Linux-Misc Digest #591, Volume #25 Mon, 28 Aug 00 02:13:04 EDT
Contents:
Re: Headless X86 Linux system (Peter Mitchell)
Re: Getting rid of Acrobat nag? ("Andrew N. McGuire ")
Re: Amateur Hacker Backdoors Thwarted By Upgrade? (Joe Pfeiffer)
Re: Linux, XML, and assalting Windows ("paul snow")
Re: Best Linux Distribution (Michael Black)
Re: Getting rid of Acrobat nag? (Prasanth A. Kumar)
Re: Amateur Hacker Backdoors Thwarted By Upgrade? (Bill Unruh)
Re: Getting rid of Acrobat nag? (MH)
Check out this weird linux behavior (Rudy Moore)
Re: Getting rid of Acrobat nag? (MH)
----------------------------------------------------------------------------
From: Peter Mitchell <[EMAIL PROTECTED]>
Subject: Re: Headless X86 Linux system
Date: Sun, 27 Aug 2000 21:09:03 -0700
I have also been trying to get a headless system running. I
have nearly succeeded, but sometimes I need to reattach the
screen and keyboard whan something drastic goes wrong (such
as fsck needing to be run manually before the system will
start).
I have found 5 areas involved in running a headless system.
1. The hardware and BIOS. Turn off halt on keyboard error,
and disconnect the monitor and keyboard (you can leave the
video card in). Connect the remote machine through a null
modem cable to (in my case) ttyS1 (COM2).
2. The lilo prompt. You can get this by putting a suitable
line into lilo.conf.
3. The kernel startup messages. I had to get these by
re-compiling the kernel, with CONFIG_SERIAL_ECHO set in
console.c. I found I had to do this in the C file, and I
also patched it to use ttyS1 (com2) instead of ttyS0
(com1). This was using redhat 5.2 (kernel 2.0.36); I don't
know that it will work for later versions.
4. Messages from the init processes which go to the terminal
before a login prompt. I still haven't got these working on
mine.
5. The login prompt. Put this as a line in /etc/inittab,
something like (from memory - look in text terminal HowTo
and compare with other lines)
S1:12345:getty ttyS1 D38400 vt100
I still have problems with item 4 above, and with getting a
terminal that will allow all the function keys.
Hope this helps.
Peter
* Sent from AltaVista http://www.altavista.com Where you can also find related Web
Pages, Images, Audios, Videos, News, and Shopping. Smart is Beautiful
------------------------------
From: "Andrew N. McGuire " <[EMAIL PROTECTED]>
Subject: Re: Getting rid of Acrobat nag?
Date: Sun, 27 Aug 2000 23:27:45 -0500
On Sun, 27 Aug 2000, MH quoth:
~~ Date: Sun, 27 Aug 2000 20:51:43 -0700
~~ From: MH <[EMAIL PROTECTED]>
~~ Newsgroups: comp.os.linux.misc
~~ Subject: Getting rid of Acrobat nag?
~~
~~ I have Acrobat reader installed on my Linux box, and am getting very
~~ annoyed at having to close the licensing agreement nag that pops up
~~ everytime I use the damn thing. Anyone know how to get rid of this nag?
Use gv or xpdf instead is the way I do it. I have used Acrobat
on Sun Solaris, and never had a nag. On Linux I have never used
it, as I have always had other free (as in liberty) PDF viewers
at my disposal.
anm
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Andrew N. McGuire ~
~ [EMAIL PROTECTED] ~
~ "Plan to throw one away; you will, anyhow." - Frederick P. Brooks, Jr. ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: Joe Pfeiffer <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.x
Subject: Re: Amateur Hacker Backdoors Thwarted By Upgrade?
Date: 27 Aug 2000 22:00:48 -0600
I don't know the answers to your questions -- but hopefully you've
contacted his ISP?
--
Joseph J. Pfeiffer, Jr., Ph.D. Phone -- (505) 646-1605
Department of Computer Science FAX -- (505) 646-1002
New Mexico State University http://www.cs.nmsu.edu/~pfeiffer
VL 2000 Homepage: http://www.cs.orst.edu/~burnett/vl2000/
------------------------------
From: "paul snow" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.text.xml,comp.os.linux.setup,comp.os.linux.advocacy
Subject: Re: Linux, XML, and assalting Windows
Date: Mon, 28 Aug 2000 04:35:10 GMT
<[EMAIL PROTECTED]> wrote in message
news:8o9s06$c3b$[EMAIL PROTECTED]...
>
> paul snow <[EMAIL PROTECTED]> wrote in message
> news:%pTp5.18774$[EMAIL PROTECTED]...
> >
> > Oh, so all those hours I spent installing stuff on Solaris was really
> > Windows?
>
> Does Solaris use Microsoft Windows terminology that you have used in this
> thread? If any of us have made a error as the the platforms you are used
to
> using, it is as a result of the terminology that you have selected to use
to
> present your ideas.
>
> > The point is that we need to get over the idea that installing is part
of
> > the abstractions that the OS provides. That mindset prevents us from
> > developing technologies (such as those I am describing here) that can
> > install across platforms.
>
> Technologies that already exist, assuming that the latest permutation of
> your position is what you are really proposing.
>
> The are many things that don't map well or at all from one OS to another.
> How would you handle those details?
>
> Consider file and directory attributes and permission settings. They
don't
> map from one OS to another very well. The installation process needs to
be
> OS specific in this and in many other areas.
Yes, we have developed a number of great tools for describing in abstract
information, and rendering specifically to different targets. TeX, SGML,
XML, and PostScript to name a few.
Assume that I (as a developer) have two OS targets.
One is a Forth based OS that still uses block addresses and has no file
system at all. (The old Forth arguements against file systems: "File
systems are bad, cause performance problems, and real programmers don't need
them. Just give us the blocks off the disk when we ask for them!")
The other is Linux.
Can we get any more different than that? So in my application's XML, it has
a <Forth> section that lays out each <Block number="1075"> and its contents,
and continues for every block it needs. My application also has a <Linux>
section that details the directories, files, etc. that the Linux
implementation requires.
If it is so easy to see how I can describe these two installations, why is
it so hard to believe we can cover Linux, Windows, Solaris, etc.?
This thread isn't about auto-magically constructing valid represenations of
applications for any OS. This is about being able to describe a valid
representation on any OS.
Given a technology like XML that can be used to describe structured data
(and variations of that structured data), use that to describe the set of
software components for a computer system. Then render those components as
described, by managing in context their needs as defined as how they should
be expressed in storage.
------------------------------
From: [EMAIL PROTECTED] (Michael Black)
Subject: Re: Best Linux Distribution
Date: Mon, 28 Aug 2000 04:38:14 GMT
In article <[EMAIL PROTECTED]>, Robert Kiesling
<[EMAIL PROTECTED]> wrote:
> On Aug. 27, 2000, "Andrew N. McGuire " <[EMAIL PROTECTED]>, wrote:
> >
> > ( text deleted )
> >
> > This lets experts in a NG concentrate on more urgent, or perhaps
> > tougher questions, and at the same time, ups the quality of the
> > discussions. Since the newbies are good Netizens, and are lurking
> > then they can gain something from the discussions, and when the time
> > is right, can contribute something useful. If the maintainer of the
> > Linux FAQ reads this, can we get "What is the best...?", put in the
> > FAQ, please?
>
> Yes, I do read this news group as much as possible.
>
> Nobody's yet asked why I don't have a "Best Of" list. But there's two
> main reasons:
>
> 1. I don't have the facilities or the time to evaluate objectively
> what the best of any given software is. I'd have to rely on
> hearsay and word-of-mouth. It's enough work keeping the FAQ
> up-to-date as it is. If I had to single out one product, I'd have
> to justify it, and that would consume even more of my time. There
> was a situation a year or so ago where Linux was run head-to-head
> against MS Windows. The tests had to be repeated several times
> before everyone was satisfied they were correct. Not to mention
> that advertising is forbidden in moderated News groups like
> news.answers and comp.answers.
>
> 2. Even if I were able to pick the "best" of a certain type of
> software, that would be no guarantee that it would be the
> best for your particular application, memory, HD and video
> configuration, network topology, and on and on.
>
> It's a lot more efficient to provide the information so that
> someone can make as informed a judgment as possible.
>
> Wow, I guess that was actually three or four reasons. Thanks,
>
> Robert Kiesling
>
About six weeks ago when I first installed Linux, I was a little surprised
at how little there was in the FAQ for me. I haven't looked at the FAQ
since then, so I can't give examples, but it struck me as being more useful
to someone who had gotten a bit further along. Maybe I'm a little surprised
because I would expect beginner type questions to be the most frequently
asked (and the questions that most would want to keep out of the newsgroup).
I'll try to take a closer look at some time to see what seemed to be
missing from the beginners standpoint.
As for the question of the "Best Linux Distribution" I think it should
be covered in the FAQ, but not in terms of rating it.
Deal with the question by explaining what's common to all distributions,
and why there are different distributions.
The fact that the kernel is the same, with in some cases some modifications
and in other cases a different selection of drivers (or so I gather) is
important.
That Redhat uses one format for installing applications, and Debian uses
another, seems more a case of "we think this is a better way" than that
one
is outright better than the other.
Acknowledge that some distributions may be better than an other for a
given person, either because one distribution is better suited for server
applications, for instance, or because some distributions are better
at "plug and play" (ie better for people who simply "want to use the thing").
Make note of the fact that the distributions will carry different selections
of auxiliary programs, again on the basis of those putting the package
together.
Deal with why there are new versions, both because of bug fixes and
the other reasons. I went with an older version, because I have
a small amount of memory. I certainly do wonder if I'm missing something
in the newer versions (no, I'm not looking for an answer here).
I'm sure there are other issues. I'm not suggesting comparing or specifying
distributions, only dealing with some of the reasons for different
distributions.
And maybe some of this is better dealt with in other places than the
FAQ. But then, it would make sense to use the FAQ as a pointer to
where this sort of thing is dealt with.
Generally, I can't help but wonder as I look at many of the questions
in these newsgroups, is whether people are asking because they don't
understand something, or because they can't find the answer or don't
know where to look. There is an awful lot of documentation available
for Linux, the FAQ, the various guides, the Howto's and the tutorials.
�t strikes me that some of the answers might be answered not by a bigger
FAQ, but some sort of overall index to the material. For example,
"mount" might point to the online man page, and it might also point
to the CDROM Howto (since a lot of mount and unmount questions seem
to apply to CDROMs) along with other places where the command is dealt
with. I do that sort of thing now, only manually, when I pull out one
book and look in the index, and then look in another book to see
what it says about the same thing. A "universal index", as much of
a drag as it would be to keep up to date because the material itself is
so often updated, would help people to find material on what they
were looking for.
Of course, that's not a FAQ issue, but a more overall project.
Michael
------------------------------
Subject: Re: Getting rid of Acrobat nag?
From: [EMAIL PROTECTED] (Prasanth A. Kumar)
Date: Mon, 28 Aug 2000 04:38:53 GMT
"Andrew N. McGuire " <[EMAIL PROTECTED]> writes:
> On Sun, 27 Aug 2000, MH quoth:
>
> ~~ Date: Sun, 27 Aug 2000 20:51:43 -0700
> ~~ From: MH <[EMAIL PROTECTED]>
> ~~ Newsgroups: comp.os.linux.misc
> ~~ Subject: Getting rid of Acrobat nag?
> ~~
> ~~ I have Acrobat reader installed on my Linux box, and am getting very
> ~~ annoyed at having to close the licensing agreement nag that pops up
> ~~ everytime I use the damn thing. Anyone know how to get rid of this nag?
>
> Use gv or xpdf instead is the way I do it. I have used Acrobat
> on Sun Solaris, and never had a nag. On Linux I have never used
> it, as I have always had other free (as in liberty) PDF viewers
> at my disposal.
<snip>
I havn't seen such a nag under Linux either. It maybe that for some
reason it can't write config file to your home directory under some
.acrobat type of name that it thinks it is started new everytime?
--
Prasanth Kumar
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: comp.os.linux.x
Subject: Re: Amateur Hacker Backdoors Thwarted By Upgrade?
Date: 28 Aug 2000 04:41:58 GMT
In <[EMAIL PROTECTED]> Wretch <[EMAIL PROTECTED]> writes:
]Hello. I'm new to dealing with Linux security issues, and
]I recently had a break-in from a seemingly amateur hacker.
]My questions pertain to any backdoors that the hacker might
]have created, and whether it is *likely* (given that the
]hacker is somewhat of a rookie) that an OS upgrade will destroy it.
A simple upgrade may well not destroy it. You need to take more active
measures.
a) Reinstall (ie do not upgrade but rather wipe and reinstall) Of course
this assumes you have backups of all the critical files you have.
b) If it is an rpm system, do
rpm -Va|grep '^..5'>/tmp/verify
Look at each of the files reported in /tmp/verify and ensure that the
change from install is legitimate. (Eg, /etc/password better have
changed, while /bin/login better not have changed.)
Then once you are sure you have a good find command on the machine, do
find / -perms +4000 -ls
to find all of the files which are suid root. Some need to be (eg login,
su, pppd) but others must not (/tmp/banana). Remove any such files you
find which should not be suid root.
c) Upgrade all of the security patches, and close down any daemon
(either running or in /etc/inetd.conf) you do not need. Make sure you
have hosts.deny and hosts.allow set up properly ( ALL:ALL inhosts.deny)
]The address that the hacker ftp'd to numerous times, as indicated by
]the bash history files, was "dhcelite.hypermart.net," who you
]will see is a classic jive trash talking dorky whiteboy who
]fancies himself a computer gangster. Has anybody out there
]had trouble with this punk as well?
]NOW, on to my question:
]-----------------------------------------------
]First, a few details about what I was running:
]-----------------------------------------------
]Redhat Linux 6.0
]i686 Intel Pentium II
]telnet,ftp,pop-3 are usually running (as specified in inetd.conf)
]---------------------------------------
]What happened
]---------------------------------------
]Hacker took advantage of the well-known
] "buffer overflow" and gained root access.
]Hacker ran a program called "eggdrop" which
] installs an IRC-bot for group chats.
]Also found running at various times were the
]following programs:
]"remote.c" --> Allows backdoor access (I think)
]"t666.c"
]"ns.c --> A "trinoo" daemon which I think is used
] in denial of service attacks
]Hacker also modified some files like "rc.local" so
] that the naughty "remote.c" and "t666.c" programs
] would run upon each reboot.
]------------------------------------------
]What I've Done
]-------------------------------------------
]Upgraded to Redhat Linux 6.2, and employed all
]the current bug fixes and updates found at
]the Redhat site. The kernel is upgraded to
]2.2.16-3.
]Also, I now only use secure shell logins
] and file transfers, something I wasn't
] doing before the hack.
]-------------------------------------------
]My Question
]-------------------------------------------
]Is it *likely* that the upgrade, plus the
]shutting off of the telnet and ftp services, is
]good enough to keep out the amateur hacker?
]Do amateur hacks usually install backdoors
]in such a way that they don't get written over
]in an upgrade of the binaries?
]MUCH thanks for any help!
------------------------------
From: MH <[EMAIL PROTECTED]>
Subject: Re: Getting rid of Acrobat nag?
Date: Sun, 27 Aug 2000 22:23:17 -0700
Reply-To: [EMAIL PROTECTED]
"Andrew N. McGuire" wrote:
>
> On Sun, 27 Aug 2000, MH quoth:
>
> ~~ Date: Sun, 27 Aug 2000 20:51:43 -0700
> ~~ From: MH <[EMAIL PROTECTED]>
> ~~ Newsgroups: comp.os.linux.misc
> ~~ Subject: Getting rid of Acrobat nag?
> ~~
> ~~ I have Acrobat reader installed on my Linux box, and am getting very
> ~~ annoyed at having to close the licensing agreement nag that pops up
> ~~ everytime I use the damn thing. Anyone know how to get rid of this nag?
>
> Use gv or xpdf instead is the way I do it. I have used Acrobat
> on Sun Solaris, and never had a nag. On Linux I have never used
> it, as I have always had other free (as in liberty) PDF viewers
> at my disposal.
>
Thanks for the tip. I'll try your suggestions, since I'd just as soon
not use Acrobat if there's something GPL that's functionally equivalent.
BTW--the solution to my problem was to edit an Acrobat configuration
file (hidden).
--
Don't waste your vote. Vote Green or don't vote at all.
------------------------------
From: Rudy Moore <[EMAIL PROTECTED]>
Subject: Check out this weird linux behavior
Date: Sun, 27 Aug 2000 22:25:41 -0700
My machine is doing weird things :). For one, the hosts.deny file is
now empty, and I can't make changes to it! vi now allowing me to write
to it, prompted me to do a chmod 777, which I wasn't allowed to do!
Anyone know why this is happening? (hack?)
[chris@dr-evil chris]$ su -l
Password:
[root@dr-evil /root]# ls -al /etc/hosts.deny
-rw-r--r-- 1 root root 1 Jul 13 01:35 /etc/hosts.deny
[root@dr-evil /root]# chmod 777 /etc/hosts.deny
chmod: /etc/hosts.deny: Operation not permitted
[root@dr-evil /root]# rm /etc/hosts.deny
rm: remove write-protected file `/etc/hosts.deny'? y
rm: cannot unlink `/etc/hosts.deny': Operation not permitted
[root@dr-evil /root]# whoami
root
=======================
here's a ps:
[root@dr-evil /etc]# ps -auxc
USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
bin 340 0.0 0.6 1212 420 ? S 08:11 0:00 portmap
chris 5338 0.1 1.7 1832 1088 2 S 01:10 0:00 irc
daemon 470 0.0 0.4 1144 296 ? S 08:11 0:00 atd
nobody 452 0.0 0.8 1300 532 ? S 08:11 0:00 identd
nobody 453 0.0 0.8 1300 532 ? S 08:11 0:00 identd
nobody 454 0.0 0.8 1300 532 ? S 08:11 0:00 identd
nobody 458 0.0 0.8 1300 532 ? S 08:11 0:00 identd
nobody 459 0.0 0.8 1300 532 ? S 08:11 0:00 identd
nobody 4725 0.0 3.1 7336 1980 ? S 22:55 0:00 httpd
nobody 4726 0.0 4.1 7324 2636 ? S 22:55 0:00 httpd
nobody 4727 0.0 7.1 7324 4532 ? S 22:55 0:00 httpd
nobody 4728 0.0 7.0 7288 4452 ? S 22:55 0:00 httpd
nobody 4729 0.0 7.2 7336 4540 ? S 22:55 0:00 httpd
nobody 4730 0.0 7.1 7324 4532 ? S 22:55 0:00 httpd
nobody 4731 0.0 7.2 7336 4536 ? S 22:55 0:00 httpd
nobody 4732 0.0 7.2 7336 4536 ? S 22:55 0:00 httpd
root 1 0.0 0.7 1120 476 ? S 08:10 0:04 init
root 3 0.0 0.0 0 0 ? SW 08:10 0:00 kupdate
root 4 0.0 0.0 0 0 ? SW 08:10 0:00 kpiod
root 5 0.0 0.0 0 0 ? SW 08:10 0:00 kswapd
root 6 0.0 0.0 0 0 ? SW< 08:10 0:00 mdrecoveryd
root 149 0.0 0.7 1588 456 ? S 08:10 0:00 in.amdq
root 151 0.0 0.7 1224 460 ? S 08:10 0:00 in.sysched
root 355 0.0 0.0 0 0 ? SW 08:11 0:00 lockd
root 379 0.0 0.6 1104 388 ? S 08:11 0:00 apmd
root 430 0.0 0.2 296 188 ? S 08:11 0:00 syslogd
root 439 0.0 1.0 1440 676 ? S 08:11 0:00 klogd
root 484 0.0 0.8 1328 564 ? S 08:11 0:00 crond
root 534 0.0 0.7 1204 484 ? S 08:11 0:00 lpd
root 626 0.0 0.7 1300 444 ? S 08:11 0:00 dhcpd
root 652 0.0 0.6 1092 408 3 S 08:11 0:00 mingetty
root 653 0.0 0.6 1092 408 4 S 08:11 0:00 mingetty
root 654 0.0 0.6 1092 408 5 S 08:11 0:00 mingetty
root 655 0.0 0.6 1092 408 6 S 08:11 0:00 mingetty
root 4722 0.0 5.9 7204 3724 ? S 22:55 0:01 httpd
root 5130 0.0 1.3 2152 880 1 S 00:50 0:00 su
root 5164 0.0 2.8 2644 1784 ? S 00:52 0:00 named
root 5267 0.0 1.4 1884 916 ? S 01:05 0:00 in.ftpd
root 5391 0.0 1.5 2156 952 ? S 01:17 0:00 su
root 5420 0.0 0.6 932 412 ? R 01:19 0:00 ps
xfs 614 0.0 1.0 1716 676 ? S 08:11 0:00 xfs
------------------------------
From: MH <[EMAIL PROTECTED]>
Subject: Re: Getting rid of Acrobat nag?
Date: Sun, 27 Aug 2000 22:25:10 -0700
Reply-To: [EMAIL PROTECTED]
MH wrote:
>
> I have Acrobat reader installed on my Linux box, and am getting very
> annoyed at having to close the licensing agreement nag that pops up
> everytime I use the damn thing. Anyone know how to get rid of this nag?
>
> --
> "The worst form of inequality is to try to make unequal things equal."
>
> --Aristotle
Solution provided via email by another reader:
"Look for a ".acrorc" file in your home directory. In it, check for
a "*ShowUnixEula:" option. Set to "false"."
--
Don't waste your vote. Vote Green or don't vote at all.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
