Re: [leaf-user] snmp/mrtg in general (was; Wanted: easy way to see load over time)
On Thu, 11 Aug, 2005 at 09:16:34 +, Erich Titl wrote: Sorry for the delay. I'm very busy most of the time, and I end up falling victim to the "if it takes an hour to learn a faster way of doing a 30 minute job" -thing... :( > Jon Clausen wrote: > > I'm not happy about the thought of having this data go unencrypted through > > the Internet, but OTOH I need some way to track these hosts... - so first things first... safely getting the data off of the routers; > I am mostly using IPSEC tunnels for all the above, added a little > iproute2 magic to allow to use the tunnel from the LEAF box itself. - is what I should be looking into, to begin with. My first aim is to get remote syslogging up. Network syslogging (as opposed to snmp f.x.) is something I understand well enough that I should have basically just "one variable in the equation"; Tunneling. Once I get tunneled syslogging up, I ought to be able to apply what I've learned in the process, to snmp. As always; pointers etc. much appreciated... good books on the subject f.x.? TIA /Jon -- YMMV --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] snmp/mrtg in general (was; Wanted: easy way to see load over time)
On Thu, 11 Aug, 2005 at 09:16:34 +, Erich Titl wrote: > Jon > > I am tracking a number of LEAF boxes using MRTG and Smokeping from a > central site. Smokeping... looks nice... I'm off to read more about it Thanks, Jon -- YMMV --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] snmp/mrtg in general (was; Wanted: easy way to see load over time)
On Wed, 27 Jul, 2005 at 21:32:41 -0500, Charles Steinkuehler wrote: > I track bandwidth (and other stats) on several (about 8) LEAF boxes I have > in production. I'd like to set up something like this on (currently) 10+ LEAF boxes. > I just use SNMP (on the LEAF boxes) and MRTG (running on a debian system, > and tracking lots of other stuff besides just my firewall load). Among the stuff I'd like to stat on the LEAF boxes is the number of connections through each. Is this possible with net-snmp? > Firewall rules keep SNMP visible to only trusted hosts (fixed IP blocks), as > SNMP isn't really something you want visible to the raw internet unless you > *REALLY* know what you're doing when locking it down. Which is the main reason I've never gotten very far with snmp; I'm positively clueless about it. Will something as simple as firewall rules be sufficient to prevent badness from happening? And would the same apply to remote logging? I'm not happy about the thought of having this data go unencrypted through the Internet, but OTOH I need some way to track these hosts... Pointers, opinions etc very much appreciated... TIA /Jon -- YMMV --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] dhcp (pump) fails or acquire address after network (cable) outage
On Sun, 06 Mar, 2005 at 21:41:17 -0500, Gene Smith wrote: > Jon Clausen wrote, On 02/13/2005 03:27 AM: > >On Sat, 12 Feb, 2005 at 18:00:05 -0500, Gene Smith wrote: > >AFAICT there's a bug which makes pump exit, when no dhcp-server can be > >reached after N retries. I'm not absolutely sure this is what actually > >happens, but some googling turned up links to that effect. (Sorry I can't > >reproduce the search ATM) > > > >Working on the *assumption* that pump indeed dies, I threw this together: > >(Un)fortunately the ISP seems to have gotten their act together, at about > >the same time as I did the above. Hence I don't know whether or not it > >works as desired... :P > On my system I have verified that pump *does not* die. It just seem to > quit doing its thing. Yes. I can confirm that this is indeed what happens. > I have to kill it and restart it to get my ip addr > back. Also, I see no indication in /var/log/syslog that there was a > problem other than the lack of the typical slew of messages pump > generates when it does a periodic renew. Not even sure ISP was down > since syslog indicated that shorewall was rejecting stuff during the > time my lease was expired and pump did not run (if that is possible?). Well... Maybe your ISPs dhcp server was down, but your connection was not? > Question: How is pump normally started on boot? I am unable to figure > out how it starts up after looking through the various files. I see > indications that it is somehow tied in with ifup or possibly shorewall > startup. Honestly, I don't know. For the problem at hand, however, I now have something which might provide a (different) workaround. It's still just a workaround, and I think we should probably consider getting a newer/better pump, or alternatively switch to dhclient. What I have is two scripts. /sbin/repump which checks; 1; (by way of ping) the reachability of the gateway 2; if the interface has an ip if 1 fails a warning is produced, if 2 fails an error is produced. When more than 3 warnings occur, an error is produced. When the errors reach 3, the interface is restarted (forcing pump to renegotiate). I run it every two minutes from cron, and it seems to be doing it's job. Now, in order for /sbin/repump to know the (correct) gateway address (automatically) I'm making use of a script which was orginally intended to support something else. This script is placed in /etc/network/if-up.d/store_ifinfo and is symlinked from /etc/network/if-down.d/store_ifinfo which means that the script is called when an interface goes up, or down. What is does (going up) is 'intercept' the interface ip parameters which (I discovered) exist as environment vars at this point, and stores them in a file /var/run/ifinfo/$IFACE The scripts are still a bit too rough around the edges for me to 'go public' with them, but if you (Gene) want to, I'll send them. They basically work (for me anyway)... /Jon -- YMMV --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dhcp (pump) fails or acquire address after network (cable) outage
On Sat, 12 Feb, 2005 at 18:00:05 -0500, Gene Smith wrote: > I am running a bering-leaf system with 2.4.18 kernel that I setup about > two years ago (not sure of exact version). It has been working fine > except for one problem. When the cable goes down and eventually comes > back up the bering-leaf system never recovers (clients can't access > internet). I tried restarting services (shorewall, networking, > ifup/down) to no avail. Usually I just reboot. However I discovered that > if I kill and re-run pump (/sbin/pump -i eth1) it then recovers and > acquires its IP address. Could I have something configured wrong that > prevents a automatic recovery? I have been having similar (if not identical) problems lately: Link goes down, lease expires, link comes up again, pump fails to renew. AFAICT there's a bug which makes pump exit, when no dhcp-server can be reached after N retries. I'm not absolutely sure this is what actually happens, but some googling turned up links to that effect. (Sorry I can't reproduce the search ATM) Working on the *assumption* that pump indeed dies, I threw this together: # cat /sbin/repump #!/bin/sh if [ -z "`/sbin/pidof pump`" ] ;then /usr/bin/logger "Repump: pump looks dead, attempting resurrection;" /sbin/pump #else #/usr/bin/logger "Repump: pump lives, pid `pidof pump`" fi and added: # keeping pump alive: */10 * * * * root/sbin/repump to /etc/crontab. Basically a crude workaround. (Un)fortunately the ISP seems to have gotten their act together, at about the same time as I did the above. Hence I don't know whether or not it works as desired... :P HTH /Jon -- YMMV --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Weblet won't display
On Sat, 06 Nov, 2004 at 15:01:57 +0100, Giorgio Oteri wrote: > Hi, > > I have the same problem. Someone can help me and Xantius? > > > I've installed 2.2.2 on 2 different machines and tried to get the weblet > > working, but to no avail. When I try and hit the webpage, I see on the > > leaf box that sh-httpd does start up, as though it's trying to serve the > > request, but it never serves up the page. What should I be looking for > > to troubleshoot this? My first reaction is look at the logs. In this case specificly sh-http's log and shorewall.log Things to consider: Are you allowing the client to connect to the firewall at all? (/etc/hosts.allow) Are you allowing the client to connect to the weblet port? (/etc/shorewall/rules) Have you set up weblet with ip/port/access info? (/etc/sh-httpd.conf: SERVER_NAME, SERVER_ADDR, SERVER_PORT, CLIENT_ADDRS) If none of the above reveals any missing bits, post again. And please add some more details. I find 'tail -f /path/to/log-file' very useful when looking for problems. HTH, Jon -- Just say "know!" --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] HW write-protect boot medium?
On Thu, 30 Sep, 2004 at 08:20:55 +0100, Livio Ravetto wrote: > >http://www.expansys.com/product.asp?code=107867 > > Hello Jon, > > The adapter is for the "duo" version of the memory stick, which is a lot > smaller than the one you would use inyour digital camera. Uhm, O.K. ... I don't think that's the way to go, though... I got a PM alerting me to the existence of write-protectable IDE flash modules like this one (TS32MDOM40V) from Transcend: http://ec.transcendusa.com/product/ItemDetail.asp?ItemID=TS32MDOM40V Now, this is complete news to me (or maybe I'm just dense). AFAIR it's not much more than six months ago the subject was last discussed on this list. And I believe that the general concensus at the time was that there basically wasn't anything available in this area... (?) *Anyway* the above link lists the price at ~ $14, which is *way* cheaper than memorystick+adaptor. Only problem (for me anyway) is that the TS32MDOM40V won't fit in a Soekris 4501, which I think is going to be my next "standard" platform. Anyone know if the write-protect "craze" has hit "regular" CF yet? > Booting from USB could be a cheaper solution considering the high > competition on these products. I can't quite say it is possible... A quick > look on the docs shows none. > > Somebody out there might be able to tell if booting from a USB memory > device is a possibility. Oh booting from USB is definitely possible. I've used it several times. It only depends on whether the computers BIOS supports it. The thing is I don't much like to have 'stuff' hanging out of the box. And in any case (no pun intended) even though the routers I've already deployed *do* have USB, the soekris boxes don't. So USB is not really that great an option, even if they have WP... (do they?) Cheers, Jon -- Just say "know!" --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] HW write-protect boot medium?
Hi I've recently set up a couple of Bering boxes using CF as boot media. It works, boot is fast etc... but... I'm not particularly fond of the fact that there's no HW write-protect option for CF. In a different context I was made aware that Sony makes "Memory Sticks", with that option. Googling around I came across this: http://www.memorystick.com/en/ms/features.html (scroll down a bit to "Erasure Prevention Switch") Now, the boxes that I've already set up don't have a slot for that kind of thing, so google for "Memory Stick adapter" produced (among others): http://www.expansys.com/product.asp?code=107867 (A Memory Stick -> CF adapter) Although the above might be pricey, I like it enough to maybe cough up the cash. Question: Has anyone worked with something like this? Experiences? (Like: is it usable as boot-medium?) TIA Jon -- Just say "know!" --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] chgrp - Operation not permitted
On Fri, 03 Sep, 2004 at 10:54:07 +0800, Chris Lee wrote: > Dear Jon, > > Thanks for your suggestion, it working properly now. Good. Glad to have helped :) > I write this mini how-to for anyone who want to use HD to store log > messages: Very nice. One small correction: > Then add following lines to /boot/etc/modules file > > # e3 /linuxrc ^^^ Should probably read: # e3 /boot/etc/modules - but otherwise... :) Cheers, Jon -- Just say "know!" --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] chgrp - Operation not permitted
On Thu, 26 Aug, 2004 at 16:08:55 +0800, Chris Lee wrote: > LEAF Bering-uClibc 2.2 > I use HDD as /var/log folder, however log rotate was failed by Operation not > permitted error. > so below: > > savelog -g wheel -m 640 -u root -c 4 /var/log/shorewall.log > chgrp: /var/log/shorewall.log.new: Operation not permitted > ln: /var/log/shorewall.log.0: No such file or directory > mv: unable to rename `/var/log/shorewall.log.new': No such file or directory > chgrp: /var/log/shorewall.log.0: Operation not permitted > Rotated `/var/log/shorewall.log' at Thu Aug 26 12:13:35 UTC 2004. > > Does MSDOS partition does not support file permission? Indeed it doesn't. Your options are basically: Use a different filesystem on that partition, or hack savelog to not do the chgrp stuff. I would suggest switching fs. And while I'm at it I'd suggest switching to ext3 or reiser, because of they're journaling filesystems. (No fsck'ing after powerfailures etc.) HTH /Jon -- Just say "know!" --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc_2.2-beta5 HDD Version Question
On Wed, 18 Aug, 2004 at 11:57:52 +0200, Frank Dauer wrote: > Chris, > > this looks like the drive has not been mounted at boot time. > What exactly is the line in your linuxrc which should mount > /var/log ? > > The version I use is beta5, but as far as I can see nothing > important has changed in the two versions we use. > > [ "$VERBOSE" ] && Lecho "Generating /tmp & /var/log partitions ..." > qt mount -t tmpfs tmpfs /tmp ${tmp_size:+-o size=$tmp_size} > #qt mount -t tmpfs tmpfs /var/log -o size=$log_size > qt mount -t msdos /dev/hda2 /var/log Try moving this down *after* the section that creates the devices. I don't have access to a copy of linuxrc right now, but doing the above worked for me. If /dev/ doesn't exist, mounting something from there will fail, and /var/log will end up being part of / HTH /Jon -- Just say "know!" --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Logging. (was; Harddisk: Device... deceased :P)
On Wed, 21 Jul, 2004 at 14:37:24 -0700, Peter Mueller wrote: > > Hmmm... Maybe I should just go with CF/DOM or something else, > > solid state, > > and set up a server to move the logs to $whenever, accepting > > the fact that > > chips get worn out aftesr so-and-so-many rewrites... > > Yes, this is what I would (have) done. CF is badass, it boots so fast. Indeed. I'm very happy with the CF setup. (In case you missed my original post, the machine does boot from CF. The idea was to have a harddisk only for logging) > > I find it sort of ironic, having spent much time in order to > > put the logs on > > disk (so they would survive powercuts etc), that those same > > logs are now > > lost because the disk died... :P > > Well why don't you set up a remote syslog server instead? I will, eventually. It's just that I don't *have* a server for the job, yet. > /etc/syslog.conf: > *.* @10.0.0.1 > > Then /etc/init.d/sysklogd restart. > > On the remote server, you will need to allow firewall rules (if > necessary) and configure syslogd to accept remote logs. This is done on > redhat via /etc/sysconfig/syslog: > SYSLOGD_OPTIONS="-m 0 -r" > On other distributions you can probably modify the Sys-V script > directly. Thing is, having (a) server(s) on location(s) is not always an option and I'm not very fond of the idea of logging across the Internet, for a couple of reasons: - Clear text. - Both lines must be up, always - Opening udp/514 is a potential risk @server to name a few. I would much rather have something like: Logging done on router Logs get compressed Compressed logs get traferred via encrypted mechanisn (scp f.x.) to server At this point I'm in the discovery/research phase. In the not too distant future legislation will be passed, that will require logging of *all* traffic, as part of the Danish government's anti-terror measures. This means that I have to make reasonably sure that the logs are kept - private - secure - available etc... I'm leaning towards logrotate as the first part of the process, on the router(s). Partly because logrotate acts on filesizes, and hence introduces a semi-randomness in the compression/transfer-to-server process. (Since the size of the logs are a function of the traffic volume, which varies) What this means is that the router should have a capacity for storing the logs, until such a time when they can be moved to the server (in the event that either line is down, when the router wants to initiate a transfer). Hence the introduction of NV-media. Pointers welcome. Cheers, /Jon BTW: No need to Cc: me, I'm on the list :) -- Just say "know!" --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device... deceased :P
Welll... To summarize; I ended up compiling a 2.4.24 kernel in order to get the disk recognized. Basically, once I got all the patches applied, the correct options selected, modified linuxrc to mount the disk on /var/log at boot, and all that, it worked out fine. So I put the router in service. Next day I tried ssh'ing into it. It accepted the password, but then the connection would just hang. This got me worried. Day after that I decided to go over there and check the box out. The rack was pretty hot (insufficient ventilation) and the box itself was definitely too hot. It would still route, but dhcpd wouldn't hand out ip addresses. Since there's no screen/keyboard available on location, my only real option was to power off/on to see if that would at least let me log in. Long story short; Brought it home, hooked it up with monitor. With disk disconnected it boots fine. With disk connected, the box never completes is POST :( Lesson learned: IDE disks aren't meant for 24/7, and need to be kept cool. (DOH!) So the question now is; Apart from ensuring that the disk is kept cool, what can I do to minimize 'operating stress'? That is, is it a good idea to have the disk spin down, considering that shorewall.log will be written to more or less constantly (causing the disk to spin up/down a lot) Hmmm... Maybe I should just go with CF/DOM or something else, solid state, and set up a server to move the logs to $whenever, accepting the fact that chips get worn out aftesr so-and-so-many rewrites... I find it sort of ironic, having spent much time in order to put the logs on disk (so they would survive powercuts etc), that those same logs are now lost because the disk died... :P Oh well... Just thought I'd let everyone know that I got it working... 'till it died. /Jon -- Just say "know!" --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Makefiles and UML (was; Harddisk: Device not configured)
On Tue, 13 Jul, 2004 at 18:02:50 +0200, Erich Titl wrote: > >I'm not very "at home" in Makefiles yet... But setting $EXTRAVERSION is a > >start i guess :) > > Mhhh... I explicitly cut out the extraversion stuff to be fully Bering compliant > (not that it matters) Eh? What's the rationale? > >> for the userland stuff see below > >> > >> >Should this work in debian_woody-UML? (I see references to slink...) > >> > >> You beat me there, I am a coward when it comes to UML. > > > >You should check it out though. It's served me quite well, and since it has > >all the right compiler/libraries/etc, even I can produce kernels that > >boot... I really wouldn't want mess with all that on the host-host. > > > >Pretty easy to set up, too... nudge, nudge... :) > > I guess I should, but all references I saw were geared towards xterm, and I don't > have an xterm to my server. Right. I didn't realize this before. Out of curiosity I tried this from an xterm on my laptop: [EMAIL PROTECTED]> ssh -X [EMAIL PROTECTED] [EMAIL PROTECTED]> ./linuxuml-2.4.18-45 etc... Works a treat, open xterms on the laptop... This of course requires your basic x-libraries to be on the remote. It also requires an x-server on the 'local' which, in case of Windows, I really wouldn't know how to do :P This thread might be of interest, if you want to pursue the idea: http://lists.suse.com/archive/suse-linux-e/2004-Jul/1913.html AFAICT the general consensus is: Cygwin... > >> I do all my compiles on my SuSE 8.2++ server, which does not really have a > >> console. So for compiling userland stuff I just chroot into Jacques' old > >> slink filesystem. Well, "if it ain't broke..." :P /Jon -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device not configured
On Tue, 13 Jul, 2004 at 16:16:48 +0200, Erich Titl wrote: > Jon > >Next step is to get the 'Bering patches' applied. > > > >> Look into the Makefile it's easy to extend if you like it. > > > >Indeed this looks nice. Sadly I don't fully understand what's going on :P > > If you have specific questions, shoot. Thanks, I will... though not quite yet - you already answered my first one: > >Am I correct in assuming that the whole idea is that you can build > >everything by just issuing 'make' in $CWD ? > > Theoretically speaking yes, I still do it in a few steps > > 'make patched' _should_ produce a patched linux source directory > 'make image' builds a compressed linux kernel > 'make modules' well.. modules > 'make modules_install' places the modules in a tree under $CWD/modules Right. I'm not very "at home" in Makefiles yet... But setting $EXTRAVERSION is a start i guess :) > for the userland stuff see below > > >Should this work in debian_woody-UML? (I see references to slink...) > > You beat me there, I am a coward when it comes to UML. You should check it out though. It's served me quite well, and since it has all the right compiler/libraries/etc, even I can produce kernels that boot... I really wouldn't want mess with all that on the host-host. Pretty easy to set up, too... nudge, nudge... :) > I do all my compiles on my SuSE 8.2++ server, which does not really have a > console. So for compiling userland stuff I just chroot into Jacques' old > slink filesystem. Right. I think I'll stick with the uml method. Hopefully I'll have some more time tomorrow. Thanks again. Jon -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device not configured
On Wed, 07 Jul, 2004 at 00:41:31 +0200, Erich Titl wrote: > >> I have a 2.4.24 kernel environment which I use for the pcengines > >kernel, you may want to have a look > >> > >> http://www.think.ch/leaf/styx/2.4.20/ > > > >Great! (that would be: http://www.think.ch/leaf/styx/2.4.24/) > > > >I'm getting linux-2.4.24.tar.gz "as we speak". Later I'm gonna have a look > >at the rest of the stuff over there, and figure out what else I need to > >mimic the linux-2.4.20 + (J. Nilo -patches) + (J. Anastasov -patches) that > >I have already. > > Don't know about J. Anastasov's patches, my environment basically is for > keyboardless environment and OpenSwan 1.03 (already outdated but should > easily move to 1.06) Anastasov has a patchset for 2.4.24 (http://www.ssi.bg/~ja/routes-2.4.24-9.diff) so that should be OK. > >Tomorrow morning will be config/compile time. Yeah, right... Nothing ever turns out like I plan it, it seems :P Anyway, I compiled a 2.4.24 from kernel.org src. This boots fine and, even better, lets me mount the harddisk. So now at least *that's* 'out of the way' :) Next step is to get the 'Bering patches' applied. > Look into the Makefile it's easy to extend if you like it. Indeed this looks nice. Sadly I don't fully understand what's going on :P Am I correct in assuming that the whole idea is that you can build everything by just issuing 'make' in $CWD ? Should this work in debian_woody-UML? (I see references to slink...) TIA /Jon -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device not configured
On Tue, 06 Jul, 2004 at 09:03:30 +0200, Erich Titl wrote: > >I found this http://www.viaarena.com/?PageID=368 and some other sites which > >look promising. > > > >In the end though, I'm beginning to suspect that 2.4.20 may be too 'old'. Main reason being that the SuSE kernel is 2.4.21-something In reality I'm not entirely sure if it's indeed a problem with the kernel. I've not twiddled very much with kernel *parameters* at boot time... so... But in any case, I guess it doesn't hurt trying a later kernel, and besides the 'exercise' (of configuring/compiling) is good for me :) > I just had a quick glance at it, most problems seem to be xfree86 related. Precisely. Which is basically irrelevant, anyway. > I have a 2.4.24 kernel environment which I use for the pcengines kernel, you may > want to have a look > > http://www.think.ch/leaf/styx/2.4.20/ Great! (that would be: http://www.think.ch/leaf/styx/2.4.24/) I'm getting linux-2.4.24.tar.gz "as we speak". Later I'm gonna have a look at the rest of the stuff over there, and figure out what else I need to mimic the linux-2.4.20 + (J. Nilo -patches) + (J. Anastasov -patches) that I have already. Tomorrow morning will be config/compile time. Thanks again, /Jon -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device not configured
On Mon, 05 Jul, 2004 at 07:15:03 +0200, Jon Clausen wrote: > Right. I'm gonna have to look closer at the actual cpu info, when I get off > work. I have none of the above set ATM, so maybe the K6* option is the > ticket... Recompiled as K6, no improvement :P Actually it's not a C3, though... afaict. I found this http://www.viaarena.com/?PageID=368 and some other sites which look promising. In the end though, I'm beginning to suspect that 2.4.20 may be too 'old'. hmmm... /Jon -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device not configured
On Mon, 05 Jul, 2004 at 01:15:09 +0200, Erich Titl wrote: > Jon Thanks for the reply. > At 17:51 04.07.2004, you wrote: > >The mobo has a VIA vt82c686b ide-controller, so consequently I have > > > >CONFIG_BLK_DEV_VIA82CXXX=y in the kernel config > > > >-which I would've thought should cover it. Obviously I was mistaken, > > the menuconfig program does not enable the via82c just like that. It > requires Generic PCI bus-master DMA support which you may or may not have > set. I am aware of this. I *had* tried setting it directly in .config, but then the compile failed (IIRC). > This is from the VIA docs Hmmm... More googling. > (2) When running "make xconfig ", "make menuconfig " or "make config " to > configure the kernel, select ATA/IDE/MFM/RLL Support/IDE and then ATA > and ATAPI Block devices. Next select 'y' to enable Generic PCI bus-master > DMA support and VIA82CXXX chipset support. This is the way I got the via82cxxx support set. > Moreover, if your system uses > VIA's C3 CPU, select [K6/K6-II/K6-III] and disable [Symmetric > multi-processing support] under [Processor type and features]. Finally, save > and exit the kernel configuration. Right. I'm gonna have to look closer at the actual cpu info, when I get off work. I have none of the above set ATM, so maybe the K6* option is the ticket... This is /proc/cpuinfo when booted into SuSE: [EMAIL PROTECTED]:~> more /proc/cpuinfo processor : 0 vendor_id : CentaurHauls cpu family : 6 model : 7 model name : VIA Samuel 2 stepping: 3 cpu MHz : 532.684 cache size : 64 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de tsc msr cx8 mtrr pge mmx 3dnow bogomips: 1046.52 > HTH > Erich Thanks again, Jon Clausen -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Harddisk: Device not configured
On Sun, 04 Jul, 2004 at 17:51:23 +0200, Jon Clausen wrote: > Hi. > > I have one of these: > http://www.sys-media.it/cv860a.html > > - which I've succeeded in setting up as a dual WAN router. ... Bering 1.2 ...I forgot to mention :P /Jon -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Harddisk: Device not configured
Hi. I have one of these: http://www.sys-media.it/cv860a.html - which I've succeeded in setting up as a dual WAN router. It boots off a 64MB CF, and runs a self-compiled 2.4.20 kernel with Bering as well as Julian Anastasov's 'dgd' patches applied. Everything works nicely and it performs great, routing for some 80+ clients :) Now, I'd like to put the logs on the attached harddisk, so as to preserve them in case of powerfailures etc... The mobo has a VIA vt82c686b ide-controller, so consequently I have CONFIG_BLK_DEV_VIA82CXXX=y in the kernel config -which I would've thought should cover it. Obviously I was mistaken, because: # mount /dev/hdc6 /mnt mount: Mounting /dev/hdc6 on /mnt failed: Device not configured Before I start spraying dmesg output at everyone, I should explain that the harddisk (2½" 40-pin laptop-style) has a working SuSE 9.0 system on it. This should offer *some* help in pinpointing the problem, in that it's possible for me to boot that system and compare. There are, however, a great *many* differences including ACPI, DMA and IRQ settings, which all may contribute (or not...) I have this "on the tip of my tongue" -feeling. It's probably something trivial, but at this point I guess I can't see the forest for trees... /dev/hdc = 40 GB Hitachi dk23ea-40 /dev/hdd = 64 MB CF Card Both recognized/mountable under SuSE, only hdd recognized/mountable under Bering. Suggestions/thoughts welcome, and much appreciated. TIA, Jon Clausen -- Just say "know!" --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] hdsupp.lrp (or hdparm) for Bering 1.2
On Fri, Mar 19, 2004 at 04:09:55PM -0500, Robert K Coffman Jr - Info From Data Corporation wrote: > Looking for hdparm (or equivalent) for Bering 1.2. Need to be able to shut > down the hard drive after the machine boots. I've had success simply grabbing the binary off of a full-size system (SuSE 8.2). You might want to strip it before moving it to your Bering box, in order to save some space. > Thanks in advance. HTH Jon Clausen -- Whatever rocks your boat! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF doing some DAC stuff
On Sun, Jul 20, 2003 at 11:21:28AM -0500, Charles Steinkuehler wrote: > Matt Schalit wrote: > > > http://bund.dk/blinder > >That's awesome. Really good stuff. Close to what I > >was posting about. You even have some sort of > >rudimentary input, the kill switches you added to > >the blinds. Thanks :) > >Charles hasn't posted on this thread, but he may not > >have seen it. Too bad because he built a Battle Bot > >and has quite a bit of computer interfacing > >experience. > > OK, OK...hint taken. :) :D > >I got in A's in Analog Lab, Digital Lab, and in Computer > >Interfacing, but he's actually doing it in real life > >having to deal with Voltage converters, grounding planes, > >filters, the whole gamut. How much fun is that? A lot? > >What's cool about the GP-3 is that it does the stepper > >motor control already, along with tons of other good > >stuff. I was sort of surprised it was only $35 US. > >I could run a farm with that little thing. > > For cheap & easy DAC output from your PC, use the pre-existing ports. I was unemployed at the time, so reason #1 weighed heavily. I wouldn't really have agreed with #2 at the time, but then, I don't know squat about electronics. (Sure I can solder, but...) > The audio output ports for dynamic signals (although you won't typically > get DC output levels without shorting across the output caps and adding > some level-shifting circuitry to deal with the typical 1.5-2.5 V offset). I would have thought exactly that; If it needs to become analog, why not use a soundcard? > NOTE: If you really want to smoothly drive stepper moters with a PC, > you either need smart hardware or you'll quickly find out why linux (and > most other general purpose OS's) are not considered "real-time". The > stepper motors will *NOT* be happy when the pulses don't come out at > exactly the wrong time, and you *WILL* notice the "glitch" in smooth > movement, by feel and/or by sound. A bit of timing uncertiancy is not > that bad (especially if you can compensate for it with the software > generating the drive waveforms...motors have a *MUCH* slower response > time than modern CPUs), but you can't just call the system sleep routine > for a time delay and expect nice, clean waveform timing on output. Actually sleep comes in too large chunks. What I do is read the parallelport a calculated number of times per 'full-sequence', to get the slowdown. I read somewhere that this read takes approx. X microseconds so I just multiplied X by so and so much. It's not actually that precise, but at 5:30 in the morning, believe me, I don't notice ;) > This is really an instance where a $2 8-bit MCU with a couple of PWM or > timer outputs can solve a problem better than a GHz+ CPU. :) Well... In this particular case (a ~25 MHz 486) I doubt it will ever be smooth as in "silk"... But it's not really that important for this application. > > > I just picked up development a couple of days ago. Basically the bit > > > drives the stepper motor is a script that pushes out bit-sequences of > > > parallelport. But being a script (and not particularly well written, at > > > that) it makes for some jerky motion of the motor, which I think is in > > > responsible for the two mechanical failures it has suffered in the year > > > been running. (Plastic fatique). > See NOTE:, above. Noted. > >I sort of thought that you just tell those stepper motors > >to slew and use an infra-red transmitter/pickup system that > >counts the times the IR beam is interrupted as it shines through > >the slits in the stepper's axel mounted circular disk. On the contrary, as Charles explains below; > >And I thought you pretty much used the stepping feature > >for "fine" positioning > > Stepper motors require proper sequencing of the drive waveforms. They > are not real picky about signal timing if they're not actually moving > very fast, but you *DO* need to provide for acceleration/deceleration > ramping and if the motor is actually rotating with any speed, it will > not react well to out of phase drive signals, potentially putting lots > of strain on the drive electronics and/or mechanical drive system. Ramping... Never thought of that... That's a very nice piece of input. I shall keep it in mind, when I get around to the testruns of the binary I'm building. I'm pretty anxious to see how fast full-tilt is going to be ;) > Also, I'm not sure what you mean by the "stepping feature" only being > used for fine positioning. You *HAVE* to "step" stepper motors...that's > how they work. You can't simply hook a stepper motor up to power and > get it to turn (at least not more than one step). Getting a stepper > motor to rotate *REQUIRES* a properly timed dynamic drive signal. > > If you're referring to "micro-stepping", or driving the stepper coils > with something other than full voltage, this technique is useful even if > you don't need it for fine positioning. If you think abo
Re: [leaf-user] LEAF doing some DAC stuff
On Tue, Jul 15, 2003 at 11:49:27AM -0700, Matt Schalit wrote: > > I suppose this could go on leaf-hardware, > but I was wondering who's added a DAC to > their box? Not really. (You *do* mean Digital-Analog Converter, right?) > It'd seem like a decent place to launch a few > cron jobs from. Indeed. > Just patch in a unity gain > op-amp for some bigtime imput impedence, and > you get a cheap buffer you can blow if you make > a mistake (how much is a 411 anyway?), plus you > get a good current source for your D/A control > (of your sprinklers or whatever). I've not gone into controlling anything analog, but I *have* built a system to open and close my blinds. I don't know if that's anywhere near what you're thinking, but in any case the (pretty severely outdated) site is at; http://bund.dk/blinder > I suppose X10 is more popular than doing this > stuff from scratch Still, if you're not > building, you're crumbling :) I never found out what x10 actually *is*, but it kept coming up while I was researching the electronics parts of my contraption... I just picked up development a couple of days ago. Basically the bit that drives the stepper motor is a script that pushes out bit-sequences of the parallelport. But being a script (and not particularly well written, at that) it makes for some jerky motion of the motor, which I think is in part responsible for the two mechanical failures it has suffered in the year it's been running. (Plastic fatique). I'm hoping to get some smoother action by converting that script to C, and taking the opportunity to add a couple of features, such as making sure that there can be only one instance of the program running at a time a.s.o. Cheers, Jon Clausen -- If we can't be free, at least we can be cheap! --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Help compiling small program in Bering 1.0 environment?
Added the list back in, in case somebody has something to add... On Fri, Dec 13, 2002 at 08:20:27AM -0800, Zane Wright wrote: > Hey nobody replied to my posting. IF you could do it that'd be great! I It *would* wouldn't it? ;) I'm having a spot of trouble, though :( Well two actually, or maybe... see below > guess its probably time for me to start looking into the whole UML thing > now... joys. But thanks again! You really should though. It's pretty easy to set it up... (*I* managed ;) Basically you get a filesystem (which is a big file), a 'kernel-executable' and a {rpm|deb|tar.gz} utility package. You put the "file-system" file somewhere, and the "kernel" in the same dir (in your ~/ somewhere). Install the (in my case rpm) package on your system, and you're set... (The package takes care of whatever needs to be on your system, for the UML system to be able to access the hosts filesystem, network etc.) It's pretty easy, follow the docs and you'll have it up in a couple hours :) http://leaf.sourceforge.net/devel/jnilo/uml01.html Now, about the trouble: Problem 1: uml_link:~/mnt/ethloop# ll total 16 -rw-r--r-- 1 500 users 54 Oct 18 2001 Makefile -rw-r--r-- 1 500 users9771 May 3 2002 ethloop.c uml_link:~/mnt/ethloop# make gcc -g -O2ethloop.c -o ethloop ethloop.c:6: netpacket/packet.h: No such file or directory "O.K. but I have packet.h on the host system." So I copy that to the UML system: uml_link:~/mnt/ethloop# cp ../packet.h /usr/include/netpacket/ - which *seems* to be fine. Because on the next compile, what fails is: Problem 2: uml_link:~/mnt/ethloop# gcc -g -O2 ethloop.c -o ethloop ethloop.c: In function `send_raw': ethloop.c:121: `MSG_DONTWAIT' undeclared (first use this function) ethloop.c:121: (Each undeclared identifier is reported only once ethloop.c:121: for each function it appears in.) ...now, I know enough C to agree with gcc that MSG_DONTWAIT is indeed not declared before line 121 (or later for that matter)... what I don't know is what to do about it... I'm thinking that either it should get declared in packet.h but isn't (because the packet.h from the host system [SuSE 8.0] doesn't match) or there's some other mismatch somewhere... (?) What do you think? Jon --- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Help compiling small program in Bering 1.0 environment?
On Wed, Dec 11, 2002 at 12:45:06PM -0800, Zane Wright wrote: > I know it may be a weird request but could somebody possibly compile the > ethloop test program for creating plot diagrams for tc(htb specifically) > testing? Did you get any help offlist? If you didn't, I get can take a stab at compiling this for you, when I get off work... Jon --- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Weblet
On Sat, Dec 07, 2002 at 10:23:40AM +0530, S Mohan wrote: > I've been using weblet now for a week on Bering v1.0 stable. I've enabled it > only for internal LAN access. I want to be able to access weblet from the > Internet. However, to do this, I want to implement Username/PWD > authentication thro' the SSL. > > How do I do this with weblet? Can I execute my own scripts thro' weblet to > configure the system? I plan to use it for Bandwidth Management and want to > use a web page to configure qdiscs, classes and filters - maybe edit the > htb.init pages using a web page and then restart htb.init service. Any > pointers please. There's been some talk about using the weblet 'actively' in this fashion, some time ago. On this list, as well as on leaf-devel. There should besome food for thought in the archives. A couple of things to consider; Yes you can have weblet execute scripts. But for what you want, you are going to run into (at least) one fundamental 'problem'; When sh-httpd runs a script, that script will run with sh-httpd's privs, and so it will likely not have permissions to change the things you want it to. And since scripts can not be made to run suid root, you basically have three options: Run sh-httpd as root. This is a *very* bad idea. Write a "wrapper" in C, which calls your script, and which can be set to run with the privs you need. This is *not* recommended, and actually a bad idea, because scripts are too easy to manipulate. Instead, do the functions you need entirely in C, and give the binary enough privs that it will do what you want... I'm sorry I can't help with the SSL bit, but there's a piece on outside access to the weblet at: http://sourceforge.net/docman/display_doc.php?docid=9160&group_id=13751 it's based on Dachstein, so the part on opening ports differs from Bering/Shorewall, but it should be a place to begin. HTH Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to define time zone in bering rc3
On Wed, Nov 13, 2002 at 11:47:42AM +0700, Thitiporn Pornpirunrak wrote: > Hi all > I am using bering rc3 and try to define time zone in my bering box. I am living >in thailand and my time zone is "GMT+7". How do i define them in my bering box? When >I use command "date" it returns "Wed Nov 13 11:42:22 UTC 2002" But I should be "Wed >Nov 13 11:42:22" at GMT+7. And when i use command "rdate -s time.nuri.net" it turn my >bering box into "Wed Nov 13 04:42:22 GMT 2002". Anyone who know please tell me.. Have a look at: http://leaf.sourceforge.net/devel/jnilo/butime.html - pretty comprehensive walkthrough of exactly that ;) HTH Jon Clausen --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd522.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to deal with P2P-apps? [was; What's this guy trying?]
Thanks everyone, for the hints/ideas. I appreciate it. (Un)fortunately (in this context anyway) I've just recently got a new job which leaves me little time to go in depth with this ATM... That's also why I'm thinking that 'the path of least resistance' might be to simply tell this kid to drop P2P, or I'll simply throttle his machine way down... Hope I have time in the weekend to understand more... Thanks again Jon Clausen --- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to deal with P2P-apps? [was; What's this guy trying?]
On Tue, Oct 29, 2002 at 10:03:58AM -0800, Ray Olszewski wrote: > Comments interleaved below. (I waited awhile before replying, in the hope > that someone who knows more about this area than I would chime in. What I > can offer is very limited, as you will see.) Limited, but by no means useless... thanks :) > >Now, why morpheus on the lan should result in incoming martian icmp > >messages on eth0, I haven't any idea...(?) BUT > > Me either, except to note that P2P services make a lot of connections to > and from poorly configured systems. If your ISP uses private address > 10.131.224.1 for some specialized purpose (a plausible example would be a > server that does PPPoE authentication), a configuration error by some > morpheus user elsewhere could be causing a routing error from your end. > Just a guess, of course. Except that what I'm seeing is many different IPs, although they're almost all in the 10.0.0.0/8 range. (I do see some 192.168.x.x. and a couple 172's, but not nearly as many as the 10's...) > >More generally; > > > >This being a residential network, I have no authority to block P2P apps > >outright. So I would like some opinions/advice WRT the following: > > > >P2P being the potential security hazard it is, would it make sense to > >place a P2P "proxy" in the dmz? (And try to beef up security on it) > > My guess is no. Any vulnerabilities here are in the application layer of > closed-source software. For each P2P app to work, you have to let the app > connect to the Internet. In any case, I've never heard of a P2P proxy for > the common P2P services ... has anyone? Right. Well... I'm using the term 'proxy' very loosely here; What I meant was to set up a windows host in the DMZ, strip it as much as possible, load some antivirus stuff on it, and let it act as 'buffer' for P2P. Then use the very useful info from oofle.com to build rules that only allow P2P to/from *that* machine to/from the NET, throttling and all, and only let the internal clients up/download from it. I don't know, just an idea... :-P > As to "where to begin" ... a good place to start with this sort of question > is at Google. A search on "Morpheus ports" turned up a ton of listings, > including this one: Right... google is our friend... I'll look more closely into these links. Oofle looks like a great resource :) Thanks... I now have some leads to pursue... Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to deal with P2P-apps? [was; What's this guy trying?]
I'm not at all sure but I suspect there might be *some* connection between the hordes of denied icmp-messages discussed before (see quote below), and the fact that one of the kids on the lan is running "Morpheus" (a P2P filesharing app). Quick ascii reminder: Inet---Dachstein---LAN---(host running Morpheus) | DMZ | Linux server On Mon, Oct 14, 2002 at 11:15:11PM -0700, Ray Olszewski wrote: > At 07:24 AM 10/15/02 +0200, Jon Clausen wrote: > >O.K. full log entry: > >Oct 14 14:46:06 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 > >10.131.224.1:3 62.243.222.62:1 L=56 S=0x00 I=41957 F=0x T=243 (#9) > > OK. It's what I guessed above ... an icmp "host unreachable" message. > There's probably a secret decoder ring for this stuff online somewhere, but > I use a book. Here's the pieces: > > PROTO=1 protocol 1 is icmp > 10.131.224.1:3 10.131.224.1 is the source IP, of course; > the "port" is the icmp message type, 3=Destination > unreachable > 62.243.222.62:1 62.243.222.62 is the destination IP, as usual; > the "port" is the icmp message code, 1=host > unreachable > > Without seeing the content of the packet (which does not get logged), we > have no way to know what host this is about. > > >As I said, there are a bunch of this kind of entries, all > >PROTO=1 :3 62.243.222.62:1 L=56 S=0x00 I varying T varying (# > >varying) > > > >It starts at 11:36:39 continues through the day to 21:11:20 Which *could* fit with: 11:36 kid opens windows/morpheus, dumdedum all day to 21:11 kid shuts down, goes to bed Now, why morpheus on the lan should result in incoming martian icmp messages on eth0, I haven't any idea...(?) BUT More generally; This being a residential network, I have no authority to block P2P apps outright. So I would like some opinions/advice WRT the following: P2P being the potential security hazard it is, would it make sense to place a P2P "proxy" in the dmz? (And try to beef up security on it) Bandwidth. This stuff needs to be throttled. This is something I've been wanting to get into, but since the documentaion on Morpheus amounts to "This is the best P2P app... ever!" I've no idea where to begin. Does anyone have links to docs on the ports/protocols used for these types op apps? (Morpheus/Kazaa/Gnutella/whathavewe) These are more of conceptual/conversational questions, since I've done little research of my own yet. I thought it'd be nice to get some pointers ideas on *what* to research first... TIA Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] What's this guy trying?
On Mon, Oct 14, 2002 at 11:15:11PM -0700, Ray Olszewski wrote: > >O.K. full log entry: > >Oct 14 14:46:06 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 > >10.131.224.1:3 62.243.222.62:1 L=56 S=0x00 I=41957 F=0x T=243 (#9) > > OK. It's what I guessed above ... an icmp "host unreachable" message. > There's probably a secret decoder ring for this stuff online somewhere, but > I use a book. Wow! A *book*... cool ;) > Here's the pieces: > > PROTO=1 protocol 1 is icmp > 10.131.224.1:3 10.131.224.1 is the source IP, of course; > the "port" is the icmp message type, 3=Destination > unreachable > 62.243.222.62:1 62.243.222.62 is the destination IP, as usual; > the "port" is the icmp message code, 1=host > unreachable Right. Gotta look up an icmp code 'translation' guide... any good links anyone? > Without seeing the content of the packet (which does not get logged), we > have no way to know what host this is about. If there is some IP address > (or block of them) you are having trouble reaching, this may be why. No trouble connecting, not to my knowledge anyway. I'm not on that lan, and really only have anything to do with the server and the dach box... > Or, > since the source address is a private address, it may be that someone has > his internal network misconfigured in a somewhat bizarre fashion, and you > are getting icmp packets that are replying to someone else's connection > attempts. Or (let's be paranoid for a moment) someone else is spoofing your > external IP address as the source of some packets, and you are getting the > replies. Hmmm... grep PROTO=1 messages gives a sh*tload of lines. Every one is "input DENY eth0", that is, coming from the outside. I know (from the httpd-logs on the server) that the 'neighborhood' 62.243.222 is positively swamped with infected windows servers. > Are the various "" entries all private addresses like subnet 10, > or are some of them from real (public) IP addresses? If the second, what > are some of the sources? I've put a sorted/uniq'ed list of yesterday's and today's instances at the bottom, but yeah they all look pretty private, with the exception of the 65.82.107.120 (and maybe some of the 172...s ?) > >The Dachstein box has a LAN and a DMZ, with a web/mail/dns/ftp server, > >behind it. None of the IPs logged show in the server's logs. Perhaps a little more info should go here: lan: 192.168.0.0/24 dmz: 10.0.1.0/24 AFAIK nobody on the lan runs anything other than 'regular' (couple linux, mostly w$) hosts. The server in the dmz is SuSE 7.3 > >> Probably none of the above. PROTO=1 means icmp, and "port" 5 (it's > >really a > >> message type, not a port, when icmp is involved) means it is an icmp > >> redirect packet. The packet should be telling you that this host is not > >the > >> preferred route to some destination. Whether this means a problem with > >> your routing table or someone else's is unknowable from the information > >you > >> have provided. > > > >I don't think there's a problem with my box's routing table, meaning > >that the clients on the lan have no problems connecting to the net or > >the dmz/server. Also there are no problems connecting to the server from > >'outside'... It's been running with the current config for months. > > I'm not sure, but I think that if your end ignores the redirects, the other > end will still route for you ... they are a suggestion, not an order. So > you can, probably, safely disregard these messages. Hmmm... The only one that knows anything (about computers anyway) on the lan, is on vacation ATM. I should prolly ask him whether everything's o.k. when he gets back... Thanks for the info/effort. Jon Clausen Today's harvest: 10.1.0.1 10.1.1.22 10.114.128.1 10.130.128.1*) 10.134.224.1 10.2.128.1 *) 10.217.192.1*) 10.219.224.1 10.25.116.1 10.46.60.1 10.59.224.1 10.62.52.1 10.62.60.1 10.68.0.1 10.80.128.1 192.168.120.4 192.168.246.142 192.168.9.202 Yesterday's: 10.130.128.1*) 10.131.224.1 10.133.52.1 10.2.128.1 *) 10.217.192.1*) 10.22.28.1 10.3.32.1 10.52.72.1 10.52.96.1 10.58.144.1 10.75.16.1 172.16.11.1 172.16.193.1 172.17.82.106 172.22.32.3 172.26.49.9 192.168.129.3 192.168.147.98 192.168.246.54 192.168.247.110 192.168.247.158 192.168.247.22 192.168.9.193 65.82.107.120 *) present both today and yesterday --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] What's this guy trying?
On Mon, Oct 14, 2002 at 03:16:57PM -0700, Ray Olszewski wrote: > >1)... dunno what to make of that, > > Me either. Please provide the full line for the blocked packet (as you did > with the second example, below), not an uninterpretable fragment. This > *could* just be icmp type 3, message 1 ("host unreachable"). Or it could be > something else, since you don't tell us (for example) what the PROTO= value > is.. O.K. full log entry: Oct 14 14:46:06 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 10.131.224.1:3 62.243.222.62:1 L=56 S=0x00 I=41957 F=0x T=243 (#9) As I said, there are a bunch of this kind of entries, all PROTO=1 :3 62.243.222.62:1 L=56 S=0x00 I varying T varying (# varying) It starts at 11:36:39 continues through the day to 21:11:20 The Dachstein box has a LAN and a DMZ, with a web/mail/dns/ftp server, behind it. None of the IPs logged show in the server's logs. I don't usually see this much activity in the firwall's logs. > >but then there's this guy: > > > >is this some kind of DoS? Am I under attack, or is it just some > >misconfigured box? > > Probably none of the above. PROTO=1 means icmp, and "port" 5 (it's really a > message type, not a port, when icmp is involved) means it is an icmp > redirect packet. The packet should be telling you that this host is not the > preferred route to some destination. Whether this means a problem with > your routing table or someone else's is unknowable from the information you > have provided. I don't think there's a problem with my box's routing table, meaning that the clients on the lan have no problems connecting to the net or the dmz/server. Also there are no problems connecting to the server from 'outside'... It's been running with the current config for months. TIA Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] What's this guy trying?
Logged into a remote Dachstein box to check up on something else, and I see huge amounts of denied packets in /var/log/messages... Connection attempts from f.x: 10.131.224.1:3 -> 62.243.222.62:1 ^^unknown^^ ^^my remote^^ I see a bunch of these from different IPs (that is, from port 3 to port 1)... dunno what to make of that, but then there's this guy: # grep 65.82.107.120 $_ | nl 1 Oct 14 15:05:56 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 I=5685 F=0x T=45 (#2) ... 164 Oct 14 15:06:07 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 I=5866 F=0x T=45 (#2) is this some kind of DoS? Am I under attack, or is it just some misconfigured box? I nmapped the IP, and the only thing that came up was: Port State Service 1433/tcp openms-sql-s -so I'm guessing it's a zombie windows host... (?) TIA Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] telnetd.lrp or rshd.lrp ?
On Thu, Oct 10, 2002 at 02:28:33PM +0200, Elmar Gerwalin wrote: > Hello, > > I'm looking for lrp packages that contain rshd and/or telnetd. > The configuration is described somewhere, but I can find no binaries for my > bering box. CMIIW but I do believe you can use the package from the Oxygen download area... (?) > Yes - I know - the world is insecure and telnet and rsh, too. > But I will see a "sniffer" if he manages to crawl under my table between my > two PCs ;-) Happy monitoring :) > The sshd.lrp is too large for a floppy system and the configuration is not > very easy (look at the dozens of mails with subject "sshd"). I'd suggest to slap in a second floppy drive then. I just built a firewall like that. Works pretty good. Two floppies gives you room enough for everything ssh-related and then some. True there are a couple of steps involved in setting it up, but the documentation *is* pretty good: http://leaf.sourceforge.net/devel/jnilo/openssh.html explains sshd setup, *and* touches on two-floppy setup as well. MHO: Go with sshd and two floppies. The first gives you *way* better protection than telnet, and the second gives you space enough that you dont have to count bytes... HTH Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering on 486
On Thu, Oct 03, 2002 at 11:04:58PM +0200, Dan Broscoi wrote: > Hello leaf-user, Hi :) > Will it work ? Yes. HTH Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] sshd
On Mon, Sep 30, 2002 at 09:39:36PM -0700, Matthew Schalit wrote: > > >So, I went to http://leaf-project.org/devel/jnilo/packages/ and loaded > >this package in. Saved this package, rebooted > >"Now I get Privilege separation use5r sshd does not exit" > > > That's expected. It's in the docs somewhere that you > need to make the following additions (the sshd lines) > I think that was all it took, but then again :) > Matthew Yep, that's it. Jon Clausen --- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] sshd
On Sun, Sep 29, 2002 at 09:11:51PM -0700, Steve wrote: > > Date: Sun, 29 Sep 2002 14:15:14 +0200 > To: [EMAIL PROTECTED] > From: Erich Titl <[EMAIL PROTECTED]> > Subject: Re: [leaf-user] sshd > > >Steve wrote the following at 08:27 29.09.2002: > >>I am trying to set up sshd in Bering. > >>I have loaded the sshd.lrp and libz.lrp packaged and have generated my > >>keys ,but when sshd is run it complaines that is cannont find > >>libnsl.so.1 file. I've done a few searches and can not find where this > >>file might be or where I can download it from. > >>Any suggstions? > >>Regards. > > >Where did you take your sshd.lrp from. I have sshd on bering running > >on bering without libnsl. IIRC I got mine from Jacques Nilo's packages > > > >Erich > > got it from the same site. I have tried reloading several times all > with the same result. I just built a new Bering box this weekend, with sshd/libz from J. Nilo's site. Works perfectly... I can't find libnsl.so.1 anywhere on that machine. It is, however, present on my (SuSE 8.0) workstation: jon@a13-8:~> locate libnsl.so.1 /lib/libnsl.so.1 jon@a13-8:~> rpm -qf /lib/libnsl.so.1 glibc-2.2.5-123 I dunno. The only suggestion I can come up with is try getting and installing it afresh (?) What versions (of everything) do you have? HTH JOn Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Blinder, update :)
Hi everyone Despite a number of factors trying to take over my life completely in the last couple months, I've managed to get a package of my motor-control system done. In case anyone's interested in checking it out go to: http://bund.dk/blinder and go to the download section. The site itself is pretty untidy, but you *should* be able to find it :P In any case I'd be very happy if someone has a spare Bering system where they could try installing the package. Just to get some feedback on it's installability... Whether it runs or not... The version to get/check out is 0.0.2-rc1 Comments welcome :) Jon Clausen --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Does the module order matter in syslinux.cfg?
On Thu, Aug 01, 2002 at 06:52:19AM -0700, Craig wrote: > Hi folks, > I'm using Dachstein CD 1.0.2. When you modify the syslinux.cfg file, > does it matter which order you list the additional modules that you want > included at boot-up?...or do you just add them to the end of the line of > other packages on the LRP= line??? Thank you. I don't think the order is significant. I always just added stuff at the end, never seemed to present any problem. HTH & CMIIW Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 10.10.x.x network blocked by default?
On Mon, Jul 15, 2002 at 07:15:24PM +, Scott C. Best wrote: > Tony: > Heya. Yes, the 10.x.y.z private IP address range is blocked > by the default firewall script that comes with Dachstein. You may > want to try "echowall.lrp" which I built for Dachstein which doesn't > do this. I had the same trouble with the standard Dachstein ruleset, > and before long I had so many customizations to it, it became its > own package. :) > > If you want to keep using the default Dachstein firewall > for whatever reason, I believe the changes you need to make are in > the network.conf file. Should be easy to find in there... I had to get past that once... What I did (if memory, and old comments serve) was in ipfilter.conf: ~line 208: $IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $* ~line 420: $IPCH -A input -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF ~line 502: $IPCH -A output -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF comment out those lines, and the rules don't get made... I had a nasty time finding them, but it worked... HTH Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] O.K. getting more general now...
On Fri, Jun 21, 2002 at 04:51:13PM -0500, guitarlynn wrote: > On Thursday 20 June 2002 07:19, Jon Clausen wrote: > > > having the paths/filenames hardcoded into the C-executable might be a > > way of minimizing the potential abuse of such a program(?) > > Definately! I am in fact going with the alternative idea, of not even moving files. But rather just let that little program "touch"/remove an empty file. I'm thinking that, since there's no problem in getting my script to put the file there, there's no *need* to have (suid)C move anything... > Just copying over the old one from the /tmp file would save a few lines. > I generally do this step with a "save" or "commit changes" option you For sure there are a great deal more than one or two lines to strip, but yeah you're right. It's a leftover from earlier. > can also code it to do a backup of the package with this step. I like that :) Wouldn't I be getting into the "same" kind of permissions trouble though? I mean, lrpkg needs to be run by root... doesn't it? > I would setup a seperate /tmp file for every web page, so when you > only change one or two things, you don't need to regenerate the > whole config again. Which is basically what it's doing. At this time there *is* only one page where you can set up times etc. But having used it for a (short) while now, I'm realizing that more stuff needs to be setable from the webinterface. Like f.x. globallly: "The absolute number of steps from extreme to extreme". But also I think there should be at least two or three "preference positions", which in turn is going to demand a pretty major rethink/rewrite of both the webinterface as well as underlying scripts, *and* the conf file formats. But the point is taken, and this will be the way to go :) > As far as shell scripting this, the forms should > send whatever option to the file you define, so leaving commented > options in serves no point other than code-bloat unless your planning > on hand-editing the config file(s). Exactly. Hand-editing is not what I plan. And as such, it's a much easier approach (from a programming pov) to simply steamroll a freshly generated crontab over the old one. > > Fourth, a table with a given delimiter (':' f.x.) is *way* easier to > > both parse, *and* update. > > as opposed to space delimiting or line delimiting. I dunno about > that in a shell (depending on how you named you variables). Well no, what I meant was; as opposed to having it all stored in the crontab, and read/parse/modify/write... > > This may be 'baby' programming, but it works. :) > > That is the point! Yep ;) > > Guess I'm going to have to learn a little C next ;D > > Sounds like fun! There is enough source code for Linux > programs to learn how to code about anything! C isn't > terribly difficult to learn if you can figure out with functions > you want to use and what library they are in ;-))) Heh... yeah, *that's* the only problem there... :D BTW it occurred to me that I should maybe move this whole discussion over to leaf-devel? I'm not subscribed yet, but I'm thinking that it might be the more 'proper' place for all this? cheers, Jon Clausen --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] O.K. I put it! permissions o.k.?
Oops... I meant for this to go to the list... Sorry 'bout that Lynn :( On Wed, Jun 19, 2002 at 09:43:32PM -0500, guitarlynn wrote: > > If you "touch (filename)" like Charles had suggested, it updates the > time stamp w/o modifying anything else in the file. This is commonly > used when compiling libraries or db's as well. > > I hope this helps, Well, not actually :( Getting the file in there is no problem. Getting cron to notice something happened is. Please CMIIW, but from what I understand, the way cron gets aware of changes in the userland crontabs, is that it sees that the timestamp on the *directory* has changed. Cron then checks whatever tabs are in the dir, and reloads itself with the new stuff. So far so good. 'Touch' does little to help with the above, because: # touch crontabs touch: crontabs: Is a directory - but in any case, the user can't touch anything that's owned by root, unless it's world-writable, which it is not... My 'problem' is that operations*) on the file *in* the dir doesn't update the stamp on the dir itself, unless whoever (sh-httpd:adm in this case) has some kind of write-privs *on* the dir. So in lieu of a 'crontab' command that would do it (update the file *and* the timestamp on the dir) I changed the perms... Jeff's post, however, has made me realize that maybe this is not such a great way of getting said timestamp updated after all. And that Eric's suggestion of having a small C-executable (suid) perform the actual operation instead, is probably better. I'm thinking that having the paths/filenames hardcoded into the C-executable might be a way of minimizing the potential abuse of such a program(?) Alternatively, I guess if the C-exec just did something like: - create an empty file in .../crontabs/ - remove it again immediately I would effectively get cron's attention, which is what this is all about. The advantage to this approach should be that there is little risk in having an suid C-proggie that does nothing but create/remove an empty file in a hardcoded location... right? *) What I do is this: Rather than edit the file in-place, I generate a new one in a temporary location, remove the old file, and copy the new one to the crontabs/ dir. The reasons I do it like this are several. First of all it was a much simpler way to go, with little risk of damaging the original crontab. Secondly, some of the values involved don't have any defined place in the crontab. So I keep a separate table, where everything is stored. Thirdly, if the programs are set (via the webinterface) to *not* run on specified day(s), it's *much* simpler if the script which builds the new crontab just skips writing those entries, instead of writing them, but #'ing them out. Fourth, a table with a given delimiter (':' f.x.) is *way* easier to both parse, *and* update. This may be 'baby' programming, but it works. :) Guess I'm going to have to learn a little C next ;D cheers, Jon Clausen - End forwarded message - --- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf<<< leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] O.K. *how* do I put it? (cgi-question)
Hi again So my 'blinder' project is moving along. I got (almost) everything in working order. I still need to do a couple of things before I start cleaning up, and move everything into the 'proper' fhs-locations. But none of that is really all that complicated. There is one obstacle remaining, however, that I *am* going to need help with. Using the weblet and some cgi-scripts I can now generate a crontab which includes the original content, and has some entries added that will call the programs to open/close my blinds at designated times. For a number of reasons I decided to generate this file in a temporary location, as opposed to try and edit /etc/crontab on the fly. It works, and reliably generates the file as it should look. My problem at this stage is getting the generated file inserted into the system. Because of the (very sensible) fact that cgi-scripts may not write to crontab, and setting suid on the script doesn't work either, I'm kind of stumped on how to achieve this. Questions: Is there a sensible way to let a cgi-script update crontab? Without opening ridiculous security issues, like hacking sh-httpd to let cgi execute outside of cgi-bin... Does cron allow for 'sourcing' of additional files from /etc/crontab? (Like adding a: . /path/to/sh-httpd/writeable/file to /etc/crontab) Can I have cron look at a (different) crontab that is writeable by sh-httpd? Most of the programming that I've already done is probably full of security issues, as it is, but I don't worry too much about that (yet), as the whole thing is well shielded from the Net. Evenso, I'd rather avoid having to open up the system even further. If anyone is curious, there's a dummy version of the form that I built at http://bund.dk/~jon/blinder somewhere. And the function that's my problem is with the "Commit Changes"-button... Never mind the colors/layout, though, "I'm *not* a web-programmer" ;-P I know this is borderline [OT], but I figure this list is my best bet at getting some useful tips on this. Sorry if I'm being a nuisance, but well... TIA Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Where to put it? (In Bering)
On Tue, Jun 11, 2002 at 10:44:50AM -0700, Jeff Newmiller wrote: > If you have not yet read the latest FHS, you should. LEAF generally > follows the principles outlined there. (http://www.pathname.com/fhs/) Yes, indeed I just 'found' it the other day. That's part of the reason I became aware of my 'predicament'... Thanks a lot for these hints. Thusly armed, I think I can pretty much get this thing sorted out :) Have a nice day :) Jon Clausen ___ Multimillion Dollar Computer Inventory Live Webcast Auctions Thru Aug. 2002 - http://www.cowanalexander.com/calendar leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Where to put it? (In Bering)
Hi list In the continuing story of my pet project "Blinder" to control my blinds from a Bering box: I'm getting very close now. :) So close that I hope to wake up to an artificial sunrise before the weekend... So close, in fact, that I'm beginning to start thinking about making a .lrp out of it. But before I do that I would like to get some advice on where the different parts belong in the filesystem. As it is most of the scripts/C-executables live in a subdir to /usr/local/bin. One thing is that I would like to be FHS-compliant, but mainly I want my stuff to be in the 'correct' places wrt LEAF/Bering. And as I have absolutely no experience in these matters, I'm clueless both wrt the FHS *and* common programming practise. :-P The parts involved are: Scripts (The 'main' constituents. Called by cron as needed, plus various support functions.) C-executables (handle actual I/O to the parport) Data files Config files And ones that are more or less self evident (wrt to placement in the FS): Temp files Cgi-scripts html (well, actually almost everything is cgi, and I think I'm gonna kill the last of the html too) Questions involve (but aren't limited to ;) - Where do the 'programs' go? (this is my primary concern) - Am I 'allowed' (or even encouraged) to put stuff in /etc ? - Where does one keep app-specific data? - Where does the stuff definitely *not* go? You get the point... I'm pretty unsure of the above, as this my first stab at building anything this complex. I wish I'd asked about this before, so I wouldn't have to move stuff around, but fortunately I've been smart enough to put most of the paths in variables, so at least they're easily changed... 8-) The actual building of the .lrp, seems pretty well covered in the documentation, so this is more about getting my stuff straight before that bit :) Feedback, pointers etc welcome and appreciated! greets, and TIA Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering, non-root crontab and more...
On Thu, Jun 06, 2002 at 02:46:01AM -0700, Greg Morgan wrote: > > Take it one step at a time. I'd make a backup of the files you will be > modifying. Experiment with what you want to do as root, then worry > about the uid thing. It is not like you're going to have to send hours > reinstalling a full distro. Just hit reset if things go really bad. ;-) Heh... Yeah you're right about that, though booting a 486 from floppy takes several *minutes*... ;) > > 1) How does cron handle itself on Bering? I.e. will it find and execute > > a user-crontab by itself? > > cron on dachstein/bering plays into your game plan. You do not have to > use crontab -e to edit the file. Here's /etc/crontab. Look at > run-parts command. ls -l cr* under /etc. It looks like you throw the > file you want executed into a directory. runparts runs all the stuff in > the directory. O.K... IINM, then what happens here is that run-parts gets called at 6:42 every morning. So then it runs whatever's in cron.daily, e.g. multicron-s and savelog-sh-httpd... But this happens every morning at *6:42* as specified in crontab, no? What I'm after is being able to set different times, for different days, something like f.x: 30 6* * 1 uid script /usr/local/blinder/settings/monday 30 6* * 5 uid script /usr/local/blinder/settings/friday 00 8* * 6 uid script /usr/local/blinder/settings/saturday a.s.o. - which still means that I'd have to put the runtime in crontab (?) > > 2) Any tricks/hints/pointers on how to actually writing to a file? Or > > rather *modifying* a file that is already there (i.e. changing some of > > the fields in a crontab line from f.x. 30 6 * * * to 00 7 * * *) > Since you mention that your knowledge of sed is growing, that would be > your tool here. Thanks. Those region-thingies are bound to come in handy ;) As it were, I've decided to introduce an intermediate times-table, so that what I get on the webpage is: A form where I can change the settings for each of the days in the week. Upon submitting this, the table gets updated, and the page gets refreshed with the new values (read from the table). A *second* submit, that calls a write-to-crontab-script. Advantages being that - changing values for several days in one session should be a little faster (since only one file is being edited) - this table can hold values that crontab doesn't have any concept of (duration of sunrise f.x.) - everything is stored in a single place - I can do some sanity checking at this stage and last but certainly not least; In this phase of development, I can practise writing to certain fields in a file, without risking smashing crontab in the (learning) process :) > > > > 3) Are there any good candidates (scripts/routines) already present in > > Bering/packages, that I can use as starting point for 2) ? > > I think just pick a cgi page to modify. You would want some sort of > confirmation page to print in weblet. Paint the page with the normal > echos. Then echo string > desired_file_name if a whole file. Otherwise, > sed a line with your new value. Perhaps checkmem is an example. Think > of how to use the level variable. Think of above case statement and > below case statement. I'll have a looksee... sometimes it's even more confusing to try and figure out what some script does, rather than start from scratch, but in any case it's nice to have an idea about *which* script to look at ;) > I hope I complied with your wishes. Oh yes! And I very much appreciate your thoughts/comments. Actually your response has been more or less *exactly* the type I was hoping for, conceptual and non-specific :) > call pattern matching Regular Expressions. That much i *did* know... ;P > > Man, this just keeps growing... but it's *fun*! (Next thing you know, > > I'm gonna want to have the ability to specify different runtimes, for > > different days of the week ;) see? The above was yesterday, and already I've agreed that indeed this is something I need... ;D > Ummm. I don't know. Have a scheduled job to start? Pass a parameter > into job i.e. sunrise 20. Do stuff to turn motor on. After all motor > control is done call sleep with value i.e. sleep $1. Then do more > motor control to close blinds or whatever? yeah... dunno I don't think I'd thought this through. What you suggest if prolly gonna be just fine. I think I was worried because 'sleep' doesn't take smaller steps than 1 second, but in reality 1 second is more than enough 'granularity' for this purpose. I mean, I might be attempting to control the sunrise, but it's not like it's rocketscience or anyth
Re: [leaf-user] port forwarding to DMZ
On Thu, Jun 06, 2002 at 02:34:13PM +0700, GREGOR wrote: > > How do I solve this problem? Are the switches limited for only 5 DMZ? I have nine entries like that, which work as intended, so no there's no limit. (Not at 5 anyway ;) But you have three external IPs... Are you certain that works? If that's set up correctly (I'm not exactly sure how, but I'm pretty certain you can do that) then I'd suggest to check if you opened the ports in the first place. Somewhere around line 250 in network.conf... If that's not the problem, I hope someone else will step in, cause that's about it from me... :( hth Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering, non-root crontab and more...
Hi list Progress is still present, although hampered by outside influences... ;) Project: Getting Bering to control stepper motor, to open/close blinds. Status: Hardware is in place. Basic software/routines, getting closer. I've been spending some time familiarizing myself with the GET-method of getting data into the box, through the weblet. At this point I have some 'proof of concept' testpages, that accept input through forms, parse the resulting QUERY_STRING, and echo back to a new page. This all works pretty much as I want it, even if my sed scripts *are* a bit clunky... Next step will be to have that data written to a file instead of just out to a page. Now, since this whole thing is meant to be time-centric (run at specified times) the logical thing to do is have the cgi-script write to a crontab, with the appropriate format. For a number of reasons, I'm not very comfortable with the idea of letting my own scripts modify root's crontab, one of the more obvious being that my scripts would have to run with root-privs to do that. I'm beginning to think that I should probably add a uid to handle all this crap, instead of letting it run as sh-hhtp, but either way I'd like to get some clarification on a couple of issues: 1) How does cron handle itself on Bering? I.e. will it find and execute a user-crontab by itself? 2) Any tricks/hints/pointers on how to actually writing to a file? Or rather *modifying* a file that is already there (i.e. changing some of the fields in a crontab line from f.x. 30 6 * * * to 00 7 * * *) 3) Are there any good candidates (scripts/routines) already present in Bering/packages, that I can use as starting point for 2) ? I must admit that I haven't done a great lot of research on this, before asking. But, as usual, what I'm asking is more on the order of 'where to look for docs on this' or 'advice/considerations, please?' rather than 'tell me what to write where', so I hope it's o.k... Man, this just keeps growing... but it's *fun*! (Next thing you know, I'm gonna want to have the ability to specify different runtimes, for different days of the week ;) Oh yeah, one other thing; Setting the time to open/close is all very nice, but I'd like to be able to specify a *duration* of the 'sunrise' as well... There are ~576 'steps' of the stepper motor from extreme-open to extreme-closed. Any idea how to distribute x steps per minute...? TIA Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Newbie Bering Developer
On Mon, Jun 03, 2002 at 09:25:38PM -0500, Brad Fritz wrote: > > On Mon, 03 Jun 2002 21:09:59 EDT Steven Nickle wrote: > > > I am in the process of setting up a development environment to build an > > application to run under Leaf/Bering. > > > > I am not the best person to answer, but since no one responeded > to your leaf-devel posting (or this one) yet, I'll jump in. > > The most beneficial advice I can probably offer is to check out > Jacques' "Developing and using LEAF in a virtual environment"[1]. > It is a great description of using a user-mode linux kernel to > setup a virtual development machine. Much easier, IMO, than > running a dedicated slink system. You might also want to read > Dave Douthitt's "LEAF/LRP Developer's Guide"[2]. I can only second this advice. The basics are pretty much: Download a compressed filesystem-image Download a kernel image Uncompress both in a directory of your choice (You might need to twiddle a little; I had to chmod +x the kernel, and rename the root filesystem) run the kernel from an xterm, and watch in awe, as the slink system 'boots', and subsequently spawns three xterms with each a login prompt... Many many kudos to Jacques (and anyone else who contributed) for making this stuff available... It rocks! Just fyi, the docs are at: http://leaf.sourceforge.net/devel/jnilo/uml.html I have nothing to add to that, so I'll just... not ;) hth Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: Fw: [leaf-user] No autoexec.bat :-)
On Wed, May 22, 2002 at 05:06:25PM -0500, Omar D. Samuels wrote: > - Original Message - > I found that file (it was hidden) and I'm gonna try adding my program to be > run there. Boy I feel my brain cells multiplying rapidly... in order to try > it tho' I need to add something to my /sbin directory and backup my LEAF > boot disk, how do I backup the changes of the /sbin directory? Here's a way to find out which package to backup: go to /var/lib/lrpkg grep *.list In this case would be 'sbin', so this is what I get on a testmachine (Bering) that I happen to have here, so what you get *might* differ: blinder: -root- # grep sbin *.list telnetd.list:usr/sbin/in.telnetd weblet.list:usr/sbin/sh-httpd weblet.list:usr/sbin/stat.sh what this tells us is that the only packages that *explicitly* back up anything with 'sbin' in the path are telnetd and weblet. Which means that, by extension, /sbin gets backed up by root.lrp The working principle is that if package foo.lrp mentions /foo in foo.list, and package foobar.lrp mentions /foo/bar in foobar.list, then the file /foo/bar will *not* get backed up by foo.lrp but foobar.lrp eventhough /foo/bin /foo/this/that and /foo/whateverelse *will* The purpose is to avoid the same file being backed up by different packages, with possible turmoil to follow... SO; given the above you'd prolly want to back up root.lrp which backs up / and hence everything not explicitly listed by any other package... At least that's my take on it. Someone CMIIW? > > If you want foo to run at *boot*, then I guess it needs to go in some > > /etc/init.d with a link from /etc/rcN.d, but I'm not too sure what the > > default runlevel is... and I should prolly not elaborate further... ;) > Sorry I just now realizing what u r saying about the difference between > login time and boot time, I am getting this now, I'd really love for you to > explain the /etc/init.d and etc/rc#.d thing, I am only semi-grasping it, I > mean I have a semi-thesis, but I wanna hear from a real techie. Well if you want to hear it from a *real* techie, you don't want to hear it from me ;) I think maybe you got me wrong... what I meant wasn't that I shouldn't confuse you with that intel, what I meant was that *I* don't know enough about the boot process in LEAF to tell you... ;) ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: Fw: [leaf-user] No autoexec.bat :-)
On Wed, May 22, 2002 at 11:45:45PM +0200, Jon Clausen wrote: > On Wed, May 22, 2002 at 03:57:18PM -0500, Omar D. Samuels wrote: > > I have a program that I want to run at startup... I wouldn't mind running it > > instead of the "LRCFG". I've been snooping around the init.d and rc.d > > sections but can't find exactly where to stick this. Can anyone help, > > pleez? Thanks. > > Actually lrcfg doesn't run on startup... > > It runs at login, and the place that that's specified is in > /root/.profile towards the end: > > #Uncomment to run at login > /usr/sbin/lrcfg > > - so what you could do is comment that line out, and put something else > in there... but that's of course if you want /path/to/foo to run at > *login*... > > If you want foo to run at *boot*, then I guess it needs to go in some > /etc/init.d with a link from /etc/rcN.d, but I'm not too sure what the > default runlevel is... and I should prolly not elaborate further... ;) > oh yeah - to make whatever you put in .profile stick beyond the next boot, you need to back up root.lrp Jon ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: Fw: [leaf-user] No autoexec.bat :-)
On Wed, May 22, 2002 at 03:57:18PM -0500, Omar D. Samuels wrote: > I have a program that I want to run at startup... I wouldn't mind running it > instead of the "LRCFG". I've been snooping around the init.d and rc.d > sections but can't find exactly where to stick this. Can anyone help, > pleez? Thanks. Actually lrcfg doesn't run on startup... It runs at login, and the place that that's specified is in /root/.profile towards the end: #Uncomment to run at login /usr/sbin/lrcfg - so what you could do is comment that line out, and put something else in there... but that's of course if you want /path/to/foo to run at *login*... If you want foo to run at *boot*, then I guess it needs to go in some /etc/init.d with a link from /etc/rcN.d, but I'm not too sure what the default runlevel is... and I should prolly not elaborate further... ;) HTH Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] [OT] Weblet "abuse"
On Monday 13 May 2002 16:46, Charles Steinkuehler wrote: Thank you all, for some good feedback! > What you want to do is use forms. Forms will work with the "GET" method, > which is already supported in weblet. See any HTML/CGI reference for > examples on how to do this. Tried this, and in a matter of moments had input field/submit button on the testpage. A nice surprise, in that I really didn't think any of this was built into the weblet already :) > If you try to get real fancy, you may want to add the POST method (patch > previously posted), Yes and thanks to James for that. But I think I had better not complicate this any further, and so I'll skip that for now. (Especially since I don't know the difference between GET and POST, I don't know what I would potentially gain?) > but I think GET combined with forms will do everything > you need. Several of the existing shell-script CGI programs already > process GET provided data, so you can use these as a starting point. Yes, though I have had no success yet, I'm pretty confident that I will eventually understand the mechanics of these. Thanks to Greg too, for the links to Bill Weinman's site. Unfortunately the site is still somewhat out of order, and the sh-cgi-link gets me a perl-page instead :( Clearly this part is even more complicated than I'd anticipated, but since I've found some other references to sh-cgi handling, I'm pretty sure I can crack this... Thanks again for the input ;) Jon -- .signature ;) ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [OT] Weblet "abuse"
My project to build a computerized device to control opening/closing of the blinds in my window is slowly getting there... Thanks to Charles for some nice advice on choice of OS... I ended up going with Bering. After some butchering I now have a nice, networked 1-floppy 486 system, with space enough (and then some) on the disk for my own custom stuff. Along the way, I had to install the virtual development system on my main machine, in order to compile the C-routines that do the actual read/write to the parallel port. Great stuff !-) I've decided to work my way 'in' from two endpoints, leaving the central piece (basically a controlscript, to be called as a cronjob) to be built last, when I know more about how exactly it will be called, and how it will get it's values: HW/Lowlevel control of parallel port is pretty much where I want it. The other end is probably best described: Ultimately I want to be able to control operation from a webpage. To this end I've built a couple of 'proof of concept' scripts that I put in cgi-bin, and made links for on a 'test.html' page. So now I can click a link 'forward', and the stepper motor turns forwards. This then produces another page with a link 'KillME' that finds the process and kills it. And a similar set of pages/links for 'reverse' :) While this all works, I'm going to need some way of setting 'time to run' and a couple other things from the 'master' page. One (rather clunky) way would be to have a whole bunch of links of this type: "Hour(tens) = 0, 1, 2" "Hour(ones)= 0,1,2,3,4,5,6,7,8,9" "Minute(tens)= 0,1,2,3,4,5 "Minute(ones)= 0,1,2,3,4,5,6,7,8,9 ... and so on... Pretty ugly. So what I'm asking now is this: Is anyone aware of any way to have an input field on a page served by the weblet...? It just occurred to me that I might get away with setting up a 'settime' script in cgi-bin that could get the value from the address line in the browser... something like: http://blinder/cgi-bin/settime?06:30 -but a 'real' input field on the page *would* be nicer... I realize that the weblet is really only meant to be a passive thingy, but I thought I might as well ask anyway... In case somebody had already made something that might be adapted... TIA for any thoughts/ideas Jon Clausen -- .signature ;) ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] [OT] Recommendations for minimal Linux?
On Thursday 02 May 2002 19:48, Charles Steinkuehler wrote: > > Sorry to be (way) off topic here, > > Not that far off topic. O.K. cool :) > Sounds like a pretty basic system. I hope there's a CPU and some memory! > :-) Well.. if you really think that's *needed*... ;-D > > oriented towards the role of 'device-controller'? > > I think you're barking up the wrong tree to some extent. Nyeah... yes and no. Though I see what you mean... > > Traits I'm looking for: > The first two traits describe the linux platform you need. Pretty much > *ANY* of the firewall/rescue type floppy disk linux's should work well for > you with a bit of customization. Yes, I realize this. What I was thinking was to minimize the amount of customization needed, by starting with something as close as possible to my goal > in network.conf, or remove the firewall setup scripts entirely, replacing > the whole thing with a simple script to configure your one interface Sounds like a fairly straightforward MO. Except I don't have a particularly precise picture of which scripts do what, when or how... Not that that's that big of a deal, who knows, I might even learn something in the process ;) > Anyway, when looking at the various single-disk linux options, there are a > few things you might want to check for that could make your job easier: > > init: > Some of the single-disk linux disto's come with a customized or minimal > version of init. Dachstein (and all other LEAF disto's, AFAIK) comes with > standard SysV init, and supports the /etc/rc?.d runlevel directories, > making it easy to get your custom program(s) running automatically. Good point. > cron: > Since you're talking about an alarm type function, you may find cron handy > if you don't want to keep track of time in your application. Again, cron > is included on Dachstein and other LEAF disto's. *Very* good point. Indeed this has me thinking that since, by nature, this host is going to be very 'time-centric', I might as well complicate matters further by making it a time 'mirror'. That is, let it synchronize with some timeserver 'out there', and then having it act as a local timeserver for my LAN... Any 'xntp.lrp' packages available? > Runtime Environment: > You only mention the requirement for a shell, but there are probably other > things you need as well. You can add these yourself if > something is missing, but ideally you want as much as possible included > "out of the box". Which was my point exactly, in asking for opinions :) > I think Dachstein, Bering, Oxygen, and most any of the myriad other > single-disk disto's would likely work fine for your application. I'd > probably pick one based on either your current experience (ie stick with > what you know), or what you would like to learn (ie I've been itching to > try out that Bering release). Yeah, you're right. I think Bering looks like a nice place to start... I *have* been wanting to get started on that. > You might also want to consider using some X-10 controllers, and slowly > turning on a light (or lights). You can get all the bits & pieces at > radio-shack, and you can still controll it with linux... Yeah I suppose, but since my electricity bill is big enough as it is, and light is readily available anyway, I think I'm going to stick with the concept of just selectively letting it in (the light, that is...) Also getting stuff from Radio Shack could prove pretty expensive, getting the stuff shipped to Denmark, and all... ;-P Thanks very much for the input. Nice to get some confirmation that even if I'm barking up trees, more or less at random, at least I'm in the right neck of the woods ;) Jon Clausen -- .signature ;) ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [OT] Recommendations for minimal Linux?
Sorry to be (way) off topic here, but I was wondering if anyone on this list has any experience to share on the subject of minimal linux versions, for something other than routing/firewall purposes? I'm currently engaged in a project to control an external piece of equipment via the parallel port. For this purpose I'm going to set up an old 486 (or whatever), stripped of everything but: A floppy drive One NIC -at this point I have the external equipment built (basically a stepper motor, and two switches). I have the (electronic) interface to the parport ready. As well as the c-routines to access the stuff. Now, before I press on and start programming, I'd like to get the controlling host set up. And this is where I'd like some input: Most of the minimal Linuces I'm aware of, are of the 'router/firewall' or 'rescue system' variety. So is anyone aware of a version that is already oriented towards the role of 'device-controller'? Alternatively, does someone have any bright ideas, towards adapting something like f.x. Dachstein for my purpose? Traits I'm looking for: - Must fit on a single (possibly superformatted) floppy. - Should provide some sort of shell (until I get around to turning the programs into C or something, everything will be scripts) - (preferrably) some kind of webserver (for the purpose of making certain variables accessible/changeable, from machines on the LAN) "So what's this all about?" you might ask (or not ;)... well: I first had the idea some time ago, but seeing an article in the march issue of Scientific American, describing more or less exactly the same thing, I decided that I should go ahead and build it for myself. The rationale: "Humans (or any other animal, for that matter) have two distinctly different ways of waking up; One - As the sun rises, the increasing light slowly tells the person that day is dawning, and it is now time to get up, and start gathering food. This is the preferred method. Two - Some (usually noisy) external event, (such as the growling of a predator, the rumbling of an earthquake/canons of war, or indeed an alarmclock) tells the person that it is now time to get up and fight for it's life, run, hide or otherwise do *something*, and quick, before it's too late. This is much less desirable." Living as I do, in the city, with a streetlamp positioned right outside the window, makes it necessary for me to blackout my bedroom, in order to get any sleep at all. This is acheived by way of blinds. Unfortunately this means that when my alarm clock goes off (too early btw) in the morning, I'm always awakened in total darkness to something that resembles the second mode, as described above. In the hope of becoming a happier person, I now turn to a technical solution to this situation. In short, what I want is to create a mechanism that will emulate the sunrise, by slowly opening the blind, and thus (hopefully) more gently awake at 'dawn'... Any thoughts/ideas/advice welcome Jon Clausen P.S. To keep the offtopic-ness to a minimum, maybe it would be better if people were to answer by PM, rather than through the list ;) -- .signature ;) ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Leaf-user] default policy=reject...?
Hi List Never got around to it, but since one of my friends portscanned the Dachstein (rc1-floppy-dmz) box the other day, I'm now reminded that I wanted to change the default policy, so closed ports don't show... It's set set up with IPFILTER_SWITCH=firewall Question: The place to make this change is ipfilter.conf in the # A function to configure the filters for firewalling ipfilter_firewall_cfg () { -section, in: ipfilter_policy DENY -to: ipfilter_policy REJECT ... right? TIA Jon Clausen -- .signature ;) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, ipmasqadm portfw & dynamic/private ports ???
On Thursday 07 February 2002 07:42, Michael D. Schleif wrote: > Jon => > > 65456 < 65535 > > Your point? > lol Hmmm... none, I guess... :P Sorry 'bout that... Never, never, never write *anything* before the first cup of coffe in the morning! Never!!! Have a nice day :) Jon Clausen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD, ipmasqadm portfw & dynamic/private ports ???
On Thursday 07 February 2002 00:26, Michael D. Schleif wrote: > Is there some _maximum_ port that can be port forwarded? > > This fails: > INTERN_SERVERS="tcp_${EXTERN_IP}_65456_${LOKI}_www" > > This succeeds: > INTERN_SERVERS="tcp_${EXTERN_IP}_6543_${LOKI}_www" > > I have scoured /etc/ipfilter.conf, /etc/network.conf and man ipmasqadm; > but, I cannot find this limitation. > > What do you think? I'd say that probably 65535 is the upper limit. Being the highest nuber 16 bits can produce... HTH Jon Clausen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: Weblet... yet again ...again
Hi all http://bund.dk/~jon/weblethowo-pub.html O.K. spent some more time reading and trying out stuff. This 'problem' persists: > > >at the top of the page. The only way I could get the print-link > > > inside the two 's was to make it a paragraph, which renders > > > as if there were 's there... So I think I'll leave it as that. The above is going to be a 'problem' with all the docs (if/when they should validate as 'strict') and so someone should eventually come up with a solution. > > Nesting of tags and elements is tricky. You said it Mike !-) I'm thinking that I *should* add Gareth's piece too: -- I achieve this by tunnelling the http stream through an SSH session. My command line is as follows: ssh -l root -L 81:localhost:80 hostname Once I am logged in, using the URL http://localhost:81 opens weblet. I did need to edit /etc/hosts.allow and /etc/sh-httpd.conf to add 127.0.0.1 for this to work. I also needed to killall -HUP inetd for the changes to take effect. Gareth --- but I haven't had the time to put in the effort to understand it yet, so if someone could explain, I'm all ears. :) Specifically I think I'm getting confused as to which is the local, and which is the remote host... ? Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] weblet howto, was;(no subject)
On Thursday 24 January 2002 19:36, Mike Noyes wrote: > Jon, > You can get tidy from here: > http://tidy.sourceforge.net/ No problem, it was waiting for me right there on the SuSE-DVD ;) > > > It should correct most of the old tags you're using. It did, and very nicely too... > >some resource somewhere... > > There are some good on-line XHTML tutorials here: > http://directory.google.com/Top/Computers \ > /Data_Formats/Markup_Languages/XHTML/Tutorials/ Thanks, I found a very nice summary of xhtml at: http:// I forgot to bookmark it... oh well I should have no problem finding it again - I just put 'xhtml' i google... > >More on this subject should maybe be a new thread like 'Documentation > >formatting' or something, don't you think? > > There are differing opinions on changing thread names. I believe it has a > lot to do with witch email client you use, and whether it is capable of > threading mailing lists. Well I was just thinking that this end of the thread was turning into more of a document-format thingie, and less of a 'how do I check on my firewall from the outside'-thingie... But hey - I'm the newbie on the list, so whatever's the norm here... :) BTW I updated the page again, in case wanna go check it out Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] weblet howto, Updated again
On Thursday 24 January 2002 20:07, Matt Schalit wrote: > Jon Clausen wrote: > > > I put the draft at: http://bund.dk/~jon/weblethowto-pub.html > > O.k. done. Yet again. This time, take a look at the bottom left corner ;) > N1 Jon, Thanks > The answer to the remote thing would be to have a script > loaded on your remote laptop that, when run, determines the > laptop ip and writes a one line file containing: > > sh-httpd: ip.add.re.ss/255.255.255.255 > > to the laptop temp directory, and then uses scp or ssh or rsync > to append that one line temp file to the LEAF box /etc/host.allow. Hmm. Yeah I guess this would work. I have two objections to this kind of scheme, though: 1. A laptop is inherently in danger of getting 'lost'. If that should happen, having the laptop (and the firewall) being configured so the laptop has a (semi) automatic capability to write to hosts.allow would maybe make it a little too easy for anyone who happens to 'find' it to gain access to the firewall... 2. Said laptop might very well be some sort of windows-entity. And although one *might* be able to create such a script for that platform, I would *not* like the idea of letting windows have root-access to my firewall... If you know what I mean. Maybe I'm just too paranoid, or maybe it's just that I'm a newbie in this field, but writing to hosts.allow like that, on a routine basis... it just seems... well... insecure? I must say that I like the idea better, of having a script on the firewall listen on a predetermined port, for some kind of identifier, and then open up for traffic from the laptop IP. And having this happen dynamically, so you get one session at a time... > If the laptop is on a private network, then the script uses > the NAT gateway ip. Determinig the NAT ip could get tricky, > but can be done easily enough with a script that when called > makes traffic to somewhere that responds with the NAT ip. Sounds reasonable. Something like calling whatismyip.com or somesuch perhaps? This is getting very interesting :) Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] weblet howto, was;(no subject)
On Thursday 24 January 2002 17:09, Mike Noyes wrote: > At 2002-01-24 12:52 +0100, Jon Clausen wrote: > Jon, > It looks nice, Thank you > appreciate the effort required to author FAQs, and don't wish to discourage > you from submitting them in the future. On the contrary. Seeing as this is my first html ever (well almost anyway) I made it pretty much 'monkey see, monkey do' (looking at the source for other pages), so I rather enjoy getting some directions on this. > First run tidy against the document. Right, I gotta get 'tidy' first, though. I'll look into that tonight. > It should correct most of the old tags you're using. lol This is kind of funny, cause I really haven't that faintest idea about html, in the first place... so being told that I'm using old tags :D I mean, if I'd been doing html for years... oh well, maybe I should consult some resource somewhere... > $ tidy -utf8 -m -f errorfile -asxml weblethowto-pub.html > > is now > is now > is now Specifically the tag was really just something I entered thinking 'hmmm, this prolly won't work' and then, much to my surprise, it did... :) > You can see the current problems with the document by going to the w3c.org > site, putting in your Address:, and selecting Document Type: of XHTML 1.0 > Strict. > http://validator.w3.org/ I'll check this later. Thanks for the info. More on this subject should maybe be a new thread like 'Documentation formatting' or something, don't you think? Regards Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] weblet howto, Updated
> I put the draft at: http://bund.dk/~jon/weblethowto-pub.html so you guys > can get a preview. (Also it was a good opportunity to make some more html > and myself a homepage -my first...) I'll update it later today with the > above... O.k. done. Feedback welcome :) Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] weblet howto, was;(no subject)
On Thursday 24 January 2002 05:03, Jack Coates wrote: > On Wed, 23 Jan 2002, Erich Titl wrote: > > Hi Jon > > > > great someone took the time, here just my 2c Thanks. here's mine: > > Q) But what if I am roaming and want access from an unknown IP Haven't a clue ;) > > Q) But i don't know my address on the road. Well neither do I... but this next bit from Jack looks like a way to go. But if he's out of his depth, I'm not even in the same pond... :P > dyndns would be a good link here. I've also heard of people setting up > scripts to listen for a predetermined sequence of packets at a > predetermined port, then open the rule to the IP that the packets come > from. This could be as simple as "telnet my.router.home " or > something really complex requiring a script and a packet crafter. The > router end is out of my depth, but this would be an interesting project > to research. Indeed. > > For clarity you might add something to /etc/services > > wwweblet 8081/tcp# the leaf/lrp weblet port This is good. I'll add it straight away. > > and then > > hope this does not sount too sneaky > > > > We could even set up the port in /etc/inetd.conf from the information in > > /etc/sh-httpd.conf. It takes only a little configuration script (which > > must exist anyway in the distribution) and then we'd have to maintain > > only one location. This sounds really smooth, but again, it's over my head... :( I think what I'll do is put in the stuff i understand, and then someone should update the howto if/when these additions (dyndns & configure-script) get investigated... I put the draft at: http://bund.dk/~jon/weblethowto-pub.html so you guys can get a preview. (Also it was a good opportunity to make some more html and myself a homepage -my first...) I'll update it later today with the above... Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] remote access to dachstein (Weblet)
On Thursday 17 January 2002 07:36, Victor McAllisteer wrote: Hi list --Initial post I'm in a somewhat similar situation as the original poster. I too would like to access the weblet of a floppy-Dachstein, from the outside. The difference is, that we have a webserver in the DMZ, so port 80 gets forwarded to that machine. I have tried to use 81 instead, but obviously something's not going right. I used this as guidelines: > You will probably have to add something in /etc/hosts.allow: > sh-httpd: ip.add.re.ss/255.255.255.0 put my ip/mask in /etc/hosts.allow like above. > In /etc/network.conf > EXTERN_TCP_PORTS="address/mask_www" put EXTERN_TCP_PORTx="my.ip/my.mask 81" (I like the indexed list better. The indexnumber is o.k.) > Look in /etc/sh-httpd.conf to add the address range you are trying to > access from > # Who can access the server? > CLIENT_ADDRS="123.345.456." Did this. Have tried ip alone, and ip/mask. Also I put PORT=81 in /etc/sh-httpd.conf Access from the inside works perfectly. (Although I'm a bit puzzled by the fact that 'insiders' seem to access weblet on port 80, despite the PORT=81 statement above) So: Are there things about this that are doomed to failure? (like using port 81) Am I overlooking something (else) obvious? I really would appreciate some help with this, as I'm not only a Dahcstein newbie, but also rather frustrated at this point ;P Will post logs/whatever as requested/required TIA Jon Clausen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Suspicious 'last'
On Friday 18 January 2002 12:18, you wrote: > Hey Jon, > I can't say for sure, but these three look too > similar to be co-inkydinks: > > > USER TTY PID TIMEON FROM > > root ttyp0 153221794 UNKNOWN > > root ttyp0 154021791 10.*.*.* > > root ttyp0 155421785 10.*.*.* > > Don't you think there's some similarity? It difficult > to get those so sequential, wouldn't you think? Could the > unknown be from a login that didn't finish for some > innocent reason? > > Matt Hi matt, and thanks for the response :) similar..? -well yeah, now that you mention it, they *do* look kind of the same (both pid, and time-on -wise). Especially when compared to the rest of the entries :P Also I talked some more with Jan, and as it turns out he *was* doing some stuff that morning. So I should ask if he had some login fail at some point... Guess I could have looked a litlle closer before posting :( I just got pretty upset, 'cause I've never seen an 'unknown' come up like that before. And as I said, I'm pretty new to fw-building, and as such naturally paranoid. There are enough 'unknowns' (pun intended) for me in dealing with all this stuff, as it is. Thanks though. I haven't seen anything on the inside that suggets a breach, so I think it's probably o.k. Now, about that other stuff I was going to ask about, now that I've come out in the open... I'll post ;) Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Suspicious 'last'
Hi list I've been monitoring the list for a while now. Seems there are some very knowledgeable people here. Originally I was going to ask about some vpn-stuff, but then this happened: Running Dachstein on a three-way box with LAN (192.*.*.*) and DMZ (10.*.*.*), at a remote location. Everything seems to work (well pretty much anyway). I have web, mail, ftp and ssh forwarded through to dmz-host. As I logged in on the dach-box (ssh to dmz-host, and ssh from there to dach-box) last night it started the whole 'host unknown, somebody might be eavesdropping, do you want to continue?'-thing. Now this was because I was using a host (on my home lan) that I don't usually use for this. So I went to the machine that I *do* use for this, logged in (no problem) first to the dmz-box, and then to the dach-box. I then looked at 'last', and then I got worried: # last USER TTY PID TIMEON FROM reboot ~ 0 22545 2.2.19 root ttyp0 845 22491 192.*.*.* root ttyp0 153221794 UNKNOWN root ttyp0 154021791 10.*.*.* root ttyp0 155421785 10.*.*.* root ttyp0 538512592 10.*.*.* root ttyp0 550512518 10.*.*.* root ttyp0 682410156 10.*.*.* root ttyp0 90465075192.*.*.* root ttyp0 10667 157610.*.*.* root ttyp0 11313 114010.*.*.* root ttyp0 11804 176 10.*.*.* root ttyp0 12220 135 10.*.*.* root ttyp0 12235 119 10.*.*.* root ttyp0 12263 78 10.*.*.* root ttyp0 12597 70 10.*.*.* root ttyp0 13135 56 10.*.*.* root ttyp0 13744 26 10.*.*.* root ttyp0 13758 23 10.*.*.* root ttyp0 13769 18 10.*.*.* root ttyp0 13829 0 10.*.*.* Looking at the logs, I can see that this UNKNOWN corresponds to a root-login yesterday *morning*. The only other person who has access to these systems, tells me it wasn't him... Now I'm pretty new at this stuff, so I really would appreciate some opinions on this... Should I *be* worried, is there a way to check whether stuff has been tampered-with? I'll post further info, as requested/required. TIA Sincerely Jon Clausen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user