Re: [SLUG] Sound Recordings from Previous ShefLUG Meetings

2006-02-13 Thread Chris Deigan
On Sun, 2006-02-12 at 19:55 +, Richard Ibbotson wrote:
 These are provided by ManLUG - www.manlug.mcc.ac.uk - and the 
 Manchester Computing Centre.  If you want to thank anyone for these 
 recordings you should send your thanks to them.  To use the archived 
 files above you need to remove the .cdr extension and replace it 
 with .iso and proceed from there.

The contents of these files have been mirrored at
http://media.slug.org.au/sheflug/


-Chris.

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] The Development News - Bulletin, February 2006

2006-02-13 Thread The Development News



Small and Mobile Production (SMP) to resolve giant problem in developing regions

SMP developed a revolutionary production method that is self-contained, immediate, portable, competitive, accessible because it is so cost-effective and transportable by any means whatsoever: by land, sea, railroad or air with more than hundreds Small and Mobile Production systems. From a technological standpoint, it is an incontrovertible fact that this system is aimed at solving very serious problems, starting with that which is most basic: the survival of millions of human beings.

The SMP is the only  system in the world that can provide up to six of the most essential products for basic sustenance for just one dollar per day. SMP will supply to countries and developing regions the technology and necessary support for these Small and Mobile Units.

If you are interested in being a partner in your country or region, you can send your CV to: SMP (click here) SMP Partners Program to: Marcia Anderson, Project Manager.

-
If you received this in error or would like to be removed from our list, please return us indicating: remove or un-subscribe in subject field, Thanks. The Development News, Editor
 2005 THE DEVELOPMENT NEWS. All rights reserved.




-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Netgear Wireless card under ndiswrapper

2006-02-13 Thread Lithion
Could it be a problem with interference from other wireless devices such 
as cordless phones, baby monitors or other wireless access points. If 
so you should try using another wifi channel.

Cheers
l1th10n
 
On Mon, 13 Feb 2006 05:41 pm, Simon Bowden wrote:
 Hi,

 I'm just going to chirp in with my bad experience with this card.

 While I could get it working, I think with the acx100 drivers:
 http://acx100.sourceforge.net/

 I found that under both linux and windows (especially the latter), I
 could not get a very consistent connection. I've mainly fiddled with
 windows driver (ahem, games, etc), but having tried any I could find
 (10-ish), I had the same problem with them all - the connection would
 effectively drop every 15-20 seconds or so. If you use a continuous
 ping, you'd get a 1.6ms ping for 14, then a 1000+ms ping for the
 15th. This is really bad for gaming and any large transfer - which
 means I'm lucky to get 1Mbps out of it with a strong wireless signal.

 The main netgear drivers were probably the worst. I had the most
 issues getting them going, and probably the better results (still
 frequent dropouts) with these drivers:

 http://www.trendnet.com/asp/download_manager/list_subcategory.asp?SUB
TYPE_ID=691

 Not everyone seems to have complained about my problem though. Some
 comments suggest that it only happens on AMD-based systems (or some
 asus m/b or some odd hardware config). Oh well, getting a new system
 and gigabyte card soon.

 Good Luck :)

 Cheers,

   - Simon

 On Mon, 13 Feb 2006, Howard Lowndes wrote:
  I'm trying to get a Netgear WG311v2 working under ndiswrapper.
 
  The system is FC4 with KDE and the latest kernel.
 
  I have everything set up fine, and have the Windows XP drivers
  installed in /etc/ndiswrapper/wg311v2, including all the .bin etc.
 
  I have a /etc/sysconfig/network-scripts/ifcfg-wlan0 config file
  created using the network configuration wizard in KDE.
 
  If I run iwlist scan then I can see my access point and another
  one in the locality in the listing.
 
  When I try ifup wlan0 to bring up the connection it comes back
  with an error message Determining IP information for wlan0...
  failed; no link present.  Check cable?  At this stage I have open
  access to my WAP so it is not being blocked by MAC address, WEP or
  WPA.
 
  Thoughts, guidance, clue...  Should I try the other Windows
  drivers?
 
  --
  Howard.
  LANNet Computing Associates - Your Linux people
  http://lannetlinux.com When you want a computer system that
  works, just choose Linux; When you want a computer system that
  works, just, choose Microsoft. --
  Flatter government, not fatter government; abolish the Australian
  states.
 
 
  --
  Howard.
  LANNet Computing Associates - Your Linux people
  http://lannetlinux.com When you want a computer system that
  works, just choose Linux; When you want a computer system that
  works, just, choose Microsoft. --
  Flatter government, not fatter government; abolish the Australian
  states.
 
  --
  SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
  Subscription info and FAQs:
  http://slug.org.au/faq/mailinglists.html
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Netgear Wireless card under ndiswrapper

2006-02-13 Thread Simon Bowden

Hi,

Yes, I have tried turning off my cordless phone, changing channels, 
placing the card and AP next to each other, piles of drivers, turning 
on/off/combos of the silly windows zeroconf networking service, and 
kicking. We've got two different laptops with wifi that work perfectly 
anywhere in the unit.


I'm over it, I'm really looking forward to the new machine :)
(for numerous reasons).

Cheers,

 - Simon

On Mon, 13 Feb 2006, Lithion wrote:


Could it be a problem with interference from other wireless devices such
as cordless phones, baby monitors or other wireless access points. If
so you should try using another wifi channel.

Cheers
l1th10n

On Mon, 13 Feb 2006 05:41 pm, Simon Bowden wrote:

Hi,

I'm just going to chirp in with my bad experience with this card.

While I could get it working, I think with the acx100 drivers:
http://acx100.sourceforge.net/

I found that under both linux and windows (especially the latter), I
could not get a very consistent connection. I've mainly fiddled with
windows driver (ahem, games, etc), but having tried any I could find
(10-ish), I had the same problem with them all - the connection would
effectively drop every 15-20 seconds or so. If you use a continuous
ping, you'd get a 1.6ms ping for 14, then a 1000+ms ping for the
15th. This is really bad for gaming and any large transfer - which
means I'm lucky to get 1Mbps out of it with a strong wireless signal.

The main netgear drivers were probably the worst. I had the most
issues getting them going, and probably the better results (still
frequent dropouts) with these drivers:

http://www.trendnet.com/asp/download_manager/list_subcategory.asp?SUB
TYPE_ID=691

Not everyone seems to have complained about my problem though. Some
comments suggest that it only happens on AMD-based systems (or some
asus m/b or some odd hardware config). Oh well, getting a new system
and gigabyte card soon.

Good Luck :)

Cheers,

  - Simon

On Mon, 13 Feb 2006, Howard Lowndes wrote:

I'm trying to get a Netgear WG311v2 working under ndiswrapper.

The system is FC4 with KDE and the latest kernel.

I have everything set up fine, and have the Windows XP drivers
installed in /etc/ndiswrapper/wg311v2, including all the .bin etc.

I have a /etc/sysconfig/network-scripts/ifcfg-wlan0 config file
created using the network configuration wizard in KDE.

If I run iwlist scan then I can see my access point and another
one in the locality in the listing.

When I try ifup wlan0 to bring up the connection it comes back
with an error message Determining IP information for wlan0...
failed; no link present.  Check cable?  At this stage I have open
access to my WAP so it is not being blocked by MAC address, WEP or
WPA.

Thoughts, guidance, clue...  Should I try the other Windows
drivers?

--
Howard.
LANNet Computing Associates - Your Linux people
http://lannetlinux.com When you want a computer system that
works, just choose Linux; When you want a computer system that
works, just, choose Microsoft. --
Flatter government, not fatter government; abolish the Australian
states.


--
Howard.
LANNet Computing Associates - Your Linux people
http://lannetlinux.com When you want a computer system that
works, just choose Linux; When you want a computer system that
works, just, choose Microsoft. --
Flatter government, not fatter government; abolish the Australian
states.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs:
http://slug.org.au/faq/mailinglists.html

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] Re: Sound Recordings from Previous ShefLUG Meetings

2006-02-13 Thread Richard Ibbotson
Chris

On Sun, 2006-02-12 at 19:55 +, Richard Ibbotson wrote:
 These are provided by ManLUG - www.manlug.mcc.ac.uk - and the
 Manchester Computing Centre.  If you want to thank anyone for
 these recordings you should send your thanks to them.  To use the
 archived files above you need to remove the .cdr extension and
 replace it with .iso and proceed from there.

The contents of these files have been mirrored at
http://media.slug.org.au/sheflug/

Oh.. right... didn't think anyone would be interested :)

Thank you !


-- 
Richard
www.sheflug.co.uk
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Recent SLUG Downtime

2006-02-13 Thread Jan Schmidt
On Mon, 2006-02-13 at 18:06 +1100, Chris Deigan wrote:
 
 BUT MOST IMPORTANTLY
 I'd like to thank Dave Kempe/Solutions First for providing the new
 hosting, Matthew Moor (Vice-President) for organising the erection of
 the server, Matthew Palmer for bringing up the new server and Peter
 Hardy for migrating the lists across and other configuration bits.
 

We should also thank UTS' ProgSoc, who hosted the slug.org.au server for
gratis for years, and continued to do so well after the original members
that put it there moved along.

Without them, maddog would have been homeless and network free a long
time ago.

Thanks guys!

J.

-- 
Jan Schmidt [EMAIL PROTECTED]

If Darl McBride had his way, he would have banned marriage too, because
it
obviously is against the remunerative interests of prostitutes
- Bruce Perens


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Voytek Eymont
as of few weeks ago, my log watch has swollen up well over 500k, full of
dictionary ? attempted atacks like below:

is there much I can do ? like to prevent multiple attempts from same IP ?

RH73, ipchains

---
Failed logins from these:
   root/password from 202.30.108.64: 85 time(s)
   root/password from 218.24.139.109: 59 time(s)
...

**Unmatched Entries**
Failed password for illegal user bash from 221.244.156.229 port 58573 ssh2
Received disconnect from 221.244.156.229: 11: Bye Bye
input_userauth_request: illegal user bash
Failed password for illegal user bash from 221.244.156.229 port 59460 ssh2
...


-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] [Fwd: [CTTE] Linux Management Survey Results]

2006-02-13 Thread Matt Moor



 Original Message 
Subject:[CTTE] Linux Management Survey Results
Date:   Mon, 13 Feb 2006 14:36:10 -0700
From:   Andi Mann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]



Hi,

You might remember in November last year, I asked for assistance from 
you and members of the Sydney Linux Users Group (SLUG) for our research 
on the cost and effort involved in managing Linux server environments. 
Your members’ responses to our web survey were added to a wide-ranging 
random telephone survey and in-depth interviews to get a vendor-neutral 
look at Linux system management.


Well, the study is complete now, and I promised to send it to you when 
it was done. You can get the executive summary from OSDL’s web site at 
http://osdl.org/newsroom/studies/EMA, and the full PDF is available at 
the web site of the main sponsor (Levanta) at 
http://www.levanta.com/linuxstudy/. Please feel free to pass these links 
along to your members, at your discretion. Both the summary and the full 
report are available free of charge.


I want to thank you again for your help with collecting primary data for 
this study. Due to the anonymous nature of the web survey, I cannot be 
sure that your members contributed, but I am sure they will be 
interested to see the results anyway.


If you have any questions or comment, please feel free to contact me.

Regards,

Andi Mann

Senior Analyst

Enterprise Management Associates.

-- 
SLUG Committee
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] [Fwd: [CTTE] Linux Management Survey Results]

2006-02-13 Thread Howard Lowndes

The report was earlier mentioned on /. and it is good reading.

There is one quote that the EE will happily take out of context: A 
large hosting facility with both Windows and Linux reported that the 
MTTR [Mean Time To Repair] for Windows was 'mostly same as Linux, maybe 
a couple of minutes more'.   Sometimes you just can't win...


Matt Moor wrote:



 Original Message 
Subject: [CTTE] Linux Management Survey Results
Date: Mon, 13 Feb 2006 14:36:10 -0700
From: Andi Mann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]



Hi,

You might remember in November last year, I asked for assistance from 
you and members of the Sydney Linux Users Group (SLUG) for our research 
on the cost and effort involved in managing Linux server environments. 
Your members’ responses to our web survey were added to a wide-ranging 
random telephone survey and in-depth interviews to get a vendor-neutral 
look at Linux system management.


Well, the study is complete now, and I promised to send it to you when 
it was done. You can get the executive summary from OSDL’s web site at 
http://osdl.org/newsroom/studies/EMA, and the full PDF is available at 
the web site of the main sponsor (Levanta) at 
http://www.levanta.com/linuxstudy/. Please feel free to pass these links 
along to your members, at your discretion. Both the summary and the full 
report are available free of charge.


I want to thank you again for your help with collecting primary data for 
this study. Due to the anonymous nature of the web survey, I cannot be 
sure that your members contributed, but I am sure they will be 
interested to see the results anyway.


If you have any questions or comment, please feel free to contact me.

Regards,

Andi Mann

Senior Analyst

Enterprise Management Associates.



--
Howard.
LANNet Computing Associates - Your Linux people http://lannetlinux.com
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
--
Flatter government, not fatter government; abolish the Australian states.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] [Fwd: [CTTE] Linux Management Survey Results]

2006-02-13 Thread David
It's a feel good read for us, but if I were agnostic about OS's I would 
take as much notice of this as I would of Microsoft's efforts. There is a 
loud noise of axes being ground.

It would be nice if someone who was truly independant came to the same 
sort of conclusions. I for one won't be consulting google, because my 
decision is already made, but from an advocacy point of view, this is at 
best marginal.

On Tue, Feb 14, 2006 at 09:26:12AM +1100, Howard Lowndes wrote:
 The report was earlier mentioned on /. and it is good reading.
 
 There is one quote that the EE will happily take out of context: A 
 large hosting facility with both Windows and Linux reported that the 
 MTTR [Mean Time To Repair] for Windows was 'mostly same as Linux, maybe 
 a couple of minutes more'.   Sometimes you just can't win...
 
 Matt Moor wrote:
 
 
  Original Message 
 Subject: [CTTE] Linux Management Survey Results
 Date: Mon, 13 Feb 2006 14:36:10 -0700
 From: Andi Mann [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 
 
 
 Hi,
 
 You might remember in November last year, I asked for assistance from 
 you and members of the Sydney Linux Users Group (SLUG) for our research 
 on the cost and effort involved in managing Linux server environments. 
 Your members? responses to our web survey were added to a wide-ranging 
 random telephone survey and in-depth interviews to get a vendor-neutral 
 look at Linux system management.
 
 Well, the study is complete now, and I promised to send it to you when 
 it was done. You can get the executive summary from OSDL?s web site at 
 http://osdl.org/newsroom/studies/EMA, and the full PDF is available at 
 the web site of the main sponsor (Levanta) at 
 http://www.levanta.com/linuxstudy/. Please feel free to pass these links 
 along to your members, at your discretion. Both the summary and the full 
 report are available free of charge.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] Adam Kennedy talk at UTS on Wednesday 15th February

2006-02-13 Thread Robert Collins
I think this would make a good alternate debsig tomorrow, so

Debsig will be at UTS. as per Andrew's note below.

Rob

On Mon, 2006-02-13 at 18:12 +1100, Andrew Savige wrote:
 [I sent this a while back but it seems it never made it to the list]
 
 Adam Kennedy, visiting Sydney on OSIA business, will be giving a
 number of talks on Wednesday 15th February, 6:30pm at UTS Broadway
 campus, room CB02.05.30 (Building 2, Level 5, Room 530). We'll
 probably go for a Chinese meal after.
 
 Adam will talk about his PPI project:
 
  http://www.perl.com/pub/a/2005/06/09/ppi.html
 
 and also about his recent OSIA activities, including his O3
 (OpenOpenOffice) project:
 
  http://o3.phase-n.com/
 
 Though primarily targeted at Sydney Perl Mongers, SLUG members are
 most welcome to attend. No need to RSVP this time. ;-)
 
 Please feel free to add this talk to the list of meetings/events on
 the SLUG web site (if appropriate).
 
 Cheers,
 Andrew
 -- 
 SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
 Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
-- 
GPG key available at: http://www.robertcollins.net/keys.txt.


signature.asc
Description: This is a digitally signed message part
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Dave Kempe

Voytek Eymont wrote:

as of few weeks ago, my log watch has swollen up well over 500k, full of
dictionary ? attempted atacks like below:

is there much I can do ? like to prevent multiple attempts from same IP ?


ipt_recent netfilter module can help you there.
or you could just setup port-knocking.
I recommend portknocking.org as an intro

dave
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Howard Lowndes
It's possible that I might be overlooking something very basic here, so 
bear with me pse.


I've been playing with Xen and  can see it's potential for hosting 
virtual servers, each having a defined internal IP address and a defined 
internal MAC address bridged to the host.


What my problem is: how do I set up DNS so that externally 
thisdomain.tld and thatdomain.tld both point to the same external IP 
address, but internally they point to different internal IP addresses.


There might be some way of doing a selective DNAT in iptables using the 
MAC addresses, but that is escaping me at the moment.


It would be simpler to use a block of external IP addresses, but that is 
not an option just at the moment.


Clue sticks welcomed...

--
Howard.
LANNet Computing Associates - Your Linux people http://lannetlinux.com
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
--
Flatter government, not fatter government; abolish the Australian states.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Matthew Hannigan
On Tue, Feb 14, 2006 at 12:05:25PM +1100, Dave Kempe wrote:
 Voytek Eymont wrote:
 as of few weeks ago, my log watch has swollen up well over 500k, full of
 dictionary ? attempted atacks like below:
 
 is there much I can do ? like to prevent multiple attempts from same IP ?

You probably want DenyHosts :   http://denyhosts.sourceforge.net/

DenyHosts is a script intended to be run by
Linux system administrators to help thwart ssh
server attacks.

It's in fedora4 'extras', fwiw.

But you're far better off whitelisting than blacklisting, if you can.
I only accept ssh connections to my box from a few machines.

 ipt_recent netfilter module can help you there.
 or you could just setup port-knocking.
 I recommend portknocking.org as an intro

portknocking can be a little dodgy.  To a certain extent
it's security by obscurity.

Matt
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Matthew Hannigan
On Tue, Feb 14, 2006 at 12:44:46PM +1100, Howard Lowndes wrote:
 What my problem is: how do I set up DNS so that externally 
 thisdomain.tld and thatdomain.tld both point to the same external IP 
 address, but internally they point to different internal IP addresses.

What sort of services are you running?  If it's just apache,
then set up a 'gatekeeper' apache with name based virtual
hosting and then have mod_proxy within each virtual host send
the request to the real server inside.

Easier to manage than NATing, imho.


Matt
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Dean Hamstead

hosts file?

Dean

Howard Lowndes wrote:
It's possible that I might be overlooking something very basic here, so 
bear with me pse.


I've been playing with Xen and  can see it's potential for hosting 
virtual servers, each having a defined internal IP address and a defined 
internal MAC address bridged to the host.


What my problem is: how do I set up DNS so that externally 
thisdomain.tld and thatdomain.tld both point to the same external IP 
address, but internally they point to different internal IP addresses.


There might be some way of doing a selective DNAT in iptables using the 
MAC addresses, but that is escaping me at the moment.


It would be simpler to use a block of external IP addresses, but that is 
not an option just at the moment.


Clue sticks welcomed...



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Howard Lowndes

They will be fully fitted virtual servers, rather than services.

Matthew Hannigan wrote:

On Tue, Feb 14, 2006 at 12:44:46PM +1100, Howard Lowndes wrote:

What my problem is: how do I set up DNS so that externally 
thisdomain.tld and thatdomain.tld both point to the same external IP 
address, but internally they point to different internal IP addresses.



What sort of services are you running?  If it's just apache,
then set up a 'gatekeeper' apache with name based virtual
hosting and then have mod_proxy within each virtual host send
the request to the real server inside.

Easier to manage than NATing, imho.


Matt



--
Howard.
LANNet Computing Associates - Your Linux people http://lannetlinux.com
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
--
Flatter government, not fatter government; abolish the Australian states.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Voytek Eymont

On Tue, February 14, 2006 11:52 am, Matthew Hannigan wrote:
 On Tue, Feb 14, 2006 at 12:05:25PM +1100, Dave Kempe wrote:
 Voytek Eymont wrote:

 You probably want DenyHosts :   http://denyhosts.sourceforge.net/

 But you're far better off whitelisting than blacklisting, if you can.
 I only accept ssh connections to my box from a few machines.

thanks
as is, I'm the sole ssh user, though, I do use it from several hosts, not
all known in advance to me

where do I enter 'approved' hosts ?

my current sshd_config has:

---
Protocol 2
AllowUsers voytek
SyslogFacility AUTHPRIV
X11Forwarding yes
Subsystemsftp/usr/libexec/openssh/sftp-server
---
I guess I should get rid of the X11 line ?
what else should I do here ?
do I need sftp-server ?

-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


[SLUG] search engine rankings

2006-02-13 Thread ashley maher
G'day,

I was asked how to improve a web site to improve its position for search
engine rankings.

I had to reply I don't have a clue.

There is a lot of noise looking for info on the subject.

Any body recommend some urls to read, so I can pass them on please?

Regards,

Ashley

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Glen Turner



as is, I'm the sole ssh user, though, I do use it from several hosts, not
all known in advance to me


In that case you might want to consider turning off password
authentication all together and going with just public key
authentication.  Stops the door knockers cold.

Main advantage is that you're then not tied to particular
IP addresses, which is handy if you've got a laptop or
going through a big NAT somewhere.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] search engine rankings

2006-02-13 Thread Terry Collins
ashley maher wrote:
 G'day,
 
 I was asked how to improve a web site to improve its position for search
 engine rankings.

Search engine rankings are a slippery slope, aka more than a full time
job. AIUIN, your rank in the ones that matter is determined by the links
to your website from outside.

So if you get i.e. slashdotted and lots of peeps make pages with links
to your site, then it goes up in rankings.

All you can really count is the hits per page each month.

OTOH, paid advertising is the way to go. If you pay google enough, then
you can always be on the first page for certain search words {:-).




-- 
   Terry Collins {:-)}}}
   email: terryc at woa.com.au  www: http://www.woa.com.au
   Wombat Outdoor Adventures Bicycles, Computers, Outdoors, Publishing

 Any society that would give up a little liberty to gain a little
  security will deserve neither and lose both. Benjamin Franklin
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Matthew Hannigan
On Tue, Feb 14, 2006 at 01:32:29PM +1100, Voytek Eymont wrote:
 
 On Tue, February 14, 2006 11:52 am, Matthew Hannigan wrote:
  On Tue, Feb 14, 2006 at 12:05:25PM +1100, Dave Kempe wrote:
  Voytek Eymont wrote:
 
  You probably want DenyHosts :   http://denyhosts.sourceforge.net/
 
  But you're far better off whitelisting than blacklisting, if you can.
  I only accept ssh connections to my box from a few machines.
 
 thanks
 as is, I'm the sole ssh user, though, I do use it from several hosts, not
 all known in advance to me
 
 where do I enter 'approved' hosts ?

You can do it in at least 2 places. do both if you like...

1. /etc/hosts.allow, /etc/hosts.deny (these files are part of 'tcp_wrappers',

do 'man hosts.allow' to find out more.
Put sshd: ALL in /etc/hosts.deny and sshd:whatever in hosts.allow

This is part of what the 'denyhosts' program mentioned above does
for you dynamically.

2. iptables (i.e. firewall)

Do you have iptables/firewalling on?  If so read on, if not, you probably need
to think hard about what you need to let in.  Set up a basic one with
'system-config-security'

Then add one ore more lines like:
-A RH-Firewall-1-INPUT -m state -s allowed-host-or-network-here 
--state NEW -m tcp -p tcp --dport 22 -j ACCEPT
in /etc/sysconfig/iptables, 
Make sure a line like
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
is towards then end.
Then 'service iptables restart'

Also don't do this remotely just in case you lock yourself out.

 
 my current sshd_config has:
 
 ---
 Protocol 2
 AllowUsers voytek

good!

 SyslogFacility AUTHPRIV
 X11Forwarding yes
 Subsystemsftp/usr/libexec/openssh/sftp-server
 ---
 I guess I should get rid of the X11 line ?

doesn't matter

 what else should I do here ?
 do I need sftp-server ?

again doesn't matter, you may as well leave it.
you may want sftp access. (sftp is ssh transfers made to look a bit like ftp)

Matt


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Paul Dwerryhouse
On Tue, Feb 14, 2006 at 07:55:58AM +1100, Voytek Eymont wrote:
 as of few weeks ago, my log watch has swollen up well over 500k, full of
 dictionary ? attempted atacks like below:
 
 is there much I can do ? like to prevent multiple attempts from same IP ?

I have the following configured to drop connections after four ssh
connections from the same address in the space of 60 seconds, using
ipt_state:

iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent \
--set --name SSH --rsource 
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -j DROP 

Cheers,

Paul


-- 
Paul Dwerryhouse| PGP Key ID: 0x6B91B584

Installing Debian Sarge with software RAID:
http://nepotismia.com/debian/raidinstall/
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] search engine rankings

2006-02-13 Thread Dean Hamstead

in terms of free.

think about how people would find your site, then make sure that
its in the site title. secondly, make sure that your site has
some content to index.

for example. do a search on 'lanparty sydney' or 'sydney lanparty'
and the only one youll get will be bong (huray me), and the hit is
mainly because its in the title. we are fairly well linked by
dmoz type things simply because we have been around for quite a
while.

we are kind of 'niche' though

if you are looking to get high ranking for 'cheapest acer laptop'
good luck. pay for a site ad ;)


Dean

Terry Collins wrote:

ashley maher wrote:


G'day,

I was asked how to improve a web site to improve its position for search
engine rankings.



Search engine rankings are a slippery slope, aka more than a full time
job. AIUIN, your rank in the ones that matter is determined by the links
to your website from outside.

So if you get i.e. slashdotted and lots of peeps make pages with links
to your site, then it goes up in rankings.

All you can really count is the hits per page each month.

OTOH, paid advertising is the way to go. If you pay google enough, then
you can always be on the first page for certain search words {:-).






--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Howard Lowndes



Glen Turner wrote:



as is, I'm the sole ssh user, though, I do use it from several hosts, not
all known in advance to me



In that case you might want to consider turning off password
authentication all together and going with just public key
authentication.  Stops the door knockers cold.

Main advantage is that you're then not tied to particular
IP addresses, which is handy if you've got a laptop or
going through a big NAT somewhere.


One word of caution, esp if you are using a laptop; make sure that your 
private key on your lappy is passphrase encoded.  It will be the same 
from any site you might access from but it does lock out casual passing 
hackers if you leave the lappy unattended.


--
Howard.
LANNet Computing Associates - Your Linux people http://lannetlinux.com
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
--
Flatter government, not fatter government; abolish the Australian states.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Voytek Eymont

On Tue, February 14, 2006 2:25 pm, Howard Lowndes wrote:

 Glen Turner wrote:


 One word of caution, esp if you are using a laptop; make sure that your
 private key on your lappy is passphrase encoded.  It will be the same from
 any site you might access from but it does lock out casual passing hackers
 if you leave the lappy unattended.

thanks for all comments.
no, no laptop (anymore)...
luckily, just an USB stick (it's considerably lighter, not just on the
arm) and a Palm


-- 
Voytek

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Chris Deigan
On Tue, 2006-02-14 at 12:44 +1100, Howard Lowndes wrote:
 What my problem is: how do I set up DNS so that externally 
 thisdomain.tld and thatdomain.tld both point to the same external IP 
 address, but internally they point to different internal IP addresses.

Check out BIND views.

You can setup bind using views so that clients from, say, 172.16.0.* see
your internal zones and everyone else sees external zones.

-Chris.

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] blocking recurrent attempted access ?

2006-02-13 Thread Peter Hardy
On Tue, 2006-02-14 at 14:25 +1100, Howard Lowndes wrote:
 One word of caution, esp if you are using a laptop; make sure that your 
 private key on your lappy is passphrase encoded.  It will be the same 
 from any site you might access from but it does lock out casual passing 
 hackers if you leave the lappy unattended.

By the same token, it's worth looking at the -t option to ssh-agent and
ssh-add to specify a maximum lifetime for keys added to your ssh agent.

In a perfect world, though, keys would have an idle timeout (like the
way sudo works) instead of an absolute life.

-- 
Pete

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Howard Lowndes
I know about BIND views, in fact I use them, but I don't think they will 
work here.


What I need is for lannet.com.au, thisdomain.tld and thatdomain.tld to 
all resolve to the same public w.x.y.z externally, but be DNAT'd to 
different private 192.168.y.z addresses internally.



Chris Deigan wrote:

On Tue, 2006-02-14 at 12:44 +1100, Howard Lowndes wrote:

What my problem is: how do I set up DNS so that externally 
thisdomain.tld and thatdomain.tld both point to the same external IP 
address, but internally they point to different internal IP addresses.



Check out BIND views.

You can setup bind using views so that clients from, say, 172.16.0.* see
your internal zones and everyone else sees external zones.

-Chris.



--
Howard.
LANNet Computing Associates - Your Linux people http://lannetlinux.com
When you want a computer system that works, just choose Linux;
When you want a computer system that works, just, choose Microsoft.
--
Flatter government, not fatter government; abolish the Australian states.

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Chris Deigan
On Tue, 2006-02-14 at 16:44 +1100, Howard Lowndes wrote:
 I know about BIND views, in fact I use them, but I don't think they will 
 work here.
 
 What I need is for lannet.com.au, thisdomain.tld and thatdomain.tld to 
 all resolve to the same public w.x.y.z externally, but be DNAT'd to 
 different private 192.168.y.z addresses internally.

Not going to work.

What protocols do you need to forward? 

Web stuff, DNS and mail can fairly easily be proxied - but anything else
will likely cause problems.

-Chris.

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Mark Chandler
I'm not sure I can see a way for this to work. I think you may need some 
sort of web-proxy or gateway to redirect HTTP requests to the virtual 
hosts based on their FQDN.


Once the web address has been resolved to an IP address, that IP address 
will be contacted and netfilter will not be aware of the difference 
between somebody requesting thisdomain.tld or thatdomain.tld from the 
same IP.


Unless there's a netfilter module that I don't know about (quite 
possible) that does that kind of HTTP packet inspection, I think you'll 
need to redirect the traffic at the application level.



Howard Lowndes wrote:
I know about BIND views, in fact I use them, but I don't think they will 
work here.


What I need is for lannet.com.au, thisdomain.tld and thatdomain.tld to 
all resolve to the same public w.x.y.z externally, but be DNAT'd to 
different private 192.168.y.z addresses internally.



Chris Deigan wrote:


On Tue, 2006-02-14 at 12:44 +1100, Howard Lowndes wrote:

What my problem is: how do I set up DNS so that externally 
thisdomain.tld and thatdomain.tld both point to the same external IP 
address, but internally they point to different internal IP addresses.




Check out BIND views.

You can setup bind using views so that clients from, say, 172.16.0.* see
your internal zones and everyone else sees external zones.

-Chris.




--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread Matthew Hannigan
On Tue, Feb 14, 2006 at 01:23:45PM +1100, Howard Lowndes wrote:
 They will be fully fitted virtual servers, rather than services.

Yeah but are you really going to allow arbitrary services?
If you lock it down to say, just http/s and ssh there might
be some solution.

The pair (ipaddress,port) uniquely identifies a service.
Apache can get around this by using (name,port).

Once connected, Ssh doesn't used only (ip,port); it is possible to get
sshd to take note of other stuff besides the dest ip
address.  A hack I'm thinking of would be like this:
http://subversion.tigris.org/faq.html#ssh-svnserve-location
but netcat to the real server inside instead of run svnserve.


Matt

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] DNS - Xen - Virtual server hosting

2006-02-13 Thread James Polley
On 2/14/06, Howard Lowndes [EMAIL PROTECTED] wrote:
 I know about BIND views, in fact I use them, but I don't think they will
 work here.

 What I need is for lannet.com.au, thisdomain.tld and thatdomain.tld to
 all resolve to the same public w.x.y.z externally, but be DNAT'd to
 different private 192.168.y.z addresses internally.


Application-layer proxies are the only way I know of to achieve this.

DNAT works at the transport layer; at that layer, the only addressing
information you have is the source/destination IPs and
source/destination ports.

The information which you need to use to distinguish between the
internal hosts is a few layers up - in SMTP to: headers or HTTP
host: headers.

Unfortunately, you're not going to get any of this data until, at the
very earliest, the first packet after the TCP three-way handshake;
there's no possible way to perform the DNAT earlier than that because
you don't know what the internal destination is going to be.

The only way to achieve what you're looking for (that I can think of
anyway - I'd be thrilled to be proven wrong) is with an application
layer proxy. This could be as simple as a linux machine which sites
facing the internet and runs apache with mod_proxy (or squid; or any
of a dozen other solutions) for HTTP proxying, $MTA_OF_CHOICE for
proxying mail, etc. At the other end of the scale, 'hardware'
load-balancers will do the proxying for you with much less overhead
(at least in terms of network overhead/latency - not neccessarily in
terms of $$$ overhead)

The only other thing I can think of is to assign certain ranges of
ports to certain machines: eg, ports 10001-12000 on the external
interface map to 1-2000 on 192.168.25.1, 12001-14000 map to ports
1-2000 on 192.168.25.2, etc. This gets ugly though, so I'm not going
to talk about it further...

--
There is nothing more worthy of contempt than a man who quotes himself
- Zhasper, 2005
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


Re: [SLUG] search engine rankings

2006-02-13 Thread David
On Tue, Feb 14, 2006 at 01:40:00PM +1100, ashley maher wrote:
 G'day,
 
 I was asked how to improve a web site to improve its position for search
 engine rankings.
 
 I had to reply I don't have a clue.
 
 There is a lot of noise looking for info on the subject.
 
 Any body recommend some urls to read, so I can pass them on please?
 

I think it's a black art... I paid a guy a modest amount of money,and 
what he did, worked. It wasn't rocket science, but as he pointed out, it's 
an ongoing process and you have to know what your googlers are looking 
for. What you need to do most is decide what the people who need you are 
going to look for. EG: if you are selling green widgets, make sure that 
the phrase green widget is in the right place, and isn't a fancy beautiful 
flash representation of green widgets. 

I can put you onto the nice man.. but he likes to be paid. I thought he 
was worth it, but then I'm not hung up on free-as-in-beer.

Paying for ads on google makes sense if you have some obscure specific 
product. If you are selling swimsuit catalogues.. best forget it. You pay 
per click!
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html