Linux-Misc Digest #673, Volume #20 Thu, 17 Jun 99 14:13:15 EDT
Contents:
Re: Linux systems- Poor security (Yan Seiner)
Re: Linux jingle (Greg Yantz)
What exactly is the SUID flag? (Tom Alsberg)
Block error question ("Walter L. Williams")
Modifying RPM and rebuilding (Doug Kite)
Re: I am looking for "Cleanweap" under linux? (jik-)
Re: Modifying RPM and rebuilding (Robert Lynch)
Re: kernel 2.2.9 and 2.2.10 can cause massive ext2-corruption ? (mist)
Re: kernel mode programs (yes, this is on topic) (Neal Glew)
Re: Diald - FTP'ing my dynamic IP to my Web Page? (Lyndon Hills)
Re: kernel mode programs (yes, this is on topic) (Christopher R. Barry)
Re: BitchX and Libncurses.so.3.4 ("T.E.Dickey")
nfs daemon not working after kernel compilation (Ilan Finci)
Re: Firewall Needed for Linux (Bob Tennent)
Re: Linux systems- Poor security (Colin Smith)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft Retest
News ("Chad Mulligan")
Re: Linux systems- Poor security (James Peterson)
Re: Secure network-backup via nfs? ([EMAIL PROTECTED])
About ADSL and Linux (Donghyeok Kil)
Re: Mindcraft Times Three Microsoft (jik-)
Re: Auto Login and start app (jik-)
----------------------------------------------------------------------------
From: Yan Seiner <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 11:10:11 -0400
How do you install security by default?
I need ftp, sshd, and WWW access. You want ICQ, telnet, email and
newsgroups. Joe wants an intranet and samba server.
By "default", do I allow all of those? None? If some, then which?
There is no "default" security. Security MUST be customized, otherwise
it's no security at all.
Yes it's complicated. So is administering WinNT. I've given up on NT
because it's too damn complicated; every config requires me to learn a
new GUI applet, with the requisite registry hacks because some
knucklehead programmer at MS forgot to put in a click box for something.
I agree that documentation could be better, though, but much is
available through the HOW-Tos.
Yan
Bill Simpson wrote:
>
> On Thu, 17 Jun 1999, Tim Philip Williams wrote:
> > I think distributions should include a 'secure' setup as a configuration
> > option, if there are any that do this ... please let me know!
>
> Right on.
> I have done a bit of looking into this (Security-HOWTO) and it seems quite
> difficult and time-consuming. It would be nice if there were a canned
> set-up. Or barring that, some simple set of instructions on how to be
> secure.
>
> I have been thinking of setting up Apache on a machine; main thing
> stopping me is not knowing what to do to "securify" machine prior to
> setting it up web server.
>
> Bill
--
__ __
| / /
/------/
-- / \ / \ --
/ /\ \ / /\ \
| / | \/--|-- |
\ / \ /
~~ ~~
"The older I get, the faster I was."
------------------------------
From: Greg Yantz <[EMAIL PROTECTED]>
Crossposted-To: aus.computers.linux,comp.os.linux.advocacy
Subject: Re: Linux jingle
Date: 17 Jun 1999 13:14:16 -0400
[EMAIL PROTECTED] (Colin Smith) writes:
> >James Beard wrote in message <[EMAIL PROTECTED]>...
> >>Hi all.
> >>
> >>Is there is a Linux jingle? A catchy little tune?
>
> Has to be "All Right Now" by Free! :)
Nah. :)
Does anyone remember the Chock Full-o-Nuts jingle? Yes I'm serious,
that's the name of the company. It went something like this:
Chock Full-o-Nuts (said very deliberately, 5 syllables would work here)
is that heavenly coffee.
Better coffee a millionaire's
money can't buy.
I think it has possibilities.
Maybe:
The Linux OS
is that heavenly software.
Better software a millionaire's
money can't buy.
-Greg
------------------------------
From: Tom Alsberg <[EMAIL PROTECTED]>
Subject: What exactly is the SUID flag?
Date: Thu, 17 Jun 1999 18:44:16 +0300
Reply-To: [EMAIL PROTECTED]
Hello what's up, I saw the thread "SUID programs: are they normal?" a
few seconds before wanting to ask this question, wondering if I should
write it as a reply in the same thread or as a separate one, finally
decided it would be better as a separate thread because it eould mess up
a newbie question with an even-more newbie question. If anyone thinks
else, please tell me (this is also a topic for discussion, but not in
.linux newsgroups ;-|) anyway, my question is if someone could tell me
or point me to a exact, expanded and accurate answer to the question in
the topic. (What is the SUID flag?). I think I pretty much know the
answer but I'm not sure. my unexperienced view is simply a program that
has root permissions, and only root can setUID (otherwise - Linux would
be 100% insecure, wouldn't it?). But I am looking for a more exact and
expanded answer...
I'm out of expressions to put in here, any ideas greatly appreciated
;-)
Tom Alsberg
------------------------------
From: "Walter L. Williams" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware,alt.os.linux
Subject: Block error question
Date: Thu, 17 Jun 1999 08:03:12 -0600
Reply-To: [EMAIL PROTECTED]
Gteetings all
I am running SuSE Linux, kernel ver. 2.0.36 . My system got shut off
accidentaly. I am now having a problem with block errors during boot up
on hda1, which is my root partition.
It will state during boot up that I have a bad block and that I should
run "fsck" manually. Which I do. It says that block 40893 has an error
but wants to know if it should ignore it. If I tell it no it will quit
and do nothing further. If I tell it yes, it will skip that problem and
go to other
items if they exist. This happens about every other boot up.
Can any one point me to where I can find a HOWTO or other instructions
that will tell me how to fix this? (Mabey someone can tell me how to fix
this.)
The only thing that I can think of to do is to try and reload my root
partition only. I run a 500 MB root"/"(hda1), a large /usr partition
(hda2), a large /home partition (sda1).
I would be greatful for any replies
Walt
------------------------------
From: Doug Kite <[EMAIL PROTECTED]>
Subject: Modifying RPM and rebuilding
Date: Thu, 17 Jun 1999 15:17:40 GMT
I need to make a slight change in the makefile of a program installed
with rpm on my Red Hat box, and would like to keep it as an rpm. After
reading the howto and man page on rpm, this is the only way I can figure
to do it. Is there an easier or better way?
1. Install the source rpm (rpm -i pkgname.src.rpm)
2. cd /usr/src/redhat/SOURCES
3. extract the source tarball
4. make the needed change
5. remake the tarball (using the same name, of course)
6. cd /usr/src/redhat/SPECS
7. rebuild the rpm with rpm -ba pkgname.spec (to make source and binary)
8. install the newly made binary rpm from /usr/src/redhat/RPMS
Would I be better off to make a patch instead of making the change in
step 4?
Any ideas appreciated
Doug
--
_________________________________
Doug Kite
Lenoir County MIS
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: jik- <[EMAIL PROTECTED]>
Subject: Re: I am looking for "Cleanweap" under linux?
Date: Thu, 17 Jun 1999 07:05:04 -0700
James Chang wrote:
>
> Hi there
>
> Could anybody tell me how to uninstall application which has been
> installed by using source compiling?
make uninstall
usually works...otherwise,
1) remove it by hand...
2) there are programs which replace 'install' that monitor the make and
you can later use them to uninstall all traces of the software in
question. Try freshmeat.net
------------------------------
Date: Thu, 17 Jun 1999 09:28:40 -0700
From: Robert Lynch <[EMAIL PROTECTED]>
Subject: Re: Modifying RPM and rebuilding
Doug Kite wrote:
>
> I need to make a slight change in the makefile of a program installed
> with rpm on my Red Hat box, and would like to keep it as an rpm. After
> reading the howto and man page on rpm, this is the only way I can figure
> to do it. Is there an easier or better way?
>
> 1. Install the source rpm (rpm -i pkgname.src.rpm)
> 2. cd /usr/src/redhat/SOURCES
> 3. extract the source tarball
> 4. make the needed change
> 5. remake the tarball (using the same name, of course)
> 6. cd /usr/src/redhat/SPECS
> 7. rebuild the rpm with rpm -ba pkgname.spec (to make source and binary)
> 8. install the newly made binary rpm from /usr/src/redhat/RPMS
>
> Would I be better off to make a patch instead of making the change in
> step 4?
It's better to make a patch, and maybe change the name or bump the
release number (if you go UP with the latter, you can install via "rpm
-U" without problems).
This goes along with the idea of "pristine sources" in the rpm packaging
mechanism.
> Any ideas appreciated
>
> Doug
>
> --
> _________________________________
> Doug Kite
> Lenoir County MIS
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
--
Robert Lynch-Berkeley CA [EMAIL PROTECTED]
http://www.best.com/~rmlynch/
------------------------------
From: mist <[EMAIL PROTECTED]>
Subject: Re: kernel 2.2.9 and 2.2.10 can cause massive ext2-corruption ?
Date: Thu, 17 Jun 1999 15:28:31 +0100
Reply-To: mist <new$[EMAIL PROTECTED]>
peter <[EMAIL PROTECTED]> scribed to us that -
>
>I just received a warningmessage about this topic ?
>someone knows something about this topic ?
>
>I personally experienced massive ext2-troubles in the last weeks but I
>thought it is due to murphys law that two harddisks will failure within
>one week ...
>
>
No idea about how true that is, but my Linux system was hosed a few
weeks ago. I can't remember what kernel I was running at the time, but
it would have been around 2.2.9 I imagine. Symptoms were progressive
and cascading failure of all my ext2 partitions, the only solution was
to scrub most of the installation and start over. I put it down to
VMware at the time, but maybe it was the kernel. Arrgh.
--
Mist.
------------------------------
From: Neal Glew <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.functional
Subject: Re: kernel mode programs (yes, this is on topic)
Date: 17 Jun 1999 08:47:10 -0400
Ketil Z Malde <[EMAIL PROTECTED]> writes:
> I'm thinking of a way of making arbitrary code blocks run directly in
> kernel mode, after the OS somehow verifies that they are harmless to
> the OS itself - you naturally don't want to let user mode programs run
> arbitrary assembly code in the kernel. Is this possible? What would
> it take?
>
> And has it been done already? Would such a system be fast enough that
> it would still see the performance benefit from avoiding to cross the
> kernel/userland barrier?
The academic community has considered this problem, and a number of
solutions have been proposed including at least one actual extensible
kernel implementation.
The SPIN project (U. Washington) allowed users to write kernel
extensions in type safe Modula-3, compile them with the system trusted
compiler, and then up load them into the kernel. Software Fault
Isolation (SFI) is a technique for instrumenting code so that it
doesn't do bad things with a small performance penalty. It can be
used to modify kernel extensions before linking them into the kernel
and running them in system mode.
A number of techniques are called language based. Essentially the
user annotates her program with extra information including a
certificate that the code is safe. The kernel then checks the
certificate before linking the code into the kernel. Proof Carrying
Code (PCC) was the first such scheme, and involved annotating the
program with loop invariants and function pre and post conditions and
then supplying a proof of a verification condition. PCC also included
a compiler that could generate the annotations and proof for a safe
subset of C. ECC and TAL are other language based methods. PCC, ECC,
and TAL all operate on assembly language programs and are targetted at
applications such as extensible kernels that require performance.
This is ongoing research, and there are many more issues to address.
But yes, these systems are fast. All of them allow (in priniciple)
assembly language, even optimised code, to run in system mode in the
kernel. I should note that only the SPIN project has actually built
an extensible kernel, the other projects have built the
instrumenter/checkers and have or are measuring them.
References
==========
SPIN: Bershad et al. Extensibility, safety, and performance in the
SPIN operating system. SOSP'95, 267-284.
SFI: Wahbe et al. Efficient software-based fault isolation. SOSP'93,
203-216.
Overview of language based security:
http://www.cs.cornell.edu/kozen/papers/lbs.ps
ECC: http://www.cs.cornell.edu/kozen/secure
TAL: http://www.cs.cornell.edu/talc
PCC: George Necula. Compiling with Proofs. PhD thesis. CMU, Sep 1998.
Published as technical report CMU-CS-98-154.
------------------------------
From: Lyndon Hills <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Diald - FTP'ing my dynamic IP to my Web Page?
Date: Thu, 17 Jun 1999 18:18:38 +0100
Eric Cartman wrote:
>
> Hello All,
>
> I would like setup diald so that every time it connects, it FTPs the
> dynamically assigned IP number to my web space on my ISP account.
> That way, if I am elsewhere, I can find out where my machine is
> currently connected.
<snip>
This is the subject of a mini-HOWTO called I think Dynamic IP hacks.
It's on RH CD's (may well be unmaintained). It has scripts that run in
ip-up/ip-down or ppp-up/down. They don't I think do _exactly_ what you
are after but they are easy enough to read and amend. (Includes stuff
like mailing your dynamic ip to an address and so on). I once did put
the ip on a web page and this howto was my starting point.
HTH
Lyndon
------------------------------
Crossposted-To: comp.lang.functional
Subject: Re: kernel mode programs (yes, this is on topic)
From: [EMAIL PROTECTED] (Christopher R. Barry)
Date: Thu, 17 Jun 1999 16:50:07 GMT
Ketil Z Malde <[EMAIL PROTECTED]> writes:
> I'm thinking of a way of making arbitrary code blocks run directly in
> kernel mode, after the OS somehow verifies that they are harmless to
> the OS itself - you naturally don't want to let user mode programs run
> arbitrary assembly code in the kernel. Is this possible? What would
> it take?
>
> And has it been done already? Would such a system be fast enough that
> it would still see the performance benefit from avoiding to cross the
> kernel/userland barrier?
The MIT Exokernel has been designed to allow user applications to
directly access hardware and interrupts, but in a safe way. It just so
happens that they are specifically concerned with HTTP benchmarks.
<http://www.pdos.lcs.mit.edu/exo.html>
Christopher
------------------------------
From: "T.E.Dickey" <[EMAIL PROTECTED]>
Subject: Re: BitchX and Libncurses.so.3.4
Date: Thu, 17 Jun 1999 14:06:49 GMT
Stewart Honsberger <[EMAIL PROTECTED]> wrote:
> On Wed, 16 Jun 1999 19:16:44 -0400, Michael Tefft wrote:
>>I am trying to install BitchX on my RedHat 5.2 system. I downloaded the
>>binaries but when I run BitchX I get a message saying it cannot find
>>libncurses.so.3.4. I have found libncurses.so.3.0 on my system. Where do
>>I obtain libncurses.so.3.4 ? I have looked on RedHats ftp site and a few
>>other sites with no luck. Thanks in advance.
> I had the same problem. My solution was to grab the source code and
> compile it myself.
> I'm pretty sure, though, that all it would take is a soft link created
> in the name 'libncurses.so.3.4' to the 'libncurses.so.3.0' to make it work.
It depends on what functions were used from ncurses - some prototypes
changed (e.g., from a float to an int for a parameter).
--
Thomas E. Dickey
[EMAIL PROTECTED]
http://www.clark.net/pub/dickey
------------------------------
From: Ilan Finci <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: nfs daemon not working after kernel compilation
Date: Thu, 17 Jun 1999 13:27:41 +0000
This is a cryptographically signed message in MIME format.
==============msBF32EDAD62C9A4440178D11B
Content-Type: multipart/mixed;
boundary="------------1D5D02A79333B548C13A5002"
This is a multi-part message in MIME format.
==============1D5D02A79333B548C13A5002
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
I have a strange problem and I couldn't find an answer in the
documentation.
I'm using RH6.0 (kernel 2.2.5-15) and everything (regarding NFS at
least) is fine.
I'm trying to recompile the kernel (in order to enable ISDN). After
compiling the kernel and the modules ( make xconfig, make dep, make
bzImage, make modules, make modules_install, depmod -a, make install)
I reboot with the new kernel and then the NFS daemon fails to start with
a message :
nfssvc not implemented.
I've tried it (many times, with small modifications in the
configuration, I think nothing concerning NFS) with both kernel 2.2.5
and 2.2.10. I always getting it.
Can anyone help?
Thanks,
Ilan
==============1D5D02A79333B548C13A5002
Content-Type: text/x-vcard; charset=us-ascii;
name="ifinci.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Ilan Finci
Content-Disposition: attachment;
filename="ifinci.vcf"
begin:vcard
n:Finci;Ilan
tel;fax:+972-2-5867720
tel;work:+972-2-5866989
x-mozilla-html:TRUE
org:MobilEye Vision Technologies LTD.
adr:;;24 Mishol Hadkalim ;Jerusalem;;97278;Israel
version:2.1
email;internet:[EMAIL PROTECTED]
x-mozilla-cpt:;14912
fn:Ilan Finci
end:vcard
==============1D5D02A79333B548C13A5002==
==============msBF32EDAD62C9A4440178D11B
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIIYAYJKoZIhvcNAQcCoIIIUTCCCE0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BgwwggLLMIICNKADAgECAgMA7iEwDQYJKoZIhvcNAQEEBQAwgbkxCzAJBgNVBAYTAlpBMRUw
EwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMRowGAYDVQQKExFU
aGF3dGUgQ29uc3VsdGluZzEpMCcGA1UECxMgVGhhd3RlIFBGIFJTQSBJSyAxOTk4LjkuMTYg
MTc6NTUxNjA0BgNVBAMTLVRoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBSU0EgSXNzdWVyIDE5
OTguOS4xNjAeFw05OTA1MjcwNTIyMzFaFw0wMDA1MjYwNTIyMzFaMEUxHzAdBgNVBAMTFlRo
YXd0ZSBGcmVlbWFpbCBNZW1iZXIxIjAgBgkqhkiG9w0BCQEWE2lmaW5jaUBtb2JpbGV5ZS5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALeRl0OjEGfmSku7O3n6NECnYV0fCfAT
SN+aLn2tLL7P5rgkP0CEUwBmvfp8JqOKMuXr5HeWwqVSRqE3GDV9w2giS1kZ8HOb/wsDvMLq
JQOLwn6SmnehsCRZSqCRK6v6lU68vvH4Ew78KdvNdptpytFKuTyRdDz1/Y2LwxX0nEu9AgMB
AAGjVDBSMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
ADAfBgNVHSMEGDAWgBT+PmCca4wPsNgzxsrGHliwcTi14DANBgkqhkiG9w0BAQQFAAOBgQBq
YskX5Y4xjFJrX172mq31IGHXVgiZss5tJMuv9AW4FhieKGjrY/b0Aodky0hCcSlBwdLQEe2E
GnoKvT2Pj40AlEmdWqhX7QMpz3injl7MBzh9OAXnbrwmQFcbr5z1tE+Gf37MWuf4KyM3nThq
jh+4mS/1y9J4pH8RgO1PmzuxRTCCAzkwggKioAMCAQICAQowDQYJKoZIhvcNAQEEBQAwgdEx
CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93
bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24g
U2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBD
QTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05ODA5
MTYxNzU1MzRaFw0wMDA5MTUxNzU1MzRaMIG5MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2Vz
dGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEaMBgGA1UEChMRVGhhd3RlIENvbnN1
bHRpbmcxKTAnBgNVBAsTIFRoYXd0ZSBQRiBSU0EgSUsgMTk5OC45LjE2IDE3OjU1MTYwNAYD
VQQDEy1UaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgUlNBIElzc3VlciAxOTk4LjkuMTYwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSl5dTU0F8IAu4HIX0kv6trjh7rIAcCFYRrj9CT
JB8bne5osrksT+mTZxcQFx6h+UNBI7kwqnaXu/Pn/YHAtTGL9qZQJlTylSjrGaQelx6w4rib
wQSaMtA8CWxP5DVP8Ha/ABMDT0UIYPP8tNCQAYoSyZy6f1LqKpM1Njw85DUvAgMBAAGjNzA1
MBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUcknCczTGVfQLdnKBfnf0h+fGsg4w
DQYJKoZIhvcNAQEEBQADgYEALMeCHwFDPgeP7mlcqWSC+MCWrZMry5tQ10CagcK6pnadPJVA
3FXB4VWCeasKKabVDOFXKD6P+bvV3w2TWKpbLYuPM+TdWBU1dnIVKb1C9FqSC3dfnSfbmi1O
G4IGjtKNVruV3tsMZQXelZ4C3VMXvr78a8MaInoUK2G9wp9eeloxggIcMIICGAIBATCBwTCB
uTELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFu
dmlsbGUxGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYg
UlNBIElLIDE5OTguOS4xNiAxNzo1NTE2MDQGA1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIFJTQSBJc3N1ZXIgMTk5OC45LjE2AgMA7iEwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw05OTA2MTcxMzI3NDJaMCMGCSqGSIb3
DQEJBDEWBBQ+ZdVNu14a6JYWUf6OMqKNWEcncTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3
DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0D
AgIBKDANBgkqhkiG9w0BAQEFAASBgEGaOkTxA6mvi3GXdJH4rVFYkz0uxq6ooPEaIZm//Dvy
UQa5qrnUKNaf2gwm8nN9UEvjJOzZuXEP5CfOp7Lr4dNfhbHq01T4zfJhJ09BBYlQy6wYghhb
La34NuS+S5TkHa60NF2n1bq68CmJOBSVoEnacnvPZO9SRTitN23a3m1l
==============msBF32EDAD62C9A4440178D11B==
------------------------------
From: [EMAIL PROTECTED] (Bob Tennent)
Subject: Re: Firewall Needed for Linux
Date: 16 Jun 1999 22:16:50 GMT
Reply-To: rdt(a)cs.queensu.ca
On Wed, 16 Jun 1999 16:15:47 -0400, Warp wrote:
>
ipchains
Bob T.
------------------------------
From: [EMAIL PROTECTED] (Colin Smith)
Subject: Re: Linux systems- Poor security
Date: 16 Jun 1999 22:44:05 GMT
On Wed, 16 Jun 1999 14:48:52 GMT, Tim Philip Williams
<[EMAIL PROTECTED]> wrote:
>A while ago we had a security breach involving multiple linux boxes and
>as a consequence, our IT staff will probably be implementing a ban of
>the use of Linux! I use Linux as a development workstation (although
>I'm not a UNIX expert) ... does anyone know why the security of Linux is
>so bad? I assume that not all distributions are bad, but the ones with
>poor security give Linux a very bad name ... infact they give all free
>software a bad name .. I doubt if the IT staff will let me install
>FreeBSD instead of Linux.
>A very annoyed Tim (who will probably be forced to use Windows NT)
Sounds like bad administration.
Linux can be as secure as you care to make it, anything from wide
open to impregnable. Did your Unix admins set the boxes up or were
they set up individually by the users? I suspect the latter.
--
|Colin Smith: [EMAIL PROTECTED] | Windows 2000: |
|My Freeserve web pages: | The Zeppelin of |
|http://www.yelm.freeserve.co.uk/ | operating systems.|
------------------------------
From: "Chad Mulligan" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.networking,comp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (was: Mindcraft
Retest News
Date: Wed, 16 Jun 1999 15:16:54 -0700
Otto wrote in message ...
>
>Mark S. Bilk <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> Microsoft has a history of cheating on benchmarks and
>> rigging software to prevent competitive products from
>> functioning. Could they do that in the Mindcraft retest
>> that's now taking place?
>
>Why would they need to cheat? As it is NT can beat the crap out of Linux on
>the high end hardware, so what?Live with it.
>It boils down to matter of trust, which no matter what's being done the
>Linux community will never be satisfied. The test is not even over yet, no
>results are available, you already crying foul play. Just make sure you'll
>have plenty of tissues at hand when the results come out :).
>Dislike the way the test is performed? Do your own using the same hardware.
>
Gee, I thought I heard someone suggest that for this test, who was it? Oh
it was me!
>
------------------------------
From: James Peterson <[EMAIL PROTECTED]>
Subject: Re: Linux systems- Poor security
Date: Thu, 17 Jun 1999 12:50:13 -0500
humm I feel that Unix, linux can be very secure. unlike windows NT where
yet another bug was found where anyone cna get into nt server via netbuie or
something like that... linux does not have these problems to worry about.
But on the other had setting up security on linux box does take a little
bit of time and some knowledge (unlike the WINNT plug and go)
A simple way of putting it is ... if you think AIX, SGI, CRAY, and others
are secure then you should think that linux could be just as secure
Tim Philip Williams wrote:
> A while ago we had a security breach involving multiple linux boxes and
> as a consequence, our IT staff will probably be implementing a ban of
> the use of Linux! I use Linux as a development workstation (although
> I'm not a UNIX expert) ... does anyone know why the security of Linux is
> so bad? I assume that not all distributions are bad, but the ones with
> poor security give Linux a very bad name ... infact they give all free
> software a bad name .. I doubt if the IT staff will let me install
> FreeBSD instead of Linux.
> A very annoyed Tim (who will probably be forced to use Windows NT)
--
*****************************************
James Peterson
Network Administrator
Roman Meal Milling Company, Inc
Phone (701) 282-9656
Fax (701) 282-9743
E-mail [EMAIL PROTECTED]
*****************************************
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.networking
Subject: Re: Secure network-backup via nfs?
Date: Thu, 17 Jun 1999 16:09:47 GMT
In article <[EMAIL PROTECTED]>,
James Youngman <[EMAIL PROTECTED]>
wrote:
> > My question is: How can I backup all the servers in a secure way, by
> > using the host to which the DAT is connected?
>
> tar zcf - /filesystem-name | ssh dat-host dd bs=10240 of=/dev/st0
The problem with this approach is that I woulp prefer to use BRU for
backups. While you can use BRU in the way yo use tar, it means that you
lose some of the builtin error-checking BRU does. It seems this solution
makes it impossible to verify the backup. I want to be 100% sure my
backup is ok.
Also I would prefer to initiate the backup from the dat-machine. Would
that be possible using something like:
ssh remote-host tar /filesystem-name | dd bs=10240 of=/dev/st0
--
-Toem
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Donghyeok Kil <[EMAIL PROTECTED]>
Subject: About ADSL and Linux
Date: 17 Jun 1999 17:49:42 GMT
I just switched to adsl, but I have problems with connecting to internet with ad
sl. My provider only gives support for windows :(
Here is my situation:
Connection to internet is made with a Virtual Private Network and PPTP to connec
t. (In windows one just have to use the Micosoft VPN - drivers.)
Any suggestions are welcome,
Thanks,
------------------------------
From: jik- <[EMAIL PROTECTED]>
Subject: Re: Mindcraft Times Three Microsoft
Date: Thu, 17 Jun 1999 05:16:53 -0700
Well, I don't actually give a hoot who wins, MS products are
unstable....everone knows this. Linux is much more stable, with uptimes
ranging weeks and months (years? anyone?). There is some problems some
times,...but anyone who has used both knows by now Linux is much more
stable.
Right now, MS and mindcraft have shit in the wind to put it
bluntly....and it came back to them. They fudged benchmark tests and
got caught. Now they want more...we all know linux will loose in the
test they are doing...least some do me I have to take your word for it
I'm a user not a server. If noone stepped forward then MS can say that
noone steped forward because the origional test was accurate.
It has also been publicly stated that we know linux is going to loose
because the setup is all in MS's favor. Now if we do better then
expected good...if not we can show how we knew this and explain
why...sighting MANY benchmarks running in more reasonable situations
(from what I hear the test is for VERY large SMP computers that are so
expensive that a small business would never dream to own).
AND....having shown that...we can then work on improving the situation
and have the test run again to see who made the most improvement.
And depending on the software used, we can show were the SPEED is not
very efficient and Linux is doing the right thing running slighly
behind. Course it works the other way too...as it should.
Its a win-win for us the way I see it. This is ONE test, a very biased
one. We have lots more that show linux doing better. We can let them
have this one, what we can't do is let them show us running from them.
We stand, take our beating and move on....I think your very wrong about
a no responce being better then a loss...no responce shows we can't be
depended on to back the product, and I for one would never base a
business model on something that has no backbone.
------------------------------
From: jik- <[EMAIL PROTECTED]>
Subject: Re: Auto Login and start app
Date: Thu, 17 Jun 1999 05:37:46 -0700
James Crawford wrote:
>
> I'm fairly new to Linux, running Red Hat 6.0, how do you autologin a
> workstation and start an x app to boot? I have a certian application for a
> pc and that is all it will be used for.
It would be a bit beyond my knowladge, but I would try editing
/etc/inittab were it spawns getties to run a script of your design
instead of 'login' which is the program which is run every time a new
getty is spawned by default. This might be able to be a bash script
that simply starts X. Then of course all the rest goes in xinitrc.
You have to log in as the user as well....no idea...look at the source
for 'login' and see how its done.
Remember...always leave a getty open.
You could also switch to a homemade runlevel and do it all there....the
Linux Sys Admin's guide gives brief info on how to achieve that. Read
that book at http://sunsite.unc.edu/LDP/ look at init info in it.
Or the XDM runlevel (4 usually) would be a good place to alter an
existing one. On Slackware and other systems that don't use that OTHER
setup, just edit /etc/rc.d/rc.4 to suit your fancy, starting just X
(xinit or startx, NOT 'X') instead of XDM....make sure your getting
loged in first.
That would be best...adding a new runlevel or altering 3 does not sound
like an easy task.
BTW...I have never done anything like that before...this is just the
direction I would go if I were to try. I probably shouldn't even be
responding, but noone else did....I might get you lost :P
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
