Linux-Misc Digest #670, Volume #20 Thu, 17 Jun 99 08:13:08 EDT
Contents:
Re: Linux systems- Poor security (Tim Philip Williams)
Re: Linux systems- Poor security (Tim Philip Williams)
Re: Linux systems- Poor security (Tim Philip Williams)
Re: A Capitalists view of freedom (Ketil Z Malde)
Re: Linux systems- Poor security (Sean Yamamoto)
Problem with timezone and netscape (Graeme Geldenhuys)
Re: Bandwidth priority? (mei)
Re: help: ipfwadm: setsockopt failed: Protocol not available error (M. Buchenrieder)
kernel 2.2.9 and 2.2.10 can cause massive ext2-corruption ? (peter)
Re: Repartition EXT2 without data loss? (arr)
Re: smbmount (peter)
CS4232 on Intellistaion config error? (Matthias Braun)
Re: Linux systems- Poor security (Tim Philip Williams)
FIPS installation problems----Help! ("Patrick Mc Govern")
Re: HELP! MORE strange Telnet and FTP issues (CodeWright)
linux standard base going too slow?
Re: SUID programs: are they normal? (Ben Armstrong)
Re: Shutting down as a normal user.. (CodeWright)
Mindcraft Times Three Microsoft (Conrad Sanderson)
Re: RH6.0 w/Netscape (Pierre Daeubner)
Default Raid Setup (eddycheung)
Re: Anyone got Soundblaster Live to work (Julius Longauer)
----------------------------------------------------------------------------
From: Tim Philip Williams <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 09:20:24 GMT
Rick Nelson wrote:
>
> What was the nature of the security breach? If it was truly a weakness in
> the OS (and not easy passwords / less-than-competent users... etc.) than the
> distribution you recieved must have corrupted it, because Linux itself is a
> very secure system. Better than NT in my opinion... but I'm also a Linux
> newbie.
>
> Rick
I don't know the nature of the breach ... I was just told that only the
Linux boxes were hacked (other Unix's and NT were left alone). My Linux
box wasn't hacked though.
Tim
------------------------------
From: Tim Philip Williams <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 09:24:19 GMT
> AFAIK, linux' security is only as good as the effort put
> forth to make it secure. There are vulnerabilities, but
> they should be pluggable if the administrator is willing to
> put in the time to plug them.
>
> --
>
> -John ([EMAIL PROTECTED])
But our administrator would probably argue that he hasn't got the time
to learn all the specifics of each Linux distribution an all the PC's
here.
I think distributions should include a 'secure' setup as a configuration
option, if there are any that do this ... please let me know!
Tim
------------------------------
From: Tim Philip Williams <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 09:40:26 GMT
"M. Buchenrieder" wrote:
>
> Tim Philip Williams <[EMAIL PROTECTED]> writes:
>
> >A while ago we had a security breach involving multiple linux boxes
>
> Make that "multiple Linux admins" . HTH
>
> >and
> >as a consequence, our IT staff will probably be implementing a ban of
> >the use of Linux!
>
> Yawn. If you don't know what you're doing, don't put a Linux
> box on the net.
My Linux system was OK!
I guess the other Linux users that 'don't know what they're doing', just
don't have the time to do all the resaerch necessary to make their
systems secure.
Hence the need for a secure distribution out of the box!
>
> >I use Linux as a development workstation (although
> >I'm not a UNIX expert) ... does anyone know why the security of Linux is
> >so bad?
>
> It isn't. It's possibly as secure as any other OS. Just watch
> your steps, don't run each-and-every daemon , and read the CERT
> advisories.
But NT *seems* to be more secure out-of-the-box than Linux. This was my
point. Although I don't doubt that Linux can be set-up to be
bullet-proof, most Linux systems around are probably running the
distribution default configurations.
> If your IT stuff judges NT to be more secure than UN*X/FeeBSD/Linux,
> get a better job. They don't know what they are talking about.
I think they judge the default configuration to be more secure.
> It's much more likely that they don't know UN*X at all, and are
> searching for a reason to get your management into buying more NT
> licenses.
I don't think they have the time to research all the security holes in
all the various Linux distributions that people use here. They have
always left it up to us to secure our systems ... and some of us have
failed to do that because we are not expert administrators. They *are*
Unix experts because we have MANY commercial Unix's here and only Linux
has been hacked in the past (multiple occasions).
>
> Michael
> --
> Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
> Lumber Cartel Unit #456 (TINLC) & Official Netscum
> Note: If you want me to send you email, don't munge your address.
------------------------------
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.linux.advocacy,gnu.misc.discuss
Subject: Re: A Capitalists view of freedom
From: Ketil Z Malde <[EMAIL PROTECTED]>
Date: Thu, 17 Jun 1999 08:34:40 GMT
[EMAIL PROTECTED] () writes:
> Some things SHOULD be immovable.
Yeah. Just ask Marie Antoinette and the French aristocracy.
> We're not the ones spouting righteous indignation about our
> nation being more 'orderly'
Obviously not.
I must say I think it is amusing that people think the US government
should be thanked for spreading its ideas about freedom and justice to
us poor Europeans. Currently, I understand, the US is working hard to
make us misguided continentals adopt their great anti-encryption and
patent legislation more or less wholesale.
(What is of course worse, is that the bureaucrats are falling for it.
For some reason, we always seem to adopt the worst of American
culture. *sigh*)
-kzm
--
If I haven't seen further, it is by standing in the footprints of giants
------------------------------
From: Sean Yamamoto <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 09:56:17 +0000
Reply-To: [EMAIL PROTECTED]
Bezalel Geretz wrote:
>
> Just wondering how do you secure a file in UNIX so the administrator cannot
> read it?
Kick the administrator off and change root password (making sure there
are no backdoors (e.g., .rhosts file). Once you've yanked the
networking
cords and barred physical access to the system (including turning the
monitor
the other way), you're 98% of the way there.
I'll let others contribute here...
------------------------------
From: Graeme Geldenhuys <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Problem with timezone and netscape
Date: Thu, 17 Jun 1999 10:45:59 +0000
This is a multi-part message in MIME format.
==============EE43613F2C3A04EE85EA7096
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi!
My problem with the time is like this...
I live in South Africa (timezone Africa/Johannesburg), which is
GMT+0200, but my system goes crazy with the time.
I do a 'hwclock' command and a 'date' command and they both give me the
same
time, which is correct.
Now if I received mail at 10:00, Netscape shows that the mail was sent
at 08:00. It subtracts 2 hours from all the times shown.
It looks like the Linux thinks my mail is at GMT time or something.
Any idea how i can fix this?
--
Regards,
- Graeme -
==============EE43613F2C3A04EE85EA7096
Content-Type: text/x-vcard; charset=us-ascii;
name="graeme.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Graeme Geldenhuys
Content-Disposition: attachment;
filename="graeme.vcf"
begin:vcard
n:Geldenhuys;Graeme
tel;fax:+27-21-683-7299
tel;work:+27-21-683-7280
x-mozilla-html:FALSE
url:http://iafrica.com
org:IAFRICA.COM;Production
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;0
fn:Graeme Geldenhuys
end:vcard
==============EE43613F2C3A04EE85EA7096==
------------------------------
From: mei <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: Bandwidth priority?
Date: Thu, 17 Jun 1999 12:06:56 +0200
Reply-To:
[EMAIL PROTECTED]
[EMAIL PROTECTED] ha scritto:
>
> In Linux, is there anyway to give "priority" to certain bandwidth
> streams? For example, on my system I have a RealAudio server that
> sometimes has its streams interrupted if one person happens to be
> FTPing at that time on my measly 128k ISDN line. I would like to give
> priority to RealAudio, and less priority to FTP. Is that possible?
If I remember well the answer is yes. Try to see in the kernel sources. I'm not
sure but it'd be qonos or something like this.
Ciao Mei
------------------------------
Crossposted-To: comp.os.linux.networking
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: help: ipfwadm: setsockopt failed: Protocol not available error
Date: Thu, 17 Jun 1999 06:03:52 GMT
Ken Kwasnicki <[EMAIL PROTECTED]> writes:
>Hi All,
>I've just installed SuSE 6.1, and I'm trying to configure the box as a
>firewall. Although I've tried to enable all IP firewalling/masquerading
>options in the kernel I keep getting the following error when I do even
>a simple command like "ipfwadm -I -f":
>ipfwadm: setsockopt failed: Protocol not available
[...]
That's one of the changes in the 2.2.* kernels. Use IP chains instead.
See /usr/src/linux/Documentation/Changes .
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
From: [EMAIL PROTECTED] (peter)
Subject: kernel 2.2.9 and 2.2.10 can cause massive ext2-corruption ?
Date: Thu, 17 Jun 1999 11:07:56 GMT
I just received a warningmessage about this topic ?
someone knows something about this topic ?
I personally experienced massive ext2-troubles in the last weeks but I
thought it is due to murphys law that two harddisks will failure within
one week ...
peter
=================
pilsl@
ANTISPAM
goldfisch.atat.at
------------------------------
From: [EMAIL PROTECTED] (arr)
Crossposted-To: comp.os.linux.setup,comp.os.linux.hardware
Subject: Re: Repartition EXT2 without data loss?
Date: Thu, 17 Jun 99 10:20:39 GMT
Reply-To: [EMAIL PROTECTED] (arr)
In article <7k8aq3$cqg$[EMAIL PROTECTED]>,
Geoff Short <[EMAIL PROTECTED]> wrote:
>
>Don't even think about mucking about with a partition which has all your
>users' files on it. Do it properly: bring the machine down, repartition
>as you want it, then restore from the backups.
But before you do any of this, make sure you have a rescue floppy, and
*verify* that it is capable of reading your backup medium. :-)
This way, you succeed not only in repartitioning your disk, but also
in checking that your backup/recovery strategy is working.
Andrew Runnalls
------------------------------
From: [EMAIL PROTECTED] (peter)
Subject: Re: smbmount
Date: Thu, 17 Jun 1999 11:12:57 GMT
In article <7ka2nb$a8q$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Hi guys.
> How exactly do I use smbmount to connect to other machines on my lan.
> I have tried the -h for help and it didn't work.
> On the other machines password is required .
>
# smbmount
Usage: smbmount service <password> [-p port] [-d debuglevel] [-l log]
Version 2.0.4b
-p port connect to the specified port
-d debuglevel set the debuglevel
-l log basename. Basename for log/debug files
-n netbios name. Use this name as my netbios name
-N don't ask for a password
-m max protocol set the max protocol level
-I dest IP use this IP to connect to
-E write messages to stderr instead of stdout
-U username set the network username
-W workgroup set the workgroup name
-c command string execute semicolon separated commands
-t terminal code terminal i/o code
{sjis|euc|jis7|jis8|junet|hex}
-D directory start from directory
another way is
#man smbmount
syntax has changed from 1.x to 2.0.x, so be aware of the version you
currently use.
peter
=================
pilsl@
ANTISPAM
goldfisch.atat.at
------------------------------
From: Matthias Braun <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: CS4232 on Intellistaion config error?
Date: Thu, 17 Jun 1999 12:30:37 +0200
Hi,
I have an IBM intellistation MPRO with an CS4232 onboard.
I can play sound for a few minutes, but then I get error messages like
SOUND: Couldn�t allocate DMS buffer
or
SOUND: DMA (output) timed out - IRQ/DRQ config error
I use a 2.2.10 kernel with follwoing sound config:
OSS/Free:3.8s2++-971130
Load type: Driver compiled into kernel
Kernel: Linux p29780ux.wdf.sap-ag.de 2.2.10 #4 Wed Jun 16 14:24:16 MEST
1999 i686
Config options: 0
Installed drivers:
Type 21: CS4232
Type 22: CS4232 MIDI
Type 1: OPL-2/OPL-3 FM
Type 26: MPU-401 (UART)
Card config:
CS4232 MIDI at 0x330 irq 9 drq 0
CS4232 at 0x534 irq 5 drq 1,3
OPL-2/OPL-3 FM at 0x388 drq 0
Audio devices:
0: Crystal audio controller (CS4236) (DUPLEX)
Synth devices:
0: Yamaha OPL3
Midi devices:
Timers:
0: System clock
1: Crystal audio controller (CS4236)
Mixers:
0: Crystal audio controller (CS4236)
Does any one has an idea or a working configuration.
(Must I configure the soundcard first with isapnp an load
sound as modules perhaps?)
Thanks in advance
--
Matthias Braun E-Mail: [EMAIL PROTECTED]
SAP AG
D-69190 Walldorf URL: http://www.sap.com
Germany
------------------------------
From: Tim Philip Williams <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 09:43:40 GMT
> demand fairness, demand a ban on using ms operating systems next time
> there is an incident with an ms machine
We probably aren't told about the NT security breaches!
------------------------------
From: "Patrick Mc Govern" <[EMAIL PROTECTED]>
Subject: FIPS installation problems----Help!
Date: Thu, 17 Jun 1999 07:14:15 -0400
Hi,
I am attempting to install Linux on my 300 Mhz IBM Aptiva. It has a 6gb
hard drive with about 2gb already used and in the FAT 32 file format. I ran
defrag and shut down into MS dos mode and started FIPS. After the boot
sector, FAT and the drive were checked "OK" I got an error message "last
cylinder is not free" and the program quit. I've done this several times
with some variations but I always get the same error message. I am
wondering if FAT 32 is the problem and may need to resort to destructive
partitioning.
Any ideas?
Pat
------------------------------
From: CodeWright <[EMAIL PROTECTED]>
Crossposted-To: alt.uu.comp.os.linux.questions,comp.os.linux.help,linux.redhat.misc
Subject: Re: HELP! MORE strange Telnet and FTP issues
Date: Mon, 14 Jun 1999 21:36:58 -0400
Gio wrote:
>
> Felix Kan wrote:
> >
> > Had the same problem before. try not to use Telnet from Microsoft (it sucks
> > anyways)... I downloaded another program called CRT and it works great with
> > vi.
> >
> > Felix The Cat
>
> Missed the first part of this post but I was wondering if this was
> related
> to a similiar problem I am having with my Linux 5.2 home intranet
> server.
>
> Seems when I try to telnet or ftp to the linux box from my Windows 95 PC
> then there is a massive 2-5 minute time wait before any login prompt
> comes
> up for connections.
>
> Does anyone know what is causing this????? Any suggestions would help.
Reverse DNS lookup
Check your /etc/hosts file (assuming you aren't running a local DNS) to
ensure
that there is a mapping between the hostname and the IP address of your
Win95
system.
--
Lew Pitcher
Master Codewright and JOAT-in-training
------------------------------
From: <[EMAIL PROTECTED]>
Subject: linux standard base going too slow?
Date: 17 Jun 1999 10:45:30 GMT
Hi all,
I'm dissapointed _on all distributions_ because I think LSB must
be one of the highests priorities, LSB should be there some time ago
and even it seems that currently LSB is in it's early stages. There are only
draft, also there is nothing about packaging...
Reading opinions from distributions' people (On Linux Journal) it's also
not very gratifying, even they say don't want to see fragmentation they
actually bundle generic products as distribution specific.
This causes more confusion to the market. Distributions should enforce
themselves to avoid this in order to make Linux a stable and a _really
homogeneous_ Open Source platform.
IMHO Linux is just starting to compete in the marketplace and distribution
competition should not rely on things that produce fragmentation. The LSB
is a must and it needs much more than promises and good wishes.
I hope actions will be taken fast to avoid this in the future.
Any comment will be greatly appreciated
Ulisses <[EMAIL PROTECTED]>
============================================================================
Debian/GNU Linux: a dream come true http://www.debian.org
------------------------------
From: Ben Armstrong <[EMAIL PROTECTED]>
Subject: Re: SUID programs: are they normal?
Crossposted-To: comp.os.linux.security
Date: Thu, 17 Jun 1999 10:49:45 GMT
In comp.os.linux.security Mike Khalili <[EMAIL PROTECTED]> wrote:
>>find: /proc/17817/fd/4: No such file or directory
>>/sbin/pwdb_chkpwd
> I'm guessing no.
You'll break PAM and maybe other things as well if you don't give this
some privileges. Debian has this as:
synrg@sanctuary:~$ ls -l /sbin/pwdb_chkpwd
-rwxr-sr-x 1 root shadow 10512 May 31 16:11 /sbin/pwdb_chkpwd
so it can read /etc/shaddow, which is:
synrg@sanctuary:~$ ls -l /etc/shadow
-rw-r----- 1 root shadow 1498 Jun 12 10:03 /etc/shadow
Ben
--
nSLUG http://www.nslug.ns.ca [EMAIL PROTECTED]
Debian http://www.debian.org [EMAIL PROTECTED]
[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ]
[ gpg key fingerprint = 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ]
------------------------------
From: CodeWright <[EMAIL PROTECTED]>
Subject: Re: Shutting down as a normal user..
Date: Mon, 14 Jun 1999 21:40:59 -0400
And, you can...
1) set up the user as a sudo user for the shutdown command, or
2) permit the user to use the su command to shutdown, or
3) toggle to a text-mode screen and <cntl><alt><del>
"Ferdinand V. Mendoza" wrote:
>
> I have Mandrake 5.3 and I can shutdown my box in KDM
> without any requirement that you'd be root or any
> user. Once you logged out from your user account
> and your KDM is on your screen you can just
> shutdown the machine as you wish.
> Actually, this can also be configured inside KDE
> such that only root is allowed to shutdown the machine.
> But as long as you haven't change the default settings,
> you can easily do it with Mandrake.
>
> Ferdinand
>
> Anthony DeLuca wrote:
>
> > How come I can't shutdown or reboot as a normal user. This is my home
> > machine....I am told that shutdown is not an available command... I even
> > tried su shutdown -h now.... and it still didn't work...Thanks in
> > advance..
> >
> > Tony
--
Lew Pitcher
Master Codewright and JOAT-in-training
------------------------------
From: [EMAIL PROTECTED] (Conrad Sanderson)
Subject: Mindcraft Times Three Microsoft
Date: 17 Jun 1999 10:54:06 GMT
The first Mindcraft report was muddled in execution, and we were
lucky that there was so much negative press about it, mostly for
a good reason. But it also showed that Apache and Linux both
have performance weaknesses which need to be addressed.
In effect we got the benefit from the benchmark without the
bad publicity. Microsoft is pissed off because of this.
Mindcraft wants this as well, because their reputation got
hurt badly the first time around.
It is fairly evident that Mindcraft (or should I say Microsoft)
wants to force the Linux Community's hand into a benchmark,
from where Microsoft will make Many Press Releases (tm) about
NT vs Linux. Using their standard marketing and FUD tactics
they will take lots of liberty in the interpretation of
the results and ignore others - eg. non-SMP performance
of Linux and NT, where Linux wins right now.
MS smells blood and is willing to follow this Mindcraft benchmark
up to the end. In version 3 of this benchmark, all the previous
"publicity" and PR bugs have been fixed - we now have a involvement
of Linux people (two from Red Hat and one from Penguin Computing),
and the place of testing is apparently independent.
We know that we will lose this benchmark, so why on earth did
Red Hat get involved ??? We could have refused participation
until the kernel and the web server had performance enhancements.
Refusing participation is nowhere near as bad as hard benchmark
data, which is going to stick around for years. Microsoft can
and will use all the mileage it can get out of it, and then some.
It is our right to do refuse participation until we are ready
- after all, one of the main strengths of OSS is that stuff
isn't released until it's ready. But instead, we are playing
directly into Microsoft's hands.
Related sites for performance enhancements in Linux:
kernel based web server: http://www.fenrus.demon.nl/
Mindcraft Redux: http://www.kegel.com/mindcraft_redux.html
--
Conrad Sanderson - Microelectronic Signal Processing Laboratory
Griffith University, Queensland, Australia
http://hive.me.gu.edu.au/
------------------------------
Date: Thu, 17 Jun 1999 13:00:40 +0000
From: Pierre Daeubner <[EMAIL PROTECTED]>
Subject: Re: RH6.0 w/Netscape
Hi!
Yes, yo did somethin wrong.
For giving you better information I ask you to send me the hole line of
your
'mkisofs` command.
You have to enter a lot of functions like -v boot.img to create a
bootable iso image.
But we can talk about that afterwards.
Pierre Daeubner
"K.C. Adams" wrote:
>
> Greetings all!
>
> I'm a longtime user of 5.2 and decided to download 6.0 and install. I
> installed it to a laptop and its running nicely. I do have a few
> questions/problems though.
>
> 1. Netscape crashes whenever it tries to load a page with any type of
> Java enhancements.
>
> 2. I downloaded my RedHat from an FTP site and burned a rom. When I try
> to use the Boot disk to do an install it hangs when I tell it that the
> disk is in the local CD. I wound up having to copy the files to the
> harddrive partition that they were going to be installed on to get the
> install to work. Anyone have any ideas what I did wrong in burning the
> CD?
------------------------------
Date: Thu, 17 Jun 1999 18:15:40 +0800
From: eddycheung <[EMAIL PROTECTED]>
Subject: Default Raid Setup
It seems that RAID5 will be included by default where I install Redhat
6.0 . How can I do to remove it and install as RAID1 ?
Eddy
------------------------------
From: Julius Longauer <[EMAIL PROTECTED]>
Subject: Re: Anyone got Soundblaster Live to work
Date: Thu, 17 Jun 1999 12:51:31 +0200
Ronald D. Haynes wrote:
>
> Hi, I am considering purchasing a system that has a Soundblaster Live
> card in it...
>
> I noticed on the SUSE /REDHAT sites that this card is not supported,
> anyone
> have any luck with a driver for it?
>
Yes, take a look at:
http://developer.soundblaster.com/linux/
Julius
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
