Re: [SLUG] /dev
On Sun, Jul 16, 2000 at 10:47:59AM +1000, Howard Lowndes wrote: > Does anyone know of a definitive list of what UID and GID should apply to > each item in /dev It may vary between distributions, but /dev/MAKEDEV has a list. -- Linux: Its all about cars and stuff. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [on-topic] Re: [SLUG] Netscape menu fonts (potato)
> On Wed, Jul 19, 2000 at 08:52:48AM +1000, Aravind Naidu wrote: > > Where can I get all the Netscape properties that one can set ? On Wed, Jul 19, 2000 at 03:45:19PM +1000, Conrad Parker wrote: [lots of good stuff snipped] > hmmm. Perhaps someone knows a better way? (raster, bb, anyone?) For netscape look for 'Netscape.ad' somewhere on your box, for me its in /usr/local/netscape. ! This file lists the default resources built in to Netscape. ! You can use the stuff in this file for examples of how to customize ! Netscape for your environment; normally you will do this by ! copying the few lines you want to alter to your private resource ! database, which usually lives in a file called .Xdefaults in your home ! directory. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Problems in configuring httpd document root as a Samba shared drive
On Fri, Jul 21, 2000 at 01:11:18PM +1000, Carl Osterly wrote: > Next I've defined a Samba share with the following properties: > > [web] > path = /work > public = no > force group = staff > create mask = 775 > directory mask = 775 > writable = yes > printable = no > > My idea behind this is to allow any member of the staff group read/write > control over every file/directory created within the "/work" folder. I think that the above share allows everyone with an account to read/write the web share, not just people in the staff group. samba will force all file access as group staff (even if the person doesn't belong to group staff), and since /work is read/write group staff everyone with an account has rw access. Try [web] path = /work force group = staff create mask = 775 directory mask = 775 write list = @staff printable = no I don't know if this would be a good idea, but... [web] path = /home/httpd/html printable = no admin users = @staff write list = @staff Everyone in the staff group will have root permissions on the web share, everone else will have read only, if you want to stop people not in the staff group from reading the share add: valid users = @staff This might not hurt either: browseable = No -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] lock users to their home directories on a telnet?
On Tue, Jul 25, 2000 at 05:41:28PM +1000, Andrew Reilly wrote: > On Tue, Jul 25, 2000 at 04:29:16PM +1000, George Vieira wrote: > > Is it possible to lock telnet users to their home directories under RedHat > > >=6.1? > > No. You almost certainly don't want to do that. You might > think that you do, but you don't. What wrong with rbash? I though that was its job. change /bin/bash in /etc/passwd to /bin/rbash You could probably do it through linuxconf as well. That might stop them from ftping in though, add /bin/rbash to /etc/shells to fix it. man rbash for details. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Login wierdness
On Wed, Jul 26, 2000 at 09:27:30PM +1000, Jon Biddell wrote: > I'm setting up a very minimal system at the moment (no X, docs, etc) to act > as a gateway machine - but when I enter "root" as the login name, I don't > even get as far as the password prompt, I get "incorrect login" and back to > the prompt. Just a huge stab in the dark, it might be pam complaining about something such as a null root password. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Login wierdness
On Thu, Jul 27, 2000 at 05:10:38PM +1000, David Kempe wrote: > For me when an install screws up sometimes, weird things happen as well, but > a null root password should just let you log in without prompting for the > password. Your right, but with pam you have the option of disallowing logins from accounts that have null passwords. I got caught out with this once, I can't remember if I got the password prompt or not but it wouldn't let me login with a null password. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Apache/SQL type question.
On Mon, Jul 31, 2000 at 08:08:53AM +1000, DaZZa wrote:
> My question is thus - is it possible for a client to SQL query a web
> server running on the Linux box {Apache},
No, generally web servers don't understand SQL queries :)
> Any pointers or help appreciated.
Is the CGI program running on the linux box, or the web server or
are the clients connecting directly to the database with a java
program or something?
You could either run a http proxy server, a DBI/DBD proxy server
or as someone else suggest, port forwarder, either http port or DBD
port, depending on how things are set up.
If there is a CGI on the linux box, you could run a DBD proxy
server on the web server and get the CGI program on the linux box
to connect to the DBD proxy, instead of the real database.
But that sounds like a lot of work compared to port forwarding.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] SSH working with PAM
On Mon, Jul 31, 2000 at 10:43:10AM +1000, Peter Rundle wrote:
> Sluggers,
> Does anyone know of any versions of SSH that work with PAM authentication?
openssh. Comes setup to use pam by default on my system, debian potato,
and I would imagine all other good distributions as well.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] samba printer problems
On Thu, Aug 03, 2000 at 03:08:43PM +1000, [EMAIL PROTECTED] wrote: > now the error in /var/log/samba/log.anthem is > [2000/08/02 16:56:59, 0] smbd/service.c:make_connection(209) > anthem (192.168.0.70) couldn't find service laserjet2p > [2000/08/02 16:57:14, 0] smbd/service.c:make_connection(209) > anthem (192.168.0.70) couldn't find service laserjet2p Does laserjet2p exist in /etc/printcap ? If you have smbclient installed on the print server, try smbclient laser\\laserjet2p -W OCEANIA If you get connected try something like smb: \> put /etc/motd -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: samba printer problems
On Fri, Aug 04, 2000 at 11:52:13AM +1000, [EMAIL PROTECTED] wrote: > changed the printcap as above and then when I do > lpr -Plp0 /etc/motd > it prints without any problems as when I do > echo "hello world" > /dev/lp0 > > Its just when I try with samba it does not print > SIGH \\laser\lp0 should work OK if the user connecting has write access to /var/spool/samba, if it doesn't work as a test change path = /var/spool/samba to path = /tmp in the [printers] share -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Win2k & Debian/Mandrake
On Sun, Aug 13, 2000 at 10:37:13PM +1000, Roland Turner wrote: > This is the stuff of religous wars... Adding some fuel. > Same things that others are saying: package management and > configuration. After using debian for years (buzz was my first) then lately trying redhat because some people at work were more comfortable with it, debian wins hand down with administration. > For the most part, RedHat's UI is nicer looking, It's interesting reading comments like this, I'm not sure why people like redhat's UI better than debian, they both offer the same window managers and gnome, etc, just configured a little differently. But redhat looks better, weird. Helix gnome is very nice, and very easy to install on debian, so I don't think you can say redhat's UI is nicer looking any more. > If you do go ahead and download the .deb archive, you'll find yourself > needing to get more intimate with the package management system than you > might wish. dpkg -i package.deb > I'd suggest running potato or woody, as you see fit. It took me about 12 hours to get woody last week. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] postgres vs mysql
I know there are quite a few mysql fans in slug that like to put down postgres, its pay back time :) It looks like not everyone believed the microsoft/mindcraft style benchmarks posted on mysqls web site. http://apachetoday.com/news_story.php3?ltsn=2000-08-14-008-01-PR-MR-SW "On the ANSI SQL Standard Scalable And Portable (AS3AP) benchmark, a rudimentary information retrieval test that measures raw speed and scalability, Postgres performed an average of four to five times faster than every other database tested, including two major proprietary DBMS packages, the MySQL open source database, and Interbase, a formerly proprietary product which was recently made open source by Inprise/Borland." "Interbase and MySQL fell apart under heavy usage. That's a strong affirmation that Postgres today is a viable alternative to the market-leading proprietary databases in terms of performance and scalability--and the clear leader among open source databases.'" These benchmarks are from an "independent" organisation [wink] [wink] -- chesty - MySQL fell apart under heavy usage -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Weird Error
On Sat, Aug 19, 2000 at 12:58:03AM +1000, Daron Barndon wrote: > VFS: Disk change detected on device ide1(22,64) > Any ideas? Doesn't Win^H^H^Hredhat have some daemon running that detects when a cdrom is inserted and prompts you if you want to mount it? I'd guess that it something along those lines thats causing the problem. But the lockups might be unrelated. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Weird Error
On Sat, Aug 19, 2000 at 04:03:44PM +1000, Daron Barndon wrote: > Thats what I thought as well - but he gets the message scrolling quite > quickly - not through changing the CD. A program is continuously trying to mount or open the cdrom device, thats why you're see the message. Even though there's no cdrom in the drive, even though you haven't opened the tray, something is still trying to mount it. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Weird Error
On Sat, Aug 19, 2000 at 07:45:19PM +1000, Daron Barndon wrote:
> If only I knew what... Thats the problem...
Try magicdev.
"magicdev. This is a little daemon that runs on behalf of the user and mounts
and unmounts CD-ROMs and other removable media. "
This should get you started, search around on google, www.redhat.com,
www.gnome.org, etc.
Basically, try killing magicdev, see if the VFS messages stop, see
if the lockups stop.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Weird Network Behaviour
On Wed, Aug 30, 2000 at 10:20:29PM +1000, [EMAIL PROTECTED] wrote: > > Hi all, > > I have a *Really* weird networking problem - and I'm hoping it is > something obvious that I have missed. Run tcpdump on the ippp0 interface, it will help track the problem. If I had to guess, I would say that the destination address your box is sending is wrong. Your routing table does look a little weird, eth0 has a host route, when it probably desn't need one, but ippp0 has a subnet when it only needs a host route, but it should probably still work. Heres mine for reference. Destination Gateway Genmask Flags Metric RefUse Iface 10.1.1.10.0.0.0 255.255.255.255 UH0 00 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 10.1.1.10.0.0.0 UG0 00 ppp0 > This seems really strange and not what I expect to see. > Any ideas ? It might help if you post your ppp config and a few lines of tcpdump. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Weird Network Behaviour
On Thu, Aug 31, 2000 at 07:22:00PM +1100, chesty wrote: > Run tcpdump on the ippp0 interface, it will help track the problem. > If I had to guess, I would say that the destination address your > box is sending is wrong. Duh, I meant source address. ie traffic originating on the box, leaving on the ippp0 interface should have a source address from the ippp0 interface. I've seen it get confused about source ip addresses before. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] OT NT on train timetable screens vs indicator boards
When the train reaches the end of the line, it carriage returns. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Help - Disaster Struck
On Fri, Sep 01, 2000 at 03:40:00PM +1000, Steven Kerr wrote: > The superblock on an importnant hard disk has fried. > > Moving the disk to the second drive on a system and attempting to > mount it result in messages about the superblock being corrupted and > its an invalid ext2 fs. > > fsck -t ext2 also fails. It is definitely an ext2 fs. First try a non destructive way, like: strings /dev/hdb | less then search for some text thats in the config file, it might be a slow way of doing it, but you can't do any more damage to the disk. Or read the Filesystems-HOWTO, section 2.1.2 Repairing corrupted partition table, theres a few programs like findsuper, Fixdisktable, gpart, rescuept. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Sawmill keeps logging out after periods of inactivity
On Mon, Sep 04, 2000 at 02:45:14PM +1100, James Wilkinson wrote: > If i leave my box for a few hours while logged in (via gdm), i come back > to the machine and find myself back at the gdm login screen. > > Does anyone know what's doing this and how I stop it? I'm using the same and haven't had any problems. It could be a dicky screen saver or apm. Look at your screen saver settings in control center and try disabling it. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Win4Lin on reiserfs partitions
On Tue, Sep 05, 2000 at 12:03:29PM +1100, Jim Clark wrote: > > specifically, it is failing in the mkimg stage of the install. > trace reveals that it is doing a statfs(). > > If anyone knows of more relevant lists to post this to (I havn't gone > searching yet), could you please let me know, or forward this info > on. Linux-kernel mailing list would be the place. There is a archive here: http://www.progressive-comp.com/Lists/ This might interest you: http://marc.theaimsgroup.com/?l=linux-kernel&m=95954485119513&w=2 ReiserFS 3.6.7 is available at http://www.devlinux.com/namesys Fixes a timestamp bug. statfs now sets f_ffree and f_files both -1 (as man 2 statfs promises) (thanks to Sami Farin for finding that) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Something wierd in pop
> > Interesting. Maybe your modem obeys the guard tone requirements on > incoming, but not on outgoing traffic? I dunno. I think the +++ has to come from the DTE, thats why they used ping for the DOS, the echo reply normally contains a number of bytes from the "pay load" of the echo request. Theres another character for remote command, but I don't think its enabled by default. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] /var/adm/mount - what is it???
On Fri, Sep 15, 2000 at 05:56:36PM +1100, Terry Collins wrote: > Can someone explain to me why an application would expect my CD to be > mounted to /var/adm/mount? I'd say the app wasn't developed for linux then. adm is for admin I think, mainly for log files, but also other files that would be of interest to the administer. I seem to remember /var/adm being a symlink to /var/log on some older linux distributions, it doesn't seem to be there now. > CDs belong on /cdrom, mnt/cdrom, mnt/cd0, etc in my book. CDs belong in /dev/cdrom, or when not in use, /dev/shelf. > When did this stuff start? Or maybe, when did this stuff stop? -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Samba
On Sat, Sep 16, 2000 at 11:34:34PM +1100, marty wrote:
> is there a methodolgy anyone uses to debug SMB ?
RTFM? :)
Have a look at the DIAGNOSIS.txt which should come with
your distribution.
Also HINTS.txt.
HINT: Always test your smb.conf with testparm before using it
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] printcap settings and Windows printer
On Sun, Sep 24, 2000 at 07:18:42AM +, Subba Rao wrote: > I have installed a HP Deskjet printer on a Windows boxen which is networked > to the Linux box. Currently my samba settings do allow Linux disk shares to be > accessed from Windows. I'm a bit confused about what you are trying to do. Are you trying to print from linux, to a printer shared by a windows box? I don't think your samba settings is relevant for printing to windows from linux. > /etc/printcap > === You're missing the :if line, which is basically a wrapper to smbclient. > /etc/hosts.lpd > === This isn't relevant either, this lets the windows box use a printer connected to your linux box, and I don't think its needed at all for smb. Have a look at the docs, man pages, etc, for smbclient and do a few test prints using smbclient, if you like. But I used printtool to set /etc/printcap up for me, it only took a few minutes, and there's no need to RTFM either :) Thanks to the good folks at debian. And redhat gets a small thanks as well :) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] overload during network device transfer
On Tue, Sep 26, 2000 at 09:24:41PM +1100, [EMAIL PROTECTED] wrote: > As long as a transfer involves 1024 bytes of data (within the nbd > transfer packet scheme), there is no problem. This happens > during transfer to "normally" mounted nbd devices. > > However, the swap function sends 4096 bytes at a time. You will actually > get perhaps ten of these transfers working properly, making a total of > up to four read()'s each to transfer the 4096 byte nbd packet. This is > transferring the data from the netstation to the server. I was just doing a but of research on tuning linux for large server programs and came across this proc file: /proc/sys/vm/page-cluster The default value is 4, I'm totally guessing that if you echo 1 >/proc/sys/vm/page-cluster it might swap at 1024 bytes at a time. (or one page at a time) If anyone would like to help me with tuning tips for a server that may create lots of processes or threads, have lots of files open, etc, etc, I would be grateful. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] FD limit - 2.0.x
On Fri, Sep 29, 2000 at 10:51:36AM +1000, Stephen Mills wrote: > Hi, > > Can someone point me to a patch for the 2.0.x kernel to increase the FD > limit on the kernel ? I've just be doing a similar thing for 2.2. I found this page to be good, http://www.volano.com/linuxnotes.html, its for 2.2 but it will still help. It also has a small program to test how many FDs you can open. I put "linux 2.0 file descriptors max" in to google and came up with heaps of relavent hits: http://www.uwsg.iu.edu/hypermail/linux/kernel/9606.3/0200.html http://www.linux.org.za/filehandle.patch.linux/filehandle.patch.linux.smoor -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] rsh, Mandrake 7.1 PVM, beowulf problems
On Fri, Sep 29, 2000 at 08:05:17PM +1100, Brent Miszalski wrote:
> mandrake 7.1 and have no Idea how to get rsh to work. I can install pvm
try `chmod 600 .rhosts`
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] ICMP Redirects
On Mon, Oct 02, 2000 at 04:36:11PM +1100, Howard Lowndes wrote: > The question is "How do I stop the redirect messages?" Check /usr/src/linux/Documentation/proc.txt for details, but: echo "0" >/proc/sys/net/ipv4/conf/eth1/send_redirects should do it. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Monitoring a modem
On Sat, Oct 07, 2000 at 09:16:16AM +1100, Howard Lowndes wrote: > The modem answers an incoming call and hand shakes OK and goes on line, > but a few seconds afterwards drop the line. This can happen if the modem doesn't get DTR from the computer, check that you have the DTR (or TR) led on. If thats the problem then you can tell the modem to ignore DTR with at&d0 (from memory, check your modem manual) Are you using /dev/ttyS?, /dev/cua? are obsolete. Did you just upgrade the kernel or the distribution? If you just upgraded the kernel, and the distribution isn't 2.2 ready you might need to upgrade some software. Have a look at /usr/src/linux/Documentation/Changes Try using minicom for some testing, it might help narrow down where the problem is. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] [SLIGHTLY OT] Machine Names
On Sat, Oct 07, 2000 at 11:28:00AM +1100, Dan Treacy wrote: > I've decided to buy everyone at slug a beer. > All entries gratefully accepted. :-) Anand, Gus, Jeff and Ken :) There's an RFC on this topic. http://mirror.aarnet.edu.au/rfc/rfc1178.txt In order to easily distinguish between multiple computers, we give them names. Experience has taught us that it is as easy to choose bad names as it is to choose good ones. This essay presents guidelines for deciding what makes a name good or bad. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Email problem
On Sun, Oct 08, 2000 at 02:28:02PM +1100, Alan L Tyree wrote: > Hmm. That's interesting since I have a relatively new (although cheap) > modem. A D-Link DFM-560E. > > Is there some sequence I can send the thing to avoid this kind of > problem? Looks like Howard Lowndes owes you a beer :) A few days ago he used the magic +.+.+.ATH0 in an email, although I don't know what digest its in, I'm assuming. He also gave the answer to your problem in his message. You might have be able to save the digest, compress it, then download it to avoid the problem. According to Howard setting the S2 register to 255 should fix it. (Is that ATS2=255 ?) Thats assuming its your modem thats causing the problem, I think it might be the other end, because usually the +.+.+ needs to come from the DTE, when its received from the line it has no special meaning (but your modem might be broken in two ways). -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Beginners Home Network
On Wed, Oct 11, 2000 at 04:15:11AM +1100, James Wilkinson wrote: > On Tue, 10 Oct 2000, Heracles generated: > > >Depends entirely upon what you want to do. If you are only > >networking two machines together then use a crossover cable > > I just want to make a point that not all NICs like crossovers, I've heard of problems where two nics connected together wouldn't work, manually setting the speed, etc, fixed the problem. Perhaps they were both trying to auto negotiate, or they were both trying to sense a signal on the wire before sending one... "People are making PCI ne2000 clones! Oh the horror, the horror..." (from the kernel source :) I'm using an ISA ne2000's and a PCI ne2000 clone at home and they work, thats all I care about for home use. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Is this a routing problem?
On Thu, Oct 12, 2000 at 12:01:11PM +1000, George Vieira wrote: > Did you notice that Neuro has the IP for ETH0 but it's not listed in the > routing table? I think that seems a little weird... not sure if it's OK or > not.. I checked my box and it doesn't have the host route either. I have seen a problem twice now with old isa ne2000 clones where it would go to sleep, it couldn't be pinged from a remote box until you generated some traffic locally. I ended up putting something like `ping -qi10 somebox &` in a startup script somewhere. Eventually the card was changed and the problem went away. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Netfinity 5600 and Linux with RAID 5
On Thu, Oct 12, 2000 at 04:33:01PM +1100, Dean Hamstead wrote: > > I booted the CD and typed `linux dd` and when it found the files it worked > > beautifully. > > Funny thing though it sees it as a very large /dev/hda (or was it sda) 34GB > > drive and not a mda0 like a normal raid would... I think it's because it's > > running hardware raid not software. > > sda hda is for ide, and mda is only used with software raid, with > hardware raid the system sees the device as your run of the mills block > device (basically) hence hardware raid =) I've setup a compaq smart array and you don't use /dev/sda directly, if you did that, you wouldn't be using the hardware raid. Instead you use /dev/ida/c0d0. I would guess its a similar situation with other raid cards, but it probably isn't /dev/ida, but something else, like /dev/rd. What sort of raid card is it? cat /proc/pci should list it. > VFS: Cannot open root device 08:08 08:08 is /dev/sda8 I think, is that your root partition? -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Netfinity 5600 and Linux with RAID 5
On Thu, Oct 12, 2000 at 04:35:24PM +0800, Ho Ming Shun wrote: > You said you downloaded the device drivers. That means you downloaded > modules. The root device cannot be built as a module, but rather must be > compiled into the kernel. > > From what I gathered, it worked previously coz that was the installation > disk, and the raid disk was not the root partition during installation. > > The error message is due to the kernel trying to load a raid driver from a > raid drive. Kinda like a chicken and egg problem. > > Try to get the sources and compile it into the kernel. Or use initrd, which I think redhat uses for its default kernels. I'm starting to think this raid card does use /dev/sda, etc, for its logical drives, its a bit different from the smart array. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Script to fix filenames
On Thu, Oct 12, 2000 at 09:31:05PM +1100, Nick Croft wrote:
> I keep getting batches of jpegs without the .jpeg extension (or any other
> permutation).
>
> What area of scripting should I look to in order to add the extension. Is
> sed able to work on filenames in a directory as it doeson words in a file?
>
> I've got over 200 of these and there are more to come.
for a in `file * | grep JPEG | grep -v .jpg | awk -F ":" {'print $1'}` ;
do mv $a $a.jpg ;
done
I'm not very good with awk, but I think you can get rid of the
greps and use one awk statement.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Masquerading (I think)
On Fri, Oct 13, 2000 at 08:26:26PM +1000, Jon Biddell wrote: > 1. Everything internally can ping everything else. > 2. Gateway can ping the 'net. > 3. Nothing else can ping the 'net. Theres a kernel option to masquerade ICMP traffic, CONFIG_IP_MASQUERADE_ICMP, perhaps its turned off. > 4. (This is the killer) - SWMBO's EvilWare machine can surf / download > from her POP3 account. Is this a problem? A firewall doesn't really care what account an IP packet came from, it just looks at the ip and port numbers. You need to set up a proxy server if you want accounts. > Oh, gateway can browse http pages, but not https. It might be a proxy setting problem with your browser? -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Linux SMP kernel
On Mon, Oct 16, 2000 at 03:49:30PM +1000, George Vieira wrote: > Guess what? I got the damn Netfinity machine working, no thanks to IBM. Teaser :) Why don't you post how you did it so others behind you won't have to go through the same problems. > What I'd like to know is how can I show either in GUI or text mode the > amount of load is on each CPU. > GTOP is the closest thing I've got but does not contain a history (graph > form). mpstat is useful, but no graphs. http://www.mindspring.com/~joeja/programs.html GKrellM is a single process stack of system monitors It monitor heaps of things, as well as: SMP CPU monitor that can chart individual CPUs and/or a composite CPU. http://web.wt.net/~billw/gkrellm/gkrellm.html -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: aic7xxx.o (Re: [SLUG] One for the Kernel Guru's)
On Wed, Oct 18, 2000 at 03:17:07PM +1100, Dean Hamstead wrote: > Im running a nice dual p3 800 (gig ram, hardware raid..) > and it persists in trying to load the aic7xxx.0 module, > even now i have the raid driver inbuilt it still attempts > to load... The raid driver doesn't replace the scsii driver. I'm talking from my limited experience, other raid cards might be different I guess. The raid array I setup has hard drives connected to 2 scsii cards, the raid card is a seperate card. The scsii driver's loaded first, then the raid driver. /proc/pci and /proc/devices shows both scsii and raid devices. Access to the logical drive, which in my case is 5 physical drives, is through the raid device nodes, not the scsii ones. Is this different to you system? -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Network Security Fest
On Mon, Oct 23, 2000 at 11:39:16AM +1000, David Kempe wrote: > SLUG is having a Network Security Fest/Forum! > > If anyone has any suggestions as what they would like out of a linux > security forum/fest please reply as well - all suggestions seriously > considered :-) I think filtering firewalls are well documented in linux, but security is based on ip addresses, doesn't work to well with DHCP, etc. I'd be interested in hearing more about application proxy servers with authentication, in particular I'd like to know more about proxying X with authentication. I'm discovering its not such an easy thing to do. So far I've looked at TIS firewall toolkit, but its not ideal, out of the box you have to use xhost to allow the firewall to connect to your X terminal, telnet to the firewall, login to the firewall, start the X proxy, telnet to the remote box, login to the remote box, set your display then start your X applications. Its clunky and not very secure (xhost and telnet), which defeats the whole purpose of putting a firewall in. Any suggestions? The alternative is a commercial firewall, which some people are pushing for anyway. I'm hoping to get something up and running using linux, then let them decide if they still want to go with commercial firewall, or stay with linux. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Network Security Fest
On Mon, Oct 23, 2000 at 09:25:58PM +1100, Angus Lees wrote: Thanks for the suggestions tom and angus, > redirecting over ssh - probably the most secure. the encryption slows > things down a bit. automatically running xauth on other machines tends > to upset the really paranoid, so don't forward X unnecessarily. I'm a bit paranoid with ssh, to be honest I don't know a lot about it, but I do use it to forward stuff around that has been blocked by other peoples firewalls. Can't let them do that to me :) > xfwp - X proxy for use on gateways. not really an authentication thing > - more of a firewall/sysadmin thing. Here I am searching far and wide for possible solutions and there's one right right in front of me already on my box. I've only briefly looked at the man page, but it looks interesting. > lbxproxy, dxpc, etc - compression/caching proxies for low-bandwidth > (eg: over a modem) X connections. lbxproxy is the "official" X11 LBX > extension implementation, dxpc is not. I've used lbxproxy before, its been in the back of my mind. The idea is to only let certain users through, not just certain ip addresses. ie, Someone might have a shared PC which only one person requires access, or someone might be roaming around from PC to PC and needs access from where ever, or someones PC might be setup with DHCP, etc, etc. I've also briefly looked at socks, socks5 looks like it might be useful, maybe not for X, I don't know, but it hasn't hit debian as far as I can see, I've only got socks4. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Outgoing port-redirection
On Tue, Oct 24, 2000 at 03:06:33PM +1000, Doug Stalker wrote: > > So: Is it possible to set up rules with IPchains (or something similar) > so that all packets to be forwarded to a particular port number (-p TCP > --dport XXX) get sent using an interface different to the one specified > in the routing table, while still being masquraded? Mark the packets you're interested in with ipchains (man ipmasqadm) and masquerade them. Use policy based routing to route the marked packets to a different interface. http://www.compendium.com.ar/policy-routing.txt -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] MS goes Open Source - sort of
On Fri, Oct 27, 2000 at 10:12:12AM +0100, Jim Hague wrote: > Today's food for thought. You have obtained the entire source for, say, W2k and > O2k. What do you do with it? Fix some bugs and send patch back to MS? maybe not :) Useless stuff I recently discovered. I copied and modified this from the ldbc thread a while back, its a procmail thing in case it isn't obvious. Stick it before any other slug lines. :0c * ^TOslug | esdplay /usr/share/sounds/gnibbles/appear.wav it plays a short, soft sound when ever I get slug mail. It sounds rather interesting when I first dialup and fetch a whole bunch of slug messages at once. Its a bit wrong though, I think it pipes the message to esdplay, but that doesn't seem to affect anything. Which gives me another idea: :0c * ^TOslug | esdcat -r 999 Listen to slug :) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Memory problems
On Tue, Oct 31, 2000 at 04:33:30PM +0800, Dion Curchin wrote: > Hi there, > I'm having some problems with a Mandrake 7.2 beta...it fails to > detect my 256 MB of ram. Instead in decides I have only 16 and consequently > my smp machine runs like a dog, KDE is impossibly slow to initialise. I've > looked through a number of books and docs and not found anything meaningful. > Are there any boot commands I can give at startup to tell my machine that I > have a specific amount of ram or whatever?? I vaguely remember that if you have some memory hole setting in the bios turned on, this can happen. This happened to me on an old compaq server but I couldn't find any memory hole settings, still, its worth checking anyway. Otherwise the bootprompt howto has the answer, adding something like append = "mem=256m" to /etc/lilo.conf should do it. If you tell the kernel you have more memory than you really do it will crash, I've heard its safer to use the the number the bios reports when it boots, normally in kilobytes. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Hi, I'm sorry to bother you but I need some assistance with NFS in Suse's version of Linux. I have
> > Hi, I'm sorry to bother you but I need some assistance with NFS in Suse's > > version of Linux. I have edited the /etc/exports file, got the corrects > > daemons running but when i type (on the client) mount my ip:/dev/hdb6 > > /newhdit returns with the following error message reason given by > > server: Permission Denied I have been working on this problem for about a > > week and a half and I've been through the Suse book and the Linux book. > > If you have any suggestions please let me know. Thank You > * /etc/exports would have to be exporting to an IP, why not use DNS or /etc/hosts? I've got stuck on a similar problem before, followed the instructions to the letter but it still wouldn't work, for me the fix was to add the clients ip address and name to /etc/hosts on the server. (The client wasn't in the DNS) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: Debian newbie guide for existing linux users
On Thu, Nov 02, 2000 at 06:09:44PM +1100, Jeff Waugh wrote: > > > > apt-get install vomit-bag > > > You've created a monster. echo "deb-virtual car://jeff.waugh/home/kitchen/frige cold main freezer crisper" \ >> /etc/apt/sources.list apt-get update apt-get install beer -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Squid performance
On Fri, Nov 03, 2000 at 10:18:15AM +1000, Marshall, Joshua wrote: > I do notice that on some web pages I have viewed recently it is getting > them from the main site rather than using the local cache (even only a > few minutes later) Some browsers seem to ask for a fresh copy every request, so even though the page might be in the cache, the cache is told to download it again. You could try playing around with "refresh_pattern" and "reload_into_ims". -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Adding a user to a group
On Sun, Nov 12, 2000 at 03:20:22PM +1100, Jeff Waugh wrote:
> usermod? Then you don't even have to use vi! :D
I don't like the way usermod handles adding users to groups.
ie if jeff already belongs to group video and games
and you want to add gnats to that list you have to do:
usermod -G video,games,gnats jeff
and to delete games
usermod -G video,gnats jeff
An easier way in debian is
adduser jeff gnats
deluser jeff games
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] memory usage monitoring
On Mon, Nov 20, 2000 at 04:40:33PM +1100, Alister Waller wrote: > Whats a good way/tool for monitoring memory usage and the processes that are > using it? Beats me. I would like to know more about this sort of stuff, though. Top can sort processes by memory usage rather than cpu, press "M" while in top, man top will explain what all the fields mean. I also use ps, ie ps -A -o pid,majflt,minflt,trs,drs,rss,sz,%mem,start,comm --sort majflt I normally sort by majflt, because thats the number of times a process has needed to load a page of memory in from swap. (Thats my wording, I could be wrong) And swapping slows the whole system down, so I want to know whos swapping the most. Be careful if you're comparing majflt's of different processes, one process may have been running for an hour, and the other one a month. Also look at procinfo and procinfo(8) proc(5),ps(1),top(1) ps, and to some extent top, only tells you about process that are running right now, those are the processes that normally hang around for a long time, they don't normally record short lived processes. And they don't tell you about a process that died sometime ago. I have no idea how to record those, but I would like to know. Perhaps acct is the answer, but I haven't looked at it. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Hardware flow control on serial ports
On Mon, Nov 20, 2000 at 06:42:55PM +1100, [EMAIL PROTECTED] wrote: > I need to disable hardware flow control on the port using minicom to > get it going. > > However, I'm wondering how I would do this without minicom. As far as apt-get clean glasses :) man stty search for crtscts and ixon and ixoff. ixon is to enable/disable flow control on output and ixoff is to enable/disable flow control on input /usr/share/doc/HOWTO/en-txt/Serial-HOWTO.txt.gz man termios if you want to do it in c, or /usr/share/doc/HOWTO/en-txt/Serial-Programming-HOWTO.txt.gz -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] compiling the kernel
On Wed, Nov 22, 2000 at 02:39:47PM +1100, George Vieira wrote: > Is there a way to try an keep the original settings from the older kernel to > the new. I always save my .config to an alternate name, make mrproper deletes .config. If .config gets deleted just copy it back. > Was it just a matter of saving the kernel config and then load it > in the new kernel or would that cause version conflict problems? If you've upgraded your kernel source, "make oldconfig" will skip all the questions you've seen before and only ask you about the new ones. Then your .config should be in sync with the new kernel source. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] xircom pcmcia
On Sun, Nov 26, 2000 at 08:18:57PM +1100, tom burkart wrote: > see any DHCP replies (driver problem I guess), yet when I give it a fixed > IP it works fine... I've had some problems with dhcp clients on pcmcia cards. Pump works OK for me, out of the box, with some dhcp servers, it doesn't work with all servers though. I think its less likely to work with NT dhcp servers. The other one I've played with is dhclient, I think its more likely to work with more dhcp servers, but I found it needed eth0 to exist before it would work. I edited the pcmcia scripts and put "ifconfig eth0 1.1.1.1" just before dhclient gets called and it seems to work OK for me. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Perl & Apache on Suse6.4 - What do these errors mean?
On Wed, Nov 29, 2000 at 05:11:56PM +1100, Terry Collins wrote:
> I'm lost. Can someone help with interpreting what these errors mean?
>
> foreach (keys %ENV) { print "$_: $ENV($_)\n"; }
Try $ENV{$_} instead of $ENV($_)
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Debian Compliment
On Sat, Dec 02, 2000 at 08:19:19AM +, Heracles wrote: [debian] > This may be so, but what does it use to do general config. vi :) I don't think there is a big, buggy, bloated, complicated, do everything badly config program for debian. You could install linuxconf I guess, but you might get teased a bit :) I'm not a big fan of linuxconf, in case you're wondering :) > I want > to install my old bj300 to run on my Debian system. In SuSE I'd > just run yast and have it set up in no time, I've been a debian user by night for years, recently a redhat user by day and I have the same problem as you have, but with redhat. As for print filters, there may be more, but printtool, apsfilter and magicfilter. Try these commands: apt-cache search printer apt-cache search print.*filter apt-cache show printtool etc > It seems I will have > to get my SuSE system to generate a printcap and copy it over - Well thats one way of doing it, I don't think it will work very well though, you'll need more that just a printcap won't you? > and yes, I read the Debian Docs that I had available and could not > find mention of a config utility. vi :) Actually, debian does have its fair share of config tools. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] networking interface questions
On Wed, Dec 06, 2000 at 08:19:46PM +1100, Crossfire wrote: I'm a bit confused by your reply. > With the default going to link2, any traffic this machine routes will go out > through link2 by default. Also, any connections initiated by this machine > will go out link2 unless specifically bound to link1. With the default going to link2, any traffic this machine sends will go out through link2 unless a more specific route exists. > Of course, replies to > these requests will also come in through link2. This is probably not what > you desire. You can't control what interface you recieve packets from. > Uh, no. Replies are *always* sent out the interface the original packet > arrived for. No they're not, what interface they come from is irrelevant. The reply goes where ever the routing table tells it to go based on the destination ip address. (*) The interface the packet was received from is used as the source address. But normally the source address isn't used for routing decisions, only the destination ip address. > > Is there a way to tell linux to source outgoing packets with the address > of the link that it came > > in from? > > I think you mean: s/from/for/ My english is bad, but from makes more sense to me. > > This always happens with TCP anyway [if it didn't, things would break. > fast.]. With UDP, its up to the program to decide how to behave. No, tcp and udp have nothing to do with routing (*). IP is used for routing, the kernel makes a decision about what interface to send the packet based on the packets destination address and the routing table. [Usually > they behave well and reply on the interface they were contacted on, since > clients would probably go "huh?!" if they didn't]. Actually it works fine, and thats how satellite links work. They receive packets on the satellite interface and send them on the land line interface. It works fine. > In fact... if this didn't work, our NAT rig at work wouldn't work at all. ? > > Can ipchains help? > > No. It could help. > > Any help or suggestions on this matter? > > You could possibly use Policy Routing to help. I'm not sure which tool you > use to set up policy routes - I've never had to do this myself to date. * policy routing will make routing decisions not just based on the destination ip address, but also the source address, etc. And using ipmasqadm you can route based on protocol, port, type of service, etc. Basically if you can nail the packets you want with an ipmasqadm rule you can route them where ever you want. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] networking interface questions
On Wed, Dec 06, 2000 at 09:32:46PM +1100, chesty wrote: Hi chesty, > You can't control what interface you receive packets from. Well, you can. > Actually it works fine, and thats how satellite links work. > They receive packets on the satellite interface and send > them on the land line interface. It works fine. It sends the packets out the land lines interface, but instead of using the land line's interface for the source address, it uses the satellites interface. So packets are sent via the land line and received via the satellite link. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] debian apt - what's available?
On Mon, Jan 01, 2001 at 08:11:40AM +, [EMAIL PROTECTED] wrote: > ok this might very well be a dumb question but here goes: There are no dumb questions, just dumb people :) (south park joke, I think) > I've installed debian 2.2r2, done lots of fiddling etc etc and it > pretty much works (jeeze that dselect thing is nice to use! > (that was sarcasm)). I use it sometimes, its a bit of a pain, but you get used to it. The other alternatives are console-apt, gnome-apt, aptitude, there may be more. > Also aside question: why don't I have an rlogind available? apt-cache search rlogind > Another aside, I also can't find elm (well apt-get can't find it), apt-cache search elm I'm not too sure about the apt-cache regex, but the below seems to work OK. apt-cache search "mail.*(reader|client)" -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] CRLF to LF conversion
On Wed, Jan 03, 2001 at 05:27:40PM +1100, Steven Blunt wrote: > http://mirror.aarnet.edu.au/pub/simtelnet/msdos/txtutl/dos2unix.zip > > It also contains unix2dos for going the other way. I find this package > essential, I'm surprised that it's not to be found in any distro I know. You don't know debian? dpkg -S dos2unix sysutils: /usr/share/man/man1/dos2unix.1.gz sysutils: /usr/bin/dos2unix -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Web Server Tuning
On Wed, Jan 10, 2001 at 11:28:53AM +1100, Daron Barndon wrote:
> In addition to my earlier post, does anyone have any detail on how to
> tune a Linux (probably RH) box particulalary to server dynamic web pages
> and JAVA? Is there an optimised JAVA you can purchase (or download) for
> linux?
try looking around at www.volano.com
http://www.volano.com/server.html
http://www.volano.com/linux.html
http://www.volano.com/linuxnotes.html
etc...
and
http://linuxperf.nl.linux.org/webserving/
http://www.kegel.com/c10k.html#java
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Samba prob, having prob getting Windows to ask for a password.
On Tue, Dec 04, 2001 at 11:30:49AM +1000, Michael Lake wrote: > Hi All, > > If I login to Windows as "mike" then [linda] and [mike] directories appear > under the Network Neighbouhood. But you can browse *both* linda's and mikes > directories and windows does not ask for a username/password. The directories are probably world readable. You could add to the relevant share valid users = mike ( or should that be mikel?) Not sure about the password prompting bit, perhaps if the password is the same on windows and samba you won't get prompted? -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] National Bank Internet Banking
On Tue, Dec 11, 2001 at 03:11:46PM +1100, John Nicholls wrote: > > When you log onto the Internet Banking home page and press Login new > service, the bank checks whether you are using one of the supported > browsers, essentially recent versions of Internet Explorer or Netscape > on Windows or Mac. If so, you should go straight to a screen with a I wonder what would happen if you used a proxy server to change the user-agent string to a supported browser? Something like this in squid.conf ( I don't know if this is the correct syntax) fake_user_agent Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) I thought some browsers let you set this also, but I couldn't work out how to do it galeon or mozilla, so I might have been dreaming. btw, ntlmaps is a great little python proxy server that lets non ntlm capable browsers use a ntlm only proxy server. (search for ntlmaps on freshmeat for the url) It also sets the user-agent, I guess to fool the MS proxy server/admins. -- Note: You can skip this section if you want to move on. chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] CPU Restriction
On Thu, Jan 03, 2002 at 03:57:56PM +1100, SH wrote:
> I was wondering if anyone here has had any experience with restricting cpu/
> memory usage for users in a Solaris environment.
Theres nice/renice for cpu. Theres probably lots of way to set it up.
If you set their login shell with a low priority (with pam? or profile?),
everything they run will have a low priority and they can't increase
the priority, either.
There's also ulimt for cpu, memory and other things. But ulimit won't
reduce the amount of cpu or memory used, it will kill the process once
its reached its limit. (man bash, probably other shells have a built in
ulimit command, also)
--
Note: You can skip this section if you want to move on.
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Debian 2.3 Config Documentation
On Tue, Jan 08, 2002 at 12:01:54PM +1100, Richard Luckhurst wrote: > Recently I have been contracted to replace a Win NT server with a > new server running Debian 2.2 (the clients choice). The client is always right. 2.2 or 2.3, both good choices :) > This is my first > experience with Debian although I have installed plenty of Redhat > and SUSE based servers. The first step is always the biggest. Debian is consistent, once you start learning, you'll pick new things up very quickly. > I have found the lack of documentation > about how Debian configure things after the installation quite a > surprise. Does anyone know of any decent documentation on post > installation of a Debian release? So you're looking for the "Secret knowledge of the Debian" pack? www.debian.org www.debian.org/doc apt-get install debian-guide apt-get install debian-policy apt-get install doc-debian Try "apt-cache search debian doc" or "apt-cache search debian.*doc" (the first one might not work on earlier versions of apt) There may have even been a screen at the end of installation that told you where to look for documentation. Another way to go about things is to find something specific that you want to do, but not sure how, then do a few quick searches in the slug archive, www.debian.org and google, if that doesn't help, ask on slug. -- Note: You can skip this section if you want to move on. chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Large File support made simple?
On Tue, Jan 08, 2002 at 01:20:20PM +1100, Luke McKee wrote:
> Has anyone had any success with this or do I have to reconfigure a new
> c-library form source? What patches should I get to (like gcc3 and so on) if
> I need to do this.
woody should have LFS already built in, perhaps you need kernel 2.4 though.
We recently upgrade a few servers to woody because a database was getting
close to 2 gigs and potato didn't support LFS. After the upgrade to woody,
a test database was made that was roughly 40 gigs.
$ dd if=/dev/zero of=bigfile bs=4k count=100
100+0 records in
100+0 records out
$ ls -l bigfile
-rw-r--r--1 chesty chesty 409600 Jan 8 13:33 bigfile
$ tar cf bigfile.tar bigfile
$ ls -l bigfile.tar
-rw-r--r--1 chesty chesty 4096010240 Jan 8 13:37 bigfile.tar
--
Note: You can skip this section if you want to move on.
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] shm
On Wed, Jan 09, 2002 at 10:17:59AM +1100, Heracles wrote: > When I boot with kernel 2.4.16 I get a couple of strange (to me) > things. > 1. If I ask for a df I get an entry in the table for /dev/shm > which has about 64Mb all unused. > This entry is not present when I boot back to 2.4.0. > Any one know what /dev/shm is and why it appears? You might have an entry in fstab to mount a tmpfs filesystem. Maybe 2.4.0 doesn't have tmpfs support built in? have a read of /usr/src/linux/Documentation/Configure.help and search for TMPFS > 2. When using 2.4.16 I can dial the net but pppd dies with an > > Any clues or pointers would be welcomed. No idea, might be a general module problem that is also causing tmpfs not to be loaded in 2.4.0. -- Note: You can skip this section if you want to move on. chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Bios call
On Fri, Jan 11, 2002 at 10:19:22AM +0800, henry wrote:
> How to use Bios call in GCC(Linux)?
http://www.linuxdoc.org/LDP/khg/HyperNews/get/khg/117/1/1/1.html
http://www.linuxdoc.org/LDP/khg/HyperNews/get/khg.html
--
Note: You can skip this section if you want to move on.
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Unclean Unmounting
On Tue, Jan 29, 2002 at 04:15:47PM +1100, Crossfire wrote: > Another possibility is caches/buffers not being flushed to disk > completely before the reset/power-down occurs, however this is a > definately shouldn't happen case. Another shouldn't happen case, if the / filesystem is mounted read/write I think it will be marked as unclean, but you should see a warning about this. -- Note: You can skip this section if you want to move on. chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] BIND9 Blues
David Fisher <[EMAIL PROTECTED]> writes: > david@arachnid:/etc/bind$ sudo /etc/init.d/bind9 restart > Stopping domain name service: namedrndc: connection to remote host closed > This may indicate that the remote server is using an older version of > the command protocol, this host is not authorized to connect, > or the key is invalid. > . > Starting domain name service: named. > > Any advice as to what bind9 config I missed? I got a message like that a few days ago as well. I ran rndc-config, it generates a rndc.conf file and named.conf key statement. I over wrote my old rndc.conf and key statement in named.conf and it fixed it. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PPP authentication via Samba to Windoze?
Peter Rundle <[EMAIL PROTECTED]> writes: > Does anyone have links or other resources that explain how this might be > achieved? I.E replacing a windoze RAS server with Linux, the users still > need to be authenticated via the PDC on the network. I don't know what a RAS server does, but we authenticate ppp with pap against a PDC. Very very briefly: Get ppp dial working, get smb_auth set up, change the file /etc/pam.d/ppp, I removed authrequiredpam_unix.so and added in its place authrequiredpam_smb_auth.so And then all you have to take care of is adding window accounts to the box, either by adding them to /etc/passwd, winbind, ldap, or etc. /usr/share/doc/libpam-smb/ /usr/share/doc/ppp/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Iptables - UDP Frag?
On Fri, Jan 10, 2003 at 09:22:15AM +1100, MacFarlane, Jarrod wrote: > Jan 10 08:57:58 firewall kernel: __FORWARD_DROP__IN=eth1 OUT=eth2 > SRC=10.1.1.72 DST=10.2.0.11 LEN=89 TOS=0x00 PREC=0x00 TTL=127 ID=11435 > FRAG:185 PROTO=UDP > Wondering what it is, and how I can allow it? If a packet is bigger than the MTU of an interface, and doesn't have the DF (don't fragment) flag set, it gets split up into multiple, smaller sized fragments. (not a text book answer, but rough enough I think). > I've allowed tcp/udp on the required ports between the src/dst hosts. If I > allow ALL udp between these hosts it doesn't produce this error message and > works, but I'd prefer to keep the rules as tight as I can. man iptables and search for fragment, it says that with second and further fragments, there is no way to tell the source and destination ports (none are displayed in your syslog message). Theres also some information in the iptables HOWTO. You need to match second plus fragments from particular host regardless of ports with the iptables -f option. -i eth1 -o eth2 -s 10.1.1.72 -d 10.2.0.11 -p udp -f -j ACCEPT I think its safer to tell the kernel to always reassemble fragments, therefore iptables will never see fragments. Its done automatically if you load a NAT or connection tracking module, I'm not really sure how to do it manually any more, there used to be a kernel option. You also might want to look at why its being fragmented in the first place, check MTUs, etc. If you can avoid the fragmentation, it might make things more efficient and reliable. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: web proxy & filtering, was [SLUG] Re: Telstra
On Mon, Jan 15, 2001 at 03:38:15PM +1100, Richard Gooch wrote: > I've already set cache_mem to 2 MB. Despite this, it's using 23 MB. Read chapter 8 of the FAQ for details, but.. Some memory is used for metadata, the bigger your disk cache, the more objects you have in your cache, the more memory its going to use. Basically, it says to reduce memory usage: reduce cache_mem turn memory_pools off reduce cache_swap reduce maximum_object_size My setup is fairly standard, I think. I've got a cache_mem of 8 memory_pools on cache_dir 100M maximum_object_size 1000KB squid is using 8 megs at the moment. > It has the advantage of allowing me to use the same proxy software at > work and home, and to copy (with minor tweaks) the config files. I like the idea of using popular software, even if it is an overkill for home use, to gain extra experience that might come in handy one day in a job interview. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] FD Limit
On Sat, Jan 20, 2001 at 09:34:13AM +1100, Alan Lee wrote: > Hey; Horses eat it. > Incressing FD's on a linux box? Its running slackware, K 2.2.6 http://www.volano.com/linuxnotes.html explains it pretty well. My understanding is there are system wide limits which you can increase by changing /proc/sys/fs/file-max. But there is a hard coded per process limit compiled into the kernel which you have to modify and recompile. This is for 2.2, I don't know what the situation is for 2.4 but I would image its a lot better. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] FD Limit
On Sat, Jan 20, 2001 at 07:24:16AM +, Herbert Xu wrote:
> Actually you can set it using ulimit with either 2.2 or 2.4. Whether the
> application will cope with it is another question.
You can do this, but fd_set will still be limited to 1024.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: Web browsing stupidity [was Re: [SLUG] Greetings. New user question.]
On Mon, Jan 29, 2001 at 04:00:05PM +1100, enterfornone wrote: > Can't say I've tried installing Win3 on my PIII, but 2000 and IE is > considerably faster and more stable than Linux and Netscape or Mozilla. IE probably does start faster than netscape on linux or windows. But you're comparing a browser thats built in to the kernel to one that isn't. try modprobe netscape, its much faster :) As for stability, etc, from what I've seen netscape and IE are comparable. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Home network question - /etc/hosts not understood?
On Mon, Jan 29, 2001 at 02:11:47PM +1100, [EMAIL PROTECTED] wrote: > At home we have 2 machines, on a local ethernet network. > Both are running Red Hat 6.2, and both have very similar config files > (with the appropriate substitutions for machine names and static IP > addresses). /etc/resolv.conf in both cases say to look at files before > going for bind. Both are running the same versions of openssh and > openssl. Have you checked /etc/nsswitch.conf as well as /etc/host.conf? -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] debian/rules
debian/rules, one of the files that makes a debian package, how apt. :) We've been rolling out more and more linux boxes at work (another 10 or so to be added soon) and I've started using more features that makes debian so great. First step was to debianise some locally written programs. It wasn't too hard, just had to follow the "Debian New Maintainers' Guide". Next was to set up a local debian package archive so I can apt-get local packages. The debian FAQ 10.9, has the answer. Basically mkdir -p /var/www/debian/dists/local/main/binary-i386/local mv local-package.deb /var/www/debian/dists/local/main/binary-i386/local cd /var/www/debian dpkg-scanpackages dists/local/main/binary-i386 /dev/null \ >dists/local/main/binary-i386/Packages gzip -9 -f dists/local/main/binary-i386/Packages Then you add to /etc/apt/sources.list something like deb http://debarchive/debian local main I made some task packages that installs a standard set of packages for what ever job the box will be doing, as well as my favourite editor, snmpd, ssh, etc. (added them to the local archives, of cause.) So now when I need to build a new box, I just apt-get or tasksel one of my tasks and I have all the packages installed for the job. Making task packages are really quick and easy, I just copied how one was done. I compile all my kernels on the local debian archive box using make-kpkg and add the kernel to the local package archive and apt-get it. I set the EXTRAVERSION variable in the Makefile to the host name the kernel is going to be installed on. I'm thinking about making some deb packages that makes some changes to config files that I need to edit on every box I install. Nothing too fancy, just things like echo "alias ls='ls --color'" >>/etc/bash.bashrc Its nice to have a standard environment on all boxes. debian/rules, just had to let you know. :) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Home network question - /etc/hosts not understood
On Thu, Feb 01, 2001 at 09:27:49AM +1100, [EMAIL PROTECTED] wrote: > and the strace showed that the slow host *does* read the file > /etc/host.conf first - it just doesn't seem to find the information it > wants there! (Since the NIS stuff starts, afterwards.) If you aren't using nis, you may as well delete all references to it from nsswitch.conf. 192.168.1.1 posh.localdomainposh 127.0.0.1 localhost.localdomain localhost posh For no valid reason, other than it looks different to my /etc/hosts, I'd try making that look like: 127.0.0.1 localhost 192.168.1.1 posh.localdomainposh when you send traffic to a local interface, you are actually sending traffic to the local loop interface. You can check for yourself by doing an ifconfig and then ping -c5 192.168.1.1, then do another ifconfig and compare RX and TX packets on eth0 and lo. If you aren't running a name server, try moving /etc/resolv.conf out of the way. > If I want to modify the source to do some printf()s to trace what's > happening for the reading of the host.conf file - what library should I > be modifying? What provides the functionality for reading host.conf? libresolv.so.2 ? grep -l /etc/hosts /lib/* Basically you want libc6 sources. (Do you really want to hack libc6?) Theres also a ltrace command that traces library calls. Do you have the same version libc6 package installed on both boxes? rpm -qa (from memory) on both boxes and diff them. Basically, I have no idea what the problem is :) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] ICMP redirects.
On Wed, Jan 31, 2001 at 07:14:54PM +1100, Rodos wrote: > When I do a ping it shows a response of "Redirect Host(New nexthop:" > and then the address of the machine which I am usually trying to > ping. If you're on hosta and you're trying to ping hostb, and you get a message saying Redirect Host(New nexthop: hostb), wouldn't that mean hosta and hostb are on the same network? At least the same phyisical network, not necessarly the same logical network. (trying to pretend I know what I'm talking about :) It might be that you have a subnet mask problem, or a dicky route, or perhaps you have more than one subnet on your network and hosta and hostb are on different subnets? -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] what version
On Thu, Feb 01, 2001 at 10:31:15PM +1100, Ben Donohue wrote: > hi slugs, > what's the command to find out what version of linux you are running. > i've got some old redhat boxes fired up and want to see what they've > got. cat /etc/issue might be a more portable way of finding out, it should work on a lot of unix flavours. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] what version
On Fri, Feb 02, 2001 at 06:17:29PM +1100, Crossfire wrote: > Only if your /etc/issue hasn't been "customized". > > I personally suggest you do not rely on /etc/issue. -- Its I personally wouldn't bet my farm on its contents either. Just to be a knob, I've installed an /etc/redhat-release on my debian boxes. And I've aliased linuxconf to ed (that should keep 'em busy for a while :). starfire:~$ linuxconf ? quit ? exit ? logout ? help ? starfire:~$ cat /etc/redhat-release Red Hat Linux release 6.2 (Zoot) starfire:~$ cat /etc/debian_version testing/unstable debian_version could be a little more helpful. So I edited it to so say windows NT 4.0 (build 3812). > metaphorical equivilent to using the motd to work out what colour > shirt the sysadmin is wearing today. a web cam, an algorithm to detect shirt colour, and a bit of perl glue. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] routing problem
On Thu, Feb 01, 2001 at 11:47:12PM +1100, David Kempe wrote: > Actually now i dig into it, that address space is owned by SUN. > That may be the cause of the problem then > hrmmm would that be right? No. The boxes with the 192.9 addresses won't be able to get to the real 192.9 addresses that sun own, but they should be able to see each other. > /sbin/ipchains -A forward -s 192.9.0.0/16 -j MASQ I think this rule will masquerade not just internet traffic, but internal traffic as well. /sbin/ipchains -A forward -s 192.9.0.0/16 -i ppp0 -j MASQ Only traffic going out the ppp0 interface will be masqueraded. You'll have to show us your routing table on the gateway and on a couple of the boxes on different subnets. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Debian Potato -> Sid upgrade.
On Wed, Feb 07, 2001 at 03:28:24PM +1100, [EMAIL PROTECTED] wrote:
> Could someone suggest whay I have done wrong or what I should try. I
> thought Debian would handle the upgrade a little more elegantly.
RTFM
joking :)
I don't know if this is your problem, but sometimes (most times I think)
mirror.aarnet.edu.au is a bit slow and packages are missing from it.
in /etc/apt/sources.list, below your mirror.aarnet.edu.au line,
add a http.us.debian.org entry. ie
deb http://mirror.aarnet.edu.au/debian unstable main contrib non-free
deb http://mirror.aarnet.edu.au/debian-non-US unstable/non-US main contrib non-free
deb http://http.us.debian.org/debian unstable main contrib non-free
deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free
apt-get update
Then I guess you can do another dist-upgrade, or just a upgrade.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Debian Potato -> Sid upgrade.
On Wed, Feb 07, 2001 at 08:28:28PM +1100, David Kempe wrote: > > apt-get update > > Then I guess you can do another dist-upgrade, or just a upgrade. > > Whats the difference between these two commands? RFTM man apt-get (I can't help myself) upgrade only installs new versions of packages that are available if it can. It won't upgrade a package if its dependent on a package that isn't already installed, and it won't upgrade a package if it now conflicts with a package that is installed. dist-upgrade will install extra packages if they are a dependency and will remove old ones if they now conflict. Basically, if you've got potato installed and you want to upgrade to woody you need to use dist-upgrade. If you just want to update to the latest potato packages, you can use the upgrade option. I know I'm being elite, but seriously, read the relevant sections of the apt-get man page for a decent description. Simon will probably have to use dist-upgrade again. I don't think it will hurt to use dist-upgrade even if its not required. And if you're tracking unstable you probably should use dist-upgrade in case new dependencies or conflicts are made. (thats my uninformed opinion, anyway) I also wouldn't use the -f option of apt-get unless I needed to because of a broken package or some other reason. I'd rather have apt-get fail rather than try to half upgrade my system and leave it in a broken state. (hello simon :) -- chesty (debian: A group of elite people who are too sexy for their distribution) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Home network question - /etc/hosts not understood
On Fri, Feb 09, 2001 at 02:40:31PM +1100, [EMAIL PROTECTED] wrote: > > If you aren't running a name server, try moving /etc/resolv.conf > > out of the way. > > This was significant - > > I moved it aside, and suddenly the machine that was slow to login > (while it did a DNS lookup) was fast. > > I.e. coo and posh used to both have the same resolv.conf file, that > said: > > search localdomain > nameserver 203.15.68.3 > nameserver 203.26.10.25 > nameserver 203.26.10.19 > > (for my ISP's nameservers). And of course posh could swiftly login to > coo but coo had to wait for a DNS timeout to slogin to posh. > > Moving resolv.conf aside just on coo "fixed" this. (Don't know why > this shouldn't be true for posh too - except for the next point.) > > But coo is setup to use posh to get to the internet if posh is > connected at the time. (A friend set this up for me.) > > I bet this is the key point, isn't it? So coo has a default route to posh thats up all the time, posh only has a default route when the internet is up? If the above is true, it sounds like posh doesn't have a problem because there is no route to 203.x.x.x, so it doesn't bother to try and resolve names using the name server. coo does has a route to 203.x.x.x, the default route, so it will try to contact it, and wait for the timeout. The next test would be to put /etc/resolv.conf back on coo and delete the default route and how it goes. > Anyway, isn't there a problem with moving aside resolv.conf? Namely, > that without a resolv.conf, coo won't know what nameserver to talk to to > resolve domain names? :) yes. > That seems to me to show that coo correctly gets the IP address of posh > from the /etc/hosts, but then sends some sort of IP packet down a socket > that includes the string "posh" and :localdomain", which seems to be > directed at each of the nameservers listed in resolv.conf. Each one > fails after a short period, then it seems to try again. > > This may account for the delay. I.e. it's not really a DNS lookup at > all. It's trying to validate the names (against spoofing or something?) I think your right, but it is trying to do a DNS lookup, it sounds like its being paraniod (man hosts_access). > Is the system trying to talk to a nameserver to verify that posh and > localdomain are host and domain names that can be trusted? I think it might be doing a reverse lookup, checking to see if the name matches the ip address (or is it the other way around?). > BTW, is this significant? On both hosts, this is what I get from these > commands: I don't know. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] merging all 3 debian cds into one directory on my ftp server
On Mon, Feb 12, 2001 at 01:10:35PM -, Jo Knight wrote: > Ive just got Debian 2.2r2 on CDs and have managed to install it on my humble > 486 CDless laptop via FTP. At the moment i run the ftp server from win98 and > the cds are in /dists/potato, /dists/potato2 and /dists/potato3... what I > want to do is merge them all together so that all all the files are in the > dists/potato directory as currently i have to rename the directory to potato > when i apt-get install something that is not on the first cd. Can anyone > shed any light as to how I might do this...Thanks There's more than one way to skin a cat... apt-move as jeff said, but I think apt-move relies on rsync, and it doesn't work for me when package versions have an epoch. Another way is to use dpkg-scanpackages which is the in the dpkg-dev package. Move all the files under the potato directory, you'll have to mount the drive somewhere on a deb box and do something like. cd /mounteddrive dpkg-scanpackages dists/potato/main /dev/null > dists/potato/main/binary-i386/Packages gzip -9cf dists/potato/main/binary-i386/Packages > dists/potato/main/binary-i386/Packages.gz Do the same for contrib, non-free and non-US/main, etc. Ignore messages about duplicated packages in binary-all, I'm not sure what their about and I'm too lazy to look in to it, everything still works. And pray that smbmount doesn't lock up while you're doing this. I haven't tested it but I think instead of generating your own package files, you could just cat the package files from the cd's together, cat all the mains together, all the contribs together, etc, gzip them. Then move all the deb files under the potato directory and put your Package file in main/bianry-i386, etc. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Routing question
On Wed, Feb 14, 2001 at 05:56:42PM +1100, Des Wass wrote: > ---Internet-LINUX---LAN >| >| > Frame-Relay > (Ports 80 and 23 only) >| >| > ---Internet-LINUX---LAN > > What is the best way to do this? assuming kernel 2.2.x http://www.compendium.com.ar/policy-routing.txt chapter 6. I think your drawing is a bit lacking in detail, to put it nicely :) for sydney: ipchains -I input -p tcp -d melb/24 23 -m 1 ipchains -I input -p tcp -d melb/24 80 -m 1 # Mark telnet and http traffic destine for melbourne with "1" ipchains -I input -p tcp -s sydney/24 23 -d melb/24 -m 1 ipchains -I input -p tcp -s sydney/24 80 -d melb/24 -m 1 # This should mark telnet and http replies that are destine for # melbourne. ip ru add fwmark 1 table 10 pref 2500 ip ro add default via sydneyframerelayip table 10 ip route flush cache # route packets marked with "1" via sydenyframerelayip for melbourne: ipchains -I input -p tcp -d sydney/24 23 -m 1 ipchains -I input -p tcp -d syndey/24 80 -m 1 # Mark telnet and http traffic destine for sydney with "1" ipchains -I input -p tcp -s melb/24 23 -d sydney/24 -m 1 ipchains -I input -p tcp -s melb/24 80 -d sydney/24 -m 1 # This should mark telnet and http replies that are destine for # sydney. ip ru add fwmark 1 table 10 pref 2500 ip ro add default via melbframerelayip table 10 ip route flush cache # route packets marked with "1" via melbframerelayip http://www.ds9a.nl/2.4Routing/HOWTO//cvs/2.4routing/output/2.4routing-4.html would also be a useful read, as well as ip-cref.ps it requires the iproute package and CONFIG_IP_ROUTE_FWMARK kernel option set. advanced ip routing is fun, you can do all sorts of neat things like making your bosses internet access slow as a dog, etc, etc. :) Let us know if it worked, or if you need a little more help, or if someone spots a mistake, speak up :) -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Shadowing
On Thu, Feb 15, 2001 at 11:30:13AM +1100, Scott Ragen wrote:
> I believe it is possible to shadow users in linux as to just watch what they
> are doing, and perhaps interact/interviene?
ttysnoop
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] ipmasqadm - port forwarding
On Fri, Feb 16, 2001 at 04:55:53PM +1100, Chris Stokes wrote: > Echo 1 > /proc/sys/net/ipv4/ip_forward > Ipchains -F > Ipchains -P input accept > Ipchains -P forward accept > Ipchains -P output accept > Ipchains -A forward -i eth1 -s 192.168.0.0/24 -j MASQ > Ipmasqadm portfw -f > Ipmasqadm portfw -a -P tcp -L 200.1.1.1 80 -R 192.168.0.175 80 It looks OK to me, as long as eth0 is 192.168.0.x and eth1 is 200.1.1.1 You should be able to telnet from 192.168.0.175 to 200.1.1.2, and 200.1.1.2 should think that 200.1.1.1 is telneting to it. If this test works, then your portfw rule should work also. ie port forwarding works by reverse masquerading. Another way to do it is using mfw. ipchains -I input -p tcp -d 200.1.1.1 80 -m 1 -i eth1 ipmasqadm mfw -A -m 1 -r 192.168.0.175 -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] pam_smb anyone ?
On Mon, Feb 19, 2001 at 05:02:26PM +1100, dennis wrote:
> My appologies if this is not the place to ask.
> Just windering if anyone has had any experiance with pam_smb ?
Yes, there are lots of people. I couldn't tell you how many people, but
using google there are 435 hits on pam_smb. Compare that to 7140 hits
hits on pam_ldap, you could draw a conclusion that more people have
experience with pam_ldap.
If you have a question about pam_smb you should ask it.
If you just wanted to know if anyone has experience, the answer is yes.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Environment Variables
On Wed, Feb 21, 2001 at 02:07:16PM +1100, Crossfire wrote: > yes, you set it in the environment one level up. > > Of course, this may not be practical in most cases. > > In which case you add it to your .bashrc/.profile/.login/.whatever so > it gets set when you log in. Is that the full answer? Don't you need to export it as well? TOMCAT_HOME=/dev/bush JAVA_HOME=/dev/mug export TOMCAT_HOME JAVA_HOME "export: The supplied names are marked for automatic export to the environment of subsequently executed commands." -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Environment Variables
On Wed, Feb 21, 2001 at 03:49:18PM +1100, Crossfire wrote: > > TOMCAT_HOME=/dev/bush > > JAVA_HOME=/dev/mug > > > > export TOMCAT_HOME JAVA_HOME > > Thats sh/bash specific. Yes it is, from memory "setenv JAVA_HOME /dev/mug" will do it with csh. But all normal linux people use bash, its a given :) > and unless you export it, it doesn't actually > become part of the environment anyway, Exactly. $ TEST=123 $ echo $TEST 123 > so what I said still holds true OK then. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] ipchains question
On Wed, Feb 21, 2001 at 05:49:31PM +1100, Danny Yee wrote: > When I try to turn firewalling on, I'm having long DNS delays, and reports > like this in my logfile > > Feb 21 17:41:53 stravinsky kernel: Packet log: input DENY ppp0 PROTO=17 >129.78.###.###:65535 129.78.###.###:65535 L=28 S=0x00 I=19120 F=0x4022 T=252 (#17) > (with actual IP addresses #ed) I think the best way to fix your problem is to recompile your kernel and set the option "IP: always defragment" to yes. The packet being dropped is a fragment, you could also fix it by using the -f option of ipchains. man ipchains for details. Apologies if you get this message multiple times. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] Firewall security audit report
We had our linux firewalls audited and I wanted to get some opinions on some of the issues raised. We were advised to turn sshd PasswordAuthentication off because it allows clear text passwords. hey? That doesn't sound right. Mount partitions read only where possible. I guess this is a good idea, but in what situation would this add security? You need to be root to be able to write to the partitions that I could mount read only, and if someone gets root, they can remount partitions read write. Remove man pages. Again, I can't see the harm in doing this, but I can't see the point. Remove unnecessary binaries. A good idea no doubt, but the firewall doesn't allow shell access, and the way I see it is if someone gets shell access they can upload their own bin's. It doesn't mention it in the report, but would mounting /home, /tmp and /var with noexec help? It might stop a non root user from running their own programs, but it won't stop root. Capabilities wasn't mentioned in the report, and I haven't removed any (yet). Time to do some reading on removing linux kernel capabilities I think. What do people use for analysing firewall log files? Theres 84 projects under that category on freshmeat. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] porting serially
On Tue, Feb 27, 2001 at 10:10:55PM +1100, [EMAIL PROTECTED] wrote: > Hi, > If you need to get a small file from one RH6.2 machine to > another, and can't use networking, floppy, Zip etc > but have a null modem, how do you pipe data into/out of ttyS1? > I tried it with cat; the results were recognisable but damaged > owing to lack of stop/start control. > Cheers, > Jim Donovan One way out of many, if its ascii, or if you want to uuencode it if its not. ascii-xfr -s -l 200 -c 50 file > /dev/ttyS1 ascii-xfr comes with the minicom package on my system. And I haven't tested to see if it works. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
On Tue, Feb 27, 2001 at 09:18:25PM +1100, Terry Collins wrote: > > Mount partitions read only where possible. > > I guess this is a good idea, but in what situation would this add security? > > You need to be root to be able to write to the partitions that I could mount read > > only, and if someone gets root, they can remount partitions read write. > > For a firewall, you want to prevent anyone being able to fiddle with it > and one way is to prevent people writing to it is to make it read only. Non root users can't write to it because of file permissions, root users can remount it read write. You haven't convinced me. Reading other peoples responses I can see some value in it. > Tricks like Remote logging, Are you talking about syslog out a serial port? Is that a trick? > temporary files in ram, I guess I should check the archives for this one. > boot off CD, If someone has physical access there is little that you can do to stop them getting in. You could slow them down but thats all. ie password protect the bios, disable booting off removable media, password protect lilo, etc. But that still doesn't protect the box from physical access. And if someone has physical access, why bother with the firewall at all? Just disconnect the firewall and plug a laptop in. > > Remove man pages. > > Again, I can't see the harm in doing this, but I can't see the point. > > If you don't know what to do, why are you fiddling with box. I may not know as much as someone like yourself, but that is the reason we got the security audit. > Basically, > if someone gets in, man pages help them know the particular variety of > your box. Are you serious? if someone gets in the game is over, they already know enough about the box, wouldn't you say? There are bigger give aways than man pages though. less /var/lib/dpkg/status, and I assume a similar way for redhat. > > Remove unnecessary binaries. > > A good idea no doubt, but the firewall doesn't allow shell access, and the > > way I see it is if someone gets shell access they can upload their own bin's. > > Yes, but they still have to upload them, which takes time, which > increase the chances of discovery, etc. If you don't need it, then it > shouldn't be there. I agree, but really, you're over stating how hard it is to upload files. > > It doesn't mention it in the report, but would mounting /home, /tmp and /var with > > noexec help? It might stop a non root user from running their own programs, but it > > won't stop root. > > Are we talking about a firewall or what. > There shouldn't be any users on the firewall. We have had to make some compromises, time, money, usability are all facters that needed to be considered. At the moment its part firewall, part bastion host. The only daemon running at the moment is sshd, and thats to allow X. X isn't secure, but its needed, we have made a compromise. Using sshd for X forwarding may not be the best way, but it was the quickest and cheapest way, another compromise. Users can't get an interactive shell on the firewall, at least thats the aim. We are in the near future going to remove X forwarding via ssh and remove the need for having user accounts on the firewall. We have been advised to run ntp on the firewall so log time stamps are in sync. Another potential access point. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
On Wed, Feb 28, 2001 at 10:49:32AM +1100, Umar Goldeli wrote:
> > Are you serious? if someone gets in the game is over, they already know enough
> > about the box, wouldn't you say?
>
> The above statement is not exactly correct, but yes they do know about the
> box somewhat, and even if the man pages help them for 30 seconds, it's too
> much.
Theres actually nothing very interesting on the firewall (except for the man
pages), if someone gets a shell (root or otherwise) then game is over, they
can bounce off the firewall and attack the hosts its trying to protect. Non
root will have to work around the filters, both input and output are
filtered, but that won't stop them. If a cracker wants to spend time rooting
the firewall I wish them well, at least while they are trying to get root on
the firewall, they aren't trying to attack other hosts.
> Correct. As well as seemingly harmles binaries like "uname" and even the
> layout of the filesystem.
Removing uname isn't going to buy me much.
find /proc -exec less {} \;
/proc is bad, mmmkay.
I've never tried to run a box without proc, I might give it a go.
> > We have been advised to run ntp on the firewall so log time stamps are in
> > sync. Another potential access point.
>
> Bind ntp to a particular interface and only allow port 123 from your ntp
> server, also turn on the funky auth features (or you could do ipsec to
> your ntp box ;)
You bring up a good point about ntp auth, obviously ntp will be filtered, but that
won't stop forged packets (and unfortunately, neither will some of our routers
(yet)). I wonder if someone could send bogus ntp packets and shift the time on
the firewall?
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
On Wed, Feb 28, 2001 at 10:15:13AM +1100, Umar Goldeli wrote: > > Removing binaries just means the attackers have to get them in via > > some other means. > > Indeed. You're buying time. Time is good. If your attacker can't readily > telnet, ftp, ssh, scp, rcp, wget, lynx etc - he's going to have to try > much harder. And what also happens if there's no compiler on the box? Theres no c compiler (but they could upload bin's I suppose) but there is perl, I'll have to check if perl is needed. > better yet, your border router acls do not allow connections ORIGINATING > from your firewall outbound? Unforunately, at the moment it has a proxy running. > Agreed throughly about the turn of all listening services bit. :) Sorry, did you say something? > As for logging - the safest way to keep logs is to have a serial printer > attached to your console and dumpit all on to paper and focus on physical > secrity of the box. Do what the military does... not veyr practical, but > once written, your logs are there forever. ;) Printers run out of paper (printer DoS), with some printers you can reverse the paper back and write over stuff making it unreadable. -- chesty -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Firewall security audit report
On Wed, Feb 28, 2001 at 08:50:32PM +1100, Umar Goldeli wrote:
> Anyway, he'll need root to put ethx into promisc mode..
On a related note, its possible to remove promiscous mode capability
from the kernel, plus a whole bunch more, eg set the immutable bit
on some files, append only on others and remove the kernels capability
to modify the immutable and append only attributes.
> > > Agreed throughly about the turn of all listening services bit. :)
> >
> > Sorry, did you say something?
> When you're first setting up the box, make sure you Detonate(tm) all
> listening services that you don't specifically want. The less ports
> listening, the better ("none" is good. :)
You agreed about turning off all listen services, and I pretended I didn't
hear you. get it? funny, no? :)
It was a joke Joyce.
If you don't like my jokes, you should hear me sing.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] dhcpcd & dhcpd problems on RedHat 7.
On Sat, Mar 10, 2001 at 10:35:01PM +1100, Jim Crawley wrote: > > > Mar 7 15:45:02 diddums ifup: SIOCADDRT: Network is unreachable You get this message from the route command when you try to add a route via a gateway, and the gateway isn't reachable. You would see this message if network cards module isn't loaded, but I would think you would also get a message before hand from ifconfig complaining about an unknown interface if it was a module problem. I don't know what the problem is though, I'd start by checking /etc/network/interfaces, and also reboot the computer, run ifconfig and route -n, then if-down and up, etc to get it working, and run ifconfig and route -n again and compare. > Thing is, dhcpd _does_ work, it just doesn't load on startup. I little birdie tells me it might be "chkconfig dhcpd on" to fix that problem. -- chesty (version 1.1.5, bug reports to [EMAIL PROTECTED]) -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
