Linux-Misc Digest #790, Volume #20 Fri, 25 Jun 99 18:13:11 EDT
Contents:
Re: Secure backups with tar (Chris Hardin)
Re: HP-UX Binaries? (Marc Mutz)
Re: Virtual Mac OS on Linux, HOW???? (Marc Mutz)
Re: Apache not serving web pages ("Lord Byron")
Where do I find GMutex? ([EMAIL PROTECTED])
Re: help for linux process (Juergen Heinzl)
Re: Docbook? Linuxdoc? Re: Documentation issues. (William Burrow)
Re: Could Microsoft Cheat On The New Mindcraft Benchmark? (Terry Carmen)
Re: routing problem (mist)
Re: Matrox G200 + XF86 problem (mist)
Re: NT the best web platform? (Donovan Rebbechi)
Re: running ppp as non-root (Greg Steckman)
Re: Which linux distribution/kernel for quad xeon/raid server (Marc Mutz)
Re: Mounting dos file system (Douret Patrick)
----------------------------------------------------------------------------
From: Chris Hardin <[EMAIL PROTECTED]>
Crossposted-To: comp.unix.admin,linux.admin,linux.redhat.misc
Subject: Re: Secure backups with tar
Date: 25 Jun 1999 17:26:48 GMT
> [EMAIL PROTECTED] wrote:
...
>> and disabling the floppy in the BIOS. It strikes me that the weakest
>> point, from a physical point of view is the tape backup. The tapes
If you are giving untrusted people physical access to a machine, you
can't expect high security. If people are willing to steal tapes,
what's stopping them from stealing hard drives? Also, the BIOS
password can probably be overridden somehow--I doubt that anyone would
manufacture a motherboard that would become useless if someone forgot
the BIOS password. I could be wrong.
In comp.os.linux.misc Kenneth C Stahl <[EMAIL PROTECTED]> wrote:
> A simple way is to use nfs to allow your linux file systems to be mountable
> from an NT or Windows 95/98 machine. To perform the backup, just mount the
> directories and then use any Windows backup program that offers password
> protection. If you have a slow network this may take a while, but at least
> it will be secure.
This is not necessarily secure. Anyone sniffing packets can see the
contents of the backup, unencrypted. Also, even if the network were
secure, this method would be no more secure than the Windows machine
being used, and even NT has been riddled with security problems.
> Another way would be to perform a cpio backup to tape on the linux box (tar
> is never a very good idea and the only reason it is still around is that
> there is a lot of legacy support for it) and then share that drive with an
> NT/Win95/98 box and copy the cpio file to a tape backup with password
> protection and then erase the tape that has the cpio file.
Is tar really that bad? I've never had any problems with it, but I
haven't used cpio much, either.
Anyway, for encrypted backups, here is a method that might work for you:
1. As root, create yourself a pgp key pair. See pgp documentation
about this. (Something like "pgpk -g" or "pgp -kg" depending on
your version of PGP.) Suppose you choose "BOFH <root@computer>" as
your userid.
2. To do a level 0 dump of the root partition, using the program
"dump" (if the tape device is /dev/nst0a):
dump 0uf - / | pgpe -r "BOFH <root@computer>" | dd of=/dev/nst0a bs=32k
\_dump_____/ \_compress, encrypt__________/ \_throw it on tape____/
(Note that you might use the command 'pgp -fe "BOFH <root@computer>"'
instead, depending on your version of PGP. Also note that no
password/passphrase is needed to encrypt, just later, if you need to decrypt.)
3. To restore files from that dump:
dd if=/dev/nst0a bs=32k | pgpv -f | restore ivf -
(Again, you may need to use 'pgp -f', depending on your version of PGP.)
If you are not familiar with dump/restore, you should read about
them. The block size (bs) given to dd may need to be different, or
not necessary at all. PGP should do compression when it encrypts, but
you might want to experiment with different compression programs--just
be sure you put them before the encryption. You can also try using
cpio or tar instead for the dump/restore steps.
There are a couple potential problems with this system that I will
point out:
1. If someone got a hold of root's public key, they could steal a
tape, put spoofed data on it, and replace it. Then, they could
smash up the computer (with their physical access), and you would
reinstall the computer with their spoofed data. You can prevent
this by not letting anyone get root's public key (and obviously not
root's private key!). Alternately, you could sign the encrypted
data, but it's hard to make this secure without being interactive.
2. If you lose root's home directory, you will have trouble restoring
the encrypted data because you will not have root's private key.
To get around this, make a backup of root's home directory that you
keep physically secure. Incidentally, I would recommend making an
unencrypted backup that you keep as secure as you feel comfortable
with. (In fact, if it's feasible, I would recommend doing all your
backups unencrypted, and keeping the tapes physically secure.)
3. It might be slow. My guess is that with a reasonably fast processor,
the bottleneck will be I/O, but I'm not sure.
Good luck!
Chris
------------------------------
Date: Fri, 25 Jun 1999 21:22:48 +0200
From: Marc Mutz <[EMAIL PROTECTED]>
Subject: Re: HP-UX Binaries?
J.H.M. Dassen (Ray) wrote:
>
> I've seen CPU emulators of PowerPC, MIPS and m68k CPUs, but I'm not aware of
> a HPPA one. Even if there were, emulation has a very high overhead, so it
> would most likely not be feasible to run anything but toy applications with.
>
I heard of a HPPA hardware emulator being in development by intel. There
is nothing physical as of now, but I think, they are to release it next
year.
There are also rumors of a linux port being underway.
The name of the game I can't quite remember - something like merchant or
mercedes or ... dunno
Marc :-)
------------------------------
Date: Fri, 25 Jun 1999 21:17:37 +0200
From: Marc Mutz <[EMAIL PROTECTED]>
Crossposted-To: alt.uu.comp.os.linux.questions,comp.os.linux.advocacy
Subject: Re: Virtual Mac OS on Linux, HOW????
see lwn.net. In their announcement list I remember seeing an MacOS
emulator.
Marc
------------------------------
From: "Lord Byron" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: Apache not serving web pages
Date: Fri, 25 Jun 1999 00:07:53 -0500
The machine is connected to a LAN and the network settings are configured
properly. I am able to connect to the machine from any other machine via
the telnet, ftp, mail, news, daytime, etc., just not http. I can't access
the http port from the machine itself, from any of the other machines in the
local network, or from any machines outside the local network. I have done
quite a bit of reading on the topic, and I have configured http access on
other machines before. However, on the other machines, I was always doing a
full install of linux. My question was what exactly is the minimum I need
to install to get a working web server, and I know it's not just the base
stuff and apache. There's something missing that I haven't been able to
figure out.
--
Byron
Monte Phillips <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Welll actually <G>
> Benjamin is partly correct. it should be:
> http://<your host name> the default is localhost
>
> More importantly though you failed to tell us just HOW you could not
> connect. Vua a samba network? some other network? stand alone
> machine? Does ANYTHING work between the machines, or is it just
> Apache you cannot access. Need lots of info to be able to help you
> and give meaningful answers.
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Where do I find GMutex?
Date: 25 Jun 1999 22:05:14 +0100
I'm trying to build an application which uses Gnome, and have run into
the following problem:
In file included from /usr/include/gtk/gtksignal.h:31,
from /usr/include/gtk--sigcommon.h:17,
from /usr/include/gtk--sig.h:153,
from tableData.h:35,
from tableData.C:30:
/usr/include/gdk/gdk.h:997: syntax error before `*'
The offending line is: extern GMutex *gdk_threads_mutex;
I cant find the datatype 'GMutex' anywhere.
Does anyone know which header file or package I need for this?
Thanks,
Ian
------------------------------
From: [EMAIL PROTECTED] (Juergen Heinzl)
Subject: Re: help for linux process
Date: Fri, 25 Jun 1999 21:38:02 GMT
In article <[EMAIL PROTECTED]>, john xu wrote:
>Hello:
>I have an Apache web server 1.3 on Intel machine with Redhat 5.2.
>When I do "ps ax", I found there 15 httpd processes running on this
>machine.
[...]
See the docs for StartServers, MinSpareServers and MaxSpareServers
for more. It ought to be in the main configuration file httpd.conf
if you're using more than one config for apache.
[...]
>Also, my cgi script keeps send me hundreds emails each day with
>the same date(April 1, 1999). Even I changed cgi code subject
>text and that subject keeps not being chaged. I don't know what
>happended in my web server. Hope some experts give me some suggestions
>how to find what
>causes the problem.
No idea, seems to think it still would be funny ;-)
Cheers,
Juergen
--
\ Real name : J�rgen Heinzl \ no flames /
\ EMail Private : [EMAIL PROTECTED] \ send money instead /
------------------------------
From: [EMAIL PROTECTED] (William Burrow)
Crossposted-To: comp.unix.bsd.misc,gnu.misc.discuss
Subject: Re: Docbook? Linuxdoc? Re: Documentation issues.
Date: 25 Jun 1999 20:48:44 GMT
Reply-To: [EMAIL PROTECTED]
On 25 Jun 1999 18:58:32 GMT,
Cameron L. Spitzer <[EMAIL PROTECTED]> wrote:
>Now we can play that fun game for Linux users, guess the context.
>
>I wonder if guide-3.html still applies. What's the relationship between
>Docbook and Linuxdoc? Has Linuxdoc been updated since November '96?
>Has it been replaced by Docbook? Is guide-3.html an exhaustive list
>of tags recognized by sgmltools? Or is it just the tags Matt Welsh
>was using when he burned out on the Linux Documentation Project.
>See the notes at the very top and very bottom of
>http://www.sgmltools.org/
My understanding from the web site, when I last read it, was that
Docbook was supposed to supercede Linuxdoc.
Incidentally, is anyone still working on the LDP? I wrote a mini-HOWTO,
had a student in Mexico format it for me, submitted it and heard nothing
back. This was several weeks ago. Now that I am surfacing from under
many demands on my time, I might look into this again. Any news about
life in the LDP out there?
--
William Burrow -- New Brunswick, Canada o
Copyright 1999 William Burrow ~ /\
Beware of anti-spam. ~ ()>()
------------------------------
From: [EMAIL PROTECTED] (Terry Carmen)
Crossposted-To:
comp.os.linux.networking,comp.os.ms-windows.nt.advocacy,comp.os.linux.advocacy,comp.infosystems.www.servers.unix
Subject: Re: Could Microsoft Cheat On The New Mindcraft Benchmark?
Date: Fri, 25 Jun 1999 17:47:25 GMT
On Fri, 25 Jun 1999 00:28:43 GMT, Chris Costello
<[EMAIL PROTECTED]> wrote:
>In comp.os.linux.advocacy Terry Carmen <[EMAIL PROTECTED]> wrote:
>> While it's very easy to bash NT and come up with amazing statistics
>> supporting either operating system, I should mention that NT is very
>> stable if you do a proper install on certified hardware and don't load
>> it up with a bunch of crap.
> On certified hardware? Why do I need to get new certified
>hardware instead of running FreeBSD on a high end Alpha or x86
>box with pretty much generic (except of course the SCSI and
>network interface cards) parts?
Knock yourself out.
I don't especially care what you or anybody else uses. I'm just amused
by all the "<myOS> is perfect and omniscient and runs on a Texas
Instruments calculator from 1975, and everything else is garbage and
it's users should be beaten" responses.
Because if you actually did this for a living, you would notice that
now and then a customer will request a specific OS, and it's much more
profitable to smile and take their money and give them what they want,
than to try to convert them to your religion and sell them something
else.
It makes absolutely no difference to me if it needs a diesel-powered
network interface or new starch for the floppy drive. If the customer
wants it, who cares what it runs on?
>> Modifying the kernel under Linux requires a recompile. Modifying core
>> NT components requires nothing more than leaving a DLL where the OS
>> can find it.
>
> Oh no! Compiling puts such a heavy load on a system and the
>20 seconds downtime you get when you reboot for the new kernel
>can cost you BILLIONS!
You completely missed my point and shot yourself in the foot.
I think recompiling the kernel is an advantage, since it means that
every DLL dropped in the system folder isn't a potential source of a
crash or bug.
On the scale of Good Things and Bad Things that happen to people on
this planet, the choice of operating system is only slightly less
important than deciding if you want a burger or hot dog for lunch.
Terry
"It's much easier to develop software using actual technology, instead of just made-up
stuff."
------------------------------
From: mist <[EMAIL PROTECTED]>
Subject: Re: routing problem
Date: Fri, 25 Jun 1999 19:37:35 +0100
Reply-To: mist <new$[EMAIL PROTECTED]>
Benjamin HERZOG <[EMAIL PROTECTED]> scribed to us that -
>Hello,
>I have a little network :
>
>(Win98)eth -- eth1(Linux)eth0 -- ISP
>
>Kernel IP routing table
>Destination Gateway Genmask Flags MSS Window irtt
>Iface
>192.168.1.1 * 255.255.255.255 UH 0
>00 eth1
>192.168.1.0 * 255.255.255.255 UH 0
>00 eth1
>192.168.1.0 * 255.255.255.0 U 0
>00 eth1
<snip>
>
>
>But, when i try to ping the Linux box from the Win98, i get a ping
>timeout.
>I wonder whats wrong ?
>
Is windoze set up properly? Other than that, you have two entries for
the 192.168.1.0 network and one of the netmasks is wrong (all 255s).
There's no reason for two entries there anyway.
Are you talking about trying to ping the outside world from windows via
the linux box? In which case you need to make sure that ICMP
masquerading is enabled in the kernel.
--
Mist.
------------------------------
From: mist <[EMAIL PROTECTED]>
Subject: Re: Matrox G200 + XF86 problem
Date: Fri, 25 Jun 1999 19:34:25 +0100
Reply-To: mist <new$[EMAIL PROTECTED]>
Steve Evans <[EMAIL PROTECTED]> scribed to us that -
>I'm running RedHat 5.1 with a G200 and can only get low (<640x480)
>resolutions in XF86. I'm not sure if I need to tweak my config or
>whether I need an updated server.
>If I do need a different server, how can I tell which one to download
>and what extra files/libs I need to update?
>
Did you specify the amount of ram that the card has in the config files?
In the readme it mentions that ram might not be autodetected. My 16MB
G200 AGP works fine and would give whatever resolution I like if my
monitor could stand it. Other than that, perhaps you need to update the
xfree86 RPMS. You should do that anyway if you're using old versions,
as there are security holes, IIRC.
--
Mist.
------------------------------
From: [EMAIL PROTECTED] (Donovan Rebbechi)
Crossposted-To: comp.infosystems.www.servers.unix,comp.os.linux.advocacy
Subject: Re: NT the best web platform?
Date: 25 Jun 1999 19:11:24 GMT
On Fri, 25 Jun 1999 19:33:18 +0100, John Hughes wrote:
>FREE means nothing if your spending more time configuring. NOT saying thats
Configuration time becomes less of a factor on larger installations.
So this is where the abscence of licensing fees becomes an advantage.
Configuration time is a function of the *number of unique configurations
required*, not the number of machines to be configured.
>the case with Linux but this FREE mentality just doesnt cut it in business.
I'd partly agree. There really is no such thing as "free" since setting it
up ( and buying the hardware ) costs something, as does maintenance. The
absence of licensing fees lowers the total cost, but certainly doesn't
reduce it to nothing.
>What really matters is that it delivers needed business services.
It's pretty clear that linux does this. There are several services
( such as smbd, popd, imapd, httpd, ftpd, named ) that are
reliable low cost alternatives to NT and Netware ( which incidently
isn't much better than NT wrt their licensing schemes )
--
Donovan
------------------------------
From: Greg Steckman <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: running ppp as non-root
Date: Fri, 25 Jun 1999 14:37:04 -0700
Actually I am having the same problem. I thought the "setuid" was done
by "chmod ugo+s pppd". But that didn't seem to change anything. The
reason I want to do this is because I don't want to have to keep doing
"su root" everytime I run the connect (or disconnect) script. Plus I
want to put up a menu item for it...anyway the error I get is because I
am using the -name option to pppd, and it says that is an option only
available to root. How can I get around this?
Thanks,
-Greg
lyte wrote:
> scable wrote:
>
>> Hi all.
>>
>> Can anybody out there tell me how to make a ppp interface available
>> to
>> non-root users in RH6.0?
>> The Red Hat FAQ page on this question was not very helpful. Thanks.
>
> Just setuid the pppd daemon and it should work. You know that this
> isnt a good idea anyhow. Just connect to the net as root and the use
> another user to do whatever it is that you do.
>
> --
> Joey Olson
>
> #RedHat OnLine
> http://www.thecomputergallery.com/redhat
>
>
------------------------------
Date: Fri, 25 Jun 1999 20:58:34 +0200
From: Marc Mutz <[EMAIL PROTECTED]>
Subject: Re: Which linux distribution/kernel for quad xeon/raid server
George Young wrote:
>
> I'm setting up a linux server with 4x 500MHz Xeon processors, 1GB ram,
> Mylex extreme RAID 1100, 4 LVD U2W 10k RPM 9GB disks.
>
Check out lwn.net. They have a very long list of distro's. This week's
issue has a report on a special distro tailored to SMP/Xeon boxes.
>
> I am trying to decide which Linux distribution to use. I've heard that
> recent kernels like 2.2.5 and 2.3.7 have much improved SMP and IO performance,
No, not 2.2.x. 2.2.x is still poor when it comes to SMP. But there are
patches from Andrea at SuSE that can increase SMP performance. You don't
want to use 2.3.x kernels for production environments. You don't even
want to use 2.2.x, where 8 <= x <= 10, because from 2.2.8 on there is a
very curious fs killing error. Maybe you should stick with 2.0.37 or
2.2.7 (but this one still has the DoS vulnerability) until that problem
has been solved.
> so it seems like a distribution that is aggressive about bleeding edge
> kernels, drivers, etc. would be good. On the other hand, I don't mind
> compiling/installing new kernels/modules into a more conservative dist, if
> that is not too dangerous. I usually dig up and install the latest beta
> version of *applications*, but I don't want my *kernel* randomly hanging or
> scrambling data blocks...
>
If you really are after performance, use a very basic Debian install and
compile all needed servers and often-used app's for your processor
architecture (use egcs for that). Install only things that you know
you'll need.
Marc
------------------------------
From: Douret Patrick <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux
Subject: Re: Mounting dos file system
Date: Fri, 25 Jun 1999 21:13:12 GMT
In article <[EMAIL PROTECTED]>,
Dirk Wollherr <[EMAIL PROTECTED]> wrote:
> Did you check that you have read/writing permissions set to the
> directory on which you have mounted the DOS-disc?
Yes, I have checked It. In fact if sent a ls command, I can see the
copied file (and I it's correctly copied), but the kernel send me a
message saying it cant set the user's permission to the file.
What should I do to avoid this error message?
--
Patrick
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
