Re: [gentoo-user] grub still broke
Holly Bostick wrote: maxim wexler schreef: Remove the root (hd0,1) line. That should (I hope) let you boot gentoo from the floppy. Arrrgh! Now when I choose Gentoo from the menu: Booting 'Gentoo' kernel /vmlinuz root=/dev/hda4 Error 15: File not found Press any key to continue... You might want to have a look at the docs page... meaning, Gentoo Linux Documentation -- Gentoo Grub Error Collection at http://www.gentoo.org/doc/en/grub-error-guide.xml It looks like it might be quite helpful :-) Holly Hi Holly, I still recommend that the problem child, so to speak, can be bypassed by simply going to www.gnu.org, and downloading the latest source, and compiling it outside of the Gentoo emerge system. Then when Gentoo gets its ebuild working, you can always go back, doing a search on grub, and delete it. Then emerge grub. When I installed grub, I emerged it, but then I used the same install floppy that I've been using for over a year now. Perhaps that was my secret to success, a real working floppy. Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Grub nonsense
My $million advice. Go to www..gnu.org, and just download the Grub source and compile it. Just make a note somewhere on your copy of the Gentoo manual (you did print it out didn't you? haha) that grub is not in the emerge system. Problem solved. Once you know where all of grub resides (locate grub | less) in Gentoo (slocate -u as su beforehand), you can easily get rid of it when Gentoo finally gets its acto together and concocts a decent ebuild. Sincerely, Rob. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Reiser4, encryption
Richard Fish wrote: rob3 wrote: Hi guys, I am very interested in encrypted directories and/or disks. Right now I am using ext3. Where can I find more info? The docs page at Gentoo? Probably, but someone else will have to point you to that. For dm-crypt: http://www.saout.de/misc/dm-crypt/ For loop-AES, http://loop-aes.sourceforge.net/loop-AES.README -Richard Thank you!! Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] =?US-ASCII?B?UkU6IFJlOiBbZ2VudG9vLXVzZXJdIE9ULSAgTlNBIExpbnV4?=
Thank you Red!! and the others who replied. I didn't know NSA Linux was now called SELinux, so that is where I goofed. I only recently have had some interest in this. I do understand the compartmentalized security model that they use, and that is what I am interested in. Many thanks again. Sincerely, Rob - --- Original Message --- - From: :gentoo-user@lists.gentoo.org To: gentoo-user@lists.gentoo.org Sent: Tue, 31 May 2005 09:31:01 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Gaffney wrote: rob3 wrote: Where do you get this? I couldn't find it on the www.nsa.gov site. What am I missing? Do you mean selinux? Try http://www.gentoo.org/proj/en/hardened/selinux/ind ex.xml. i was at a linuxshow last week were someone presented selinux. i don't think it is very usable. i think you should only use it if you really need it or you have a test-system to try for the first time cause you' need some time to get into it. i read through the guide a bit and it tells to only use on servers. be aware that you can not be able to log in (with the right permissions) to your own system. so always know the boot parameters for grub or lilo to start from comandline without selinux. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCnBKz87VFzvTnEtARAhwRAJ95eCmpbhVbSkQX8kcdCFz Vgw8s/gCePOza O4gYbMiGgezSMwIPvNRgeQA= =vgQG -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
[gentoo-user] =?US-ASCII?B?ZXJyb3IgIn0uIiB0cnlpbmcgdG8gbWlncmF0ZSBmcm9tIHI2IHRvIHI5IGtlcm5lbA==?=
Hi all, I need some help migrating from the r6 to the r9 kernel. I copied my .config file into the r9 directory and tried to make menuconfig, but I just get the error message saying something to the effect that }. is missing. What am I missing? Many Thanks, Rob -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] CFS Howto
Holly Bostick wrote: Shawn Singh schreef: Hey all, I was attempting to encrypt my home directory using the CFS Howto as my guide, but I am not getting far at all... When trying to emerge cfs, I'm getting the following message: convert usr # emerge app-crypt/cfs-1.4.1.14 Calculating dependencies !!! Problem in app-crypt/cfs-1.4.1.14 dependencies. !!! Specific key requires an operator (app-crypt/cfs-1.4.1.14) (try adding an '=') exceptions So, I changed my command to: emerge -pv =app-crypt/cfs-1.4.1.14 and I'm getting the following message: These are the packages that I would merge, in order: Calculating dependencies !!! All ebuilds that could satisfy =app-crypt/cfs-1.4.1.14 have been masked. !!! One of the following masked packages is required to complete your request: - app-crypt/cfs-1.4.1.14 (masked by: ~x86 keyword) For more information, see MASKED PACKAGES section in the emerge man page or section 2.2 Software Availability in the Gentoo Handbook. The computer that I'm trying to install this on has a Pentium 4 processor. Support for NFS has been compiled into the Kernel (satisfying part of step 3). Any suggestions? Thank you, Shawn I assume you want to continue running an x86 (stable) system for the most part. If so, then add app-crypt/cfs ~x86 to /etc/portage/package.keywords (create this file if it does not exist). If you'd like to go totally ~x86 (unstable), you can just add ACCEPT_KEYWORDS=~x86 to /etc/make.conf When you've done either one, just emerge cfs normally (emerge cfs), and you should get the ~x86 version. Hope this helps. Holly H Thanks Holley!!! I am currently trying to figure out why my Gentoo doesn't connect to eth0, so I'm bogged down in silly dumb situation. Thanks for answering that question on CFS. CFS just works for me, except I still haven't found the magic commands to shut down Gentoo after cattaching a directory, It still hangs. I've temporarily given up, as I'm getting into the NSA Linux deal. haha Sincerely, Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: [gentoo-#!/bin/sh # ###########################################################################
# INET_IFACE=eth0 # # Information pertaining to DHCP over the Internet, if needed. # # Set DHCP variable to no if you don't get IP from DHCP. If you get DHCP # over the Internet set this variable to yes, and set up the proper IP # address for the DHCP server in the DHCP_SERVER variable. # DHCP=yes DHCP_SERVER=192.168.1.1 # # your LAN's IP range and localhost IP. /24 means to only use the first 24 # bits of the 32 bit IP address. the same as netmask 255.255.255.0 # LAN_IP=192.168.1.1 LAN_IP_RANGE=192.168.0.0/16 LAN_IFACE=eth0 # # 1.4 Localhost Configuration. # LO_IFACE=lo LO_IP=127.0.0.1 # # 1.5 IPTables Configuration. # IPTABLES=/sbin/iptables # # Needed to initially load modules # /sbin/depmod -a # # no modules needed as everything compiled into kernel # ### # # 3.1 Required proc configuration # echo 1 /proc/sys/net/ipv4/ip_forward # ### # # 4.1.1 Set policies # $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP # # Create chain for bad tcp packets # $IPTABLES -N bad_tcp_packets # # Create separate chains for ICMP, TCP and UDP to traverse # $IPTABLES -N tcp_packets $IPTABLES -N udp_packets $IPTABLES -N icmp_packets $IPTABLES -N out_packets # # # Special OUTPUT rules to decide which IP's to allow. # $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT # # Rules for outgoing packets to the internet # $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 111 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 631 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 657 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 2049 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 3049 -j DROP # $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 111 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 631 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 657 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 2049 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 3049 -j DROP # # Let LO_IP input packets # $IPTABLES -A INPUT -p ALL -s $LO_IP -j ACCEPT # # ICMP rules # $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT # # Rules for incoming packets from the internet. # $IPTABLES -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \ -j ACCEPT $IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets $IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets $IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets # # Bad TCP packets we don't want. # $IPTABLES -A INPUT -p tcp -j bad_tcp_packets # # bad_tcp_packets chain # $IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \ -m state --state NEW -j REJECT --reject-with tcp-reset $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \ --log-prefix New not syn: $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP $IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets # # TCP RULES # $IPTABLES -A tcp_packets -p TCP --syn -j ACCEPT $IPTABLES -A tcp_packets -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A tcp_packets -p TCP -j DROP # $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed $IPTABLES -A tcp_packets -P TCP -s 0/0 --dport 25 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 53 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 111 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 631 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 657 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 2049 -j DROP $IPTABLES -A
[gentoo-user] Re: [gentoo-#!/bin/sh # ###########################################################################
rob3 wrote: # INET_IFACE=eth0 # # Information pertaining to DHCP over the Internet, if needed. # # Set DHCP variable to no if you don't get IP from DHCP. If you get DHCP # over the Internet set this variable to yes, and set up the proper IP # address for the DHCP server in the DHCP_SERVER variable. # DHCP=yes DHCP_SERVER=192.168.1.1 # # your LAN's IP range and localhost IP. /24 means to only use the first 24 # bits of the 32 bit IP address. the same as netmask 255.255.255.0 # LAN_IP=192.168.1.1 LAN_IP_RANGE=192.168.0.0/16 LAN_IFACE=eth0 # # 1.4 Localhost Configuration. # LO_IFACE=lo LO_IP=127.0.0.1 # # 1.5 IPTables Configuration. # IPTABLES=/sbin/iptables # # Needed to initially load modules # /sbin/depmod -a # # no modules needed as everything compiled into kernel # ### # # 3.1 Required proc configuration # echo 1 /proc/sys/net/ipv4/ip_forward # ### # # 4.1.1 Set policies # $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP # # Create chain for bad tcp packets # $IPTABLES -N bad_tcp_packets # # Create separate chains for ICMP, TCP and UDP to traverse # $IPTABLES -N tcp_packets $IPTABLES -N udp_packets $IPTABLES -N icmp_packets $IPTABLES -N out_packets # # # Special OUTPUT rules to decide which IP's to allow. # $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT # # Rules for outgoing packets to the internet # $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 111 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 631 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 657 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 2049 -j DROP $IPTABLES -A out_packets -p tcp -o $INET_IFACE --sport 3049 -j DROP # $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 111 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 631 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 657 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 2049 -j DROP $IPTABLES -A out_packets -p udp -o $INET_IFACE --sport 3049 -j DROP # # Let LO_IP input packets # $IPTABLES -A INPUT -p ALL -s $LO_IP -j ACCEPT # # ICMP rules # $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT # # Rules for incoming packets from the internet. # $IPTABLES -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \ -j ACCEPT $IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets $IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets $IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets # # Bad TCP packets we don't want. # $IPTABLES -A INPUT -p tcp -j bad_tcp_packets # # bad_tcp_packets chain # $IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \ -m state --state NEW -j REJECT --reject-with tcp-reset $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \ --log-prefix New not syn: $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP $IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets # # TCP RULES # $IPTABLES -A tcp_packets -p TCP --syn -j ACCEPT $IPTABLES -A tcp_packets -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A tcp_packets -p TCP -j DROP # $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed $IPTABLES -A tcp_packets -P TCP -s 0/0 --dport 25 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 53 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 111 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 631 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 657 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 2049 -j DROP $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3049 -j DROP # # UDP ports # if [ $DHCP
[gentoo-user] OT- NSA Linux
Where do you get this? I couldn't find it on the www.nsa.gov site. What am I missing? Thanks, Rob -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Clock going crazy
A. Khattri wrote: On Sat, 21 May 2005, Rob wrote: Thanks for response. Acutually it was adding a line to rc.conf that solved the problem CLOCK=local. This does not appear in the Gentoo manual, but is only needed for BIOS's which use local time. I submitted a doc bug report, so that no one else gets bit with this. Normally this line is already in rc.conf and well commented enough to understand. Not in mine. Missing from stage 3 tarball for i386. Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] last problem OpenOffice not working from user acct.
Root or su can start OO easily with ooffice command. But it doesn't work as a user. I keeps sending the error message that the setup is aborted. Who knows what this means, but its irritating, having to go back in to user directory and chowning and chgrpin files. Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Clock going crazy
I looked at adjtime. I alredy have 0.0 as the first entry, so that mailing list thread does not apply to me. Thanks, Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Clock going Crazy
Thank you!!! My rc.conf file contained no CLOCK= line, so I missed it. This seems like it was overlooked or a bug in the install process. Now it appears that my Gentoo OS is keeping time. However, it is yet to be seen whether the BIOS keeps its time since it appeared to also be a problem. So I set in /etc/rc.conf CLOCK=local. Many thanks, Rob -- gentoo-user@gentoo.org mailing list
[gentoo-user] Clock going crazy
I am not certain if this is a Gentoo problem, a bios problem, a mobo problem, or what. I just want to know if anyone else has seen it or has it now. I can't keep the clock on the right time. This Dell 8600 Laptop has a brand new mobo in it. So it seems crazy that the battery would be dead already. Windoze shows the same behavior. Thanks, Rob -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Clock going crazy
David D. Rea wrote: On Thu, May 19, 2005 10:15 am, rob3 said: I am not certain if this is a Gentoo problem, a bios problem, a mobo problem, or what. I just want to know if anyone else has seen it or has it now. I can't keep the clock on the right time. This Dell 8600 Laptop has a brand new mobo in it. So it seems crazy that the battery would be dead already. Windoze shows the same behavior. Thanks, Rob Is the clock bouncing between two hour times while the minute stays more or less correct? If so, then Gentoo is probably setting the hardware clock to UTC (universal time, or Greenwich Mean Time) when it shuts down, and Windoze is expecting local time on bootup... They may be messing with each other?? Dave I don't know. Dell support gave me a patch to the bios, so I will see in the next day or so if it is bios, or OS issue.\ Thanks! Rob -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OpenOffice 2.0
S. Schwartz wrote: Michael W. Holdeman wrote: And I built OpenOffice once, it ended up running slower than OpenOffice-bin... How come? I have noticed the same effect with Mozilla-software. At least I get the feeling that the binaries are a little faster -- I can't really say for sure. Sigi Hi, I'm still trying to figure out why my install doesn't execute for normal users. So OO only works for root. Upon the ooffice command a normal user gets a message regarding setup or something like that, then it aborts. Rob. -- gentoo-user@gentoo.org mailing list
[gentoo-user] OpenOffice now works for me
Many thanks for the help with OpenOffice. I now have it working. Its a great program. Wow, MS Word files and .pdf. I haven't even scratched the surface of it all yet. The OpenOffice people have sure done a great job. The Genoo mailing lists are great. They are on par with the FreeBSD and OpenBSD general mailing lists, except with OpenBSD getting chewed out by Theo is your initiation, haha. Sincerely, Rob. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Using the Cryptographic File System as your home directory
Nick Rout wrote: There clearly is interest. May I suggest the gentoo wiki as the place for this? On Wed, 04 May 2005 15:28:29 -0700 rob3 wrote: Hi all, If there is sufficient interest, I can write up detailed instructions for setting up an encrypted home directory. Unlike Windoze, since all personal information is contained wholly in the home directory in *nix, it is very advantagious to encrypt it. I can show how to migrate your home directory to CFS. The only missing part so far is a shutdown/unmount script for the NFS based system. And since CFS uses NFS, you want to do a good firewalling job to make certain all the NFS ports are blocked in and out of your internet connection. Sincerely, Rob. -- gentoo-user@gentoo.org mailing list Yes, I will check out the wiki Ive never used it before At first, though I want to get writing. I tried Openoffice-bin, but got all these error messages when I tried to set it up, so I will just go with plain text I think the Openoffice compile might take all day, haha. Rob -- gentoo-user@gentoo.org mailing list
[gentoo-user] HOWTO Encrypt Your Home Directory Using CFS
OK, I think I have an accessable draft copy of the doc at www.gentoo-wiki.com/User:Roblytle. It seems to be available anonymously, and editable. I am no wiki expert so its likely something is screwed up. I'd like it to end up in the HOWTO Security and Anonymity category, but I have no idea how to do this. Thanks, Rob. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Using the Cryptographic File System as your home directory
Daevid Vincent wrote: I'm interested too. I would love to have this on my notebook in case the worst happens. I can also test this in a Gentoo VMWare that I use. If you'd like the image, I can ftp it to you somewhere. Its' about 900MB zipped. Daevid. Hi David, Yes, I use a notebook almost exclusively, and it is great knowing that if someone stole it, they wouldn't get anything of interest on me. Of course, I'm still out $3K, and they can just reformat the hard drive. I will in the next few days put together a draft step-by-step proceedure for doing it, as it seems there's some interest. However, I am still hung up on the shutdown commands, as my notebook hangs at trying to unmount the CFS directory. But since it has already unmounted everything else, I don't have any problem with shutting down the power manually. Sincerely, Rob -- gentoo-user@gentoo.org mailing list