[expert] Changing MSEC Default Settings in Mandrake 9.1
I'm finding that some of the more secure MSEC levels on Mandrake (msec level=4) are useful for the box that I have continuously connected to the net. However, I'd really like to change some of the default settings such as shell timeouts or even create a new custom level. Can anyone point me in the direction on how to customize MSEC. I've tried googling for documentation, but couldn't find anything useful. Hopefully it's as simple as creating or editing a properties configuration file and not editing the python scripts I found in /usr/share/msec. Thanks! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] NEdit file opening acting strangely on Mandrake 9.1
I've been seeing some strangeness with NEdit on Mandrake 9.1 whenever I use File-Open from an already open edit window (which has a loaded file) to open another file. When the second window opens, it looks normal, but any interaction with it is impossible -- menus do not work, and the actual editing portion of the window will not permit changes of any kind or even highlighting. It acts very much like the application has locked up. However, the first window still permits editing, and when you finally close the first window, the second window, which remains, then permits editing. If you continue this -- opening another, then closing the working window to make the non-interactive one interactive -- you will eventually reach a point where when you do open a secondary window, that window will *allow* editing interaction on the opened file. This usually occurs after the 4th or 5th file. I've seen this problem now on at least three different machines, and recompiling nedit from the original source doesn't seem to clear up the problem, so I'm fairly certain that this has something to do with some type of Mandrake configuration for version 9.1. Maybe one of the libraries it uses?: libXm.so.2 = /usr/X11R6/lib/libXm.so.2 (0x40027000) libXp.so.6 = /usr/X11R6/lib/libXp.so.6 (0x401a3000) libXpm.so.4 = /usr/X11R6/lib/libXpm.so.4 (0x401ab000) libXext.so.6 = /usr/X11R6/lib/libXext.so.6 (0x401ba000) libXt.so.6 = /usr/X11R6/lib/libXt.so.6 (0x401c9000) libSM.so.6 = /usr/X11R6/lib/libSM.so.6 (0x4021b000) libICE.so.6 = /usr/X11R6/lib/libICE.so.6 (0x40224000) libX11.so.6 = /usr/X11R6/lib/libX11.so.6 (0x4023b000) libm.so.6 = /lib/i686/libm.so.6 (0x4031a000) libc.so.6 = /lib/i686/libc.so.6 (0x4033c000) libdl.so.2 = /lib/libdl.so.2 (0x4047) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) If anyone else has seen this problem and knows how to fix it, I would be very grateful. Thanks! ROB Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
For the record and for those that are interested, it looks like the problem *was* kernel-level. I was running 2.4.18-6mdk, and the problem seems to have been fixed (see the package changes for the RPM regarding smbfs) in the 2.4.18-7mdk and later kernels (I grabbed the 2.4.18-8mdk one). The problem still appears to be there at first, but after I used the umount -l command, it took a few moments, but the unmountable mountpoint went away. Yay! Nevertheless, I still think this is an unacceptable way to handle such a problem, but at least I won't have to reboot anymore. Thanks to all who threw ideas my way. ROB Rob Gillen wrote: I've seen a problem for many different versions (latest 8.2) of Mandrake with Samba before, and I may have even inquired about it before. Whether it is a problem with Samba I have no idea, but I suspect not. I'm trying to get some info/advice about what might be potentially the problem before going to Samba mailing lists to query them. Some of you might already be familiar with the strange way that Linux will often disallow umount-ing or listing directory contents of a mounted smb share, returning the error text, Input/output error. I believe this error happens when a smb share is mounted, then that remote share is removed. This is a seriously annoying problem, because restarting Samba does not solve the problem, nor does changing runlevels. Which is why I think it may be a kernel-level problem. I have tried changing the runlevel to [S]ingle level user, which is running pretty much nothing save kernel processes and a simple shell. At this level, a 'mount' command still shows the shares to be mounted, and also at this level it is still impossible to umount them. The only solution that I have found so far is rebooting, which I think is an unacceptable way to handle such a problem. snip Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
Thanks for the input James. I've actually tried some of the stuff that you mentioned. When I experience the problem, the CPU isn't being taxed in any way. Also, the mount point for the share is not removed and cannot be removed because the system thinks that the directory is already mounted (busy). Restarting Samba doesn't change this status at all. As I said earlier, it most likely is not a Samba problem. It seemed to be more of a problem in the kernel, as that is where I expect filesystem mounting is tracked, etc. Rob James Sparenberg wrote: this is neither a fix or a reason. But it might enable you to fix the situation without a reboot. It sounds like what happened was that samba was desperately trying to access a non-existent share and took up all of your CPU cycles, thereby fuzzing up your DHCPD. What I would do is. 1. touch or otherwise recreate the share/directory that was removed so that samba can find something. 2. Umount the share 3. remove it from being automounted if that is being done. 4. restart Samba 5. Make sure it didn't try and remount it again. 6. Remove the share/directory from the other box. This isn't a fix but a work around for keeping your system running. Then I'd go to the Samba site and report this as a bug with as much detail as you have provided here. (Maybe include Samba version etc.) It's definitely not catching an error and putting itself into a loop of some kind. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
This worked the first time that I tried it, but there are cases when it does not work. For example, if after mounting a Windows share the connection gets broken, the mount will not work, and you might see things like command-line lockups during directory listings, etc. At this point, I believe you can successfully use a umount -l to unmount it. When I tried it, the mount was not immediately removed from the list of mounted filesystems via the mount command. I probably moved too fast trying to figure out what was going on, because I shot back to runlevel 1 (from 5), and it is from there that I noticed that the mount point was no longer listed with the mount command. Now, if instead of immediately using umount -l after the network connection is broken you decide to restart the Samba server daemons, then you will be unable to use the mount -l command. Here is a script output of what I see when I try this (runlevel 1 after Samba restart): - bash-2.05# mount /dev/hda1 on / type ext3 (rw) none on /proc type proc (rw) none on /dev type devfs (rw) none on /dev/pts type devpts (rw,mode=0620) none on /dev/shm type tmpfs (rw) /dev/hda8 on /home type ext3 (rw) /mnt/cdrom on /mnt/cdrom type supermount (ro,dev=/dev/hdc,fs=iso9660,--,iocharset=iso8859-1) /mnt/floppy on /mnt/floppy type supermount (rw,sync,dev=/dev/fd0,fs=vfat,--,iocharset=iso8859-1,codepage=850) /mnt/zip on /mnt/zip type supermount (rw,sync,dev=/dev/sdb4,fs=vfat,--,iocharset=iso8859-1,codepage=850) /dev/sda5 on /opt type ext3 (rw) /dev/hdb1 on /pub type ext3 (rw) /dev/hda6 on /usr type ext3 (rw) /dev/hda7 on /var type ext3 (rw) none on /proc/bus/usb type usbdevfs (rw,devmode=0664,devgid=43) //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# umount /home/borgille/mnt/RGILLEN/share umount: /home/borgille/mnt/RGILLEN/share: not found bash-2.05# umount -l /home/borgille/mnt/RGILLEN/share umount: /home/borgille/mnt/RGILLEN/share: not found - One note here that may not be evident is that the mount point did exist. ROB PlugHead wrote: I have this problem all the time: 'umount /mount/point -l' should do the trick. -Jason (And once again, my first post on the topic was dropped... grr...) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
I imagine you wanted to grep the output of ps to find the smbd server,
but at runlevel 1 nothing is really running (by default). I get pretty
much the same thing from ps when I have the problem and when I do not.
The first listing is with the problem (telinit 1 first). The second
listing is after a reboot into runlevel 1:
---
bash-2.05# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1424 380 ?SJul15 0:03 init
root 2 0.0 0.0 00 ?SW Jul15 0:03 [keventd]
root 3 0.0 0.0 00 ?SW Jul15 0:00 [kapmd]
root 4 0.0 0.0 00 ?SWN Jul15 0:01
[ksoftirqd_CPU0]
root 5 0.0 0.0 00 ?SW Jul15 1:14 [kswapd]
root 6 0.0 0.0 00 ?SW Jul15 0:00 [bdflush]
root 7 0.0 0.0 00 ?SW Jul15 0:00 [kupdated]
root 8 0.0 0.0 00 ?SW Jul15 0:00
[mdrecoveryd]
root14 0.0 0.0 00 ?SW Jul15 0:00 [scsi_eh_0]
root17 0.0 0.0 00 ?SW Jul15 0:01 [kjournald]
root 247 0.0 0.0 00 ?SW Jul15 0:00 [kjournald]
root 250 0.0 0.0 00 ?SW Jul15 0:00 [kjournald]
root 251 0.0 0.0 00 ?SW Jul15 0:01 [kjournald]
root 252 0.0 0.0 00 ?SW Jul15 0:04 [kjournald]
root 253 0.0 0.0 00 ?SW Jul15 0:03 [kjournald]
root 8844 0.0 0.1 1424 404 tty1 S18:28 0:00 init
root 8845 0.0 0.4 2312 1212 tty1 S18:28 0:00 /bin/sh
root 8846 0.0 0.1 1392 456 tty1 S18:29 0:00 script -f
/pub/rl
root 8847 0.2 0.1 1400 500 tty1 S18:29 0:00 script -f
/pub/rl
root 8848 0.5 0.4 2296 1160 pts/0S18:29 0:00 bash -i
root 8849 0.0 0.2 2620 696 pts/0R18:29 0:00 ps aux
---
bash-2.05# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 5.0 0.1 1412 508 ?S18:53 0:03 init
root 2 0.0 0.0 00 ?SW 18:53 0:00 [keventd]
root 3 0.0 0.0 00 ?SW 18:53 0:00 [kapmd]
root 4 0.0 0.0 00 ?SWN 18:53 0:00
[ksoftirqd_CPU0]
root 5 0.0 0.0 00 ?SW 18:53 0:00 [kswapd]
root 6 0.0 0.0 00 ?SW 18:53 0:00 [bdflush]
root 7 0.0 0.0 00 ?SW 18:53 0:00 [kupdated]
root 8 0.0 0.0 00 ?SW 18:53 0:00
[mdrecoveryd]
root14 0.0 0.0 00 ?SW 18:53 0:00 [scsi_eh_0]
root17 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 242 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 245 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 246 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 247 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 248 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 575 0.0 0.1 1412 508 tty1 S18:53 0:00 init
root 576 0.1 0.4 2312 1208 tty1 S18:53 0:00 /bin/sh
root 577 0.0 0.1 1392 456 tty1 S18:54 0:00 script
/pub/rlev1
root 578 0.0 0.1 1400 500 tty1 S18:54 0:00 script
/pub/rlev1
root 579 0.2 0.4 2296 1160 pts/0S18:54 0:00 bash -i
root 580 0.0 0.2 2620 696 pts/0R18:54 0:00 ps aux
---
They are identical for all intents and purposes.
et wrote:
can you reboot to run level 1? ie.; at lilo first prompt, type linux 1
without the quotes? and try the same thing? or post the output from ps aux |
grep sm or try a kill -9 {pidofwhatevercomesup} from theprevious command :
ps aux | grep sm without the quotes and without { }.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
, but in my scenario here at the office, I can connect to a smb share on the Mandrake box from the Win2K one. ROB J. Craig Woods wrote: Rob Gillen wrote: I do not believe this is a samba bug per se. It does, however, point out some things you should be aware of in regards to any *nix type system. When you mount a remote directory, using ether the smbmount or mount -t smbfs commands, you have called a daemon to run on your linux machine. This daemon is spawned by the command /usr/bin/smbmount, and it will run until you umount your remote directory. Now you are saying that someone comes along, and kills the machine you have mounted the remote directory from. The problem now is not samba: it is that you have a daemon running that can no longer make a connection to the dead machine. You can restart the samba services until hell freezes over but it will not help you. You must stop the samba mount daemon that is running. If I have a remote directory mounted via smbmount on my linux machine, and I do a ps -aux | grep mount, I will see the daemon. In my case it looks like this: snip Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
Hi Todd, Actually, if smbd is responsible for inbound smb requests, then it probably isn't relevant. My problem occurs when I connect to a Windows machine from my Mandrake machine, and then lose the network connection between them (power loss, windows machine removed from network, routing problems, etc.). But the real problem doesn't occur until after restarting the Samba daemons when the network connection is broken. I know, the easiest way to fix this problem is to avoid restarting Samba. But, I am really only using that example to demonstrate what I believe is a bigger problem, but whether or not it occurs with a generic kernel or a Mandrake one, I do not know (yet). Also, using 'umount -f' does not work after the Samba restart. Whether it works prior to that, I'm not sure (haven't had time to check). The following is a clip from a script capture trying it out (along with a few other things): -- bash-2.05# mount | grep smbfs //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# ls /home/borgille/mnt/RGILLEN/shared ls: /home/borgille/mnt/RGILLEN/shared: Input/output error bash-2.05# umount -f /home/borgille/mnt/RGILLEN/shared umount2: Device or resource busy umount: //RGILLEN/shared: not found umount: /home/borgille/mnt/RGILLEN/shared: Illegal seek bash-2.05# umount -l /home/borgille/mnt/RGILLEN/shared bash-2.05# mount | grep smbfs //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# umount -f /home/borgille/mnt/RGILLEN/shared umount2: Invalid argument umount: //RGILLEN/shared: not found umount: /home/borgille/mnt/RGILLEN/shared: Illegal seek bash-2.05# rmdir /home/borgille/mnt/RGILLEN/shared/ bash-2.05# umount -f /home/borgille/mnt/RGILLEN/shared umount2: No such file or directory umount: //RGILLEN/shared: not found umount: /home/borgille/mnt/RGILLEN/shared: Illegal seek -- ROB Todd Lyons wrote: Rob Gillen wrote on Mon, Jul 29, 2002 at 05:42:12PM -0400 : Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. At that point, both Samba daemons, smbd and nmbd, are not running (checked using ps). If I try to do a 'ls' on the mounted directory, I get an Input/output error. If I try to umount it, I get a Doesn't matter if smbd is running. This is a MOUNT. It is handled directly by the kernel for outbound samba requests for accessing a remote Samba or NT or Windows share. smbd is a program that runs in userland that provides a service for inbound samba requests where the program LOOKS like an NT server. (I believe) Device busy error, which means that I will not be able to unmount it. If I try to use fuser to see what is holding it up, I get //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) umount -f /home/borgille/mnt/RGILLEN/shared Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Unmountable Samba mounts and other oddities
I've seen a problem for many different versions (latest 8.2) of Mandrake with Samba before, and I may have even inquired about it before. Whether it is a problem with Samba I have no idea, but I suspect not. I'm trying to get some info/advice about what might be potentially the problem before going to Samba mailing lists to query them. Some of you might already be familiar with the strange way that Linux will often disallow umount-ing or listing directory contents of a mounted smb share, returning the error text, Input/output error. I believe this error happens when a smb share is mounted, then that remote share is removed. This is a seriously annoying problem, because restarting Samba does not solve the problem, nor does changing runlevels. Which is why I think it may be a kernel-level problem. I have tried changing the runlevel to [S]ingle level user, which is running pretty much nothing save kernel processes and a simple shell. At this level, a 'mount' command still shows the shares to be mounted, and also at this level it is still impossible to umount them. The only solution that I have found so far is rebooting, which I think is an unacceptable way to handle such a problem. Now the interesting part. During the time that I could not remove the unmountable mounted smb shares, the dhcpd daemon also seemed to start malfunctioning. On the Mandrake box, everything seemed fine (that is, I restarted the dhcpd daemon which had no complaints during the restart). But none of the other machines that get served on the network from it were getting addresses. Unfortunately, I wasn't able to sniff packets, so I don't know what kind of communication (or lack thereof) was occurring. It was a frustrating exercise trying to figure out why my other boxes were not getting addresses. Strangely enough, when I rebooted the Mandrake box again, everything worked as normal -- the other boxes got their IP addresses fine. I don't know for sure if the dhcpd thing was related to the smb mount problem, but I'll try to repeat the problem and see if it recurs. If anybody has seen the same problem or something similar, I would appreciate it if you could share how you resolved it. Thanks, Rob Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Using X over SSH
You might want to try removing those lines in your hosts.allow on your RedHat machine and replace it with only this line: sshd : ALL That will allow TCP connections to sshd on all of your network interfaces. Of course, if you want to limit SSH connections to only those from caltig, then you can change the ALL to caltig. Not sure if what you had is actually legal (there is no ALLOW operator). You can check with the tcpwrappers man page for more info (man hosts.allow). Also, you probably don't need the sshdfwd-* stuff in there. As far as I know, all the forwarding functionality is built into sshd. Rob Chuck Lalli wrote: I have read all the relevant messages over the past year and still cannot get this to work. I can run command line and text stuff, edited my files with vi for example over ssh but X does not work at all. I have a RH7.2 server I am trying to SSH into from my MANDRAKE 8.2 box. On both I have sshd_config and ssh_config set to allow X forwarding. caltig is the Mandrake box, simplesolutions is the RH box here is the output cal@caltig cal]$ ssh xxx.xxx.xxx.xxx [EMAIL PROTECTED]'s password: Last login: Sat Jul 20 12:14:58 2002 from dslxxx-xxx-xxx-.xx [cal@simplesolutions cal]$ xterm (SEVERAL MINUTE WAIT) xterm Xt error: Can't open display: simplesolutions.com:10.0 In /etc/hosts.allow I have entered as recommended by someone last October on this list sshd : ALL : ALLOW sshdfwd-X11 : ALL : ALLOW sshdfwd-port : ALL : ALLOW I am running the mandrake box from behind a dlink dsl router and the RH box is on a separate static IP, but from what I understand this should not matter. If anyone can help me I really appreciate it Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Miscellaneous 8.2 Terminal Hangs
I've tried to query all of you gurus before regarding various hangs on my system, but as far as I can tell, nobody has replied to my question. So, I'll give it a go again. I've read everything on the mailing list that was written in the last three months about system hangs and freezes with both 8.1 and 8.2, but none have addressed the problem that I have been seeing. Most have described complete system freezes where nothing could be done besides a reboot, but what I am seeing is a bit different. I have installed 8.2 on a Dell Precision 410 (Pentium III - 500). Everything works fine for a while, and then within a period of 24 to 72 hours, the system develops a strange disregard for any terminal / shell sessions. Interestingly, I had a similar problem with 7.2 on the same model machine, and it went away, but I have no idea what cured it. The strange thing about this is that any current terminal sessions that are in progress have no problems, and I can do any normal command-line work without problems. If I am logged into a window manager such as KDE, I also have no problem starting applications from icons as long as they do not require a shell to begin or to work properly. If I am using a shell when this anomaly occurs, and I try to su to another user, it will try to start another shell, but will hang. At first I thought that the problem might be related to something with the network. But when I am waiting for the hanging shell, I can browse the web, etc. Another interesting bit is that I can ssh into the machine, and will be given a login prompt, but as soon as ssh tries to invoke a shell, the login hangs. I am really at a loss as to what the problem might be. It seems to be related to shells acquiring a tty, but I'm not sure about that. Now that I think of it, next time this happens, if I have a terminal open, I'll try to do a strace on a new shell session to see where the hangup occurs. Any other ideas would be greatly appreciated. One other thing that might be related is the fact that I've had problems shutting the system down cleanly. The entire shutdown process gets hung up when it tries to umount the /net subdirectory. I turned off amd, and so far that seems to have helped, but I only made that change yesterday, so I cannot be completely sure. I'm not sure how experienced some people on this list are with deep problems like this. The silence from the last one leaves me to believe that either nobody has a clue or that nobody is interested (because nobody else has experienced the same problem -- at least nobody has described the same problem). Either way, if I figure it out, I'll try to detail what the problem was and how to resolve it. Rob Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Miscellaneous 8.2 Terminal Hangs
bash and msec level = 3 If I remember, I'll try using a different shell to see if that makes a difference. Rob et wrote: what shell are you using? (bash? korn?) what Msec level are you at? On Wednesday 03 July 2002 01:35 pm, you wrote: I've tried to query all of you gurus before regarding various hangs on my system, but as far as I can tell, nobody has replied to my question. So, I'll give it a go again. I've read everything on the mailing list that was written in the last three months about system hangs and freezes with both 8.1 and 8.2, but none have addressed the problem that I have been seeing. Most have described complete system freezes where nothing could be done besides a reboot, but what I am seeing is a bit different. I have installed 8.2 on a Dell Precision 410 (Pentium III - 500). Everything works fine for a while, and then within a period of 24 to 72 hours, the system develops a strange disregard for any terminal / shell sessions. Interestingly, I had a similar problem with 7.2 on the same model machine, and it went away, but I have no idea what cured it. The strange thing about this is that any current terminal sessions that are in progress have no problems, and I can do any normal command-line work without problems. If I am logged into a window manager such as KDE, I also have no problem starting applications from icons as long as they do not require a shell to begin or to work properly. If I am using a shell when this anomaly occurs, and I try to su to another user, it will try to start another shell, but will hang. At first I thought that the problem might be related to something with the network. But when I am waiting for the hanging shell, I can browse the web, etc. Another interesting bit is that I can ssh into the machine, and will be given a login prompt, but as soon as ssh tries to invoke a shell, the login hangs. I am really at a loss as to what the problem might be. It seems to be related to shells acquiring a tty, but I'm not sure about that. Now that I think of it, next time this happens, if I have a terminal open, I'll try to do a strace on a new shell session to see where the hangup occurs. Any other ideas would be greatly appreciated. One other thing that might be related is the fact that I've had problems shutting the system down cleanly. The entire shutdown process gets hung up when it tries to umount the /net subdirectory. I turned off amd, and so far that seems to have helped, but I only made that change yesterday, so I cannot be completely sure. I'm not sure how experienced some people on this list are with deep problems like this. The silence from the last one leaves me to believe that either nobody has a clue or that nobody is interested (because nobody else has experienced the same problem -- at least nobody has described the same problem). Either way, if I figure it out, I'll try to detail what the problem was and how to resolve it. Rob Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Miscellaneous 8.2 Terminal Hangs
I believe that all the users on my system (there are only a handful) use the default shell (bash) that would be set by using the useradd command. And as far as restricting the users that can login via ssh, well, I haven't used the AllowUsers keyword in sshd_config, if that is what you mean. Is any of that related to the problem that I've been experiencing? By the way, I've checked the system memory using memtest-x86 and came out with flying colors, so I guess that would most likely eminate that as a potential source of problems. ROB J. Craig Woods wrote: et wrote: what shell are you using? (bash? korn?) what Msec level are you at? And just as importantly: what shell have you set up for the users that you are trying to su to? Make sure all user that ssh in, and users you might su to, are setup with a default shell... On Wednesday 03 July 2002 01:35 pm, you wrote: I've tried to query all of you gurus before regarding various hangs on my system, but as far as I can tell, nobody has replied to my question. So, I'll give it a go again. I've read everything on the mailing list that was written in the last three months about system hangs and freezes with both 8.1 and 8.2, but none have addressed the problem that I have been seeing. Most have described complete system freezes where nothing could be done besides a reboot, but what I am seeing is a bit different. drjung Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Lockups
Does anyone have a clue about why performing a stat() on a file would cause it to lock up? I was getting some strange behavior from my system in that my KDE Konsole would lock up sometimes when performing certain operations such as find, ps, ls, stat, etc. -- basically anything that touched certain files. So, I tried using the command 'strace ps -ef' to find out what was hanging up the command, and discovered that the trace locked up on a stat64() call. It was attempting to stat /dev/tty1 which is a soft link to /dev/vc/1. If I tried to stat or even list any of the tty* files, I got the same result. Note that this problem persists not only in Konsole, but in any terminal, including the Linux virtual consoles. It's a really strange problem, so any ideas to figure it out would be great. ROB Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Apache - how to run things in cgi-bin subdirectories?
Just out of curiosity, did you make sure that the permissions and ownership are correct on your /var/www/cgi-bin/wcal directory? I believe that it should be owned by apache and set to 755 perms. Rob David Guntner wrote: I've got a web calendar application that I'm trying to install on my server, but I'm having a bit of a snag. I want to stall the various perl scripts in /var/www/cgi-bin/wcal, so that I can then access it with http://localhost/cgi-bin/wcal/wcal.pl. Problem is, when I try to do that, I get a you don't have permission to access /cgi-bin/wcal/wcal.pl on this server. Just goofing around, I tried copying wcal.pl directly into the cgi-bin directory itself, and a http://localhost/cgi-bin/wcal.pl attempt actually got a sign-in display page (it wasn't displayed correctly, since it was pointing to the wrong places at that point). So Apache definitely seems to know what to do with .pl scripts, but it doesn't want me to run them from a subdirectory under cgi-bin. I'm sure this is probably just a configuration item in httpd.conf or commonhttpd.conf, but I'm not sure what needs to be set (or in which file). Anyone have any ideas? --Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] newbie help with iptables
I've mentioned this before, but you might also want to check out some example firewalling scripts which would probably enlighten you a bit more than just simply reading the iptables documentation. There are some good ones here: http://www.linuxguruz.org/iptables Probably the one that I liked the most had lots of comments and was somewhat more organized than a lot of other scripts that I have looked at. That one can be found here: http://www.linuxguruz.org/iptables/scripts/rc.firewall_023.txt BTW, if you are running a simple in-house network where you aren't overly concerned about internal attacks, you could just allow all local TCP packets through your firewall. You probably will want to block all connections to X (port 6000) from the external world though. Something like this will allow everything on your LAN to pass through the firewall. INTIF=eth1# network interface connected to your LAN INTNET=192.168.1.0 # network associated with your LAN /sbin/iptables -A INPUT -i $INTIF -s $INTNET -j ACCEPT /sbin/iptables -A INPUT -s $INTNET -j DROP# dump anything else claiming to be on LAN --Rob Mitchell, Edmund wrote: Hello all I'm new to iptables, (and no hotshot with Linux, either), so I'm hoping someone can point me in a good direction for some docs on iptables basics - I just need to get it to accept tcp packets from port 6000, and I don't know the necessary voodoo. Thanks Edmund Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] NAT/Firewalling/ICS with Iptables
I suppose that some Linux GUI firewalling tools out there might try to do some funky things such as loading RPMs for ipchains. Unfortunately, since I have found most GUI tools to be mostly just a layer on top of the ipchains/iptables commands, they mostly seemed like a waste of time compared to just twiddling with a script which I can review and quickly change when needed. I'm not sure that it is too big of a deal to have both the iptables and ipchains RPMs installed. iptables won't run on 2.2.x kernels, but ipchains will run on 2.4.x kernels (iptables is superior however). On Mandrake they are loaded as kernel modules, and you can run only one or the other. If you try to load both of them, the kernel module loader (insmod and modprobe) will issue an error. Also, if you have the ipchains module loaded, use of the iptables command will result in errors. If you are in doubt as to which module you have loaded, try running 'lsmod' as root on the command line and look for 'ip_tables'. I'm not sure why Mandrake's tools would require ipchains for their functionality, unless they think you are using the 2.2.x kernel. Perhaps someone else has some ideas on that one. Rob Lyvim Xaphir wrote: Thanks, Rob! That looks exactly like what I was looking for; I can't wait to start experimenting. I've got a question, thohave you encountered a situation yet where a GUI config app thought it required ipchains for something, and it tried to install ipchains rpms even though iptables was there and fully functional? Are there bad things that happen when this occurs? It's happened here, but things still work. I've been of a mind to rid the system of all ipchains rpm debris and rely totally on the very capable iptables system, but there do seem to be certain parts of Mandrake control center that think they need ipchains. I'm curious as to the official way to handle this; otherwise it looks like a choice between the GUI and the command line; i.e., manual /etc/rc.d/rc.firewall editing vs MCC, but not both. (?) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] NAT/Firewalling/ICS with Iptables
Yep, looks like you have the necessary stuff for iptables loaded. You might notice in some of those example scripts (from the email earlier in this thread) that most load the necessary modules that they require. For example, here is a section of my own firewalling script that contains the module loading (I based my script heavily on the one that I recommended by [EMAIL PROTECTED], whoever that is: #--- # Load IPTABLES-modules and Clear/Reset all chains and set default policies #--- /sbin/modprobe ip_tables /sbin/modprobe iptable_filter /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp # If the IRC-modules below are available, uncomment them # /sbin/modprobe ip_conntrack_irc ports=$IRCPORTS # /sbin/modprobe ip_nat_irc ports=$IRCPORTS There are other modules that can be loaded for filtering. I'm not sure if there is an easier way to discover which non-loaded modules are available, but a ls of /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter should give you a rough idea of what is available. I think some of these are loaded implicitly by modprobe (which figures out dependencies) when loading modules. The dependency relationships of loaded modules can be seen in your output from lsmod. Also, I believe that the iptables command will load any necessary kernel modules for certain functionality that is left out until needed (such as logging). Anybody with a better understanding of modules or packet filtering on Linux should chime in here as I am by no means very knowledgable about such things -- I know enough, I suppose, to be dangerous. :) Rob Lyvim Xaphir wrote: Check out the dumps below. Keep in mind that this system was installed with iptables only; I manually chose all the packages during installation (which you can bet I saved THAT on floppy!! ). Except for the KDE workstation setup option, which put a large number of packages in for itself, which ipchains was not amoungst them. I specifically avoided loading ipchains during installation because I knew I was going with iptables. I suppose you can tell that I agreed with you about iptables being better. ;) I track what's loaded for Mandrake Control Center operations very closely; that's how I noticed that ipchains was installed. I did'nt actually go looking until today, however. snip lsmod output Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewalling [was dhcp]
I'm pretty sure that most of what ICS accomplishes is done through iptables, and from what I saw not in too secure a manner (at least it doesn't in the high level security setting). For the most part, if you know what you are doing, you can replace /etc/rc.d/rc.firewall script with your own. I'm not too sure how the Mandrake configuration tools are affected by such a move (I find GUI tools sometimes frustrating), but I haven't had any problems so far -- probably because I haven't tried to further alter anything with the tools. FYI, one of the nicer iptables firewalling scripts I've found for a connection-sharing gateway machine can be obtained here: http://www.linuxguruz.org/iptables/scripts/rc.firewall_023.txt You can find a lot of other good scripts at the same site (http://www.linuxguruz.org/iptables) which makes it a great site for studying how to configure packet filtering and NAT. For those familiar with shell scripting, the above script should be pretty self-explanatory (it actually has decent comments embedded for your learning pleasure), and with a few mods here and there, you should be able to generate a halfway decent firewall. Note that this one allows external machines to ping the firewall, which I prefer to disable. Please make sure that you review these scripts and understand them before blindly using them! It is probably wise to just use them as a guide to writing your own script. Finally, a few good places to test your firewall configuration after you have it set: http://www.dslreports.com/tools http://crypto.yashy.com/nmap.php https://secure1.securityspace.com/smysecure/norisk_index.html Happy firewalling! ROB Lyvim Xaphir wrote: snip Now, the downside to this is of course that you cannot access the internet directly through one of these private addresses. In order to do that, you must translate your local ip addresses into a bona fide *public* type IP address. This is what's called Network Address Translation, or NAT. There are several options for installing NAT on your system such that anyone on your local net can access the internet thru a system that's connected to the internet. Such a connected system in this case is called a gateway. One way I do it here (because it's quick and dirty) is by using the Internet Connection Sharing (ICS for short) option in the Mandrake Control Panel. The advantage is that if you have 98 or winblows machines (like I do here), ICS on Mandrake is an excellently compatible way to get them on the internet all at the same time, transparently. There are probably more superior ways to do this. For example, with the use of iptables (supposedly an ipchains replacement) you are able to run a script and instantly set up both NAT, packet filtering, and packet mangling rules at the same time. (if you know what you are doing.) This is what I've been interested in. There are alot of scripts out there to accomplish this, but a lot of it still seems to be sort of bleeding edge. Some scripts work, others don't, it's kind of like russian roulette. In the meantime I've stuck with Mandrake Control Center ICS until I get an iptables script ready. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] DIR_COLORS not used by 'ls' in Mandrake 8.2
If I am understanding your question correctly, dircolors gets set in /etc/profile.d/alias.sh (or alias.csh). Leinad Jones wrote: Hi I've upgraded my system from Mandrake 8.1 to Mandrake 8.2 and I've noticed that my directory color settings in DIR_COLORS are not being used. I can see that the upgrade process has not changed DIR_COLORS but use of the command 'dircolors' shows that my values are being ignored. How and where does the system now (in M8.2) set the default colors for 'ls'? -Leinad __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] world writeable files
Or better yet, is there a way to get the security check to ignore sockets (which most of these are)? David Relson wrote: Greetings, I'm running Mandrake 8.2 with msec level 2. Each day /var/log/boot.log gets a Security Warning: World Writeable files found : message added to it along with a list of files (shown below). Is this really a problem? Should I simply run chmod o-w for each of these files? Thanks. David *** Messages from /var/log/boot.log *** Apr 5 04:11:43 osage : Apr 5 04:11:43 osage : Security Warning: World Writeable files found : Apr 5 04:11:43 osage : - /lib/dev-state/log Apr 5 04:11:43 osage : - /tmp/.ICE-unix Apr 5 04:11:43 osage : - /tmp/.ICE-unix/1049 Apr 5 04:11:43 osage : - /tmp/.ICE-unix/1733 Apr 5 04:11:43 osage : - /tmp/.X11-unix Apr 5 04:11:43 osage : - /tmp/.X11-unix/X0 Apr 5 04:11:43 osage : - /tmp/.X11-unix/X9 Apr 5 04:11:43 osage : - /tmp/.esd Apr 5 04:11:43 osage : - /tmp/.esd/socket Apr 5 04:11:43 osage : - /tmp/.font-unix Apr 5 04:11:43 osage : - /tmp/.font-unix/fs-1 Apr 5 04:11:43 osage : - /tmp/.gdm_socket Apr 5 04:11:43 osage : - /tmp/medusa-idled-service Apr 5 04:11:43 osage : - /var/apache-mm Apr 5 04:11:43 osage : - /var/lib/mysql/mysql.sock Apr 5 04:11:43 osage : - /var/lib/texmf Apr 5 04:11:43 osage : - /var/spool/postfix/maildrop Apr 5 04:11:43 osage : - /var/spool/postfix/private/bounce Apr 5 04:11:43 osage : - /var/spool/postfix/private/bsmtp Apr 5 04:11:43 osage : - /var/spool/postfix/private/cleanup Apr 5 04:11:43 osage : - /var/spool/postfix/private/cyrus Apr 5 04:11:43 osage : - /var/spool/postfix/private/defer Apr 5 04:11:43 osage : - /var/spool/postfix/private/error Apr 5 04:11:43 osage : - /var/spool/postfix/private/flush Apr 5 04:11:43 osage : - /var/spool/postfix/private/ifmail Apr 5 04:11:43 osage : - /var/spool/postfix/private/lmtp Apr 5 04:11:43 osage : - /var/spool/postfix/private/local Apr 5 04:11:43 osage : - /var/spool/postfix/private/rewrite Apr 5 04:11:43 osage : - /var/spool/postfix/private/smtp Apr 5 04:11:43 osage : - /var/spool/postfix/private/tlsmgr Apr 5 04:11:43 osage : - /var/spool/postfix/private/uucp Apr 5 04:11:43 osage : - /var/spool/postfix/private/virtual Apr 5 04:11:43 osage : - /var/spool/postfix/public/pickup Apr 5 04:11:43 osage : - /var/spool/postfix/public/qmgr Apr 5 04:11:43 osage : - /var/spool/postfix/public/showq Apr 5 04:11:43 osage : - /var/spool/samba David Relson Osage Software Systems, Inc. [EMAIL PROTECTED] Ann Arbor, MI 48103 www.osagesoftware.com tel: 734.821.8800 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] LM 8.2 xinetd leafnode
FYI, the man pages [hosts_access(5)] are part of the tcp_wrappers-7.6-20mdk.rpm package. Andreas Müller wrote: Am Mit, 2002-04-03 um 19.59 schrieb Jim Dawson: I have configured xinted for leafnode as described below and it still doesn't start. I can't even find any indication in the logs that it is even trying to start. leafnode does start from the command prompt. Does anyone know what else may need to be set? Thanks in advance. In my case it was /etc/hosts.deny and /etc/hosts.allow which prevented leafnode from running. Unfortunatly man hosts.allow or man hosts.deny does not work on my LM 8.2 but I was able to fix it. Greetings Andreas Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Server performance - OT
Not to sound too harsh on the person who quoted the hardware configuration, but this sounds more like a hackers dream game setup than a low-end server configuration. If you want a stable platform, you might want to ask others who have actually setup servers. AMD might be okay for some cases, but I am not sure if it is mature enough to be reliable for a mission critical server. I would guess that most vendors supplying 32-bit Intel compatible server platforms are going to go with Intel processors, probably Xeon processors in a dual CPU configuration. If you use AMD, you will only be able to use the MP processors in a dual CPU configuration, unless you like hacking XP CPUs to make them work (not recommended). My advice: ask someone who knows what they are doing. I doubt that this is the best place for such advice (although I'm sure their are exceptions). Ashley Moore wrote: I'm going to put together a server, based on Mdk 8.2 for a friend (mainly to host a few of his sites from), he's recd a quote for the same with this h/w: Gigabit Mobo - dual cpu - AMD 1 GB RAM Adaptec Raid 5 controller RAID array of 6 x 70 gb SCSI with one hot swap D-link wireless lan any views/problems that I should be aware of? this is the first time i'd be installing linux on this class of h/w, so any help is most welcome. also, should i just install Linux directly on the RAID or keep aside a small ide drive to install the o/s. cheers, Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec and xsane
If you aren't sure which kernel you are using, trying running 'uname -r' on the command line. You are using the secure kernel if it turns up 2.4.18-6mdk-secure. If msec doesn't change it, then it may have been an installation thing. gikoreno wrote: --- On Wed 03/27, Rob Gillen wrote: I may be wrong, but it probably has something to do with Mandrake using the secure kernel. It removes some userspace functionality for safety. I booted into the enterprise kernel though... And the changes from higher to high and vice versa happen instantly (scanner doesn't work then does), if they are actually changing which kernel is to be used wouldn't I need to reboot, because you can't change the kernel in use without rebooting as far as I know (I think kernel updates are the only reasons I ever HAD to reboot). That's why I was thinking it may be something with permissions of whether a program can or cannot use certain hardware (/dev/sg0 in this case). I have no clue... Is there any very detailed document explaining what changes happen when switching security levels in msec? gikoreno wrote: Hi everyone, I just checked the newbie and expert lists, and couldn't find anything that answered this question... I just installed Mandrake 8.2, but kept my previous Mdk 8.1 /home partition. I used to have xsane working, and I ran scannerdrake and I can't seem to get the scanner working with msec on Higher. I haven't figured out as of yet what the problem is, but I was suspecting it's something that has to do with permissions because: - regardless what msec is set to, if I run sane-find-scanner as root, my scanner is found at /dev/sg0 - if I set the security settings to standard everything works (i.e. xsane works too) It will also work if I set msec to High - if I set it back to higher, although I can find the scanner with sane-find-scanner as root, I cannot open xsane (even as root) because xsane: no devices available. Where could I make the permissions change to enable the scanner for all users, but keep the system on msec Higher? Thanks in advance! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Encrypted Filesystems
Has anyone had a chance to play with encrypted filesystems yet? I can't seem to find any information regarding them, but there is a lot of mention of them in the press releases for 8.2. I tried to set up an ext3 encrypted partition, but whenever I try to mount the partition, which prompts me for my password, I get the following: mount: wrong fs type, bad option, bad superblock on /dev/loop0, or too many mounted file systems /etc/fstab entry for partition: /dev/hdb1 /var/private ext3 encrypted,encryption=AES128 0 0 Any ideas? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
