Redhat-list digest, Vol 1 #3082 - 16 msgs
redhat-li...@redhat.com
redha...@redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listman.redhat.com/mailman/listinfo/redhat-list
or, via email, send a message with subject or body 'help' to
redhat-li...@redhat.com
You can reach the person managing the list at
redhat-l...@redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Redhat-list digest..."
Today's Topics:
1. Re: Someone is testing my firewall (Jon S. Jaques)
2. RE: Larger IDE Drives (Leonard den Ottolander)
3. Re: Is auth useful (Leonard den Ottolander)
4. ssl CA certFile (Jon S. Jaques)
5. Re: ssl CA certFile (Duncan Hill)
6. rh 7.2 installation CDs are defective??? (Duane Douglas)
7. Re: Bad rpm useage??? (Mikkel L. Ellertson)
8. Re: OT: BeOS (Matthew Baxa)
9. Re: Attempt to telnet (Greg Wright)
10. Re: no loop back device in kernel rh7.2 (Oleg Okunev)
11. Re: VMWare vs. Win4Lin (Harry C. Giles)
12. Re: Attempt to telnet (Mikkel L. Ellertson)
13. Re: Services ... (Mikkel L. Ellertson)
14. RH 7.2, hpt370, unresolved symbols (Mobeen Azhar)
15. Re: OT: BeOS (Larry Grover)
16. Re: Why Is My Life One Big NETWORKING Nightmare? (Jerry Winegarden)
--__--__--
Message: 1
Subject: Re: Someone is testing my firewall
From: "Jon S. Jaques" <wayv...@home.com>
To: redha...@redhat.com
Date: 03 Nov 2001 10:36:21 -0500
Reply-To: redha...@redhat.com
On Wed, 2001-10-17 at 14:24, gabriel wrote:
> isn't there a program called "chilisoft" that will let you run asp stuff out
> of linux?
Yes, there is, but it is pricey. I've never yet been able to get one of
my customers to shell out the money for it.
--Jon
--__--__--
Message: 2
From: "Leonard den Ottolander" <leon...@hetnet.nl>
To: redha...@redhat.com
Date: Sat, 3 Nov 2001 13:33:49 +0100
Subject: RE: Larger IDE Drives
Reply-To: redha...@redhat.com
Hi Paul,
> Thanks for the detailed reply.. I think it's a good reason just to
> upgrade the motherboard and put a faster processor on it anyways.. Then
> I'm guaranteed the larger drive will work ok as well... It's something
> that I've been thinking about..:)
Chicken ;-) !!! (just kidding)
Bye,
Leonard.
--__--__--
Message: 3
From: "Leonard den Ottolander" <leon...@hetnet.nl>
To: redha...@redhat.com
Date: Sat, 3 Nov 2001 17:04:23 +0100
Subject: Re: Is auth useful
Reply-To: redha...@redhat.com
Hi,
> Other than for connecting to IRC servers, the identd daemon really isn't
> that useful anymore.
I have noticed some news providers to do auth requests, but in this case it
suffices to add a REJECT rule for port 113 to your firewall rules, so you do
not get timeouts.
Bye,
Leonard.
--__--__--
Message: 4
Subject: ssl CA certFile
From: "Jon S. Jaques" <wayv...@home.com>
To: redha...@redhat.com
Date: 03 Nov 2001 11:12:49 -0500
Reply-To: redha...@redhat.com
Hello,
Whenever I try to mount my smb volumes from Linux, I get a couple of
messages (errors?) like this:
Unknown parameter encountered: "ssl CA certFile"
Ignoring unknown parameter "ssl CA certFile"
Why is this, and how do I fix it?
Thanks in advance,
--Jon
--__--__--
Message: 5
Date: Sat, 3 Nov 2001 11:12:39 -0500 (EST)
From: Duncan Hill <dh...@cricalix.net>
To: <redha...@redhat.com>
Subject: Re: ssl CA certFile
Reply-To: redha...@redhat.com
On 3 Nov 2001, Jon S. Jaques wrote:
> Unknown parameter encountered: "ssl CA certFile"
> Ignoring unknown parameter "ssl CA certFile"
Find your Samba config file, comment out those lines and try again.
--
Sapere aude
My mind not only wanders, it sometimes leaves completely.
--__--__--
Message: 6
Date: Thu, 01 Nov 2001 20:48:21 -0500
To: redha...@redhat.com
From: Duane Douglas <ddou...@mindspring.com>
Subject: rh 7.2 installation CDs are defective???
Reply-To: redha...@redhat.com
hi everyone,
according to the register, the rh 7.2 installation CDs are defective:
<http://www.theregister.co.uk/content/4/22562.html>
can anyone confirm or refute this?
tia
if (duane.douglas) { technologies = asp && php && cgi_perl && cold fusion
&& xml && xsl && xsd && sql server && mysql && javascript }
--__--__--
Message: 7
Date: Sat, 3 Nov 2001 10:22:12 -0600 (CST)
From: "Mikkel L. Ellertson" <mik...@Infinity-ltd.com>
To: <redha...@redhat.com>
Subject: Re: Bad rpm useage???
Reply-To: redha...@redhat.com
On Sat, 3 Nov 2001, Jon S. Jaques wrote:
> Hello,
>
> I've been bad, apparently; I've installed several packages using only the -i
> flag, including a kernel, like so:
>
> rpm -i <packagename>.rpm
>
There is nothing wrong with this, when installing an rpm that is not on
your system. Most people like to use "rpm -ivh <packagename>.rpm",
mainly because it provides more detail about what is going on...
>
> What difference will that make on my system? The new kernel (an i686 to
> replace the i386 that came with RH7.1) runs fine, and the only thing that
> won't work with it is VMWare. VMWare is "willing" to run, but it needs
> sources to recompile some portion or the other of it.
>
7.1 comes with several kernels, including i686 kernels. The one that is
installed depends on what CPU(s) the installer detects.
>
> Can anybody tell if I'm going to have greater problems ahead due to my bad
> rpm useage?
>
> Thanks in advance,
>
> --Jon
>
When you explain what bad rpm usage you have done, we may be able to
answer...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--__--__--
Message: 8
Date: Fri, 2 Nov 2001 12:22:26 -0600
From: Matthew Baxa <mbb...@ksu.edu>
To: redha...@redhat.com
Subject: Re: OT: BeOS
Reply-To: redha...@redhat.com
I have used BeOS (the free version) in the past and its kinda cool, but I wouldn't buy the Professional edition because Be's future is _very_ uncertain at the moment.
On Thu, Nov 01, 2001 at 04:45:35PM -0500, Jeff Graves wrote:
> Has anyone used this operating system? Is it worth the $50 to try out the
> Professional edition or am I wasting my time? All thoughts appreciated!
> Thanks.
>
> Jeff Graves
> Customer Support Engineer
> Image Source, Inc.
> 10 Mill Street
> Bellingham, MA 02019
>
> 508.966.5200 X31 - Phone
> 508.966.5170 - Fax
> je...@image-src.com - Email
>
------------
Matthew Baxa <mbb...@ksu.edu>
http://www.cis.ksu.edu/~mbb1810/
Student Systems Administrator
Kansas State University-High Energy Physics Group
http://www.phys.ksu.edu/hep/
--__--__--
Message: 9
Date: Sat, 03 Nov 2001 05:01:49 +1100
From: "Greg Wright" <k5tsr...@sneakemail.com>
To: redha...@redhat.com
Subject: Re: Attempt to telnet
Reply-To: redha...@redhat.com
*********** REPLY SEPARATOR ***********
On 2/11/2001 at 12:00 AM Wolfgang Pfeiffer pfei...@tesionmail.de
[gregausit/redhat-list] wrote:
>
>I'm not sure what to do now: above all, I do not understand very well
>telnet ... I know it's a security risk to let others telnet me, and this
>was why I stopped that possibility by taking the appropriate measures on
>my machine some time before this incident.
>
>Just one question now: If someone connects successfully to my machine:
>what can he do ... how dangerous is such a situation for the person being
>telnetted?
>
Well if you had an exploitable version of telnetd on the box, then they can
exploit the venerability, if it has no know exploits, they can try a brute
force attack or simply try guessing user/pass combos.
All you can really do is watch over the box and let the ISP do what they
should do.....terminate the acc. , trying to connect and being refused is
not something that would stand up anywhere except maybe within an
organization that has clear policies for employees that may try such a
thing.
Regards
Greg Wright
--
IT Consultant Sydney Australia PH 0418 292020 -- Int. +61 418 292020
Available for Global Contracts US Fax -- 801 740 2874
Web http://www.ausit.com E-mail Greg AT AusIT.com
Trading As - AAA Computers -- providers of IT services.
--__--__--
Message: 10
To: redha...@redhat.com
Subject: Re: no loop back device in kernel rh7.2
Date: Sat, 03 Nov 2001 01:34:09 -0600
From: Oleg Okunev <ol...@servidor.unam.mx>
Reply-To: redha...@redhat.com
> I have compiled the kernel 2.4.13 for rehat 7.2 after having
> patched it for the ext3 file system. The compile works fine, all the
> networking stuff is in however when the kernel boots I get the error
> message modprobe : module char-major-10-135 not found
> and the networking simply does not work. There is no loop back device
Same here. The kernel is 2.4.13 without any patches, no error messages
on boot about /dev/rtc (support compiled into the kernel), outside networking
works (ppp dialup), mail gets queued and sent (but to receive it with
fetchmail I had to add "mda "/usr/bin/procmail -d %T"" to .fetchmailrc
- no local connection to port 25), "telnet localhost" says "network
is unreachable" if ppp is not up, or timeouts if ppp is up... no
printing. Happened right after upgrade to rh7.2 (manual). Execution of
/etc/init.d/network says
Setting network parameters: [ OK ]
Bringing up interface lo: [ OK ]
nothing changes.
Another thing that happened after the upgrade, may be or not be
related to the above - mc suddenly seems to think that user's
(but not root's) tty's are dumb - both mc distributed with enigma
and 4.5.55 compiled at home. "echo $TERM" says "linux" - permission
problem? Where could it be?
Regards,
Oleg Okunev
--__--__--
Message: 11
From: "Harry C. Giles" <har...@bellsouth.net>
To: redha...@redhat.com
Subject: Re: VMWare vs. Win4Lin
Date: Sat, 3 Nov 2001 11:41:47 -0500
Reply-To: redha...@redhat.com
On Saturday 03 November 2001 10:16 am, you so elegantly communicated:
> Hello,
>
> Are many of y'all using some sort of Windoze emulation under Linux? I've
> looked at Wine, VMWare, and Win4Lin... Wine does the job sometimes, but
> sometimes not, so that's when I started looking into the other two
> products, but I need a comparison of the two.
>
> VMWare, I know, runs Virtual Machines, which need lots of power and memory
> to keep from being painfully slow.
>
> Win4Lin claims to be fast, though; potentially faster than running solely
> under Windows! Is it native, emulation, or a better Virtual Machine???
>
> Win4Lin runs only Win98 apps, which would suit my needs, and would make me
> happy if it was sort of like Wine, where you don't have to have a whole
> version of Win98 booted and running just to run one app.
>
> VMWare can run NT, though!!! Or even Linux!!! What a cool way to practice
> with different versions of Linux installs, eh???
>
> If anybody has any experience, thoughts, or suggestions on the topic, I'd
> love to hear them!!!!
>
> Thanks in advance,
>
> --Jon Jaques
My experience has been that Win4Lin running W98 does not interface with USB
ports, so you can't use your digital cameras, etc. I believe it works OK
with USB mice, etc. though, because it is running those through Linux.
VMWare does reconize the USB ports, though.
I have used both to run the usual gamut of programs, such as Office, ACT!,
Eudora, etc. Win4Lin has a lot of problems with some of the less popular
programs, such as CD burning software, etc. (It plain won't run as per
support).
If you have a lot of different stuff to run, I would suggest VMWare, although
the hardware requirements are a little high, and so is the price.
Harry G
--__--__--
Message: 12
Date: Fri, 2 Nov 2001 13:54:05 -0600 (CST)
From: "Mikkel L. Ellertson" <mik...@Infinity-ltd.com>
To: <redha...@redhat.com>
Subject: Re: Attempt to telnet
Reply-To: redha...@redhat.com
On Fri, 2 Nov 2001, Wolfgang Pfeiffer wrote:
> My apologies first, if the following is a bit too much off topic:
>
> Somebody tried (without success) to connect to my machine via telnet:
>
[snip]
>
> My logs (above) told me the IP of the machine where this attempt was made
> from: it was seemingly an IP owned by my ISP: after I emailed to my ISP,
> what was going on, someone from their staff answered me they knew which of
> their customers tried to telnet me, and if I wanted the address of that
> person, I had to lay an information versus a person or persons unknown,
> and then they (my ISP) could hand over the telnetter's data to the police.
>
> I'm not sure what to do now: above all, I do not understand very well
> telnet ... I know it's a security risk to let others telnet me, and this
> was why I stopped that possibility by taking the appropriate measures on
> my machine some time before this incident.
>
> Just one question now: If someone connects successfully to my machine:
> what can he do ... how dangerous is such a situation for the person being
> telnetted?
>
> I need this info to decide what to do now: I'm really not in the mood to
> go to (German!) police and sue someone just for doing nearly nothing or so
> ... and much less am I willing to ruin the future of a perhaps brain-less
> young punk who did something without being completely aware of what he or
> she was doing ...
> besides: having to do with german police can be really disgusting .. so
> I'd prefer to stay away from them if possible.
>
> On the other hand I see here on the list these frequent messages of people
> whose machines - as far as I understand these situations - have been
> hacked very ugly ...
>
> I need some thoughts on how to go on, now that there's the possibility to
> either sue one of these losers or not, and on whether it makes sense to
> sue him/her or not ...
>
> Regards
> and thanks in anticipation
>
> Wolfgang
>
Basicly, what I person can do when they telnet in is almost everything
they could do if they were logged in from the console. Unless they
manage to get root access, they can not run shutdown, or halt. Some of
the other resources are also restricted to use only from the console.
(Sound, keyboard, mouse, etc...) Note: These restrictions disapear if
you log in at the console with the same user name while they are logged
in. If they are logged in as the same user as you are, it is also
possible that they could connect to your X secession, and monitor what
you are doing...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--__--__--
Message: 13
Date: Fri, 2 Nov 2001 14:20:08 -0600 (CST)
From: "Mikkel L. Ellertson" <mik...@Infinity-ltd.com>
To: <redha...@redhat.com>
Subject: Re: Services ...
Reply-To: redha...@redhat.com
On Fri, 2 Nov 2001, Ashley Thomas wrote:
> hi,
>
> Is it safe to run identd (port 113), rpc, smtp etc on a firewall.
> I would guess.. it is better not to
>
> thanks
> ashley
>
Any services running on a firewall are a risk. Allowing any connections
to your network from the outside world is a risk. You have to deside if
the risks are worth it.
Running identd is probably safe, but basicly worthless on a firewall,
unless you are running a version of identd that will pass on the request
to the machine inside the firewall that the user is realy connecting
from. You are better off rejecting auth requests with the firewall.
rpc, or any of the portmap services are a BIG risk. You may get away
with blocking port 111 from the internet, but it is still a risk.
How risky smpt is depends on the daemon you are running. You can get
heated discussions on what flavor is safest.
Apachie seams to be safe. Lots of people have tried to break it, and it
appears to be holding up...
I am not sure there is a version of ftpd I would trust running on a
firewall. If you do run one, make sure you at least put it in a
change-root jail...
Aother services? Who knows...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--__--__--
Message: 14
From: "Mobeen Azhar" <mo...@mobsternet.com>
To: <redha...@redhat.com>
Subject: RH 7.2, hpt370, unresolved symbols
Date: Sat, 3 Nov 2001 10:46:57 -0600
Organization: pcsn.net
Reply-To: redha...@redhat.com
Is anyone using the HPT series of ATA raid controllers with the hardware
raid option under RH 7.2? Highpoint makes driver modules available for
RH 7.0 and 7.1, but not 7.2. I am assuming that the module for RH 7.1
will not work under 7.2, and that appears to be true since every time I
try to load it I get a bunch of unresolved symbols.
Has anyone else been able to use the hardware raid feature of the HPT
seris under RH 7.2?
Thanks,
--Moby
--__--__--
Message: 15
Date: Fri, 2 Nov 2001 16:01:27 -0500
From: Larry Grover <gro...@marshall.edu>
To: redha...@redhat.com
Subject: Re: OT: BeOS
Reply-To: redha...@redhat.com
On Thu, 01 Nov 2001 16:45:35 Jeff Graves wrote:
> Has anyone used this operating system? Is it worth the $50 to try
> out the
> Professional edition or am I wasting my time? All thoughts
> appreciated!
> Thanks.
>
> Jeff Graves
Have you tried the free, personal edition
(http://www.be.com/products/freebeos/)? I'm not sure exactly how it
compares to the professional edition, but it might give you some
answers before you spend your $50.
--
Larry Grover, PhD
Assoc Prof of Physiology
Marshall Univ Sch of Med
--__--__--
Message: 16
Date: Fri, 2 Nov 2001 16:12:07 -0500 (EST)
From: Jerry Winegarden <j...@duke.edu>
To: <redha...@redhat.com>
Subject: Re: Why Is My Life One Big NETWORKING Nightmare?
Reply-To: redha...@redhat.com
On Thu, 1 Nov 2001, Ben Ocean wrote:
> I'm close to getting this to work (again), y'all...
>
> I have a Windoze box connected to a Linux box (as server) which, in turn,
> is connected to the big, bad Internet. From the Windoze box I can now ping
> not only the Linux box but the server to which it is configured at my ISP.
> And I can ping the IP address of my production server which means I can
> without question get on to the Internet. But I *cannot* ping a Web site
> name (redhat.com, for example). So, there's something missing in the
> translation from IP addresses to names and it's only happening on the
> Windoze box (or the communication between the two). I can resolve Web site
> names on the Linux box directly. Wanna pitch in and help push me over?
> TIA,
> BenO
>
Ben,
I'm assuming that your Doze box is getting it's IP number via dhcp
from your Linux box. (If not, then go to your PC's networking control
panel and ENABLE DNS and set it to point to your ISP's DNS servers.)
To specify DNS servers for your dhcp clients, you include an
option line for it in /etc/dhcpd.conf. Now, I run a caching nameserver on
my linux ipchains box, so I include it as the first thing that my doze
clients look at, followed by my ISP's nameservers. The dhcpd config file
should look like:
/etc/dhcpd.conf:
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.200;
option routers 192.168.1.1;
default-lease-time 2592000;
max-lease-time 25920000;
option broadcast-address 192.168.1.255;
# DNS servers line is next. example is for caching nameserver and
# then Mindspring's dns servers
#
options domain-name-servers 192.168.1.1, 207.69.188.185, 207.69.188.186;
}
To make caching nameservice work, there isn't anything to configure - just
install the package (and related packages). The caching nameserver
remembers any DNS lookups that have been made - saves time of going out on
the Internet to find them. (Have to start cache over if restart box).
Works great.
If you need to look at some cookbooks or even would like to try some
config scripts for NAT/firewall/ipchains via ADSL or PPP dialup, or
web/file/mail servers, then check out my web pages.
Enjoy!
--
***************************************************************************
Jerry Winegarden OIT/Technical Support Duke University
j...@duke.edu http://www-jerry.oit.duke.edu
***************************************************************************
--__--__--
_______________________________________________
Redhat-list mailing list
Redha...@redhat.com
https://listman.redhat.com/mailman/listinfo/redhat-list
End of Redhat-list Digest