Linux-Misc Digest #193, Volume #27 Thu, 22 Feb 01 03:13:03 EST
Contents:
IMAP reader for Linux (John)
Re: /bin/sh ("Peter T. Breuer")
An excellent virtual available for rent (Hung Ngoc Lai)
Re: POP3 server error: -ERR being read already (Brian Cochrane)
Re: POP3 server error: -ERR being read already (Brian Cochrane)
Re: Verify crontab, please ("Joe Knapp")
Re: Verify crontab, please ("Joe Knapp")
qmail startup error ! (�Gary Nugent)
inetd/xinetd (Gaurav Navlakha)
Re: Intruder (root)
Re: Intruder ("Peter T. Breuer")
gal && glade installation (SC Patton)
Re: IMAP reader for Linux (Michael Heiming)
Re: fdisk /mbr, install i ("Eric")
Re: inetd/xinetd ("Nils O. Sel�sdal")
----------------------------------------------------------------------------
From: John <[EMAIL PROTECTED]>
Subject: IMAP reader for Linux
Date: Thu, 22 Feb 2001 18:10:13 +1300
Hi.
I am trying to find a good IMAP e-mail program for use with Linux. It
needs to be able to read mail from multiple nested folders (directories) on
the host system.
Currently the only one that handles this is Netscape-Messanger which is
okay but would prefer something a little more zippy.
I have looked at quite a few mailers but most of them only support POP and
the few that claim to support IMAP do not support Folders.
Any pointers would be appreciate.
Cheers
John
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: /bin/sh
Date: Thu, 22 Feb 2001 05:54:12 +0100
Mark Post <[EMAIL PROTECTED]> wrote:
> On Wed, 21 Feb 2001 13:18:27 +0100, Christopher Albert
>>an application as a service on linux, which I posted
>>to a developpers list. Some have questioned the fact
>>that i used bash syntax for the script which has the
>>shebang #!/bin/sh, which to old unix hands means plain
>>vanilla Bourne, and there's stuff you do with Bash that
It means that in every case, whoever you are.
>>doesn't work on ol' Bourne.
Of course. So you don't and shouldn't write it in a script that
announces that it is to run under sh. And you shouldn't write
a script that depends on "features" of an extension like bash
unless you want your script to be nonportable (which you don't,
surely?).
>>I want to claim that on Linux /bin/sh is Bash by default.
>>Am I wrong?
Yes.
Bash when called as sh behaves as sh.
Peter
------------------------------
From: Hung Ngoc Lai <[EMAIL PROTECTED]>
Subject: An excellent virtual available for rent
Date: 22 Feb 2001 04:36:10 GMT
Hi Everyone,
For those who might be interested in getting hand-on
experience with Cisco equipments, Micronet Solution
is your answer. The price is very cheap.
Micronet Solution has an excellent Cisco virtual lab with
top-of-the-line equipments that are available for rent.
The virtual lab consists of Cisco 2600s routers each with
8 serial interfaces (NM 8A/S), ISDN interface and
Ethernet/Fast Ethernet interface. They have 3 pots each
consists of six 2600s routers, 1 catalyst (either 2900s
or 5000s) and an ISDN simulator. All the routers are
controlled by a Cisco Terminal Server (cisco 2610).
They even have a guest router for you to check out
their hardware. The technical support is great (in
real-time). I wouldn't be able to get my CCNP and
CCDP without the hand-on from this virtual lab.
The thing I like about this lab is that all of the routers
are fully connected (fully meshed) which is very
flexible. The lab is running by a few guys who are
working toward their CCIEs and Juniper. Check them
out at http://www.micronetsolution.com
Hung
------------------------------
From: Brian Cochrane <[EMAIL PROTECTED]>
Subject: Re: POP3 server error: -ERR being read already
Date: Wed, 21 Feb 2001 21:26:10 -0800
Thanks...that fixed it! I really appreciate your help.
Brian
The Spook wrote:
> Brian Cochrane wrote ...
> -- Cut --
> >The problem I'm having is when trying to fetch mail from my Linux box
> >with a POP3 client, I get the following error:
> >
> > -ERR being read already /usr/spool/mail/brian
> -- Cut --
>
> I think you may have run into a problem that stumped me for a while som time
> ago -- in.pop3d expects a specific directory, /var/tmp/.pop to exist. Create
> it with "mkdir /var/tmp/.pop" and your woes may be over. (On the system I
> helped with, it was owned by root, had root as group and had permission 770)
>
> /TRY
------------------------------
From: Brian Cochrane <[EMAIL PROTECTED]>
Subject: Re: POP3 server error: -ERR being read already
Date: Wed, 21 Feb 2001 21:28:06 -0800
The problem turned out to be that /var/tmp/.pop was missing. I created the
directory and all is well. Thanks for your reply.
Brian
Mark Penkower wrote:
> Brian Cochrane wrote:
>
> > I hope someone can help me figure this out... web searches have so far
> > proven less than helpful.
> >
> > The problem I'm having is when trying to fetch mail from my Linux box
> > with a POP3 client, I get the following error:
> >
> > -ERR being read already /usr/spool/mail/brian
> >
> > If I telnet to port 110 and authenticate with USER and PASS, it gives
> > the same error. I have discovered that if the maildrop
> > (/var/spool/mail/brian) is not present or is zero bytes, then I get
> > this:
> >
> > +OK 0 messages ready for brian in /usr/spool/mail/brian
> >
> > I have searched high and low for any stale lockfiles (in /tmp, /var/tmp,
> > /var/lock, var/spool/mail) and have found none. I've even gone as far
> > as killing sendmail in case it was locking the maildrops...no luck. ps
> > -ax shows no process that I can imagine would have any reason to lock
> > the maildrops.
> >
> > A little background information:
> > /usr/bin/in.pop3d tells me it's version 1.005l (that's a lowercase L
> > at the end, not a numeral 1).
> > permissions on /var/spool/mail: drwxrwxr-x, user:root, group:mail
> > permissions on /var/spool/mail/brian: -rw-rw----, user:brian,
> > group:mail
> > kernel is v2.0.34 (yes, I know it's old...but I had POP3 working on
> > this box before)
> > distribution is Slackware v3.5.0
> >
> > I'd love to get this working, but I'm out of ideas.
> >
> > Thanks,
> > Brian Cochrane
> > [EMAIL PROTECTED]
>
> Go to var/tmp/.pop (if you go to var/tmp and type in ls, it will not show
> .pop . is a unix file naming convention for a hidden file.
>
> Whyen you are in var/tmp/.pop - delete the file with the users name that
> you are having problems with.
>
> This will fix the problem. This problem is usually caused by the user, when
> they have a large amount of email in their box. - they click on "get mail"
> from their email client - Netscape Eudora or whatever - the message flashes
> across the screen that says "contacting pop server - then - "getting
> messages" - the user can not wait, and clicks on "cancel." Tell your users
> not to do this.
>
> Mark Penkower
------------------------------
From: "Joe Knapp" <[EMAIL PROTECTED]>
Subject: Re: Verify crontab, please
Date: Thu, 22 Feb 2001 00:35:57 -0000
"Peter T. Breuer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Yes, that's a full-fledged remote crack. Ask (politely) the sysadmin at
the
> universities that you got by reverse dns of those IPs to look into it,
> after checking the bugtraq record.
Thanks Pete--I just sent them a message on that score.
Based on the exploit description given by Robert Jones
(http://packetstorm.securify.com/distributed/trinoo.analysis.txt), it
appears that the three hosts imbedded in the hacked init executable are
"masters" in a distributed denial-of-service attack. I.e., they have been
compromised as well in this scheme. The three sites again are:
grace.isc.rit.edu
sky3.engr.wisc.edu
crtntx1-ar4-001-231.dsl.gtei.net
The first two are large university servers and the third is an ISP server.
My machine was evidently set up as a daemon in the scheme. BTW, the strings
"HELLO" and "PONG" showed up in the strings output and are some kind of
handshake between the masters and daemons.
Joe
------------------------------
From: "Joe Knapp" <[EMAIL PROTECTED]>
Subject: Re: Verify crontab, please
Date: Thu, 22 Feb 2001 00:39:45 -0000
"Jean-David Beyer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
\> > Urp! Someone modified init and set it up to run every five seconds!
>
> It is not as bad as that: it is only every five minutes. But that is
> not very good either. But they had to be root already to write in
> /sbin or /usr/sbin.
Evidently it was some kind of buffer-overrun exploit to get root access.
> Just to check, I ran strings on my init and observed no IP
> addresses, nor did the words socket or bind or recvfrom appear.
Thanks, J-D.
Joe
------------------------------
From: �Gary Nugent <[EMAIL PROTECTED]>
Subject: qmail startup error !
Date: Wed, 21 Feb 2001 21:49:03 -0800
I am trying to get QMail 1.03 installed and running on my RH7.0 server.
I followed the Howto v2 doc and was able to get qmail to start, sort of
!
When I start qmail using the script below, the following processes only
get started :-
ps auxww | grep qmail
root 689 2.7 0.5 1088 324 pts/2 S 21:51 0:39 supervise
qmail-send
root 691 0.0 0.5 1088 324 pts/2 S 21:51 0:00 supervise
qmail-smtpd
qmaill 693 0.0 0.5 1100 320 pts/2 S 21:51 0:00
/usr/local/bin/multilog t s2500000 /var/log/qmail/qmail-smtpd
qmaild 694 0.0 0.7 1152 472 pts/2 S 21:51 0:00
/usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u 507 -g 507 0 smtp
/var/qmail/bin/qmail-smtpd
qmaill 695 0.3 0.5 1104 372 pts/2 S 21:51 0:05
/usr/local/bin/multilog t s2500000 /var/log/qmail/qmail-send
root 15191 0.0 0.6 1412 408 pts/2 R 22:14 0:00 sh
/var/qmail/rc
I don't see the lspawn, rspawn processes etc.
However if I do a telnet localhost smtp, I get the following which I
believe is correct -
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mymachine.mydomain.com ESMTP
I did install the daemontools, ucspi-tcp, fastforward and dot-forward
stuff also, have I missed some configuration there maybe ?
I'm pretty sure I set up all the qmail users and groups properly and
made sure all the permissions were okay, I don't get an error when I run
svscan start, it just says it's starting djb services. I've also
checked syslog after running the startup script and I don't see the
'qmail: status: local 0/10 remote 0/20' line either ??
Here's the startup script, which I'm just running manually until I can
confirm it's all working, then I guess I'll stick it in init.d
Hope someone can shed some light on what's up ?
=============#!/bin/sh =e
# /etc/init.d/svscan : start or stop svscan.
# borrowed from http://Web.InfoAve.Net/~dsill/lwq.html#start-qmail
# modified by Adam McKenna <[EMAIL PROTECTED]>
case "$1" in
start)
echo -n "Starting djb services: svscan
cd /service
env - PATH="/usr/local/bin:$PATH" svscan &
echo $! > /var/run/svscan.pid
echo "."
;;
stop)
echo -n "Stopping djb services: svscan "
kill `cat /var/run/svscan.pid`
echo -n "services "
svc -dx /service/*
echo -n " logging "
svc -dx /service/*/log
echo "."
;;
restart|reload|force-reload)
$0 stop
$0 start
;;
*)
echo 'Usage: /etc/init.d/svscan {start|stop|restart}'
exit 1
esac
exit 0
============
------------------------------
From: Gaurav Navlakha <[EMAIL PROTECTED]>
Subject: inetd/xinetd
Date: Wed, 21 Feb 2001 23:54:49 -0600
Hello everyone,
I'm trying to run the telnet daemon on Mandrake 7.x (I'm sorry I don't
recall which version it was, but I'm sure it was one of the latest ones
currently available)
I have both of the following files: "/etc/init.d/inet" and
"/etc/init.d/xinetd"
When I boot up the system, only xinetd is running, not inetd (from ps
-ealf |grep inet). I know that inet should use the hosts.allow hosts.deny
files to set up the permissions, but if I'm not wrong, xinetd does not
look at these files.
I also have the file 'telnet' that I generated using
/usr/sbin/inetdconvert, in /etc/xinetd.d/. It looks like this:
# Converted by inetdconvert
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/tcpd
server_args = in.telnetd
disable = yes
}
With xinetd running, and when I try to telnet to my machine, I get:
"telnet: Unable to connect to remote host: Connection refused"
Can anyone think of a possible reason for this?
Your help will be truly appreciated.
Thanks,
Gaurav.
------------------------------
From: root <[EMAIL PROTECTED]>
Subject: Re: Intruder
Date: Thu, 22 Feb 2001 00:53:38 -0500
rc wrote:
> Linux 6.2
If by 6.2 you mean RedHat 6.2 then I'm not surprised. There are two major
security wholes that allow remote users to gain root privileges on your
machine. One is a wuftpd buffer overflow and another is an nfs bug (rpc.statd
if I remember correctly). Both have been reported long ago to bugtraq and they
have been patched by redhat. Look at
http://www.redhat.com/support/errata/RHSA-2000-039.html for wuftpd. I can't
find the other patch. At any rate, these patches and others have been
incorporated in RH7.0. My file server was broken into last september through
the nfs bug. This was the reason I upgraded to RH7.0. I'm not saying RH7.0 is
bug free, but the best you can do, besides firewalls and stuff, is to keep an
eye on the RH eratta/security advisories and upgrade. Your system was
definitely cracked. The only 100% safe thing is to save your data
(/home/your_name) and do a clean install, reformatting all partitions. Before
you do that, you may want to look for the hacking tools the intruder may have
used. They normally bring a whole arsenal on the victim and they use those
tools to break further into other machines. Look in the guy's home directory.
Then unplug the net, save what you want to save then reinstall.
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: Intruder
Date: Thu, 22 Feb 2001 06:26:16 GMT
root <[EMAIL PROTECTED]> wrote:
> http://www.redhat.com/support/errata/RHSA-2000-039.html for wuftpd. I can't
> find the other patch. At any rate, these patches and others have been
> incorporated in RH7.0. My file server was broken into last september through
> the nfs bug. This was the reason I upgraded to RH7.0. I'm not saying RH7.0 is
> bug free, but the best you can do, besides firewalls and stuff, is to keep an
rh7.0 was also vulnerable via ftp. A colleague had an intruder - I
believe rh have published an errata to cover the hole.
Peter
------------------------------
From: SC Patton <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: gal && glade installation
Date: Thu, 22 Feb 2001 00:40:00 -0600
Hi everyone!
I'm trying to upgrade some of my GNOME libraries,
compiling them from source code that came from the files
gal-0.4.1.tar.gz and glade-0.5.11.tar.gz.
QUESTION:
Is glade (from glade-0.5.11.tar.gz) supposed to create a
/usr/lib/libGladeConf.sh file? I seem to need this file so that GAL's
configure script (from gal-0.4.1.tar.gz) can detect the presence of
libGlade. I've tried and tried, and I'm stumped.
Can someone help me?
BACKGROUND:
GAL PROBLEMS (gal-0.4.1.tar.gz):
After unpacking the .tar.gz, I run "./configure" as
instructed. /.configure complains:
"checking for Glade libraries >= 0.13... configure: error:
Did not find libGlade installed"
I had already installed Glade (glade-0.5.11.tar.gz), so I poked around
configure script for GAL, to see if I could find out how it was
detecting Glade. On (or about) line 5194 of the configure script, it
says:
if gnome-config --libs libglade > /dev/null 2>&1; then
<snip>
else {echo "configure: error: Did not find libGlade installed 1>&2; \
exit 1; }
So when I tried to run "gnome-config --libs libglade" by hand, it
returned with: "Unknown library `libglade'". I then tried to find out
how gnome-config detects the presence of libraries by running the
command "gnome-config --help", it said that (after looking at some
known libraries), it looks for /usr/lib/<LIBRARY>Conf.sh for whatever
information is called for. After installing libGlade (from
glade-0.5.11.tar.gz) I DO NOT HAVE A /usr/lib/libGladeConf.sh !!
GLADE PROBLEMS (glade-0.5.11.tar.gz):
I cannot figure out how this version of libGlade creates a
/usr/lib/libGladeConf.sh file. (I even tried the command "grep -n
'Conf' *" from the glade-0.5.11 directory--nothing returned hinted at
the creation of this file).
Please help!
Thank you *very much* in advance!
Steven Patton
[EMAIL PROTECTED]
------------------------------
Date: Thu, 22 Feb 2001 08:14:07 +0100
From: Michael Heiming <[EMAIL PROTECTED]>
Subject: Re: IMAP reader for Linux
John wrote:
> Hi.
>
> I am trying to find a good IMAP e-mail program for use with Linux. It
> needs to be able to read mail from multiple nested folders (directories) on
> the host system.
>
> Currently the only one that handles this is Netscape-Messanger which is
> okay but would prefer something a little more zippy.
>
> I have looked at quite a few mailers but most of them only support POP and
> the few that claim to support IMAP do not support Folders.
>
> Any pointers would be appreciate.
>
> Cheers
> John
Try XFmail
http://xfmail.slappy.org/
Michael Heiming
------------------------------
From: "Eric" <[EMAIL PROTECTED]>
Subject: Re: fdisk /mbr, install i
Date: Thu, 22 Feb 2001 08:27:20 +0100
> Howdy Jeremy,
> Pardon me for interrupting but you're being mis-directed.
> It's not necessary to repartition C:.
No he was not being misdirected.
Even placing the kernel on C: is no guarantee that it will be below
cyl. 1024, as C: itself already crosses that boundary.
I agree that there are other options: upgrading LILO
or using loadlin eg.
Still making a simple /boot below cyl. 1024 is the easiest solution
Eric
------------------------------
Reply-To: "Nils O. Sel�sdal" <[EMAIL PROTECTED]>
From: "Nils O. Sel�sdal" <[EMAIL PROTECTED]>
Subject: Re: inetd/xinetd
Date: Thu, 22 Feb 2001 08:41:00 +0100
"Gaurav Navlakha" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello everyone,
> When I boot up the system, only xinetd is running, not inetd (from ps
> -ealf |grep inet). I know that inet should use the hosts.allow hosts.deny
> files to set up the permissions, but if I'm not wrong, xinetd does not
> look at these files.
xnetd replaces inetd..
> I also have the file 'telnet' that I generated using
> /usr/sbin/inetdconvert, in /etc/xinetd.d/. It looks like this:
>
> # Converted by inetdconvert
> service telnet
> {
> socket_type = stream
> protocol = tcp
> wait = no
> user = root
> server = /usr/sbin/tcpd
> server_args = in.telnetd
> disable = yes
> }
Since it here says disable = yes, this service is disabled, change it to
disable = no
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.misc.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
