right. And he had the best WineX tutorial I had found! Does anyone else know where there is a simularly extensive WineX tutorial? You know, one that covers compiling from CVS and finding all the dependancies needed, etc... --- James Sparenberg [EMAIL PROTECTED] wrote: it seems that his computer 216.86.64.33 is up but his webserver is down James On Wed, 2003-01-08 at 16:03, Francisco Alcaraz Ariza wrote: The pages of Mandrake eXPerience seems to be not longer accesible :-( Does anyone know if they have a new URL??? Thanks so much in advance Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- 5:01pm up 21 days, 20:04, 4 users, load average: 0.00, 0.00, 0.00 Running Mandrake 9.0 - Linux - because life is too short for reboots... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba Bug Found!!!
On Fri, 10 Jan 2003, alan wrote: On Fri, 10 Jan 2003, Dave M Seff wrote: I haven't tried any of the newer versions. Just the one from MandrakeUpdate packages from mdk 8.2. I was considering updating samba to 2.2.7 because I would like to avoid the security problem. You will want to upgrade Squid as well, if you use it. The same authentication code was used for squid in 2.4-stable6. Correction: Was *fixed* in 2.4-stable6. -Dave On 01/09/03 22:11 -0500, Mark Weaver wrote: Dave Seff wrote: It looks like Mandrake's latest patch/package (samba-2.2.3a-10.1mdk) for Samba has a bug. If you use Samba as a PDC, New users added will not be able to +log on to the domain. The problem lies in the NT password hash section of the smbpasswd file. I have rolled back to the stock mdk8.2 RPM And readded the +users and then it was ok. I haven't had a chance to look through any source, so If anyone from Mandrake reads this, I hope you get a chance to look at it. Cheers, -Dave Dave, I'm using 2.2.6-1.1mdk. is that same bug present in this version of Samba? Mark Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] redirecting to a port. Minor Modification.
Rolf Pedersen wrote: Mark Weaver wrote: Todd Lyons wrote: Blue skies...Todd Hey Todd? What is it about your message (including the gpg sig) that causes Mozilla to crash every time I attempt to open one of your messages? I can open other signed message no problem but yours consistantly cause Mozilla no end of heartache! Mark This might be due to a bug you can see at mozilla.org bugzilla wrt the XUL.mfasl file in the .mozilla user profile directory. The short of it is I delete this file when I get strange crashes in mozilla mail and it fixes, for a while. Rolf Rolf, Thanks for the info. Got rid of that file and we'll see how things go. -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] cups
Hi, How do I add a printer to Linux using CUPS. I have a Intel NetPro Print Server with 2 parallel ports and 1 serial port. I'm trying to hook up to it and access parallel port 1 (factory default for this port is 3001). So I tried making a connection using 192.168.xx.yy. port 3001 with no driver using webmin. I can add the printer but when I tried to print a test page, I get Error - Perl execution failed Undefined subroutine main::quotemeta at cups-lib.pl line 267. Would someone kindly offer their experience on this? Thanks. Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba 2.2.7a packages
On Sat, 11 Jan 2003 10:34 am, Mark Weaver wrote: I see there is still no regular update to Samba to fix the very nasty 2gb file limit. So, I checked cooker. There -is- one in there, but the cooker packages won't install on a 9.0 machine! I'm getting endless dependencies. What's up with this? Is it possible to ask for an update to at least the 9.0 samba packages to fix this problem? Thanks. [SNIP] just how long is that list of dependencies? it might be worth it to you to satisfy them if you can get past the 2GB file limit. This *usually* works on cooker releases earlier in the cycle (i.e. just after the main release), but I wouldn't really recommend it, unless you have a test box. What I try to do is get the cooker source .rpm and rebuild it on your system (rpm --rebuild xxx.src.rpm). Yes, you might still have to go off and get some dependent stuff, (and maybe build that too!!) and you'll almost certainly have to install some developer packages, but you'll end up with new packages built for your system hth -- john in sydney Mandrake Linux 9.0, Kernel version: 2.4.19-16mdk OpenPGP key available on www.keyserver.net 1024D/3E4A902F B38A AB0F 8658 D9E1 4900 3050 08FA D4FA 3E4A 902F Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What happened with Mandrake eXPerience?
On Friday 10 January 2003 12:50 pm, James Conner wrote: Are you talking about this site? http://www.geocities.com/desktopmandrake/articles.htm It might be a mirror. Jim Jim: No, that isn't it. This site has a (now-working) link to the Mandrake eXPerience site. BTW, Desktop Mandrake has changed its address to www.desktopmandrake.cjb.net (although your link worked fine.) -- cmg Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Local CUPS printer S..L..O..W
On Fri, 10 Jan 2003 09:48:31 -0500 et [EMAIL PROTECTED] wrote:
hmmm, in hosts, is localhost defined? and in MCC hardware, printer,
cups configuration, did you allow auto Cups Configuration? or does it
have an IP or name? maybe the easiest _answer_ would be to remove the
current cups printer and then add new printer but that sounds so
mickysoft.
localhost is defined. no auto. the printer is on [waiting for the
attempts to connect to the gateway to timeout...] parallel port#0 -- can't
imagine why that would result in trying to access the gateway. There's a
remote printer on another box; but nothing explains why CUPS should
suddenly decide it should connect to a non-CUPS box before printing
locally... or why MCCcups should likewise decide to do so.
Upgrading CUPS now with latest... same problem... nope... now it takes
longer to start printing... sigh
Pierre
On Friday 10 January 2003 12:04 am, Pierre Fortin wrote:
My local parallel attached printer takes over a minute to start
printing jobs. Here's part of strace on xpp... my question is WHY
should CUPS be trying to access my gateway to print locally. There is
nothing in printerdrake that takes an IP address for a local printer.
Even printerdrake takes a long time to get its info... what gives??
To get a more complete trace, I did:
$ ps aux | grep xpp
pfortin 29339 0.0 0.0 00 ?Z23:27 0:00 [xpp
defunct]
pfortin 30031 2.5 0.5 5584 2788 ?S23:50 0:00 xpp
The defunct process was from the previous print job...
send(5, POST / HTTP/1.1\r\n, 17, 0) = 17
send(5, Content-Length: 202\r\n, 21, 0) = 21
send(5, Content-Type: application/ipp\r\n, 31, 0) = 31
send(5, Host: localhost\r\n, 17, 0) = 17
send(5, \r\n, 2, 0) = 2
time(NULL) = 1042174357
send(5, \1\1\0\v\0\0\0\1, 8, 0) = 8
time(NULL) = 1042174357
send(5, \1G\0\22attributes-charset\0\niso-8859..., 34, 0) = 34
time(NULL) = 1042174357
send(5, H\0\33attributes-natural-language\0\5..., 37, 0) = 37
time(NULL) = 1042174357
send(5, E\0\vprinter-uri\0\33ipp://localhost/..., 43, 0) = 43
time(NULL) = 1042174357
send(5, B\0\24requested-attributes\0\25printer..., 79, 0) = 79
time(NULL) = 1042174357
send(5, \3, 1, 0) = 1
recv(5, HTTP/1.1 200 OK\r\nDate: Fri, 10 J..., 2048, 0) = 2048
time(NULL) = 1042174357
[snip]
time(NULL) = 1042174357
brk(0x80be000) = 0x80be000
time(NULL) = 1042174357
recv(5, iptI\0\0\0\33application/vnd.cups-ras..., 1714, 0) = 1714
brk(0x80bf000) = 0x80bf000
brk(0x80c) = 0x80c
time(NULL) = 1042174357
uname({sys=Linux, node=gypsy.pfortin.com, ...}) = 0
close(5)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
gettimeofday({1042174357, 791686}, NULL) = 0
time(NULL) = 1042174357
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4) = 0
connect(5, {sin_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr(192.168.1.1)}}, 16
#stalls here
) = -1 ETIMEDOUT (Connection timed out)
#well DUH!! The gateway is a LinkSys router -- no port 631
close(5)= 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
gettimeofday({1042174546, 789969}, NULL) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 5
connect(5, {sin_family=AF_UNIX, path=/var/run/.nscd_socket}, 110) =
-1 ENOENT (No such file or directory)
close(5)= 0
open(/etc/hosts, O_RDONLY)= 5
fcntl64(5, F_GETFD) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=192, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0)= 0x40014000
read(5, 192.168.1.1\t\tr41.pfortin.com r41..., 4096) = 192
read(5, , 4096) = 0
close(5)= 0
munmap(0x40014000, 4096)= 0
time(NULL) = 1042174546
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(5, SOL_TCP, TCP_NODELAY, [1], 4) = 0
connect(5, {sin_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr(127.0.0.1)}}, 16) = 0
send(5, POST / HTTP/1.1\r\n, 17, 0) = 17
send(5, Content-Length: 202\r\n, 21, 0) = 21
send(5, Content-Type:
[expert] dosemu?
Anybody knows why dosemu is not included with Mandrake? -- Toshiro Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SSH
Rolf Pedersen wrote: Mark Weaver wrote: Pierre Fortin wrote: Stop or remove shorewall -- sure wish Mdk would have made it more obvious during install/upgrade that it was going to add a firewall without asking... :^Pierre problem is...what does one use on a Mandrake 9.0 box if not shorewall because I've had a terrible time in the past trying to get Bastille to work on an MDK 9 box, which led me swiftly back to an 8.2 installation for server use. and I did take a look at gShield. The little bugger liked to drove me nuts! Mark My only relevant experience is not being able to get Shorewall to quickly work and having subsequent success with guarddog, in contrib. It has a simple gui and the help brings up an easy-to-follow kde tutorial for the basic configuration. For protocols like rsync, ldap, cvs, rdate, I would look for the port used in the man, in /etc/services, or at google and add it through the 'Advanced' tab. It took me as much as to strace gpg to find what port it was using to import a key from a keyserver but everything I needed, so far, has been doable. Rolf Nice! I'll have to give that one a look. Although I can't get away from wanting to get my hands REAL dirty and do an entire FW from scratch the old-fashioned way. -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba 2.2.7a packages
On Fri Jan 10, 2003 at 06:34:31PM -0500, Mark Weaver wrote:
Hey Mandrake,
I see there is still no regular update to Samba to fix the very nasty 2gb
file limit.
So, I checked cooker. There -is- one in there, but the cooker packages
won't install on a 9.0 machine! I'm getting endless dependencies. What's
up with this? Is it possible to ask for an update to at least the 9.0
samba packages to fix this problem? Thanks.
Bob
Bob,
just how long is that list of dependencies? it might be worth it to you
to satisfy them if you can get past the 2GB file limit.
Could also rebuild the srpm. I'm sure that's probably easiest.
Anyways, does 2.2.7a fix this 2GB file limit problem? How long has
this problem been around (this is the first I've heard of it, but I'm
not a samba user).
It's also unfair to be sitting around and yelling Hey Mandrake when
are you going to fix this bug that no one reported?. Is there a
bugzilla entry for this? I am assuming that if this was a legitimate
problem that needed to be addressed in updates, and the bug had been
reported to someone here, that it would have been forwarded to myself.
This hasn't happened so I can only assume one of two things: It was
reported, but not acted on, or it wasn't reported.
Which one is it, Bob? Where's the bugzilla report you posted?
--
MandrakeSoft Security; http://www.mandrakesecure.net/
lynx -source http://linsec.ca/vdanen.asc | gpg --import
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg63958/pgp0.pgp
Description: PGP signature
Re: [expert] cups
Hi, After some researching 8) I need to set cups to use lpd://192.168.xx.yy/queue_name to get it to print. Regards, Norman - Original Message - From: Norman Zhang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 10, 2003 3:50 PM Subject: [expert] cups Hi, How do I add a printer to Linux using CUPS. I have a Intel NetPro Print Server with 2 parallel ports and 1 serial port. I'm trying to hook up to it and access parallel port 1 (factory default for this port is 3001). So I tried making a connection using 192.168.xx.yy. port 3001 with no driver using webmin. I can add the printer but when I tried to print a test page, I get Error - Perl execution failed Undefined subroutine main::quotemeta at cups-lib.pl line 267. Would someone kindly offer their experience on this? Thanks. Regards, Norman Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Friday 10 January 2003 01:31 am, Ken Hawkins wrote: On Friday 10 January 2003 04:15 pm, Lorne wrote: On Friday 10 January 2003 12:58 am, Ken Hawkins wrote: SNIP A WHOLE LOT OUT I have run this against some online security test sites, and they have all never been able to get more from my computer behind the firewall than my browser version. It leaves a FEW things open by default, but those are easily corrected. Ken Hawkins ***ALERT*** I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, don't trust it too much. :) OR: Sure I'm paranoid...but am I paranoid enough? Sorry, didn't mean to imply that I was invulnerable...just that it was a cheap easy solution to be MUCH more secure that most people out there. Remember that there are millions of users out there still with windblows machines plugged straight into their DSL/Cable modems with NO firewalls. Damned scary isn't it!? No need to appologize. :) When you say they were poking around, had they been able to install s/w, read documents, change configs? Or was it just port scanning, rattling the doorknobs so to speak? They had made it past my firewall and were rattling the door knobs on IP addresses beyond the firewall. So basically they had breached the moat and were trying doors in the castle. Scary and obviously the firewall is compromised when they do this. Ken Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall stuff SSH
On Friday 10 January 2003 11:13 am, Todd Lyons wrote: Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : I've run coyote-linux for 5 years now and have NEVER been hacked. That is until September of 2002. I spoke with the author and he felt his system was secure and it couldn't have been his LRP based firewall that broke down. I DID have port 21 forwarded, so assumed it was the inside box that got compromised via port 21. I took the inside box off line, totally built it from scratch, hardened all boxes and made sure I had a secure intranet. I then brought the firewall back up. Within a month someone was poking around inside my intranet again. Now it seems that it takes about 48 hours for them to get back in. So I've been rebooting it every night until I can get my MNF box up. I believe there is some buffer overflow or other vulnerability that hasn't been identified yet with the LRP firewall system. So just a warning, Geez, you should be sitting there with tcpdump running nearly non-stop and logging to a seperate host so that you can see exactly is occurring. Get active and into it and you'll learn a LOT about security. You may _think_ you know a lot now, but when you watch a box getting 'sploited, and then pull the plug and figure it all out, you'll come out of it with some invaluable knowledge that you can put to use immediately! I prefer ethereal and sniffer pro and I have had really really limited time here at home. I've been getting more and more into packet analysis at work and it is pretty cool stuff. I've been to a couple of classes on it. I've had snort running on Mandrake snf and I'm putting the finishing touches on MNF. It has snort. I'm putting tripwire on it now. What I REALLY would like to do is set up a honey pot and then I'm truly in control and can watch with interest what is going on. I'm trying to talk my boss into letting me set up a honey pot at work, but corportate is against it. I need to talk to the fellow that is against it. I think he is wrong. :) Just a suggestion at any rate. Blue skies... Todd Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mandrake snf mnf and Tripwire
On Friday 10 January 2003 09:47 am, Jack Coates wrote: On Fri, 2003-01-10 at 08:29, Lorne wrote: On Thursday 09 January 2003 10:29 pm, Jack Coates wrote: On Thu, 2003-01-09 at 20:54, Lorne wrote: I'm having trouble finding a simple piece of information on tripwire. Since the existing config files aren't designed with Mandrake in mind, it is pretty useless out of the box. I've got it figured out now, but since I'm not a total linux gear head yet I have a dumb question perhaps. Is it safe to assume that /sbin and /bin should have no files ever change? If that is the case, then I need to add every single one to the file. Obviously files change in /var etc, but I'm a little unsure of all the files I need to add system wide. /sbin and /bin shouldn't change unless a security patch does it. Tripwire has a directory-level setting, you don't have to enter every singel file. Well that is what I thought, but then why do they follow up in the red hat version and mark every single file and give it a rating of say SEC_CRIT ?? Is that redundant? I guess I can test this theory by finding a file not currently listed in the pol file, then over writing it with another and run a check and see if it catches it eh? Later I just did a test of the above theory. BINGO! You are absolutely correct. I detected an add sure enough. Do you know why they have all those individual files listed with a SEC_CRIT? Going way out on a limb, and I should really look it up in Ye Olde Textbook, but I would guess that the directory level check only alerts that something in the directory changed, but not what that file was, whereas a file-level check would tell you /bin/ls just got updated or backd00red. I'm probably wrong though :-) hmm the real problem I've had is the lack of documentation. It seems the trip wire folks have done them selves a disservice by not having more information out there. ?? If you know of a book name or source I can go find, I'm all over that. :) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to convert curly quotes etc. to plain text?
On Sat, 11 Jan 2003 03:42, Mark Weaver wrote: Damon Lynch wrote: On Fri, 2003-01-10 at 16:18, Mark Weaver wrote: I don't mean to be facicious here, but the utility is called PERL. I can already do that with Python (and in fact I am doing that). But it seems a common enough problem that there must already be a good solution out there, which will have the advantage of covering all the codes used by M$, not just the ones I've picked up thus far.. Damon Damon, If you can already do it with Python, then why not go through the rest of the process and finish the application. Then there will be an app out there that will do what you are needing. course, then the rest of us will be able to make use of such a utility. :) And the demoroniser page i sent tells you where all those illegal characters are. Illegal because the area they are in is reserved and not to be used for normal characters. -- Michael Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] MNF vs SNF
On Friday 10 January 2003 10:20 am, T E wrote: Hi all, Perhaps this is a newbie question, but I would really like your expert opinion :) - (I can repost to newb-list if it gets to hot in here) My question is: what are the main differences between MNF and SNF? I believe I heard MNF was built on mdk 8.2 and is for larger networks while SNF was built on mdk 7.2 and works best for small networks. I hate their naming conventions for their firewalls. I LOVE their implementations. My opinion is the older one shouldn't be used, since there are vulnerabilities unless it is patched is probablyl not safe. The gui looks almost identical between the two. The older of the two only supports 2 nics. The newer one supports at least 3 because I am setting one up and it bound all three. I don't think it is fair to say one is for small networks and the other big ones. ? I have played around with MNF and am very impressed with the easy to use web-based GUI! However, I have two concerns before I research to heavily into this: 1) MNF may be overkill. While I will need as heavy protection as possible, there is only one network (20-30 WS), and one to five servers including an email server...for now. 2) MNF is not free. Well sort of. Correct me if I'm wrong here, but I thought I read somewhere that the updates must be payed for after the 1st 6 mo. Free is a critical component at this stage. Based on what I've put here, would you guys suggest SNF? If so, is it available on most MDK mirros? Thanks in advance... I highly recommend the newer one. I don't believe there is any time bomb, and I'm not sure if they require money after 6 months, although it is certainly worth what ever it is they charge. I subscribe, so haven't actually purchased a shrink wrap one. I think they get more money by just donating so that is what I did. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] pgp sigs
On Fri, Jan 10, 2003 at 10:26 -0800, Todd Lyons wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles A Edwards wrote on Fri, Jan 10, 2003 at 01:22:15PM -0500 : Mark, your messages are not recognized by mutt as being signed messages. I can tell this because I can see your pgp sig as quoted above instead of being verified. Could we do some offlist email exchanges to see what is the culprit in this? I can see possibly filing a bug report to the mutt guys. Isn't he just using clear sign Yes, but so am I. Mine get verified. His don't (at least not on my system). So I'm trying to figure out who's non-compliant, mutt or mozilla or kmail or sylpheed or etc. Blue skies... Todd - -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-2mdk -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+HxBtlp7v05cW2woRAmV7AJ9ArNHYuCFDoCsZsVUjeuBE5qLJggCfZMbw 1fTlxn60hVpg/uUIftGuTwM= =3qdx -END PGP SIGNATURE- As you can see, your's doesn't get verified as well. See my MUA in the header. wobo -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba 2.2.7a packages
On Fri, 10 Jan 2003 19:31:14 -0700, Vincent Danen wrote: On Fri Jan 10, 2003 at 06:34:31PM -0500, Mark Weaver wrote: Hey Mandrake, I see there is still no regular update to Samba to fix the very nasty 2gb file limit. So, I checked cooker. There -is- one in there, but the cooker packages won't install on a 9.0 machine! I'm getting endless dependencies. What's up with this? Is it possible to ask for an update to at least the 9.0 samba packages to fix this problem? Thanks. Bob Bob, just how long is that list of dependencies? it might be worth it to you to satisfy them if you can get past the 2GB file limit. Could also rebuild the srpm. I'm sure that's probably easiest. Anyways, does 2.2.7a fix this 2GB file limit problem? How long has this problem been around (this is the first I've heard of it, but I'm not a samba user). It's also unfair to be sitting around and yelling Hey Mandrake when are you going to fix this bug that no one reported?. Is there a bugzilla entry for this? I am assuming that if this was a legitimate problem that needed to be addressed in updates, and the bug had been reported to someone here, that it would have been forwarded to myself. This hasn't happened so I can only assume one of two things: It was reported, but not acted on, or it wasn't reported. Which one is it, Bob? Where's the bugzilla report you posted? rant Rpm, shmarpm. Just go get the source and build it. If an RPM is available, by all means use it, but when it's not, it's Linux folks. Rol up your sleeves and dig in. /rant -- Matthew O. Persico Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SSH
Pierre Fortin wrote: On Thu, 09 Jan 2003 22:14:27 -0500 Mark Weaver [EMAIL PROTECTED] wrote: Pierre Fortin wrote: Stop or remove shorewall -- sure wish Mdk would have made it more obvious during install/upgrade that it was going to add a firewall without asking... :^Pierre problem is...what does one use on a Mandrake 9.0 box if not shorewall because I've had a terrible time in the past trying to get Bastille to work on an MDK 9 box, which led me swiftly back to an 8.2 installation for server use. and I did take a look at gShield. The little bugger liked to drove me nuts! Mark If you're gonna protect a box(es), it should be done before the traffic gets to it... shorewall is like putting the deadbolt on the coat closet door instead of the front door IMO. I use an external box. Pierre truer words were nere spoken, but at the moment I's a bit equipment po and lack the necessary hardware with which to implement such a scheme. However, it is in the planning stages for my network. ;) -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] scanner not detected if not switched on upon startup
On Thu, 09 Jan 2003 13:46:30 +, Pierre Fortin wrote: On Thu, 09 Jan 2003 10:47:09 +0100 Udo Rader [EMAIL PROTECTED] wrote: hi all, I've a scsi-scanner here (umax astra) that works like a charm. My only problem is that I have to turn it on before I boot the computer, otherwise it is simply not detected (sane-find-scanner). The only solution I've come around so far is to rmmod my scsi-module as root, turn on the scanner, insmod my scsi-module again as root and then thats it. Giving root-access to all the people that use the machine is not an option, so are there any other possibilities to detect the scanner as a normal user? thanks udo I have SCSI disks on the same busas my scanner, so rmmod might cause problems with those. I use the following script -- it was intended to get a disk back online in earlier LM versions; but it works for the scanner too... just pass it the lun of the scanner -- adjust the other parameters if your scanner is on anything but the first SCSI adapter. #!/bin/sh # enable a SCSI drive which was offline at bootup echo scsi add-single-device 0 0 $1 0 /proc/scsi/scsi You could create a cron task that checks for the scanner in /proc/scsi/scsi and re-enable it if off. HTH, Pierre hi pierre, thanks for your suggestion which works perfectly. udo Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to convert curly quotes etc. to plain text?
Damon Lynch wrote: On Fri, 2003-01-10 at 16:18, Mark Weaver wrote: I don't mean to be facicious here, but the utility is called PERL. I can already do that with Python (and in fact I am doing that). But it seems a common enough problem that there must already be a good solution out there, which will have the advantage of covering all the codes used by M$, not just the ones I've picked up thus far.. Damon Damon, If you can already do it with Python, then why not go through the rest of the process and finish the application. Then there will be an app out there that will do what you are needing. course, then the rest of us will be able to make use of such a utility. :) -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] urpmi --auto-select, apache 1.3 and apache2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 09 January 2003 19:14, Mark Watts wrote: I searched the archives and found this question asked, but no suitable answer given. I have Mandrake 9.0, installed with Apache 1.3.x. urpmi --auto-select always tries to install Apache 2. I have a local 9.0 CD source, 9.0 updates, 9.0 contrib, rpmhelp 9.0 and plf. Interestingy, 'urpmi apache' says that everything is already installed. Any thoughts? What does rpm -qa | grep apache2 gives? [root@mwatts mwatts]# rpm -qa | grep apache apache-1.3.26-6.1mdk apache-common-1.3.26-6.1mdk apache-modules-1.3.26-6.1mdk apache-conf-1.3.26-3mdk [root@mwatts mwatts]# urpmi apache everything already installed [root@mwatts mwatts]# urpmi --auto-select To satisfy dependencies, the following packages are going to be installed: apache2-common-2.0.40ADVX-8mdk.i586 apache2-conf-2.0.40ADVX-14mdk.i586 Is this OK? (Y/n) [root@mwatts mwatts]# (I've cut a bunch of things out so there isn't a total) I can understand that both Apache 1.3 and Apache 2 provide 'apache' but I'm getting inconsistant results between urpmi and urpmi --auto-select. Unless I'm wrong (and I havent looked at the code) --auto-select should be (ultimatly) doing an 'urpmi packagename' for each installed package ? Cheers, Mark. - -- Mark Watts Systems Engineer QinetiQ TIM St Andrews Road, Malvern GPG Public Key available on request. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+Hp7gBn4EFUVUIO0RAuXAAJ9YzIz1Pd2M78t4VrhXPCpYJb8b8ACgjRgJ M3ZLjp+lBDzySZYjWK3QUAw= =gkaw -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SSH
Ken Thompson wrote: On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: Pierre Fortin wrote: Stop or remove shorewall -- sure wish Mdk would have made it more obvious during install/upgrade that it was going to add a firewall without asking... :^Pierre problem is...what does one use on a Mandrake 9.0 box if not shorewall because I've had a terrible time in the past trying to get Bastille to work on an MDK 9 box, which led me swiftly back to an 8.2 installation for server use. and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. I've heard about this one before but have never seen it. I'm downloading the ISO now. Is this an actual installable OS/Firewall, or just firewall software? -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SSH
Robert Goshko wrote: On Fri, 2003-01-10 at 07:50, Ken Thompson wrote: On Thursday 09 January 2003 08:14 pm, Mark Weaver wrote: Pierre Fortin wrote: Stop or remove shorewall -- sure wish Mdk would have made it more obvious during install/upgrade that it was going to add a firewall without asking... :^Pierre problem is...what does one use on a Mandrake 9.0 box if not shorewall because I've had a terrible time in the past trying to get Bastille to work on an MDK 9 box, which led me swiftly back to an 8.2 installation for server use. and I did take a look at gShield. The little bugger liked to drove me nuts! Mark I grabbed an old P90 with 32MB - 540MB Drive and installed Smoothwall. http://www.smoothwall.org Now I run my entire network through it and just simply fergit it's there except for frequent log checks. I used an old 486, 32MB, and a bootable floppy running Eigerstein LRP (Linux Router Project - http://leaf.sourceforge.net/) for two years, until the machine died. That forced my upgrade, I have a machine that is too overpowerd now for a firewall (PII 200) but I can now run the Bootable CD version of Dachstein LRP, still no HD so the machine is quite. aaah yes...I've got just the machine for this job. All I've got to do now is get the network cards for in it and I'm in bidness. I made the floppy this evening and test drove it on one of my machines here. That was AWESOME! it's got me all jazzed up! can't wait to really implement it for real. -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Samba 2.2.7a packages
Bob Puff@NLE wrote: Hey Mandrake, I see there is still no regular update to Samba to fix the very nasty 2gb file limit. So, I checked cooker. There -is- one in there, but the cooker packages won't install on a 9.0 machine! I'm getting endless dependencies. What's up with this? Is it possible to ask for an update to at least the 9.0 samba packages to fix this problem? Thanks. Bob Bob, just how long is that list of dependencies? it might be worth it to you to satisfy them if you can get past the 2GB file limit. -- Mark --- Paid for by Penguins against modern appliances(R) Linux User Since 1996 Powered by Mandrake Linux 8.2 9.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
