Linux-Misc Digest #857, Volume #25 Sun, 24 Sep 00 09:13:02 EDT
Contents:
Re: been hacked...have a question ("David ..")
window size (jawwad)
Re: Want Linux Tutorials & More (Marian Heddesheimer)
pppd - gpm - problem (Marcel Karras)
Re: help: external modem on redhat 6.1 ([EMAIL PROTECTED])
thanks. (Holly)
Can we fix my wtmp/utmp, please? (ray)
Re: IP Masquerading ("Robert")
There is a reason for this... (Holly)
can't mount drives (James McIntyre)
Re: Creating a hard link to a directory.... ([EMAIL PROTECTED])
Re: IP Masquerading (Tom Voltaggio)
autologin (Tom Voltaggio)
Re: been hacked...have a question (MIchael Erskine)
Re: kernel recompile needed, but Mandrake has modified the source... (Bruce LaZerte)
Re: kernel recompile needed, but Mandrake has modified the source... (Bruce LaZerte)
Re: There is a reason for this... (Jerry L Kreps)
Re: been hacked...have a question (MIchael Erskine)
----------------------------------------------------------------------------
From: "David .." <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: been hacked...have a question
Date: Sun, 24 Sep 2000 02:58:48 -0500
JDoe wrote:
>
> I guess a better question would be how to prevent this from happening
> again.
>
> Coz if someone can spoof a trusted IP, then what can we do? Deny all
> access even to those we want to grant access to?
>
> Me being a practical newbie at server administration, some insight
> into this would be greatly appreciated.
There are a couple of ways to help this from happening:
1) You can add this to /etc/rc.sysinit right after the
"Mounting proc filesystem" section. This will help to stop spoof
attempts to your system.
# This is the best method : Turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo "done."
else
echo PROBLEMS SETTING UP IP SPOOFING PROTECTION> BE WORRIED.
echo "CONTROL+D will exit from this shell and continue system
startup."
echo
# Start a single user shell on the console
/sbin/sulogin $CONSOLE
fi
===========
2)You could also add this to your firewall and or /etc/rc.local
# Enable IP spoofing protection
# turn on Source Address Verification
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
==============
This won't stop an authorized system from connecting.
--
Confucius say: He who play in root, eventually kill tree.
Registered with the Linux Counter. http://counter.li.org
ID # 123538
------------------------------
From: jawwad <[EMAIL PROTECTED]>
Subject: window size
Date: Sun, 24 Sep 2000 10:30:03 -0000
hi i m jawwad so pls help me about that what is window size?
& can i c window size or can i change this window size?
if i changment this so wheare?
--
Posted via CNET Help.com
http://www.help.com/
------------------------------
From: [EMAIL PROTECTED] (Marian Heddesheimer)
Subject: Re: Want Linux Tutorials & More
Date: Sun, 24 Sep 2000 10:38:14 GMT
On Sat, 23 Sep 2000 17:50:26 GMT, "SEATTLE"
<[EMAIL PROTECTED]> wrote:
>You are welcome to visit our Home Page:
>http://home.att.net/aubreyb
Looks like a nice but unordered link list.
Also you should post the correct URL which is.
http://home.att.net/~AubreyB
Just a tip:
sort your links into clusters of interest (e.g. "for newbies",
"how-tos", "internet-access" etc.)
There are so many good Linux linklists on the web, that this one
should stand out it you want to attract people.
Maybe a good idea would be, to sort it by score (e.g. 1st Place is
"what helped me best when i started with Linux")
Marian
===================================================================
mailto:[EMAIL PROTECTED] programmer and book author
http://www.heddesheimer.de online-training
===================================================================
------------------------------
From: Marcel Karras <[EMAIL PROTECTED]>
Subject: pppd - gpm - problem
Date: Sun, 24 Sep 2000 12:43:25 +0200
Hello,
I own Debian GNU/Linux 2.2. (potato) I configured the ppp-deamon with
pppconfig. So if I input "pon provider" it connects successfully to the
internet. But after the connecting my mouse make uncontrolled strange
movements. I use gpmdata as a mouse devise because other ones (ms,...) don't
work. "/dev/mouse" is a reference to "/dev/gpmdata".
I also tried to kill gpm with "gpm -k", but then I did not have an mouse to
work with.
Can someone help please?
Greetings from Germany.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: help: external modem on redhat 6.1
Date: Sun, 24 Sep 2000 10:45:13 GMT
In article <8qj5qg$mb2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I'm running redhat linux 6.1 and I have an external us robotics
> sportster 56k modem. I have it installed on /dev/ttyS0 and had gotten
> it to dial out using kermit 7.0 but now I cannot seem to contact the
> modem. I've tried setserial, minicom -s, and linuxconf but I can't
> seem to get it going. I don't want to use the gnome to set it up.
> Thanks in advance.
>
> Leo
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Did you try wvdial?
Type /usr/local/bin/wvdialconf /etc/wvdial.conf
In /etc/wvdial.conf, give the userid and PW expected by your ISP
(deleting the leading semi-colon) and your modem parameters.
Insert and type : New PPPD
between lines Phone and Username.
After establishing the name server configuration in linuxconf, it seems
you have allready done, type the following command:
/usr/local/bin/wvdial & (or /usr/bin/w.. depends)
It worked for me...
Good luck
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Holly <[EMAIL PROTECTED]>
Subject: thanks.
Date: Sun, 24 Sep 2000 11:10:26 GMT
> a)Boot up the installation disk for Mandrake. Go to disk partitioning.
> Select the Mandrake partition and erase it.
> Grow the windows partion to fill the spece.
That did the trick, thanks. : ) Eeh, why didn't I think of that. Duh.. I
still think it's funny - using linux to kill linux. Hm.
> b) Get Partition Magic and do the same.
Might check that out anyway. Ta.
> In both cases make sure that you backup your windows partition in case
> something does not work.
Nah. But I probably should.
> NOte I have never tried this so, I cannot guarentee it will not
destroy
> all your data.
It didn't, no worries. For your own future reference, and for that of
others, just do a hard reboot after writing the new partition info, even
if it complains about 'must have a such-and-such part' etc., as it will.
Then everything's peachy.
> Also note-- you do not say which booter you use. Note that Lilo can
boot
> all three, but you do not want Linux there to be booted after you have
> finished. You could go into lilo and delete the Linux entry and rerun
> lilo. This should leave just the Win. to be booted from lilo. Or get
rid
> of lilo altogether ( eg fdisk /mbr in Windows-- or whatever you need
to
> do to get Windows to reset the bootup.)
Sorry for not detailing the situation comprehensively. Oops, missed that
bit. No, I wasn't using lilo, I don't like it.
Thanks again.
~Holly~
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: ray <[EMAIL PROTECTED]>
Subject: Can we fix my wtmp/utmp, please?
Date: Sun, 24 Sep 2000 11:28:00 GMT
I run RH6.2. Waaaay back, maybe in RH6.0 I screwed up /var/log wtmp and
utmp. I don't now know how I did that. When I ask for "last", i get
[ray@gordo ray]$ last
wtmp begins Wed Mar 7 21:48:32 1934
1934? Hmm, I don't think so. lastb still works. Here's what it looks like
in there from a ls -alu
-rw-r--r-- 1 root root 0 Sep 16 09:04 utmp
drwxr-xr-x 2 uucp uucp 4096 Sep 24 04:02 uucp
-rw-rw-r-- 1 root utmp 34561 Sep 24 07:17 wtmp
-rw-rw-r-- 1 root utmp 21504 Sep 23 09:53 wtmp.1
-rw-rw-r-- 1 root utmp 2537088 Sep 23 09:53 wtmpx
This is all "data" and I have no idea how to get things back to "normal"
in there. The reading is all about how to USE these things, but that's
not much help when they are corrupt. (if they are).
TIA
--
Ray R. Jones
Errors have been made. Others will be blamed.
[EMAIL PROTECTED]
HTTP://gordo.penguinpowered.com
------------------------------
From: "Robert" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.redhat,comp.os.linux.setup,comp.os.linux.networking
Subject: Re: IP Masquerading
Date: Sun, 24 Sep 2000 13:26:31 +0200
Hi,
I don't know really, but do you have CUSEEME compiled into your kernel or
loaded the module. Im using ipchains for masquerading and I need a module
for CUSEEME. So maybe that helps....
Robert
Philippe BLATIERE <[EMAIL PROTECTED]> schrieb in im
Newsbeitrag: 01c02572$cc28cfa0$[EMAIL PROTECTED]
> Well, I am far from an expert but why do you use ipmasqadm : isn't
ipchains
> is sufficient ?
> Are you sure ipmasqadm and kernel 2.2 are ok together ?
> I ask you that question because CUSeeMe, that does not work, is used with
> ipmasqadm
> And I know that ipfwadm does not work with kernel 2.2, may be the same
with
> ipmasqadm ?
> May be am I saying something stupid ... may be not !!! this is my little
> help.
>
> Tom Voltaggio <[EMAIL PROTECTED]> a �crit dans l'article
> <[EMAIL PROTECTED]>...
> > ...
> > I am using Redhat 6.1 with kernel 2.2.12-20.
> > ...
> > # 1) Flush the rule tables.
> > /sbin/ipchains -F input
> > ...
> > # To forward incoming CUSeeMe ports
> > ipmasqadm autofw -A -r udp 7648 7648 -h 192.168.1.2
> > ...
> > Help!!!!
------------------------------
From: Holly <[EMAIL PROTECTED]>
Subject: There is a reason for this...
Date: Sun, 24 Sep 2000 11:40:45 GMT
> Amusing, I have 2 hard drives 14G and 15G with 3G for winblows and the
rest for
> Linux. I will remove winblows as soon as my Mustek 600 CP scanner is
supported on
> Linux.
Yes. Hm. That's nice. I am not unaware of MS's flawed approach and
execution, I simply require their os, with as much space as I can spare
for it, so I can use software that doesn't *exist* for Linux (or BSD),
namely certain particularly useful and flexible audio recording tools.
(Have you ever seen the space multitracking takes up? Not pretty...)
> to your question :
>
> use partition magic to remove the partitions and increase the size of
the
> winblows partition. If the partitions are extended just reformat them
under
> winblows.
>
> You could use bsd's fdisk to format the partitions.
Thanks anyway for the advice. It may at least prove useful for someone
out there.
> --
> Tired of Microsoft's rebootive multitasking?
> then it's time to upgrade to Linux.
> http://www.netonecom.net/~bbcat/
> We have software, food, music, news, search,
> history, electronics and genealogy pages.
--
Tired of operating system
advocacy of any kind?
*~Do your own research and
make up your own mind.~*
Like it? Try it.
Still like it? Keep it.
--
~Holly~
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: James McIntyre <[EMAIL PROTECTED]>
Subject: can't mount drives
Date: Sun, 24 Sep 2000 12:01:26 GMT
When I try to mount my folppy or cd-rom, I get a message stating they
are not valid block devices. I tried as root ans another user.
I'm using the commands
mount /dev/cdrom /mnt/cdrom, and "mount /dev/fd0 mnt/floppy"
What is the simple solutio to this?
TIA
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Creating a hard link to a directory....
Date: Sun, 24 Sep 2000 13:08:25 +0100
Bernhard Brueck <[EMAIL PROTECTED]> did eloquently scribble:
> Rob Blomquist <[EMAIL PROTECTED]> wrote:
>> I'm trying to make a hard link from a directory in my home directory to
>> /mnt/robbo.
> ...
>> Any thoughts?
> Use a symbolic link (ln -s) instead. Hard links for dirs are not supported
> because there would be the chance of cyclic directories which would break
> a lot tools.
find, for example would get stuck in an infinite loop.
--
______________________________________________________________________________
| [EMAIL PROTECTED] | |
|Andrew Halliwell BSc(hons)| "ARSE! GERLS!! DRINK! DRINK! DRINK!!!" |
| in | "THAT WOULD BE AN ECUMENICAL MATTER!...FECK!!!! |
| Computer Science | - Father Jack in "Father Ted" |
==============================================================================
------------------------------
From: Tom Voltaggio <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.redhat,comp.os.linux.setup,comp.os.linux.networking
Subject: Re: IP Masquerading
Date: Sun, 24 Sep 2000 12:13:26 GMT
It is loaded as a module and my understanding is that I need
Ipmasqadm to forward the specific ports that CuSeeme needs.
No?
Robert wrote:
>
> Hi,
>
> I don't know really, but do you have CUSEEME compiled into your kernel or
> loaded the module. Im using ipchains for masquerading and I need a module
> for CUSEEME. So maybe that helps....
>
> Robert
>
> Philippe BLATIERE <[EMAIL PROTECTED]> schrieb in im
> Newsbeitrag: 01c02572$cc28cfa0$[EMAIL PROTECTED]
> > Well, I am far from an expert but why do you use ipmasqadm : isn't
> ipchains
> > is sufficient ?
> > Are you sure ipmasqadm and kernel 2.2 are ok together ?
> > I ask you that question because CUSeeMe, that does not work, is used with
> > ipmasqadm
> > And I know that ipfwadm does not work with kernel 2.2, may be the same
> with
> > ipmasqadm ?
> > May be am I saying something stupid ... may be not !!! this is my little
> > help.
> >
> > Tom Voltaggio <[EMAIL PROTECTED]> a �crit dans l'article
> > <[EMAIL PROTECTED]>...
> > > ...
> > > I am using Redhat 6.1 with kernel 2.2.12-20.
> > > ...
> > > # 1) Flush the rule tables.
> > > /sbin/ipchains -F input
> > > ...
> > > # To forward incoming CUSeeMe ports
> > > ipmasqadm autofw -A -r udp 7648 7648 -h 192.168.1.2
> > > ...
> > > Help!!!!
------------------------------
From: Tom Voltaggio <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.redhat,comp.os.linux.questions
Subject: autologin
Date: Sun, 24 Sep 2000 12:21:10 GMT
I searched the usenet for a program or script to allow one
to automatically
login at boot time, either as root or a user, without user
input. My Linux
box is only used by myself and I use it as a gateway to my
internal small home
network. It has no other use. I've found some info, but
nothing that a beginning user can
use. Does anyone have any leads? I have Linux Redhat 6.1
using kernel 2.2.12-20.
------------------------------
From: MIchael Erskine <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: been hacked...have a question
Date: Sun, 24 Sep 2000 08:16:19 -0400
me wrote:
>
> hi
>
> someone recently connected to my ftp server and did something (i dont
> know what) to nuke me on irc.
What makes you think this?
> the thing is, he/she connected to my ftp
> server apparently using the IP address of someone else.
Do your log files show any other strange activity.
> the IP address
> in my log file belongs to someone i know...someone that i know didnt
> nuke me. how did the "nuker" fake the ip address?
Spoofing IP addresses is easy. Most script kiddie software will do some
form os IP spoofing.
So far you have said nothing that leads me to believe you were cracked.
Perhaps you were hit with some kind of DOS but unless you see some other
activity in the logs (after all you discovered his IP in the logs) I
would
be inclined to believe that your friend FTP's to you around the same
time
that this fellow bumped you from IRC.
I think that "wipe-the-box-and-reinstall" might be a bit much at this
point unless you have the time and want the good feeling. Wipe the box
and reinstall BUT make sure to get the security patches for your version
of whatever it is you are running. If you really were cracked, you will
still have the same vulnerability after the reinstall.
>
> thanks
> ali
--
If children don't know why their grandparents did what they
did, shall those children know what is worth preserving and what
should change?
http://www.cryptography.org/getpgp.htm
------------------------------
From: [EMAIL PROTECTED] (Bruce LaZerte)
Subject: Re: kernel recompile needed, but Mandrake has modified the source...
Date: Sun, 24 Sep 2000 12:33:31 GMT
On Sat, 23 Sep 2000 21:56:12, [EMAIL PROTECTED] (Hartmann Schaffer)
wrote:
> what stops you from downloading the kernel you need from kernel.org
> and installing it on your system?
nothing. I eventually did this as well as the necessary patch. They all
compiled without a problem.
> afaik this causes no problems (i
> have tried it with redhat)
But when I booted with the new kernel, there were several problems. The
biggest problem was supermount. I tried to add the supermount patch for
2.2.16 (latest available) after the 18-pre9 patch and things went downhill
from there.
It seems that a Mandrake distribution is a hand tuned selection of many
patches plus kernel plus other software that are extensively tested (in the
"cooker") to be sure they work well together. Trying to modify/upgrade this
mix is a tough proposition...
======================
Bruce LaZerte
Muskoka,Ontario,Canada
mail at fwr dot on dot ca
------------------------------
From: [EMAIL PROTECTED] (Bruce LaZerte)
Subject: Re: kernel recompile needed, but Mandrake has modified the source...
Date: Sun, 24 Sep 2000 12:33:32 GMT
On Sun, 24 Sep 2000 05:27:23, David_C <[EMAIL PROTECTED]> wrote:
> Have you checked out Mandrake's website for updates?
I thought I had...
> I found a 2.2.16-9mdk kernel available for download. Get it from any of
> their FTP mirrors. (Linked from http://www.linux-mandrake.com/en/ftp.php3)
But I guess not. Maybe in the cooker section...
But I suspect that all the -9mdk patches will make it tough to add any
ftp.kernel.org patches to it. I had numerous problems applying the 2.2.16
patch to 2.2.15-?mdk (the Mandrake 7.1 kernel).
> I use RedHat. AFAIK, they don't change the kernel sources at all in
> their distribution.
Thanks.
======================
Bruce LaZerte
Muskoka,Ontario,Canada
mail at fwr dot on dot ca
------------------------------
From: Jerry L Kreps <[EMAIL PROTECTED]>
Subject: Re: There is a reason for this...
Date: Sun, 24 Sep 2000 07:50:54 -0500
On Sun, 24 Sep 2000, Holly wrote:
>> Amusing, I have 2 hard drives 14G and 15G with 3G for winblows and the
>rest for
>> Linux. I will remove winblows as soon as my Mustek 600 CP scanner is
>supported on
>> Linux.
Have your tried the 600SC or the 600 II CD? I bet either would work with
the proper config setting.
JLK
------------------------------
From: MIchael Erskine <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: been hacked...have a question
Date: Sun, 24 Sep 2000 08:39:16 -0400
JDoe wrote:
>
> I guess a better question would be how to prevent this from happening
> again.
The first question is did it happen at all? He does not seem to be
quite
sure someone cracked his system. He has reported nothing certain.
>
> Coz if someone can spoof a trusted IP, then what can we do?
If you 'trust' any IP outside your own subnet, you better do it VERY
carefully. You can never 'trust' an IP outside your own subnet unless
you have access to that network's servers. DNS is getting better. It
still has a ways to go before we can trust the domain service
completely.
One of the most important things you can do is ensure that DNS is set up
properly with ACL's in the /etc/named.conf file. That task is
non-trivial.
I have been working with it for a while and I still don't understand all
the nuances... probably never will.
> Deny all
> access even to those we want to grant access to?
There are other ways to transfer files. Even so, if the fellow who
connected to this guy's FTP server actually logged in then he had a
password. My bet is the victim is running anonymous ftp as most
distro's
come with that set up these days.
>
> Me being a practical newbie at server administration, some insight
> into this would be greatly appreciated.
Practical advice? Don't play. If you want to secure a system, the most
important thing you can do is read and re-read /usr/doc/HOWTO. When you
first bring up a box (as a newbie) ensure that there are NO services
running. Then with the HOWTO in hand, check the configuration of each
service as you bring it up. When you are sure that you have followed
the HOWTO as closely as possible, turn on the service. Never run a
service you do not need. IDENT is fine for the other guy. You don't
need
it most of the time. Use your service providers sendmail and pop
servers. Why open a hole in your box when you can let him open one
in his. Unless you NEED ftp, turn it off. If you don't NEED DNS,
don't run it. If you don't NEED it (whatever it is) turn it off and
leave it alone till you understand it. If you don't know whether you
need it or not, leave it off. If things work properly, you don't need
it.
The very first thing that should be up and running is your packet
filtering software. Use the HOWTO to set it up.
If you are coming from the M$ world you have first to realize that
the *nix philosophy is fundamentally different from the *doze philosophy
Microsoft presumes their admins are not knowledgable and do not desire
to become knowledgable. The *nix philosophy presumes you know what you
are doing when you load the software. With that difference comes the
biggest performance increase you will ever experience.
Practical advice, if you want to drive a porsche, take yourself to
driving school. Go back for refreshers, and be very carefull. Sure
ask for advice here and wherever you can find it but check the advice
before you implement it. It is your responsibility to ascertain that
the advice you receive is correct and does not open a hole John crack
can drive an IRC server thru.
The difference between a *doze box and an *nix box is about as great as
the difference between a BB gun and a high-powered rifle. Still they
are all potential sources of real trouble in the wrong hands.
When you have done all those things, you can start praying because there
is no secure box. There are only people who think they have secure
boxes.
>
> Thanks
>
> On 23 Sep 2000 23:53:17 GMT, [EMAIL PROTECTED] (Bill Unruh) wrote:
>
> >In <[EMAIL PROTECTED]> me <[EMAIL PROTECTED]> writes:
> >
> >>someone recently connected to my ftp server and did something (i dont
> >>know what) to nuke me on irc. the thing is, he/she connected to my ftp
> >>server apparently using the IP address of someone else. the IP address
> >>in my log file belongs to someone i know...someone that i know didnt
> >>nuke me. how did the "nuker" fake the ip address?
> >
> >Easily. a) He broke into your friends machine, found your machine listed
> >there and then broke into yours. ( and fromyours into other people's).
> >b) He spoofed the address.-- easy to do.
> >
> >Take your machine offline. Backup all your stuff that you need to keep.
> >Wipe the / and /usr partitions.
> >Reinstall.
> >Install all of the security updates for your distro.
> >
--
If children don't know why their grandparents did what they
did, shall those children know what is worth preserving and what
should change?
http://www.cryptography.org/getpgp.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
