Linux-Networking Digest #441, Volume #10 Wed, 10 Mar 99 00:13:40 EST
Contents:
Re: Tone activated Tel Exchanges (Miguel Cruz)
ICQ Client and socks... ("Paul Criswell")
Re: connecting 2 PCs w/ null modem cable (Clifford Kite)
Permanet Connection Not Available (Dennis Gesker)
Re: Permanet Connection Not Available (Dennis Gesker)
Re: isdn compile error - help ("CyberDawg")
Re: Modem won't activate in Netcfg under Xwindows (M. Buchenrieder)
Re: Sendmail Multihoming ("flinx")
Re: Sendmail Multihoming ("flinx")
Re: Linux Dial on Demand ("K.A. Steensma")
Re: Auomatic E-Mail Generation (Doug S)
Re: smbmount vs Win98 network neightboor ("flinx")
Re: How to compile Kernel 2.2.2 with redhat 5.2??? (Lau Kin Jock)
connecting 2 PCs w/ null modem cable (scozz)
Re: PPP problems ("C. Toshack")
Apache module and php question
Re: ICMP Timestamp (Seth Van Oort)
help with SMC EZCard 10 NIC ("Dunn One")
FIXED: Thinkpad 600 external serial not recognized or initialized (Jeffrey Veiss
(CTG))
Re: smbmount vs Win98 network neightboor (Stephen Edmonds)
Re: Login Using Mac SSH Application? ("Patrick Gibson")
Re: Dual Ethernet problems (Joe Croft)
Re: cracker using su on account nobody (Gregory G. Woodbury)
skey for linux ("Wayne")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Miguel Cruz)
Crossposted-To: uk.telecom,comp.os.linux.hardware
Subject: Re: Tone activated Tel Exchanges
Date: 10 Mar 1999 02:57:30 GMT
Leonardo L D�az <[EMAIL PROTECTED]> wrote:
> But I will really be interested in getting to recognize those tones
> from my machine. I remember reading many (too many) years ago in
> Ciarcia's Circuit Cellar about the decoding chips. Has anybody stayed
> up-todate on that? Is any card around with one of those chips that
> will just tell me which button was pressed?
I have a USRobotics Sportster Voice and it more or less works for this. I'm
still working on whipping up some software (vgetty doesn't seem to be up to
the task because of weird delays and so on), but I already have basic
answering machine with remote working.
miguel
------------------------------
From: "Paul Criswell" <[EMAIL PROTECTED]>
Subject: ICQ Client and socks...
Date: Tue, 9 Mar 1999 21:31:11 -0500
I was curious if anyone knows of an ICQ client that directly supports socks
(other than the java one). For some reason I can't get the java client to
log on properly (although it connects via socks to the server fine). I have
seen a few clients that supports socks by using ./configure --enable-socks5,
but I have never been able to get that function to work properly. If anyone
knows of another client that supports socks, knows of a how-to site to use
the --enable-socks5 correctly, or actually knows how to "socksify" a
normally non-socks complient client, please let me know. Thanks.
- Paul Criswell
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Crossposted-To: alt.os.linux
Subject: Re: connecting 2 PCs w/ null modem cable
Date: 9 Mar 1999 20:13:48 -0600
scozz ([EMAIL PROTECTED]) wrote:
: On the Linux box I ran minicom and set the serial device to /dev/ttyS1.
: When I entered characters on the one side they would show up on the
: other side 20-30 seconds later.
Sounds very much like the IRQ configured in Linux for /dev/ttyS1 is not
the same IRQ that the modem actually uses.
: Isn't this supposed to be almost instantaneous?
Yes, at least for the OK response for modem commands that modify the
modem's internal profile.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* Those who can't write, write manuals. */
------------------------------
From: Dennis Gesker <[EMAIL PROTECTED]>
Subject: Permanet Connection Not Available
Date: Tue, 09 Mar 1999 16:32:52 -0700
Reply-To: [EMAIL PROTECTED]
I've been able setup PPP to allow dialin users using RH5.2. However,
when I attempt to map a network drive from the remote Windows9x machine
I get the following error:
The following error occoured while reconnecting F:\\windowsnt\pub
Permanent connection not available.
Do you want to restore this connection next time?
Any tips on fixing this problem or direction to documentation would be
helpful.
The PC acting as the dialup server is an old IBM PS/Value point 486 SX
with 16 MB of RAM. Dialup serving is the only task that this machine
will be asked to perform.
Dennis
------------------------------
From: Dennis Gesker <[EMAIL PROTECTED]>
Subject: Re: Permanet Connection Not Available
Date: Tue, 09 Mar 1999 16:35:49 -0700
Reply-To: [EMAIL PROTECTED]
I forgot to mention above that I am trying to map to a WinNT 4.0 PDC
server.
Dennis
Dennis Gesker wrote:
>
> I've been able setup PPP to allow dialin users using RH5.2. However,
> when I attempt to map a network drive from the remote Windows9x machine
> I get the following error:
>
> The following error occoured while reconnecting F:\\windowsnt\pub
>
> Permanent connection not available.
>
> Do you want to restore this connection next time?
>
> Any tips on fixing this problem or direction to documentation would be
> helpful.
>
> The PC acting as the dialup server is an old IBM PS/Value point 486 SX
> with 16 MB of RAM. Dialup serving is the only task that this machine
> will be asked to perform.
>
> Dennis
------------------------------
From: "CyberDawg" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,comp.os.linux,comp.os.linux.setup
Subject: Re: isdn compile error - help
Date: Tue, 9 Mar 1999 22:22:44 -0800
hey i am having problems getting my isdn modem (3comimpact) to run on my
linux box. if you find the solution email me at [EMAIL PROTECTED]
barazani wrote in message <[EMAIL PROTECTED]>...
>hi all ,
>i am a newbe to linux i am trying to install isdn on my linux box .
>my config is as follows linux redhat 5.2
>isdn-4k-utils downloaded form ftp suse
>i gzipped and tarred it and run make config
>than i get an error copile failed kernel source not found .
>the path is to /usr/src/linux i checked and there is an "include folder
>there"
>what source files sre supposed to be there and hoe can i put them in there
?
>any help would do .Barazani
>
>
------------------------------
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Modem won't activate in Netcfg under Xwindows
Date: Tue, 9 Mar 1999 22:06:46 GMT
"hcir" <[EMAIL PROTECTED]> writes:
^^^^^^^^^^^^^^^^
Please read the relevant FAQ , if you really want to do that.
[...]
> I am using a USR 56k faxmodem (not a winmodem), running RedHat
>5.1.
isapnptools
setserial
> If anyone can provide assistance, i would be very grateful.
>Please respond by e-mail to [EMAIL PROTECTED]
Certainly not.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
From: "flinx" <[EMAIL PROTECTED]>
Subject: Re: Sendmail Multihoming
Date: Tue, 9 Mar 1999 18:49:23 -0600
Maybe you can find some hints about configuration at the following web page.
http://metalab.unc.edu/LDP/HOWTO/Virtual-Services-HOWTO-9.html#ss9.3
flinx
[EMAIL PROTECTED] wrote in message <[EMAIL PROTECTED]>...
>Hi,
>
>we need some experts hints....
>
>We built up a SUSE linux V6.0 system with sendmail. We would like to run
>several hundreds of domains on it.
>
>We want to give every domain a separate IP-address (for logging
>purposes).
>
>We defined 200 IPs for testing, everything seems to work.
>
>But if we send mails via SMTP to any other IP than the first (x.x.x.1),
>there comes up a message saying "Networ error, Connection reset by peer"
>in the mail client. Not alsways but the bigger the mail, the more often
>it happens.
>
>Every helpful comment is welcome.... Please also direct your answers to
>my mail-address
>
>Thanx
>Johannes
------------------------------
From: "flinx" <[EMAIL PROTECTED]>
Subject: Re: Sendmail Multihoming
Date: Tue, 9 Mar 1999 18:48:08 -0600
Maybe you can find some hints about configuration at the following web page.
http://metalab.unc.edu/LDP/HOWTO/Virtual-Services-HOWTO-9.html#ss9.3
flinx
[EMAIL PROTECTED] wrote in message <[EMAIL PROTECTED]>...
>Hi,
>
>we need some experts hints....
>
>We built up a SUSE linux V6.0 system with sendmail. We would like to run
>several hundreds of domains on it.
>
>We want to give every domain a separate IP-address (for logging
>purposes).
>
>We defined 200 IPs for testing, everything seems to work.
>
>But if we send mails via SMTP to any other IP than the first (x.x.x.1),
>there comes up a message saying "Networ error, Connection reset by peer"
>in the mail client. Not alsways but the bigger the mail, the more often
>it happens.
>
>Every helpful comment is welcome.... Please also direct your answers to
>my mail-address
>
>Thanx
>Johannes
------------------------------
From: "K.A. Steensma" <[EMAIL PROTECTED]>
Subject: Re: Linux Dial on Demand
Date: Wed, 10 Mar 1999 03:45:24 GMT
Have you taken a very, very good look at your hosts file. In order to telnet, 2
dns look-ups are accomplished. If your machines are not setup in your hosts file,
diald will act like this. Why not kill diald (for a second) and try to telnet
around. I suspect telnet will sit and try a long time before you get a prompt.
KAS
[EMAIL PROTECTED] wrote:
> I have a small 486, running as an ISDN router for a small subnet in my home
> office. I have reserved static IP addresses from my ISP.
>
> The router is set up with kernel 2.2.2, with ppp running in dial-on-demand
> mode. Everything works fine on the front.
>
> The problem is, that when I try to access one of the computers on the subnet,
> from another using telnet (or whatever), the router dials and makes the
> connection to the ISP, *even though I am accessing a local address*. Even
> worse, if the link is down for any reason, then I am unbale to telnet to any
> other machines on the local network (It connects, and waits indefinately for
> the PPP link to come up).
>
> Subnet is xxx.xxx.113.225 through xxx.xxx.113.239, subnet mask 255.255.255.240
> Default gateway xxx.xxx.113.225 - (i.e. the router)
>
> Please help, this is costing be a fortune!
>
> Cheers
>
> Richard Turnbull [EMAIL PROTECTED]
>
> Tel +65 252 0287
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Doug S)
Subject: Re: Auomatic E-Mail Generation
Date: Wed, 10 Mar 1999 03:32:17 GMT
On Tue, 2 Mar 1999 16:15:13 -0000, "David Travers"
<[EMAIL PROTECTED]> wrote:
>Is is possible to setup a condition in the e-mail server in Linux (sendmail
>etc) so that when you send an e-mail such as
>
> [EMAIL PROTECTED]
>
>it runs a script/program and returns the generated output from the program
>to the
>reply address of the client sending the e-mail. The user program, is a dummy
>alias, which runs an external script.
>
>Why do I ask this.
>
>Well I am trying to create a routine on my e-mail server whereby a user can
>request a file to be downloaded from the Internet by passing in the address
>of the file. Hopefully the script will pick up the address of the file and
>use ftp to download the file to a local directory. It will then e-mail the
>resulting file to the local mailbox of the user in question.
>
>The format of the e-mail would be something like
>
>File: ftp://ftp.test.com/users/test1.zip
>Login: homer
>Password: simpson
>
>All other details such as reply-to-address would be picked up from the
>message header.
>
>This routine would allow the user to disconnect whilst a large file is
>downloaded to our local server thus saving dial-up time which the company
>pay's for. The user could then dial-in later and download the local file at
>full speed of their modem, rather than the slower connection which they will
>get by directly downloading it over the net.
>
>Note this is not the only routine I would like to try. I also thought of a
>way to pick "lucky dip" lottery numbers. By sending an e-mail to
>[EMAIL PROTECTED] then the reply would contain a list of the lottery numbers.
>
>I have still to think of other features.
>
>
Why can't you just use squid and proxy the request?
Squid will get the file from its origin at network speeds and feed it
to the requestor at the requestor's maximum speed.
Just a thought...
Doug
=========================================
The email & reply-to addresses in this post's headers are not real.
If you need to e-mail me, my real address is:
dee oh you gee ess @ c3net . net (Read aloud and type what you say.)
------------------------------
From: "flinx" <[EMAIL PROTECTED]>
Subject: Re: smbmount vs Win98 network neightboor
Date: Tue, 9 Mar 1999 18:54:12 -0600
Try smbclient -L machine-name from your favorite shell. It will list the
shares on machine-name and also show you a list of other machines on the
network. This might only work if you samba server is the browse master, not
quite sure about that one.
flinx
J�r�me Tollet wrote in message <[EMAIL PROTECTED]>...
>Hello,
>I would like to use my smbmount like the network neighboor under win98 :
>when i use smbmount, i must tell //machine/service. Under win98, i can
>browse all the machines on the network !
>Is it possible under linux ?
>thanks for help
>jerome tollet
>[EMAIL PROTECTED]
>
>
------------------------------
From: Lau Kin Jock <[EMAIL PROTECTED]>
Crossposted-To: aus.computers.linux,comp.os.linux.hardware,comp.os.linux.setup
Subject: Re: How to compile Kernel 2.2.2 with redhat 5.2???
Date: Wed, 10 Mar 1999 04:05:24 GMT
Brian McKerr wrote:
> I had _similar_ problems - I was able to compile 2.2.2 but could not get it to
> work via lilo as I usually do (I've been using and abusing linux since '93 ! by
> the way), The exact same Kernel that would not boot from lilo was able to boot
> when I copied it to floppy with "cp vmlinuz-2.2.2 /dev/fd0" !!!!
>
> When trying to boot from lilo it stopped after LI, looking at the doco (in
> /usr/doc) it explains what the problem is, but it wasn't detailed enough to
> help me further.
The same thing happened to me, but here's the interesting part. If I boot from a
boot floppy that I made for Caldera 1.3 and run Lilo from there, my 2.2.x
kernel works fine. If I run it from the hd, I only get LI
------------------------------
From: scozz <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux
Subject: connecting 2 PCs w/ null modem cable
Date: Tue, 09 Mar 1999 20:00:12 -0500
Greetings,
I've connected my win95 machine and my Linux box w/ a null modem cable.
I run Tera term on the win95 machine and it talks directly to COM2.
On the Linux box I ran minicom and set the serial device to /dev/ttyS1.
When I entered characters on the one side they would show up on the
other side 20-30 seconds later.
Isn't this supposed to be almost instantaneous?
I also got the similar results when I would cat a file to /dev/ttyS1
Same thing with this C program:
#include <stdio.h>
#include <unistd.h>
#include <string.h>
int main()
{
char str[200];
FILE *modem;
modem = fopen("/dev/ttyS1", "r");
while(!feof(modem))
{
fgets(str,200,modem);
printf("%s",str);
}
exit(0);
}
Any suggestions?
thanks
scozz
------------------------------
From: "C. Toshack" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.setup,comp.os.linux.questions,comp.os.linux.help,comp.os.linux
Subject: Re: PPP problems
Date: Tue, 09 Mar 1999 19:45:44 -0500
Use the setserial command. Find the syntax for this by looking at the man
page for setserial (type: "man setserial")
Regards.
Satellite Owner wrote:
>
> Omar Sattari:
>
> yeah, i have slackware.
>
> a communications program like seyon has no problem dialing out, but my ppp
> doesn't
>
> here's what i think:
>
> i have my slackware on an old 486 with windows 3.1.
>
> when i used the windows internet, i HAD to change the irq to 4, even though
>
> terminal(comm. program) worked fine.
>
> i think our problem is that ppp assumes an irq of 3 on com1, just like WINDOWS,
>
> does anybody know how to change an irq in LINUX???
>
> in my dialup, the init string gets sent to the modem, but no OK is given back!!!
>
> i think this is the problem!!!
>
> just in case, my email is [EMAIL PROTECTED]
>
> Rick Glunt wrote:
>
> > I am having simmilar problems with RH5.2, however when I activate my ppp
> > interface, my modem never dials out. I know my modem is setup b/c I can use
> > it doing amannual dial out.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Apache module and php question
Date: Wed, 10 Mar 1999 04:06:22 GMT
I am using RedHat-5.2, and I installed Apache 1.3.3-1 also mod_php3-3.0.5-2
now I don't have php.ini and I have no_idea how to call apache via php.
if some one can tell me about this.. I'll really apiriciat..
Thank's in advance.
jscott
------------------------------
From: Seth Van Oort <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.system,comp.os.linux.help,comp.os.linux.misc
Subject: Re: ICMP Timestamp
Date: Wed, 10 Mar 1999 01:05:03 +0000
It's really hard to tell what you're asking. If you're asking for the
line that actually replies it's
icmp_reply(&icmp_param, skb);
Seth
Du Jinsong wrote:
>
> Hi, I found in kernel net/ipv4/icmp.c there is a function
> icmp_timestamp(), which handles the incoming timestamp requests, but I
> cannot find the function that deal with the replys(at IP or TCP layer).
> Would you pleas help me?
> Thanks a lot!
------------------------------
From: "Dunn One" <[EMAIL PROTECTED]>
Subject: help with SMC EZCard 10 NIC
Date: Tue, 9 Mar 1999 23:22:46 -0500
I'm trying to get this card to work in Linux. I have redhat 5.2 running. Are
there any drivers for this card. Is there any way I can get it to work.
Please help...thanks
------------------------------
From: Jeffrey Veiss (CTG) <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.portable,linux.dev.laptop,linux.dev.serial
Subject: FIXED: Thinkpad 600 external serial not recognized or initialized
Date: 9 Mar 1999 20:05:41 -0500
***NOTE: Before you reply, remove "SPAMSUCKS" from my e-mail address.
I finally figured out this one. There's apparently TWO options that need
to be set with PS2.EXE for linux to recognize the existance of the external
serial port. Type:
PS2 ? SERIAL
PS2 ? SERA
It's kinda weird. Windows 98 was able to recognize the serial port, the
thinkpad utilities said it was enabled and PS2 SERIAL was enabled. However,
you also need to type PS2 SERA ENABLE (or something like that). As soon as I
did that, the kernel assigned the serial port to ttyS0.
To those maintaining a thinkpad 600 web page, please add the above fix.
> I have a IBM Thinkpad 600 (266MHz PII, 64M, etc.) running both Redhat 5.2
> and Windows 98. For some reason, I can't seem to get the external 9-pin
> serial port to be recognized. Any suggestions, advice, or insights are
> appreciated!
Please contact me if there are any further questions via internet mail at
[EMAIL PROTECTED] Thank you very much!
Jeffrey Veiss ([EMAIL PROTECTED]) PO Box 5400
Network Engineer Princeton, NJ 08543-5400
Corporate Telecommunications (609) 818-3308
Bristol-Myers Squibb (609) 818-7814 (fax)
------------------------------
From: Stephen Edmonds <[EMAIL PROTECTED]>
Subject: Re: smbmount vs Win98 network neightboor
Date: Wed, 10 Mar 1999 15:37:18 +1100
i've heard that there is a program called cheops that is a net neigh for
x. you should be able to find it somewhere on the net.
"J�r�me Tollet" wrote:
>
> Hello,
> I would like to use my smbmount like the network neighboor under win98 :
> when i use smbmount, i must tell //machine/service. Under win98, i can
> browse all the machines on the network !
> Is it possible under linux ?
> thanks for help
> jerome tollet
> [EMAIL PROTECTED]
--
_ _ _
Stephen Edmonds, Melbourne, Australia _/ \_ / \_/ \
<_ " _> / \
mailto:[EMAIL PROTECTED] / O \ / " \
mailto:[EMAIL PROTECTED] / ___ \ | O |
http://www.alphalink.com.au/~sedmonds \_____/ \___/
------------------------------
From: "Patrick Gibson" <[EMAIL PROTECTED]>
Subject: Re: Login Using Mac SSH Application?
Date: Tue, 09 Mar 1999 17:22:31 -0800
In article <[EMAIL PROTECTED]> ,
[EMAIL PROTECTED] (Dan Poynor) wrote:
> Does anyone know of any telnet like apps for Macs which can currently
> login to a remote server using SSH?
Datafellows (http://www.datafellows.com/gallery/) makes a commercial SSH
client for the MacOS. Other than that, I can't seem to find anything out
there. I personally just telnet into my local Linux box and use the Unix
version ssh to go out from there.
Patrick
---| iThink therefore iMac |----------+
patrick gibson (patrick @ gibson.org)
url: http://patrickgibson.com/
======================| got iMac? |===+
------------------------------
From: [EMAIL PROTECTED] (Joe Croft)
Subject: Re: Dual Ethernet problems
Date: 10 Mar 1999 01:30:14 GMT
I cannot even get the 10.1.1.1 machine to see traffic on the 10.1.1.0 network
though it can see traffic on the 148.153.95.0 network.
In article <7c41c0$671$[EMAIL PROTECTED]>,
"Dan Tager" <[EMAIL PROTECTED]> writes:
> Joe Croft wrote in message <7c34bi$41i$[EMAIL PROTECTED]>...
>>Hi Yall,
>>
>> I'm hoping that one of y'all can help me. I'm setting up a Linux machine
>>as a go between for a real network and a small test network.
>>
>> My problem is that once I set up the 2 network cards, I can ping the
>>network through the first NIC but I get no responses from the second
>>network. It appears that the other devices on the network get the
>>ping packets and send them back but my machine does not see them.
>>
>
>> The other devices even report my machines MAC (arp) address. Though my
>>machine reports all zeros for the other machine. Forcing the MAC address
>>don't seem to help either.
>>
>> One thing not shown in the below configuration, There is also a router at
>>148.153.95.1 and usually there is a default route to it. Sadly, it makes no
>>difference whether it's there or not.
>>
>> Here is my configuration:
>>
>>lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
>> UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
>> RX packets:57 errors:0 dropped:0 overruns:0
>> TX packets:57 errors:0 dropped:0 overruns:0
>>
>>eth0 Link encap:10Mbps Ethernet HWaddr 00:A0:24:80:7D:9B
>> inet addr:148.153.95.22 Bcast:148.153.255.255 Mask:255.255.0.0
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:34867 errors:0 dropped:0 overruns:0
>> TX packets:627 errors:0 dropped:0 overruns:0
>> Interrupt:11 Base address:0xb800
>>
>>eth1 Link encap:10Mbps Ethernet HWaddr 00:60:8C:C9:CB:B6
>> inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0
>> TX packets:49 errors:0 dropped:0 overruns:0
>>
>>Kernel IP routing table
>>Destination Gateway Genmask Flags Metric Ref Use
> Iface
>>10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 2
> eth1
>>148.153.0.0 0.0.0.0 255.255.0.0 U 0 0 7
> eth0
>>127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 2 lo
>>
>>--
>
>
> Make sure the machines on the 148.153.0.0 network have a network route for
> the 10.1.1.0 network using 10.1.1.1 as the gateway and/or whatever other
> default route.
>
> --Dan
>
>
>
--
======================================================================
Imagine the day when your computer's| Joe Croft <[EMAIL PROTECTED]>
OS is Free and NOT owned by any one,| CroftJ Internet Services
but instead, owned by everyone. That| http://www.croftj.net/
day is here! http://www.linux.org | finger [EMAIL PROTECTED] for keys
======================================================================
------------------------------
From: [EMAIL PROTECTED] (Gregory G. Woodbury)
Crossposted-To: alt.os.linux
Subject: Re: cracker using su on account nobody
Date: 10 Mar 1999 04:57:32 GMT
Jason Keyes <[EMAIL PROTECTED]> shaped electrons to say:
>Re-install. Many of the hack-kits being used these days will replace binaries
>on your system. Some of the affected binaries may include tcpd, inetd, login,
>ps, su, ping, traceroute, netstat, etc. The only way you have a chance of
>being able to really know what is going on is to do a re-install.
While this is a "Good Idea" (TM) it isn't an absolute requirement, the
RPM has a "verify" option that can do a first level job of checking MD5
checksums for installed packages. It's relatively easy to set up a script
that regularly verifies packages and mails the results to the admin account.
First, generate a list of all the packages you have installed:
rpm -q -a | sort > /usr/local/lib/rpmd5.pkgs
Then edit this file to your taste. Some packages will have lots of changes
that are innocent, and others will have large numbers of other errors. For
example, the "devs" package is pretty useless to verify, and the man-pages
are just a waste of time.
Then, a script can be run to check each package and mail the results to
a selected admin mailbox:
</usr/local/sbin/rpmd5>
==============================================================
#!/bin/bash
#
doit() {
for pkg in `cat /usr/local/lib/rpmd5.pkgs`
do
echo $pkg
rpm -V $pkg
done
}
doit | elm -s RPMD5_report root &
==============================================================
This produces a list of packages, and any discrepancies found while
verifying those packages. Check the rpm man pages for details of all the
signals, but the main one to look for is a '5' in the 2nd column of a
discrepancy report, which means that an MD5 checksum failure occurred.
Investigate all discrepancies, and decide which ones are the result of
customizing the system (e.g. /etc/mail/sendmail.cf or /etc/inetd.conf)
and which are the result of foul play (e.g. /bin/login or /etc/passwd)
Add this to the daily or weekly crontabs, and run it if there are signs of
questionable activity. The script as written backgrounds itself and takes
about 20 minutes to run on a i686/350MHz. An i586/166MHz takes about 40
minutes.
The MD5 checksums are stored in the rpm database (in binary) and would be
hard for a crack kit to patch reliably. It could remove packages from the
database or kill the database, but that would be easily detected by a
failure message in the script output.
If you detect adverse changes in something like /bin/login, it is
relatively simple to do a forced RPM install of the affected package:
rpm -ivv --force util-linux-2.8-11.i386.rpm
which will generally repair the damage and restore the default permissions
and links, etc....
Enjoy.
--
Gregory G. "Wolfe" Woodbury `-_-' Owner/Admin: wolves.durham.nc.us
ggw at wolves.durham.nc.us U Errant co-moderator of:
soc.religion.unitarian-univ
"The Line Eater is a boojum snark." Hug your wolf. (Thanks Peter.)
------------------------------
From: "Wayne" <[EMAIL PROTECTED]>
Subject: skey for linux
Date: Tue, 9 Mar 1999 20:16:23 -0600
I am looking for an skey login binary for a redhat 5.2 linux box or an
explanation to why I cann't get the source to compile. I keep getting a
broken link to crypt in the libskey.a. can anyone help...
Thanks
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
