[leaf-user] Re: [leaf-devel] snort and nmap
On Wed, Oct 09, 2002 at 02:05:49PM -0400, Eric B Kiser wrote: I am looking for the most recent versions of nmap.lrp and snort.lrp. I checked the CVS packages repository and the only thing I found was an older version of nmap and no snort. I'm the one who's probably responsible for those packages - and responsible for them being so old. I've not kept up development as I ought. However, I'm planning to get back into the game. I recently configured a Pentium with Red Hat 6.x and Oxygen dual boot; we'll see how it goes. Also, the Oxygen/LEAF Resource CDROM contains all binaries and sources and probably also the compile-time options in a patch and so forth. These days, I've been working towards putting all source code into a sort of ports tree like FreeBSD and Gentoo Linux; it becomes very flexible. I'll see if I can compile nmap and/or snort in coming days. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh
On Thu, Oct 10, 2002 at 03:27:03AM +0200, ArisB wrote: I've followed the install instructions on the website, it still isn't working. but when i install a ssh client on the firewall and then try to connect to the sshd (wich is allso on the firewall) i still can't connect, then i get exchange_identification : connection closed by remote host and in the host.allow is a line ALL: 192.168.1.0/255.255.255.0. Shutdown the sshd daemon on the firewall, and start it from the command line like so: sshd -ddd ...and watch what happens when you connect. Likewise, when connecting, use: slogin -v me@myfirewall ...or: ssh -v me@myfirewall Then report what the server said, and report what the client said. Note that after a connection (successful or not) the sshd client running in debug mode quits. You'll have to restart your sshd server normally - but if it doesn't work, it may not matter... --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Identifying the scanning culprit???
On Tue, Aug 20, 2002 at 09:40:57AM -0700, Cass Tolken wrote: Arin is for American IPs, you can further modify my script modifications to include European, Asian, etc. IPs as an exercise ;) Why not just use jwhois (or other whois client)? Jwhois is a GNU project and automatically knows which NIC to use. I might add that not only is (for example) there different NICs for *.de, *.kr, and *.com - but also for looking up IP addresses... Jwhois automatically knows about all the different NICs and uses the right one. If you look in my development directory on LEAF's SF page, there is a jwhois.lrp - and I think it needs a library (libm perhaps) which should also be there. http://leaf.sf.net/devel/ddouthitt/packages/jwhois.lrp http://leaf.sf.net/devel/ddouthitt/packages/libm.lrp It may be compiled against glibc 2.1, so if you are using glibc 2.0 (Dachstein?) and it core dumps or something, that's why. --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Unknown traffic on firewall
On Sun, Aug 18, 2002 at 11:30:55PM +0200, Manfred Schuler wrote: in the last few weeks I discovered some unknown traffic on my firewall. I inserted a rule to log all traffic on the input and output chains and found that the incoming packet is neither rejected nor denied, but answered by the firewall. I am using a stock eigerstein2beta firewall with no port redirection and no additional ports opened. What I don't understand is why the packets are not denied and who is responding to this packets. tcpdump: 13:24:08.722724 213.168.220.62.2605 80.134.34.59.1214: S 229201904:229201904(0) win 8192 mss 536,nop,nop,sackOK (DF) 13:24:08.722724 80.134.34.59.1214 213.168.220.62.2605: R 0:0(0) ack 229201905 win 0 13:24:09.752724 213.168.220.62.2605 80.134.34.59.1214: S 229201904:229201904(0) win 8192 mss 536,nop,nop,sackOK (DF) 13:24:09.752724 80.134.34.59.1214 213.168.220.62.2605: R 0:0(0) ack 1 win 0 13:24:10.452724 213.168.220.62.2605 80.134.34.59.1214: S 229201904:229201904(0) win 8192 mss 536,nop,nop,sackOK (DF) 13:24:10.452724 80.134.34.59.1214 213.168.220.62.2605: R 0:0(0) ack 1 win 0 13:24:11.352724 213.168.220.62.2605 80.134.34.59.1214: S 229201904:229201904(0) win 8192 mss 536,nop,nop,sackOK (DF) 13:24:11.352724 80.134.34.59.1214 213.168.220.62.2605: R 0:0(0) ack 1 win 0 According to whois, the source is coming from (abridged output): inetnum: 213.168.220.0 - 213.168.220.255 netname: NORDCOM descr: nordCom descr: dynamic dialin for internet services country: DE admin-c: HNC-ORG tech-c: HNC-ORG status: ASSIGNED PA mnt-by: NORDCOM-MNT changed: [EMAIL PROTECTED] 20010427 source: RIPE route:213.168.192.0/19 descr:nordCom Routing origin: AS13247 notify: [EMAIL PROTECTED] mnt-by: NORDCOM-MNT changed: [EMAIL PROTECTED] 2703 source: RIPE role: Hostmaster Nordcom address: Nordcom address: Doetlinger Str. 6-8 address: D-28197 Bremen address: Germany e-mail: [EMAIL PROTECTED] Looking at your output, they are sending you some sort of packet destined for port 1214 on your firewall (80.134.34.59) and your firewall IS rejecting it, using the TCP RST flag (ReSeT). Your firewall can send a RST, or ignore the packet entirely; in this case, it sends a RST. I don't know what port 1214 is supposed to be for, but port 2605 is BGP (a routing protocol) - surprise surprise... --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Crontab syntax?
On Sat, Aug 17, 2002 at 08:19:13PM -0700, Jeff Newmiller wrote: On Fri, 16 Aug 2002, Kory Krofft wrote: Cass, Did you enter the line as presented in the /etc/crontab file? * * * * * root /bin/date /tmp/mycrontest.txt Make sure that the root entry is required (that is old syntax); is it? I tried it just as posted and I get nothing in the /tmp directory. I tested it from the command line and it of course worked fine. Does anyone have a clue what might need fixed in cron? This is a Bering setup. Make sure you have an empty line at the end of the file. If you are running a script, then remember that cron normally only sets 4-6 environment variables: PATH, HOME, SHELL are typical - and a classic problem is not setting PATH fully. And other variables are not set at all... --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bourne SHell prompt problems
On Fri, Jul 05, 2002 at 10:25:23AM -0500, Charles Steinkuehler wrote: I've tried about fifteen ways to get the prompt to look like this: [root@firewall /usr/sbin]# --- where /usr/sbin is a current working directory To get PWD as part of the prompt in ash, you have to intercept the cd command (and other commands that might change your directory)...details are available in the SF FAQ-o-matic: http://sourceforge.net/docman/display_doc.php?docid=5178group_id=13751 This is also a shell FAQ; look at http://www.faqs.org and look at the comp.unix.shell FAQ, question 2.4: How do I get the current directory into my prompt? Others have explained it already, but there you go anyway. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] libnsl.lrp found
On Mon, Aug 05, 2002 at 12:48:13PM -0500, Russ Price wrote: I finally found a copy at http://leaf.sourceforge.net/devel/ddouthitt/packages/ Suggestion: we need a better way of indexing/cataloging LRP packages. That directory would be my package repository... That particular directory contains over 300 packages; cataloguing them is a very big job - though a worthy one. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Under Attack?
On Thu, Jun 20, 2002 at 11:35:54AM -0400, Akom wrote: I'm getting a bit concerned about what's going in my logs for the past couple of days. I'm running Bering 1.0 rc2 with Shorewall 1.3.1, standard run of the mill setup: external eth0: dhcp, norfc1982, noping, routefilter, blacklist internal eth1: routestopped External is cable, internal is a 192.168.2.0/24 Portforwarded inside the eth0 net is a single server running a bunch of stuff including opennap (port ): 192.168.2.1 I normally get my share of spoofed ip packets in the logs all the time, which I ignore, however this time they don't look healthy as they are destined for the internal IP of my server and it's been happening for a couple of days about every 3 minutes: Jun 20 10:33:31 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.2.1 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=11842 DF PROTO=TCP SPT=3093 DPT= WINDOW=65535 RES=0x00 SYN URGP=0 Jun 20 10:33:31 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth1 SRC=192.168.0.2 DST=192.168.2.1 LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=12354 DF PROTO=TCP SPT=3093 DPT= WINDOW=65535 RES=0x00 ACK URGP=0 Get tcpdump.lrp (and libm.lrp and libpcap.lrp) and install them. Then run tcpdump -i eth0 -s0 -n host internal_IP ...on one virtual console, and tcpdump -i eth1 -s0 -n host internal_IP ...on the other. Use Alt-Fx to switch to console x. Then sit back and watch. If you have the capability to store some data, then add the following option to each: -w /some/path/to/store/a/dump/at/dump.dat If you use -w, you'll get no output on screen, but there'll be a dump on disk. Then you can read the dump with ethereal (recommended!) on a full system with X - or show it to others, too. There's also software to despoof addresses, but I forget which it is or where it is. --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] tftp and network.conf
On Thu, Jun 06, 2002 at 10:03:21PM -0500, guitarlynn wrote: On Thursday 06 June 2002 21:28, [EMAIL PROTECTED] wrote: EXTERN_UDP_PORTS=ip.ad.dr.es/32_tftp EXTERN_PROTO0=69 ip.ad.dr.es/32 I would presumably also need a line for the x-server, but I don't know of-hand what it is.. at any rate... does something like this work? the stated tftp probably won't work, unless the variable is matched to a port number. So you will probably need to find out what port tftp runs on and substitute it in the line. Port 69 is tftp; the service name is tftp. The same goes for allowing X-servers, vnc, and anything else (that should probably been sent through a ssh or zebedee encrypted tunnel in my view). vnc uses ports 5900+display# (for standard VNC), 5800+display# (for Java VNC client) and perhaps one other. ssh uses port 22. X is a special case, and requires special handling. You can't just forward it to another location. ssh has special handling to forward X connections and can do it well - and encrypted besides. X is a well-known security risk; no X server should probably be on (or available to) the Internet. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] getting make and gcc on lrp
On Monday 03 June 2002 12:54 pm, Jeff Newmiller wrote: On Mon, 3 Jun 2002, Ant Ken wrote: how would i go about getting make and gcc and any other development tools on to lrp? You don't. is there a package avalible? No. There is, actually, a make.lrp - make is good for a lot of things other than just compiling code. However, it most cases it's too big and not worth putting in a LEAF system. gcc is gargantuan - getting it into a LEAF system isn't worth the effort. If you want to develop for LEAF, use a separate full Linux installation with glibc 2.0.7 (Red Hat 5.2, for instance) or with glibc 2.1 (Red Hat 6.x, for instance). Read the Developers Guide at http://leaf.sf.net/ ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
--On Monday, May 27, 2002 10:00 AM -0400 [EMAIL PROTECTED] wrote: I'm still wondering how to tunnel my http traffic thought ssh to my internal web server. I use Putty to connect to a RH box behind LEAF from outside giving me a comand line interface. Is the tunneling done by somehow directing traffic through PuTTY ? The concept is like this: box1 box2 ... network2 (SSH) (SSH) The tunnel then makes a port on box1 (Web/HTTP port for example) act as if it was another host located on network2 (or reachable therefrom). For example: box1 - box2 box3 (SSH) (SSH) (HTTP) ### -- (HTTP) Note that if you are tunnelling this way, then data from box2 to box3 is NOT encrypted. Also note that you then would (on box1) use this url: http://127.0.0.1/ --or-- http://box1/ ...instead of this one... http://box3/ Note also, that the SSH session used to create the tunnel may have a shell or may not. I know Teraterm/SSH allows you to port forward, and only does it with a shell. OpenSSH and other UNIX variants allow you to run ssh in the background with port forwarding and no SSH shell. One other thing to be aware of - what you want is almost certainly called local port forwarding and not remote port forwarding. Just to be aware. I thought there was a portforwarder for PuTTY at the DOS command line Me, I use (when I use Telnet/SSH under Windows, that is) Teraterm/SSH. It gives you top-notch telnet, ssh, AND port-forwarding. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP with Modem
--On Wednesday, May 22, 2002 4:15 PM -0500 Omar D. Samuels [EMAIL PROTECTED] wrote: Can my LRP box make use of dial-up in any way if I have an ISA telephone modem in there? This is how I use my Oxygen installation the most - it is configured for dialup any of three Internet connections (ISP, work, and ISP Out-of-town Access). Works well - considering its only 56k... ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipcalc ??
--On Wednesday, May 22, 2002 4:46 PM -0500 [EMAIL PROTECTED] wrote: What would be the easiest way to get ipcalc for Bering? Have you considered ipmask? It gives you nearly everything that can be determined from an IP address and was designed for scripts. Who knows? Perhaps you can write a ipcalc wrapper for ipmask if you Really Must... It's available as an LRP package already, too. # ipmask ipmask version 0.33, Copyright (C) 2001 David Douthitt [EMAIL PROTECTED] ipmask comes with ABSOLUTELY NO WARRANTY; for details see the COPYING file that accompained this distribution. This is free software, and you are welcome to redistribute it under the terms of GNU PUBLIC LICENSE. Usage: ipmask [ -BbCcinrsxNmopR ] ip [ -m netmask ] ip may be a hex IP address, dotted-quad (n.n.n.n), or a CIDR spec (n.n.n.n/x) Display Options: -B Display only broadcast address (BSD - obsolete) -b Display only broadcast address -C Display only Cisco wildcard mask -c Display only CIDR -i Display only IP -n Display only network address -d Display only decimal address -r Display only range of valid addresses -s Display subnet mask only -x Display only hexadecimal IP Modifiers: -N No name lookups -m Use this net mask -o Official name (do a name lookup) -p Pretty formatted display of all results -R Hexadecimal IP address is in reversed order ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Misconfigured routing (?) and ssh tunnels
On Monday 20 May 2002 02:53 am, Stephen Lee wrote: On Sun, 2002-05-19 at 12:28, David Douthitt wrote: On Saturday 18 May 2002 11:14 am, Stephen Lee wrote: I tunnel imap and smtp all the time except I use stunnel. Presumably you are pointing your host1 mail client to localhost:110 or localhost:143 and then ssh tunnelling those corresponding ports to host2:some_other_port_for poporimap? How are your ssh tunnels created? Does telnet localhost 110 result in a response by the remote pop server? ssh -L 143:host2:143 user@host2 -- or -- ssh -L 110:host2:110 -L 143:host2:143 user@host2 (I am trying to use IMAP only - but it's hard) Possibly. This is what I have to do in stunnel: Maybe I should try stunnel - I just fumbled my way through using cyrus-sasl to generate some sort of *.pem file. Now if I only knew for sure if cyrus-imap was using it I did notice in the ssh man page the following: Privileged ports can be forwarded only when logging in as root on the remote machine. Does this apply to your situation? Perhaps. I've just done an IMAP connection over a different SSH tunnel, and it works - and its one FreeBSD host (lets say, host3) to the same IMAP server host. No PPP link, but that shouldn't matter I think... ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Misconfigured routing (?) and ssh tunnels
On Monday 20 May 2002 03:28 pm, Stephen Lee wrote: On Mon, 2002-05-20 at 10:13, David Douthitt wrote: Maybe I should try stunnel - I just fumbled my way through using cyrus-sasl to generate some sort of *.pem file. Now if I only knew for sure if cyrus-imap was using it You could always rename the pem file and see if it complains. Could you not use imaps instead of tunneling? The Courier imap and pop package does all of this encryption stuff effortlessly. Actually, the *.pem file was used, but an error generated: May 20 13:54:47 lena imapd[80986]: TLS engine: cannot load CA data May 20 13:54:47 lena imapd[80986]: error initializing TLS: [CA_file: ] [CA_path: ] [cert_file: /var/imap/server.pem] [key_file: /var/imap/server.pem] The file: -rw-r--r-- 1 root wheel 1655 May 20 01:02 server.pem I realize its owned by root:wheel, but it is still world-readable (bad?) - I don't know what permissions to give it. Perhaps. I've just done an IMAP connection over a different SSH tunnel, and it works - and its one FreeBSD host (lets say, host3) to the same IMAP server host. No PPP link, but that shouldn't matter I think... Maybe defaultroute or proxyarp settings in ppp need adjustments? PPP works fine - I can go to any host I like - but the SSH tunnel fails. Remember too, that the endpoints of the PPP link and the endpoints of the SSH tunnel are four different hosts entirely. The PPP link is just one of the hops along the way that the SSH tunnel takes. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: using IMAP, SSH, stunnel, and SSL
On Monday 20 May 2002 04:52 pm, you wrote: ssh -L 110:host2:110 -L 143:host2:143 user@host2 (I am trying to use IMAP only - but it's hard) Maybe I am just dense but I am wondering why you don't just use SSL/TLS to connect to your IMAP service. I believe this is a documented feature of an IMAP server and an IMAP client should just be able to use it. I use this with courier-imap and it has worked fine for more than a year. No need for stunnel (which is fine by the way) or any ssh forwarding, just plain old port 993. This was my goal, and I finally seem to have succeeded. Initial reason I didn't do it is that I don't know SSL, but I do know SSH (mostly). Also, it isn't guaranteed that an IMAP client (of which there are not a lot) will be able to do SSL. I don't think Mutt can, for example - but I know KMail does. With the right docs, I seem to have been able to set up TSL (or is it SSL?) on my IMAP server and put it to use. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Misconfigured routing (?) and ssh tunnels
On Monday 20 May 2002 04:37 pm, Stephen Lee wrote: On Mon, 2002-05-20 at 13:43, David Douthitt wrote: Actually, the *.pem file was used, but an error generated: May 20 13:54:47 lena imapd[80986]: TLS engine: cannot load CA data May 20 13:54:47 lena imapd[80986]: error initializing TLS: [CA_file: ] [CA_path: ] [cert_file: /var/imap/server.pem] [key_file: /var/imap/server.pem] The file: -rw-r--r-- 1 root wheel 1655 May 20 01:02 server.pem I realize its owned by root:wheel, but it is still world-readable (bad?) - I don't know what permissions to give it. I think the pem file needs to be readable by the Cyrus user. With the 644 permissions listed above, it is. It looks to me that the pem file is not in a correct format for the TLS engine. Take a closer look at how you generated the certificate. I followed the directions given at another site pointed out to me by Mike Leone, and went step by step. When I was done, I had three files: newreq.pem, newcert.pem, and cacert.pem. After this, things appeared to work. I was surprised to find that TSL operates over the standard unencrypted port 143, whereas SSL has a special port of 993. I had a similar problem when generating a certificate for stunnel and tried for many hours to solve it. In the end, I simply took a pem file (generated with same SSL library) from another package and used that to good effect. I'm not using stunnel now. I'm curious as to why you need to tunnel imap if you're already using SSL? What about imaps or simap? I wasn't using SSL when I started. I would use imaps but I'm now using TSL instead - I'll use SSL if TSL isn't available. It appears that TSL uses the standard port 143. According to my services file, there is no simap: only imap (port 143), imap3 (port 220), imap4-ssl (port 585), and imaps (port 993). Presumably both imap3 and imap4-ssl are deprecated. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Misconfigured routing (?) and ssh tunnels
On Saturday 18 May 2002 11:14 am, Stephen Lee wrote: I tunnel imap and smtp all the time except I use stunnel. Presumably you are pointing your host1 mail client to localhost:110 or localhost:143 and then ssh tunnelling those corresponding ports to host2:some_other_port_for poporimap? How are your ssh tunnels created? Does telnet localhost 110 result in a response by the remote pop server? ssh -L 143:host2:143 user@host2 -- or -- ssh -L 110:host2:110 -L 143:host2:143 user@host2 (I am trying to use IMAP only - but it's hard) No, telnet (or nc) to localhost 110 doesn't work (nor to port 143). host1 # netstat -rn -f inet Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.4.1UGSc2 125de0 127.0.0.1 127.0.0.1 UH 110566lo0 192.168.4 link#1 UC 40de0 192.168.4.10:0:c0:26:b4:8bUHLW 54 371de0 1193 192.168.4.20:0:c0:6:b9:5b UHLW1 513380de0 970 192.168.4.50:e0:29:6:ce:58UHLW3 316lo0 192.168.4.10 link#1 UHLW2 31de0 host2 # netstat -rn -f inet Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default198.77.254.129 UGSc 12 116xl0 127.0.0.1 127.0.0.1 UH 0 5059lo0 192.168.5.128/27 link#1 UC 20xl0 192.168.5.129 0:20:6f:10:e5:31 UHLW60xl0 757 192.168.5.140 0:50:da:cc:4d:c2 UHLW0 8375lo0 Note that ssh itself works - but the tunnel doesn't. It wouldn't have to do with the fact that the tunnel is from port 143 to port 143 would it? ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Misconfigured routing (?) and ssh tunnels
On Sunday 19 May 2002 02:28 pm, David Douthitt wrote: On Saturday 18 May 2002 11:14 am, Stephen Lee wrote: I tunnel imap and smtp all the time except I use stunnel. Presumably you are pointing your host1 mail client to localhost:110 or localhost:143 and then ssh tunnelling those corresponding ports to host2:some_other_port_for poporimap? How are your ssh tunnels created? Does telnet localhost 110 result in a response by the remote pop server? ssh -L 143:host2:143 user@host2 -- or -- ssh -L 110:host2:110 -L 143:host2:143 user@host2 (I am trying to use IMAP only - but it's hard) No, telnet (or nc) to localhost 110 doesn't work (nor to port 143). host1 # netstat -rn -f inet Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default192.168.4.1UGSc2 125de0 127.0.0.1 127.0.0.1 UH 110566lo0 192.168.4 link#1 UC 40de0 192.168.4.10:0:c0:26:b4:8bUHLW 54 371de0 1193 192.168.4.20:0:c0:6:b9:5b UHLW1 513380de0 970 192.168.4.50:e0:29:6:ce:58UHLW3 316lo0 192.168.4.10 link#1 UHLW2 31de0 host2 # netstat -rn -f inet Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default198.77.254.129 UGSc 12 116xl0 127.0.0.1 127.0.0.1 UH 0 5059lo0 192.168.5.128/27 link#1 UC 20xl0 192.168.5.129 0:20:6f:10:e5:31 UHLW60xl0 757 192.168.5.140 0:50:da:cc:4d:c2 UHLW0 8375lo0 Note that ssh itself works - but the tunnel doesn't. It wouldn't have to do with the fact that the tunnel is from port 143 to port 143 would it? I've also noticed the following - or should at least mention: * host1 has a private ip (192.168.4.6) but host2 has an Internet address * The TCP connection traffic goes like this: 1. SYN from host1 to host2 via ssh tunnel 2. SYN (reply) from host2 to host1 via Internet (!) no response * Until recently, neither host1 nor host2 was routing. I turned on routing, then it worked - then it stopped. I used the command: sysctl net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 (might as well support IP6 too :-) * ssh tunnel seems to allocate an IP of 192.168.4.7, but I can't see it anywhere. Not in netstat -rn nor in ifconfig -a * There doesn't seem to be any way of specifying a route via the ssh tunnel interface. ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Misconfigured routing (?) and ssh tunnels
On Sunday 19 May 2002 11:24 pm, you wrote: David Douthitt wrote: On Saturday 18 May 2002 11:14 am, Stephen Lee wrote: I tunnel imap and smtp all the time except I use stunnel. Perhaps ssh -g option? Don't use that: dgd $ slogin -L 143:lena:143 -L 110:lena:110 dgd@lena I always liked the ssh description on the VNC site. Me too. Please see the More advanced use section at the bottom of the page. They have a configuration that looks like yours. They used ssh -g -L 5901:windows2:5900 linux2. This quote was troubling ...but remember that connections between snoopy and third machine will not be encrypted... (...not refering to the VNC docs) This is because the ssh tunnel goes from machine A to machine B - if you are forwarding a local port, the end can go anywhere - such as to machine C. In my case, there is no machine C - or at least, machine B and C are the same. From your original post: Perhaps -C or +C? The VNC ssh Compression section has this quote. It may apply to you because of ppp? SSH has another advantage. It can compress the data as well. This is particularly useful if the link between you and the server is a slow one, such as a modem... My impression was that VNC performed compression, not ssh - but I will look again. But that won't solve my troubles... Just another thoughtI was playing with ssh internally. I was testing another firewall. I was racking my brain until I realized that the firewall rules were blocking the RFC 1918/1627/1597 addresses. It sounds like you already took care of that issue, however. Not quite. See discussion below. Last idea...perhaps you are experiencing the reason cipe and I guess stunnel were developed: http://sites.inka.de/~bigred/devel/tcp-tcp.html. Please see the Practical experience section. The whole problem was the original incentive to start the CIPE project, because I used a PPP over SSH solution for some time and it proved to be fairly unusable. At that time it had to run over an optical link which suffered frequent packet loss, sometimes 10-20% over an extended period of time. With plain TCP, this was just bearable (because the link was not congested), but with the stacked protocols, connections would get really slow and then break very frequently. I don't think this applies - I'm running SSH over PPP, not PPP over SSH. The layers are like so: TOP TCP/IP SSH PPP Phone Here is what I see happening - and it sounds just exactly like some sort of routing problem: 1. SYN Packet is sent from host1 to host2 over an SSH tunnel (which has a PPP link in the middle) 2. SYN Reply Packet is sent from host2 to host1 over unecrypted Internet links. Also, the return SYN packet conains the internal IP of the ssh tunnel in host1 (a 192.168.4.7 address apparently). Thus the private IP packet quickly reaches a router willing to kill it or ignore it. Why is host2 routing the packet away from the ssh tunnel? Note, too, that neither of the endpoints of the ssh tunnel are the endpoints of the PPP link - and that the LRP system is providing NAT for the network behind it. Of course, using ssh across this link, the NAT is not done. However, I've had situations like this (with the same setup, but not with a PPP link) that worked just fine. Of course, that was a Linux host1 to a Linux host2 - these are FreeBSD hosts. ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Restricting SMTP, IMAP and POP traffic
On Saturday 11 May 2002 04:48 am, Enchufa2.com wrote: What I would like to do is prevent users from changing the browser proxy configuration at their workstations and then bypass the proxy/cache and also to prevent unauthorized users to change their e-mail app configuration and become able to send/receive external e-mail using external e-mail servers. This can be done, at least in part, by creating a transparent proxy using squid. The Squid FAQ has details on this - it requires some ipchains rules that redirect any connections to port 80 to the Squid port or something like that. Ideally, unathorized users would only be able to use the local mail servers and authorized users would be able to use both internal and external servers. You could use fetchmail from a particular internal host in order to download the external mail for those users that are allowed to have external mail. Then you could have an internal SMTP and POP3/IMAP mail server handle everything for the outside. Alternately, you can limit access such that only certain workstations are allowed SMTP and POP3/IMAP access to specific mail servers on the outside. ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] kernel hackers? off topic
On Wednesday 08 May 2002 03:13 pm, you wrote: If you care to read this mess and comment, cool. If not, if you could suggest someone to send this problem to, that would be great. This is not exactly a bug report, more a mystery report. linuxrc is not executing when booting on an STPC from compact flash. Everything works fine on a Pentium. Kernel recompiled for 486. The standard LRP/LEAF kernel requires patches which force /linuxrc to run all the time, everytime. It sounds like you are trying to use an unpatched kernel. In this case, your root= parameter has to be set right and you need a twist (the official name is root pivot) in order to get the real root device mounted. Both Bering (Linux 2.4) and Oxygen (Linux 2.2.20 in development) operate seamlessly without any patches. You may also want to take a look at the following: * linux/Documentation/initrd.txt * The LEAF Developer's Guide * The Linux Boot-HowTo ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [Leaf-user] two-diskettes system
On 4/9/02 at 8:06 AM, Charles Steinkuehler [EMAIL PROTECTED] wrote: Packages will be backed up to whatever disk is in the drive - make sure you put the appropriate disk in the boot drive before backing up. I have a small request that the backup scripts write to the drive from which the package was loaded. Would that be a major rewrite? Not a major rewrite, but a major project nonetheless. You have to add the following capabilities to the system: * Tracking where files came from - including storing data, additions, deletions, and everything else - a new database really. MySQL anyone? How about a flat text file per-package? Simple but inefficient - but in any case, would occupy a LOT of space - especially if you load 200 packages (as I've been known to do :) More things to consider: these files would have to be excluded from package creation (including root.lrp in old systems). Removing packages would have to remove these files too. * Unique identifiers for disks - including checking for the right one and error handling for the case when it isn't. This would be a big project to get right, requires a database with full database accessability, and identifiers for disks that are guaranteed to be right. What's more, what if you can't back the package up to the right disk but want to back up to a new disk - more functions. I've got this functionality in my backup scripts for Dachstein already (and it was a fairly major re-write). The system remembers where the package was loaded from, and defaults to backing up to the same location. You can also manually change the backup destination, if desired. However, you didn't account for ALL of the possibilities: 1. User backs up a package - to the right medium (/dev/fd0u1440 for instance), but the WRONG disk (oops). Then what? 2. User backs up a package - to the right medium, but a NEW (different) disk. Then what? To do this right, I'd think you'd need an identifier for each and every disk, and a routine to refuse writing to a disk that didn't match - as well as the ability to write to a NEW disk. Another thing: Define The Problem. I don't see backing up to this disk or that a problem. What Problem does all this extra code solve? -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] two-diskettes system
On 4/3/02 at 3:17 PM, Matt Schalit [EMAIL PROTECTED] wrote: David Douthitt wrote: Packages will be backed up to whatever disk is in the drive - make sure you put the appropriate disk in the boot drive before backing up. I have a small request that the backup scripts write to the drive from which the package was loaded. Would that be a major rewrite? Not a major rewrite, but a major project nonetheless. You have to add the following capabilities to the system: * Tracking where files came from - including storing data, additions, deletions, and everything else - a new database really. MySQL anyone? * Unique identifiers for disks - including checking for the right one and error handling for the case when it isn't. This would be a big project to get right, requires a database with full database accessability, and identifiers for disks that are guaranteed to be right. What's more, what if you can't back the package up to the right disk but want to back up to a new disk - more functions. Seems like a lot of extra work to me but that's just my personal opinion... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] multilink ppp async
On 4/7/02 at 8:48 PM, Andrew Mitchell [EMAIL PROTECTED] wrote: I have recently installed Bering LEAF (Kernel:Linux version 2.4.18 (bering5@debian)) and am quite pleased with the results. At the moment I have installed 2 V.90 modems and would like to configure for multilink. Is this possible to support? If so, any config assistance would be appreciated. As it happens, I've just begun work on setting up ppp. If memory serves, you need Linux 2.4 and ppp 2.4.1 to make multilink work. I've been working with ppp 2.4.1; if you want a copy let me know. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: need help with tcpdump
On 3/25/02 at 9:06 PM, Kory Krofft [EMAIL PROTECTED] wrote: I am using RH 7.2. I found the problem. I have in fact been hacked. I found a process muhh running from the /var/run directory. I will have to reformat and rebuild the game server. I would love to find out what the hacker was using my machine for. Any suggestions on how to find out? There were several subdirectorys and many files. I have looked at the logs it used but it doesn't make any sense to me. If you suspect you are hacked, then you should suspect output from all system binaries, including ps, ls, netstat, ifconfig, and a blizzard of others. Best thing to do is to mount a CDROM or other writeonly medium with statically linked versions of these often compromised utilities and use those to scan the system for strange behavior. To provide the best ability for computer forensics, you should do: dd if=/dev/hda | gzip -c - | nc 10.1.1.1 2525 ...(/dev/hda is whatever your hard drive is) and on a remote machine (10.1.1.1) - presumably with LOTS of space... nc -l -p 2525 hda.img.gz Do ALL hard drives this way, and you then can come back to the data any time you want. Also, check your other systems to make sure THEY haven't been compromised as well. When reinstalling, get ALL of the Red Hat 7.2 update packages - there are quite a LOT - almost 650M worth now! Use the updates to update your system - use: rpm -Fvh where is the package or packages you want to update. -Fvh options means that only those that are installed will be updated. Another thing: make sure you don't run anything you don't need: go through /etc/inetd.conf and remove everything that's unneeded. Do the same through the use of ntsysv or chkconfig. Then reboot. Hope this helps. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] two-diskettes system
On 3/27/02 at 3:58 PM, Jacques Nilo [EMAIL PROTECTED] wrote: I have a box with two floppy-drives (/dev/fd0xxx and /dev/fd1xxx). I have no free CDROM, no HDD, no ZIP or anything else, only two floppies. The questions: is there any civilized way to organize the lrp-system which would boot from one diskette, take some *.lrp from its and others from the second one? It is a standard feature of most LEAF distro: Dachstein, Bering and probably Oxygen all support a dual floppy setup. Oxygen supports multiple disks either serially or in separate drives. For Oxygen, all that needs to be done is to configure oxygen.cfg in order to load packages from the second disk. You don't have to specify which packages you want to use; the system will pick up all packages automatically without any trouble at all. Packages will be backed up to whatever disk is in the drive - make sure you put the appropriate disk in the boot drive before backing up. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Oxygen + FreeS/WAN
On 3/7/02 at 3:54 PM, GR [EMAIL PROTECTED] wrote: Anyone out there manage to compile a kernel for Oxygen 1.9 with FreeS/WAN compiled in? The Oxygen 1.9 kernel is the standard Linux kernel; you should be able to add the appropriate (non-LRP) patches to a standard kernel and go. OpenWall may conflict; I don't know FreeS/WAN. I do know Oxygen though :) and since no one spoke up -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] simple snmp doc?
On 2/22/02 at 4:35 PM, Pete Dubler [EMAIL PROTECTED] wrote: I need to get snmp up and running so I pulled a copy from Charle's site and installed it. Are you aware that there is a massive multi-vendor vulnerability in SNMP right now? It's claimed to be one of the biggest or widest spread vulnerabilities to date. This vulnerability is in practically everything that uses SNMP. So check out that snmp first perhaps Charles can shed some light on this... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Strange shell
On 2/21/02 at 12:09 AM, guitarlynn [EMAIL PROTECTED] wrote: I've been one of many that have lately had a ton of logs with dns floods and http scans. I figured that I would go and SILENT_DENY them yesterday. I did and my logs stayed empty the rest of the day. Today I checked the weblet and I had http SYN packets in my logs. So, I go down and set up a monitor and get ready to check things out. To my amazement, everything was all in CAPS everything from the shell and my keyboard input. It lagged a little when I logged in, so I 'ae' a .conf file and attempt to scroll . it's lagging like ssh does (ohhh, now I'm real interested)! I pull up another shell and everything is normal (no lag and the fonts are case-sensitive again). I check 'ps ax' and everything is normal, so I 'svi network reload' and change back to terminal 1. Terminal 1 is back to normal now too. None of my network settings have changed. The box is a DF floppy w/o ssh, IPSec, or telnet. The only hole in the firewall is a portfw to a internal webserver w/o any name resolution on port 81. After resetting the firewall, I got a bunch of port 80 and a couple of port 21 hits. Any idea's I'm afraid someone was somehow filtering my shell. Oh, I know the date is borked on the machine it's been a low priority. Next time this happens see if you can put a system on there and run a port sniffer on the traffic coming into your box. It's definitely possible to create a shell which responds to a connect from port 80. It's also possible to steal the file-descriptors from a running shell. I'm not sure it's entirely likely this has happened to you, but I wouldn't rule it out - and all those attempted connects are interesting... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] xntpd does not respond to clients
On 2/19/02 at 12:16 PM, Binh Do [EMAIL PROTECTED] wrote: I installed Todd Horsman's xntpd.lrp and runs it with his config file. Seems it is running OK but I cannot connect to it from internal client or even from the router itself. I used 'rdate' utility. The message is 'Connection refused'. I did 'ps' and 'ntpq' and all seemed fine. I opened ports 123 (ntp) and 37 (time) on the firewall and uncommented out the time service in /etc/inetd.conf but got no success. First, rdate does NOT use NTP. As far as I know, there isn't a time server (port 37) in LEAF. If there was, it would be inetd that would do it, and you'd have to make sure it was enabled in /etc/inetd.conf When you run ntpq, you are using NTP. When you run rdate, you're using time. I don't think rdate is even a part of xntpd. Perhaps you want to use ntpdate instead? # rdate -p 127.0.0.1 rdate: 127.0.0.1: Connection refused Another thing to check - don't use 127.0.0.1, but the actual IP of the host. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Having trouble finding what I am looking for...
On 2/13/02 at 4:07 PM, Eric B Kiser [EMAIL PROTECTED] wrote: Below is the foundation that I need for my project: 2.4.x kernel Being experimented with in almost every distribution to some extent... iproute2 Standard on all LEAF distros. iptables Part of Linux 2.4. ipv4 and ipv6 I've done most of the network programs, and almost universally removed ip6 support. If all you need is the Linux kernel ip6 support, you're alright. However, you may need to compile some of the network support tools to support ip6 if they haven't had ip6 support compiled in already. gnu zebra There should be a zebra.lrp floating around... openssh Jacques Nilo put a version of OpenSSH 3.x together... frees/wan I thought Charles did something with this... On with the questions... 1) Is there currently a LEAF distro using the 2.4.x kernel and glibc 2.1.3? Oxygen is heading in this direction, but am currently having problems with the image. I think George Metz did something with this and Linux 2.4.5. 3) If their is a distro that I want to use but want to replace the kernel with my own is it as simple as compile kernel, apply patches, copy to disk as linux? Yes. However, you need to make sure you use the LRP patches -- or DONT -- as is required by the distribution you use. Also, if you switch from 2.0 to 2.2 or 2.2 to 2.4 this becomes NON-trivial. 4) David Douthitt had stated that the LRP patches were no longer needed in some situations. It was my understanding that they were what made LRP what it was and were the foundation of LEAF. If someone could explain this I would greatly appreciate it. They didn't make LRP; they were, in essence, cheats - though the support for the *.tar.gz initrd was nice. 1. initrd introduced support for a tar.gz image instead of a compressed (gzip) filesystem image. 2. linuxrc-always - ALWAYS run /linuxrc instead of only when the initial RAM disk device didn't match the boot device... What makes LRP - or LEAF - is the scripts. 5) Does the version of glibc on your machine have an affect when compiling the kernel? No. 6) I have a computer that I have set aside as a development station. In the Developing for LRP How-To, Debian Slink was recommended, however, I have been unsuccessful in finding it. Also recommended was Red Hat 6.0. Are all of the Red Hat 6.x versions able to be used for my purposes (glibc 2.1.3) or is their a particular one that I should use (6.0 versus 6.2)? All Red Hat 6.x versions use glibc 2.1.3, but 6.0 had a buggy C compiler - and 6.1 wasn't long lived. If you use Red Hat 6.x, definitely use 6.2. Debian Slink used glibc 2.0.7; isn't it Woody that used glibc 2.1.3? Mandrake will work just as well; Mandrake 7.x used glibc 2.1.3 I think. There's a lot of others of course: Slackware; BestLinux; Stormix... just watch the glibc versions... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Backing up modules.conf
On 2/10/02 at 8:39 PM, GR [EMAIL PROTECTED] wrote: This assumes Oxygen 1.9. I know I have managed to get this file backed up before, but I can't seem to remember how. I have made changes to /lib/modules/boot/modules.conf to reflect the NIC's in my /machine and have also deleted all the unecessary modules /from that directory. However when I attempt to back up my /changes they aren't written to disk - upon reboot they /are all lost. /lib/modules/boot is in root.gz. In 1.8 you would back this up by backing up root.lrp; in 1.9 its more difficult (I've not gotten to simplifying it yet). The easiest way would be to do the following - either on a LEAF system or on a full system: 1. Copy root.gz to a disk... 2. Uncompress it: gunzip -c - root.gz root.ima 3. Mount the image: mount -o loop root.ima /mnt/loop 4. Work in the image: cd /mnt/loop ; ... ---this is where you make changes - relative to /mnt/loop... When done... 5. Unmount image: umount /mnt/loop 6. Compress image: gzip -c - root.ima root.gz 7. Copy back to boot disk I'll work on a script to do this. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ANN: LRP Developer's Guide
There is a new version of the LEAF/LRP Developer's Guide. Minor revisions really - a new section on notes about compiling the Linux kernel. A few more updates - that's about all... It's available from http://leaf.sf.net/pub/oxygen/development/ until its available from the release area. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LCD Proc
On 2/9/02 at 8:08 PM, John Mullan [EMAIL PROTECTED] wrote: Thanks David. However, the following is the error message when I attempt to run LCDd firewall: -root- # lcdd -h lcdd: error in loading shared libraries libncurses.so.4: cannot open shared object file: No such file or directory Does this mean that libncurses cannot find something or that libncurses doesn't exist? Means the latter. Go to http://leaf.sf.net/pub/oxygen/packages/ and get the ncurses package (libncurs.lrp? ncurses5.lrp?). Of course, when I run LCDproc -s 192.168.1.254 -p 13666 X U I get the following: firewall: -root- # lcdproc -s 192.168.1.254 -p 13666 X U sock_connect: connect failed: Connection refused Error connecting to server 192.168.1.254 on port 13666. But I assume that is because the LCDd is not running. If LCDd is not running, you'll get this. There's no server listening on that port. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LCD Proc
On 2/8/02 at 9:14 PM, John Mullan [EMAIL PROTECTED] wrote: Can you tell me how to make use of lcdd.lrp and lcdproc.lrp?? I can see the packages load with the others. If I have a working piece of LCD hardware, would something show up automatically? If not, how do I set things up so that something shows up on the LCD? There are two parts: the server (LCDd) and the client (lcdproc). Once the server is loaded, you should see a display as long as you've told the server all the details of what sort of LCD you have and so on. When you load lcdproc, it should start giving you lots of data (of whatever you've specified). LCDd is finicky about options, as it's option parsing is pretty bad - if things act strange, then move the options from one side of the command line to the other... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LEAF routing private IP space
On 2/6/02 at 11:13 PM, Greg R [EMAIL PROTECTED] wrote: The LEAF Router is running Oxygen 1.8. You didn't say what firewall you were using. Dachstein and Eigerstein have their firewall scripts; Oxygen relies on add on packages like Echowall, Seawall, or rcf. My symptoms are these: from the LEAF router I can ping all of the devices on the local netork as well as the greater Internet. However from the workstation I can only ping as far as the external (eth0 - 192.168.68.254) interface of the LEAF router. I can not hit the internal interface of the DSL router. As was mentioned, can't ping can mean four different things; how did ping fail? I can think of several things to check: * Is ICMP allowed outside the firewall? * Is eth0 really the outside interface? Are you sure? * Oxygen by default refuses to answer pings on its interfaces Things to try: * When you ping a DNS location (such as www.apple.com or www.sourceforge.net) does the name resolve? * If the name does resolve, do you get a ping? * Try telnet instead. If you get instant refusal (or acceptance!), then there is connectivity to that machine. If telnet hangs for a LOOONG time (3 min) and then works - you don't have DNS. If telnet hangs and times out with no connection - you have no connectivity. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] crontab vs /etc/cron.d/multicron
On 2/5/02 at 10:56 AM, Matt Schalit [EMAIL PROTECTED] wrote: Secondly this whole discussion about setting the date is a waste of time until David replaces the broken busybox date with a working date binary. What good is it to set the clock with atomic precision when date doesn't even know the difference between GMT and EST? I don't program busybox. I don't control busybox. I didn't write busybox or the busybox date command. The broken date is only in the reporting of the timezone, as I remember. If the system is set correctly, it doesn't matter. rdate, ntpdate, hwclock - they all work just fine - and two of them are in busybox. As a matter of fact - hwclock is not. Most programs get the date and time wrong, while the other half log with a shifted timestamp? The syslog goes kablooie. You have no idea when anything happened. The programs that get the time wrong are their own problems (not problems with date) - syslogd, for example, is the full version. ssmtp is ssmtp - if it gets the date wrong, it is its own fault as long as the timezones are set correctly. Make sure TZ is set and /etc/localtime points to a file that exists and is correct. In my mind, the TZ environment variable should be all that is required - but it would appear things are not that way any more. It used to be simple... someone had to muck it up. At worst - things are either in GMT or in localtime. Period. If it's really bad - forget timezones and set the system hardware time to local time, not GMT. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Mail logs on Oxygen
On 2/6/02 at 10:26 AM, Munday, Merrick [EMAIL PROTECTED] wrote: I'm running the May 2001 release of Oxygen, The current release is 1.8; May 2001 would be one back. 2) To automate the log sending process, I think I need to put something into /etc/cron.daily/multicron-d? multicron has been removed from Oxygen as of 1.8; put the script into the appropriate slot. You can read up on crontab and edit /etc/crontab, or... Put the script into the directory that describes how often you want it to happen (like /etc/cron.daily) - and it will happen th I'm not sure what the right way to solve these two problems is -- should I be trying to put code into multicron-d, or do I need to write a separate script? (I've never done that either) To be compatable with future versions, you're better off writing your own script from scratch and not using multicron. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] crontab vs /etc/cron.d/multicron
On 2/5/02 at 7:55 AM, Jack Coates [EMAIL PROTECTED] wrote: And how; there's a xntpd package out there, but I haven't seen ntpdate. xntpd's binary is 175,832 bytes; the whole package is 88,007 bytes compressed. ntpdate is 33k uncompressed (and stripped). -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] crontab vs /etc/cron.d/multicron
On 2/4/02 at 8:53 AM, Victor McAllister [EMAIL PROTECTED] wrote: crontab would not correctly run the command. Same command in multicron works. Strange - but at least it works now. - # cat /etc/cron.d/multicron #Periodic schedule for multicron. (Ping check, Space check, etc) #Default: Every 15 minutes */15* * * * root/etc/multicron-p 11 05,11,17,23 * * * rootrdate -s 132.163.4.101 12 05,11,17,23 * * * roothwclock --systohc -- Entries in crontab should be pathed explicitly; what if you replace rdate ... with /usr/bin/rdate ... or whatever? Same for hwclock... Just a mini-soapbox: I never understood the need for multicron-p anyway: Oxygen has removed it some time ago. Multicron doesn't provide any new capabilities at all that I can see - cron can do just fine. Seemed like multicron just provided several layers of unnecessary indirection on top of cron and took up more disk space... Another note: rdate uses an old obsolete form of network time synchronization; I suspect more and more time servers may stop providing the service rdate uses (wuarchive.wustl.edu seems to have stopped...) If anyone's bundled it, ntpdate would be better to use... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Oxygen CD
On 2/4/02 at 5:52 PM, Cokey de Percin [EMAIL PROTECTED] wrote: Is there an Oxygen 1.8 CD image and if so, where can it be found? There seems to be one at http://download.sourceforge.net/leaf called Oxygen_1.8_iso_OxygenISO.bin, but the file is empty. I can't speak to the latter, but the former I can... The Oxygen Bootable CDROM is now being worked on with Oxygen 1.9 as its base. Oxygen 1.9 uses a Linux kernel with no LRP-specific patches in it. The current 1.9 development is focused on Linux 2.2.20; future development will use 2.4.17. An Oxygen 1.8 Bootable CDROM shouldn't be difficult to put together; I've just not done it. Using a generic unpatched Linux kernel proved to be too attractive :) If there is call for one I can put one together -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
On 1/31/02 at 9:42 PM, malik menzong [EMAIL PROTECTED] wrote: One more question that keeps bugging is the following. I made an 1.68 image that is self contained and a 1.44 ima as well. Everytime I boot from the cd and I make a change if I tried to back up the changes on the 1440 image it complains. so I do backup the change on the 1.68 ima. they do update fine. but when I am trying to boot from the cd and the 1.68 image (the one containing the changes) is in it the floppy disk drive, it give me an error and requires that I mount instead the 1.440 floppy which has no back up. I'm not sure I followed all that, but there are some things to remember: Oxygen is not set up to use 1.44 floppies by default anywhere. By this I mean when you do a backup it uses 1.68M floppies (or tries to); the configurations (*.cfg files) all assume 1.68M floppies; etc. If you want to back up to 1.44M floppies I tend to do: mount /dev/fd0u1440 /mnt/floppy cd /tmp apkg -c whateverpkg cp whateverpkg.lrp /mnt/floppy umount /mnt/floppy ...crude (somewhat), but it works. /dev/backup is supposed to eventually be used in this capacity - so that 1.44M floppies or 1.68M floppies could be used for default backup disks by apkg and bpkg. Secondly, when you boot from floppy you can control what formats the disks are in that are requested - look at oxygen.cfg and other *.cfg files for what you want. oxygen.cfg is the default for floppy boots, and cdrom.cfg is the default for CDROM boots. Thirdly, when the CDROM boots, your configurations are fixed since they are on CDROM - if you need a 1.68M floppy, that's what you need. Fourthly, you need to format the 1.68M floppies for use beforehand - using a 1.44M floppy off the shelf doesn't work. The CDROM should come with syslinux.lrp and fdformat.lrp just for this purpose. It would also help to know what the error messages or warnings are - you didn't say - more details, please. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
On 1/27/02 at 4:26 AM, malik menzong [EMAIL PROTECTED] wrote: 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? This is because you are trying to use a 1.44M floppy as if it was a 1.68M floppy. You need to use a floppy that's been preformatted to 1.68M... 2)inside the /etc/ folder the file network.conf presented me with some questions: should I set eth0 as local or as external? the entries for eth0 and eth1 both requires IP, netmask and gateways setup should they be the same or different? You need to have a firewall package like rcf.lrp or seawall.lrp loaded. You also are setting up two interfaces on two different networks; the IP addresses, network addresses, and netmasks are likely to all be different. 3)I also saw two files that look kinda familiar to network.conf I am referring to networks.conf and gateways.conf. Do I need to configure those files too or should I rely only on the one first one (2)? (A UNIX manual would help :) /etc/network.conf configures your network. /etc/networks is similar to /etc/hosts: they allow you to have names for networks instead of just numbers. You should be able to ignore /etc/networks and /etc/gateways I would think... 4)inside the module option I saw three network files: pci-scan tulip and eepro 100 since I am running 2 nics 3C905 I figured I need to get some drivers for those 2 cards and mount them. Does that sound right or I have enough tools there? pci-scan is used for supporting PCI cards; the others can likely be removed. To see what modules are being used, do an 'lsmod' and see which modules are needed for your setup. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ANN: Oxygen 1.8
Oxygen 1.8 is a major new revision in the Oxygen distribution. It contains the following new features: * A new flexible configuration file system * Full support for CDROMs * Upgradable glibc - packaged glibc 2.1 (new) into libc.lrp * More flexibility: things like cron and init are now packages * Linux 2.2.20 with Openwall enhanced security patch * Revised hardening script * Script for headless booting with Compaq PCs * Full support for vfat * More automatic boot sequence * Updated: busybox 0.60.2, syslinux 1.64, more... The new configuration file now allows these new features: * Load from multiple floppies, different formats * Definable prompt - prompt user to insert appropriate disk * Load modules * Load configuration file * Load from a list of packages * Use alternate packing programs (like bzip2) * Load packages from CDROM Oxygen retains these features: * Automatic loading of packages; no more having to specify each package * Updated programs * Security checked * Enhanced with many utilities * Powerful package management (apkg) with optional full-screen interface * Full screen (with ncurses and dialog) configuration * Safe package backups (using apkg -s) - no more panicking when the disk runs out of space... and you find out too late... * Control system kernel parameters with sysctl Available from the download area at http://leaf.sf.net/ -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bash on LEAF
On 1/4/02 at 1:52 AM, guitarlynn [EMAIL PROTECTED] wrote: On Friday 04 January 2002 00:14, you wrote: ash does practically everything one could want, except vi-mode editing and tab-completion... It's about all I need, I've always preferred ae to vi. It seems hard to find it on a commercial distro unless you compile it, maybe that's why I spend more time with LFS than anything commercial anymore. I thought both Red Hat and Debian came with ash as part of the system? I'm about to setup a lrp-slink sandbox, it would be nice to find a source tree for any of the recent lrp distro's (maybe I'll find it on the Resource cd that's been sitting here for a month or so). The LRP Resource CDROM contains source code to every binary that is in the Oxygen distribution. In particular, the basic packages are in src/base/* and includes things like iproute2, ash, ee, busybox, etc. You might want to note that ash is now incorporated into busybox for about the last two versions or so - makes it much easier as ash had splintered into many divergent versions, not to mention that the official ash distribution did NOT use GNU make... it used something odd and strange. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ping check not working bug resolution
On 1/3/02 at 8:07 PM, Paul Rimmer [EMAIL PROTECTED] wrote: Is there a command equivalent to env to check all available environment variables? env may be available as part of recent busybox versions; I know there was a patch for it. Also, ash should give you a report with the 'set' command: # set Hope this helps! Any ideas on what should I check to rule this out Dave? Make sure the path is set correctly. Many cron jobs will set their own paths. If there are any other environment variables you are counting on, set them - though I'm not sure which ones those would be. Another way is to hard code the actual locations. Some programs look like this: #!/bin/sh RM=/bin/rm GZIP=/usr/bin/gzip $GZIP xx $RM ...and so forth. I think that setting your own PATH is easier - and probably also more secure. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Network Card Problem
On 12/31/01 at 1:46 PM, Patrick Nixon [EMAIL PROTECTED] wrote: I briefly mentioned a few weeks ago a problem I'm having with a specific network card, however, no one had any solid advice and I wasn't sure what the exact problem was so I'm reposting with a bit more information I hope. NIC: 3Com 3C920 Integrated network Card (lists as a 3c905C-TX in some systems) System: Dell Optiplex GX150 Problem: Despite a successful loading of the module 3c59x.o I am unable to receive any data over the network interface. from netstat -i I can see that it's transmitting, just not receiving properly. I would try compiling 2.2.20 and use that if you are running a 2.2 based kernel. You didn't say which LEAF system you are using. Using Linux 2.2.20 would give you the most recent version of the 3c59x.o driver and presumably fix any bad software problems. I'd also swap the hardware; could be a hardware problem. If this is an actual router with two interfaces, if one is working and uses the same driver, I'd just swap the two cable to the two cards and try again. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with a webserver on a DMZ network.
On 1/1/02 at 3:58 AM, djoutlaw outlaw [EMAIL PROTECTED] wrote: I thought settting up LEAF would be hard but it seems to be very easy. Thanks to Charles Steinkuehler and this board I have gotten plenty of help! Just a nit: LEAF is a superproject of LRP variants, not a specific LRP type system; currently Dachstein and Oxygen are the two main LEAF variants. The system you set up sounds like it was likely Eigerstein or Dachstein; however, Oxygen is very powerful and capable also... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] RE: Gunzip/gzip problems?
On 12/30/01 at 10:45 PM, Nicolas Riendeau [EMAIL PROTECTED] wrote: Does anybody have a working copy of that package or is anybody able to use the package on c0wz (or its mirrors)? I'm not sure, but I think there is a psentry.lrp at http://leaf.sourceforge.net/pub/oxygen/packages/psentry.lrp -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Kernel Version
On 12/28/01 at 5:41 PM, Jan Linders [EMAIL PROTECTED] wrote: Is there a way to find out which kernel version I'm running on my LRP Router ? Try one of these: # uname -r # cat /proc/sys/kernel/osrelease # sysctl kernel.osrelease the '#' is your shell prompt; don't type it... -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] portfw to *multiple* hosts ???
On 12/27/01 at 10:21 PM, Michael D. Schleif [EMAIL PROTECTED] wrote: Large medical images -- some approaching gigabyte sizes. The internal network connects multiple facilities. The images may need to be shared across multiple facilities. Our preferred solution is to put one (1) copy of each image on a large and robust fileserver inside their network. The catch is, they are using proprietary systems for viewing and analyzing the images and we may not be granted access nor information adequate to implementing our preferred solution. Currently, the remote sources are using their proprietary systems (black boxes) to auto-magically transfer the files directly to one (1) proprietary system inside our customer's network. Yes, this looks everyway like ftp -- except the proprietary system vendor says, no, it is not that simple ; When one of these images is needed on another proprietary system inside this network, somebody needs to push the required file to another proprietary system. Our customer wants ``pull'' access from any given system. In brainstorming alternatives, this occured to me: send images | V internet | V firewall | - | | | V V V host_1host_2host_n ... Regardless, whether or not this is the best solution for this application, how can this be done? What do you think? This sounds to me like a case for rsync + ssh There is, if you need it, an rsync.lrp already - and of course, ssh.lrp. You could set up rsync either as a push or a pull alternative. As a case study, consider that there are many publicly accessibly rsync servers (the Linux kernel site kernel.org comes to mind...) If you could set up host_1, host_2, etc. to be rsync recipients, why not tunnel rsync via ssh through the firewall? -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] whereis ifconfig
On 12/24/01 at 11:16 AM, Colleen R. Dick [EMAIL PROTECTED] wrote: EigerStein Dynamic is pretty old. You should consider moving to a current LEAF distribution ... DachStein or Oxygen. OK I will do that, I was told Oxygen was hard to configure and wasn't sure what all was in it. I don't think Oxygen is any harder than Red Hat, say, and it certainly has a lot more documentation in the configuration files. As for what is in it it has a lot more than Dachstein, but then it's more of a general distribution than Dachstein is. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] whereis ifconfig
On 12/23/01 at 3:15 PM, Ray Olszewski [EMAIL PROTECTED] wrote: Eiger and its descendants use the ip command (the package is sometimes called iproute) instead of ifconfig. Try ip link show or ip addr show, depending on what information you want. BTW, you will also find the route command to be missing. Use netstat -nr where you would otherwise use route -n. In Oxygen, netstat is also missing; use ip route show instead. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] fsck.ext2: erro in loading shared libraries
On 12/22/01 at 2:54 PM, Pete Dubler [EMAIL PROTECTED] wrote: So, being faithful to Charles' HOWTO, I installed the hdsupp_s.lrp package. Fsck cannot find a shared library and neither can I... when the system boots or when I try to run fsck.ext2, I get the following message: Parallelizing fsck version 1.12 (9-Jul-98) fsck.ext2: error in loading shared libraries libuuid.so.1: cannot open shared object file: no such file or directory There's a package in http://leaf.sourceforge.net/pub/oxygen/packages/ (libext2.lrp I think) which should contain it. It contains some others; make sure the packages don't conflict; perhaps you can manipulate the package contents to make them work out. Pete Dubler Fort Collins, CO How IS Fort Collins these days? -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ATT transition woes
Matt Schalit wrote: That's what I did for a friend. We had Oxygen running on his @Home rigged as a static IP setup even though it's dhcp. Then when they choked and became attbi (they never should have merged with the white elephant Excite), their dhcp is so touchy that I couldn't rely on the static rig, and I went for dhcp. Oxygen locked up during boot, after enabling the correct nic modules and rebooting. It would be nice to know what happened. However, I've been using the current pre-release version of Oxygen with DHCP routinely - especially since I don't have to configure it :) It works just fine. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] More questions about Datchstein CD 1.0.2 and pppoe
Charles Steinkuehler wrote: - is it possible to change the root ramdisk size and still booting from the CD ?? Yes, but you have to burn a new CD, with a different boot-floppy image. I thought you COULD change it. Hold down the left shift, and at the boot: prompt type linux ramsize=X ...and that should do it (assuming the default kernel label is linux)... Of course, you DO have to type it in... in previous versions of dachstein: ping -c 1 some.dns.name | grep PING | cut -d (): -f 3 returned only the ip address 1.2.3.4 in dachstein cd, the same command returns (1.2.3.4): Any idea ?? The previous cut command was massively broken, and the fact that the above usage worked was an artifact of cut's mis-behavior. Try the above on a 'normal' linux system and you'll get an error...the delimiter for cut must be a single character... Try using sed instead of cut: sed 's/).*//;s/.*(//' How about this (for your entire command line): ping -c 1 some.dns.name | sed -n '/PING/s/.*(\(.*\)):.*/\1/p' ...one sed command, no cut and no grep. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Squid package??
Ewald Wasscher wrote: Sergio Morilla wrote: Thanks for the package and the dependecies info!! Just one more question, I would like to move the cache to an HD I have on the computer, is this a paremeter on squid.conf? IIRC it's CacheDirectory. The manual at http://www.squid-cache.org/ will tell you if I was right. You don't have to do that, though, necessarily: Add a line something like this to /etc/fstab: /dev/hda1 /var/spool/cache ext2 defaults 1 2 ...and then: # mkdir /var/spool/cache # squid -z ...and you're all set. Then you just have to make sure that /etc/fstab is restored on boot. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Squid package??
Todd Pearsall wrote: I grabbed it from the Oxygen packages, but I don't know and can't currently check what version it is. It's the same one. I've compiled Squid 2.4 STABLE3 to run under glibc 2.0; it should work in any system. I also compiled it with SNMP enabled. It requires the libm library, and libcrypt. It does NOT need libnsl (I removed it...) It's a big package - the squid binary (stripped) is about 477k, and the compressed package is about 311k. The cache will be at /usr/cache. The package, if you want it, is at http://leaf.sourceforge.net/pub/oxygen/packages/squid.lrp. If you have any problems, let me know. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Squid redirect dachstein floppy
Todd Pearsall wrote:
On a related note, I was having problems after I started using squid on a
dachstein CD (default RAM disk size) on a P75 with 32MB of RAM. After
installing squid it would work fine for a while and then I'd start
periodically seeing messages like:
VM Process Killing: {different service name}
VM Process Killing: {different service name}
VM Process Killing: {different service name}
as services stopped. The error message are from my memory so it may not be
exact, but should be close. I assume this is the kernel killing processes
since it is low on virtual memory to keep the kernel from running out of VM
and crashing. Anyone else running into this? BTW, this is running as
proxy-only, no caching.
Squid needs *LOTS* of memory and disk space. I'd recommend you run with
64M at least, maybe more. Remember, too, that unlike normal
distributions a major chunk of that 32M is used by the RAM disks, so
you're actually running on something like 16M or less for Squid to run
in. Get more memory
I also wanted to log squid to a remote machine but the usual syslog.conf *.*
#re.mo.te.ip didn't seem to work, no squid logs that I could find appeared
on there remote server. Does squid not use the syslog daemon?
Use squid -s to log startups and shutdowns (and such like) to syslog.
As for accesses, it's not currently possible.
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Squirm and SquidGuard
I tried everything to compile SquidGuard. The stable version requires libdb 2.6.4+ and won't work with any libdb 3 less than 3.4+ something. It won't work with libdb 4 at all apparently. It also has bugs that keep it from compiling, and hasn't been updated in almost two years. The development version also requires libdb in the versions listed, but won't compile. The development version is dated July 2001. Squirm (1.23) was better - it compiled just fine, and doesn't need libdb, libcrypt, libm or anything aside from the ordinary. squirm.lrp is in the usual place: http://leaf.sourceforge.net/pub/oxygen/packages/squirm.lrp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Squirm and SquidGuard
Kevin Kropf wrote: Thanks for your trouble. I will read up on it and perhaps give it a try. Probably best way to go is to do the following: 1. Use Red Hat 5.2 or Mandrake 5.2 or Debian 2.1 distributions - all glibc 2.0 based. 2. Get libdb v3 probably - v4 may not yet be supported, and v3 probably works. Install it if you want, otherwise use the --with-db option to configure below with the right directory... that might even be better... 3. Compile with the usual ./configure and make options... I use on a regular basis: ./configure --sysconfdir=/etc --prefix=/usr make This removes all sorts of strangeness, such as different locations of software, libraries, include libraries, etc. See how that goes. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] uninstall option for lrpkg
David Douthitt wrote: # Remove package from packages list: PKGD=/var/lib/lrpkg mv $PKGD/packages $PKGD/pkg.old grep -v $PKGD/pkg.old $PKGD/packages This has an error; should be: # Remove package from packages list PKGD=/var/lib/lrpkg mv $PKGD/packages $PKGD/pkg.old grep -v '^'$PKGNAME'$' $PKGD/pkg.old $PKGD/packages ...note that this will remove ALL package entries with the same name. Since lrpkg will blithely allow you to install the package more than once, this may be useful :) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Still unable to run Dachstein
Matt Schalit wrote: I agree here with the pci-scan loading before the nic module(s) and that Dachstein is the simplest and most surefire release to get you up an running with little effort. There are two major things to setup: 1) # echo 'export EDITOR=e3vi' /etc/profile # exit and login again so that you can use vi. Don't need to relogin; just do: # echo 'export EDITOR=e3vi' /etc/profile # export EDITOR=e3vi ...and it's done. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Still unable to run Dachstein
Dr. Richard W. Tibbs wrote: I had the same problem (t:t:t:t:) at the boot prompt with the latest oxygen release loading on a Gateway 2000 pentium-1 machine. A serial port (actually two) are certainly present on the Gateway -- so no serial port present shouldn't be the issue, unless having two of them causes no serial port to be spec'd. I will try the development version if you think that will help, David. The t:t:t:t: prompt is a problem with that version of SYSLINUX. The best thing to do is to go into the syslinux.cfg file on the disk, and then comment the sections that deal with the serial console. That would be a line that started with serial; also delete things at the end of the lines that say console=/dev/ttyS0 or something like that. That should help - especially the first. However, this doesn't help with problems after you've loaded the system... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How to configure dnscache in Oxygen?
Dr. Richard W. Tibbs wrote: I am trying to use the latest Oxygen with the firewall data disk as a second disk. Everything boots up fine (using IBM aptiva doorstop as my firewall device, with 2 netgear ethernet NICs). When asked to configure the system, I answer yes, and I get an edit session of a script to kick off dnscache. What do I do here? I have looked at some dnscache how-to's at linux on-line, but not sure if there is any specific thing I should do here. Not even sure how to exit the emacs-emulated editor ;-) Is there a complete soup-to-nuts how to on config of Oxygen? Well, there are two things you mentioned here: * How to configure dnscache... I don't know - I don't use it. * How to exit the editor - now THAT I know :) The editor shouldn't be emulating emacs. However, here's how to exit from emacs (what you said) and from vi (the Oxygen standard editor mode): * vi: Hit (in sequence) ':q' and press enter. * emacs: Hit in sequence 'Ctrl-X Ctrl-C' ... Both are two characters long (excluding return). Oxygen aims to be as similar to standard UNIX (whatever that is :) as is possible. The only blight is the missing netstat / ifconfig / route; however, those are available as add-on packages, and are not necessary to the system's operation. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Squid redirect dachstein floppy
Kevin Kropf wrote: I have Squid running on dachstein-rc2-1680.exe and would like to redirect all internal port 80 requests to the default Squid port of 3128 on the LRP box. I have read through the archives and found very little of use. What is the best way to do this? This is in the Squid FAQ - in fact, it's an entire section (#17); go to the Squid home page at http://www.squid-cache.org/ . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] uninstall option for lrpkg
Jeff Newmiller wrote:
On Tue, 11 Dec 2001, David Douthitt wrote:
[...]
grep -v '^'$PKGNAME'$' $PKGD/pkg.old $PKGD/packages
why the rigamarole with the single quotes?
grep -v ^$PKGNAME$ $PKGD/pkg.old $PKGD/packages
I was playing chicken :)
The first breaks down this way:
string (not scanned by shell): '^'
variable: $PKGNAME
string (not scanned by shell): '$'
The second is a little more dicey - how does one know that the shell
won't get confused or upset by the final '$'? With the double-quotes,
the shell scans the string. Given your example, I think I'd prefer
using:
^${PKGNAME}$
because it forces the name upon the shell - prevents even more
confusion...
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Now trying dachstien rc1
Dr. Richard W. Tibbs wrote: OK, per some other advice, dachstien is easier to use as basic firewall. I built a boot disk based on rc1. Loaded up on doorstop IBM Aptiva. Several questions: What is the difference between the various dachstein .bin's? (rc1, rc2, pr1pr4)? Versions. How do you get the moral equivalent of ifconfig? Read up on the 'ip' command. THe ip command doesn't seem to have the same functionality. It does - and more. How do you build a boot floppy with ifconfig, route etc. as add-on packages? You need the package binaries; Oxygen's Setup Disk has these - I forget the exact names... I can't seem to find out if the boot process successfully found the devices and whether a driver was loaded. Try these commands (in the answers): Q: Are the network interfaces configured? A: ip addr show Q: Are the routes configured? A: ip route show Q: Are the modules loaded? A: lsmod Q: What messages did the kernel give (during module loading)? A: dmesg ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] What is This
Patrick Benson wrote: Firewalk uses a traceroute method with UDP and ICMP pings, gathering information of the network and hosts(s) with the TTL fields, very interesting, indeed...: http://www.packetfactory.net/Projects/Firewalk/firewalk-final.html Been a package for quite a while: http://leaf.sourceforge.net/pub/oxygen/packages/firewalk.lrp ...have at it... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] EIGRP (88) protocol ???
Michael D. Schleif wrote: However, how do I silently deny anything from any source that is destined for 255.255.255.255 ??? Since ATT Broadband moved me to the new network, I am flooded with this crap: PROTO=17 12.242.20.50:67 255.255.255.255:68 What do you think? That's the bootp protocol (ports 67 and 68). Just don't log blocks on those ports (though I'm not sure how you'd do that in Eigerstein/Dachstein...) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] SNMP Monitoring of Dachstein
[EMAIL PROTECTED] wrote: I have some basic SNMP monitoring of my Dachstein machines working using the old SNMP package and MRTG. With these I keep a constant graph of the activities of eth0, eth1 and ipsec0 on both ends of my test VPN tunnel. I converted to net-snmp and everything is still working (thanks people for standards). My next task is to add monitoring of the memory, CPU, and RAM disks. Others have setup MRTG to do this kind of thing on their Linux servers. I was wondering if anyone here have already done something similar and have some MRTG scripts that work with the net-snmp mibs that they can share, or maybe just some pointers. Maybe this is out of line here, or maybe not. Here we use NetSaint to monitor many systems. It would be quite simple to set up a monitoring system to check for CPU, disk space, memory - whatever you want. All you need is an ssh server on the LEAF side and scripts that give one line of info and return 0 for OK, 1 for WARNING, and 2 for CRITICAL Then you run your script using SSH. Of course, NetSaint is for system critical conditions, and isn't for performance monitoring, though the latest versions offer the ability to store performance data (but not process it). MRTG is more of a history, and NetSaint is a snapshot in time. Sort of like the difference between a balance sheet and an income statement :) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] very large /var/log/wtmp
On 12/6/01 at 5:38 PM, Richard Burt [EMAIL PROTECTED] wrote: I saw a posting a few weeks ago of someone who was having this problem. I don't ever remember seeing an answer. This is a new clean Dachstein 1.01 installation. Been up for just shy of 3 days. As you can see my wtmp file is 7.5 MB. Anyone have any thoughts? Or what more info should I provide. Thanks. wtmp is used by the last command (that is -- probaby -- /bin/last); try it. You might want to check the help for a way to limit the number of entries to list (I don't remember what it was, but it can be done). Then you can see what is filling your wtmp file. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] New package - and some fixes
There is now a new package at http://leaf.sourceforge.net/pub/oxygen/packages ntpclient.lrp It is a small NTP client used to set the clock from a reliable time source on the Internet. I also fixed many packages; about a dozen or so had errors... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] some clarifications about cd images
Syed Irfan wrote: i have downloaded oxygen cd iso and about to download dachstein-cd iso the onygen iso is about 600M and dachstein-cd iso is about 18.9M why is oxygen 600M, i dont understand The reason the Oxygen CDROM is 600M is because it includes a lot of things OTHER than just the Oxygen distribution. Included on the CDROM are: * Documentation in /docs * Kernel sources and patches in /kernel * Source code to every package I can lay hands on - /src * Every package I've done and a few besides (278 at current count) - /pkg * Package archives, including Koon Wong's and others * Red Hat Compatability RPMs to allow you to compile for glibc 2.0 on a glibc 2.1 system * A lot of historical Oxygen images The Dachstein CDROM is 18M because it doesn't include all the extras. I'm working on a CDROM that will be under 150M to fit on one of those tiny CDROMs we're starting to see it'll have a lot of resources but less of the pure development stuff. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Alternate loging
Sergio Morilla wrote: The obvious question is... Where can I get syslog-ng.lrp and some info about it?? I don't think I was successful at making a package it also requires a library called libol. I've been running syslog-ng on several full distributions here for some time. I'm not sure if it can be compiled with glibc 2.0.7 or not; this step is necessary if you are using any production LEAF system. Oxygen development versions are already using glibc 2.1.3, and there is at least one Dachstein CDROM which has been converted to glibc 2.1.3. One thing I've done is installed programs on a full distribution, taking care with library versions, then used the precompiled binaries to create the package from. You can do this by getting a Red Hat 5.2 RPM and loading it on any production RPM-based system, for example. Otherwise, if you've 5.2 in the back room, just take the tar.gz file and compile it and install it - the put the binaries into a package... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Could not find kernel image: support.
Dr. Richard W. Tibbs wrote: I built a 1.680 MB boot floppy based on the latest oxygen release, and I tried it out on a humble Packard-Bell Pentium-1 with 16MB ram. That will be rather tight for Oxygen... Syslinux 1.62 comes up and presents several options, but then I get the subject line message: Could not find kernel image: support and Could not find kernel image: ge repeated forever. That's not anything I've ever heard of before... is this right after syslinux comes up (with a options screen) or is it after you press enter? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-devel] [Leaf-user] Testing help needed
On 12/1/01 at 3:12 PM, Jack Coates [EMAIL PROTECTED] wrote: On Sat, 1 Dec 2001, Tony wrote: If so, wouldn't it be easier/safer/more secure to forward them to an internal syslog server? syslog-ng is supposed to fix a lot of these problems, but I've never gotten around to taking a look at it. syslog-ng is very nice; it's set up to act as our central UNIX log server for the corporation. It has a unique ability in that it can use TCP instead of UDP - allowing it to be tunneled via ssh to an external server where it can then receive log messages from a syslog-ng located on that side. This allows you to receive messages through a firewall that blocks UDP syslog traffic (as it ought to). -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] need help with distro and modules
On 11/30/01 at 7:23 PM, Syed Irfan [EMAIL PROTECTED] wrote: i need some help with deciding on which lrp dist i will be installing the lrp dist on hdd initially i need some links to d/l the distro and their modules for these services what distro provides me with these services dhcp Dial on demand mail forwarding ntp and proxy service proxy and ntp may be a future use, but i need the other services to be run on the distro They all do. To decide between Eigerstein and Oxygen, ask yourself these questions: * Do I primarily need a firewall? YES = Eigerstein * Do I need simplicity and proven ease of use? YES = Eigerstein * Do I need glibc 2.1 (used in Red Hat 6.2, Mandrake 7, and others)? YES = Oxygen (Development)... * Do I want power and flexibility? YES = Oxygen... * Do I want a hardened (secure) kernel with Openwall? YES = Oxygen... There's probably more I've missed; go read the FAQ at http://leaf.sourceforge.net -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein RC2: Not loading all packages.
On 11/29/01 at 1:52 AM, Simon Bolduc [EMAIL PROTECTED] wrote: I think you may be encountering the 255 character limit in syslinux.cfg - if the last line is longer than 255 characters (or possibly all the characters in the file - someone will probably correct me) the remaining characters get truncated. That's one of the reasons Oxygen went to a configuration file. Oxygen also checks to see if the command line is 255 chars (or whatever the max is) - if so, it warns you about the possibility of truncation. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dachstein rooted
On 11/27/01 at 11:35 PM, guitarlynn [EMAIL PROTECTED] wrote: I put a dachsrein beta firewall up last week at the house, it works great. My wife got into an apparent ongoing battle in which several people in a yahoo chat room were hit with a buffer over- flow (affecting windows client) in the chat program. The room was actually being monitored by a level 2 government employee that was assigned to the room to monitor for script-kiddies, and she got one of them. Unfortunately, the kiddie got my ip addy and DDoS'ed it (from what I dug out of the logs before they filled). This was fine (lol), except I cannot find any info in auth.log and user.log. I am assuming the box has been cracked, probably root kitted and they erased the two log files. The box is still up and the gov official (and maybe Charles or someone else) would like an image of the Ram disk to analyzeparticularly for a foot- print of the attacker. My question, how do I make an image of the RAM disk??? Can I simply back up the entire disk and send it, or is there another way??? The simplest way to make an image of a disk is (assuming the relevant applications are present): dd if=/dev/disk_device of=- | gzip -9 -c - | nc \ some.other.machine.somewhere 18714 ...and on some.other.machine.somewhere: nc -l -p 18714 | gunzip -c - disk.image ...I'm not sure about the parameters for gunzip, but you get the idea. Of course, if you've rebooted, your RAM disk is lost - but you knew that, certainly. Remember that everything you do will change your environment. Also remember - if you are rootkitted, then all of your usually useful applications are now reporting what the attacker wants you to see - and not the real thing. Of course, you may not be rootkitted at all. You don't have a compiler on this box, so root kits can't be compiled. You are running glibc 2.0.7, so any precompiled root kit binary compiled on a recent distribution will segfault. You are also not running all of the glibc libraries, so a root kit binary is more likely than most to require a missing library. Also, the action of most root kit binaries is likely to be identical to their larger counterparts. Lastly, you'll probably find your disk free space to have shrunk drastically. Finally - some of what the rootkit may replace may actually be shell scripts - or even, multipurpose shell scripts. In such situations, if other programs related to the shared script start acting like one single binary, then it's been overwritten - for example, if cut grep who whoami ... all start acting like who, then someone must have replaced your shared script with a who binary. All in all, I think a root kit of Dachstein (or any LEAF) will be rather noticeable -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] alert
Robert Williams wrote: I have had a shell script that I got from Charles a long time ago running on my router. It beeps when the router comes up so I don't have to have a monitor connected to know that the system is up. It used to get backed up in etc but apparently etc does not back up init.d anymore. So I put it in is own tiny lrp package. It's a whopping 452 bytes. Its the little things that make me happy and maybe they do you too. There is already a package called boot.lrp (or something like that) which does this. Also, Oxygen is already configured to do this - including using variant tones so you can tell what portion of the bootup is occuring. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] packages in the oxygen directory
[EMAIL PROTECTED] wrote: Hi all and especially to David, Hi! I have downloaded some of the packages from the oxygen packages list and tried them on my eigerstein beta2 but they all seem to segfault. Some (many?) of these packages use glibc 2.1. I am talking especially about ethereal and winscan, is this a library problem or a kernel version issue? And is it fixable without switching over to an oxygen distribution? Because I got quite accustomed to my eigerstein config? It is indeed fixable; however, you'll need to convert to glibc 2.1 or recompile the packages under glibc 2.0. I had lots of problems getting newer networking tools to compile under 2.0; after a while, one gets a little worn down by it all. There is talk of converting Dachstein-CD to glibc 2.1; someone's done it already on their own system. Oxygen in development also uses glibc 2.1, and can be converted to use glibc 2.2 just by creating a new glibc.lrp package. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] packages in the oxygen directory
Matt Schalit wrote: I think it's because ethereal was compiled against glibc-2.1.3, whereas your ES2B is a glibc-2.0.x. Almost certainly. Here's the info I can give you from installing it and running it on Oxygen. Ethereal brings a lot of libraries over. - # ldd /usr/sbin/tethereal libsnmp.so.0 = /usr/lib/libsnmp.so.0 (0x00125000) Some sort of support for SNMP... libgmodule-1.2.so.0 = /usr/lib/libgmodule-1.2.so.0 (0x00163000) libglib-1.2.so.0 = /usr/lib/libglib-1.2.so.0 (0x00166000) These are part of Glib, some sort of utility library. libdl.so.2 = /lib/libdl.so.2 (0x00189000) Database library? Part of glibc... libm.so.6 = /usr/lib/libm.so.6 (0x0018e000) Math library (part of glibc). libz.so.1 = /usr/lib/libz.so.1 (0x001ab000) Compression... libc.so.6 = /lib/libc.so.6 (0x001ba000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x0011) # tethereal --help Cannot find module (IP-MIB): At line 0 in (none) Cannot find module (IF-MIB): At line 0 in (none) Cannot find module (TCP-MIB): At line 0 in (none) Cannot find module (UDP-MIB): At line 0 in (none) Cannot find module (SNMPv2-MIB): At line 0 in (none) Cannot find module (SNMPv2-SMI): At line 0 in (none) Cannot find module (UCD-SNMP-MIB): At line 0 in (none) Cannot find module (UCD-DEMO-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none) Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none) Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none) Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none) Cannot find module (SNMP-MPD-MIB): At line 0 in (none) Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none) tethereal: invalid option -- - Apparently tetheral doesn't support long opts. Just a little info to help you diagnose your setup and whether it's useful to persue this ethereal. This isn't ethereal, but tethereal: tethereal is a tcpdump-like network traffic dumping tool which works in text mode. Full blown ethereal this is not. Several things are nice about tethereal over tcpdump: * More powerful filtering language * More protocols supported * Lots of file formats supported, including translation capabilities Drawbacks: * Non-standard filtering language * Bigger, more libraries needed If you use this package, realize that it can be slimmed down by removing libraries like libz, libm, and perhaps libdl which may be available separately. I think I must have included them all because I felt the trade-off in not having to get all those packages separately would be best for many people. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Distributions...
Patrick Benson wrote: Why not try: Trinux - http://trinux.sourceforge.net/ All the tools you'll ever need you can find on a 3-disk setup... Not LEAF-based - no login security. Specialized tool for network security. muLinux - http://mulinux.nevalabs.org/ Requires 1.72M disks... breaks most floppies. tomsrtbt - http://www.toms.net/rb/home.html Not designed for network testing - specialized tool for system rescue. Why not use: Oxygen - http://leaf.sourceforge.net/pub/oxygen Oxygen offers: * Full flexibility * Expanded tools - choose from network diagnostics, system rescue, development, etc. * Can be used to boot from CDROM * Can load packages from network, multiple floppies, or other locations - with or without pauses (and user-configured prompts) * Has possibility of loading using TFTP, GOPHER, FTP, HTTP... * Kernel has OpenWall patches added... Development version adds: * Much higher boot-time configurability: - Load configuration file from any disk - Specify any filename for configuration file - Tool used to decompress files can be configured (bzip2, zip, gzip...) - Create any set of volumes, with any size * Easy upgradability to glibc 2.2: just replace glibc 2.1 (libc.lrp) package (and make rom.) The development version is approaching a pre-release; I'd recommend people try it if you are able. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] compiling for LRP.
Jeff Newmiller wrote: There are compatibility development packages for RedHat that allow you to compile for glibc2.0, but in many cases it is not quite so simple. One reason is that the makefiles or configure scripts provided to prepare the makefiles require some amount hand-editing to get them to work in a compatibility mode. Depending on your familiarity with the dependencies in the source you are compiling, this may be possible but can be far from trivial in the general case. Unless the source is particularly simple, the easiest solution is to use a Debian Slink installation for development, as long as your source code doesn't depend on glibc features added after glibc2.0. You can also use Red Hat 5.2 or Mandrake 5.3 to do the same thing. However, using the compatability packages for Red Hat requires Red Hat 6.x or equivalent, since they weren't released for Red Hat 7.x - I don't know how they'd be under Red Hat 7. Compiling is usually not so bad unless the program makes extensive use of networking or a few other functions. Many things will compile just fine, including networking applications. Using the glibc compatability libraries is the only way I've done most of my package development, since Red Hat 5 is hopelessly out of date (as is everything which uses glibc 2.0). If you use a shell wrapper script, you can override the C compiler used by the Makefiles (and by autoconfigure) which allows you to compile for glibc 2.0. In fact, many programs will compile without any editing if they don't use any glibc 2.1 specific features, and if you set the CC variable to make and use the -e option - or set CC and run autoconfigure. More extensive details can be found in the LRP Developer's Guide on the LEAF site at http://leaf.sourceforge.net/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] using the e3 editor in Oxygen
Brent P. Gardner wrote: It turns out that e3 was in vi mode as suggested below. This confuses me because both e3 and vi are in the list of options displayed when Oxygen asks which editor you would like to use. Since I specified e3 I didn't think to try vi commands. The reason for this is that I wanted Oxygen to provide a UNIX-like environment, and virtually every UNIX system ever made comes with vi. Also, in the selection process, if you load all of the added add-on packages, one can choose from emacs (zile), vi (elvis-tiny), pico (nano), and perhaps even THE (a VMS VDT clone). Also, I wanted to allow a user to specify they wanted vi or emacs or whatever and e3 should be set up to act that way. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Simple, per client, machine access rules?
Mark Plowman wrote: I know that the simplicity of setup and maintenance will be a significant factor in the decisions about this project, together with the fact that client would prefer it all to cost *nothing* - the reason my boss quickly queried what LEAF could do ;-) Well, I'm not sure how simple this would be, but you could use arping to find out the IP address of a given MAC address and then let the scripts configure based on this computed IP address. This would require several things: 1. the RIGHT arping binary :-) 2. programming the system so the firewall rules self-check over time - or just reconfigure periodically to generate the appropriate rules if an IP changes. Perhaps just a wrapper script would be enough, in a cron job - checking IP addresses and creating a new firewall configuration The first is easy. If you grabbed arping off of your nearest Linux box, it's almost certainly wrong :-) If you get output like: # arping -h arping: invalid option -- h Usage: arping [-fDUAV] [-c count] [-w timeout] [-I device] [-s source] destination -f : quit on first reply -D : duplicate address detection mode -U : Unsolicited ARP mode, update your neighbours -A : ARP answer mode, update your neighbours -V : print version and exit -c count : how many packets to send -w timeout : how long to wait for a reply -I device : which ethernet device to use (eth0) -s source : source ip address destination : ask for what ip address ...that's the wrong one. If you get output like: # arping -h arping 1.01 [ -qvrRd0bp ] [ -S host/ip ] [ -T host/ip ] [ -s MAC ] [ -t MAC ] [ -c count ] [ -i interface ] host/ip/MAC | -B ...this is the right one. Given a MAC address, this program let's me ping it and gives me an IP besides: # arping 172.16.3.31 ARPING 172.16.3.31 60 bytes from 00:60:b0:4b:d3:c0 (172.16.3.31): index=0 60 bytes from 00:60:b0:4b:d3:c0 (172.16.3.31): index=1 60 bytes from 00:60:b0:4b:d3:c0 (172.16.3.31): index=2 60 bytes from 00:60:b0:4b:d3:c0 (172.16.3.31): index=3 --- 172.16.3.31 statistics --- 4 packets transmitted, 4 packets received, 0% unanswered # arping 00:60:b0:4b:d3:c0 ARPING 00:60:b0:4b:d3:c0 60 bytes from 172.16.3.31 (00:60:b0:4b:d3:c0): icmp_seq=0 60 bytes from 172.16.3.31 (00:60:b0:4b:d3:c0): icmp_seq=1 60 bytes from 172.16.3.31 (00:60:b0:4b:d3:c0): icmp_seq=2 60 bytes from 172.16.3.31 (00:60:b0:4b:d3:c0): icmp_seq=3 60 bytes from 172.16.3.31 (00:60:b0:4b:d3:c0): icmp_seq=4 --- 00:60:b0:4b:d3:c0 statistics --- 5 packets transmitted, 5 packets received, 0% unanswered # Will this help you? Or perhaps someone else? There IS an arping.lrp available at http://leaf.sourceforge.net/pub/oxygen/packages/arping.lrp I believe. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Simple scripting question
Mark Plowman wrote: But... grep doesn't do -v or (I think) -q. This must be simple, could an expert out there help me please? You could use sed, or use a new version of busybox (which acts as grep). grep -v can be done with sed this way: sed '/pat/d' grep -q could be done this way: $(cat input | sed '/pat/' | wc -l) -ne 0 sed is full GNU sed, whereas grep is busybox's minimalist grep. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] xinetd instead of inetd anyone
Will wrote: I was wondering if anyone is using xinetd instead of inetd? When I compiled xinetd for a package, it was rather sizable - about 144k for the binary, 67k for the package compressed. Not only this, but you'd have to configure it - but that's not a hard thing to do if you're willing. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] PPP server without proxy arp
I can't find anything on this - how would one go about setting up a PPP server that didn't use proxy arp? Our ISP changed our IP allocation and yanked almost 200 IP addresses - and now we don't have enough addresses for proxy arp. I had originally wanted to set up PPPd to use particular IPs and masquerade through the IP of the server - can this be done? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Debug Script Available
Robert Williams wrote: Thanks for the interest. I have now posted a new version that includes cat /etc/hosts cat /etc/resolv.conf cat /etc/nsswitch.conf It will also ping the IPs in /etc/hosts and /etc/resolv.conf as well as INTERN_IP and eth0_DEFAULT_GW You might also want to go to the trouble of sanitizing the output for posting to the list. There may be passwords or private IP addresses in the documentation. As Matt mentioned, also make SURE the commands are there - Oxygen stripped out several in order to make space (netstat, ifconfig, et al) - and Eigerstein also supports only the command ip instead of ifconfig. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Oxygen release question
Matthew Schalit wrote: Modular is cool. I hope so. I recently booted LRP - and it has about 6 packages on disk. Let's just say Oxygen has more :) Ok. I'll try out 090601. What are you going to name it? September 2001? How about Nine of One? Heh heh. Probably Oxygen 1.6pre1 ...sorry. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Oxygen Development
Oxygen development is slowing down right now, as I've a new LCD that I'm trying out for hardware, and I've taken to the LCDd project the way I did the LRP project (i.e., I'm writing a lot of new code! :) I'll probably put a pre-release distribution together and put it out there for downloads and testing. The Oxyen/LEAF Resource CDROM is overdue for a new release; the lrp source patch set (to create packages from virgin source) was overhauled, and is much nicer; many new kernels have come out since the last release. There is also a lot of new source on the CDROM. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LaBrea for LRP?
Alec Miller wrote: I don't have the tools to make [LaBrea] into an LRP package, but I think this could be a neat addon. (If it doesn't already exist for LRP) Wouldn't you know it I was just working on this; I've already done it. I made a few code changes - mainly designed to make it less obtrusive if started without options, and to make it use a standard option (-h). The bogus -z option is removed, too, though I wonder about that some - that's an undocumented option which forces you to read the documentation (nice, eh?). Unfortunately, this program doesn't do what I had hoped for: a program like portsentry, which sits on a port and sucks in those unlucky enough to connect... I'll see if I can't put this up at http://leaf.sourceforge.net/pub/oxygen/packages/labrea.lrp sometime soon. Be sure to read the options (with LaBrea -? or LaBrea -h) - they changed slightly with my variant - I don't know if this is best, but... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] New package - Send Page and/or Email when Ports Hit
I've packaged a couple of scripts that tie into PortSentry which page me (and send email) every time one tries to connect to a port protected by PortSentry. One sends out a page based on the command line by using an email gateway (you'll have to figure out your own). The other does the work; it sends out the page, as well as formulating a big email with all the details possible about the source IP. This current script will, if the binaries are available, do the following (all against the source IP address): * whois (administrative contacts and IP block owner) * dig (name lookup and name servers) * traceroute (how long? what routers between here and there?) * tcptraceroute (same as traceroute, but uses TCP not ICMP - pierces some firewalls) * ping (how long does it take to get there?) * nmap (what ports do they have open? What are they running?) The last four also help to identify that this is a REAL host active on the network. The nmap option is in the script but not run by default: some sites could classify a nmap probe as hostile behavior (and perhaps illegal behavior). The nmap line is commented out. The package is at http://leaf.sourceforge.net/pub/oxygen/packages/alert.lrp Enjoy! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] New package - Send Page and/or Email when Ports Hit
Danny Carter wrote: David, Can these scripts be made to work on Charles' Eigerstein images or is it just for use with the Oxygen distro? This sounds like something that I'd like to set up on my firewall ES2B, especially with all of the activity that I have seen in the logs lately. It should be fine; I've not run them on EigerStein, but they are quite simple scripts, really. What makes them nice is the tying of other programs together. To be truly useful, the alert script requires some or most of the programs listed: jwhois, dig, ping, traceroute, tcptraceroute, nmap. However, if the program is missing it won't use it. All of those programs (except ping) are available as packages in the same location. All of them should yet work under glibc 2.0 (and Eigerstein). On Wed, 19 September 2001, David Douthitt wrote: I've packaged a couple of scripts that tie into PortSentry which page me (and send email) every time one tries to connect to a port protected by PortSentry. One sends out a page based on the command line by using an email gateway (you'll have to figure out your own). The other does the work; it sends out the page, as well as formulating a big email with all the details possible about the source IP. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] IPTRAF
Reginald R. Richardson wrote: Trying to use the amazing iptraf.lrp but when I execute it, I get the following message... Can someone, tell me what's wrong, or what I'm doing wrong.. thnks # iptraf Error opening terminal: vt100. I FINALLY figured this one out :-) First, make sure you are running the right terminal. If you're at the console, it should say linux, not vt100. To change it, use export TERM=linux However, the usual problem here is that some programs appear to look for /usr/share/terminfo and LRP puts terminfo into /etc/terminfo (more logical and historical to my thinking)... so this may fix it: ln -s /etc/terminfo /usr/share/terminfo ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Oxygen + TFTP boot
Matt Schalit wrote: Brett J. Hoffman wrote: Hi, I was wondering if anyone has any information on getting Oxygen to boot with TFTP or has any documentation to point me in the right direction. - Thanks - Brett Hoffman Last I tried, loading packages via the net worked well with Oxygen. If I remember correctly, you just have it boot up all the way to a prompt, and as your last startup script, create one that runs the netload program. Netload is a script written by David that is front end for snarf, which can get files via ftp, tftp, and other ways. I make it use ftp and load all my packages that way. It's easy to have only one floppy that way. The only hitch on my setup is that my Unix FTP server won't function properly unless it has net access. So just before I load all my packages via netload, I have to issue an ipchains -A accept -j MASQ -s 10.1.1.0/24 to let traffic flow. (Probably a dns issue.) If you use tftp://somesite/lrp.conf or something like that for a source (after disk packages are loaded) then it should work. lrp.conf needs to have a list of packages to load. I forget the full details, but it should be in syslinux.cfg - or at least some details should be there. Loading packages this way instead of using netload would also mean that when the FTP server starts the network is present and operational. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Speakeasy
DPG wrote: Makes me miss the old days, before Speakeasy moved my POP 800 miles further down the copper, and raised my gateway ping from 20 to 100 ms. That move put my servers out of business. :( Now I just have an expensive, high-latency SDSL line but no servers... Did I mention Speakeasy is off my holiday greeting card list? Aren't these the people that are now sponsoring (hosting?) www.rpmfind.net? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
