Re: [expert] /tmp size (OT for all except Jack)
Jack Coates wrote: ooops missed that part sorry. (heads to coffee machine pushes mud button) I'll be coherent in a few minutes here. m Well, looks like I picked the wrong day to stop sniffing glue. --Leslie Nielson, _Airplane!_ Jack, fix up that signature. As one a bit older than most here, I must say that I enjoyed the hell out of Sea Hunt in my younger years. In deference to the late Lloyd Bridges (ya, Beau and Jeff's dad), it was not Nielson that recited your quote. It was Lloyd Bridges... drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Linux Mail Servers for Win clients
Todd Lyons wrote: The other guy has my intent correct: I'm not saying my way is the only way. I would be Todd Gates if that was the case. Instead, I'm saying I recommend this way because you should _think_ about putting a system together, no just throw it all together helter skelter. (insert cliche about eggs and a basket) Blue skies... Todd - -- Hell, Todd, I thought Gates was your name. I guess it would be to no avail to ask for that million dollar loan I needed, eh? drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] change hostname
You might think you want to make this change but you really do not: localhost.localdomain is the name that your loop back device (127.0.0.1) needs in order to maintain stability within the OS. Without this name being in the hosts file, you will have some problems. You could consider naming the hostname, buddy, on a NIC device, such as eth0 (depending on what you have setup). Cheers, drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson David McGlone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How do I change my hostname from localhost.localdomain to Buddy? I changed /etc/hosts, and hostmdkgiorig, and it was still localhost.localdomain Thanks Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Abit KT7 RAID MB (VIA chipset)
Sridhar wrote:
J. Grant wrote:
Hi,
I've got one Abit KT7 RAID MB system running stock mdk9 kernel. Its
running, however, the hd speed is slow because it only works with no
dma etc. I am using the correct ata100 cables with only a single drive
on each channel.
Has anyone else experienced this with this motherboard using the raid
channels?
Cheers
JG
Journalled Block Device driver loaded
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
ide2: reset: success
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
hde: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hde: dma_intr: error=0x84 { DriveStatusError BadCRC }
ide2: reset: success
Jus wondering, have up updated ur bios.
Just wondering, are you using WD harddrives?
drjung
--
J. Craig Woods
UNIX Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] fyi, new gnome 2.2 is out, lots of cool updates
James Sparenberg wrote: Yeah... and then they want the bugs to go to bugzilla for 9.1beta's and chew you out for talking about a bug. Saying to upgrade, then when you explain that you are running the latest from cooker they flame you offline... sorry all, bad day I've been listening to the shrub again. James OK, your prescription for this affliction is simple: Write one cli statement, with one grep, one awk, and one cut, returning exactly what you want from some set of data in your computer. This will take your mind off all those woes, and make you feel good. And do stay away from the shrub. Hell, look what happened to Moses... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net Art is the illusion of spontaneity Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Java problems
You might want to check out the sun java page. There is some documentation about java that is compiled with the newer gcc, at least newer than 2.96. Seems that it is broke, and until sun releases a newer java version, we are stuck with java that does not totally work when compiled with the newer gcc's. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net Art is the illusion of spontaneity Ken Thompson wrote: On Sunday 09 February 2003 07:30 pm, Damon Lynch wrote: What happens if you type java -version from the command line? Or from a KDE run dialogue? Damon On Mon, 2003-02-10 at 15:16, Ken Thompson wrote: I have java installed and it was working to let me administer my firewall in KDE 3.0.5 on Mandrake 9.0. I upgraded to KDE3.1 and now it says applet is loaded but I can see nothing. On another machine running mandrake 9.1b3 and KDE3.1 I get the same thing. The java version is SUN's JRE-1.4, anyone know why or what I can change to make it work again? Ken Thompson Payette, Idaho [ken@localhost ken]$ java -version bash: java: command not found [ken@localhost ken]$ su Password: [root@localhost ken]# java -version bash: java: command not found [root@localhost ken]# = Java is in /usr/java/j2re1.4.0.. SUN binary RPM.. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] One hell of a thread, and the plugger...
Just wanted to thank all who shared their views. It was most interesting. It takes all kinds to make the world go around. Winston Churchill once said, Democracy is the worst form of government in the world, except for all other forms. Now back to business. Since the recent upgrades to 9.0 mdk, mostly the kde multimedia packages, broke my timdity package, I can no longer use my plugger web plugin. I have no sound when browsing with a web client. What is anyone else doing about this problem? How do you get sound on the www? BTW LX keep the fire burning, brother. drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Fwd: [MANDRAKE-ONLINE ADVISORY] libsane1-1.0.9-3.1mdk.i586.rpm for bejor -- Are these for real?
Most likely, the new packages have not been posted to the ftp site you are connecting to. You can either wait to see if they make it to the site or change your ftp source to a site that gets updated with greater speed. drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Larry Sword wrote: mike wrote: I keep on getting these messages, but when I run the update tool it says the list is null, I must have them all. But plainly, I don't as these are new messages. thanks for any insight. mg -- Forwarded Message -- Subject: [MANDRAKE-ONLINE ADVISORY] libsane1-1.0.9-3.1mdk.i586.rpm for bejor Date: Tue, 21 Jan 2003 18:08:38 -0800 (PST) From: Advisory Bot [EMAIL PROTECTED] To: [EMAIL PROTECTED] Dear mgrello, Welcome to the latest MandrakeOnline Security Alert. Sponsored by : MANDRAKESTORE Purchase all your favourite MandrakeSoft products from MandrakeStore. Mandrake Linux latest distributions, goodies, documents and partner software are all available from MandrakeStore. Discover MandrakeStore now! http://www.mandrakestore.com Please find below a security alert that may concern your host: 'bejor' To upgrade the package or for more information, go to http://www.mandrakeonline.net/ . Votre machine 'bejor' peut etre concernee par l'alerte de securite ci-dessous. Pour mettre a jour le package ou pour plus d'information, rendez-vous sur http://www.mandrakeonline.net/ . BUGFIX ALERT Make sure that when the final panel appears that you check the: Security updates , Bugfixes update and Normal updates as you like. This will cause the checked items or all to be available for download and updating. Larry - Name : libsane1 - Package : libsane1-1.0.9-3.1mdk.i586.rpm - Description : Updated sane packages fix various bugs Thank you for using MandrakeOnline. Merci de votre confiance! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Recognition of Todd Lyons
H.J.Bathoorn wrote: On Wednesday 15 January 2003 16:49, Lyvim Xaphir wrote: I want to make an official appeal to the Mandrake management to keep Todd Lyons securely in the company, in the recent light of current events regarding the Chapter 11. Todd Lyons has been an incredible asset to the Expert list, helping countless users with their problems and concerns. It would be a terrible loss to Mandrake and an even more terrible loss to all Mandrake users were anything to happen that would force him to seek other employment. We want him around and we want him to stay. Civileme was a huge asset to all of us here in North America, as well as the rest of the world. We don't want the same thing to happen to Todd Lyons. If this concerns you now is the time to make your support known. Thank you, Todd. LX I second that wholeheartedly. Where would we be without all those blues skies HarM HERE HERE! I concur with all that assert Todd's importance to the list. I see his service to the Mandrake distro as being an invaluable contribution to the Mandrake community of users. drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Somewhat OT - Strange action from Road Runner - scanning mail servers
Brian wrote: I noticed in my mail server logs that about a dozen or so scans came from relay=securityscan.sec.rr.com. They were all attempts to relay E-Mail through my mail server. I contacted them asking what this was. They basically said they were going to scan every mail server that sent mail to anyone at rr.com and I could either allow it or they would block my mail server from sending mail to anyone there. One one hand, I think it's great they are making a stab at stopping spam, but on the other, I feel their efforts are misguided. They will block any mail server that allows relaying which, like many attempts at spam filtering, will also stop legitimate mails as well. They also don't seem likely to be helpful to any system they decide to block by informing them of such. Those blocked systems must just discover that they were blocked, then attempt to find out why. Here's the answer they sent: I have read their response, and for the sake of saving bandwidth, I am not including it. I completely agree with their answer to you, and would further ask you why would anyone run a mailserver with open relays? You are asking for many problems by doing so, and you are making the internet a much more difficult place to navigate by inviting unscupulous bastards to use your mailserver for their filthy deeds. Maybe you could supply a reason for allowing a public mailserver to have open relays. I can not think of any reason for it! Furthermore, if you read their response to you, you will see that they do send notification of why you can not pass mail to their network: [QUOTE] If found to be an open proxy or smtp relay, the IP address will be blocked at our mail gateway borders with one of the following error messages: ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#proxy ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#relay; I only wish more people would set up their mailservers as such. We would all be so much better off. Thanks for sharing the letter. I hope it is something we all think about before *just* turning on sendmail or postfix. drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: MLM munging - was cron smbtar
Bob Puff@NLE wrote: Please, let's not get into the reply-to argument. What is FAR, FAR worse with this mailing list is that digest people get an incorrect reply-to!!! It doesn't get to the list! I've mentioned this a few times, but it never seems to get fixed. So, I have to correct each and every message that I reply to, from the digest. A real PITA! Bob Hey Bob, Am I right in translating your words as meaning that it is a real pain in the ass? (actually, this post was nothing more than a shoddy guise for doing a dns test on my mailserver) drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Possible Hack? -- Change in Suid Root files found
David Rankin wrote: Thanks James, I think the consensus is that msec lost its mind after the network errors. Weirdest $hit I've ever seen, but then again, I don't hold myself out as knowing the intricasies of msec that well. I'm going to keep looking at the snafu, but for now, I'm going to hold off rebuilding the box. Thanks again! -- It it most likely some msec peculiarities but just remember that the box that is *really* hacked is the box that can do the master's bidding. Do not be reluctant to use your friend, netstat, in particular, netstat -an | grep ESTABLISHED. drjung Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] users with same permissions as root
John McQuillen wrote: Yeah, but under your plan, your admins won't even have an unprivileged account to experiment with even if they wanted or needed to. The first thing most n00bs are taught about *nix, is 'DON'T LOG ON AS ROOT', and you're considering worse than this, you're considering logging on as a user, with root privs. The only reason I even suggested making all the root passwords the same was that you were worried that your admins wouldn't be able to remember a different password for each one. IMO this would be better at least than just giving root privileges to your admins user accounts. Don't tell me to brush up on my security. You are the one who seems intent on allowing your admins to log in to your systems with root privileges. And by the way, I don't work day to day with linux, but I do work in a large network operations centre and I have loads of admin passwords for routers and switches to remember. If I can't remember the password, I can't get on. If you insist on giving root to your admins user accounts, go ahead. And also by the way, you'd be asking for trouble. Don't say I didn't tell you so. John... Hey John, How do you really feel about this? drjung Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] users with same permissions as root
John McQuillen wrote: On Mon, 2002-12-23 at 11:57, J. Craig Woods wrote: Hey John, How do you really feel about this? drjung CRACK UP!!! My wife says this to me all the time - Tell me how you really feel :) Sorry if I got a bit carried away... I do tend to get a bit emotional at times. Kindest regards, John... Sorry Todd, it may be a bit off topic but let me just say to all the great people on this list (and the rest of you too): may you all have a very Merry Christmas, and may the new year bring us great Mandrake distros drjung Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] mail client
James Sparenberg wrote: On Sat, 2002-12-07 at 17:28, Simon Ree wrote: James Sparenberg ([EMAIL PROTECTED]) wrote: Sylpheed or Sylpheed-claws are both in Mandrake. Just do urpmi and get ready to roll. Only drawback may be that the documentation is primarily in Japanese (The have English now but didn't when I first used it.) But it is a rock solid product. James On Sat, 2002-12-07 at 11:30, logic7 wrote: You could try Sylpheed. I've used it in the past with good results. http://sylpheed.good-day.net/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Toshiro Sent: Saturday, December 07, 2002 2:24 PM To: [EMAIL PROTECTED] Subject: [expert] mail client I'm tired of Evolution's silly behaviour of mail when they're grouped by mail; do you know of any good mail client besides kmail? .or get a real email client like mutt. Not easy to set up but once its right its right. Dang does this mean that all this time I've been reading fake e-mail? Dang no wonder there is so much spam. Yep, if it is not mutt, it is not the *real* thing! drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Directive Help in Apache
H. Carter Harris wrote: I've been fooling with this for several days and I'm not making much headway. I could really use some expert help. I'm working my way through the ORielly book on Apache and they don't set things up like Mandrake. I don't want to mess up the Mandrake conf because I want to go back to it later. So I have a small website setup for testing. I can't get the DirectoryIndex directive to work. When I go to the website I can't get the index.html page to display unless I type it as part of the URL. For example, I have to enter the URL http://www.domain.com/index.html; in the browser and I should only have to type http://www.domain.com;. I have the LoadModule directive in for dir_module and the DirectoryIndex was copied from the Mandrake installed httpd.conf. Other directives in the conf file work fine. Mandrake does have its peculiarities when it comes to Apache Web Server. What file types are you listing with your DirectoryIndex? And what file is this entry being made in, commonhttpd.conf or httpd.conf ? drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Directive Help in Apache
Okay, this is getting a bit confusing (could be my simple mind). You want a index.html to open when *only* your domain name is put into the url, right? For Mandrake, put this in your commonhttpd.conf file: DirectoryIndex index.php index.html index.htm index.shtml (and any other file type that might suit your fancy) As for as loading a mod called mod_log.c, uncomment the line in httpd.conf that pertain to loading this module. These two items are unrelated but this is what you can do with both issues drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Carter Harris wrote: In my httpd.conf, I have a directive AddModule mod_log.c; right now its commented out. When I uncomment it, a warning message is displayed saying it is already loaded. Could it be that it is not loaded and therefore the DirectoryIndex directive is never getting executed since it is inside a IfModule mod_dir.c? Does the mod_dir.c run as its own process? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of J. Craig Woods Sent: Friday, December 06, 2002 7:32 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Directive Help in Apache H. Carter Harris wrote: I've been fooling with this for several days and I'm not making much headway. I could really use some expert help. I'm working my way through the ORielly book on Apache and they don't set things up like Mandrake. I don't want to mess up the Mandrake conf because I want to go back to it later. So I have a small website setup for testing. I can't get the DirectoryIndex directive to work. When I go to the website I can't get the index.html page to display unless I type it as part of the URL. For example, I have to enter the URL http://www.domain.com/index.html; in the browser and I should only have to type http://www.domain.com;. I have the LoadModule directive in for dir_module and the DirectoryIndex was copied from the Mandrake installed httpd.conf. Other directives in the conf file work fine. Mandrake does have its peculiarities when it comes to Apache Web Server. What file types are you listing with your DirectoryIndex? And what file is this entry being made in, commonhttpd.conf or httpd.conf ? drjung Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Can't smbumount - permission denied
Why would you be using samba for mounting a linux export to a linux machine? Samba is best used for mounting win32 shares to linux or vice versa. Why not try nfs to do what nfs was made to do... drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Ken Walker wrote: I smbmounted a LM9 machine from a LM8.1 machine last night to tar across some folders. The tar failed after 1Gig with wrote only 0 of 10240 bytes, tar:error not recoverable: exiting now. Now, even as root i can't smbumount the remote share. it just says permission denied. Anybody any ideas even if i log out and then back in again, the mount is still there. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack analysis
This posts warrants another posting. For all of you that are new to security, i.e. firewalls, services binding to ports, and os level securtity, these are good suggestions. Good job, Franki. I would, as well, add another level or step: this would include file security, and rootkit checking. To watch for anykind of change to *every* file on your harddrive, Tripwire can not be beat (IMO). Not only do I use this program for my home network, I use it at work in a very large enterprise environment (Verizon OnLine). Checking for a rootkit is as easy as installing chrootkit at: http://www.chrootkit.org drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Franki wrote: Its not that hard to stay secure with any linux distro, especially if you are not running public servers.. Here are some steps you can look into. (I do all of these, except for hogwash) 1. Run a firewall like gShield to drop all packets to ports you want closed to the net. (all of them unless you are running servers.) test yourself by doing the full scans at http://scan.sygate.com make sure everything is closed, even high ports. (gShield does that by default.) (see other posts about gShield in expert tonight, its the best off the shelf linux firewall I have seen, and really really easy to setup.) 2. in /etc/hosts.deny put one line:ALL:ALL That closes all access to pretty much everything.. (man hosts_access) Then you have to allow those services that you want to provide to your network.. so add something like this to /etc/hosts.allow : sshd: 192.168.0.3 (which will allow ssh access to only 192.168.0.3) do that for all the stuff where you need to allow internal access. pop3, smb, telnet, imap etc etc etc... 3. tell your server apps to limit themselves to the internal interface. --- samba: /etc/samba/smb.conf : interfaces = eth0 (where eth0 is your internal ethernet card.) hosts allow = 127. 192.167.0. (where 192.168.0.0/255.255.255.0 is your internal net) --- xinetd (for pop3 and other similiar services) edit /etc/xinetd.d/ipop3: add to it: only_from = 192.168.0.0/24 (again where the above range is your internal network.) 4. (probably should be no 1.) keep your box up to date using MandrakeUpdate and join the security advisory mailing list at mandrake. 5. (optional, but handy) install portsentry and run it in stealth mode, (portsentry -atcp and portsentry -audp) This will automatically block any IP address's that scan you, (which is the way cracking usually starts.) If you want to go even futher, you could install hogwash as well.. which is like portsentry, but blocks nasty packets not the IP address itself.) Personally if you have done the first 4. then I'd say your far safer then most.. and keep a copy of the config files for next time you install.. you don't have to do all the work each time.. just install and copy the config files back in. I don't even use msec, never had, and unless it gets alot more intuitative, I probably never will.. but do all of the above, you are not going to have any issues.. If your internal services can only be accessed on the internal interface, and you explicitly allow each access to the box via tcpwrappers (hosts.allow/hosts.deny) and your firewall blocks any packets from spoofed internal IP's, (all good firewalls should), and you have no open ports.. (which is to say that everything not NAT (connection sharing) traffic for the internal network is dropped) you are very very hard to hack from outside, as there are no doors to open.. If however you host a dns server, or mail server, or apache web server, then you MUST make sure you keep them all up to date, and limit their access and rights. (mandrake 9.0 does a good job out of the box on this count, for example, postfix runs chroot by default, which means even if it is somehow hacked, it thinks the root directory of the box is /var/spool/postfix, so they can't do damage elsewhere.. As I have said many times above. the first four steps give you very good protection just by themselves.. setup like that, most crackers will give up pretty quick.. there are far to many easier targets out there.. I still have alot of mdk7.2 box's out there running happily with ipchains firewalls and none have been hacked thus far.. just because I follow the rules above.. for a home net server, thats all you need.. if you have a ton of users on your box, and you don't trust them all.. then there is alot of other stuff you can do.. (which i will leave for another discussion.) rgds Frank Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] DNS queries every 20 seconds...
Pierre, Very interresting, can you tell us more, i.e. are these conventional dns_gueries? Are these being sent and received on port 53 (or some other port)? What is the proto, tcp or udp? What kind of flags are set in the IP headers? What does top (or a ps -aux) show? Are these queries going out to gtld and/or root servers, i.e. where are the destinations and/or sources? Do you see any aberrations in your syslog? Might be fun to sleuth this thing out drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Pierre Fortin wrote: What in 9.0 might be triggering DNS queries every 20 seconds for mandrakesoft.com...?? I see this in an ethereal trace. Pierre Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Just checking to see if I'm still subscribed (second try)
engage wrote: It seems that my hosts.deny file keeps getting modified with ALL:ALL Take a look at your msec program, and/or any kind of firewall application you are running, such as Bastille. Look at your crontab for any programs that are running, such as msec. drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Making a SMTP server in my box.
Gonzalo Avaria wrote: Hi experts. I needo to make a question. Like a year ago i did something i don't know how to repeat. I set up my host (local.host) to be the smtp server. It sent mails until i had to reinstall linux and never worked again. So the question is, how can i make my PC a smtp server (only for me) so i can send emails??? that's all. saludos Use localhost.localdomain for your local name (/etc/hosts), and set up postfix to send your mail (smtp, port 25). Mandrake provides some pretty good online documentation for this little exercise. Cheers, drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Making device node
Bruce Endries wrote: Can anyone point me to information on how to make a device node for a scsi tape drive which was added to the system after the install? This is in Mandrake 9.0. There doesn't seem to be any st0 in /dev. Bruce Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Try looking at the man for mknod. It should give you some direction. The trick is the major and minor terms when you run mknod. Maybe this will be a good starting place for you. After years of making special device files, I still have to dig around for the major and minor values. Good luck, and happy hunting... drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Enemies Purchased by Gates
Todd Lyons wrote: Lyvim Xaphir wrote on Fri, Oct 25, 2002 at 12:15:18PM -0400 : I've written before about the relationship between the Democrats and the Entertainment industry (RIAA, etc) and the havoc they are wreaking with our digital rights (DMCA [Digital Millennium Copyright Act], CBDTA [Consumer Broadband and Digital Television Promotion Act]). For those I agree that this is worthy of being talked about... but not here. Move this discussion elsewhere. This thread is not appropriate for a technical mailing list. Todd, I disagree with your assessment. After over three years on this list, I can unequivocally say that you would be hard-pressed to call this list a technical or even expert mailing list. When issues of I lost my root password or how do I create a desktop icon are discussed ad nauseam, we have ceased from being anything but a place for the exchange of ideas, albeit Linux ideas, which is okay too. I have seen, and read with great incredulity, that only about ten to fifteen percent of the posts to this list are of a technical or expert nature. I, for one, think that the future of the open source movement, particularly Linux, is of great concern to this list, and therefore this thread is appropriate to this venue. LX has shared some concerns with us, and it is good to be aware of any source of opposition to the freedom of choice, as it affects are computer endeavors . Kwan (good job) has given us some statistics to ponder. Lighten up, dude, it is all in the nature of being human. Besides, if you are not carefull, we will mutiny, and demand the return of civileme :-) drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A question for real experts :)
James Sparenberg wrote: Pierre, Lets see Cisco, running DS3's between Campuses... Owns the lines, Yep I think they would know the current state of the system. Just cause it's a DS3 doesn't mean its a commercial line. Never used it my self for anything greater than a t-1 (proved that the line pulled in was faulty *grin*) I've also used it to trace down bad dslam's for a couple of folks I know. Many things could cause the problem one of the reasons you're getting flaky numbers could be the problem you are looking for. Pierre, Please resist the urge to flame... too many people carry blow torches. James FLAME! Hell, I come from the seditious sixties, and I carry napalm for those flaming moments... drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] A question for real experts :)
Pierre Fortin wrote: The biggest problem I see on the 'net is the total incompetence at many ISPs (most haven't even heard of an OTDR); but that's for another rant... :^) Suffice it to say, ISPs have lots of diagnostic information available; the biggest problem is that they don't have the foggiest idea where it is, or how to look at it, let alone analyze it... Enjoy, Pierre Dr. J: let's see how many bite on this lure... :^) :^) Did someone mention DNS restructuring with, among many other benefits, greater security, IPv6 protocol, and alternate character encoding methods? Thanks to Ed, my napalm stock has been rotated, and I am ready... drjung J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] I knew I shoulda blown up ol 4hassan.com
et wrote: well after his last problem that had pete calling up and letting him know his server was fubar, now I get virusis from him, some one call and let him know he has bugbear, and offer him a copy of Mandrake. Well, Ed, that just goes to teach you the old lesson: spare the 44 MAG, and live to regret it... -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] VPN Client for Linux
Looking for some suggestions: I need to access my private network at work, and I am looking for a VPN client that will work with a CheckPoint Firewall VPN on a Win2000 Server. I need to tunnel ssh through the firewall, and connect to my sparc machine (SunOS 5.9). I was given a Micro$oft VPN client made by CheckPoint (of course, with username and password) for this task but I would much prefer a Linux VPN client for the aforementioned task. Is one available, and is there some documentation on the web? I have STFW, and found some interesting reading, including freeS/WAN, but thought I might see if anyone on the expert list has some suggestions. I have access to any version of Linux for this VPN client to work on, or with. (yes, LX, this means I am back among the gainfully employed, thanks for you help too) Thanks for any help in this regard, drjung -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ArGoSoft Mailing List Server
[EMAIL PROTECTED] wrote: Command Command not understood. Please send mail to [EMAIL PROTECTED], containing word HELP as the first non-blank line for the list of available commands. ArGoSoft Mailing List Server Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com What in the hell is this? This does not appear to be the business of the expert list. -- J. Craig Woods UNIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Fwd: Ping: wrong data byte #0 error message
Complete ping response: PING 206.245.176.211 (206.245.176.211): 56 octets data 64 octets from 206.245.176.211: icmp_seq=0 ttl=122 time=1099.4 ms wrong data byte #0 should be 0x59 but was 0x5858 ff 79 3d 79 6b a 0 8 9 a b c d e f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 64 octets from 206.245.176.211: icmp_seq=1 ttl=122 time=268.4 ms 64 octets from 206.245.176.211: icmp_seq=2 ttl=122 time=283.4 ms 64 octets from 206.245.176.211: icmp_seq=3 ttl=122 time=251.6 ms In the above case, the wrong data byte occurred for only one of the pings -- in other cases it occurs for 2, 3, or 4 (all of the) pings, but usually (always?) for the earliest pings rather than the last pings. It appears, without the benefit of running a sniffer on your network, that some of your ICMP packets are getting munged while traversing the network. If this happens only occassionally, it might not be a big deal but if you see a lot of this, you might be looking at a bad TCP/IP stack implementation on your machine or some other machine/router between you and your ISP. Try installing and using Ethereal for a better understanding of what is actually taking place on the network. It is a good sniffer, and comes in mandrake rpm binary or source. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] processes not stopping, but eating 100% cpu time
Todd Lyons wrote: Back when ipchains was king, the following line severely cut down on the number of ssh drops that occurred: ipchains -M -S 7200 10 160 but if you're not using ipchains, then that line doesn't do you a whole lot of good. Hey, I know I am anachronistic but I still think ipchains are the king, at least they do what I need done. And to avoid aforementioned problems, I am using the rule: $IPCHAINS -M -S 7200 30 300 That's not to say that I am not using iptables because I am but some habits die real hard. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Resend to LX on nobody's UID...
Damn sympa giving me fits again. Let try this one! Lyvim Xaphir wrote: I've noticed that the account nobody on this system has a user id of 65534. Is this correct? I'm asking because back in the day I used to make backdoor admin accounts using UID numbers higher than 65535. I thought it mighty odd to see a UID number this large naturally on the system. Comments...? LX LX, it depends on the OS, and, for linux, the distro. Earlier versions of mandrake used 99 as a uid for nobody, and Red Hat still uses 99 as the uid for nobody, at least as recent as v7.2. Most current UNIX systems also use 99 as the uid for nobody. You must be using some newer version of mandrake, and the uid of 65534 is correct for that version. Hope it helps, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What to use to analyse Apache logs?
David Relson wrote: At 05:40 PM 8/20/02, you wrote: Hi guys, the title pretty much says it all. I want to look at total traffic and be able to analyse the logs for intrusion attempts any suggestions? -- Have you looked at webalizer? I believe it's pretty good for analyzing apache logs :-) However, it may not be intrusion oriented :-( I agree with the choice of webalizer. It is very easy to install, has a very nice interface with apache, and mandrake delivers a rpm for your convenience. Intrusion detection would necessitate another kind of program altogether, i.e. NIDS. In this direction, I would suggest you take a look at snort. A very nice program that will provide you with numerous alerts for all http traffic to port 80. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[Fwd: [expert] lame server resolving]
oops, forgot about sending it to the list.. -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson ---BeginMessage--- Jay wrote: Hey, my syslog has a dozens of entries similar to the following lame server resolving 'xxx.xxx.xxx.xxx.in-addr.arpa' (in 'xxx.xxx.xxx.in-addr.arpa'?): xxx.xxx.xxx.xxx#53 all with different IP's... As far as I can tell, some client is asking my server for information on an IP but my server doesn't have that information? Is that what lame server resolving is? Jay Are you running a public dns server? What this message means is that some other dns server is running on the internet, and it does not have its namespace in an upstream dns server. This means that recursion is not working for this lame server's in-addr.arpa zone (reverse lookup). This is not your foul up, it is some other person's foul up, namely the person that setup the lame dns server. They did not do it correctly. The reason for asking you if your dns server was public, and, therefore, on the internet was because you need to have at least two other dns servers that have your dns server's namespace in their RR's (resource records). These two other dns servers will point back to your dns server, and they will provide your dns server with recursive functionality. Therefore, you will not be the lame server. I would assume that the x's in your ip address example, from your log file, are NOT your dns server's ip address, right? In this case, some other person has screwed up their dns setup. You can not do much about these messages, except to email the clown, and tell him/her to get their shit together (you will do this to no avail. Take it from one who has tried a time or two). -- Crowded elevators smell different to midgets. Now I have seen some sick sigs in my time but this one is certainly one of the sickest I have ever seen. You win, hands down, with this one. I certainly hope it is attached to all your mail, especially your important business correspondence. The world is in need of this kind of sickness. Keep up the good work :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson ---End Message--- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lame server resolving
Jay wrote: Hey, my syslog has a dozens of entries similar to the following lame server resolving 'xxx.xxx.xxx.xxx.in-addr.arpa' (in 'xxx.xxx.xxx.in-addr.arpa'?): xxx.xxx.xxx.xxx#53 all with different IP's... As far as I can tell, some client is asking my server for information on an IP but my server doesn't have that information? Is that what lame server resolving is? Jay Are you running a public dns server? What this message means is that some other dns server is running on the internet, and it does not have its namespace in an upstream dns server. This means that recursion is not working for this lame server's in-addr.arpa zone (reverse lookup). This is not your foul up, it is some other person's foul up, namely the person that setup the lame dns server. They did not do it correctly. The reason for asking you if your dns server was public, and, therefore, on the internet was because you need to have at least two other dns servers that have your dns server's namespace in their RR's (resource records). These two other dns servers will point back to your dns server, and they will provide your dns server with recursive functionality. Therefore, you will not be the lame server. I would assume that the x's in your ip address example, from your log file, are NOT your dns server's ip address, right? In this case, some other person has screwed up their dns setup. You can not do much about these messages, except to email the clown, and tell him/her to get their shit together (you will do this to no avail. Take it from one who has tried a time or two). -- Crowded elevators smell different to midgets. Now I have seen some sick sigs in my time but this one is certainly one of the sickest I have ever seen. You win, hands down, with this one. I certainly hope it is attached to all your mail, especially your important business correspondence. The world is in need of this kind of sickness. Keep up the good work :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Detecting an Active Network Interface
Todd Lyons wrote: Mark Weaver wrote on Tue, Aug 20, 2002 at 11:04:16PM -0400 : So (thinking on paper), something like: snip if count = maxtries (wow, do I forget valid syntax ;-) ) then wait 30 (??) (give the modem a chance to connect) goto start else issue Internet connection lost, could not restart message (somewhere) fi snip I'll need to brush up on bash syntax and so forth, and if I'm clever I might get rid of the goto. it is written: thou shalt NOT use a GOTO...ever! ;) The force fed us that in assembler and COBOL classes till I thought it was gonna come outa my ears. [root@fiji /usr/src/linux/kernel]# grep goto.*\;$ * | wc -l 187 Comments? :) Don't tell me Linus doesn't know anything about c now :) 201 on my system... Ya, and who says you can't teach an old dog new tricks, even Linus is forever into change... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Some weird routes..
Ricardo Castanho de O. Freitas wrote: Hi, I've got this recently and I would like some input on what this could be... I hope it isn't an intrusion...;-( Tabela de Roteamento IP do Kernel Destino RoteadorMáscaraGen.Opções MSS Janela irtt Iface 211.200.31.150 - 255.255.255.255 !H- - - - 200.176.230.0 * 255.255.255.0 U40 0 0 eth0 192.168.0.0 * 255.255.255.0 U40 0 0 eth1 127.0.0.0 * 255.0.0.0 U40 0 0 lo default 200.176.230.1 0.0.0.0 UG 40 0 0 eth0 the very first one (211.200.31.150) it's from HANARO Telcom (Korea... where else?) It's not the first time though Any light? Very suspicious indeed! What does your output from netstat -ltnp show you? Or you can try netstat -an | grep ESTABLISHED, and see what that output looks like. You must immediately start investigating (you are in good shape to do this if you loaded some defensive programs, i.e. root kit checking, tripwire, msec, etc.) I do not know your network setup but I can see no reason why a foreign ip addy would be part of your routing table. Did you run a netstat -rn too? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Remote Telnet Session Disconnects
JOHN HEMMER wrote: There is a remote Linux system that I telnet into. If I leave the session idle for more than 5 minutes, I get logged out or disconnected. I have read the manual pages for telnetd and have searched through Running Linux by O'Reilly, but I cannot find any reference to where the idle time is set for remote telnet sessions. Can anyone help me? TIAA John Sorry, John, but I do not use telnet and I would not use it (too vulnerable to security attacks). Now if you were using ssh, I could tell you where to find this particular timing param drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Internet Sharing a Cable Modem
Sevatio wrote: I'm trying to share an internet connection from a cable modem (attbi) that provides me with a dynamic IP address. My sharing PC is running LM8.2 w/ two NICs. My LAN has 3 linux 2 windows boxes. I used Mandrake Control Centre to setup the connection sharing. But something is still screwy in that sometimes it works and sometimes it doesn't; especially the windows machines. My questions are: Where's a good place for reading about how to set this up? and then I noticed that Mandrake Control Centre set both the LAN WAN NICs to have the same IP 192.168.0.1 . Is this going to confuse that PC? If so, what IPs are typically assigned for internal and external in this situation? Hit google for howto's on networking. And, Yes, it will confuse the hell out of the machines. It is wrong. Find out which nic is your internal and which is your external interface, i.e. eth0 and eth1. This can be a little tricky but how I solved it was to see which one would pick up ip info from the isp's dhcp server, and then I knew it was my external nic. Hard bind the other (internal) nic to class c private ip addy, 192.168.0.1. Set up gateway address on lan machines, set up NAT and IPMASQ on your linux server, make sure you get the routing right, and you should be ready to ride... I know, easier said than done but stay at it. It will start to make sense. Post any questions here. A lot of people here have setup what you are trying to setup, and when you get it working, we can talk about firewalling, msec, tripwire, snort or any other NIDS you might fancy, and all the other fun stuff... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hey Civileme
Lyvim Xaphir wrote: Christ, JC!! You too? Depressed, LX Ya, me too! I have been doing some 1099 work around the country but here in the last few months, things are really drying up in the IT sector. It is really tough out there. I don't think we will ever see the good times again, like the job I did for Charles Schwab Company at $105.00 per hour, and that was just last year. Ah! But to pine away for the good old days... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Hey Civileme
, including Solaris, Linux, FreeBSD, OpenBSD, BSDi, HPUX, IRIX, and all versions of Windows including NT/2000/XP. Security Tools: I have used most popular commercial and open source security software. Special Projects: I created the Whitehats website (http://whitehats.com/) as a resource for other network security professionals. I authored the arachNIDS intrusion event signature database (http://whitehats.com/ids/) that is used by thousands of users and administrators to detect attacks against their networks. I have contributed to the development of Nessus as well as the Snort IDS. I am a member of the Honeynet Project, a security research group that focuses on digital forensics through the use of honeypots and other security tools. Use securityfocus.com or google.com to search for my postings to various security lists. EXPERIENCE Network Penetration Analyst, Max Vision Network Security (Berkeley, CA) Developed a profitable consulting practice meeting the security needs of Internet giants by providing penetration testing services. Authored proprietary security assessment software for discovering network resources, generating proposals and conducting audits using the latest cracking techniques including zero day exploits. Maintained an industry exclusive quality standard that guaranteed thorough analysis for every customer. Exploit Developer, Entercept Security Technologies (San Jose, CA) Researched and developed exploit test cases for the Solaris version of the Entercept intrusion prevention software. Provided detailed documentation and wrote code to demonstrate vulnerabilities where necessary. Network Security Architect, Globalstar L.P. (San Jose, CA) Deployed and managed Checkpoint FW-1 firewalls. Implemented VPN and PKI elements of an extranet solution that tied corporate partners together online. Conducted security assessments and a review of corporate security policies. Senior Penetration Engineer, MCR (San Francisco, CA) Performed penetration testing of client networks. Maintained a 100% penetration rate. Unix System Administrator, Mpath Interactive (Mountain View, CA) Maintained Solaris servers in a distributed environment. Authored network and log monitoring tools to increase efficiency. Network Configuration Technician, IBM (Seattle, WA) Technical Support Technician, Spry Internet (Bellevue, WA) Technical Support Technician, Traveling Software (Bothel, WA) Technician, HiTech Systems, Inc. (Boise, ID) -end of post- I am also job hunting again, things are tough all over. Hang in there, buddy. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake Club advocates: Post Positive
civileme wrote: I am one of the people bit by the cutbacks to keep Mandrake afloat and I STILL agree that their policy is on track. The idiots (and I can and will use that word for the lamers whose heads are so wrapped up in business they can't see five minutes into the future, now that I am not a Mandrakesoft Employee) who retreat to the tried and true business principles practiced successfully only by monopolies the minute the going gets a little rough, simply do not understand this market NOR do they notice where Mandrakesoft's assets are. Civileme Ah hell! Does that mean your off the list for awhile? It seems like only yesteday that you were getting back from your last leave of absence. My, how time does fly. Well I am sure conditions will improve, and you will be back again in some official role. I guy with your experience will always land on his feet Good luck, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] setting IRQ on a pci card - Instability problem solved
HoytDuff wrote: I suspect that DRM would be an XFree86 problem? You appear more technically atute than I in this matter (and have arrived at a solution), so would you do the bug report? I doubt that it is something that Mandrake would handle other than perhaps placing an eratta on the 8.1/8.2/9.0 lists. James, Have you noticed that, when they want *you* to do the job, there is always a compliment or two that will come your way? You gotta love it... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] trouble with libopenssl0 upgrade
engage wrote: The problem turned out to be with mod_ssl-2.8.5-3.1mdk. I uninstalled 2.8.5-3.1mdk and reinstalled 2.8.5-2.1mdk and that got the server running again. I don't know why the upgrade crashed the server. I'm running 1.3.22-10.1mdk of the Apache server. rpm -qa | grep apache yields: apache-1.3.22-10.1mdk apache-common-1.3.22-10.1mdk apache-suexec-1.3.22-1.1mdk apache-modules-1.3.22-10.1mdk apache-conf-1.3.22-1.4mdk apache-manual-1.3.22-1.1mdk apache-mod_perl-1.3.22_1.26-4.1mdk Hmmm, very strange, very strange indeed! I am running the very same apache version with some differences in other components. Here is my stdout on rpm -qa | grep apache: *apache-suexec-1.3.22-1.4mdk *apache-mod_perl-1.3.22_1.26-2.1mdk apache-modules-1.3.22-10.1mdk apache-manual-1.3.22-10.1mdk apache-1.3.22-10.1mdk apache-common-1.3.22-10.1mdk *apache-devel-1.3.22-10.1mdk *apache-source-1.3.22-10.1mdk apache-conf-1.3.22-1.4mdk * indicates the difference. Now my upgrade to mod_ssl-2.8.5-3.1mdk worked real nicely. Do not give up, this is a security risk. It will work, if you make it work. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] trouble with libopenssl0 upgrade
engage wrote: I am trying to update from libopenssl0-0.9.6b-1.1mdk and libopenssl0-devel-0.9.6b-1.1mdk to 0.9.6b-1.3mdk per Mandrake Advisory MDKSA-2002:046-1 for Mandrake Linux 8.1. I did get openssl-0.9.6b-1.1mdk to upgrade to 0.9.6b-1.3mdk but when I try to upgrade the libopenssl0 package with rpm -Fvh libopenssl0*-0.9.6b-1.3mdk.i586.rpm, all that happens is that I'm returned to the command prompt with no action performed. I tried rpm --rebuilddb but that didn't help either. I think this is why my Apache server won't start anymore, also (see below). I could not tell, by your message, but are you saying that the libopenssl package *did* upgrade, and that the libopenssl-devel did *not* upgrade? If this is the case, did you try rpm -Uvh --force or did you experiment with any of the other switches available with the rpm command? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] trouble with libopenssl0 upgrade
engage wrote: Neither libopenssl0 package installed with the -Fvh switch but they did install with the -Uvh switch. The Apache server still won't start, though. Mandrake needs to provide better instructions for manually updating packages. I can't get the new kernel 2.4.18-8.2mdk to work either. To be honest with you, engage, I think that F switch (freshen) is useless. If I am doing an *Upgrade* on a package, I use the U switch, and, if I want to freshen up, I take a bath, i.e. what the hell does freshen mean with regards to upgrading software? (watch, someone will attempt to answer that question. Don't bother, it is rhetorical) There is no *real* difference between the two except that U works, and, most of the time, F does not. Not sure what broke your Apache. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Why won't Apache let me run shell scripts?
David Guntner wrote: Actually, Brandon hit it on the head. slaps forehead I should have noticed that the directory permissions would have kept the Apache user from getting to anything there Thanks, though! Yes, he did, and I should have seen the absence of said bits too. However, out of curiosity, did you add options, such as Allow from or Deny from to the directory options in your conf file? And, if not, how will you control which client machine or user will run these scrips? Assigning directory perms will only solve part of this control issue for your cgi directory. Just curious, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Via Apollo
Arnold Troeger wrote: I have a mainboard with the much maligned VIA Apollo chipset on it. I'm running the latest 8.2 kernel (2.4.18-8.1mdk). VIA has a patch for this chipset (http://www.viaarena.com/?PageID=88) but it's for the 2.4.18-6 kernel. I will try the patch on the new kernel source anyway but I was wondering if any of you had any thoughts or advice on this. Much maligned? I do not know who is maligning this chipset but I have an old Apollo PRO (VT82C691) chipset with the south bridge (IDE) 586, and it hums like a bird heading south for the winter. Albeit, it is on a machine with the 2.2.19 kernel (I'll never give up my 2.2.19 kernel on my gateway server). What kind of support are you looking for, i.e. display driver, IDE driver, sound driver, etc? Are you looking to support that *infamous* ProSavage DDR display? If you were to send us the output of a lspci, and tell us a bit more of why you need the patch, maybe we could help. I would be very careful about using a patch version that was made for an older kernel version, especially since you have the newer kernel version running on your machine. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
James Sparenberg wrote: David If you find Tripwire a bit much to install you might look at Snort (from freshmeat) it's a little less of a hassle to install and is on par with the free version of TripWire. James Apples and oranges: they are two *completely* different programs. Snort is an NIDS, and tripwire is a current image of your filesystem. Snort (intended purpose) is to show you how the cracker got in but will not stop him/her from getting in (obviously, to stop intrusions is a function of your firewall and related protective measures). Tripwire (intended purpose) will show you where the cracker went and what he/she did on your system. I would never consider running a network connected to the internet without both of these tool installed, configured, and humming along, as well as *ALL* the other elements in place too... BTW there are mandrake rpm's for both snort and tripwire (rpmfind.net). drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
James Sparenberg wrote: DrJung, Your are again as you very often are, correct. However I suggested Snort because it is a possible intrusion that he has, not just a changed file. Tripwire doesn't tell you for example where the intruder is coming from. I find this to be a lot more useful than just knowing that something changed. The idea of using both is worthy of a thought. But being the paranoid I am I usually just pull the drive and do a postmortem wipe it and start over. Why? Because although Tripwire tells me what has changed in the files it checks, it doesn't tell me what changed in the files it doesn't check or didn't exist before. This is by the way where I find partimage to be very useful. Just image a partition before connecting the box to the world and after it runs the way I like then if anything does happen.. wipe and restore from images... much faster than a full install. And hackers have a hard time editing things they can't find like in my office safe. James James, you are absolutely right, as you tend to be right on many ocassions also, that once a change is detected with tripwire or an intrustion with snort, it is time to put the recovery plan in motion. And everyone should, sure as hell, have just such a plan for just such circumstances drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
James Sparenberg wrote: On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number of compromised M$ boxes. I've alerted ATT but so far no answer, (it is Sunday though). So for the moment I'm blocking the entire IP block. . It's coming from NJ. See the logs snippet below. Yep, Over the years, I have never heard back from ATT when I have reported abuse to them. Like so many big cats, they do not give a shit about you and I. But if you think ATT is loaded with those crummy M$ boxes running infected IIS crap, check this out: I started blocking M$ boxes coming from the GTE network. I started with the CIDR notation you are using 24. The problem was so pervasive that I now have the entire netblock of ip addresses being shit-canned at my firewall, i.e. 4.0.0.0/8. You can bet that put a stop to my logs feeling up with unwanted IIS crap. Just goes to show you that if you take pride in being a good SA, you do not work on a M$ server if you can help it drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
Rob Gillen wrote: Some of you might already be familiar with the strange way that Linux will often disallow umount-ing or listing directory contents of a mounted smb share, returning the error text, Input/output error. I believe this error happens when a smb share is mounted, then that remote share is removed. This is a seriously annoying problem, because restarting Samba does not solve the problem, nor does changing runlevels. Which is why I think it may be a kernel-level problem. I have tried changing the runlevel to [S]ingle level user, which is running pretty much nothing save kernel processes and a simple shell. At this level, a 'mount' command still shows the shares to be mounted, and also at this level it is still impossible to umount them. The only solution that I have found so far is rebooting, which I think is an unacceptable way to handle such a problem. I do not believe this is a samba bug per se. It does, however, point out some things you should be aware of in regards to any *nix type system. When you mount a remote directory, using ether the smbmount or mount -t smbfs commands, you have called a daemon to run on your linux machine. This daemon is spawned by the command /usr/bin/smbmount, and it will run until you umount your remote directory. Now you are saying that someone comes along, and kills the machine you have mounted the remote directory from. The problem now is not samba: it is that you have a daemon running that can no longer make a connection to the dead machine. You can restart the samba services until hell freezes over but it will not help you. You must stop the samba mount daemon that is running. If I have a remote directory mounted via smbmount on my linux machine, and I do a ps -aux | grep mount, I will see the daemon. In my case it looks like this: root 591 0.0 0.2 3748 1648 ? SJul28 0:00 /sbin/mount.smbfs (if you run ps -ef | grep mount you will actually see the name of the remote directory, such as //windows_name/c$. Some of this may vary according to the way you called the daemon, i.e. smbmount or mount -t smbfs) Now, no doubt, because the remote machine went down, I am a bit foobarred but if I simply run a kill -9 on the correct pid, I should be good to go. Some things not to do when samba mounting. Do not do a hard mount, i.e. do not make entries for your mount in /etc/fstab. Do make it a soft mount Because machines can and will go down, especially M$ junk, do your smbmount, take care of what you want to do, and smbumount as soon as possible. Try to make sure that the M$ machine is not turned off by some knucklehead while you are in the smbmount mode (good luck on this one). Now the interesting part. During the time that I could not remove the unmountable mounted smb shares, the dhcpd daemon also seemed to start malfunctioning. Well, as James S. pointed out, if you went into a major eat cpu cycles because you had a daemon, i.e. smbmount or mount.smbfs (this latter daemon is just a symlink to smbmount) running amuck, it is possible that it foobarred dhcp on your machine. Again, no need to reboot or restart samba, just kill...kill...kill... Hopes it makes sense, and helps drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
David Guntner wrote:
Hi,
This morning, I ran chkrootkit on my ML 8.2 system, and everything turned
up with the usual nothing found message, except the last one. It came
up:
Checking 'sniffer'... Checking 'wted'... 2 deletions found between {time}
and {time}
(The {time} is just me saving myself some typing - there were actually
times present. :)
Question: Based on this, is my system likely to have been compromised or
not? For that matter, what's wted?
Looks like it is telling you about some file deletions. Did you do any
file deleting between the times listed in the message? Chrootkit is a
*good* program for doing what it is designed to do: that is find
rootkits. To monitor files, all files, i.e. file perms/attribs that
change, changed md5 info on files, additions/deletions of files, etc.,
you really should try using Tripwire in conjunction with chrootkit.
David, from what you have posted, it is difficult to say if you were or
you were not cracked but I would be very suspicious, and do a bunch of
greps on your other log files, esp auth and security logs...
drjung
--
J. Craig Woods
UNIX/NT Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Intel PRO/DSL 2100 Modem ?
Sevatio wrote: Have any of you been able to get the internal DSL modem from Intel to work under Mandrake? (Intel PRO/DSL 2100 Modem) No I have not but, then again, I have not tried. Have you looked to see if it is on the hardware list of supported devices for whatever version of mandrake you are using? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Curl vs Wget
James Sparenberg wrote: rsync is what we are moving away from because, it doesn't have what is needed. (Can't go into details sorry) I'm not trying to sync. I'm trying to download specific pieces of data or other products. wget and curl both work but I'm tasked with finding out which one other developers/users prefer. James James, it sounds like you are doing nothing more than a survey on curl vs wget. My vote is with wget. Why, you ask? I have used it a long time. I am comfortable with it, and I like the way it displays info about downloading data. I don't really think that there is much difference in what occurs with the actual transmission of packets between the two methods, i.e. same tcp/ip implementation, same flags set in the ip headers, and most likely (I have not run a test so don't hold me on this one) the same tos, ttl, iplen, and dgmlen. In other words, you pick em drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting printers
civileme wrote: There are easier solutions, but based on the history of the respondent, this is the answer I would give... simple and proof against dingbats with an attitude. Civileme Now any solution that is both simple and dingbats with an attitude proof is a solution I want to use. I would also hope that it keeps such people from pestering me as well... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to export fonts to thin client
M.S. Hughes wrote: I am running MDK 8.2 on a machine with IP address 192.168.0.5. I've edited my /usr/share/config/kdm/kdmrc file to have: [Xdmcp] Enable=true so that I may log into 192.168.0.5 from a windows machine running Hummingbird Exceed. (There are no firewall issues here since both machines are behind the same firewall) My problem is that applications like kterm and mathematica report they are unable to find the fonts they need. I've checked the e-mail archives and can't find anything that seems to directly relate to this I've tried editing the /etc/rc.d/init.d/xfs file so that xfs uses port 7100 instead of port -1 X wouldn't even start. So I changed things back and added edited the /etc/X11/XF86Config-4 file to contain: FontPath unix/:-1 FontPath unix/:7100 and things still don't work.(but at least X still works) Any suggestions would be appreciated. It would be easier to have X forwarding set to yes, ssh into the machine, and, if necessary, export your term display on server. You can just use what the server offers in the case of fonts on the client. I have used Exceed on win32 platforms many times to do just this, and it works just fine. Your pipes should be more than adequate since you are on a lan. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Problem using vmware 8.2 kernel header does not match
Erik Kaffehr wrote: Hi! I have upgraded my 8.2 with latest kernels, and now I can't run v,ware-config.pl, because kernel header version does not match 2.4.18-8.1 vs. 2.4.18-6. It seems to me that there is a mismatch between versions for kernel rpms: root@magnum ekr]# rpm -qa | grep kernel kernel-source-2.4.18-8.1mdk kernel-2.4.18.6mdk-1-1mdk kernel-2.4.8-34.1mdk NVIDIA_kernel-1.0-1541 kernel-doc-2.4.18-8.1mdk kernel-headers-2.4.18-25mdk [root@magnum ekr]# Please see the thread I started just a day or so ago (kernel header packet?). You are pretty much asking about some of the issues that were discussed. Your mismatched kernel components look like a disaster about to happen. Although some people, i.e. Charles, James, and Alex, had some good input into this discussion, I did not see any satisfactory answers to my delemma. This was because no kernel headers are being back ported to the kernel version I needed to update on a LMDK8.0 box. Since you are using the newest mandrake version, I would hope that mandrake does have some solution for your particular problems Good luck, drjung -- J. Craig Woods UNIX/AIX Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] kernel header package?
Greetings, It has been awhile since I built new rpm binaries from the kernel source rpm package. After building kernel rpm packages from the kernel-2.4.18.8.2mdk-1-3mdk.src.rpm, I have noticed that there is no kernel headers rpm package. Is this something new, and is it by design? If the kernel headers component comes from another package, other than the kernel src rpm, would some kind soul please advise.. Thanks, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] kernel header package?
Alexander Skwar wrote: So sprach J. Craig Woods am 2002-07-14 um 13:57:52 -0500 : kernel headers rpm package. Is this something new, and is it by design? Yes, yes. If the kernel headers component comes from another package, other than the kernel src rpm, would some kind soul please advise.. [askwar@klama askwar]$ rpm -qpi /RPMS/kernel-headers-2.4.18-35mdk.i586.rpm Name: kernel-headers Relocations: (not relocateable) Version : 2.4.18Vendor: MandrakeSoft Release : 35mdk Build Date: Tue Jul 9 08:52:32 2002 Install date: (not installed) Build Host: no.mandrakesoft.com Group : Development/KernelSource RPM: glibc-2.2.5-10mdk.src.rpm [...] Alex, what in the hell are you saying? I should use kernel-headers-2.4.18-35mdk.i586.rpm with the rpms I made from building the kernel-2.4.18.8.2mdk-1-3mdk.src.rpm package. Now that does not make any sense at all, my friend. My building of the kernel rpms from a src package is for a mandrake 8.0 box, and the version for the upgrade is the version recommended by the mandrake folks. Again, I ask, what's up, mandrake, where in the hell are the header files for the version kernel-2.4.18.8.2mdk-1-3mdk.src.rpm package? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] kernel header package?
James wrote: Dr, I've got the same trouble here when I try to build something (like AFS) against them it says it can't find them or that they don't match the kernel I'm using I'd like to know what gives as well. It turns out the only Kernel headers I have are for 2.2.19... James On Sun, 14 Jul 2002 13:57:52 -0500 J. Craig Woods [EMAIL PROTECTED] said with temporary authority Greetings, It has been awhile since I built new rpm binaries from the kernel source rpm package. After building kernel rpm packages from the kernel-2.4.18.8.2mdk-1-3mdk.src.rpm, I have noticed that there is no kernel headers rpm package. Is this something new, and is it by design? If the kernel headers component comes from another package, other than the kernel src rpm, would some kind soul please advise.. H, now it gets stranger. Thanks, James, for the feedback. After building all my kernel rpm packages from the kernel src rpm, I indeed felt that there was trouble in MandrakeLand when there was no kernel headers rpm. C'mon, Mandrake, you have to have kernel headers for a lot of different programs to install correctly, such as your AFS program, James. I would never upgrade to a kernel that did not have header files. Maybe one of those great mandrake kernel-coder fellas will chime in on this one. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] kernel header package?
Charles A Edwards wrote: kernel headers are now included as part of glibc. You need to install kernel-header-xxxmdk.i586.rpm for your version of glibc unless you also wish to build it from source. Charles Okay, let's try to simplify this situation. As previously stated, I am attempting to upgrade my kernel on a LMDK 8.0 box. The Mandrake security recommendation states to upgrade to kernel-2.4.18.8.2mdk-1-3mdk. OK, simple enough, I wget the kernel src rpm, and build my rpm binaries. OK, so far? Now I realize there are is NO kernel headers rpm. My LMDK 8.0 has the upgraded glibc rpms, i.e. glibc-2.2.2-6.1mdk (glibc, profile, and devel included). OK, so far? Now where do I find the version of kernel headers that match my glibc level? And, Charles, are you saying that is must be named kernel-headers with the current glibc version numbers in the name, i.e. kernel-headers-2.2.2-6.1mdk? Mandrake has lost me, please refer me to the documentation on this radical change in building a set of kernel rpms. I have searched high and low only to find nothing, not even on the mandrake kernel upgrade page. Thanks to all who are contributing to this thread. I fear James may be right in saying that mandrake has foobarred us with this new strategy. I hope I am wrong drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] kernel header package?
Charles A Edwards wrote: kernel-headers Was Not apart of glibc prior to 8.2 kernel-2.4.18.8.2 was an update kernel built specifically for 8.0 and done on an 8.0 system. Absolutely correct, and that is why I was going to use it. I have upgraded my 8.0 kernel once in the past so it is not the stock install kernel. It is currently upgraded to version kernel-2.4.8-31.2mdk. I think, until some one from mandrake chimes in, I will leave it at this level. Since there is no update kernel-header rpm I can only assume that it is built to work with the stock 8.0 kernel-header. An easy test it to see if you can build the NVIDIA_kernel.src.rpm. If you can then everything with is OK. The point you make is exactly why it would be nice to hear from mandrake about the issue of compatibility between new kernel upgrade, and if this new kernel can use headers from an older kernel package. At this time, I do not feel much like hacking around on a laptop system, especially one that I spent considerable time hacking on to get pcmcia services to work nicely. Putting kernel-headers in glibc was not a Mandrake thing. This is an across the board change that will affect all distros. Mandrake 8.2 and RH 7.3 are already at this level, I have no first hand knowledge of any of the others, so I can not speak to their current releases. But they too, unless they choose to say dead in the water, will change since providing an update glibc and kernel packages will require it. I do *now* understand this much better, and that is in no small part due to your excellent and very helpful replies, Charles, and et al. There is still no excuse, that I can think of, for mandrake not to make headers files for a kernel version that has not yet moved into the new kernel methodology. Just my two cents worth... Thanks to all that helped, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
logic7 wrote: My brain isn't working right now... How do I block an IP address or range of IP addys from getting into my server (maybe having port sentry drop 'em off)? Depends on your firewall methodology: if using iptables, write iptable rule; if using ipchains, use ipchain rule. Search the docs (online or offline) for syntax on rules. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
Damon Lynch wrote: On Sat, 2002-07-13 at 13:36, J. Craig Woods wrote: if using ipchains, use ipchain rule. If using this, the script pmfirewall might come in handy. Don't know if it works with 2.4 kernels though. It may do. Damon Nope, pmfirewalls does not work with iptables but I sure wish the hell it did. You are totally right on, pmfirewall rocks! On his web page, the creator says he wants to get around to doing a program that supports iptables. Maybe if we offered him some money, he would find the time :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] OT - sorry, test, ignore
Michael Holt wrote: Mail server died, just fixing, please ignore. -- Hey Michael, did that mail server die because of too much traffic on Ramsey? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] gprintf command not found
phoenix wrote: gprintf is missing [root@horace init.d]# locate gprintf [root@horace init.d]# [phoenix@horace phoenix]$ gprintf Hi bash: gprintf: command not found [root@horace root]# urpmf gprintf [root@horace root]# I've worked around this before but I can't remember how. Jim Tarvid I too have found the gprintf command in various new scripts that I have installed. It will not work on Mandrake or Red Hat. I usually just change the script to read printf in the place of gprintf. I have searched rpmfind for such a binary but to no avail. If someone knows of the package that installs gprintf, I would sure love to hear about it. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] gprintf command not found
phoenix wrote: It used to be in the gnu sh-utils (I think). My memory is shot. Jim This can be a common result. I have found that putting the crack pipe away does wonders for reclaiming some memory :-) Thanks, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Flashing 'D' on console! What the heck?!?
Ricardo Castanho de O. Freitas wrote: Hi there! Once is a while I got a flashing D (green) on the console! Does anyone know about that? It's rather strange As I got a ADSL 24x7 (well, at least I try to...) I'm concerned about being compromised! Any hints? Could be you've been cracked by an alien from Dextron! Wherever the hell that may be. On the serious side, make sure you are locked down tightly with firewall, NIDS, such as snort, file protection, such as tripwire, a good program for detecting rootkits, and do learn about using msec. You can not do too much to be safe. That would be like having too much money.. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] setting up sound in 8.2
James wrote: On 08 Jul 2002 12:45:26 +1000 Darren King [EMAIL PROTECTED] said with temporary authority Really. I don't have the pc speaker hooked up. So why is is that if I put my ear to the speaker that is connected to the sound card, I can clearly hear the beep coming from there? Well paint me red and call be embarrassed. I guess your term does go through the sound card. Surprised I am. I've never seen/heard this but I don't doubt you since your the one sitting in front of the box. Tried to make one of mine do it no such luck... OK, you are painted red, and hello embarrassed. Actually there is some silly setup switch in the gui, such as KDE, where you can have your system beep (term) go to your external speakers, as opposed to using the system speaker. I've used it in the past but don't really remember where the switch is, and I don't really care either. Maybe this function is turned on for the user having the sound problems but it does not mean the sound card is fully setup to do all you would hope that it can do. I think we would need to know a bit more about the problem in order to diagnose it from afar... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] very active NIC
Ken Hawkins wrote: Thanks, but I already have a basic monitor like thatI was looking more along the line of traffic analysis; others I've talked to are also seeing a lot of traffic, basically network noise but we would like to track it down to see which NIC/IP address the traffic is from/to. Perhaps a gnutella server; we had to shut a couple of these down before. K KEN, It sounds like you are looking for some kind of network sniffer, and if that is the case, I would suggest something along the lines of Ethereal or DSNIFF. A network sniffer will capture and analyze network packets, showing headers and payload. If your interest is in finding out if a SYN, ACK, FIN, etc, flag is set in the packet header, or you want to see from what machine (PORT, IP ADDRESS, MAC) the packet came from, and to see the destination machine (PORT, IP ADDRESS, MAC) of the packet, network sniffers are what you use. You can, as well, glean a lot of other network info from running a sniffer too. Happy sniffing, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ftpd question
FemmeFatale wrote: Thx :) Interesting bit of reading. :) Must try this someday myself if only as an exercise. Femme Try it, you might like it :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Miscellaneous 8.2 Terminal Hangs
et wrote: what shell are you using? (bash? korn?) what Msec level are you at? And just as importantly: what shell have you set up for the users that you are trying to su to? Make sure all user that ssh in, and users you might su to, are setup with a default shell... On Wednesday 03 July 2002 01:35 pm, you wrote: I've tried to query all of you gurus before regarding various hangs on my system, but as far as I can tell, nobody has replied to my question. So, I'll give it a go again. I've read everything on the mailing list that was written in the last three months about system hangs and freezes with both 8.1 and 8.2, but none have addressed the problem that I have been seeing. Most have described complete system freezes where nothing could be done besides a reboot, but what I am seeing is a bit different. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] GDM doesn't remember default/last desktop
Dave Sherman wrote: On Tue, 2002-07-02 at 09:07, K Montgomery wrote: (Just read my posts for clarity on that. Try at your own risk. :D) - Kathy I went to the archives and followed what you did, Kathy. GDM defaults to Gnome now :-) Thanks! -- Dave Sherman Kathy you are the woman! And another satisfied customer returns to his keyboard. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] can someone tell me?
Todd Lyons wrote: Addendum: The dns resolver on the client end will randomly pick one of the AUTHORITY servers. The end result is that your server will still get on average 1/3 of the requests, so no, it's no ok. You need to remove that dns server from being listed as authoritative. Thanks for the info Todd. I was under the apparently wrong impression that the client resolver would use the first available server in the AUTHORITY SECTION, i.e. the first one that is not busy at the time of the inquiry. I did not understand it to be a purely random process. Thanks for disabusing me of a long standing misconception. Keep up the good work. It is nice to see postings from the Mandrake people. I dare say that civileme has been as busy as a one-legged man in a ass-kicking contest. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Curiosity on POP3
James wrote: On Sat, 29 Jun 2002 06:56:16 -0500 Michael Viron [EMAIL PROTECTED] said with temporary authority Not sure how you would go about doing that, but you could firewall off access to it from the outside (ie, via the external nic). Doing that now just looking for something a tad more elegant *grin* Thanks. James What about some variable in the pop3 config file. I do not run pop3, and I do not know what version you are runnig but most services, i.e. samba, smtp, snort, offer some setup options in the config files. I know, James, I am stating the obvious but... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Funny Stuff (was I made it -- 1 year uptime)
James wrote: memory leaks my ass... :) .. this sounds painful. Have you seen a doctor about this condition? -- daRcmaTTeR Shit! Now that was funny. James, I just thought you might like to know that you gave me my best laugh today. Funny stuff... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Apache config fails after using Webmin
Carl Lindgren wrote: Can anyone tell me why after adding a virual host in webmin, apache seems to not work properly. MDK 8.2 Carl Lindgren C. R. Lindgren Consulting Minneapolis, MN You need to post a *lot* more information about your problem. I will just tell you that the problem is that you used webmin. Webmin, like so many cute gui programs, will just screw up config files. Edit your apache config files by hand, and if you do not know how, learn how now. It will make your life a lot easier in the future. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] an old sendmail problem
Lyvim Xaphir wrote: On Thu, 2002-06-27 at 16:11, daRcmaTTeR wrote: actually at the moment neither I, or any of the other users on this machine are using .procmailrc files. as I mentioned on another post this is definately a version problem because this behavior goes away if I take 8.11.x outa there and then install sendmail-8.9.x in it's place. I'm mystified as to why this is though. -- daRmaTTeR The daemonic behavior of sendmail is indeed often confusing. LX Please note the play on words that LX has used in this example. It is not only very clever but he has indeed coined a new term. LX, your grade school grammar teachers would be very proud of you... Cheers, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] HACKED?
David Rankin wrote: Guys, Gals: It looks like I may have been sucessfully hacked! I don't know and I need your help to find out. I have had many fols test my security, but nowone has gotten in until now. The following appeared in a review of my syslog: Jun 17 23:52:57 Nemesis xinetd[27314]: START: ftp pid=26954 from=210.180.201.125 Jun 17 23:52:59 Nemesis xinetd[26954]: USERID: ftp OTHER :root Jun 17 23:58:35 Nemesis xinetd[27314]: START: telnet pid=26963 from=127.0.0.1 Jun 18 00:08:02 Nemesis xinetd[27314]: EXIT: ftp pid=26954 duration=905(sec) The 210 IP is some Korean address from the Asian Pacific Network. My first question is does it look like a successful hack? Second question is, if so, what do I check to find out if they caused any harm, installed a root kit, etc? As always, thanks for any help you can provide. David, say it ain't so. You are *NOT* running a ftp service on your computer connected to the internet, right? Well it looks like you are doing just that. What type of ftp client, and what version is it? Are you running any kind of of file monitoring, such as tripwire? Do you have any programs for detecting rootkits? What is msec reporting about system and file changes? Time to start checking md5sums against original files off the install media. And shut down ftp immediately, if not sooner drjung J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] I made it -- 1 year uptime
James wrote: Jan, I've got windows98 with 3 years uptime. 3 years time, up on a shelf gathering dust. *grin* James James, no doubt about it, you are one sick puppy, and I love it. I had a bunch of NT and assorted windows' discs, and I used them for target practice with my new 9mm. They worked really very well drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] I made it -- 1 year uptime
James wrote: Jan, I've got windows98 with 3 years uptime. 3 years time, up on a shelf gathering dust. *grin* James James, no doubt about it, you are one sick puppy, and I love it. I had a bunch of NT and assorted windows' discs, and I used them for target practice with my new 9mm. They worked really very well drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] an old sendmail problem
daRcmaTTeR wrote: On Wed, 26 Jun 2002, Todd Lyons wrote: Look in his home directory for a .procmailrc file. If he has it, make sure that the permissions are mode 600, owned by him (Look in /var/log/mail/errors for lines that say Suspicious permissions of .procmailrc or something similar to that. Then go look inside his .procmailrc and make sure that it's working properly. Go look at /var/log/mail/errors in general, it might point out what the real problem is if it's not procmail. Blue skies... Todd Todd, it doesn't appear to be a procmail issue. as I remember it this was in issue with this particular version. it's been quite some time since i've worked with sendmail so the error information below isn't exactly making any sense yet. Not sure where the Toddmeister is going with the .procmailrc file. I am running boxes from lmdk 7.2 through 8.2, and no such file is found in any user's home directory. I hasten to add that procmail, in conjunction with both sendmail and postfix, runs just fine for every machine on the network. Doing configuration in sendmail.cf is like learning a new language. darC, any reason for sendmail over postfix? What distro of linux is on this machine? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hostname and postfix
Mike Rambo wrote: My answer included the following which was itself part of an earlier question Praedor asked. DrJung (I think - I've already deleted the mail so I can't be sure) expressed the idea that questions were being answered by folks on the list but that Praedor might be missing some of the steps along the way in trying to implement the solution. I was trying to emphasize the answer to the question that was asked. Apparently I didn't do too well... Mike, you did just fine. This thread has been kicking around for literally months. I have seen at least a half dozen good answers, such as the one that civileme just posted. It is time for Praedor to put the crack pipe down, and try some of these suggestions. After all, he is only trying to give a host a hostname. Just think of the fun he will have when he attempts to do some node clustering :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hostname and postfix
daRcmaTTeR wrote: J. Craig Woods wrote: Praedor, you need to help us understand why you can not complete the simple task of naming a machine. Maybe you can send us some log file entries that give us specific errors messages... drjung drjung, may he hasn't thought of one that he likes yet. maybe it's something unconcious about the name that screws everthing up. maybe it's something freudian. maybe I just have too much time on my hands and I'm full of shit! ;) Mark a.k.a. daRcmaTTeR Hmmm, yes, Mark, you just might be right about all your suppositions except one: it seems to be a more jungian issue than a freudian issue. I would surmise that his libido is not the source of his problem but it is very possible that there is an enery blockage at a deeper level, most likely at the collective unconcsious level. Now, I ask you, who has too much fucking time on his hands, and it's ticking away... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hostname and postfix
Todd Lyons wrote: Praedor Tempus wrote on Sun, Jun 23, 2002 at 04:18:14PM -0500 : OK, I want to change the name of my laptop from the default localhost.localdomain to lapdog.ravenhome.net. Looking at the manpage for hostname, it mentions: /etc/init.d/boot, /etc/hostname, and /etc/rc.d/rc.inet1 as where/how hostname is set. Uh-uh! Does not does not! vi /etc/sysconfig/network HOSTNAME=lapdog.ravenhome.net DOMAINNAME=ravenhome.net Note that you either need to have: 1) a DNS server that returns authoritative info for the ravenhome.net domain, especially the host lapdog. If you are using 192.168.* or 10.* or 172.16/20 IP addresses, then you need to have a nameserver that provides different answers based on where the name query originates from. -OR- 2) Configure it in /etc/hosts of all machines that need to access it directly. I think Praedor has seen all these answers before but I am not sure if he is following all the steps. Try the above again, and do not forget to *add* (not replace) to file /etc/hosts the fqdn. Maybe this time, if it does not work, you can provide us with specific error msgs in your logs. Go get em, tiger drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net Art is the illusion of spontaneity Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mandrake Timezone/Date Problems
Ashley Reynolds wrote: On Thu, 20 Jun 2002, James wrote: Where my brother is people aren't in abundance. His nearest neighbor is about 1-2 kilometers away from him. Heck He can even get one channel on the TV (They should have cable in a few months but don't hold your breath.) Yes in some places the world can be very far away. The town where the ISP is located actually only has one number. He says it's rarely busy. James, Personally, I would _love_ that degree of solitude. :) James Ashley Yes, Ashley, that kind of solitude would be nice but you must ask yourself one very important question: can this person run a uname -a on his machine, and get the current system time to be in the output? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] pros and cons of mandrake
et wrote: heck I wish I coulda figgured out how to take off the frag I was accused of durring Veit Nam, coulda saved a lotta time for me the first day of the Court Marshal opening statements; first you frag the a$$hole officer in his sleep, then run defrag durring the trial, everything is all right now... is that the correct order of events, Sargent? Oh yes sir, micksofts defrag makes everything all right, and run faster too. You are one sick puppy, et. Hell, if you had to frag one green LT, only in country for a few short days or weeks, you can have my medals (which ain't too many). drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Replacing a MS SQL Server
Jerry Kreps wrote: On Friday 21 June 2002 01:08 pm, [EMAIL PROTECTED] wrote: Hello, I've got a client who has a Windows app that runs ODBC connections to a file server. The software company wants the client to set up a MS SQL server to supposedly fix the problems we are having. I'm a little familiar with MySQL, but is it a direct drop-in replacement for MS' product? I need connectivity to Win2k workstations. Ideas? Bob IMO, PostgreSQL is a better, more powerful RDBMS, that includes transaction tracking, commit and rollback, inheritance, etc It includes a lot of features that MySQL only has useless stubs for. The stubs only maintain 'compatibility' with ANSI standards by not blowing up if a script tries to use them. You won't find a 'drop-in' replacement for MS SQL (it's propriatary, including formats), but IF you can export our of your old system to a tab delimited or CVS file, then you can import into PostgreSQL. I would have to ditto what Jerry has stated here. If it is an enterprise solution you seek for your RDBMS, MySQL most likely will come up a bit short. Having worked with both MS SQL and Oracle, PostgreSQL is about the only open source database that will come close to meeting your needs. You can, however, look at Oracle 8i. There is a free version for Linux. I forget where I downloaded the bin from but a search on google should reveal something. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] cpp0 not found
Wolfgang Bornath wrote: Thanks for answering. I just found that I missed that one RPM during installation. Should have found that by myself before writing to the list! wobo -- That's ok, wobo. It could happen to anybody. Just don't let it happen again. The next time we'll take your birthdays away :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] cpp0 not found
Wolfgang Bornath wrote: On Sat, Jun 15, 2002 at 09:34 -0500, J. Craig Woods wrote: Wolfgang Bornath wrote: Thanks for answering. I just found that I missed that one RPM during installation. Should have found that by myself before writing to the list! wobo -- That's ok, wobo. It could happen to anybody. Just don't let it happen again. The next time we'll take your birthdays away :-) All 78 ? Naw, you can keep them. It would be only those yet to come... drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Question on setting Video Ram for onboard Video.
James wrote: All, I've got an ASUS TUSL-2 Mobo with the i815 onboard video chipset. Mandrake detects and runs it without a hitch. But in my often vain attempts to figure out why it freezes' or suddenly drops out (especially after a long period of non use.) I found out that it's only being allocated 16megs of ram. Now according to the manual it can share up to 64 megs. I've got 384 megs on the box so, per the manual, I set the video ram at 64 megs, in BIOS. No other settings are available there. But it still shares only 16 megs (Note it was set to 64 during install and I couldn't find a place to set anything different, even in MCC.)I checked the XF86Config-4 file (running 4.2.0 XFree86 with video acceleration ) and under display VideoRam is commented out. When I set this to 65536 I can no longer boot into X . I then tried setting it to 32 megs in BIOS and in the XF86Config-4 ... same results. I then just for kicks tried to set it to 16 ... same results. Only when it is commeted out can I boot to X. How do I correctly pass to X the fact that it should use a larger Video RAM setting, or is this hard coded? Thanks, James I don't think you will be able to set the ram parameter for v-ram in your config file. It is commented out because it is for use when the video card has dedicated ram on the card itself. If you have done all you can do, to share 64MB in the bios, then you may be looking at a hardware problem. Be as observant as possible in looking for extra video setting in the bios. It looks like your bios is telling you one thing about video ram allocation, and your OS is telling you something different all together. Have you looked for a newer bios version that you can flash. Check out mobo/bios home page. Maybe some extra info there. Good luck, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] perm.local being ignored by msec?
David Guntner wrote: Ok, I've read the information at http://www.mandrakesecure.net/en/docs/msec.php and saw the information regarding /etc/security/msec/perm.local. I've created one, and put: /home/* current 755 in it. Then I ran msec (I'm currently at level 3, BTW). When I look in my syslog, it shows that it's reading parameters from perm.3, but no mention of perm.local - also, /home/* directories are still set as mode 711. What am I missing here to get msec to actually follow the instructions in perm.local? Dave, what is the current entry for in your perm.local? Do you want every subdirectory of /home to have 755 perms? Not sure about that wild card but you might try: /home/* some_owner.some_group 755 or give path for all directories: /home/directory1/ some_owner.some_group 755 /home/directory2/ some_owner.some_group 755 /home/directory3/ some_owner.some_group 755 etc, etc, Example from my perm.local: /home/cdburn/ root.cwoods 777 /home/exports/root.cwoods 777 Hey! It works. Cheers, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] make a perfect mail server in a non perfect network
faisal gillani wrote: hey Allah is not my name Allah-hu-kaber mean god is the greatest .. :) anyway thanks for the reply take care Faisal --- James [EMAIL PROTECTED] wrote: Allah, In webmin they have tools for Sendmail, postfix and qmail (maybe Oh crap! Now you have went and done it, James! drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] unsubsribe expert
Lyvim Xaphir wrote: On Thu, 2002-06-06 at 02:13, James wrote: On Thu, 06 Jun 2002 04:05:42 + Steven Boothe [EMAIL PROTECTED] wrote: u Did I miss something in the above message? James You missed nothing. Hehehe ;) LX Logically speaking, that is not possible. Just ask yourself, how can I miss nothing? If it was nothing, you can never state with any certainty that you missed it. Yes, it is back to quantum physics, and you can never state with certainty where an electron is to be located either (now, tell me LX, is this a cheap way to test if I can post today or not?) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Printing to Win2K fails
Jeremy Mereness wrote: I'm having a terrible time printing from my Mandrake 8.2 system to an OfficeJet K60 spooled on Win2K. I use SMB to print. Sometimes it works, sometimes it just doesn't; the pattern has been completely random. When it doesn't work, the document will appear briefly in my Win2K queue but disappears with no printer activity before any page or size data comes in. As best I can tell from my packet sniffer, the connection is established but no actual data passes through. I expect Win2K to give me little or no diagnostics, and it doesn't. But neither does the Samba system on Linux. All I (sometimes) get is the Cupsomatic filter stopping with status 32 just after the samba backend starts up. When printing DOES work, however, it performs brilliantly, and I do everything reasonable to maintain whatever settings and configurations I made to accomplish it. But a week and a restart later, nothing. SMB works fine for file sharing, however. Absolutely no problems reading-writing a shared directory on the Win2K pc. And I tried going the other direction: setting up Win2K to accept LPD connections from Unix. That didn't work either;. Win2K complains Linux sends it illegal instructions over the port and rejects the job. Any ideas? Are you using cups as your print server? You should see some info in /var/log/samba (and /var/log/cups, if cups is in use), and, if not there, suspect a windows side error. It is not uncommon for windows to screw up when accepting jobs to be spooled from a samba/cups server. The first thing I usually check to see, on the windows side, is to make sure bidirectional support is enabled. Windows seems to lose this setting about every other job submission from samba and cups. The common pratice is to suspect windows first, and you will usually find your errors there about 97.5% of the time. Hope it helps, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] can no longer post (without undue pain)
gianpaolo racca wrote: On Saturday 01 June 2002 19:58, J. Craig Woods wrote: WRONG AGAIN! The mail server, smtp.mandrax.org is not, repeat *NOT*, doing a reverse dns lookup on ip addresses (please see my *many* posts on this issue). So what's the meaning of this message? [EMAIL PROTECTED]: host smtp.mandrax.org[63.209.80.243] said: 450 Client host rejected: cannot find your hostname, [111.222.333.444] my public IP has obviously been hidden Good thing you hid that ip address. I had to move my eyeballs all the way up to the headers to see it :-) What smtp.mandrax.org is doing is a *FORWARD* lookup. In essence, it ran a nslookup your-hostname.domain, and this is what it got: [drjung@sherman drjung]$ nslookup simpson.preciso.net Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 192.168.0.6 Address:192.168.0.6#53 ** server can't find simpson.preciso.net: NXDOMAIN You see, you do not exist, so mandrax, rightly so, is not allowing mail from you. You do not exist when I look you up on a dns server that is out on the internet too: [drjung@sherman drjung]$ nslookup -sil simpson.preciso.net 4.2.2.1 Server: 4.2.2.1 Address:4.2.2.1#53 ** server can't find simpson.preciso.net: NXDOMAIN If you want to send mail to smtp.mandrax.org, you must first make sure you register your domain name, and you must then have that name in the address space of a dns server running on the internet (just ask Pierre about this...grin). Some public dns server needs to point to your hostname. I might be best to read up on domains, hostnames, and dns records. Good luck, drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] realtec 8139
hans schneidhofer wrote: Destination host unreachable the route shows this here : Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.0.0.0* 255.255.255.0 U 0 0 0 eth0 192.168.10.0* 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo so it seems to be okay. but why can't I get a connection ? Hans, something is really screwy with your setup. You can not have the eth1 set to 127.0.0.0. This is a unique ip address for use on the loopback device (lo). And you show your lo with no ip address. Let's start all over: Which device is your external nic? Get it set up with a public (internet) address. Which device is your internal nic? Get is set up with a private ip address for your network (LAN), such as class C 192.168.0.0/16. Get your lo device back to ip address 127.0.0.1 All of the above plus more should be done. Maybe you should go for a new install of all network components. You will not have any connectivity, TCP/IP or otherwise, until you can get this network stuff fixed... Good luck, -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] realtec 8139
Brandon Long wrote: realize that he is showing the kernel routing table, not the ip addresses. You can see that his machines networking seems set up properly by his ifconfig display. Have you tried plugging a crossover cable into the nics to see if there is cable trouble? On Monday 10 June 2002 05:21 am, Mark Van Bruggen wrote: On 10/06/2002, The following message was beamed across the Internet: hans schneidhofer wrote: Destination host unreachable the route shows this here : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0* 255.255.255.0 U 0 0 0 eth0 192.168.10.0* 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo so it seems to be okay. but why can't I get a connection ? Brandon, are you serious? You think having the network address 127.0.0.0 binded to device eth1 is proper? Whew! Dude, better check out some documents on networking. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] more realtec 8139
Brandon Long wrote: realize that he is showing the kernel routing table, not the ip addresses. You can see that his machines networking seems set up properly by his ifconfig display. Have you tried plugging a crossover cable into the nics to see if there is cable trouble? The following message was beamed across the Internet: hans schneidhofer wrote: Destination host unreachable the route shows this here : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0* 255.255.255.0 U 0 0 0 eth0 192.168.10.0* 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo so it seems to be okay. but why can't I get a connection ? You must be joking, right! You can not possibly think that having the network address 127.0.0.0 binding on device eth1 is proper! What, might I ask, do you do for a living. I hope it is not networking... drjung, J. Craig Woods UNIX/Linux Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
