RE: [leaf-user] Bering (glibc) and snort - dies silently
Hello again, thanks for the suggestion. -Original Message- Do you have enough log space? Yes, there is enough log space. Way back when (because this computer had so much ram) I modified the syslinux.cfg file and made the log "45M". So, currently, without snort running, the leaf box says: Filesystem 1k-blocks Used Available Use% Mounted on rootfs 46080 11128 34952 24% / /dev/root46080 11128 34952 24% / tmpfs6389220 63872 0% /tmp tmpfs46080 3184 42896 7% /var/log Only 7% used. Should be plenty of space. Thanks for the idea though. Bye - ted PS: I guess i should tweak those numbers, I probably don't need 45M for root, etc. Another day, I guess. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] package list problem
hello: I have recently tried adding serial console support to my Bering 1.0 LEAF box. This is a dual floopy setup, and loads in a number of packages so I aslo have my package list in a "lrpkg.cfg" file, not in the "syslinux.cfg" file. Anyway, I followed the instructions in the Bering user's manual for serial line support, specifically I added the "serial 0 19200" and "append=.." lines to syslinux.cfg Now, when i boot the system and try to use LRCFG and go to packages (choice 3), the package list only list one thing - "initrd". the other packages all appear to load, and they firewall seems to be ok in all other respects. when i look at "/var/lib/lrpkg/packages" i do not see a list of packages anymore. there is only one line "Installed - root /dev/fd0 etc /dev/fd0 ." (sorry about this quote, it may not be exact, but what it looks like is the output you see when the OS starts to load the packages during the boot up process). if i replace the syslinux.cfg file with the original one, the lrcfg, and package list files return to normal, and all the packages are listed. Unfortunately, i don't have my serial console here yet (i have to go get it, and i have stored away the monitor and keyboard i was using before), so i can't easily see the messages during boot right now, but will if this may be of help. anyway, i am not sure what is wrong. i assume the /var/lib/lrpkg/packages file is created during startup, but why would adding the "serial" and "append" lines to the syslinux.cfg change this? thanks for any help ted w. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: package list problem
Erich: thanks for the reply. anyway, about switching from fd0 to fd1. the packages are loaded at boot, and syslinux.cfg is configured to use both drives, so everything works as it should without me at a console. (i am not sure if i answered or understood your question, but i hope the answer is understandable) anyway as for details: my lrpkg.cfg reads (all one line): root,etc,local,modules,iptables,shorwall,dhclient,netutils,logchk,ntpdate,ps entry,libz,sshd,libm,libnsl,perl5,snort18,weblet,tcpdump,logsurf now, the image where lrcfg works (and lists all the packages as it should) uses a syslinux.cfg of: display syslinux.dpy timeout 0 default linux initrd=initrd.lrp log_size=45M syst_size=45M init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680,/dev/fd1u1680 and the output of /var/lib/lrpkg/packages is: initrd root etc local modules iptables shorwall dhclient netutils logchk ntpdate psentry libz sshd libm libnsl perl5 snort18 weblet tcpdump logsurf and the output of /var/lib/lrpkg/backdisk is: initrd=-t msdos /dev/fd0u1680 root=-t msdos /dev/fd0u1680 etc=-t msdos /dev/fd0u1680 local=-t msdos /dev/fd0u1680 modules=-t msdos /dev/fd0u1680 iptables=-t msdos /dev/fd0u1680 shorwall=-t msdos /dev/fd0u1680 dhclient=-t msdos /dev/fd0u1680 netutils=-t msdos /dev/fd0u1680 logchk=-t msdos /dev/fd0u1680 ntpdate=-t msdos /dev/fd0u1680 psentry=-t msdos /dev/fd0u1680 libz=-t msdos /dev/fd1u1680 sshd=-t msdos /dev/fd1u1680 libm=-t msdos /dev/fd1u1680 libnsl=-t msdos /dev/fd1u1680 perl5=-t msdos /dev/fd1u1680 snort18=-t msdos /dev/fd1u1680 weblet=-t msdos /dev/fd1u1680 tcpdump=-t msdos /dev/fd1u1680 logsurf=-t msdos /dev/fd1u1680 now, when i changed the syslinux.cfg as described in the user's quide (for serial console) to (the setup that does NOT list the packages in lrcfg): serial 0 19200 display syslinux.dpy timeout 0 append console=ttyS0,19200 default linux initrd=initrd.lrp log_size=45M syst_size=45M init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680,/dev/fd1u1680 then the contents of /var/lib/lrpkg/packages becomes (basically two lines, one short, one long): initrd LINUXRC: Installing - root: /dev/fd0u1680 etc: /dev/fd0u1680 local: /dev/fd0u1680 modules: /dev/fd0u1680 iptables: /dev/fd0u1680 shorwall: /dev/fd0u1680 dhclient: /dev/fd0u1680 netutils: /dev/fd0u1680 logchk: /dev/fd0u1680 ntpdate: /dev/fd0u1680 psentry: /dev/fd0u1680 libz: /dev/fd1u1680 sshd: /dev/fd1u1680 libm: /dev/fd1u1680 libnsl: /dev/fd1u1680 perl5: /dev/fd1u1680 snort18: /dev/fd1u1680 weblet: /dev/fd1u1680 tcpdump: /dev/fd1u1680 logsurf: /dev/fd1u1680 - Finished. but the contents of /var/lib/lrpkg/backdisk looks unchanged: initrd=-t msdos /dev/fd0u1680 root=-t msdos /dev/fd0u1680 etc=-t msdos /dev/fd0u1680 local=-t msdos /dev/fd0u1680 modules=-t msdos /dev/fd0u1680 iptables=-t msdos /dev/fd0u1680 shorwall=-t msdos /dev/fd0u1680 dhclient=-t msdos /dev/fd0u1680 netutils=-t msdos /dev/fd0u1680 logchk=-t msdos /dev/fd0u1680 ntpdate=-t msdos /dev/fd0u1680 psentry=-t msdos /dev/fd0u1680 libz=-t msdos /dev/fd1u1680 sshd=-t msdos /dev/fd1u1680 libm=-t msdos /dev/fd1u1680 libnsl=-t msdos /dev/fd1u1680 perl5=-t msdos /dev/fd1u1680 snort18=-t msdos /dev/fd1u1680 weblet=-t msdos /dev/fd1u1680 tcpdump=-t msdos /dev/fd1u1680 logsurf=-t msdos /dev/fd1u1680 so, i was doing some looking on the web, and i quess it does matter where the append line is, so i changed it, and syslinux.cfg became: serial 0 19200 display syslinux.dpy timeout 0 default linux initrd=initrd.lrp log_size=45M syst_size=45M init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680,/dev/fd1u1680 append console=tty0 console=ttyS0,19200 (i also adde the tty0 console, i think this allows both the monitor and the serial port to get kernel messages during boot, right?) and with this, lrcfg seems to work again (the packages are displayed as they should be), /var/lib/lrpkg/packages now reads: initrd root etc local modules iptables shorwall dhclient netutils logchk ntpdate psentry libz sshd libm libnsl perl5 snort18 weblet tcpdump logsurf and the contents of /var/lib/lrpkg/backdisk is also unchanged: initrd=-t msdos /dev/fd0u1680 root=-t msdos /dev/fd0u1680 etc=-t msdos /dev/fd0u1680 local=-t msdos /dev/fd0u1680 modules=-t msdos /dev/fd0u1680 iptables=-t msdos /dev/fd0u1680 shorwall=-t msdos /dev/fd0u1680 dhclient=-t msdos /dev/fd0u1680 netutils=-t msdos /dev/fd0u1680 logchk=-t msdos /dev/fd0u1680 ntpdate=-t msdos /dev/fd0u1680 psentry=-t msdos /dev/fd0u1680 libz=-t msdos /dev/fd1u1680 sshd=-t msdos /dev/fd1u1680 libm=-t msdos /dev/fd1u1680 libnsl=-t msdos /dev/fd1u1680 perl5=-t msdos /dev/fd1u1680 snort18=-t msdos /dev/fd1u1680 weblet=-t msdos /dev/fd1u1680 tcpdump=-t msdos /dev/fd1u1680 logsurf=-t msdos /dev/fd1u1680 SO, i really don't know what to make of this. with the append= line at the end of the syslinux.cfg file, the ../lrpkg/packages file appears intact. so, if leaving the append
RE: [leaf-user] lshd / additional users on bering - su command
thanks for everyone's help and input. you know what they say - a little knowldege is a dangerous thing. anyway, su now works. basically, as root i did: "chmod 4111 /usr/local/bin/su" (not "chmod +4111 /usr/local/bin/su" - the "+411" in my last email was a typo - i had been trying "+4111") i don't really know linux very well at all, but when i saw what the permisions should actually look like, i played a little with the "chmod" command. and removing the "+" character did the trick. ls -l for su now reads: ---s--x--x and this works fine. i don't think i really need to have read/write access to su, do I? and if i do, i can always change that later as root, right? (obviously, i also DID NOT save to floppy any of my experimentation on /etc/shadow. just reboot and all the mistakes i may have made are gone) thanks for everyones help. ted --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] lshd / additional users on bering - su command
lynn-
sorry, i wasn't ignoring anything.
i guess i just didn't say it. but i did EXACTLY what you suggested.
i logged in as ROOT (via lshd), and typed "chmod +411 /usr/local/bin/su"
after this i logged out, went back to and reconnected, and logged back in as
the user. trying "SU" gave me the same password error message.
sorry for the misunderstand. i don't want you to think that i was ignoring
your advice, i wasn't. i guess my reply didn't make it clear that i had
followed your suggestion to the letter, and that it didn't change the error
message. that's when i went and looked at the /etc/shadow file and tried
chaning it's permissions, and that's when the error message changed.
so. to be clear. I logged in as ROOT. i entered "CHMOD +4111
/usr/local/bin/su".
i logged out. i logged back in as the user. i entered "su". i entered the
root password. the error message was NOT CHANGED.
so, then i changed read permission on /etc/shadow (as root)
now, instead of getting and "su: incorrect password" error message, i get an
"su: cannot set groups: Operation not permitted" error message.
are you implying with your comments that the second error message is also
indicative of a problem with the permissions under which su is running?
i also didn't think about the issue of making the password file available to
anyone that logs in. certainly, that is not a good idea. but "chmod +4111
/path/to/su"
executed as root, did not change the error/problem.
thanks for your - ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lynn Avants
Sent: Thursday, May 29, 2003 8:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] lshd / additional users on bering - su command
On Thursday 29 May 2003 09:25 am, Theodore Wynnychenko wrote:
> > any other ideas on login or su?
>
> As 'root', do:
> chmod +4111 /path/to/su
>
> If 'su' isn't run suid, then most likely /etc/shadow isn't
> being read because 'su' is running as your non-root user.
> --
> ~Lynn Avants
> Linux Embedded Appliance Firewall Developer
>
> -
>
> ok, i tried chmod, still get the password incorrect reply from su.
>
> the output of "ls -l" of su didn't change after chmod. it is and was:
>
> ls -l
>
> -rwxr-xr-x 1rootroot 9504May 17 18:24
>
> this is what I see when logged in as the user (not root). if i read it
> correctly
> (without consulting my book), i think it should be executable by anybody,
> and is.
Yes, it is executable by anybody, but runs as the user calling it and can't
read the necessary root-only readable files. You have to set the permissions
for the binary to run as root (suid bit) regardless of the user calling it.
I told you only root could change the binary permissions ('> As 'root',
do:'),
so your either going to have to login as root to fix this or modify your
system so anyone with access under any reason can get all password
information
from you box. This is a file-permissions 101 question, I gave you the
correct information to fix it with last post...either you can use it or
ignore it, I really don't care.
--
~Lynn Avants
Linux Embedded Appliance Firewall Developer
http://leaf.sourceforge.net
http://guitarlynn.homelinux.org:81
---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] lshd / additional users on bering - su command
> any other ideas on login or su? As 'root', do: chmod +4111 /path/to/su If 'su' isn't run suid, then most likely /etc/shadow isn't being read because 'su' is running as your non-root user. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer - ok, i tried chmod, still get the password incorrect reply from su. the output of "ls -l" of su didn't change after chmod. it is and was: ls -l -rwxr-xr-x 1rootroot 9504May 17 18:24 this is what I see when logged in as the user (not root). if i read it correctly (without consulting my book), i think it should be executable by anybody, and is. is there something that needs to be done to /etc/shadow? i really don't know this stuff, just grasping. i noticed that with "ls -l" /etc/shadow looks like: -rw--- 1 root shadow 774 May 17 18:27 so i tried "chmod +x" but still got the same password error. then i thaught, it doesn't need world exec it needs world read. so i did "chmod +r" on shadow, and now "ls -l" gives: -rwxr-xr-x 1 root shadow 744May 17 18:27 then, i logged out and back in as the user, and when i tried "su" and entered the password, it said: su: cannot set groups: Operation not permitted so, it looks like the password incorrect issue was that /etc/shadows was not readable by su when run in the users shell (is this a correct interpetation?) now, it appears the password is read and validates with su, but i get this new error. any ideas? thanks - ted --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] lshd / additional users on bering - su command
thanks Ray. i tried using login. after connecting via lsh with a user account i tried "login". i also tried "login root", "exec login", "exec login root" they all return the same message: No utmp entry. you must exec "login" from the lowest level "sh" also, when i use the "exec login" versions above, the bering box immediately closes the lsh connection. ps ax gives me: (i don't really know if/why this is relevant) PID UidVmSize Stat Command 3362user 1316S -sh 19627 user 1796R ps ax I did find a utmp file in /var/run, and tried removing it, but then i get the same message, and, in addition I also get file not found messages (i guess i thaught that by removing it, the file would get recreated and magically work) anyway, that's what i get. is there another way to log in with a non-root account (into lshd) and then get to root? any other ideas on login or su? thanks again - ted At 12:22 PM 5/28/2003 -0500, [EMAIL PROTECTED] wrote: >again, i would like to thank everyone for their input. > >yes, the su binary comes from (i think) the Dach distribution. >there is not a problem with path. the command does execute when it >resides in /usr/local/bin. > >in fact, if i log in as root, i can su to root (no password required), >and i do get a root shell, within the outer root shell. > >certainly, this is not a problem related to lshd or sshd (i was merely >tagging this question to the end of the previous one). > >the issue seems to be with password authetication, as was mentioned in a >prior reply. > >is there anything i can do to fix this? or, what other information can i >provide to help with diagnosis of the problem? i am currently running >bering 1.0. [old stuff deleted] See if you can lsh in as ordinary_user, then run "login" to log in as root. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
