Re: [expert] wheel mouse
Global startup commands in: /etc/rc.d/rc.local Didn't know you were supposed to use -k. Maybe this is why mine didn't work. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Mage Grimau wrote: > Following directions I got from mandrakeuser.org, I am > able to get my wheel mouse to work correctly under X > excEPT i have to open konsole and type "imwheel -k" at > the start of every session. The instructions I got > said adding that line to .xinitrc would do it > automatically, but it doesn't. > .xinitrc doesn't even seem to do anything - I have 5 > users set up and only root even HAS an .xinitrc - and > when I delete it, it has no effect - I reboots and > everything starts and runs exactly as it did before. > (the only thing in it was "exec "). > So - where SHOULD I put the imwheel -k line to make it > run automagically? > > > Thanks > > = > Mage Grimau, Strange Unwashed & Somewhat Slightly Dazed > __ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com
Re: [expert] WG: FVWM2
> > I've installd FVWM2 on mandrake 7.0 > > after a fev houres fvwm2 lacks to react on clicks to the window-controll > > (iconify, raise, close, resize) but it still works via the menue. > > > > After reinstalling fvwm somtimes the problem is fixed. > > > > Is this a possible vmware error? > > I don't know much about fvwm, but why do you think, that the behaviour you > described has something to do with _VMWARE_ ? I think he's associated the abbreviation for the window manager. Juergen, FVWM2 is a window manager that controls your display in a particular style. VMware is entirely different; it's software that lets you install Windows and run it =as=a=window=in=Linux=. In other words, Linux as the base OS and Windows in a Linux window so you can run those pesky Windows apps in Linux! Works good, but a bit slow. Be advised, FVWM & -2 are rather old and very few people run them, so you will have trouble with support. Recommend KDE. (Gnome still too buggy) -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers
Re: [expert] ftp transfers hanging, tcpdump trace shows packets dropping on floor?? (very long)
> Carl - no, the ftp transfer hangs happens both as a client and a server. > The tcpdump trace in the original post is with the machine as a client. I meant that particular machine, which served as client in some of your latter tests. You indicated it =doesn't= see packets it should at times. And I was wondering if the =other= machine you're using (hopefully with similar config) works with an outside public server with a large download. This would test software. I'm an old DECTech from before you were born, and the failure under stress, and time randomness looks to me like hardware... either your DSL router or NIC. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers
Re: [expert] solaris disk
Safest is to reformat. man mke2fs -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Nickos Yoldassis wrote: > Hi there, > > I have a Mandrake7 machine and want to plug a seciond disk, taken from a Solaris >2.5.1 (SUN SPARC) machine. > > does anybody knows if this is possible?? > > the command: > > mount -t ufs -o ufstype=sun /dev/sdb1 /mnt/E > > generates an error > > Nickos Yoldassis > Institute of biomedical Technology > Greece
[expert] Air mdksecure, and VMware Install Problem
> > For those who haven't looked in to it, the default kernel run when you > > install Air server:high is mdklinus, which is just a plain vanilla as if > > downloaded from kernel.org. > > you may have a bug there, what did the original lilo.conf look like? All > server installs should have the secure kernel IIRC Original LILO (1st entry) pointed to /boot/vmlinuz which is a symlink that points to vmlinuz-2.2.14-1mdklinus. > > When you did the 'make mrproper' you deleted the > modversions-secure.h, you'll need to reinstall the kernel-headers to get > that back. Then you can verify that /boot/kernel.h indicates the right > kernel for include/linux/modversions.h Thanks Axalon, it worked. Seems like 'make mr' is IMproper. Reinstalled the headers, and indeed modversions-secure.h was there. But /boot/kernel.h was a zero-length file, possibly as a result of installing the headers. So I rebooted and kernel.h was rebuilt. Installed VMware and so far it seems to be OK, though haven't installed guestOS yet. This implies I CAN recompile a secure kernel! How do I indicate when compiling that I DO want the secure kernel? Be booted to it in the first place? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers > -- > MandrakeSoft http://www.mandrakesoft.com/ > --Axalon
Re: [expert] List Bitching
> You, sir, probably belong to neither group. You are looking at > a social place, and want to see ever expanding level of expertise > on this list. No shit. But me? Social? Sorry. > This is not the intent. The mailing lists have > a place, and it is to help the Mandrake user. By their very > nature, the people asking are those that do not know the > answers. Of course. And in order to make the list useful we need to =retain= as much expertise here as possible. In order for the 'experts' to stay around, it has to be worth their while; that's when MandrakeSoft should step in. > There is an influx of new people all the time. It is wrong to > get angry or be dissapointed just because a Newcomer is having > problem with Modems, his WinModem don't work, or his PPP link > won't come up. Did I sound angry? Notice I said "long-running" and modem BRAND. Of course there should be questions about PPP and use with Linux. And no questions should be off-limits. But why belabor all the various brands there are when there are surely more important issues people would rather ask about but are reluctant to? > To make it plain, I have received VERY LITTLE help from this > list, although I do get a surprise once in a while. I have received a small amount of help as well. Can you understand what I'm trying to do? Make the list so the 'experts' don't abandon a forum that can benefit all, which they had been doing in droves. And encourage openness, which is the opposite of tightassedness and fear. This will float all boats. > If you get tired of the Questions and their answers; if the > list is repetitive to you, or sounds trivial, then I would > say that you have outgrown it. Can't recall ever saying this... 8\ > Linux is a long, tall ladder. We all climb this ladder of > learning. As we slowly climb, we see those above and ask for > help, and at the same time we reach down and help pull up > those below us. While we move up this ladder, we have to > recognize that new people are getting on the lower rungs all > the time. Right.And this is life, as well. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers
Re: [expert] ftp transfers hanging, tcpdump trace shows packets dropping on floor?? (very long)
I had a problem similar to this, and it turned out to be a bad SMC NIC. I say hardware on the client. Does the server machine work OK as client to a public server? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers [EMAIL PROTECTED] wrote: > Hi - I recently attempted to transfer a +50MB file over my DSL line to > my 6.1 box. The transfer repeatedly hung somewhere after 8MB was > transfered. I may get 9MB, I may get 40MB before the hang. The partial > file is not resumable once the hang happens. Whereas if I kill the > client during the transfer the partial file is resumable. > > While hung netstat reports the session as ESTABLISHED. The session > remains in this state until the ftp server idle timeout hits or > I kill the client. > > This hang happens whether using a remote ftp client putting to the ftp > server on my LM6.1 server, using an ftp client on the LM6.1 box to get > files from a remote ftp server, or from a ws_ftp client on W98SE behind > my LM6.1 box when IP MASQ is running. Happens with 2.2.13-7mdk, > 2.2.9-27mdk and 2.2.13-22mdk on the 6.1 box. I don't know when this > broke, it used to work. Maybe post my 6.0 to 6.1 upgrade? > > So, I ran some tcpdump traces while using ncftp as the client on the > LM6.1 box (I hang with vanilla ftp as the client too). Portions of one > trace are below. It looks to me like somebody starts dropping the > packets after receipt while on the way to the ftp client. tcpdump > sees them but my box continues to ack for the last packet it > thinks it saw - it doesn't ack the retransmissions. At the moment I > can't figure a clean way to describe this so try to bear with me. Nor do > I claim to be competent at interpreting the tcpdump trace. > > The remote ftp server -> LM6.1 ftp client is streaming along fine and > then the client fails to ack a transmission that the kernel/tcpdump > sees. The remote ftp server continues sending data while my 6.1 box > continues to repeat the ack representing the sequence it thinks it > received - i.e. "hey there, this is the last one I got." The remote ftp > server then retransmits starting with the next packet in sequence > following the 6.1 box ack, but the 6.1 box ack doesn't change. i.e. it > doesn't "see" the retransmission. The remote ftp server then sends three > seperate packets that are the next in sequence following the 6.1 box > ack, which the 6.1 box doesn't "see" either. Then we're done trying to > move data and hung. > > tcpdump / kernel on the LM6.1 ftp client see the packets. So who is > dropping them on the floor on the way to the ftp client? It doesn't > matter if the remote ftp server is an LM6.0 box, an NT4S server or > ftp.cdrom.com. I do get much more data through to an ip masd'd ws_ftp > client before the session wedges. And I am not sure that the ip masq'd > client wedge would trace the same since I don't / can't normally push > to it remotely so didn't trace. Rebooting the 6.1 box with ipchains / > ipmasq disabled still results in hanging ftp transfer so I'm not sure > that ip masq / ipchains is relevant. > > Help / suggestions appreciated - don't know where to go from here. > > Thanks, Kirk > [EMAIL PROTECTED] > > ### tcpdump trace (yeesh word wrap makes this hard to read) > ### borg is remote Win NT4 Server SP6a running IIS 3 ftp server. > ### lsanca1-ar6-192-222 in my local LM6.1 box on a DSL circuit. > > ## transfer cruising along, about 800kbps download > 23:36:56.685923 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24472521:24473981(1460) ack 1 win 8760 (DF) > 23:36:56.702111 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24473981:24475441(1460) ack 1 win 8760 (DF) > 23:36:56.702184 lsanca1-ar6-192-222.dsl.gtei.net.1060 > borg.2393: . ack > 24475441 win 30660 (DF) > 23:36:56.718193 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24475441:24476901(1460) ack 1 win 8760 (DF) > 23:36:56.734278 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24476901:24478361(1460) ack 1 win 8760 (DF) > 23:36:56.734352 lsanca1-ar6-192-222.dsl.gtei.net.1060 > borg.2393: . ack > 24478361 win 30660 (DF) > 23:36:56.750347 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24478361:24479821(1460) ack 1 win 8760 (DF) > 23:36:56.762385 lsanca1-ar6-192-222.dsl.gtei.net.1060 > borg.2393: . ack > 24479821 win 32120 (DF) > 23:36:56.766393 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24479821:24481281(1460) ack 1 win 8760 (DF) > 23:36:56.782473 borg.2393 > lsanca1-ar6-192-222.dsl.gtei.net.1060: . > 24481281:24482741(1460) ack 1 win 87
Re: [expert] anonftp non displaying list
This has to do with setup of your ftp server. As it was not stated, I will make some assumptions: - You are talking about the ftp server on your own machine; - You are using the ftp server that comes with Mandrake (wu-ftpd) - You are starting your ftp server in /etc/inetd.conf Anonymous access is a little tricky because it can open your system to intruders; thus it comes limited as you saw. I'll say it again: the wu-ftpd can easily open up your filesystem to everyone. Goal is to make at least a pub & incoming dir available without exposing some (or the rest of) your system. Though wu-ftpd is started by inetd, meaning it uses tcpwrappers (a good security mechanism), I was not able to limit its directory visibility, so switched to ncftpd (SERVER, not client). Admittedly more complex, but tight & reliable. And it natively supports wrappers. It's a commercial product, but free if you set max users to 3. If you want to pursue wu-ftpd, use linuxconf to set it up and refer to /usr/doc/wu-ftpd-???. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Tim & Val Litwiller wrote: > I know this is probably a faq, but after searching thru my folder for > this list I didn't find a solution. > > I can get to user directories if I log on as a user, but I can not get a > file list if log on as anonymous. I have checked file permissions, I can > change directories, but still do not get a file listing.
Re: [expert] 7.0 PowerPack iso downloads?
Hear, hear! -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Linda Walsh wrote: > Is there any place to download the 7.0 powerpack apps and/or isos? > I haven't found them on any of the download servers... > > thanks, > -linda > > -- > Linda A Walsh| Trust Technology, Core Linux, SGI > [EMAIL PROTECTED] | Voice: (650) 933-5338
Re: [expert] MIME/Base64 cmdline decoding
Why not use KMail, or Messenger if you are running KDE? Vast improvement over the command-line, and easy. Some people don't like html mail, but I think it's an improvement. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers nucleus wrote: > Is there a way to decode MIME/Bas64 encoded files on the commandline? Reason being, >I'm playing with a mail editor called CSCMail and it doesn't support decoding >attachments yet. > > Probably really simple, but I've never had to do it before... > -- > [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net > Freezer Burn BBS: telnet://bbs.freezer-burn.org . ICQ: 54924721 > Webmaster for the Linux Portal Site Freezer Burn: http://www.freezer-burn.org
[expert] List Bitching
Man, supermount is just not important enough to sweat like that. We know it's not comprehensive yet. Blow steam at your boss, where it probably rightfully belongs. (I agree with the 'reduce the caffeine' comment) Apparently some of y'all have resolved ALL your configuration issues and are down to the 'last mile'. (har har) And what is this long-running modem brand talk? May we please discuss Linux-related issues? Maybe people are uncomfortable to speak of what they really need for fear of being flamed as newbies, a practice of =assholes= who stink pretty bad after a while.(yeah, I said that) MANIFESTO: People who step on those asking honest questions should be blocked from this list. Can we arrange that, MandrakeSoft? I'm here to teach and learn. We are dealing with some very complex software, and winning! This should be: - a =freethinking=, =fair=, =kind=, and =open= forum, - safe for all, - in the spirit of scientific research, - and for the benefit of all. Share what YOU learn people, no matter how trivial it may seem, and we will appreciate it. This is not AT&T, Microshaft, or IBM; insecure jerks keep it to themselves. This is supposed to be a labor of love, remember? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Alan Shoemaker wrote: > Axalonthere's a significant thread here that I guess you > missed, try the archives. A group of us has been discussing > supermount problems for over a week now and you've not been > contributing at all (nor has anyone else from MandrakeSoft). > Brian is rightfully upset when you accuse him directly of not > careing to learn as should be all of us who have been involved > in this thread. You talk about disc 3 to a bunch of folks who > either downloaded an iso or bought a GPL? Probably no one here > has a powerpack that, by the way was only announced as available > on February 28th which was less than a week and a half ago. > > I think you owe Brian and all the rest of us involved in the > supermount thread a big apology! We've been trying very hard, > with no help from any mandrakeSoft personel, to work out the > problems that people have been having with supermount. > > Alan > > Axalon Bloodstone wrote: > > > > On Tue, 7 Mar 2000, Brian T. Schellenberger wrote: > > > > > On Tue, 07 Mar 2000, Axalon wrote: > > > | On Mon, 6 Mar 2000, alann wrote: > > > | > > > | > Just curious, does supermount NOT work?? Why are so many people wanting to >remove it? > > > | > > > | No supermount does work. > > > | > > > | It like everything else has basic do's and dont's that some people don't > > > | care to learn, > > > > > > I'm sorry, I've stayed restrained for a long time, but . . . > > > > > > Where do you get off saying that people "don't care to learn"??? > > > > Honestly where i get off is none of anyones bussiness.. I say that because > > thats what has been told to me. Had you voiced a reason prior to my > > message i would have included it, as i did everyone else. > > > > > HOW THE HELL ARE WE SUPPOSED TO KNOW HOW TO USE IT? > > > > RTFM > > > > > The man entry for supermount doesn't discuss any of this. > > > > well no. why should it, you don't have a 'man vfat' do you. it simply > > tells you what the script does.. > > > > > THERE ARE NO #@$! HOWTOS IN MANDRAKE 7.0!!! > > > > Could have fooled me have you looked on disk #3 > > > > > I've been using Unix for 19 years, and Linux for 6, but I've not been > > > reading minds at all. > > > > Hey if thats for a voluntary reason, you really should share the > > knowledge :) > > > > > The sources of information I'm used to consulting don't explain this, > > > and when I installed Mandrake 7.0, my devices were just plain WRONG. > > > > what devices are you refering too? > > > > > I am rather offended at the suggestion that this somehow represents > > > laziness on my part. > > > > Point me to your email where you voiced your problems, otherwise you have > > no right to be offended if you _choose_ to keep your fustrations to > > yourself . > > > > (note i'm not realy trying to be nasty, but god damn man say something > > when your upset, and not just to the guy sitting next to you or whatever, > > it doesn't do anyone any good if we don't know what your haveing problems > > with) > > > > Please don't take this as an attack it's not, it's not even specificly > > directed at you (the last part of course..), I hear lots of "well i've > > been trying to . for a week/month", sounds similar to shooting ones > > self in the foot once you hear it second hand doesn't it.. > > > > -- > > MandrakeSoft http://www.mandrakesoft.com/ > > --Axalon
Re: [expert] Air mdksecure, and VMware Install Problem
> > For those who haven't looked in to it, the default kernel run when you > > install Air server:high is mdklinus, which is just a plain vanilla as if > > downloaded from kernel.org. > > you may have a bug there, what did the original lilo.conf look like? All > server installs should have the secure kernel IIRC Original LILO (1st entry) pointed to /boot/vmlinuz which is a symlink that points to vmlinuz-2.2.14-1mdklinus. > > When you did the 'make mrproper' you deleted the > modversions-secure.h, you'll need to reinstall the kernel-headers to get > that back. Then you can verify that /boot/kernel.h indicates the right > kernel for include/linux/modversions.h Thanks Axalon, it worked. Seems like 'make mr' is IMproper. Reinstalled the headers, and indeed modversions-secure.h was there. But /boot/kernel.h was a zero-length file, possibly as a result of installing the headers. So I rebooted and kernel.h was rebuilt. Installed VMware and so far it seems to be OK, though haven't installed guestOS yet. This implies I CAN recompile a secure kernel! How do I indicate when compiling that I DO want the secure kernel? Be booted to it in the first place? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers > -- > MandrakeSoft http://www.mandrakesoft.com/ > --Axalon
[expert] Air mdksecure, and VMware Install Problem
For those who haven't looked in to it, the default kernel run when you install Air server:high is mdklinus, which is just a plain vanilla as if downloaded from kernel.org. I changed to mdksecure, which was precompiled with patches that prevent changes to critical system files, and other security-related enhancements. No inconvenience from it so far, EXCEPT: VMWare 2 doesn't have a precompiled module corresponding, (it does for the Air mdk kernel) so it tries to compile using src/linux/include. It fails, as the running kernel doesn't match include/. (mdksecure v. mdk) I edit include/version.h to mdksecure and try VMware compile again. Now it fails with 'slight symbol mismatch', as headers are still only for mdk. (not mdksecure) I make mrproper && make xconfig and make deps && make bzImage, but go no further in hopes the include/ dir is filled in correctly for VMware compile, but same problem. I do not have the patch they add to the kernel for mdksecure, nor the headers for it, so cannot =compile= a secure kernel. I can reboot to mdk, VMware finds precompiled modules, installs & runs fine. But when I reboot to mdksecure with these modules, of course mismatch between modules & running kernel. So I am faced with a choice: a hardened kernel, or VMware. Will Mandrake release either the patches or headers for mdksecure? Or should I go to something like LIDS? Would I have the same problem with LIDS? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers
Re: [expert] adding TTF's doesnt seem to work
Didn't see the original posting for this, but I had trouble adding TTFs to Air as well. (xfs crashed) Pablo recommended changing all *.TTF to *.ttf and it worked. Do this, then run ttmkfdir and chkfontpath --add. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers "David G. Thiessen" wrote: > > yes, i have the fonts.dir and fonts.scale files. > i also did run ttmkfdir.
[expert] Air mdksecure, and VMware Install Problem
For those who haven't looked in to it, the default kernel run when you install Air server:high is mdklinus, which is just a plain vanilla as if downloaded from kernel.org. I changed to mdksecure, which was precompiled with patches that prevent changes to critical system files, and other security-related enhancements. No inconvenience from it so far, EXCEPT: VMWare 2 doesn't have a precompiled module corresponding, (it does for the Air mdk kernel) so it tries to compile using src/linux/include. It fails, as the running kernel doesn't match include/. (mdksecure v. mdk) I edit include/version.h to mdksecure and try VMware compile again. Now it fails with 'slight symbol mismatch', as headers are still only for mdk. (not mdksecure) I make mrproper && make xconfig and make deps && make bzImage, but go no further in hopes the include/ dir is filled in correctly for VMware compile, but same problem. I do not have the patch they add to the kernel for mdksecure, nor the headers for it, so cannot =compile= a secure kernel. I can reboot to mdk, VMware finds precompiled modules, installs & runs fine. But when I reboot to mdksecure with these modules, of course mismatch between modules & running kernel. So I am faced with a choice: a hardened kernel, or VMware. Will Mandrake release either the patches or headers for mdksecure? Or should I go to something like LIDS? Would I have the same problem with LIDS? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers
Re: [expert] No email delivery
OK I just deinstalled Sendmail, and now am not getting security notifications any more. My actual goal is to close the SMTP listening port on the outside firewall NIC. Tried to reinstall Sendmail, and it conflicts with Postfix. Rather not override. What should I think about this?(this is a clean M7.0-2 install) -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Alex V Flinsch wrote: > On Thu, 24 Feb 2000, you wrote: > > I've just installed Mandrake 7.0 and have discovered that users cannot > > receive email -- not even from other users on the same machine. The > > directory /var/spool/mail/ remains empty and undelivered mail piles up in > > /var/spool/postfix/deferred. The command qmail -v gives an "unknown mail > > transport error" for each piece of undelivered mail. The postfix > > documentation leads me to believe that it should work out of the box for > > my simple system (single-user connected to the network by ethernet) with > > no additional configuration. > > Did you upgrade from 6.0 or earlier? If so you might be having the same problem > I had when upgrading fromn 6.0 to 6.1, it seems that both sendmail and postfix > were on the system. Try the following: > > 1 - stop postfix -- /etc/rc.d/init.d/postfix stop > 2 - backup ypur mail queue somewhere > 3 - Uninstall sendmail -- rpm -e sendmail > 4 - Uninstall postfix -- rpm -e postfix > 5 - Reinstall postfix from the cd -- rpm -Uhv > postfix-someversioninformation.rpm (you will have to replace the > someversioninformation with something else) > 6 - restore the backedup mail queues from step 2 > 7 - start postfix -- /etc/rc.d/init.d/postfix stop > > and see if that helps > > -- > Alex > (Go easy on me, I'm a COBOL programmer in real life)
[Fwd: [expert] RE: boot freeze]
I guess MandrakeSoft isn't willing to help me with my questions. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers "Carl A. Cook" wrote: > I've found putting an exit statement in any boottime script causes it to pause. > rc.firewall, if it exists, is called from rc.sysinit, which is pointed to by > /etc/inittab. > > Also finding that setting Startup Services in DrakConf only affects > /etc/rc.d/rc3.d. Had to copy those additional symlinks into rc5.d since they > don't get run when booting directly into graphical. Sounds crazy, but this is a > fact. I thought that when booting graphical, it first passed through runlevel3, > but n. > > Anyone know how to tell NT you have a point-to-point connection? > > Anyone know why the system doesn't recognise new fontpaths? (chkfontpath --add) > The path is there, but the system either doesn't recognize it, or worse, locks > up. When you reboot, xfs fails and X crashes for not finding its font server. > Feb 21 10:07:05 hydra PAM_pwdb[729]: (su) session opened for user xfs by (uid=0) > Feb 21 10:07:05 hydra PAM_pwdb[729]: (su) session closed for user xfs > Feb 21 10:07:05 hydra xfs: xfs startup succeeded > Feb 21 10:07:07 hydra xfs: Fatal font server error: > Feb 21 10:07:07 hydra xfs: Element #10 (starting at 0) of font path is bad > or has a bad font: "/usr/X11R6/lib/X11/fonts/misc:unscaled" > > It doesn't matter which of the system font paths is first, it fails in the > same manner. (bad path or bad font) My procedure worked fine on RedHat6.1. > Could it be a PAM problem? How do I fix it? > > Anyone know how to autoupdate M7.0-2? On MandrakeUser it says, "You can keep > your Mandrake-Linux distribution up to date by using the 'MandrakeUpdate' program > installed on your box." But I find no evidence of such a utility... > -- > Carl A. Cook > quantumATaugustmailDOTcom > > Sign the petition at http://www.libranet.com/petition.html > Help bring us more Linux Drivers > > William Ahern wrote: > > > Nevermind. I figured the problem out. I had an 'exit' statement in my > > rc.firewall, which gets run right after the swapon -a. Anybody know why this > > causes the boot sequence to pause? How is the script run? Running rc.firewall > > manually doesn't cause it to pause... > > > > thanx, > > > > Bill > > > > -- > > William Ahern > > MIS, JINSA > > > > - > > JINSA Online > > http://www.jinsa.org/ > > -
Re: [expert] identd --one more thing
Ident is usually started by /etc/inetd.conf. All 'standard' ports are in /etc/services. (auth=113) Not usually a good idea to open identd to listen, as you will only be answering other's requests for your info. I'd comment it out. You can't booby-trap it like the wrapped services. You can initiate an ident to another machine without that port open. Every open port is susceptible to the buffer overflow attack. It's a plague. Looks like at least you got my security suggestions, didn't you? Is NAT a protocol specific to an ISDN router? Or is it something I should be aware of? (DSL) I need to close 6000. (X) Booting to level 3 then startx does it for me when I make serverargs="-nolisten tcp" in startx script. But booting directly to level 5 seems to bypass startx, and I can't figure out where to modify. Tracking down smtp too. Probably leave ssl open & booby-trap the rest. Remember, tcpd was compiled with -DPROCESS_OPTIONS, so you have to use #man hosts_options, not #man hosts.deny -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers John Aldrich wrote: > What port does IdentD listen on? I'm using NAT here on my ISDN line, > so (naturally) anything that isn't a standard port (mail, news, web, > etc) doesn't get through unless SPECIFICALLY routed. > If you can tell me which port needs to be let through, I can let it > through the ISDN router... :-) > Thanks... > John -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers
Re: [expert] RE: boot freeze
I've found putting an exit statement in any boottime script causes it to pause. rc.firewall, if it exists, is called from rc.sysinit, which is pointed to by /etc/inittab. Also finding that setting Startup Services in DrakConf only affects /etc/rc.d/rc3.d. Had to copy those additional symlinks into rc5.d since they don't get run when booting directly into graphical. Sounds crazy, but this is a fact. I thought that when booting graphical, it first passed through runlevel3, but n. Anyone know how to tell NT you have a point-to-point connection? Anyone know why the system doesn't recognise new fontpaths? (chkfontpath --add) The path is there, but the system either doesn't recognize it, or worse, locks up. When you reboot, xfs fails and X crashes for not finding its font server. Feb 21 10:07:05 hydra PAM_pwdb[729]: (su) session opened for user xfs by (uid=0) Feb 21 10:07:05 hydra PAM_pwdb[729]: (su) session closed for user xfs Feb 21 10:07:05 hydra xfs: xfs startup succeeded Feb 21 10:07:07 hydra xfs: Fatal font server error: Feb 21 10:07:07 hydra xfs: Element #10 (starting at 0) of font path is bad or has a bad font: "/usr/X11R6/lib/X11/fonts/misc:unscaled" It doesn't matter which of the system font paths is first, it fails in the same manner. (bad path or bad font) My procedure worked fine on RedHat6.1. Could it be a PAM problem? How do I fix it? Anyone know how to autoupdate M7.0-2? On MandrakeUser it says, "You can keep your Mandrake-Linux distribution up to date by using the 'MandrakeUpdate' program installed on your box." But I find no evidence of such a utility... -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers William Ahern wrote: > Nevermind. I figured the problem out. I had an 'exit' statement in my > rc.firewall, which gets run right after the swapon -a. Anybody know why this > causes the boot sequence to pause? How is the script run? Running rc.firewall > manually doesn't cause it to pause... > > thanx, > > Bill > > -- > William Ahern > MIS, JINSA > > - > JINSA Online > http://www.jinsa.org/ > -
Re: [expert] Getting the eepro100 pci to work
I'm the guy who suggested perhaps a low-grade motherboard. Personally am not impressed with Soyo. I have used Intel motherboards for 8 years without incident or flakiness. (in some cases the =same=ones= for 8 years) But wouldn't buy their NIC, now. Get some new parts, dead busted cheap, on eBay. The reason you do not have the choice in BIOS to select PCI interrupt, is that yours is in fact a =newer= motherboard and handles all PCI PnP. (PCI 2.1) You do not (and should not) have control anywhere... with quality products, PCI PnP works. PCI mapping results are passed along to the OS on boot. You can tell Linux (kudzu?) to autoprobe, and it should easily find the NIC. (Toss spitballs here) Needless to say, PCI interrupts cannot be shared with ISA devices (I'm not accusing you of this) and normally interrupts are only shared on PCI devices when the BIOS has run out of assignable interrupts. If you are not out of interrupts, whether the fault is with the MB or with the NIC is a question. Anybody know why you can't add a new fonts path in M7.0-2? Hey MandrakeSoft... what happened to my posting on setting up security additional to MSEC? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Jeremy Kersenbrock wrote: > What does USB have to do with this? I understand how diabling USB would free > up an IRQ, but this Intel nic will always take IRQ11 unless I find a way to get > the DOS setup program to run. It doesn't even run when I shutdown and reboot > in MS-DOS Mode. (Intel is no help, BTW. I've had a message posted on their > support forum for 2 weeks without a reply.) > > Before I installed my problem eepro100, I installed another one in a machine > withough AGP, and it worked fine. I started with several free IRQ's (7, 10, and > 11 if I remember correctly), and it took 11. > > I cannot change the IRQ's in my BIOS. My only BIOS options are to select > "Legacy ISA" or "PCI/ISA PnP" for each IRQ. Needless to say, changing IRQ11 > from "PCI/ISA PnP" to "Legacy ISA" will only result in the nic (and likely my > AGP card also) not working at all. > > Lastly, someone suggested that I might have an el-cheapo motherboard that isn't > handling PCI right. Possible, but shouldn't be. I have a Soyo 5EHM v1.1 with > Award BIOS v4.51PG on a VIA MVP3 chipset. It is supposedly PCI2.1 compliant. > But it does do some weird stuff with it's drivers. One of the Windows drivers > that come on the installation disk with the mobo is a "IRQ Remapping utility", > so maybe it's IRQ's are all messed up. > > Finally, before I go buy a 3com nic. Can I set the IRQ on a 3com PCI nic? > Preferably from Linux or Windows (I am rarely not disappointed by DOS.) It > will have to be able to use an IRQ other than the traditional IRQ10, because > it's already taken (by some serial motherboard resource, I don't recall which > one). If not, I'll buy a 10BaseT ISA nic and sacrifice 10/100 compatibility for > one that I can set the IRQ on and actually use. > > Thanks for all the info. > Jeremy > > On Wed, 23 Feb 2000, you wrote: > > On Wed, 23 Feb 2000, Jean-Louis Debert wrote: > > > > > Rich Clark wrote: > > > > > > > > On Tue, 22 Feb 2000, Jean-Louis Debert wrote: > > > > Re-read the thread *carefully*. He's already told us that it's not > > > > jumpered and there's no software config available. > > > > > > Please read again yourself: what about this "DOS setup program" > > > he talks about ??? > > > > > > > > > > > > > > > > From my own re-read, Jeremy says the dos setup program won't run on his > > computer, "... stupid DOS." Maybe I misspoke... it's there but won't > > function for him. Without it being able to function, there's no way he > > can set the io and irq manually. Again, there should be a way to setup in > > BIOS which irq the bloody thing will grab at the very least or he could > > disable the USB. I would think that will at least get the damned thing > > up without too much problem, at least until 2.4 is released with the final > > USB support. > > > > -- > > Rich Clark > > > > Sign the petition at http://www.libranet.com/petition.html > > Help bring us more Linux Drivers > -- > Jeremy Kersenbrock > [EMAIL PROTECTED]
Re: [expert] mdk.rpm vs .rpm
Well, I think he's concerned about MISSING dependancies, which you certainly will with --nodeps. The mdk packages are different from others. Actually installing a non-mdk package should raise MORE alarms than an mdk package, rather than less, because it might not recognize when a packge IS actually installed. Comments, MandrakeSoft? -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Rene Scott wrote: > Hi, > > try rpm --nodeps ..., and check out rpm(8). > > Rene > > On Feb 21 seanc wrote: > > > Many packages assume normal naming and not the mdk added so dependancies > > for rpms aren't realized even though they exist. > > > > eg. gnome-pilot,gnome-pim (as they were looking for gnome-pim dependancies > > though the installed versions where gnome-pim-mdk ) > > > > Any easy ways around this? > > > > Sean Cody ([EMAIL PROTECTED]) > > "Codito ergo sum" (I code therefore I am) > > Rasterman > > > > > > -- > UNIX was never designed to keep people from doing stupid things, because > that policy would also keep them from doing clever things. (Doug Gwyn) S/MIME Cryptographic Signature
Re: [expert] Getting the eepro100 pci to work
PCI is PNP as a rule, assuming you have a motherboard that conforms to PCI 2.1. If you have a quality motherboard and PCI interface, you should never, never have to mess with interrupts, in hardware nor Linux. And, unlike ISA, PCI can =share= interrupts. (yeah, I know it's radical) This is why Winders works. The fact they are both on 11 is not a warning sign. Have you updated the microcode on your motherboard? It's not made in Guatemala is it? PCI 2.1? If so, it's probably the Intel cards. I have 2 3C905's on my Mandrake 7.0-2 firewall and they work flawlessly. You can get the latest driver here: http://support.3com.com/infodeli/tools/nic/linux.htm Be sure you get a 3C905B, not the 3C905, which is an older flavor. I think the C model only adds remote admin. The 3C980 & 990 add on-board processing. I almost bought Intel. (whew) Your time is worth more than $50/card. -- Carl A. Cook quantumATaugustmailDOTcom Sign the petition at http://www.libranet.com/petition.html Help bring us more Linux Drivers Jeremy Kersenbrock wrote: > I found out why my eepro100 won't work, but I can't seem to fix it. > > Even though my nic is not in the slot next to AGP, my AGP card and nic both > have IRQ11. I have no idea why it still works in windows. It doesn't even > show up as a conflict in the device manager list. But if I click on > resources for both cards, they both have IRQ11. > > I have my BIOS set for "NO PnP OS". The nic is jumerless (of course), and I > can't change the IRQ in windows. The DOS setup program that came with the nic > won't run on my machine (it proclaims that the card has not been installed in > the machine. I hate DOS.) Any ideas on changing the IRQ? > > Also, I found another problem. I don't know if it is related to the IRQ > problem or not. When I try to manually load my eepro100 module, I get the > message "eepro100.o: eepro100.o: No such file or device". The eepro100.o > module is in the appropriate subdirectory of /lib/modules. What's this all > about? > > I'm trying to learn something, so I appreciate any suggestions, > but I think I'll be looking for a different nic (a 3com 3c905-TX; I've heard > that they're the best). 3+ weeks of trying to get this piece of junk to work is > more than enough. > > Jeremy S/MIME Cryptographic Signature
Re: [expert] [Fwd: MSec]
Axalon, You were right about the gateway. When I set the gateway to nothing on the inside machine, interface pinging worked correctly. So I guess I AM filtering packets. Kernel IP routing table (partial) Destination Gateway Genmask Flags Metric RefUse Iface 192.168.111.2 * 255.255.255.255 UH 0 00 eth1 216.87.138.156 * 255.255.255.252 U 0 00 eth0 192.168.111.0 * 255.255.255.0 U 0 00 eth1 127.0.0.0 * 255.0.0.0 U 0 00 lo default quantumgateway. 0.0.0.0 UG 0 00 eth0 Wish I understood this better. Don't know why there's a 192.168.111.0.I haven't intentionally assigned that. Also would like to set up a point-to-point connection, but don't know how to tell the WinNT machine. Believe this would act as a 'switched' connection. -- Carl A. Cook quantumATaugustmailDOTcom Certainly the game is rigged. Don't let that stop you... If you don't bet you can't win. Axalon Bloodstone wrote: > On Mon, 21 Feb 2000, Carl A. Cook wrote: > > Vandoorselaere Yoann (author of MSEC) wrote: > [..] > > > > > > > > And why CAN I ping my firewall's outside interface from an inside > > > > machine, with firewalling, masquarading, & ip_forwarding OFF??!! What's > > > > > > Are you sure ip forwarding is off ? > > > i'm not... > > I've snipped it but pretty sure he said he had it on for something else > > > > just do : > > > > > > cat /proc/sys/net/ipv4/ip_forward > > > > > > and give me the result back. > > > > > What is your default route, right the firewall machine.. your ping the > interface it goes out to the default gateway, the gateway says hey thats > me and sends back a reply, it doesn't actualy forward the packet, it would > do the same thing if it was routed a packet for 127.0.0.x > -- > MandrakeSoft http://www.mandrakesoft.com/ > --Axalon S/MIME Cryptographic Signature
Re: [expert] ipchains problem
Microsoft's site requires cookies for some things too. Solution is simple... allow all cookies. =But=write-protect=your=cookies=file=.. Looks to them like it's getting through. But it's not. (hehehehe) -- Carl A. Cook quantumATaugustmailDOTcom Has anyone else noticed how Netscape slows down to unusability in Win2k after a while, but InternetExplorer stays =right=snappy=? Reboot Win2k and Netscape's OK... FOR A WHILE. (H...) John Aldrich wrote: > On Mon, 21 Feb 2000, you wrote: > > >%_Junkbuster through Squid works beautifully, and even comes with a prefab > > list of known advertisers! > > > Yeah...but it also has problems with places like Yahoo and Hotmail > where it won't let you log in because you're "filtering" them and > refusing their cookies. > John S/MIME Cryptographic Signature
Re: [expert] ipchains problem
Junkbuster through Squid works beautifully, and even comes with a prefab list of known advertisers! Give this guy a pat on the back: http://www.waldherr.org/junkbuster/ -- Carl A. Cook quantumATaugustmailDOTcom Certainly the game is rigged. Don't let that stop you... If you don't bet you can't win. John Aldrich wrote: > On Mon, 21 Feb 2000, you wrote: > > > > Don't learn ipchains... it's going away in kernel 2.4, thank God. > > > WHAT!?!? IPChains just GOT here What're they switching > to I just want to filter out double-click, etc! :-) > John S/MIME Cryptographic Signature
[expert] [Fwd: Netscape]
"Carl A. Cook" wrote: > Yoann, > Sorry to trouble you with the Netscape question. Not an MSEC problem. > Found indexhtml-7.0-3 was busted in my install so downloaded 7.0-5 and > installed. > > Removed netscape -communicator, -navigator, and -common, deleted all > their dirs, then reinstalled just -common and -communicator. > > Now it runs great. > -- > Carl A. Cook > quantumATaugustmailDOTcom > > Certainly the game is rigged. Don't let that stop you... > If you don't bet you can't win.
[expert] [Fwd: MSec]
Vandoorselaere Yoann wrote: > "Carl A. Cook" <[EMAIL PROTECTED]> writes: > > > > > > > >> But am having a problem with Squid... it can't get to the access.log, > > > >> and further investigation shows it can't access the cache.log either. > > > >> (permissions problem) I can squid -z though. > > > > > > >try : > > > > > > >chmod 711 /var/log > > > >chown root.root /var/log > > > > > > >and if it doesn't work, > > > >fill a *real* bug report with the squid logfile. > > > >( just the interesting part ) > > > > IT WORKED!! Since /var/log did not have the Execute bit set, processes could > > not traverse it to get to their sub.Thanks! (with Dutch accent) > > cool :) > > > > > > > > > > > > >> Also Netscape always segfaults, possibly because it can't write to its > > > >> config directory. (permissions?) > > > > > > >uhhh. > > > >Never *ever* put high security on a workstation ! > > > >I've already said it : system security 5 is paranoia mode :) > > > > > > > This is actually a firewall, but need Netscape for CGIs. Believe I am at 4. > > Checked attribs & ownership of .netscape dirs, and all OK. Shouldn't matter > > anyway, as root should have no trouble with permissions. Netscape just says > > 'Segmentation fault (core dumped)'. GREPped /var/log for 'netscape' and only > > came up with this, in security/suid_group_today: > > /usr/lib/netscape/movemail (huh?) > > so do this : > > strace netscape >& output > end send me output ( clear text please ). > > > > > When installing Mandrake it asks what security level. I found 'paranoid' was > > almost unusable, so selected 'high', the next level down. Presume these > > correspond to MSEC levels 5 & 4 respectively. Thing is, LILO never asks for a > > password, which is supposed to be a feature of 4, though I may have declined > > that in install. > > you have :) > reconfigure using /etc/security/msec/init.sh 4 > > > > > > > > > > > > >> And xfs will not recognize a new ttf dir, when installed with > > > >> chkfontpath. (permissions?) Sometimes xfs won't start at all and > > > >> causes > > > >> X to crash on startup with "could not find 'fixed' font". That problem > > > >> has spontaneously healed... twice. > > > > > > >Please give real report, > > > >saying it will not fix it. > > > > > > >I need a dump of what X / xfs are saying. > > > > > 'Real' report? Please clarify. I have again 'chkfontadd --add > > > /usr/share/fonts/ttf/Fontz', and 'chmod 644 *' all new fonts (same as > > > Chinese fonts), set directory permissions the same and chowned root:root. > > > The system seized up with a dimmed screen when I tried to K|Logout. I had > > > to Reset to reboot and X again refuses to start, failing to get the 'fixed' > > > font since 'xfs' had failed to start. > > > > > In messages where xfs logs: > > > > > Feb 21 10:07:05 hydra PAM_pwdb[729]: (su) session opened for user xfs by > > > (uid=0) > > > Feb 21 10:07:05 hydra PAM_pwdb[729]: (su) session closed for user xfs > > > Feb 21 10:07:05 hydra xfs: xfs startup succeeded > > > Feb 21 10:07:07 hydra xfs: Fatal font server error: > > > Feb 21 10:07:07 hydra xfs: Element #10 (starting at 0) of font path is bad > > > or has a bad font: "/usr/X11R6/lib/X11/fonts/misc:unscaled" > > > > > It doesn't matter which of the system font paths is first, it fails in the > > > same manner. (bad path or bad font) X11 seems to have no log, but probably > > > to syslog. Anyway it's clear X can't start because the font server it > > > depends on (FontPath "unix/:-1") had not started. And when I remove my > > > new font path from /etc/X11/fs/config, X runs happily again. My procedure > > > worked fine on RedHat6.1. Permissions? > > > > > > > > >> I have httpd nicely routed through TCPWrappers and the inside machines > > > >> can see it, but noone outside can. (permissions again?) > > > > > > >please give more detailled report, > > > >Do you have some usefull log ? > &
Re: [expert] "Hard drive optimisation" for only 1 of my 2 HD's?
Be careful about this option. I enabled it, and after an ungraceful shutdown my disk was hashed. I think this is actually setting up a cache buffer for the disk, and if not purged correctly before shutdown, leaves the disk flibberdegibbed. -- Carl A. Cook quantumATaugustmailDOTcom Certainly the game is rigged. Don't let that stop you... If you don't bet you can't win. M Thompson wrote: > Hi everyone, > > I went to the List Archives, but keep getting the message that it is > temporarily offline... > > I just installed Mandrake 7.0-2 yesterday...I was using 6.1 until then. > (BTW - The graphical installer is the best I've seen yet...I've installed > RH6.1, COL2.3, SuSE6.3, & MDK7.0-2) > > While installing Mdk7, I told it to enable the "Hard drive optimisation." I > have two hard drives connected to my PCI Promise Ultra66 IDE controller > card. How do I enable the optimisations for only one hard drive (/dev/hde)? > I believe I need to edit rc.sysinit, but I'm not sure what modifications > need made. > > Thanks everyone, > Matt > > Additional Info: > /dev/hde = Quantum 18 GB hard drive (works great with optimisation) > /dev/hdg = Western Digital 1.5 GB drive (very flaky - I need to disable > optimisation for this drive because Linux can't even access the drive with > the optimisations enabled) > > __ > Get Your Private, Free Email at http://www.hotmail.com S/MIME Cryptographic Signature
Re: [expert] Serious problems w/ ipmasq
Dump Outlook. 8) -- Carl A. Cook [EMAIL PROTECTED] It is well known that M$ products don't call free() after a malloc(). The Unix community wishes them good luck for their future developments. James Lewis wrote: > I'm using ipmasq on 2.2.13 to sit between the Internet and a small LAN of > NT machines. We're running dhcpd for internal IP's and have one single > external IP. > > We're connecting through the ipmasq to a server for mail (using Exchange & > Outlook 2k) and for various drive mappings. > > The mail through Outlook 2k has intermittent connection problems on most of > the workstations, they report that they can't connect to the server, or the > exchange server can not be found. After about 30 seconds, this fixes itself. > > We're experiencing similar internal problems with Interdev accessing an > external SQL server, and mapping NT drives through the proxy. > > Any help or advice much appreciated. > > James Lewis S/MIME Cryptographic Signature
[expert] [Fwd: MSec]
Vandoorselaere Yoann (author of MSEC) wrote: > > Saturday I saw many postings identical > > to my problem on DejaNews when searching on 'squid and permission'. > > Oh oh :) > I think i know the problem you got :) > > > > > Additionally, would you advise using LIDS ( > > http://www.soaring-bird.com.cn/oss_proj/lids/ ) on Mandrake 7.0.2 > > server:high, or does MSEC do essentially the same thing? > > No, > i'm not really agree with some security stuff inside > the kernel which could be done in user space. > Also, if one of the feature of LIDS is really usefull > and doesn't blow things up, it will clearly be integrated in the > main kernel tree. > > LIDS do not necessarily do intrusion detection. > It prevent. > > If you want a good intrusion detection system, > go to http://prelude.sourceforge.net. > > This is a project i'm working on personnaly from 2 years now, > and which is now sponsored by Mandrakesoft. > > When it is ready, it should beat all actually existing IDS :-) > > > -- > > Carl A. Cook > > [EMAIL PROTECTED] > > > > Help, I've fallen and I can't get up! > > outch > > > > > > > Looks like MSEC is a great idea. I just installed Mandrake > > 7.0.2 and set to server:highsecurity. (for my firewall) > thanks :) > > > > > But am having a problem with Squid... it can't get to the access.log, > > and further investigation shows it can't access the cache.log either. > > (permissions problem) I can squid -z though. > > try : > > chmod 711 /var/log > chown root.root /var/log > > and if it doesn't work, > fill a *real* bug report with the squid logfile. > ( just the interesting part ) > > > > > I have set the log & spool directories' permissions to global > > everything. I changed squid.conf 'cache effective user' and 'group' to > > squid:squid and to nobody:nogroup, each time chowning the log & cache > > dir to match, and no effect on the problem. Squid will not run. > > > > I think this MSEC has everything to do with the problem, but can't > > figure out how. It doesn't seem to have a daemon; (is it a kernel > > patch? > nope > > > Some 'invisible hand' is affecting me and not leaving any hints) Only > > two terse setup proggies & sparse docs. I find > > /etc/security/msec/user.conf has two usernames in it... & samba. > > But when I manually add squid, it doesn't help. When I enable squid for > > > > levels 3, 4, & 5 using chkconfig it doesn't help. (And why are levels > > 0-6 > > available? What are they... MSEC, or services levels?) > > Don't touch to these file, > the problem isn't related to them. > > > > > Also Netscape always segfaults, possibly because it can't write to its > > config directory. (permissions?) > > uhhh. > Never *ever* put high security on a workstation ! > I've already said it : system security 5 is paranoia mode :) > > > > > And xfs will not recognize a new ttf dir, when installed with > > chkfontpath. (permissions?) Sometimes xfs won't start at all and > > causes > > X to crash on startup with "could not find 'fixed' font". That problem > > has spontaneously healed... twice. > > Please give real report, > saying it will not fix it. > > I need a dump of what X / xfs are saying. > > > > > I have httpd nicely routed through TCPWrappers and the inside machines > > can see it, but noone outside can. (permissions again?) > > please give more detailled report, > Do you have some usefull log ? > > > > > And why CAN I ping my firewall's outside interface from an inside > > machine, with firewalling, masquarading, & ip_forwarding OFF??!! What's > > Are you sure ip forwarding is off ? > i'm not... > > just do : > > cat /proc/sys/net/ipv4/ip_forward > > and give me the result back. > > > > > moving packets between inside and outside interfaces? > > I think I must not be filtering packets! > > msec doesn't configure your firewall, > you have to do it yourself. > > > > > I can't prove whether selecting 'high' security makes it MSEC level 3, > > or > > 4. > > it is 4. > > see ya > > -- >-- Yoann, http://prelude.sourceforge.net > It is well known that M$ products don't call free() after a malloc(). > The Unix community wish them good luck for their future developments. S/MIME Cryptographic Signature
[expert] Updates
On MandrakeUser it says, "You can keep your Mandrake-Linux distribution
up to date by using the 'MandrakeUpdate' program installed on your box."
But I find no evidence of such a utility on 7.0.2...
Also, anyone know how to change the size of the KDE system font? (in
menus, etc) In Gnome you put this in ~/.gtkrc:
style "icon" {
font="blahblahblah font here"
}
widget "*DesktopIcon*" style "icon"
--
Carl A. Cook
[EMAIL PROTECTED]
Certainly the game is rigged. Don't let that stop you...
If you don't bet you can't win.
S/MIME Cryptographic Signature
Re: [expert] ipchains problem
Don't learn ipchains... it's going away in kernel 2.4, thank God. Does the standard masquarading regimen work? # echo 1 > /proc/sys/net/ipv4/ip_forward # ipchains -P forward DENY # ipchains -A forward -i eth0 -j MASQ (eth0 is outside interface) If so, 'chains works. Suggest a tool at http://www.openpro.org/fwconfig.shtml which will make a script for you. I was so burnedout from ipchains I didn't bother to learn fwconfig, but adapted one of their sample scripts, and it works great. I run it as S09firewalling. -- Carl A. Cook [EMAIL PROTECTED] Certainly the game is rigged. Don't let that stop you... If you don't bet you can't win. John Aldrich wrote: > Can someone possibly shed light on why IPChains refuses to work for > me? Here's what I'm trying to do: > /sbin/ipchains -A output -d 199.95.207.0/24 -j DENY > /sbin/ipchains -A output -d 199.95.208.0/24 -j DENY > > But whenever I try and do that, it keeps coming up and saying > "protocol not available." > Before you ask, "Is IPChains installed?" here's the answer: > [root@slave1 /root]# rpm -qa | grep ipchains > ipchains-1.3.8-4mdk > and: > [root@slave1 /root]# ipchains -V > ipchains 1.3.8, 27-Oct-1998 > > As you can clearly see, IPChains ARE installed, but it won't work. I > even tried using the "-p tcp" switch and it STILL says "protocol not > available. > What's the problem here Can someone enlighten me on this? > Thanks... > John S/MIME Cryptographic Signature
Re: [expert] installing in /usr/local
RPMs are generally the rule with Mandrake, in which case you simply have no control... many packages go primarily in to /usr/lib with pieces going elsewhere. Why not move /usr/lib to the other part and create a symlink in the original location pointing to it? Oughta be in single-user mode to do this. If you use tarballs, you can change paths in Makefile (sometimes Makefile.config) after doing 'make' and before 'make install'. If the subject package is real primitive, check paths in .h file. Probably best to stick with generally-accepted standard locations though. -- Carl A. Cook [EMAIL PROTECTED] ORDER, I say... ORDER! Joel VanderWerf wrote: > I'm using Mandrake 6.0, but this is really a general linux question. > > How do I force install scripts to put files in /usr/local? > > Some background: when I first installed linux, I put /usr/local on a > separate partition (symlinked to /home/local, actually). (That may have > even been the advice of one of the resident sages of this list ;-) The > intention was that all subsequently installed programs would go to > /usr/local, and I could install new versions of the distro on top of my > / partition without clobbering all the downloaded stuff. I'd only have > to worry about preserving /etc, /root, and maybe a few others. > > With *some* tarballs, all I have to do is "configure > --prefix=/usr/local", and the makefiles will put everything where I > want. > > But today I tried to install kdirstat. Even with the prefix option, it > tries to put kdirstat in /usr/bin. Here's the Makefile output: > > /usr/bin/install -c kdirstat > /usr/bin/kdirstat > > I also tried "--exec-prefix=/usr/local". > > Are there some other settings I should change? > > Thanks for any help! > > Joel > > -- > > Joel VanderWerf > [EMAIL PROTECTED] S/MIME Cryptographic Signature
[expert] Squid Permissions and MSEC
Looks like MSEC is a great idea. I just installed Mandrake 7.0.2 and set to server:highsecurity. (for my firewall) But am having a problem with Squid... it can't get to the access.log, and further investigation shows it can't access the cache.log either. (permissions problem) I can squid -z though. I have set the log & spool directories' permissions to global everything. I changed squid.conf 'cache effective user' and 'group' to squid:squid and to nobody:nogroup, each time chowning the log & cache dir to match, and no effect on the problem. Squid will not run. And if I can't run Squid, I can't run Junkbuster... HELP! I think this MSEC has everything to do with the problem, but can't figure out how. It doesn't seem to have a daemon; (is it a kernel patch? Some 'invisible hand' is affecting me and not leaving any hints) Only two terse setup proggies & sparse docs. I find /etc/security/msec/user.conf has two usernames in it... & samba. But when I manually add squid, it doesn't help. When I enable squid for levels 3, 4, & 5 using chkconfig it doesn't help. (And why are levels 0-6 available? What are they... MSEC, or services levels?) Also Netscape always segfaults, possibly because it can't write to its config directory. (permissions?) And xfs will not recognize a new ttf dir, when installed with chkfontpath. (permissions?) Sometimes xfs won't start at all and causes X to crash on startup with "could not find 'fixed' font". That problem has spontaneously healed... twice. I have httpd nicely routed through TCPWrappers and the inside machines can see it, but noone outside can. (permissions again?) And why CAN I ping my firewall's outside interface from an inside machine, with firewalling, masquarading, & ip_forwarding OFF??!! What's moving packets between inside and outside interfaces? I think I must not be filtering packets! I can't prove whether selecting 'high' security makes it MSEC level 3, or 4. To the guy with the outragious 4-way SMP machine, it sounds like a caching- or operations-file limit is set in the SMP or disk quota areas. Try turning off quotas. Also suspect MSEC. Black & Blue is much more beautiful (and usable) than any Gnome themes. Nice work KDE! And MSEC is great, but I need a steering wheel for my car. -- Carl A. Cook quantumATaugustmailDOTcom Certainly the game is rigged. Don't let that stop you... If you don't bet you can't win. S/MIME Cryptographic Signature
