Linux-Misc Digest #351, Volume #26 Sun, 19 Nov 00 22:13:03 EST
Contents:
Embedded linux newgroup ([EMAIL PROTECTED])
Re: Where can I learn what "rpm" means? ([EMAIL PROTECTED])
Re: Why does linux keep crashing? ("Bob Jones")
Re: Why does linux keep crashing? ("Bob Jones")
Just can't get mail working again... (mike)
Re: Can't ftp to Linux box from windows ftp client - SOLVED (Black Dragon)
Re: Hacked? Is that the reason for my new mail problems? (mike)
Disk Druid on RH7.0 ("Scott M. Navarre")
Re: Hacked? Is that the reason for my new mail problems? (Jem Berkes)
Re: HELP: Netscape Download file location. (Paul Ahlquist)
Re: Problems with printing to HP 500C under Debian Linux 2.2 (potato) (Charles
Pouliot)
Re: How should I install Linux and Win2K (dual boot) (Graham Wilson)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Embedded linux newgroup
Date: Mon, 20 Nov 2000 00:55:26 GMT
Is there an embedded linux newsgroup?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.powerpc
Subject: Re: Where can I learn what "rpm" means?
Date: Mon, 20 Nov 2000 01:22:18 GMT
In comp.os.linux.powerpc James Hutchins <[EMAIL PROTECTED]> wrote:
+ Trying to get into Linux but having a problem with the files I'm trying to
+ download. They are "rpm" files and my real player application tries to run
+ them, ruining my download. Thanks for any pointers...
http://www.rpm.org/, the canonical source for all things rpm related
there is an option in Netscape for the mac to just save the file to disk. It's
in Edit --> Preferences --> Applications. Select RealPlayer Plugin which uses
the rpm suffix too and click on Save to disk. You probably should restart
Netscape for the change to take effect. Ditto for Internet Explorer
Edit --> Preferences --> File Helpers --> Real Player Plugin
--
Bicycle Crash Test Dummy For Hire
[EMAIL PROTECTED]
------------------------------
From: "Bob Jones" <[EMAIL PROTECTED]>
Subject: Re: Why does linux keep crashing?
Date: Mon, 20 Nov 2000 01:59:24 GMT
In article <8v73mj$sjc$[EMAIL PROTECTED]>, "Jerry L Kreps"
<[EMAIL PROTECTED]> wrote:
> "I'm running the latest developement development kernel"
> If it's an odd numbered kernel that says it all. JLK
>
I guess I should have mentioned that it does it with 2.2.16 as well
------------------------------
From: "Bob Jones" <[EMAIL PROTECTED]>
Subject: Re: Why does linux keep crashing?
Date: Mon, 20 Nov 2000 02:00:28 GMT
In article <[EMAIL PROTECTED]>, "Robert Heller"
<[EMAIL PROTECTED]> wrote:
> "Bob Jones" <[EMAIL PROTECTED]>,
> In a message on Sat, 18 Nov 2000 06:05:24 GMT, wrote :
>
> "J> I'm having a hell of a time here. My kernel keeps dumping all over
> the
> "J> place and the computer just suddenly reboots from time to time. It
> all
> "J> started when I upgraded to redhat 7. I'm running the latest
> developement
> "J> kernel.
>
> Well duh! developement kernel == *unstable* kernel.
>
> "J> All of the kernel guys seem to think I have a hardware problem. I
> ran
> "J> memtest for a day with no problems at all.
>
> This is possible too. How does the system run with a *stable* (2.2.16
> say) kernel?
It does the same thing. That's why I tried going to the newest kernels in
the first place.
------------------------------
Subject: Just can't get mail working again...
From: mike <[EMAIL PROTECTED]>
Date: Mon, 20 Nov 2000 02:01:46 GMT
I've searched DN; I've upgraded to sendmail 8.10 and read documentation
(and FAQ); my mail has stopped going out and I can't get it working.
This current setup has worked fine for at least a year. But something has
happened recently that has caused almost all mail to stop going out but I
have no idea what it could be because I don't think I've changed anything
in the past couple weeks (which is when I noticed it stopped going out).
I use Pine with smtp-server option set to my local PC's hostname so I can
send mail between users when off-line. Here's what happens:
I address mail to myself using my earthlink address; Pine sends it no
problem and it eventually comes back (fetchmail). /etc/resolv
reflects Earthlink's machines (http, ftp, etc. all work fine);
I can send mail to root (I don't log on as root but have all root mail
sent to me) - that mail reaches me;
Any other address (like a yahoo, work, friend's email address) sits in
/var/spool/mqueue. These are all addresses I used to be able to mail
to without any trouble. When I check the files in /var/spool/mqueue
it always says 'MDeferred: mx6.mail.yahoo.com.: Network is
unreachable' (I just left in the yahoo part but of course if the mail
was going somewhere else there'd be a different machine name).
Can somebody give me a clue as to where the breakdown is? One DN post
mentions routing tables but I don't know how to check that or what
generates it. Even if I could check it I doubt I'd know what it was
telling me. And if mail goes to earthlink OK wouldn't you think it would
go other places w/o trouble as well?
I've been fiddling with sendmail.cf without any luck. The only major
change I made to sendmail.cf (a year ago) was masquerading - I like mail
to go out with my PC's hostname on it but when people hit the reply button
I want my valid earthlink address to pop up in their 'to:' box. So I
added some masquerading stuff to sendmail.cf which appears to (I'm
guessing since it works) replace my $USER@HOST with my earthlink address
for the reply-to part. My overall setup has worked great for many months
- but something somewhere has 'broken' and I don't have any idea where to
look. The obvious stuff is not leading me anywhere.
Thanks...
Mike
--
========================
hardymi@[EMAIL PROTECTED]
Auntie Em: Hate you, hate Kansas; took the dog - Dorothy
------------------------------
From: [EMAIL PROTECTED] (Black Dragon )
Subject: Re: Can't ftp to Linux box from windows ftp client - SOLVED
Date: Mon, 20 Nov 2000 02:04:58 GMT
On Sun, 19 Nov 2000 15:57:55 GMT in comp.os.linux.misc,
<[EMAIL PROTECTED]> `[EMAIL PROTECTED]' said:
: In article <[EMAIL PROTECTED]>,
: [EMAIL PROTECTED] (Black Dragon ) wrote:
: >
: > On Sun, 19 Nov 2000 00:24:45 GMT in comp.os.linux.misc,
: > <[EMAIL PROTECTED]> `[EMAIL PROTECTED]' said:
: >
: > : In article <8v23g4$g2n$[EMAIL PROTECTED]>,
: > : [EMAIL PROTECTED] wrote:
: > : > I am having the same issue. I had thought of allowing ftp-data
: (port
: > : > 20) and tried it to no avail. I am using a Ugate 3200 Cable
: Sharing
: > : > gateway. Same symptoms, if I ftp in, I can log in and all that,
: but
: > : as
: > : > soon as I type ls -la or just ls, it just sits and hangs. BUT I
: can
: > : > ftp locally no problem at all. I don't know what to try next. I
: > : can't
: > : > imagine its something really arcane.
: > : >
: > : > Ryan
: > : > In article <8uhda8$b6m$[EMAIL PROTECTED]>,
: > : > [EMAIL PROTECTED] wrote:
: > : > > Ok, got no responses...But fixed it anyway.
: > : > > Here is the deal. Not only do you need to allow ftp through
: > : > > your firewall, you need to allow ftp-data
: > : > > This is on the linux side in firewall scrip..
: > : > > Funny that ws-ftp worked either way and dos or browser ftp
: > : > > didn't work without ftp-data available. Also quote pasv did not
: > : > > make a difference.
: > : > >
: > : > > While I am at it, I tried wu-ftpd, ncftpd and proftpd.
: > : > > wu-ftpd it ok, works through inetd too.
: > : > > ncftpd is very flexible. Fills in things wu-ftpd is missing.
: Even
: > : > > though it is commercial, you get a free 3 user license.
: > : > > As for proftpd, what was looking like an excellent ftp server
: > : > > ended up being by far the worst. It is bug ridden, no doubt.
: > : > > Plenty of buffer over flows, even in latest versions. Now even
: > : > > if you think it is the greatest thing and say oh I don't have
: > : problems
: > : > > think again. Things are there that allow someone to shut it down
: > : > > just by typing a few letters in while logged in.
: > : > > It also looks like it has been idle since about July, maybe no
: one
: > : > > is working on it anymore??
: >
: > : I'm having the same problem with RedHat 6.2 the Ugate 3000 Gateway.
: I
: > : too have opened port 21 and 21. But what I see is that the PASV
: tries
: > : to open ports 1024:65535.
: >
: > You meant port 20 and 21. Yes, active ftp uses those ports. Passive
: ftp
: > uses unprivleged ports above 1024. Some ftp clients can switch modes
: > using the "passive" command, some can't. (the windos one can't for
: sure)
: > Firewalling for both active and passive ftp can be tricky. If you
: would
: > like a sample of my ipchains firewall script that allows both, email
: me,
: > and don't forget that spam sux.
: >
:
: Yes, I meant ports 20 and 21. I would be interested in your ipchains
: firewall script.
:
: BTW, I'm using WS-FTP pro on windos and based on the information in
: your post, I have turned off "Passive Transfers". My FTP now comes
: closer to working, but what now occurs is that WS-FTP issues a "PORT
: 192,168,0,12,14,223" command which gets a response of "500 Illegal PORT
: Command ! Failed port". I haven't used command mode FTP in years, So I
: don't recall what the PORT command is doing. My firewall is providing
: NAT and my internal network is a 192.168.0.nnn network.
:
: Thes sad thing is that I have a Windows 2000 server as well as my Linux
: server. When make it my FTP server, things work, except that I don't
: get the desired result of accessing my Linux system.
You have a firewall issue. I just went through all this after recently
installing a TrinityOS firewall. The default setup was for active ftp
only, and it and my ftpd config had to be tweaked to enable passive ftp.
Email me at [EMAIL PROTECTED] if you want my scripts.
--
Black Dragon
Sign The Linux Driver Petition:
http://www.libralinux.com/petition.english.html
------------------------------
Crossposted-To: comp.os.linux.networking
Subject: Re: Hacked? Is that the reason for my new mail problems?
From: mike <[EMAIL PROTECTED]>
Date: Mon, 20 Nov 2000 02:27:54 GMT
Nostradamus foresaw that on Sun Nov 19 2000, Jean-David Beyer would write:
> mike wrote:
>
> > I could be wrong but it looks like some asshole has been messing around on
> > my machine (or trying to) when I go online (from /var/log/secure):
> >
> > Oct 21 14:02:47 analog in.telnetd[726]: connect from 207.71.92.221
> > Oct 21 14:02:48 analog in.fingerd[728]: connect from 207.71.92.221
> > Oct 21 14:02:53 analog ipop3d[730]: connect from 207.71.92.221
> > Oct 21 14:02:53 analog ipop3d[730]: error: cannot execute /usr/sbin/ipop3d: No
>such file or directory
> > Oct 21 14:02:56 analog imapd[732]: connect from 207.71.92.221
> > Oct 21 14:02:56 analog imapd[732]: error: cannot execute /usr/sbin/imapd: No such
>file or directory
>
> This is from shieldsup.grc.com, who test your machine's security (part of it,
>anyway), but they do it only
> at your request. I infer you visited their web site and requested that they test
>your machine. I suppose
> someone could have tricked them into testing your machine, but I do not know how to
>do it myself, nor do I
> know what good it would do them.
>
> > Oct 27 22:02:16 analog in.telnetd[651]: connect from 216.78.184.172
> > Oct 27 22:13:30 analog in.telnetd[681]: connect from 216.78.184.172
>
> This is from adsl-78-184-172.mco.bellsouth.net
>
> Is bellsouth.net your ISP? It might be OK, but it is not smart to use telnet as it
>is too insecure. You
> might wish to use ssh instead. It is a good idea to disable telnet altogether if you
>possibly can. You
> should consider turning it off in your /etc/inet.conf file.
>
> > Nov 12 18:36:16 analog in.ftpd[863]: connect from 167.206.187.189
> > Nov 12 18:36:16 analog in.ftpd[863]: error: cannot execute /usr/sbin/in.ftpd: No
>such file or directory
>
> This is from hunt187-189.optonline.net I do not know who they are, but if you are
>not offering ftp
> services to the Internet, you might wish to be sure that ftp is disabled in your
>/etc/inetd.conf file.
>
> > I've telnet'd to the above IPs over the past few days (but obviously can't
> > get on) and always get the same machine:
> >
> > Red Hat Linux release 6.2 (Zoot)
> > Kernel 2.2.14-5.0 on an i686
> > login:
> >
> > I don't know what any of this 'in.*' stuff is so maybe it's nothing.
>
> It has to do with the inetd program that tries to check incoming requests and deny
>access to all that you
> do not like. You should do a man inetd and read how to set it up. It is the first
>step at protecting
> yourself from hackers on the Internet.
>
> > But
> > my question is that for about two weeks now I've had problems sending
> > mail. I haven't made any changes recently and when I try to email myself
> > using my year-old ISP email address the mail never goes out and I get a
> > message stating "unknown user." None of my other mail goes out now either
> > - it just sits in /var/spool/mqueue and when I do mailq I get things like
> > "Deferred: Network is unreachable." If I log onto my work machine and
> > send mail to the same addresses that fail at home, they go out fine.
> >
> > If someone logged onto my machine when I was online could they have messed
> > something up so that mail won't go out?
>
> They sure could. All they need do is guess your super-user password (why you should
>pick a non-obvious one
> and change it from time-to-time, never re-using an old one) and they can do anything
>you want. They need
> not even guess it if you have ever telnet-ed into your own machine and become
>super-user: they could have
> sniffed it since telnet sends everything through the Internet in plain text. That is
>why using ssh instead
> of telnet is so important: it sends everything encrypted.
>
> If the permissions on some of your files are too generous, they would not even have
>needed to guess your
> super-user's password: any one would do.
>
> > I'm still using the same
> > /etc/sendmail.cf which has worked fine for the past year or so. If
> > somebody messed something up where would I look to try and fix it?
>
> I would just make a new one. If you are lucky, your /etc/sendmail.mc file is ok, so
>you could just use m4
> to generate a new sendmail.cf.
>
> A possiblity is that your machine does not connect properly to the internet. Can you
>use something like
> Netscape or Lynx to browse the web? If so, that is probably not the problem.
>
>
> --
> .~. Jean-David Beyer Registered Linux User 85642.
> /V\ Registered Machine 73926.
> /( )\ Shrewsbury, New Jersey
> ^^-^^ 7:25am up 4 days, 22:09, 3 users, load average: 2.08, 2.08, 2.08
>
>
>
Thanks all for your help. I appreciate it.
I do not offer any services to anyone. I doubt anyone could guess my root
password. I don't log in as root. My ISP is not any of the above IPs.
http, etc. work fine for me. I commented the suggested items in
/etc/inet*.
I now recall having logged onto a web site to check my vulnerability a few
weeks ago. But that was only once. The other attempts I have no
explanation for except someone trying to log on.
Someone thoughtfully sent me 'cracked box info' in the mail with some
(very useful) URLs ('Thanks' whoever you are). One is
http://linux-firewall-tools.com/linux/firewall/index.html which apparently
will help me set up some better security. The only thing is, I don't know
this site and as far as I know I'll be giving someone the keys to the
kingdom if I use the site and answer too many questions. How can I know
if I'm on a truly friendly site? I want to increase security but I don't
know who to trust (except EFF).
Incidentally, how did you guys figure out where these IPs originated from?
I only know of ping and that doesn't tell me the company/machine names.
And without wanting to get fanatical, is there a better-than-the-rest
beginner/intermediate security book (like from ORA maybe) that will answer
other questions I have and help me learn more about this area?
Thanks again...
Mike
--
========================
hardymi@[EMAIL PROTECTED]
Auntie Em: Hate you, hate Kansas; took the dog - Dorothy
------------------------------
From: "Scott M. Navarre" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux
Subject: Disk Druid on RH7.0
Date: Mon, 20 Nov 2000 02:31:51 GMT
Is there a way to invoke Disk Druid outside of the installation procedure?
I would like to use it to make RAID on an already installed system. Thanks.
------------------------------
From: Jem Berkes <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: Hacked? Is that the reason for my new mail problems?
Date: Sun, 19 Nov 2000 20:36:05 -0600
> Incidentally, how did you guys figure out where these IPs originated from?
> I only know of ping and that doesn't tell me the company/machine names.
A few ways. Given IP AAA.BBB.CCC.DDD:
"host AAA.BBB.CCC.DDD" reveals the host name
"whois [EMAIL PROTECTED]" reveals the owner
"traceroute AAA.BBB.CCC.DDD" helps you approximate the physical location
of the machine. The last couple "hops" before the machine itself belong
to the ISP.
==========
http://www.pc-tools.net/
DOS, Win32, Linux software
------------------------------
From: Paul Ahlquist <[EMAIL PROTECTED]>
Subject: Re: HELP: Netscape Download file location.
Date: Sun, 19 Nov 2000 21:40:03 -0500
Reply-To: [EMAIL PROTECTED]
> What "Download Files To" directory? and how do you configure
> it?
>
I believe he is refering to the "Download to..." in Edit >
Preferences > Navigator > Applications dialog at the bottom.
Setting this will set the initial default location.
-pea
------------------------------
From: Charles Pouliot <[EMAIL PROTECTED]>
Subject: Re: Problems with printing to HP 500C under Debian Linux 2.2 (potato)
Date: Mon, 20 Nov 2000 02:44:10 GMT
I figured it out! I connected my hp500c via serial cable, because I already
had one, and was just too cheap to go get a parallel cable. Of course, the
default linux settings for a serial port include onlcr, which translate a
newline to a newline-carriage return. This occurs at the lowest level, after
the magicfilter converts the printout to PCL, so it essentially corrupts the
PCL - hence the recognizable but slightly messed up printout. stty -onlcr <
/dev/ttyS0 fixed it all! (Of course, I can't print straight text correctly
anymore, but that's not a problem!) Thanks for the voluminous answers from
cyberspace ;)
Charles Pouliot
--
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Graham Wilson <[EMAIL PROTECTED]>
Subject: Re: How should I install Linux and Win2K (dual boot)
Date: Sun, 19 Nov 2000 18:52:14 -0800
Brando wrote:
> I have a 6 GB HD (Laptop) and I want to dual boot Linux and Win2K. I have a fresh
>disk to
> install on so I don't have to save any data.
>
> What's the best way to go about doing this? Which OS should I install first and how
>should
> I set up the partitions. I want about 2.5 GB for Windoze and 3.5 for Linux. I do have
> Partition Magic.
>
> Thanx
Please don't send your question to so many groups.
If you go to the Linux Documentation Project, you can get all the info you need.
There are
HOW-TOs (particularly Laptop and Dual-Boot) and at least one complete installation
guide.
The only thihg you need to be careful of is that both boot partitions should be within
the
1024 cylinder limit imposed by the BIOS.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
