[SLUG] Re:ask perl(cant telnet)
Dear Henry : I used Net::Telnet(perl-module) from www.cpan.org use strict ; I executed perl-script as follows: use Net::Telnet (); my $t = Net::Telnet->new(Timeout => 10, Prompt => '/bash\$ $/'); #'/bash\$ $/'--> regular-expression $t->open("myhost"); $t->login("henry", "ab123"); Then I got msg "time out for waiting." Cause I dont know much about regular-expression , I modified line2,3 as follows my $t = Net::Telnet->new(Timeout => 10,); That is ,I dont define the second option, Then it work normally as a remote shell. BestRegards Henry
[SLUG] Debian source package fails at build
I'm trying to compile a source package from Debian testing on my Potato box. Here is the error: /home/loop# apt-get source apcupsd -b --no-download --ignore-missing Reading Package Lists... Done Building Dependency Tree... Done Need to get 1525kB of source archives. Get:1 http://debian.pacific.net.au testing/main apcupsd 3.8.1.5-1 (dsc) [642B] Get:2 http://debian.pacific.net.au testing/main apcupsd 3.8.1.5-1 (tar) [1515kB] Get:3 http://debian.pacific.net.au testing/main apcupsd 3.8.1.5-1 (diff) [9082B] Fetched 3B in 0s (6B/s) Skipping unpack of already unpacked source in apcupsd-3.8.1.5 utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. dpkg-buildpackage: source package is apcupsd utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. dpkg-buildpackage: source version is 3.8.1.5-1 utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. dpkg-buildpackage: source maintainer is Martin Mitchell <[EMAIL PROTECTED]> utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. debian/rules clean DEB_BUILD_ARCH=i386 DEB_BUILD_GNU_CPU=i386 DEB_BUILD_GNU_SYSTEM=linux DEB_BUILD_GNU_TYPE=i386-linux DEB_HOST_ARCH=i386 DEB_HOST_GNU_CPU=i386 DEB_HOST_GNU_SYSTEM=linux DEB_HOST_GNU_TYPE=i386-linux dh_testdir dh_testroot rm -f build-stamp install-stamp # Add here commands to clean up after the build process. make realclean make[1]: Entering directory `/home/loop/apcupsd-3.8.1.5' make[1]: *** No rule to make target `realclean'. Stop. make[1]: Leaving directory `/home/loop/apcupsd-3.8.1.5' make: [clean] Error 2 (ignored) dh_clean debian/rules build DEB_BUILD_ARCH=i386 DEB_BUILD_GNU_CPU=i386 DEB_BUILD_GNU_SYSTEM=linux DEB_BUILD_GNU_TYPE=i386-linux DEB_HOST_ARCH=i386 DEB_HOST_GNU_CPU=i386 DEB_HOST_GNU_SYSTEM=linux DEB_HOST_GNU_TYPE=i386-linux dh_testdir # Add here commands to compile the package. autoconf -l autoconf autoconf/configure.in >configure /bin/sh: ./autoconf: is a directory make: [build-stamp] Error 126 (ignored) SHUTDOWN=/sbin/shutdown CFLAGS="-O2 -g -Wall" ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-powerflute --enable-cgi --sysconfdir=/etc/apcupsd --with-cgi-bin=/usr/lib/cgi-bin/apcupsd --with-catgets --with-pid-dir=/var/run make make[1]: Entering directory `/home/loop/apcupsd-3.8.1.5' make[1]: *** No targets specified and no makefile found. Stop. make[1]: Leaving directory `/home/loop/apcupsd-3.8.1.5' make: *** [build-stamp] Error 2 Build command 'cd apcupsd-3.8.1.5 && dpkg-buildpackage -b -uc' failed. E: Child process failed How do I fix the "utmp entry ("loop") does not match value of LOGNAME ("root"); using "root" at /usr/lib/dpkg/controllib.pl line 47. " error? and if that gets fixed, will the next lot go away? -- It was such a lovely day I thought it a pity to get up. [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian This is random quote 663 of a collection of 1204 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] freeswan kernel config
At 16:53 27/02/2002, Simon Wong sent this up the stick: >Afternoon! > >I just installed the kernel-patch-freeswan deb package and reading the >README it says set PATCH_THE_KERNEL=yes and then: > > $fakeroot make-kpkg --config=menuconfig --revision=whatever > kernel_image > >The thing is I can't find any options for the freeswan stuff! > >Can someone give me a hint on where it might be or isn't there anything >I need to manually configure? I went through this recently, and found it best to use something like: $fakeroot make-kpkg --revision=whatever --added_patches=freeswan kernel_image _without_ specifying PATCH_THE_KERNEL. If you have already run menuconfig, it will carry on until it gets to the freeswan options, and then ask you for answers. Cheers, Rob -- I didn't climb to the top of the food chain to be a vegetarian. [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian This is random quote 514 of a collection of 1204 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] freeswan kernel config
> I just installed the kernel-patch-freeswan deb package and reading the > README it says set PATCH_THE_KERNEL=yes and then: Use PATCH_THE_KERNEL=YES - Jeff -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] freeswan kernel config
Afternoon! I just installed the kernel-patch-freeswan deb package and reading the README it says set PATCH_THE_KERNEL=yes and then: $fakeroot make-kpkg --config=menuconfig --revision=whatever kernel_image The thing is I can't find any options for the freeswan stuff! Can someone give me a hint on where it might be or isn't there anything I need to manually configure? TIA. -- ** * Simon Wong * ** -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Autoresponder
Hi Andrew Search freshmeat.net for 'vacation'. The first 2 are the most popular ones. Regards, Gonzalo On Wed, 2002-02-27 at 16:23, Andrew Burrows wrote: > Hi All, > > I have a general question not all that related to Linux but anyway I'll give > it a go. Dose anyone know of some autoresponder software for Linux that I > would be able to have a look at > > Andrew > -- > > > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Autoresponder
Hi All, I have a general question not all that related to Linux but anyway I'll give it a go. Dose anyone know of some autoresponder software for Linux that I would be able to have a look at Andrew -- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] OT - sendmail processes
I'm getting a huge number of "NOQUEUE: no connection" messages on my sendmail log. Corresponding to those there are lots of processes that look like this: [root@mail log]# ps ax | grep sendmail 486 ?S 0:21 sendmail: accepting connections on port 25 32559 ?S 0:00 sendmail: startup with f244.law12.hotmail.com When I did this particular ps, there were 14 of these processes, each corresponding to a NOQUEUE log thus: sendmail[32559]: NOQUEUE: Null connection from f244.law12.hotmail.com [64.4.19.244] Should I be worried? The server doesn't appear to be open relay. I've tested it using http://www.abuse.net/relay.html The processes seem to persist for some time. I can't find any sign of legitimate mail from these hosts. They are mostly hotmail or sydhosmtp01.westfield.com.au [root@mail log]# grep sydhosmtp01.westfield.com.au maillog | wc -l 322 [root@mail log]# David. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Squid & SSL
Hi guys, Is there another way of getting remote address information in an SSL environment without using "X-Forwarded-For" header (since this header is unavailable during SSL)? Thanks. SH -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] can't stat mirror.pacific.net.au
They appear to have a sample sources.list at http://mirror.pacific.net.au/sample/sources.list Could you modify that to suit? And I got a bounce on your address -> no user adam at slug.org.au On Wed, Feb 27, 2002 at 03:03:42PM -0500, Adam Bogacki wrote: > Hi, > 'apt-get install cups' gives me the answer > 'can't stat http://mirror.pacific.net.au ..' > which I can't understand because it has worked before. > > I have attached my /etc/apt/sources/list in case there > is an error I cannot see. > > Apologies if mutt is a bit rough - I have not yet set it up properly. > > Adam Bogacki, > > [EMAIL PROTECTED] [current ISP] > [EMAIL PROTECTED][forwarding] > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- "This is a corn chip, it's not Nachos" - Wilfred, Tropfest 2002 msg20738/pgp0.pgp Description: PGP signature
Re: [SLUG] can't stat mirror.pacific.net.au
On Wed, Feb 27, 2002 at 03:03:42PM -0500, Adam Bogacki wrote: > Hi, > 'apt-get install cups' gives me the answer > 'can't stat http://mirror.pacific.net.au ..' > which I can't understand because it has worked before. > > I have attached my /etc/apt/sources/list in case there > is an error I cannot see. No you didn't. :) Anyhow... have you talked to the person who runs the server? There's an email address listed on that page... -- SOCCER PLAYER IN GENITAL-BITING SCANDAL --- "It was something between friends that I thought would have no importance until this morning when I got up and saw all the commotion in the news," Gallardo told a news conference. "It stunned me." Reyes told Marca that he had "felt a slight pinch." -- http://www.azcentral.com/offbeat/articles/1129soccer29-ON.html -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] can't stat mirror.pacific.net.au
Hi, 'apt-get install cups' gives me the answer 'can't stat http://mirror.pacific.net.au ..' which I can't understand because it has worked before. I have attached my /etc/apt/sources/list in case there is an error I cannot see. Apologies if mutt is a bit rough - I have not yet set it up properly. Adam Bogacki, [EMAIL PROTECTED] [current ISP] [EMAIL PROTECTED][forwarding] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Linux for the servers, Windows for the PCs (Germany)
FYI: Another big win for GNU/Linux. For those of your out there promoting Linux, the German Government just decided to go Linux on their 150 internal servers. Bad luck Microsoft! Wonder if our government is conducting similiar evaluations? Next time maybe they'll move the desktop too. Go here: http://babelfish.altavista.com/ and feed it this: http://www.heute.t-online.de/ZDFheute/artikel/0,1251,COMP-0-178460,00.html Stuart -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Firewalls
Looking through the scripts isn't going to give you much of an idea of weather your firewall is going to do what you want unless you're an absolute guru when it comes to networking and network security and ipchains/ iptables/ ipfwadm you really need to bash your box with nessus and nmap to find out if your exploitable. Even this may not technique may not discover all holes and exploits but it's a whole lot more reliable than reading through a script and trying to interpret what the script will do. -- -Original Message- From: Simon Wong [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 27 February 2002 11:56 AM To: Slug List Subject: Re: [SLUG] Firewalls On Wed, 2002-02-27 at 10:35, Catie Flick wrote: > Personally I've only ever used Bastille Linux to 'harden' a box, and have > sat down with the 'Linux Firewalls' book by Ziegler (excellent excellent > reference) and taught myself ip[chains|tables] because I didn't really trust > the script generators myself :-) I'm using firestarter (Gnome) to set my iptables up for me. I guess I'm trusting that it does the right "thing" and a quick look through the generated scripts seems OK - mind you I'm no expert and not sure I have time to read the book you mention ;-) Searching for "A Better Way" to a home loan ?. Call RAMS on 13 7267, or go to http://www.rams.com.au The e-mail and any attachments may contain confidential information. If you receive it in error you must not use or disclose the information. You must tell us and delete it. We do not waive any legal privilege by sending it. RAMS does not promise that the email is free from virus defect or error. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Partition blues: a story
What did I do? Short answer: Not really sure. I wanted to make another FAT16 partition for WINME. I had an experimental hurd partition (2G) that I didn't need, so I know from .bash_history that I did this: mkdosfs /dev/hda2 # to make the partition fdisk # not the tool I wanted cfdisk /dev/hda # to set the partition type to FAT16 cfdisk /dev/hda # to check that all was well I rebooted into WINME (which is /dev/hda1 - 2G) I think WINME didn't like the new partition so I ran DOS fdisk in WINME, rebooted and formatted the drive in WINME. Contrary to my memory on the matter, ME did not mind that the new partition was a primary (a thought that occurred to me afterwards). Anyway, I now had a D: and I proceeded to move a lot of files around - the main reason I needed the drive. What I failed to notice was that D: was only 1G - half the 2G partition. I discovered this when it filled-up unexpectedly. I ran DOS fdisk again, and it confirmed the 2G partition size. I think I rebooted WINME again (if at first you don't succeed, reboot!) and now I had a drive E:!!! I thought that this was typical M$ behaviour and that it was a ghost of D: (my desktop at home gets multiple CD-ROM drives listed). I don't recall formatting E:, but it seemed formatted, had a recycle bin, and was empty. Now I was worried - was this my linux root partition (being hda3?). I rebooted. L <07><07><07>... (I stared at it a long time, but it didn't stop) The analysis After scanning the drive with diskedit, the beginning of hda3 was trashed and the extended partition (hda4) did not point to a valid partition table. hda5 and onwards seemed OK, and were chained. (sounds like I can just look at a partition table and analyse it like a chess champion, but it took days and a spreadsheet to assist with the calculations. My Partition Table looked like this: (a Rector is a relative sector, and the tabbing may not look good for you) Rector #SectorsDescTypeComment 0 1 MBR+PT Now a DOS MBT with fdisk /mbr 1 62 unused 63 4192902 C: 0E OK 4192965 3991680 D: 0E I thought it was D:, but it was only 1G ? ? E:? ? I could not find a PT for E: 8184645 997920 P3 83 root & /boot etc. - damaged 9182565 1 Ext.Partoverwritten 9182566 62 unused 9182628 1995777 P5 83 reiser .var - OK ... the rest of the partitions seemed OK and still linked. Using diskedit again I found that: C: MSWIN4.1 @ cyl 0, head 1, sector , 63 hidden sectors, 4192902 total sectors (2G) - seems to make sense D: MSWIN4.1 @ cyl 564, head 150, sector 1, 4192965 hidden sectors, 1997856 total sectors (1G) - what the... E: mkdosfs, @ cyl 277, head 75, sector 1, 0 hidden sectors, 1997856 total sectors (1G) - interesting It seems that when I formatted D:, it skipped past my mkdosfs attempt, found some space and made D: half-way through a partition!?!?! Unfortunately, the combined size of D: and E: was greater than the partition by 4032 sectors, so it overwrote the beginning of my linux root/boot partition (hda3). How did I fix it? I moved the files back onto C: I manually calculated the correct Rectors and re-created the overwritten partition table in sector 9182565 I booted a debian CD - no good for a standard fsck repair. I then used another superblock at 73729 - a long way away from possible damage. I did a fsck -p -y -b 73729 /dev/hda3 and let it go. It recovered most of the files in /etc that I wanted to keep, but for good measure I took a copy of all readable text on the drive with grep. Phil -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] umask file permissions with samba
On Wed, Feb 27, 2002 at 12:41:52PM +1100, Jeff Waugh wrote: > > > > 770 gives rwx permission to owner and group, --- to other. > > 660 gives rw- permission to owner and group, --- to other. > > Yeah, generally the file ones are set to 660, and having stuff readable to > other is not good if you want to restrict it to a group. Yes, and if you wanted to restrict it to a group, you probably wouldn't use force group. ( I wouldn't anyway ) By using force group, everyone who connects to the service will have their primary group changed to the forced group. ie they don't need to be a member of the group in /etc/passwd or /etc/group. A different way to do it, just as another example. addgroup sales adduser user1 sales # adds user1 to group sales adduser user2 sales # this doesn't work on all distros. mkdir /home/sales chown root:sales /home/sales/ chmod 2770 /home/sales/ [sales] path = /home/sales write list = @sales valid users = @sales inherit permissions = yes write list and valid users are extra security on top of the unix file permissions, you could remove them and add writable = yes and have the same effect. This example means all users that are a member of the sales group can share files, edit and delete other peoples file. If they're not a member of sales, they can't access the service at all. If I changed it to [sales] path = /home/sales writable = yes force group = sales force create mode = 770 create mode = 770 force directory mode = 770 directory mode = 770 Everyone would have read/write access to sales, regardless of what groups they are members of, regardless of other permissions. Which is fine, if thats what you want, and probably is what you want for a small office. I offer my example just as an alternative, and for review. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] NVidia software DVD Player
Or course, it mentions... NVDVD supports all of the industry standard DVD APIs, including DirectShowTM, DirectDrawTM, DirectSoundTM, and DirectX® Video Acceleration. The NVDVD architecture is uniquely scalable and tightly tailored to the DVD specification and the intricacies of the PC system environment, providing the most seamless navigation experience available. NVDVD will be available for distribution to and by OEMs and system integrators immediately. So unless Wine has advanced further than I thought... :) Adam - Original Message - From: "Bill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 27, 2002 1:35 PM Subject: [SLUG] NVidia software DVD Player > Hi Guys, > > Saw press release re above today. Only mentions Intel based PCs, not > specific OS. Should we all write asking re Linux > > > see http://www.nvidia.com/view.asp?IO=IO_20020222_7836 > > Bill > [EMAIL PROTECTED] > > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
iptables -A INPUT -j DROP or set the INPUT policy to DROP. Phil Simon Wong <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 27/02/2002 13:14 To: Slug <[EMAIL PROTECTED]> cc: Subject:Re: [SLUG] Firewalls On Wed, 2002-02-27 at 12:13, Jeff Waugh wrote: > > iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport 22 > > would stop you from ssh'ing in to your machine... Probably not a good idea, > but it's a good example. ;) Is there something to drop all connections to ports so you could set that after you had explicitly allowed certain ports? e.g. iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport ALL ;-) -- ** * Simon Wong * ** -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] NVidia software DVD Player
Hi Guys, Saw press release re above today. Only mentions Intel based PCs, not specific OS. Should we all write asking re Linux see http://www.nvidia.com/view.asp?IO=IO_20020222_7836 Bill [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] umask file permissions with samba
> force create mode = 770 Aw too easy! Thanks for that! Cheers Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
> Is there something to drop all connections to ports so you could set > that after you had explicitly allowed certain ports? > > e.g. iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport ALL ;-) If you don't define a destination port, you're just dropping all packages to that ipaddress/netmask. So, yes. :) - Jeff -- "GIMP is the primary tool in my graphics work. It is my gcc and Emacs." - Tuomas Kuosmanen -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
On Wed, 2002-02-27 at 12:13, Jeff Waugh wrote: > > iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport 22 > > would stop you from ssh'ing in to your machine... Probably not a good idea, > but it's a good example. ;) Is there something to drop all connections to ports so you could set that after you had explicitly allowed certain ports? e.g. iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport ALL ;-) -- ** * Simon Wong * ** -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] umask file permissions with samba
> 770 gives rwx permission to owner and group, --- to other. > 660 gives rw- permission to owner and group, --- to other. Yeah, generally the file ones are set to 660, and having stuff readable to other is not good if you want to restrict it to a group. - Jeff -- Self-assertive pants are filled with confidence. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
Hi Graeme, I had a look at www.e-smith.org looks ok I will install and let you know how I go. Thanks Andrew -- > From: Graeme Robinson <[EMAIL PROTECTED]> > Date: Wed, 27 Feb 2002 11:54:25 +1100 > To: Andrew Burrows <[EMAIL PROTECTED]> > Cc: Slug <[EMAIL PROTECTED]> > Subject: Re: [SLUG] Firewalls > > At 11:35 27/02/2002 +1100, Andrew Burrows wrote: > >> Thanks for the tip on top-posting I agree, this is my first time on this >> group and the responses are fantastic. >> I have a machine that will do the job, Could you confirm the name of the >> firewall produce please. > > SME 5.1.2 (formerly e-smith) > Just do a search on www.everythinglinux.com.au for SME to order the installer. > For info on the distribution, the install manuals online in html, and > specialised public forum assistance go to www.e-smith.org > Install is highly automated and usually quite without the need for linux > expertise. > > -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= > Graeme Robinson - Graenet consulting > www.graenet.com - internet solutions > -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] umask file permissions with samba
770 gives rwx permission to owner and group, --- to other. 660 gives rw- permission to owner and group, --- to other. Kerry. - Original Message - From: "Jeff Waugh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 27, 2002 12:26 PM Subject: Re: [SLUG] umask file permissions with samba > > > > How can I configure samba so that the group has write permission. > > [public] > comment = Public > path = /home/PUBLIC > public = yes > writable = yes > > force user = staff > force group = staff > > force create mode = 770 > create mode = 770 > force directory mode = 770 > directory mode = 770 > > :) > > - Jeff > > -- > "Funny, I have no trouble distinguishing my mobile phone from the >others because it's in my _own fucking pocket_!" - Mobile Rage > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] hi
i saw your mail regarding MS outlook to netscape. i need a favor. can you tell me how can receive my netscape.net mail in outlook express.
Re: [SLUG] umask file permissions with samba
> How can I configure samba so that the group has write permission. [public] comment = Public path = /home/PUBLIC public = yes writable = yes force user = staff force group = staff force create mode = 770 create mode = 770 force directory mode = 770 directory mode = 770 :) - Jeff -- "Funny, I have no trouble distinguishing my mobile phone from the others because it's in my _own fucking pocket_!" - Mobile Rage -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Re: Perl Net::FTP problem
Thanks Deefer, Problem now solved. I wasn't setting passive mode correctly. It is not enough to use: $ftp->pasv() You need to pass the constructor option Passive: $ftp = Net::FTP->new($hostname, Passive=>1); Cheers, Kerry - Original Message - From: "getadog" <[EMAIL PROTECTED]> To: "SLUG List" <[EMAIL PROTECTED]> Sent: Wednesday, February 27, 2002 12:13 PM Subject: Re: [SLUG] Re: Perl Net::FTP problem > On Wed, Feb 27, 2002 at 11:51:21AM +1100, Kerry Seibold wrote: > > Reposted with debug detail now included. > > List directory hangs also. > > Any ideas? > > > Net::FTP=GLOB(0x8282e70)>>> PASV > > Net::FTP=GLOB(0x8282e70)<<< 530 Not logged in. > > I assume this means you're still in active mode > and later when you try to download, a firewall is > blocking the traffic. > > > Cmd: PASV > > 227: Entering Passive Mode (139,134,5,124,11,13) > > Here you are now in passive mode, and the download works. > > You probably want to move the $ftp->pasv() to after the > $ftp->login line. > > http://www.slacksite.com/other/ftp.html > > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Solaris 8 vs Linux
Thanks to all who replied. Even though it is a linux list, It was good to see objective comments on both OS. regards Grant -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] umask file permissions with samba
Sluggers, I've set up a samba server for a small office. The client computers are windoze95/8. Each person logs into windoze with their own user account and I've used user level security on the samba server and created the same users under linux. I've placed all the users in the same group so that they can share files. However when one of them creates or saves a file over the share it is saved with rw-r--r-- permissions. How can I configure samba so that the group has write permission. Normally this would be set by the umask of 002 (right?) TIA's Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
> Is it "right" (secure) that any user initiated connections e.g. icq are > allowed through as they are connecting in response to an internal > request? That's a basic stateful setup, so yes, it's okay. Other networks may require more stringent rules, however. :) > However, if I wanted to explicitly block ports always, what would I have > to do? Not sure what you'd have to do within the context of your firewall building software, but: iptables -A INPUT -j DROP -d $ipaddress/$netmask --dport 22 would stop you from ssh'ing in to your machine... Probably not a good idea, but it's a good example. ;) - Jeff -- What do you get when you cross a web server and a hen? Apoache. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Re: Perl Net::FTP problem
On Wed, Feb 27, 2002 at 11:51:21AM +1100, Kerry Seibold wrote: > Reposted with debug detail now included. > List directory hangs also. > Any ideas? > Net::FTP=GLOB(0x8282e70)>>> PASV > Net::FTP=GLOB(0x8282e70)<<< 530 Not logged in. I assume this means you're still in active mode and later when you try to download, a firewall is blocking the traffic. > Cmd: PASV > 227: Entering Passive Mode (139,134,5,124,11,13) Here you are now in passive mode, and the download works. You probably want to move the $ftp->pasv() to after the $ftp->login line. http://www.slacksite.com/other/ftp.html -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] problems compiling Dia
On Wed, 2002-02-27 at 11:14, Mark A. Bell wrote: > > checking for libart-config... /usr/local/bin/libart-config > checking for LIBART - version >= 2.1.0... no > *** Could not run LIBART test program, checking why... > *** The test program compiled, but did not run. This usually means > *** that the run-time linker is not finding LIBART or finding the wrong > *** version of LIBART. If it is not finding LIBART, you'll need to set > your > *** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to > point > *** to the installed location Also, make sure you have run ldconfig if > that > *** is required on your system > *** > *** If you have an old version installed, it is best to remove it, > although > *** you may also be able to get things to work by modifying > LD_LIBRARY_PATH *snip* > I'm going to do some more reading to find out what ldconfig and > ld.so.conf are for. Thanks for the suggestions. The best place to look would be the man page for ld.so In a nutshell, add "/usr/local/lib" to /etc/ld.so.conf, and run ldconfig. Then remove config.cache and start again. :-) -- Peter [EMAIL PROTECTED] Things just happen. What the hell. -- Didactylos the philosopher (Terry Pratchett, Hogfather) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
> >>> Linux doesn't have 'firewall products', per se. You use one of ipfwadm, > >>> ipchains, or iptables (depending on kernel version) to set up rules in the > >>> kernel which are then used to block/allow/filter/redirect/ traffic > >>> between interfaces. A question on iptables if I may? Firestarter generates a script for me setting up iptables which seems to work (hits are showing up etc). Is it "right" (secure) that any user initiated connections e.g. icq are allowed through as they are connecting in response to an internal request? Though, this seems useable and a good thing for a *single* user. However, if I wanted to explicitly block ports always, what would I have to do? -- ** * Simon Wong * ** -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Re: Perl Net::FTP problem
Reposted with debug detail now included. List directory hangs also. Any ideas? Cheers, Kerry. ftpget1.cgi (debug=>1 for Net::FTP) output is: Net::FTP: Net::FTP(2.56) Net::FTP: Exporter(5.562) Net::FTP: Net::Cmd(2.18) Net::FTP: IO::Socket::INET(1.25) Net::FTP: IO::Socket(1.26) Net::FTP: IO::Handle(1.21) Net::FTP=GLOB(0x8282e70)<<< 220 Serv-U FTP-Server v2.4a for WinSock ready... logging in Net::FTP=GLOB(0x8282e70)>>> PASV Net::FTP=GLOB(0x8282e70)<<< 530 Not logged in. Net::FTP=GLOB(0x8282e70)>>> user myuserid Net::FTP=GLOB(0x8282e70)<<< 331 User name okay, need password. Net::FTP=GLOB(0x8282e70)>>> PASS Net::FTP=GLOB(0x8282e70)<<< 230-Welcome to the Big Pond Cable Web Hosting service. Net::FTP=GLOB(0x8282e70)<<< 230 User logged in, proceed. logged in Net::FTP=GLOB(0x8282e70)>>> CWD / Net::FTP=GLOB(0x8282e70)<<< 250 Directory changed to / Net::FTP=GLOB(0x8282e70)>>> PWD Net::FTP=GLOB(0x8282e70)<<< 257 "/" is current directory. / Net::FTP=GLOB(0x8282e70)>>> PORT 144,137,96,177,19,0 Net::FTP=GLOB(0x8282e70)<<< 200 PORT Command successful. Net::FTP=GLOB(0x8282e70)>>> RETR index.html Net::FTP=GLOB(0x8282e70)<<< 150 Opening ASCII mode data connection for index.html (1353 bytes). [root@gateway cgi-bin]# ncftpget -d stdout -u myuserid -p mypassword ftp.users.bigpond.net.au /tmp index.html Remote server is running Serv-U FTP-Server. 220: Serv-U FTP-Server v2.4a for WinSock ready... Connected to ftp.users.bigpond.net.au. Cmd: USER myuserid 331: User name okay, need password. Cmd: PASS 230: Welcome to the Big Pond Cable Web Hosting service. User logged in, proceed. Cmd: PWD 257: "/" is current directory. Logged in to ftp.users.bigpond.net.au as myuserid. Cmd: FEAT 500: 'FEAT': command not understood. Cmd: CLNT NcFTPGet 3.0.2 500: 'CLNT': command not understood. Cmd: TYPE I 200: Type set to I. Cmd: SIZE index.html 213: 1353 Cmd: MDTM index.html 213: 20020221135208 Cmd: REST 1 350: Restarting at 1 - send STORE or RETRIEVE to initiate transfer. Cmd: REST 0 350: Restarting at 0 - send STORE or RETRIEVE to initiate transfer. Cmd: PASV 227: Entering Passive Mode (139,134,5,124,11,13) Cmd: RETR index.html 150: Opening BINARY mode data connection for index.html (1353 bytes). /tmp/index.html: ETA: 0:001.32/ 1.32 kB1.46 MB/s 226: Maximum disk quota limited to 10240 Kbytes Used disk quota 9759 Kbytes, available 480 Kbytes Transfer complete. /tmp/index.html: 1.32 kB 21.86kB/s Cmd: QUIT 221: Goodbye! > - Original Message - > From: "Kerry Seibold" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, February 21, 2002 3:46 PM > Subject: Perl Net::FTP problem > > > > Hi all, > > >From O'Reilly "Perl in a Nutshell" P441 Net::FTP > > > > ncftpget -u myuserid -p mypassword ftp.users.bigpond.net.au /tmp > index.html > > works fine but my script (see below) hangs at > > $ftp->get($filename); > > If I comment out the get line it works fine. > > #$ftp->get($filename); > > > > Anyone know what the problem is? > > I am running this from the firewall (RH7.1) machine. > > > > > > #!/usr/bin/perl -w > > > > # ftpget.cgi rev1.0 21/02/2002 > > # get a file from an FTP site > > > > use Net::FTP; > > > > $hostname='ftp.users.bigpond.net.au'; > > $username='myuserid'; > > $password='mypassword'; > > $home='/'; > > $filename='index.html'; > > > > $ftp = Net::FTP->new($hostname);#construct object > > print "logging in\n"; > > $ftp->pasv(); > > $ftp->login($username,$password); > > print "logged in\n"; > > $ftp->cwd($home),"\n"; > > $directory=$ftp->pwd(); > > print "$directory\n"; > > $ftp->get($filename); > > print "logging out\n"; > > $ftp->quit; > > print "logged out\n"; > > exit; > > > > > > > > > > - > > [EMAIL PROTECTED] is for LINUX-RELATED POSTS ONLY. For details and > information > > on how to unsubscribe, see http://www.luv.asn.au/mailinglists.html. > > > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
On Wed, 2002-02-27 at 10:35, Catie Flick wrote: > Personally I've only ever used Bastille Linux to 'harden' a box, and have > sat down with the 'Linux Firewalls' book by Ziegler (excellent excellent > reference) and taught myself ip[chains|tables] because I didn't really trust > the script generators myself :-) I'm using firestarter (Gnome) to set my iptables up for me. I guess I'm trusting that it does the right "thing" and a quick look through the generated scripts seems OK - mind you I'm no expert and not sure I have time to read the book you mention ;-) -- ** * Simon Wong * ** -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
At 11:35 27/02/2002 +1100, Andrew Burrows wrote: >Thanks for the tip on top-posting I agree, this is my first time on this >group and the responses are fantastic. >I have a machine that will do the job, Could you confirm the name of the >firewall produce please. SME 5.1.2 (formerly e-smith) Just do a search on www.everythinglinux.com.au for SME to order the installer. For info on the distribution, the install manuals online in html, and specialised public forum assistance go to www.e-smith.org Install is highly automated and usually quite without the need for linux expertise. -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= Graeme Robinson - Graenet consulting www.graenet.com - internet solutions -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
-- > From: Graeme Robinson <[EMAIL PROTECTED]> > Date: Wed, 27 Feb 2002 11:25:14 +1100 (EST) > To: Andrew Burrows <[EMAIL PROTECTED]> > Cc: Jeff Waugh <[EMAIL PROTECTED]>, Slug <[EMAIL PROTECTED]> > Subject: Re: [SLUG] Firewalls > > On Wed, 27 Feb 2002, Andrew Burrows wrote: > >> I agree but I don't mind getting my teeth into something if it is going to >> do the job but I don't wish to spend hour going down a road and find the >> solution is not suitable. > > Andrew - just a tip - don't 'top-post' (google if you don't know what this > means) - makes it hard to see exactly what point you are commenting on. > > My ten cents worth is install an easy to maintain distro that is Firewall > rated on your gateway box if can spare a machine to run a gateway. eg. SME > 5.1.2. (formerly e-smith). Security updates, if ever required, are easy > to install via its web management tool. Doesn't need to be a > high-fallutin machine, just minimum p100, 64mb ram, though it will chug > along on less. Order an install iso from www.everythinglinux.com.au for > ten bucks. Thanks for the tip on top-posting I agree, this is my first time on this group and the responses are fantastic. I have a machine that will do the job, Could you confirm the name of the firewall produce please. Andrew > > > -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= > Graeme Robinson - Graenet consulting > www.graenet.com - internet solutions > -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
Thanks Kerry I will have a look at Lokkit. I have only ever used Firewall1 + I have the hardening rules for Solaris but not linux. It has been a white since I worked in this area so I don't know how easy it would be to transfer the hardening rules form Solaris to Linux maybe someone out there has the documents for Linux hardening already. Andrew -- > From: "Kerry Seibold" <[EMAIL PROTECTED]> > Date: Wed, 27 Feb 2002 11:18:19 +1100 > To: "Andrew Burrows" <[EMAIL PROTECTED]> > Subject: Re: [SLUG] Firewalls > > Hi Andrew, > But what do you want to do > Firewall1 is expensive and a monster. > If your needs are basic Redhat has Lokkit which prompts for some really > basic options and sets up an ipchains firewall. > Dead simple. > At your leisure you can read up and add your own rules. > Kerry. > > - Original Message - > From: "Andrew Burrows" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, February 27, 2002 9:33 AM > Subject: [SLUG] Firewalls > > >> Hi All, >> >> I was wondering if someone could advise me on the best firewall produce to >> use on a Linux OS. >> >> Looking for something that may resemble say Firewall1 or similar?? >> >> >> Andrew >> -- >> >> >> -- >> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ >> More Info: http://lists.slug.org.au/listinfo/slug >> > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
> I agree but I don't mind getting my teeth into something if it is going to > do the job but I don't wish to spend hour going down a road and find the > solution is not suitable. As it happens, this was just mentioned elsewhere: http://fwbuilder.sourceforge.net/ iptables will do what you want, but it's a very raw method of defining firewall rules. I (and many other sluggers) use it directly every day, but having a good user interface to build your rules - at least an initial template - is far faster (especially if you don't have a cookie-cut network to deal with). (Please snip full quotes out of your replies. Thanks.) - Jeff -- "I think hot Chinese girls who kick ass are the wave of the future, as far as films go." - Cody Russell -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
On Wed, 27 Feb 2002, Andrew Burrows wrote: > I agree but I don't mind getting my teeth into something if it is going to > do the job but I don't wish to spend hour going down a road and find the > solution is not suitable. Andrew - just a tip - don't 'top-post' (google if you don't know what this means) - makes it hard to see exactly what point you are commenting on. My ten cents worth is install an easy to maintain distro that is Firewall rated on your gateway box if can spare a machine to run a gateway. eg. SME 5.1.2. (formerly e-smith). Security updates, if ever required, are easy to install via its web management tool. Doesn't need to be a high-fallutin machine, just minimum p100, 64mb ram, though it will chug along on less. Order an install iso from www.everythinglinux.com.au for ten bucks. -=-=-==-=-=--=-=-=-=-=-=-=-=-=-=-=-= Graeme Robinson - Graenet consulting www.graenet.com - internet solutions -=-=-=-=-=-=-=-=-=-=-==---=-=--=-=-= -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] problems compiling Dia
Peter Hardy kindly suggested: > configure caches the results of its checks in config.cache. Here it > looks like it's just referring to that file instead of doing the > actual > check. Try removing config.cache and running configure again. Thanks, Peter. I removed config.cache and now I have a new output from ./configure. Here's the end of the output: checking for libart-config... /usr/local/bin/libart-config checking for LIBART - version >= 2.1.0... no *** Could not run LIBART test program, checking why... *** The test program compiled, but did not run. This usually means *** that the run-time linker is not finding LIBART or finding the wrong *** version of LIBART. If it is not finding LIBART, you'll need to set your *** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point *** to the installed location Also, make sure you have run ldconfig if that *** is required on your system *** *** If you have an old version installed, it is best to remove it, although *** you may also be able to get things to work by modifying LD_LIBRARY_PATH checking for gdk-pixbuf-config... /usr/local/bin/gdk-pixbuf-config checking for GDK_PIXBUF - version >= 0.7.0... no *** Could not run GDK_PIXBUF test program, checking why... *** The test program compiled, but did not run. This usually means *** that the run-time linker is not finding GDK_PIXBUF or finding the wrong *** version of GDK_PIXBUF. If it is not finding GDK_PIXBUF, you'll need to set your *** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point *** to the installed location Also, make sure you have run ldconfig if that *** is required on your system *** *** If you have an old version installed, it is best to remove it, although *** you may also be able to get things to work by modifying LD_LIBRARY_PATH checking for imlib-config... /usr/bin/imlib-config checking for IMLIB - version >= 1.8.0... no *** Could not run IMLIB test program, checking why... *** The test program failed to compile or link. See the file config.log for the *** exact error that occured. This usually means IMLIB was incorrectly installed *** or that you have moved IMLIB since it was installed. In the latter case, you *** may want to edit the imlib-config script: /usr/bin/imlib-config configure: error: you need either gdk-pixbuf or imlib installed I'm going to do some more reading to find out what ldconfig and ld.so.conf are for. Thanks for the suggestions. Mark A. Bell __ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetings.yahoo.com -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
Perhaps sluggers could suggest basic iptables config files or scripts that they have found useful in a given scenario? eg. Home desktop, linux domino server, proxy server I'll start with mine if people are interested. BTW: if you need something for Windows, checkout Tint Personal Firewall - I like it, and it is certainly a good way to learn about firewalling using a GUI interface. Phil -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
That sounds like a good place to start, thanks and I will keep you posted. I will also find out how much checkpoints firewall1 is and let you know. Andrew -- > From: Catie Flick <[EMAIL PROTECTED]> > Date: Wed, 27 Feb 2002 10:35:15 +1100 > To: [EMAIL PROTECTED] > Subject: Re: [SLUG] Firewalls > > On Wed, Feb 27, 2002 at 10:26:12AM +1100, Jeff Waugh wrote: >> >> >>> Linux doesn't have 'firewall products', per se. You use one of ipfwadm, >>> ipchains, or iptables (depending on kernel version) to set up rules in the >>> kernel which are then used to block/allow/filter/redirect/ traffic >>> between interfaces. >> >> All of which are crazy-crack and hard to configure (the elitists in the back >> row can kiss my...) -> I believe the poster is looking for firewall >> configuration software, not the chunks of metal shavings that actually do >> the work down at the bottoms levels of Obscurity Central Station. > > Doing my usual plug for freshmeat ;) - there are a lot of projects around on > freshmeat - so many they're coming out of my ears! Well, not exactly. > Anyway, have a look around there - a new ratings system has come in recently > that might help you find a good one. > > Personally I've only ever used Bastille Linux to 'harden' a box, and have > sat down with the 'Linux Firewalls' book by Ziegler (excellent excellent > reference) and taught myself ip[chains|tables] because I didn't really trust > the script generators myself :-) > > HTH > > Catie > > -- > More humorous freshmeat contributors: > "How do I get it out of my computer? disconnect does not work, It comes > right back..I dont know how it got there in the first place...Thank you" > --- > http://www.liedra.net > -- > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
I agree but I don't mind getting my teeth into something if it is going to do the job but I don't wish to spend hour going down a road and find the solution is not suitable. Andrew -- > From: Jeff Waugh <[EMAIL PROTECTED]> > Date: Wed, 27 Feb 2002 10:26:12 +1100 > To: Matthew Palmer <[EMAIL PROTECTED]> > Cc: Andrew Burrows <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: Re: [SLUG] Firewalls > > > >> Linux doesn't have 'firewall products', per se. You use one of ipfwadm, >> ipchains, or iptables (depending on kernel version) to set up rules in the >> kernel which are then used to block/allow/filter/redirect/ traffic >> between interfaces. > > All of which are crazy-crack and hard to configure (the elitists in the back > row can kiss my...) -> I believe the poster is looking for firewall > configuration software, not the chunks of metal shavings that actually do > the work down at the bottoms levels of Obscurity Central Station. > > :) > > - Jeff > > -- > "And that's what it sounds like if you *download* it!" - John, They > Might Be Giants -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Solaris 8 vs Linux
If you are going to use the X86 platform, do not use Solaris. It is far too slow on that platform and you will be disappointed. OTOH if you want to use the SPARC platform, you have a choice of Linux or Solaris. I'd go for Solaris if it was SPARC platform, but then I'm biased. If I was asked to implement the project though, I'd probably select Linux on X86 because what you are asking for does not require a high end machine. Go for something with a manufacturer who keeps replacement parts in case of breakdown, rather than a one-off with a weird CPU socket or RAM that no one keeps. Someone at work bought an SGI X86 running Linux because they wanted a reliable box. You can also look at Dell or IBM if you want a support contract. The Sun hardware is generally more reliable than the "average" intel hardware but again you get what you pay for. (When I was working at digital there were different prices for computers depending on how much heatsoak testing the customer was prepared to pay for.) We use SPARC-64 boxen at work running Solaris 7 for engineering simulations. We also have a Linux box (1.2 GHz pentium) that simulates faster for one engineer. The difference I have noticed is on simulations (Modelsim), the SPARC boxen runs pretty much the same speed irrespective of how many engineers are on it, whereas the Intel unit is fast for only one user. With two users it bogs down completely and is slower than the SPARC. That I presume is showing up the lack of SMP ability on the Intel. For Web apps it really doesn't matter. And in both cases you can create farms and failover configurations. Cheers, Jill. -- Jill Rowling, Snr Des. Eng. & Unix System Administrator Eng. Systems Dept, Aristocrat Technologies Australia Level 2, 55 Mentmore Ave Rosebery NSW 2018 Phone: (02) 9697-4484 Fax: (02) 9663-1412 Email: [EMAIL PROTECTED] -- CONFIDENTIALITY NOTICE -- This email is intended only to be read or used by the addressee. The information contained in this e-mail message may be confidential information. If you are not the intended recipient, any use, interference with, distribution, disclosure or copying of this material is unauthorised and prohibited. Confidentiality attached to this communication is not waived or lost by reason of the mistaken delivery to you. If you have received this message in error, please delete it and notify us by return e-mail or telephone Aristocrat Technologies Australia Pty Limited on +61 2 9413 6300. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
On Wed, Feb 27, 2002 at 10:26:12AM +1100, Jeff Waugh wrote: > > > > Linux doesn't have 'firewall products', per se. You use one of ipfwadm, > > ipchains, or iptables (depending on kernel version) to set up rules in the > > kernel which are then used to block/allow/filter/redirect/ traffic > > between interfaces. > > All of which are crazy-crack and hard to configure (the elitists in the back > row can kiss my...) -> I believe the poster is looking for firewall > configuration software, not the chunks of metal shavings that actually do > the work down at the bottoms levels of Obscurity Central Station. Doing my usual plug for freshmeat ;) - there are a lot of projects around on freshmeat - so many they're coming out of my ears! Well, not exactly. Anyway, have a look around there - a new ratings system has come in recently that might help you find a good one. Personally I've only ever used Bastille Linux to 'harden' a box, and have sat down with the 'Linux Firewalls' book by Ziegler (excellent excellent reference) and taught myself ip[chains|tables] because I didn't really trust the script generators myself :-) HTH Catie -- More humorous freshmeat contributors: "How do I get it out of my computer? disconnect does not work, It comes right back..I dont know how it got there in the first place...Thank you" --- http://www.liedra.net -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Shutdown sequence on Kondara 2.0(Redhat 7.1 Based) hangs
If its based on redhat 7.1 then have a look at /etc/rc.d/rc0.d/ These are the scripts that are run when your system going into run level 0 (power-off). Check them, you might find a fault that$B!G(Js causing it to hang... -- -Original Message- From: Antony Stace [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 26 February 2002 12:22 PM To: [EMAIL PROTECTED] Subject: [SLUG] Shutdown sequence on Kondara 2.0(Redhat 7.1 Based) hangs Hi Ladies and Gentlemen Everytime I shutdown my computer(Kondara 2.0, based on Redhat 7.1) the shutdown sequence always hangs, the last messaage on the screen is starting killall: su(pam_unix)[2689] session opened for user tomcat by(uid=0) The shutdown sequence just stays on this script and never finishes, well until I hit the power button, needless to say this isn't such a good thing. Anyone have any idea why it just hangs here, and better still how can I fix this. -- Cheers Tony$B!#(J - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug Searching for "A Better Way" to a home loan ?. Call RAMS on 13 7267, or go to http://www.rams.com.au The e-mail and any attachments may contain confidential information. If you receive it in error you must not use or disclose the information. You must tell us and delete it. We do not waive any legal privilege by sending it. RAMS does not promise that the email is free from virus defect or error. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
> Linux doesn't have 'firewall products', per se. You use one of ipfwadm, > ipchains, or iptables (depending on kernel version) to set up rules in the > kernel which are then used to block/allow/filter/redirect/ traffic > between interfaces. All of which are crazy-crack and hard to configure (the elitists in the back row can kiss my...) -> I believe the poster is looking for firewall configuration software, not the chunks of metal shavings that actually do the work down at the bottoms levels of Obscurity Central Station. :) - Jeff -- "And that's what it sounds like if you *download* it!" - John, They Might Be Giants -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Western Sydney Linux User Group (WSLUG) is Back!
Greetings People's, After a long absense due to a lack of a suitable venue, I am happy to announce that Wslug has a new venue for holding meetings, & will hold our 1st meeting on the 10th May 2002. Our New address is: The Richmond Neighbourhood Centre - Hall No.3 20 West Market St Richmond (5 minute walk from Richmond Train station, opposite the Church) While we originally planned a different venue, it seems that local council politics resulted in too many delays in getting the OK, so an alternative venue has been found to allow us to get everything going! (Our thanks to the RCSI for their facilities) We have facilities to seat ~30 people at this stage, with tea/coffee/softdrinks etc. available for a nominal fee (We have to pay for the hiring of the facility somehow - At least until we can find a 'sponsor' of some sort :) I am also hoping to be able to provide CDR's of all current GPL'd Linux distro's (again to help cover hall hire costs ;), but at present only have Redhat 7.2 & Mandrake 8.0 for PPC - I figured I'd wait until Mandrake 8.2 for both x86 & PPC are released before providing the x86 version ;) - If anyone has other up to date GPL'd versions of other distro's, I'll be more than happy to add it to the arsenal - disk storage is cheap, much like CDRs ;) There is no set agenda for this initial meeting, however, I'm sure there will be plenty of people available for those needing help in getting Linux up & running on their machines (There is plenty of power/tables for people to setup their machines :) My apologies to all who have emailed me regarding wslug, I have been swamped with enquiries regarding wslug, & don't have enough time to reply to them all individually - I have setup a web based message board on the wslug site to allow more people to participate in this (http://www.wslug.org.au/mb/wslug), & will provide a mailing list facility if needed. Our hope is to get Wslug a bit more organised at this initial meeting - While I know you're out there, we need to also identify those that can help Wslug evolve to better cater for our user group/community needs! Oops, almost forgot - Our website remains unchanged : http://www.wslug.org.au I look forward to seeing you there! Regards, Rob Wilson (Certified - err..iable linux nut + Wslugger ;) PS: Please feel free to forward this message to anyone interested ;) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Re: ask something about Xlib
On Mon, Feb 25, 2002 at 11:59:39PM +1100, Crossfire wrote: > If your desire to learn how to program using Xlib, you should refer to > souce code from simple X11 programs, the X11 programming manuals, and > to any XLib tutorial material you can find. (There is a book about > XLib and Motif programming by Jan Newmarch which I learnt the basics > of XLib programming from) the (rather extensive) X11 reference docs that come with xfree86 aren't too bad if you don't feel like buying a book. it'll probably take you a few reads to resolve all the forward references tho. (debian package xspecs or xbooks depending on your version) (you only want to read the Xlib and possibly Xt docs, the rest can get a bit scary) -- - Gus -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Firewalls
I think he's talking about a program for linux that helps you setup firewalling...like CheckPoint...thats what we use here..Last I checked CheckPoint wasn't free...i don't know how much money your planning to spend Andrew -- -Original Message- From: Matthew Palmer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 27 February 2002 9:40 AM To: Andrew Burrows Cc: [EMAIL PROTECTED] Subject: Re: [SLUG] Firewalls On Wed, 27 Feb 2002, Andrew Burrows wrote: > I was wondering if someone could advise me on the best firewall produce to > use on a Linux OS. Oh dear. We shall all don our asbestos underwear before getting into this one again. Linux doesn't have 'firewall products', per se. You use one of ipfwadm, ipchains, or iptables (depending on kernel version) to set up rules in the kernel which are then used to block/allow/filter/redirect/ traffic between interfaces. Since ip doesn't have the most idiot-friendly interface, there is a vast host of programs written to make your life simpler. The difficulty is that no two people can agree on which one to use. To avoid getting roasted by people who don't like my personal choice, I will simply recommend that you look at your distro, freshmeat, and google, to find the choices on offer, and then proceed to evaluate based on your own subjective criteria. I will mention the other breed of firewalling for Linux (which may not suit you since you seem to want one for a going machine) is to find a dedicated distribution which is customised for firewalling. Again, no recommendations will issue forth from this correspondent. However, lwn.net has a comprehensive list of distros from which you may choose. > Looking for something that may resemble say Firewall1 or similar?? Never heard of it, can't comment. -- --- #include Matthew Palmer [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug Searching for "A Better Way" to a home loan ?. Call RAMS on 13 7267, or go to http://www.rams.com.au The e-mail and any attachments may contain confidential information. If you receive it in error you must not use or disclose the information. You must tell us and delete it. We do not waive any legal privilege by sending it. RAMS does not promise that the email is free from virus defect or error. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewalls
On Wed, 27 Feb 2002, Andrew Burrows wrote: > I was wondering if someone could advise me on the best firewall produce to > use on a Linux OS. Oh dear. We shall all don our asbestos underwear before getting into this one again. Linux doesn't have 'firewall products', per se. You use one of ipfwadm, ipchains, or iptables (depending on kernel version) to set up rules in the kernel which are then used to block/allow/filter/redirect/ traffic between interfaces. Since ip doesn't have the most idiot-friendly interface, there is a vast host of programs written to make your life simpler. The difficulty is that no two people can agree on which one to use. To avoid getting roasted by people who don't like my personal choice, I will simply recommend that you look at your distro, freshmeat, and google, to find the choices on offer, and then proceed to evaluate based on your own subjective criteria. I will mention the other breed of firewalling for Linux (which may not suit you since you seem to want one for a going machine) is to find a dedicated distribution which is customised for firewalling. Again, no recommendations will issue forth from this correspondent. However, lwn.net has a comprehensive list of distros from which you may choose. > Looking for something that may resemble say Firewall1 or similar?? Never heard of it, can't comment. -- --- #include Matthew Palmer [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Shutdown sequence on Kondara 2.0(Redhat 7.1 Based) hangs
Hi Ladies and Gentlemen Everytime I shutdown my computer(Kondara 2.0, based on Redhat 7.1) the shutdown sequence always hangs, the last messaage on the screen is starting killall: su(pam_unix)[2689] session opened for user tomcat by(uid=0) The shutdown sequence just stays on this script and never finishes, well until I hit the power button, needless to say this isn't such a good thing. Anyone have any idea why it just hangs here, and better still how can I fix this. -- Cheers Tony$B!#(B - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Firewalls
Hi All, I was wondering if someone could advise me on the best firewall produce to use on a Linux OS. Looking for something that may resemble say Firewall1 or similar?? Andrew -- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
On Tue, 26 Feb 2002 [EMAIL PROTECTED] wrote: > Could anybody help with some constructive comments on which OS would be > the better for running ISP related services ( web, dns radius etc ) ? > Which one is better for stability, available software, scalability ? That's a pretty loaded question. > Currently we use RH 7.2 for some tasks within our network, but those > within the company with decision making ability are investigating the > possibility of replacing it with Solaris 8. The general consensus is that > with Open Source everybody has access to the source, so no guarantee can > be made for the security of the software, and back doors into the system > may be possible. I'm under the understanding that the kernel is basically > secure, and it is the software packages that are installed that can > introduce security concerns on a machine. Just the opposite. The Open Source model means the software is _more_ secure, not less. Why? Because software is scutinised by literally thousands of people, and any holes are found, exploited and patched a _hell_ of a lot faster than in a closed source environment. Microsoft is a perfect example of the "security by obscurity" concept. They try and hide their holes - refusing to admit they exist even AFTER someone finds them - in the hope that people will leave them alone. The software packages you're going to install on Solaris are the same ones you're doing to install on Linux - BinD, Apache, etc - so there's no difference in the security levels here. > Current machines are all Intel boxes, but management is looking at sparc > as well _This_ is where Solaris comes out on top. Sun hardware is so much more scalable and reliable than Intel boxen - regardless of running Linux on it or Solaris - that most serious ISP type operations prefer to use it. YMMV - it all comes down to how much money you want to throw at your servers etc to pay for reliability and scalability. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
On 26 Feb, Tony Green wrote: > The security issue you are talking about, in my opinion, is not a real issue > but a 'management issue'. They don't understand that the security through > obscurity which MS is pushing is not the way to go. But there *are* security issues with Solaris (recently a rather intriguing exploit for login of all things), and the attitude of hushing up security issues by Sun is quite silly, and completely marketing/PR-driven. (A friend works for a large security company in the US, he's been told by his boss to stop hacking on Solaris because a) there are just too many exploits, and b) they just Don't Want To Know.) At least Linux developers, kernel and other, take security problem reports seriously and deal with them. Other than these issues, Grant, Solaris is quite a nice stable choice for production systems - has powerful clustering/database/etc, but really only suits quite high-end production/development systems. The nice thing about Solaris is if you pay enough money to Sun, you get really quite good support (in my experience, YMMV :). And the PHBs get peace of mind. :) But for your requirements, I'd go for Linux on x86 too - who needs platinum Sun support when you have this list? ;) Catie -- More humorous freshmeat contributors: "How do I get it out of my computer? disconnect does not work, It comes right back..I dont know how it got there in the first place...Thank you" --- http://www.liedra.net -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Verba Volant
We have been requested to insert the following email address, "[EMAIL PROTECTED]", in the Verba Volant Newsletter database. Through this daily service you will receive a quotation, selected from amongst the most celebrated philosophers, writers and poets of all time and translated into many languages and dialects by volunteers worldwide. If you would like to confirm your subscription to Verba Volant, please click on the following link: http://www.logos.net/owa-l/press.subscribe?lang=en&[EMAIL PROTECTED] If you do not wish to click on the link, your subscription will be cancelled. Thank you for your time. Verba Volant Il nous a été demandé d'ajouter l'adresse électronique "[EMAIL PROTECTED]" dans la liste des destinataires de Verba Volant, un service qui tous les jours vous adressera une citation sélectionnée parmi les uvres des meilleurs philosophes, écrivains, poètes de tous les temps et traduite en de très nombreuses langues grâce à des volontaires du monde entier. Pour confirmer l'inscription à Verba Volant, veuillez vous connecter au lien suivant: http://www.logos.net/owa-l/press.subscribe?lang=fr&[EMAIL PROTECTED] Si vous préférez ne pas cliquer sur le lien, vous ne recevrez rien. Merci dans tous les cas de nous avoir accordé quelques secondes. Verba Volant Se nos ha solicitado insertar la dirección de correo electrónico "[EMAIL PROTECTED]" en el listado de envíos de Verba Volant, un servicio que diariamente le enviará citas elegidas entre los mejores filosofos, escritores, poetas, etc., traducidas a varios idiomas y dialectos. Dichas citas están traducidas por voluntarios que se conectan a nuestra web desde todo el mundo. Si quiere confirmar la suscripción a Verba Volant, le rogamos entre en: http://www.logos.net/owa-l/press.subscribe?lang=es&[EMAIL PROTECTED] Si no entra en la dirección señalada no recibirá las citas. Muchas gracias por el tiempo que nos ha dedicado. Verba Volant Ci è stato chiesto di inserire l'indirizzo di posta elettronica "[EMAIL PROTECTED]" nellelenco dei destinatari di Verba Volant, un servizio che ogni giorno ti invierà una citazione scelta tra quelle dei migliori filosofi, scrittori, poeti di tutti i tempi e tradotta in moltissime lingue e dialetti grazie alla collaborazione di volontari da tutto il mondo. Se desideri confermare l'iscrizione, ti preghiamo di collegarti al seguente link: http://www.logos.net/owa-l/press.subscribe?lang=it&[EMAIL PROTECTED] Nel caso preferissi non cliccare sul link, non riceverai nulla. Grazie comunque per i secondi che ci hai dedicato. Cordiali saluti. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
On Tue, 2002-02-26 at 22:30, [EMAIL PROTECTED] wrote: > > Currently we use RH 7.2 for some tasks within our network, but those > within the company with decision making ability are investigating the > possibility of replacing it with Solaris 8. The general consensus is that > with Open Source everybody has access to the source, so no guarantee can > be made for the security of the software, and back doors into the system > may be possible. I'm under the understanding that the kernel is basically > secure, and it is the software packages that are installed that can > introduce security concerns on a machine. For a security overview read the wheeler site. http://www.dwheeler.com/oss_fs_why.html Red Hat 348 31 11.23 Microsoft 982 61 16.10 Sun 716 8 89.50 Uuughhh the paste did not work, read the page. It took on average 11.23 days to correct a security bug for redhat, 89 days for solaris. Read the point about interbase from borland. A backdoor was in a proprietry product until it was open sourced. Back doors are very very unlikely in source because they can be picked by any number of programmers around the world. You are talking ISP, you are going against the stream. Most ISPs use opensource linux / BSD including Microsoft. Read the page, it is balanced, well argued and very convincing. ANY MACHINE CONNECTED TO THE INTERNET IS INSECURE! The only way to lock down a box is not to install any software, it is not very useful. There is inherently insecure software on every box. Do you have FTP installed on any machine? Get rid of it. This is a major security risk open source or not. Do you use telnet as a standard business practice? Don't! KenF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
> On Tue, 26 Feb 2002 22:30, [EMAIL PROTECTED] wrote: > > Hi everyone > > > > Could anybody help with some constructive comments on which OS would > > be the better for running ISP related services ( web, dns radius etc > > ) ? Which one is better for stability, available software, > > scalability ? Hello, May I offer a sincere opinion. After 14-15 years working in Unix/Linux environments only (I never had to deal with Microsoft!), I can say that nowdays Linux is a safe and reliable choice. I manage huge Solaris, AIX, HP-UX corporate sites and deal with everything from E10K down to Sun LX workstations. I must admit that I had a good run with all sorts of hardware and O/Ses. At the beginning of this month, a small Sun Ultra 5 desktop had to be rebooted after 629 days of smooth operation. It runs Solaris 8, with OpenSSH, OTP, and sendmail 8.12.2. That was the server I designed back in mid-2000 as a small proof-of-concept and served as a production Internet SMTP gateway for about 30,000 emplyees (the mailboxes were not on this server though!). I also have another small production WWW server running Apache 1.3.23 on Solaris 7, Ultra 10. Uptime 540 days. But, these are extremes. Best value for money, least trouble in portability, highest choice of free and vendor-based software makes Linux a primary candidate. In last six years, I have helped about a dozen ISPs in Australia and overseas. All of them use Linux. I also see Linux at a lot of companies, although most of them keep a shy cover on them :) Go for Linux. Stick to reasonable installation and administration practices, and you will not regret it. May you choose the best solution. Good health and successful 2002 to all of you, Dusan U. Baljevic, BSEElec. (First Class Hons) Mayne Group Limited, Unix Systems Manager Operations & Security Member of: ACM, ACS, WIA, IEEE Amateur Radio: VK2COT, VK4FCW, YU6FO, YU6ZCW Web: http://www.matra.com.au/~dusan/ -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
* On Tue Feb 26, 2002 at 10:30:27PM +1100, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > Hi everyone > > Could anybody help with some constructive comments on which OS would be > the better for running ISP related services ( web, dns radius etc ) ? > Which one is better for stability, available software, scalability ? > > Currently we use RH 7.2 for some tasks within our network, but those > within the company with decision making ability are investigating the > possibility of replacing it with Solaris 8. The general consensus is that > with Open Source everybody has access to the source, so no guarantee can > be made for the security of the software, and back doors into the system > may be possible. I'm under the understanding that the kernel is basically > secure, and it is the software packages that are installed that can > introduce security concerns on a machine. > > Current machines are all Intel boxes, but management is looking at sparc > as well > OK, I'm a solaris admin so I'm biased. The security issue you are talking about, in my opinion, is not a real issue but a 'management issue'. They don't understand that the security through obscurity which MS is pushing is not the way to go. Furthermore, if you trust the kernel, what software would you run on the solaris OS? BIND? Sendmail? Apache? Radius? These are standard choices and will run on both solaris and linux. The source is available for both platforms - where is the security risk? Solaris on Intel machines is a BAD idea. Solaris is a fantastic OS on the appropriate hardware (high end Sun stuff). On lower end machines I have seen Linux outperform solaris 9 times out of 10. For ISP's (I've set up several), I would recommend clusters of Intel/Linux machines. If you go sparc hardware (expensive for what you'll need if for), then look at solaris if you think you'll get the performance. However the type of things you'll be using the machines for, stick with intel based and go for more boxes rather than more power. HTH Greeno -- Tony Green <[EMAIL PROTECTED]> GnuPG Key : 1024D/B5657C8B Key fingerprint = 9ED8 59CC C161 B857 462E 51E6 7DFB 465B B565 7C8B A sandwich walks into a bar. The barman says "Sorry we don't serve food in here" -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
> Could anybody help with some constructive comments on which OS would be > the better for running ISP related services ( web, dns radius etc ) ? > Which one is better for stability, available software, scalability ? It depends on what you're familiar with, to a large extent. Most ISPs I know of run Linux or *BSD for these basic services. They're not particularly gruelling tasks anyway. > Currently we use RH 7.2 for some tasks within our network, but those > within the company with decision making ability are investigating the > possibility of replacing it with Solaris 8. Decision making ability with regards to money, or technical wisdom? > The general consensus is that with Open Source everybody has access to the > source, so no guarantee can be made for the security of the software, and > back doors into the system may be possible. It also means that everyone who cares can fix security issues and bugs... Much, much faster. There are so many existing discussions about this that it's hardly worth addressing here. [ If anyone has great links for Grant to read and send on, please post them. ] > I'm under the understanding that the kernel is basically secure, and it is > the software packages that are installed that can introduce security > concerns on a machine. The kernel could have root level vulnerabilities as well, there's nothing to say that it's any less prone to serious security issues. It's just a matter of knowing your stuff, and configuring things sensibly and securely. > Current machines are all Intel boxes, but management is looking at sparc > as well Ah yes, the "M" word. Which group is making the technical decisions - the people who understand money, or the people who understand computers, security and operating systems? [ Don't bother with Solaris on Intel boxes. ] - Jeff -- make: *** No rule to make target `whoopee'. Stop. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Another place to eat
On Tue, 26 Feb 2002 10:30, Michael Lake wrote: > Jon Biddell wrote: > > They can charge, I think, a MAXIMUM of $0.20 for a glass of water - > > I remember seeing it somewhere in the Fair Trading Act when I was > > studying Law - I'll try to find the reference for curiosity > > value...:-) > > Good luck :-) As an exercise yesterday I went to > http://www.nsw.gov.au and tried to find the dept that was > responsible for this. I entered various search criteria to > do with water, clubs, restrauants, food, and even the the > Dept Fair Trading, as the serving of water in night club > venues was an issue some time ago. Alas no luck. It will be > interesting to find out how you find it using the means > available to a normal citizen :-) Ummm. I wrote the original www.nsw.gov.au site - they fscked it up last year using a Domino database at the arse-end of it... I'm pretty sure it will be Fair Trading. -- Jon - "There are 5.6 billion people in the world, and approximately 400 million installed operating systems. That means 5.2 billion people have yet to choose their operating system, and we have to get to them before Bill does." - Jon "maddog" Hall -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Toshiba laptop
On Tue, 26 Feb 2002 01:27, Henry T Wijaya wrote: > Ken Foskey wrote: > > On Mon, 2002-02-25 at 12:36, Colin Humphreys wrote: > >>On Sat, Feb 23, 2002 at 10:49:52AM +1100, Ken Foskey wrote: > > > > > I still have not figured out the little thumb mouse pointer on the > > toshiba. Does anyone have this set up? I checked laptop site and > > it confused me (not hard). As I understand it I can have three > > pointers set up on this, ttyS0, psaux, and the third and use > > anyone I have plugged in at the time. > I have (had) it working on the Libretto 110CT - installed KDE2 and the mouse just worked - if I can find the config file I can send you the relevant part(s) if you like. ' -- Jon - "There are 5.6 billion people in the world, and approximately 400 million installed operating systems. That means 5.2 billion people have yet to choose their operating system, and we have to get to them before Bill does." - Jon "maddog" Hall -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Solaris 8 vs Linux
On Tue, 26 Feb 2002 22:30, [EMAIL PROTECTED] wrote: > Hi everyone > > Could anybody help with some constructive comments on which OS would > be the better for running ISP related services ( web, dns radius etc > ) ? Which one is better for stability, available software, > scalability ? > We've just installed a few SUN machines, which I will be administering, and I'd have to say that Solaris hasn't progressed from the mid 80's as far as the install / configuration routines are concerned. I can't see what Linux on Sparc hardware wouldn't be a reasonably secure answer to your problem (maybe Rachael Polanski, Solaris Administrator par excellence, would have some thoughts on this ??) -- Jon - "There are 5.6 billion people in the world, and approximately 400 million installed operating systems. That means 5.2 billion people have yet to choose their operating system, and we have to get to them before Bill does." - Jon "maddog" Hall -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Solaris 8 vs Linux
Hi everyone Could anybody help with some constructive comments on which OS would be the better for running ISP related services ( web, dns radius etc ) ? Which one is better for stability, available software, scalability ? Currently we use RH 7.2 for some tasks within our network, but those within the company with decision making ability are investigating the possibility of replacing it with Solaris 8. The general consensus is that with Open Source everybody has access to the source, so no guarantee can be made for the security of the software, and back doors into the system may be possible. I'm under the understanding that the kernel is basically secure, and it is the software packages that are installed that can introduce security concerns on a machine. Current machines are all Intel boxes, but management is looking at sparc as well Thanks to anyone who can help regards Grant
Re: [SLUG] Toshiba laptop & X
Doing my usual trick of replying to myself so some other poor bastard doesn't spend hours trying to fix the same problem. The problem below **can** be fixed by using the frame buffer device (or Option "noaccel") but the result is a very slow X server. Do the following on a Toshiba 2520 CDS: Xconfigurator --preferxf4 --expert After autoprobing, select S3 ViRGE/MX from the list of cards Choose "Generic Laptop Display Panel 800x600" (1024x768 does not work) The rest is straight forward. Andy >> >> Andy Eager wrote: >> >>> Hi all, >>> >>> I have been tearing my hair out trying to get X working correctly on >>> my Toshiba 2520 laptop. >>> >>> I have tried a multitude of different video timings and have come to >>> the conclusion that the problem does not lie within video timings. >>> The generic laptop (800 x 600) setting behaves in exactly the same >>> way as the standard VGA (640 x 480) setting. >>> >>> The problem is as follows; >>> >>> X starts up and seems to work OK. Whenever a window is moved around >>> the screen (or text scrolls) a whole bunch of horizontal lines >>> appear on the screen. There seems to be some kind of pattern when >>> this happens: I can see the standard icons appear at regular spaces >>> accross the screen (not clearly but they are there). For example >>> the RedHat icon appears only once when the screen is still, but when >>> a window is moved, it appears 'ghost like' another 2 times at equal >>> intervals across the screen. >>> >>> I had a look at google and found only one reference to a similar >>> problem: Here the author states that the frame buffer device seemed >>> to fix the problem. >>> Anybody got any ideas why this would work (haven't tried it yet) and >>> whats going on in the first place? >>> >>> Thanks >>> >>> Andy. >>> >>> >> >> > > > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Enforcing proxy use
On Thu, 21 Feb 2002, Glen Turner wrote: > On Wed, 20 Feb 2002, Matthew Palmer wrote: > > > On Wed, 20 Feb 2002, Richard Hayes wrote: > > > > > A organisation has public access terminals connected to a Telstra cable > > > connection. They use a Netgear router that allocates a 192.168.0.x DHCP > > > address on every client login. > > > > > > There is no filtering on the services. > > > > > > Using Squidguard (or similar) how can you enforce using the proxy? > > > > You can't. Unless you can stop connections to port 80 to addresses outside > > the local network, people can just connect to wherever they please. > > > > Get rid of the Netgear router, and put a Linux firewall/router/DHCP server > > in there instead. If you're really squeezed for machines (can't afford a > > 486?) then put the Squidguard machine in as the router. > > But surely blocking outgoing port 80 is pretty much the requirement? > > eg: > interface Telstra0 > access-group FORCE-PROXY out > > access-list FORCE-PROXY tcp permit eq 80 host web-proxy.example.com > access-list FORCE-PROXY tcp deny eq http any > access-list FORCE-PROXY ip permit any > > Then people have to configure a proxy to get web access. > > People can still run web traffic over other ports in this > scenario. So if you want to be super-sure then deny > all outgoing traffic and proxy all application protocols > through the web proxy machine (eg: have a DNS and e-mail > forwarder). > > This isn't particularly nice, as visitors need to configure > their machines. See if Netgear support WCCP and set > up a transparent proxy. With a kernel patch you can > configure Squid on Linux to be a WCCP transparent web proxy > server. Think you're missing the point to some extent. internet---[netgear-router] | | [___hub___]---[linux / squid] | | | /| \ ws1 ws2 ws3 In this setup above there's nothing *FORCING* the workstations to go through the squid proxy. internet---[netgear-router] | [linux / squid] | | [___hub___] | | | /| \ ws1 ws2 ws3 The above setup makes it possible with the same equipment but then the setup below is just a lot simpler and more flexible which is why there's so many netgear's on Ebay one presumes. internet---[linux / squid] | | [___hub___] | | | /| \ ws1 ws2 ws3 -- -- Web: www.arcadia.au.com/gripz Answering Machine/fax: 02 4950 1194 (wait 5 mins if no answer) Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Shocking Service
On Sat, 23 Feb 2002, Jeff Waugh wrote: > > > > This i feel is shocking service, we as a group spen more then $800 there > > and they give us this shocking service. I think that SLUG should re-asses > > its dinner arrangments if this is the kind of service that we recive. > > Hi, > > We've wanted to go to a different restaurant for a very long time now, due > to indifferent service and the time it takes between arriving and eating. > (Last night, we didn't even get the boiled television entrails! Shock!) > > Unfortunately, there are a number of difficulties with this: > > - any further away, and even less people would go to dinner (that said, a > better restaurant might inspire the longer walk) > > - more expensive, and a large number of SLUGgers just couldn't go (we'd > prefer to keep it as close to $20 as possible) > > - it's Friday night, and many restaurants aren't interested in taking > bookings for a large crowd that doesn't wish to pay a hell of a lot > > We've tried Mama's Kitchen in the past, which was pretty undesirable > food-wise; ordering in pizzas would be pretty lame if we did it every month; > and so on. > > But yes, we are *always* on the lookout for other options; if anyone knows > of a restaurant that fulfills the above criteria [ and doesn't suck, which > should probably be listed up there too ;) ], *please* let us know! I'd keep a watchful eye on the space just to the Redfern side of the pedestrian subway near Central station. Also, is there any improvement in the Broadway shopping complex or nearby? -- -- Web: www.arcadia.au.com/gripz Answering Machine/fax: 02 4950 1194 (wait 5 mins if no answer) Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Linux and Telstra ADSL
On Fri, 22 Feb 2002, Howard Lowndes wrote: > On Thu, 21 Feb 2002, Francois Haasbroek wrote: > > > > > Every LUG that I visit has some stuff on using an old 486 as firewall. > > Some claim that you can do it without a hard drive even. So I thought > > a 350 MB disk with 32 MB Ram should do the job. I have to host 2 files > > I think this concept is becoming a myth unless you want a REALLY > minimalist gateway box with almost bugger all firewalling and a POTS > modem, and are prepared to gut the kernel extensively. I do know that > 486s won't drive ISDN cards reliably (been there, done that) and if you do > any extensive firewalling or proxying then its also a no-brainer. I dunno Howard, you can get a heck of a lot in 350Mb if you throw away all the GUI stuff. For instance the whole of E-Smith 4.1 only took 160Mb and that's a complete workgroup server with FTP, Web, Email, Proxy, DNS, Samba, Browser based config and quite a decent Firewall setup (even though they claim it wasn't a firewall). Even a RedHat 7.2 with a few minutes time going through the custom config will yield you a system that would probably fit on the 350Mb disk, probably far less space occupied for Debian & Slackware systems. As for the RAM 32Mb is probably the minimum these days for the installer but you can tune it down to 16Mb afterwards. Then, if you saw Anthony's talk on thin client terminals you'd also see a heck of a lot in a 16Mb flash disk - X, Netscape to name a couple of large programs. -- -- Web: www.arcadia.au.com/gripz Answering Machine/fax: 02 4950 1194 (wait 5 mins if no answer) Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Perl Net::FTP problem
On Fri, 22 Feb 2002, Kerry Seibold wrote: > Hi all, > I've got a Perl Net::FTP problem. > My script to get a file from my telstra adsl homepage doesn't work. > > ncftpget -u myuserid -p mypassword ftp.users.bigpond.net.au /tmp index.html > works fine but my script (see below) hangs at > $ftp->get($filename); > If I comment out the get line the script finishs execution. > #$ftp->get($filename); > > Anyone know what the problem is? > I am running this from the firewall (RH7.1) machine. > > From O'Reilly "Perl in a Nutshell" P441 Net::FTP > > #!/usr/bin/perl -w > > # ftpget.cgi rev1.0 21/02/2002 > # get a file from an FTP site > > use Net::FTP; > > $hostname='ftp.users.bigpond.net.au'; > $username='myuserid'; > $password='mypassword'; > $home='/'; > $filename='index.html'; > > $ftp = Net::FTP->new($hostname);#construct object > print "logging in\n"; > $ftp->pasv(); > $ftp->login($username,$password); > print "logged in\n"; > $ftp->cwd($home),"\n"; > $directory=$ftp->pwd(); > print "$directory\n"; > $ftp->get($filename); > print "logging out\n"; > $ftp->quit; > print "logged out\n"; > exit; > > OK try experimenting with the pasv(). Also try just getting a file listing first. -- -- Web: www.arcadia.au.com/gripz Answering Machine/fax: 02 4950 1194 (wait 5 mins if no answer) Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Weird DNS prob
On Thu, 21 Feb 2002, zipworld mail wrote: > Not sure if this is the forum but both sites do use linux! > > I can't send email to a particular host I know well. They can't send me > email. > > I can't ping or traceroute to them and visa versa, yet we're both able to > see and access the rest of the net. > > Is this a weird routing issue? The two sites are ADSL, one netspace one > pacific internet. > > This was all working fine until two weeks ago. It's odd. No config changes I > can think of. I don't think it's the linux boxen's fault. Why don't you compare traceroute's and see if you hit any of the same equipment on the way. If you do then that's most likely the device at fault. You should then both pressure your ISP's to fix the problem as it is afterall an inter-net service provision problem. Another way to temporarily get around it is to find a 3rd party you both can reach and get them to add a couple of static routes. You then add a route to each other using this 3rd party as a gateway. Alternately you may also have a slim chance of success using each other's ISP's routers as gateways. Experiment with nodes that show up in the normal traceroute. -- -- Web: www.arcadia.au.com/gripz Answering Machine/fax: 02 4950 1194 (wait 5 mins if no answer) Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] KickStart Scripts
On 22 Feb 2002, Malcolm V wrote: > On Thu, 2002-02-21 at 12:11, Stephan Borg wrote: > [...snipped...] > > > I've also got this output from tty3: > > > ... > > > * going to insmod eepro100.o (path is NULL) > > > * kickstarting through device eth0 > > > * sending dhcp request through device eth0 > > > * nodns is 0 -^ > > > * reverse name lookup failed > > > * going to insmod sunrpc.o (path is NULL) > > > * going to insmod lockd.o (path is NULL) > > > * going to insmod nfs.o (path is NULL) > > > (bombs out here) > > > > > > Looks like its to do with DHCP and possible > > > reverse-DNS. Any help would be appreciated. BTW, > > > reverse-DNS may not be an option. > > > Just a hunch, but try adding nodns=1 in the kickstart config somewhere, also you'd have to put the IP address of the install server I guess. -- -- Web: www.arcadia.au.com/gripz Answering Machine/fax: 02 4950 1194 (wait 5 mins if no answer) Mobile: 0408 686 201 -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug