Linux-Misc Digest #877, Volume #25 Wed, 27 Sep 00 00:13:02 EDT
Contents:
Re: BIND ACL Workarounds (was: Re: been hacked...have a question) (MIchael Erskine)
Re: Get the Red Hat 7.0 iso's here (David_C)
Re: Get the Red Hat 7.0 iso's here (David_C)
Re: CP/M and Linux, can it read disks (David_C)
Re: End-User Alternative to Windows (D. Spider)
Re: BIND ACL Workarounds (was: Re: been hacked...have a question) (Every Time I Post
My Name I Get Spam)
Re: BIND ACL Workarounds (was: Re: been hacked...have a question) (Luke Vogel)
Re: CP/M and Linux, can it read disks (Christopher Browne)
CP/M: 'tis not _completely_ gone... (Christopher Browne)
Re: Maxtor 94098U6 problem (E J)
Re: Partitioning..... (The Jigsaw Man)
Re: BIND ACL Workarounds (was: Re: been hacked...have a question) (Bryan Packer)
driver install problem ([EMAIL PROTECTED])
Re: Partitioning..... (jeff)
----------------------------------------------------------------------------
From: MIchael Erskine <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: BIND ACL Workarounds (was: Re: been hacked...have a question)
Date: Tue, 26 Sep 2000 22:52:23 -0400
Luke Vogel wrote:
>
> Grega Bremec wrote:
> >
> > ...and MIchael Erskine used the keyboard:
> > >
> > >One of the most important things you can do is ensure that DNS is set up
> > >properly with ACL's in the /etc/named.conf file. That task is
> > >non-trivial.
>
> I would like some clarification on this (ACL's) ... can anyone point me
> at a good resource for sample configurations etc.
Luke... take my comments with a huge lump of salt. Surely there is
atleast
one bind wizard in the group... unfortunatly he ain't me.
Anyway, as to ACL's I think the big concern with access to bind
(disregarding
the possibility of overflows) is zone transfers. First you don't want
anyone
who does not NEED to do zone transfers to be able to do that. I don't
BELIEVE
it is terribly important who is allowed to query your server BUT you DO
NOT
want just anyone to be able to update a cache or download a domain. I
am
wide open to the world for queries but only allow zone transfers to one
other server on the net. He inturn is set up the same way. Nobody is
allowed
to update my cache. If I need it I ask for it. It generates a bit more
traffic but I know who I ask first and I hope he is still trustworthy.
If he
isn't my provider is going to be upset with me ;->
> I have been unable to
> find a good clear guide on setting up BIND ACL's properly. (I find the
> BIND documentation and site minimalist in this regard)
I think the trick to understanding ACL's is to ensure you understand the
difference between a query and a zone transfer. I am VERY sketchy on
this
I could be completely out of the ball park on all of this.
>
> I did read an interesting paper from Craig Rowland of psionic (of
> PortSentry HostSentry LogCheck fame) and he describes in reasonable
> detail the steps to put named in a chrooted hole.
That was interesting, wasn't that the paper where the author spoke to
dual-homing and chrooting bind?
>
> I'm wondering if it would be feasible to put other necessary daemons
> (say sendmail and httpd) into a similar chrooted hole to enhance
> security yet again?
Ok, I have never needed to set up a chrooted environment BUT I believe
you can chroot just about anything. I can not speak to whether that
enhances security or not.
One that I wanted to do was to chroot init from a running system. I
thought one might be able to get a system up and running with networking
turned off and then chroot a second init with networking running. That
would make a "box in a box". I have NO IDEA if this is feasible but it
would be one heck of a tool for building honeypots. I seem to have read
something about someone doing that long ago to study a cracker.... but
memory sometimes fails.
>
> Comments?
> --
> Regards
> Luke
> PLEASE NOTE: Spamgard (tm) installed.
> ----
> When the only tool you own is a hammer,
> all problems begin to resemble nails.
> ----
> http://www.bell-bird.com.au
> mailto:[EMAIL PROTECTED]
> ----
--
"... freedom without responsibility belongs to children." - Grega Bremec
Wise words.
http://www.cryptography.org/getpgp.htm
------------------------------
From: David_C <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.misc,redhat.general
Subject: Re: Get the Red Hat 7.0 iso's here
Date: 26 Sep 2000 23:10:53 -0400
[EMAIL PROTECTED] writes:
>
> As of this moment, you can't even log in anonymously. I've yet to
> find a mirror that has the ISOs on it (most mirrors don't even have
> 7.0).
You may prefer to buy CDs from CheapBytes (http://www.cheapbytes.com/).
They are selling the 3 CD set (install and source) for $5. These CDs
are made from the same ISO images that RedHat has made available. They
also have a 5 CD set (install, source, docs and powertools) for $7.50.
They're taking preorders right now (probably waiting for the discs to
come back from the duplicator.)
Not free, but cheap enough that I wouldn't bother attempting the
download.
-- David
------------------------------
From: David_C <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.misc,redhat.general
Subject: Re: Get the Red Hat 7.0 iso's here
Date: 26 Sep 2000 23:13:30 -0400
"Chowder" <[EMAIL PROTECTED]> writes:
>
> You can download the Red Hat 7.0 ISO images at this location:
>
> ftp://ftp.redhat.com/pub/redhat/redhat-7.0/i386/iso/
They just couldn't wait with the version number, could they?
IMO, they shouldn't have used the "version 7" moniker until they could
ship it with the 2.4 kernel.
Oh well. Even Linux vendors are subject to marketing departments, I
guess.
-- David
------------------------------
From: David_C <[EMAIL PROTECTED]>
Subject: Re: CP/M and Linux, can it read disks
Date: 26 Sep 2000 23:21:20 -0400
Paxx <[EMAIL PROTECTED]> writes:
>
> Can Linux read CP/M disks, and how would I have to mount a floppy to
> do it. I know that fdisk recognizes a CP/M partition. A friend has
> some old disks. Thanks for any help you can give. -- Paxx - [This
> space for Rent]
According to the man page for mount:
...
-t vfstype
The argument following the -t is used to indicate the file
system type. The file system types which are currently
supported are listed in linux/fs/filesystems.c: adfs, affs,
autofs, coda, coherent, devpts, efs, ext, ext2, hfs, hpfs,
iso9660, minix, msdos, ncpfs, nfs, ntfs, proc, qnx4, romfs,
smbfs, sysv, udf, ufs, umsdos, vfat, xenix, xiafs. Note
that coherent, sysv and xenix are equivalent and that xenix
and coherent will be removed at some point in the future --
use sysv instead. Since kernel version 2.1.21 the types ext
and xiafs do not exist anymore.
...
(Of course, in order to use all of these, you'd need them all to be
compiled into the kernel or into modules. Not all distributions come
with all of them compiled in.)
I don't see CP/M on this list.
Somone might have a driver available for the format, but I don't know of
one.
-- David
------------------------------
From: D. Spider <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.os.linux.advocacy
Subject: Re: End-User Alternative to Windows
Date: Tue, 26 Sep 2000 23:22:26 -0400
It appears that on Tue, 26 Sep 2000 21:03:46 GMT, in
comp.os.linux.advocacy [EMAIL PROTECTED] (Grant Edwards) wrote:
>In article <[EMAIL PROTECTED]>, D. Spider wrote:
>
>>>> Really? Which ones were those that came with the source code?
>
>[...]
>
>>Don't forget CPM.
>
>I don't remember having sources to CP/M. The versions I used
>(1.4 and 2.2, IIRC), came with CBIOS sources, but not sources for
>CP/M itself.
It was available. You had to request an NDA, sign it, and send it
back, but if you were developing for the platform that was what you
did. Microsoft, among many others, did just that.
#####################################################
My email address is posted for purposes of private
correspondence only. Consent is expressly NOT given
to receive advertisements, or bulk mailings of any
kind.
#####################################################
------------------------------
From: [EMAIL PROTECTED] (Every Time I Post My Name I Get Spam)
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: BIND ACL Workarounds (was: Re: been hacked...have a question)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 27 Sep 2000 03:31:06 GMT
Re: Source of Information on Setting up ACL's:
There is some information on pp 246-7 of "Linux DNS Server
Administration" by Craig Hunt.
The entire book is a valuable reference if you are interested in
configuring or understanding the workings of bind.
------------------------------
From: Luke Vogel <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: BIND ACL Workarounds (was: Re: been hacked...have a question)
Date: Wed, 27 Sep 2000 13:31:04 +1000
Every Time I Post My Name I Get Spam wrote:
>
> Re: Source of Information on Setting up ACL's:
>
> There is some information on pp 246-7 of "Linux DNS Server
> Administration" by Craig Hunt.
>
> The entire book is a valuable reference if you are interested in
> configuring or understanding the workings of bind.
>
I dont suppose there is an on-line version?
--
Regards
Luke
PLEASE NOTE: Spamgard (tm) installed.
----
When the only tool you own is a hammer,
all problems begin to resemble nails.
----
http://www.bell-bird.com.au
mailto:[EMAIL PROTECTED]
----
------------------------------
From: [EMAIL PROTECTED] (Christopher Browne)
Subject: Re: CP/M and Linux, can it read disks
Reply-To: [EMAIL PROTECTED]
Date: Wed, 27 Sep 2000 03:40:16 GMT
In our last episode (26 Sep 2000 23:21:20 -0400),
the artist formerly known as David_C said:
>Paxx <[EMAIL PROTECTED]> writes:
>>
>> Can Linux read CP/M disks, and how would I have to mount a floppy to
>> do it. I know that fdisk recognizes a CP/M partition. A friend has
>> some old disks. Thanks for any help you can give. -- Paxx - [This
>> space for Rent]
>
>According to the man page for mount:
>
> ...
> -t vfstype
> The argument following the -t is used to indicate the file
> system type. The file system types which are currently
> supported are listed in linux/fs/filesystems.c: adfs, affs,
> autofs, coda, coherent, devpts, efs, ext, ext2, hfs, hpfs,
> iso9660, minix, msdos, ncpfs, nfs, ntfs, proc, qnx4, romfs,
> smbfs, sysv, udf, ufs, umsdos, vfat, xenix, xiafs. Note
> that coherent, sysv and xenix are equivalent and that xenix
> and coherent will be removed at some point in the future --
> use sysv instead. Since kernel version 2.1.21 the types ext
> and xiafs do not exist anymore.
> ...
>
>(Of course, in order to use all of these, you'd need them all to be
>compiled into the kernel or into modules. Not all distributions come
>with all of them compiled in.)
>
>I don't see CP/M on this list.
>
>Somone might have a driver available for the format, but I don't know of
>one.
CP/M isn't _a_ format; it is a _sizable family_ of formats.
A whole lot of those formats were associated with 8" disks that
probably cannot be connected to a Linux box; some of the 5 1/4"
formats involved formats requiring direct controller access.
Modern floppy drives with integrated controllers may not even be
capable of reading the data.
That being said, there were "hacks" done running on MS-DOS to get
read access to some of this stuff. See:
<http://www.sydex.com/>
See also the CP/M FAQ; any "Quality Search Engine" should get you
there...
--
[EMAIL PROTECTED] - <http://www.hex.net/~cbbrowne/oldcomp.html>
"Linux! Guerrilla UNIX Development Venimus, Vidimus, Dolavimus."
-- <[EMAIL PROTECTED]> Mark A. Horton KA4YBR
------------------------------
From: [EMAIL PROTECTED] (Christopher Browne)
Crossposted-To: alt.os.linux,comp.os.linux.advocacy
Subject: CP/M: 'tis not _completely_ gone...
Reply-To: [EMAIL PROTECTED]
Date: Wed, 27 Sep 2000 03:40:17 GMT
In our last episode (Tue, 26 Sep 2000 23:22:26 -0400),
the artist formerly known as D. Spider said:
>It appears that on Tue, 26 Sep 2000 21:03:46 GMT, in
>comp.os.linux.advocacy [EMAIL PROTECTED] (Grant Edwards) wrote:
>
>>In article <[EMAIL PROTECTED]>, D. Spider wrote:
>>
>>>>> Really? Which ones were those that came with the source code?
>>
>>[...]
>>
>>>Don't forget CPM.
>>
>>I don't remember having sources to CP/M. The versions I used
>>(1.4 and 2.2, IIRC), came with CBIOS sources, but not sources for
>>CP/M itself.
>
>It was available. You had to request an NDA, sign it, and send it
>back, but if you were developing for the platform that was what you
>did. Microsoft, among many others, did just that.
Note that sources to ZSDOS, an advanced upwards-compatible successor
to CP/M, are now available under the GPL.
If you're looking for an operating system to use with a Z-80,
this ought to be an absolutely _ideal_ choice...
--
[EMAIL PROTECTED] - <http://www.hex.net/~cbbrowne/obsolete.html>
'Typos in FINNEGANS WAKE? How could you tell?' -- Kim Stanley Robinson
------------------------------
From: E J <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: Maxtor 94098U6 problem
Date: Tue, 26 Sep 2000 20:44:58 -0700
I think you need to get the latest kernel. I am using linux kernal 2.2.14,
Redhat 6.2.
I have a 40G Maxtor disk (different model) and I have EZ-BIOS and jumpered
as 2G
harddrive. I can format the entire 40G harddisk for Windows, but when I
used partition magic to put 20G for windows and 20G
for linux, partition magic created and formatted the 20G linux. When I
tried to format the 20G linux again with Redhat 6.2,
it would make a horrible clicking sound formatting the last 10G and it would
not finish formatting the 20G.
I had to move the linux to the front 7G and back 33G to windows and it works
fine even though I don't like the size of the partition.
I am downloading Redhat 7.0. Hopefully I could format the linux partition
the way I want it.
Martin Beier wrote:
> Hi folks.
>
> I have a Maxtor 94098U6 in my Linux box, which is not recognized with
> its correct size. My Linux Version is 2.2.10
>
> LIHB-102:~ # uname -a
> Linux LIHB-102 2.2.10 #28 Tue Jul 20 19:25:30 MEST 1999 i686 unknown
>
> In the boot.msg file, the disk seems to be correctly configured as a 40GB
> IDE
> disk.
>
> <4>PIIX4: IDE controller on PCI bus 00 dev 21
> <4>PIIX4: not 100% native mode: will probe irqs later
> <4> ide0: BM-DMA at 0xb800-0xb807, BIOS settings: hda:DMA, hdb:pio
> <4> ide1: BM-DMA at 0xb808-0xb80f, BIOS settings: hdc:DMA, hdd:pio
> <4>hda: IDE/ATAPI CD-ROM 44X, ATAPI CDROM drive
> <4>hdc: Maxtor 94098U6, ATA DISK drive
> <4>ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
> <4>ide1 at 0x170-0x177,0x376 on irq 15
> <6>hdc: Maxtor 94098U6, 39083MB w/2048kB Cache, CHS=13872/16/63
> ^^^^^^^^
> <4>hda: ATAPI 20X CD-ROM drive, 128kB Cache
>
> When I try to configure it with fdisk I only get 6991456 blocks:
>
> LIHB-102:~ # fdisk /dev/hdc
>
> The number of cylinders for this disk is set to 13872.
> There is nothing wrong with that, but this is larger than 1024,
> and could in certain setups cause problems with:
> 1) software that runs at boot time (e.g., LILO)
> 2) booting and partitioning software from other OSs
> (e.g., DOS FDISK, OS/2 FDISK)
>
> Command (m for help): p
>
> Disk /dev/hdc: 16 heads, 63 sectors, 13872 cylinders
> Units = cylinders of 1008 * 512 bytes
>
> Device Boot Start End Blocks Id System
> /dev/hdc1 1 13872 6991456+ 83 Linux
>
> Command (m for help):
>
> The filesystem I created is also 7GB:
>
> LIHB-102:~ # df -k /dev/hdc1
> Filesystem 1024-blocks Used Available Capacity Mounted on
> /dev/hdc1 6747211 82 6747129 0%
> /home/projekte/Abrechnung
>
> Can anybody tell me how to configure the disk to have the missing 33GB
> available.
>
> Thanks in advance! maddel!
------------------------------
Date: Tue, 26 Sep 2000 22:53:22 -0500
From: The Jigsaw Man <[EMAIL PROTECTED]>
Subject: Re: Partitioning.....
> 2. This varies a bit from distribution to distribution, but the install
> process should give you the option to create one or more new partitions
> (without affecting existing partitions), and to indicate which partition(s)
> Linux should automatically mount.
There is a request for me to select a partition, but then it expects me
to have already partitioned the drive before that step. I'm using
Linux-mandrake, V7.0, and the installer is running DrakX. I am given
some options to play with the partition, but they all sound bad. I tried
to resize from 7342MB to 6000MB, but it said somthing about "minimum
partition size" and made no change.
> 3. As part of the install process, you will also be asked where to place
> Lilo, the Linux Loader. Make sure you indicate "Linux partition" (whatever
> your distribution calls it), and _not_ MBR (Master Boot Record).
One of my documents said I had to have the kernal set before the 1203
cylinder in order that BIOS can "see" it, but it was an older document.
Is this still relevant if I want to only boot to Linux with a disk?
(Win98 otherwise) If so, how can I assure it's placement?
The Jigsaw Man
------------------------------
From: Bryan Packer <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.admin,comp.os.linux.help,comp.os.linux.security
Subject: Re: BIND ACL Workarounds (was: Re: been hacked...have a question)
Date: Tue, 26 Sep 2000 22:54:38 -0500
Not that I qualify as a BIND genius either, but a few thoughts.
1) Leaving any service listening on a port that the world can touch is a
security risk. I think a buffer overflow that got you root, would be way
more detrimental than getting a zone transfer of your files. (Take this
from a guy who has been on the receiving end ...)
2) BIND can be set to only listen on specific interfaces. If you don't
absoluteley need to have BIND listening on the outside interface, don't.
You can serve your internal network just fine by listening on the inside
and lo interfaces. It's going to make it much harder to exploit.
3) Chroot - My vote is just do it. Even if it isn't perfect, *any*
obstacle you can throw up is a help.
4) Good reference book on BIND is the O'Rielly "DNS and BIND". Most
informative.
bryan
MIchael Erskine wrote:
> Anyway, as to ACL's I think the big concern with access to bind
> (disregarding
> the possibility of overflows) is zone transfers. First you don't want
> anyone
> who does not NEED to do zone transfers to be able to do that. I don't
> BELIEVE
> it is terribly important who is allowed to query your server BUT you DO
> NOT
> want just anyone to be able to update a cache or download a domain. I
> am
> wide open to the world for queries but only allow zone transfers to one
> other server on the net.
================================================================
Before you criticize someone, walk a mile in his shoes.
That way, if he gets angry, he'll be a mile away and barefoot.
================================================================
------------------------------
From: [EMAIL PROTECTED]
Subject: driver install problem
Date: Wed, 27 Sep 2000 03:40:45 GMT
I'm using Redhat6.1 and attempting to get a 3Com905b network
card to work. There's no driver installed or availble in the
distribution , so I downloaded one on mly windoze machine and put it
on a floppy.
I mounted the floppy with the command:
mount -t vfat /dev/fd0 /mnt/floppy
I did an ls /mnt/floppy, and got
3c90x0-1_0_0i_tar.tar
At this point it seems I have a driver on the floppy. I them tried to
unpack it with the command:
tar -xvf 3c90x-1_0_0i_tar.tar
My intent was to unpack it right on the floppy, but all I got was
these error messages:
tar: hmm, this doesn't look like a tar archive
tar: Skipping to nest file header
tar: Only read1052 bytes from archive 3c90x-1_0_0i_tar.tar
tar: Error is not recoverable: exiting now
Anyone have an idea what wrong? should I be unpacking it somewhere
else?
Thanks in advance,
jerbear
------------------------------
From: [EMAIL PROTECTED] (jeff)
Subject: Re: Partitioning.....
Date: 27 Sep 2000 04:07:50 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 26 Sep 2000 22:53:22 -0500, The Jigsaw Man <[EMAIL PROTECTED]> wrote:
> > 2. This varies a bit from distribution to distribution, but the install
> > process should give you the option to create one or more new partitions
> > (without affecting existing partitions), and to indicate which partition(s)
> > Linux should automatically mount.
>
> There is a request for me to select a partition, but then it expects me
> to have already partitioned the drive before that step. I'm using
> Linux-mandrake, V7.0, and the installer is running DrakX. I am given
> some options to play with the partition, but they all sound bad. I tried
> to resize from 7342MB to 6000MB, but it said somthing about "minimum
> partition size" and made no change.
>
Have to pass... not familiar with Linux-mandrake.
> > 3. As part of the install process, you will also be asked where to place
> > Lilo, the Linux Loader. Make sure you indicate "Linux partition" (whatever
> > your distribution calls it), and _not_ MBR (Master Boot Record).
>
> One of my documents said I had to have the kernal set before the 1203
> cylinder in order that BIOS can "see" it, but it was an older document.
> Is this still relevant if I want to only boot to Linux with a disk?
> (Win98 otherwise) If so, how can I assure it's placement?
Newer versions of Lilo (21.3 and later) allow booting a kernel from anywhere
on the harddisk - if your machine has a newer BIOS that supports LBA32
Sector Addressing).
> The Jigsaw Man
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
