RE: [vox-tech] Need to bypass Squid proxy
Additionally I need the web server to see the originating IP address so I can allow and disallow traffic by IP address. If I do not bypass the proxy I will only see one IP address and can not use firewall rules to block access to those who are not authorized. Subject: RE: [vox-tech] Need to bypass Squid proxy I don't think I made what I want to accomplish clear. I am at a county office of Education. By law all web traffic to the real Internet must be filtered. I have a Red Hat Linux server running N2H2 web filtering. It is a transparent proxy. All traffic goes through the proxy filter and there is no way around it. I have an internal web server that is only for the schools and is not publicly accessible. The proxy server does its job and sends the traffic out where it dies on the outside of my publicly facing firewall. I want to bypass the proxy with squid or iptables so that the private sites can reach the private web site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Micah J. Cowan Sent: Thursday, January 26, 2006 1:27 PM To: [EMAIL PROTECTED]; lugod's technical discussion forum Subject: Re: [vox-tech] Need to bypass Squid proxy On Thu, Jan 26, 2006 at 12:43:47PM -0800, Seth Nagao wrote: > On 1/26/06, Micah J. Cowan <[EMAIL PROTECTED]> wrote: > > I'm aware that squid will proxy SSL, at least on non-transparent > > connections (I do that often). I don't see how it can do that > > transparently: It doesn't know the server's private key. It could use a > > totally /separate/ key to pretend to be the server, and then pretend to > > be the client to the server, but that would be wrong, wrong, WRONG, and > > I very much doubt the developers of squid make it do that. > > Interestingly enough, I went to an ISSA meeting which included a > vendor that intended to do EXACTLY that. The line of thought went > something like, "Well, we're the good guys, so it's not really a MITM > attack." I'll see if I can find the info I have on them next time I'm > in the office. I've been curious of what legal implications that such > a proxy might incur if a breach of security happened at that point, > but that might be covered in the big nasty legal documents you often > have to sign. There are concerns in doing this, even from the vendor point of view. For instance, since you can't get a trusted certificate authority to give you a signature for the destination server you're pretending to be, the user's browser (if it's any good) will always through up a "WARNING: not signed by a trusted provider" or "WARNING: certificate doesn't belong to the site they're claiming to be". So, being able to do this "transparently" is pretty limited. And once users realize what's going on, several of them are liable to become PISSED. And, documents or not, I'm willing to bet that if a security breach happened at that point, you can sue their friggin' ass off. Deployed against employees at a corporation, you could probably sue the employer's ass off, too: and they probably didn't think hard enough about it to make you sign documents anyway. All in all, a much better alternative, if you really want to have absolute* control over what goes out over your network, is to simply disallow outgoing HTTPS altogether. Let them check their bank accounts from home, etc. :-) Clearly, these guys had not thought things through. And no sysadmin worth his salt would buy such a product (and, if he were forced to, would never enable such a stupid feature). *Practically, no such thing. Even if we do this, what's to prevent someone from setting up their /own/ proxy over permitted channels? Someone once implemented IP-over-email to illustrate circumvention of firewalls... -- Micah J. Cowan [EMAIL PROTECTED] ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] Need to bypass Squid proxy
I don't think I made what I want to accomplish clear. I am at a county office of Education. By law all web traffic to the real Internet must be filtered. I have a Red Hat Linux server running N2H2 web filtering. It is a transparent proxy. All traffic goes through the proxy filter and there is no way around it. I have an internal web server that is only for the schools and is not publicly accessible. The proxy server does its job and sends the traffic out where it dies on the outside of my publicly facing firewall. I want to bypass the proxy with squid or iptables so that the private sites can reach the private web site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Micah J. Cowan Sent: Thursday, January 26, 2006 1:27 PM To: [EMAIL PROTECTED]; lugod's technical discussion forum Subject: Re: [vox-tech] Need to bypass Squid proxy On Thu, Jan 26, 2006 at 12:43:47PM -0800, Seth Nagao wrote: > On 1/26/06, Micah J. Cowan <[EMAIL PROTECTED]> wrote: > > I'm aware that squid will proxy SSL, at least on non-transparent > > connections (I do that often). I don't see how it can do that > > transparently: It doesn't know the server's private key. It could use a > > totally /separate/ key to pretend to be the server, and then pretend to > > be the client to the server, but that would be wrong, wrong, WRONG, and > > I very much doubt the developers of squid make it do that. > > Interestingly enough, I went to an ISSA meeting which included a > vendor that intended to do EXACTLY that. The line of thought went > something like, "Well, we're the good guys, so it's not really a MITM > attack." I'll see if I can find the info I have on them next time I'm > in the office. I've been curious of what legal implications that such > a proxy might incur if a breach of security happened at that point, > but that might be covered in the big nasty legal documents you often > have to sign. There are concerns in doing this, even from the vendor point of view. For instance, since you can't get a trusted certificate authority to give you a signature for the destination server you're pretending to be, the user's browser (if it's any good) will always through up a "WARNING: not signed by a trusted provider" or "WARNING: certificate doesn't belong to the site they're claiming to be". So, being able to do this "transparently" is pretty limited. And once users realize what's going on, several of them are liable to become PISSED. And, documents or not, I'm willing to bet that if a security breach happened at that point, you can sue their friggin' ass off. Deployed against employees at a corporation, you could probably sue the employer's ass off, too: and they probably didn't think hard enough about it to make you sign documents anyway. All in all, a much better alternative, if you really want to have absolute* control over what goes out over your network, is to simply disallow outgoing HTTPS altogether. Let them check their bank accounts from home, etc. :-) Clearly, these guys had not thought things through. And no sysadmin worth his salt would buy such a product (and, if he were forced to, would never enable such a stupid feature). *Practically, no such thing. Even if we do this, what's to prevent someone from setting up their /own/ proxy over permitted channels? Someone once implemented IP-over-email to illustrate circumvention of firewalls... -- Micah J. Cowan [EMAIL PROTECTED] ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Need to bypass Squid proxy
I have a Linux proxy server filtering all my outbound web traffic. All traffic leaving the proxy assumes the proxy IP address. I have an internal web site and I need that web server to see the originating IP address of my internal web traffic. How can I make that one IP address or url bypass the proxy? Can I use Squid or iptables and if so how do I set it up? Thanks Jay ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] simple file command question
I know this may sound too simple but how do you use ll or ls to show the year the file was created? I looked in man and google.com/linux but I didn’t find it. Thanks ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Spammers using my server
This morning I had over 7000 emails in my Linux server's outbound queue which I deleted. My firewall log shows over 20,000 emails went out with a SunTrust bank announce saying to login and enter your username and password. I do not see the emails coming in like I would in a relay. How can I stop this or how are they doing this? My firewall using a SMTP proxy and only allows my domain in. I run MailScanner on my Red Hat 3.0 mail server with Sendmail. The box has the lastest patches from Red Hat. I have Sendmail setup to accept only my domain email. The non-deliverable reports are coming from my Linux apache user. Non-deliverables usually come from root. I am running apache on the server with forms. The forms software is the latest version and patches. Can anybody help on this? Thanks, Jay Jay Ehrhart ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] rndc: connect failed: connection refused
I have seen this on my Red Hat 8.0 DNS server. Most of the time I can /etc/init.d/named stop and then start will work. Sometimes though I have to send a kill and the start the service. I don’t know why and I am way over worked to find out why. You can also do the Windows thing and reboot the box. Jay -Original Message- From: Milver S. Nisay [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 7:39 AM To: [EMAIL PROTECTED] Subject: [vox-tech] rndc: connect failed: connection refused hello again. one of my DNS box is up and running well. however, issuing a restart or a status named command will give out: rndc: connect failed: connection refused i cannot stop the named BUT i can start it well. reload fails and status fails also. RH 9. and i have this. bind-9.2.1-16 bind-utils-9.2.1-16 anyone with the same experience? AMAP, i do not want to have a BIND upgrade. please advise. //milver
RE: [vox-tech] redirect to squid using router
Router setup is the easiest part.
On the router setup type
Conf t
(config)#ip wccp version 1
(config)#ip wccp web-cache
Go to your outbound interface, the one that points to your Linux box
(config)#Interface fastethernet 0/0
(config)#ip wccp web-cache redirect out
That's about it on the router.
Jay
-Original Message-
From: Ehrhart, Jay
Sent: Tuesday, May 18, 2004 11:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [vox-tech] redirect to squid using router
This is more a Linux thing than a Cisco thing.
To see if the router even sees the Linux box you can type
Show ip wccp web-cache
You should get something like this
#show ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 206.15.244.10
Protocol Version:1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected:544743743
Redirect access-list:-none-
Total Packets Denied Redirect: 0
Total Packets Unassigned:26
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
And/or type
#show ip wccp web-cache view
WCCP Routers Informed of:
-none-
WCCP Cache Engines Visible:
172.27.4.249
WCCP Cache Engines NOT Visible:
-none-
If the router doesn't see it, it ain't right on the Linux box.
-Original Message-
From: Ehrhart, Jay
Sent: Tuesday, May 18, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [vox-tech] redirect to squid using router
I didn't see the original post so I am not sure what you have done or or
trying to do. But I use WCCP (Cisco protocol) to redirect all port 80
traffic to the squid box. If squid and postgres are configured
correctly they should be broadcasting or announcing the service to the
router.
WCCP version 1 needs to be enabled on the router. Linux does support
WCCP ver 2 because Cisco owns it and they want money.
Also the Linux kernel will have to have WCCP compiled into since it is
not native to the Linux kernel.
So the items that need to be done,
Compile WCCP into the kernel
Enable WCCP ver 1 on the router
Install and configure squid and postgres to use WCCP
I have this running on my network for web filtering for over 10,000
desktops.
Jay
-Original Message-
From: Bill Kendrick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [vox-tech] redirect to squid using router
On Tue, May 18, 2004 at 10:25:13AM -0700, Jeff Newmiller wrote:
>
> Don't you think you ought to ask in a Cisco support area, instead of a
> Linux support area?
Well, Squid is a tool people use on Linux, so I don't think it would be
surprising to find other Linux folks might have had the same issue.
But yeah, since it's a Cisco product, there's probably a way better
chance
of getting help FROM Cisco. (Though I guess that depends on how good
their
suh-port is. :^) )
-bill!
("Null modem? You mean, like, for a phone?" - Radio Shack employee)
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] redirect to squid using router
This is more a Linux thing than a Cisco thing.
To see if the router even sees the Linux box you can type
Show ip wccp web-cache
You should get something like this
#show ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 206.15.244.10
Protocol Version:1.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected:544743743
Redirect access-list:-none-
Total Packets Denied Redirect: 0
Total Packets Unassigned:26
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
And/or type
#show ip wccp web-cache view
WCCP Routers Informed of:
-none-
WCCP Cache Engines Visible:
172.27.4.249
WCCP Cache Engines NOT Visible:
-none-
If the router doesn't see it, it ain't right on the Linux box.
-Original Message-----
From: Ehrhart, Jay
Sent: Tuesday, May 18, 2004 11:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [vox-tech] redirect to squid using router
I didn't see the original post so I am not sure what you have done or or
trying to do. But I use WCCP (Cisco protocol) to redirect all port 80
traffic to the squid box. If squid and postgres are configured
correctly they should be broadcasting or announcing the service to the
router.
WCCP version 1 needs to be enabled on the router. Linux does support
WCCP ver 2 because Cisco owns it and they want money.
Also the Linux kernel will have to have WCCP compiled into since it is
not native to the Linux kernel.
So the items that need to be done,
Compile WCCP into the kernel
Enable WCCP ver 1 on the router
Install and configure squid and postgres to use WCCP
I have this running on my network for web filtering for over 10,000
desktops.
Jay
-Original Message-
From: Bill Kendrick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [vox-tech] redirect to squid using router
On Tue, May 18, 2004 at 10:25:13AM -0700, Jeff Newmiller wrote:
>
> Don't you think you ought to ask in a Cisco support area, instead of a
> Linux support area?
Well, Squid is a tool people use on Linux, so I don't think it would be
surprising to find other Linux folks might have had the same issue.
But yeah, since it's a Cisco product, there's probably a way better
chance
of getting help FROM Cisco. (Though I guess that depends on how good
their
suh-port is. :^) )
-bill!
("Null modem? You mean, like, for a phone?" - Radio Shack employee)
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] redirect to squid using router
I didn't see the original post so I am not sure what you have done or or
trying to do. But I use WCCP (Cisco protocol) to redirect all port 80
traffic to the squid box. If squid and postgres are configured
correctly they should be broadcasting or announcing the service to the
router.
WCCP version 1 needs to be enabled on the router. Linux does support
WCCP ver 2 because Cisco owns it and they want money.
Also the Linux kernel will have to have WCCP compiled into since it is
not native to the Linux kernel.
So the items that need to be done,
Compile WCCP into the kernel
Enable WCCP ver 1 on the router
Install and configure squid and postgres to use WCCP
I have this running on my network for web filtering for over 10,000
desktops.
Jay
-Original Message-
From: Bill Kendrick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [vox-tech] redirect to squid using router
On Tue, May 18, 2004 at 10:25:13AM -0700, Jeff Newmiller wrote:
>
> Don't you think you ought to ask in a Cisco support area, instead of a
> Linux support area?
Well, Squid is a tool people use on Linux, so I don't think it would be
surprising to find other Linux folks might have had the same issue.
But yeah, since it's a Cisco product, there's probably a way better
chance
of getting help FROM Cisco. (Though I guess that depends on how good
their
suh-port is. :^) )
-bill!
("Null modem? You mean, like, for a phone?" - Radio Shack employee)
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Migration from UNIX to Redhat
I want to migrate users, passwords and email from an Intergate UNIX box to my new Redhat 8.0 server. I don't know where to start. How can I make the transition from the UNIX box to the Redhat server? ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Sendmail question
I am bringing up a Redhat 8.0 mail server with Sendmail. Named is running on the box and name resolution works. I can get to the web and Nslookup resolves. I can receive email after changing the DAEM_OPTIONS port=smtp, Addr=my IP address so that it is listening on port 25 for mail connections. I used the M4 utility to make the change. In the Network configuration I have two NIC cards and the loopback 127.0.0.1. My problem is I can not send mail. I get the following error in the log. Jun 9 09:01:28 free sm-msp-queue[13168]: h59G1Sik013168: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31873, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] I can see that it is picking up the loop back address which maybe the problem. Having never built a Linux mail server before though I don't know. Is there a place where I change the loop back address or how the mail goes out to the network interface IP address so the mail can get out? Thanks. <>
[vox-tech] RE: FTP folder access question
Sorry I sent my last email with the wrong subject line. I found the problem. Pure FTPD puts all users into a chroot group and cages them into their home folder. Thanks -Original Message- From: Ehrhart, Jay Sent: Friday, May 30, 2003 12:26 PM To: '[EMAIL PROTECTED]' Subject: FTP folder access question This is a newbie question. I have loaded a server with Red Hat 8.0. I installed Pure-FTPD. Using WSFTP client I login and am in my home folder. The user I am using is in the adm and root groups. I cannot navigate out of the home folder. I specify which folder I want to login into in WSFTP and it still drops me in my home folder. I created a test folder under the root directory and gave myself all permissions and set WSFTP to put me there and I end up in my home folder. I can't type in the path in WSFTP and get any where. WSFTP says the folder does not exist. I tried var and etc and it says folders do not exist. How do I set this up so I can move up from my home folder and get to other folders? What am I doing wrong? Jay ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] combining data files
I found the problem. Pure FTPD puts all users into a chroot group and cages them into their home folder. Thanks ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] FTP folder access question
This is a newbie question. I have loaded a server with Red Hat 8.0. I installed Pure-FTPD. Using WSFTP client I login and am in my home folder. The user I am using is in the adm and root groups. I cannot navigate out of the home folder. I specify which folder I want to login into in WSFTP and it still drops me in my home folder. I created a test folder under the root directory and gave myself all permissions and set WSFTP to put me there and I end up in my home folder. I can't type in the path in WSFTP and get any where. WSFTP says the folder does not exist. I tried var and etc and it says folders do not exist. How do I set this up so I can move up from my home folder and get to other folders? What am I doing wrong? Jay ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Linux email server
I am in the "looking for" stage of looking for the best (the best fit for my needs) mail server. Qmail has been talked about. I work for Yolo county schools and I need a mail server that can handle about 400 accounts. Requirements: It needs to run on Red Hat Linux Free is a big plus Relatively easy to install, configure and maintain Support MAPI and POP3 Any suggestions, experiences, thoughts? I am currently running Red Hat servers with MRTG, DNS, Apache and snort. Much more stable than Windows and no rebooting. Thanks, Jay ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] How to recompile kernel
Thank you for all the help. To make it simple, I just backed up my data and reinstalled Red Hat. This was easy to do since Linux has become so easy and quick to install. I have replaced 5 of my Windows NT servers with 3 Red Hat Linux servers, (Same boxes with Linux installed). I now have severs that are more reliable and I don't have to reboot them every 3 weeks. I am still new to Linux. Most of what I have learned was from the installfests and the club meetings and this list. Thanks -Original Message- From: Shawn P. Neugebauer [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 12:45 PM To: [EMAIL PROTECTED] Subject:Re: [vox-tech] How to recompile kernel On Friday 26 April 2002 11:58 am, you wrote: > I have Red Hat 7.2 on a server. When I installed Red Hat I said no to the > firewall option. Now that the box is up and running I am trying to install > ipchains. However the kernel is not compiled for ipchains. How do I > recompile the kernel and add ipchains without reloading the box? i doubt you need to recompile the kernel. if you are using a non-enterprise/server edition of RH, ipchains is compiled as a kernel module. i really can't remember the last time i needed to re-compile a RH kernel to get a non-esoteric piece of functionality working. three things come to mind: 1) read the ipchains HOWTO. 2) edit /etc/sysconfig/ipchains to your liking. this will be time-consuming, so i suggest you look hard for sample firewall configurations to get you jump-started. 3) "chkconfig --add ipchains" will add ipchains to the start-up sequence. w/o rebooting, you can use "service ipchains start" to start it, and it will take care of loading the kernel module and starting ipchains w/the rules you configured. shawn. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] How to recompile kernel
I have Red Hat 7.2 on a server. When I installed Red Hat I said no to the firewall option. Now that the box is up and running I am trying to install ipchains. However the kernel is not compiled for ipchains. How do I recompile the kernel and add ipchains without reloading the box? Thanks, Jay ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
RE: [vox-tech] Red Hat system check
Thank you Pete. fsck / -y made the repairs. Jay -Original Message- From: Peter Jay Salzman [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 9:43 AM To: [EMAIL PROTECTED] Subject: Re: [vox-tech] Red Hat system check begin: Ehrhart, Jay <[EMAIL PROTECTED]> quote > Over the weekend, my ofice lost power, the UPS was depleted and my Red Hat > 7.0 box went down. > Now I am having errors when I try to bring it backup. This is what happens; > The boot starts normally. > The message "contains a file system with errors, check forced" appears. > "Unexpcted Inconsistency; run fsck manually" > "An error occurred during the file system check" > "Dropping you to a shell; the system will reboot when you leave the shell" > "Give root password for maintenance, or type Control-D for normal startup" > > If I use control-D, it reboots and brings me back to the same place. control d isn't what you want to do. > When I enter the password and enter maintenance it shows; > "Repair filesystem 1 #" > So what do I need to do after I enter the password and enter maintenance to > repair this? the filesystem can be corrupted if the hard drive loses power during a write operation (or a few other conditions). fsck wants to make sure your filesystem is ok. apparently, on of your partitions has an error on it that fsck wants to fix. the error is serious enough that fsck wants human intervention. but ext2 is a very resiliant filesystem, and fsck is a very intelligent program. what fsck wants to do is almost certain to be the right thing, but it still wants confirmation. you need to figure out on which partition fsck failed. usually, when you watch the system boot, it'll tell you. something like: Checking /dev/hda3 / 63% Filesystem inconsistancy. Please run fsck manually (without the -a option). i've never seen "repair filesystem 1 #" but perhaps that means /dev/hda1 needs to be repaired? if you can't tell, just fsck all the partitions. you can't hurt anything. as long as the partition is unmounted, or at least mounted as read-only. after doing this, you can safely reboot the system. btw, you may want to use fsck -y which answers "yes" to all of fsck's questions. pete -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Red Hat system check
Over the weekend, my ofice lost power, the UPS was depleted and my Red Hat 7.0 box went down. Now I am having errors when I try to bring it backup. This is what happens; The boot starts normally. The message "contains a file system with errors, check forced" appears. "Unexpcted Inconsistency; run fsck manually" "An error occurred during the file system check" "Dropping you to a shell; the system will reboot when you leave the shell" "Give root password for maintenance, or type Control-D for normal startup" If I use control-D, it reboots and brings me back to the same place. When I enter the password and enter maintenance it shows; "Repair filesystem 1 #" So what do I need to do after I enter the password and enter maintenance to repair this? Jay ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] What is the command line for user manager?
I have an Intergate box running BSD Unix. I want to administer the user accounts. What is the command to let me see the user accounts and change their passwords? Thanks Jay Ehrhart Wide Area Network Manager A.S, MCSE, CNE, MCP+I, A+, Network+, I-Net+ Yolo County Office of Education 530-668-3729 [EMAIL PROTECTED] [EMAIL PROTECTED]
