Linux-Networking Digest #173, Volume #11 Sun, 16 May 99 07:13:26 EDT
Contents:
Re: printing problem (Joseph Tweed)
Portscanned on port 111 (sunrpc) (Chris Rankin)
Re: Weird DHCP behavior ([EMAIL PROTECTED])
Re: routing issues, ppp0, eth0, vmnet1, smb ("Curt")
Re: Masquerading security (Malware)
Re: Help: BOOTP response isn't getting through. (Malware)
ISAPNP card questions] ("Wm. Josiah Erikson")
Re: can't send email through qmail ("Curt")
Re: NT & Samba.... cannot connect ("Simon Portsmouth")
samba and ip masq (Christopher Schulte)
Re: Route and network broadcasts (David De Ridder)
User Permissions Woe.... ("@")
Re: Masquerading security ("Kai Krakow")
Re: SECURITY ISSUES: Single user restriction at lilo boot: ("Stephan M. Ott //
OKDesign oHG")
SQUID 2.2 (RC)
----------------------------------------------------------------------------
From: Joseph Tweed <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: printing problem
Date: Sun, 16 May 1999 10:16:57 +0200
Edouard Oyer wrote:
> Hi Guys,
>
> I really need your help on that one. I am in despair of doing anything.
> I already went through the printing HOWTO and things are not the way
> they should be.
> I am trying to print on a printer that is on a netwrk. The way I am
> accessing is through an IP number.
> I am able to print when I am logged as root. I can't otherwise. The
> message I get is
> "lpr: connect: permission denied.
> Jobs queued, but cannot start daemon."
This is most probably a file/directory permission problem. Check
permissions of files and directories accessed for printing. You have those
in /var/spool ofcourse, and maybe those mentioned in the used printer entry
in /etc/printcap. The normal user must have read/execute permission to all
used items.
------------------------------
From: Chris Rankin <au.zipworld.com@{no.spam}rankinc>
Subject: Portscanned on port 111 (sunrpc)
Date: Sun, 16 May 1999 19:05:49 +1000
Hi,
While browsing my logs, I found this entry from the firewall:
May 3 20:44:31 WellHouse kernel: Packet log: ppp-in - ppp0 PROTO=6
203.85.213.81:15248 61.8.18.101:111 L=44 S=0x00 I=28616 F=0x0000 T=52
May 3 20:44:34 WellHouse kernel: Packet log: ppp-in - ppp0 PROTO=6
203.85.213.81:15248 61.8.18.101:111 L=44 S=0x00 I=29115 F=0x0000 T=52
May 3 20:44:40 WellHouse kernel: Packet log: ppp-in - ppp0 PROTO=6
203.85.213.81:15248 61.8.18.101:111 L=44 S=0x00 I=29889 F=0x0000 T=52
This concerns me a bit - it looks like someone tried to connect to port
111, which is apparently the sunrpc server. However, I can't see where
the sunrpc server IS on my system. There's nothing obvious in
inetd.conf. Even more worrying is that I can't learn anything about my
"visitor" using nslookup, although traceroute gives me this:
...
18 kt-sf1-wan188.hk.linkage.net (203.85.135.188) 689.693 ms 719.59
ms 689.78 ms
19 203.85.213.81 (203.85.213.81) 679.846 ms 689.575 ms 679.775 ms
Can anyone suggest anything more to try? (I'm SO glad I put that
firewall in!)
Cheers,
Chris.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Weird DHCP behavior
Date: Sun, 16 May 1999 07:25:43 GMT
howdy all.
just wanted to point out that protocol family 17 is the PACKET protocol
family that can be enabled using "make config"'s CONFIG_PACKET option.
i found that if the packet protocol is compiled as a module, for some
reason which i've not yet dug into, the module is never loadable,
especially not by kmod. the important point to note here is that
dhcpcd and pump both use the older style PF_PACKET protocol family to
interact with the interfaces directly. this explains dhcpcd and pump
failures if you compiled this as a module....
if you simply answer "y" to the CONFIG_PACKET query, and statically
compile this into the kernel, you'll be good to go.
guess i need to rip into the code to figure out why the module isn't
ever loadable....
cheers all!
Peter Dohmp
[EMAIL PROTECTED]
In article <7gplan$ivs$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hello all,
>
> I have done the make steps outlined below and it still doesn't work.
Where
> can I get the source for net-pf-17 (presumably, Protocol Family 17)?
I have
> been able to use Ethernet out of the box on my machine before, so
this is
> quite confusing. Thanks in advance for the help,
>
> Ihab
>
> > >I have RH 5.2 and I have been trying for more than 5 days to setup
the cable
> > >network connection thru DHCPcd. I downloaded the latest dhcpcd
version then
> > >compiled it and it seemed to work well. But when I try to activate
the eth0
> > >interface with the DHCP option (through RH's netcfg or with "ifup
eth0") the
> > >output is:
> >
> > >Using DHCP for eth0... failed.
> > >Using DHCP for eth0... modprobe: cannot locate net-pf-17
> > >failed.
> >
> > >I can define the alias for net-pf-17 as "off"
in /etc/conf.modules, and in
> > >that case I don't get the "cannot locate" message; still, the
network is
> > >unreachable because the eth0 is never configured.
> >
> > Hello Jan,
> >
> > The module for your ethernet card is missing. It looks like you
> > compiled your own kernel and forgot
> >
> > make modules; make modules_install
> >
> > No programm can work without the module.
> >
> > Johannes Niess
>
> -----------== Posted via Deja News, The Discussion Network ==---------
-
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your
Own
>
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
Reply-To: "Curt" <[EMAIL PROTECTED]>
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: routing issues, ppp0, eth0, vmnet1, smb
Date: Sun, 16 May 1999 04:20:23 -0500
use 'traceroute -i interface host/ip' i.e. traceroute -i ppp0
www.yahoo.com
I didn't understand your netmask question. I think you want to use
ifconfig.
Try 'man ifconfig'
Josh Miller <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi,
>
> I had my system working great with eth0 going out to a 192.168.0.1/24
network, and ppp0 hitting the
> rest of the world. Now, somethings messed up.
>
> I've got bind, sendmail, smb/samba, ftp, http, and vmware's vmnet stuff
all on here. name lookups
> still work great. ping's weren't working but I got them working again. Now
I'm not sure what's
> trying to go where.
>
> ping'ing any client on any interface is working fine.
> traceroute, on the other hand, gives the following message:
>
> traceroute: Warning: Multiple interfaces found; using 192.168.0.1 @ eth0
> traceroute to www.sony.com (209.0.216.83), 30 hops max, 40 byte packets
>
> then time's out. I want it to use ppp0 by default, as I do everything
except requests for 192.168
> network.
>
> netstat -nr yeilds:
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
Iface
> 206.183.228.10 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
> 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0
lo
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
vmnet1
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
> 0.0.0.0 206.183.228.10 0.0.0.0 UG 0 0 0
ppp0
>
> ifconfig yeilds:
>
> eth0 Link encap:Ethernet HWaddr 00:60:97:36:D2:7D
> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4607 errors:6 dropped:0 overruns:0 frame:11
> TX packets:3590 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> Interrupt:10 Base address:0xf700
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:3924 Metric:1
> RX packets:1233 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1233 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:206.183.229.240 P-t-P:206.183.228.10
Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1524 Metric:1
> RX packets:3426 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3680 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10
>
> vmnet1 Link encap:Ethernet HWaddr 00:50:56:8A:00:00
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2248 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1925 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
>
> Can anyone explain to me why traceroute wants to go over the 192.168.0.1
interface? (eth0)
>
> By the way, if I take down vmware, thing seem to work again. Also, I had
to take down samba and
> bring it back up to get ping/http/etc access working normally again (I
don't know what it had to do
> with anything though).
>
> One more question... what do you enter to modify a route?
> like, could I change the netmask on eth0 and vmnet1 to point to be
192.168.0.0? or 192.168.255.0?
>
> Hopefully, I'm not sounding like a complete idiot. Thanks in advance for
any help.
>
> Josh I.
> [EMAIL PROTECTED]
------------------------------
From: Malware <[EMAIL PROTECTED]>
Subject: Re: Masquerading security
Date: Sun, 16 May 1999 10:39:45 +0200
Hi Argus,
you wrote:
> > Masquerading then can be enabled troguh the world bound interface like
> > following:
> >
> > ipchains -A forward -j MASQ -s 192.168.1.0/24 -i ppp0
>
> Ahh.. I see through your response the ipchains has that capability to
> bind the device. But as far as I can tell you cannot specifically
> name a device to bind with ipfwadm only its address (probably one of
> the reasons for ipchains but I just now got this box up after a long
> break).
It should be possible with ipfwadm too. Give the option -W ppp0 for. The
drawback with ipfwadm is that this interface have to exist while the
rule is being created. Should the ipfwadm front-end set the interface
address too - did not check for - while gotten the -W switch, I would
consider this a bug.
> After digging a little deeper into the HOWTO's I found the advanced
> firewall rules but the script created doesn't run quite right for me
> (it balks at the way I try to retrieve the dynamic ip). The only other
For IP numbers dynamicly assigned via PPP do modify the rules within the
script /etc/ppp/ip-up. This script does get all parameters you'll need
on the commandline.
Malware
------------------------------
From: Malware <[EMAIL PROTECTED]>
Subject: Re: Help: BOOTP response isn't getting through.
Date: Sun, 16 May 1999 10:44:09 +0200
Hi Brian,
you wrote:
> on eth1!!!
> 20:57:41.075856 pacbell_host.bootps > 255.255.255.255.bootpc:
> xid:0xc8fcdc3f Y:kenny S:portal.pacbell.net [|bootp]
route add -host 255.255.255.255 eth0
Malware
------------------------------
From: "Wm. Josiah Erikson" <[EMAIL PROTECTED]>
Subject: ISAPNP card questions]
Date: Fri, 7 May 1999 15:06:34 +0100
Path:
EUBPEBAS.SONY.com!news-master.compuserve.com!arl-news-svc-1.compuserve.com!newsfeed.enteract.com!newsswitch.lcs.mit.edu!logbridge.uoregon.edu!umass.edu!news!172.20.99.118
NNTP-Posting-Host: 172.20.99.118
Newsgroups: comp.os.linux.setup
From: "Wm. Josiah Erikson" <[EMAIL PROTECTED]>
Subject: ISAPNP card questions
Message-ID: <[EMAIL PROTECTED]>
Sender: "Wm. Josiah Erikson" <[EMAIL PROTECTED]>
Date: Fri, 7 May 1999 02:29:13 +0100
MIME-Version: 1.0
Lines: 23
X-Newsreader: Microsoft (R) Exchange Internet News Service Version 5.5.2448.0
Content-Type: text/plain
I'm running RH 6.0/kernel 2.2.7 on a 486/33 with 20MB of RAM.
The Intel EtherExpress 16 card referred to below is a 10BT ISA PnP
Ethernet card.
I have an Intel EtherExpress 16 card (as well as a WD8003, eth0, which
works fine and I have no problems with). It used to work just fine with
the generic kernel that got installed on my machine when I installed RH
6.0 (and RH 5.2, for that matter). Whenever I recompile my kernel, it
stops working, even though I built EtherExpress 16 support into the
kernel. I think before it was compiled as a module... is this necessary
to make it work? The card is an ISA PnP card... does this mean that I
have to use isapnp to make it work right? The format of isapnp.conf
looks really cryptic to me and I can't quite make it out. I know that
the card is currently set to IRQ 5 and IO 0x310. This is fine, doesn't
conflict with anything, and I'd rather just leave it there and tell my
machine that's where it is. Is there any way to do this? Right now it
just says, "Delaying eth1 initialization" upon startup.
I think maybe I'll just stop trying to use ISA PnP card with
Linux : ) Nah, I can figure it out... but if somebody could gimme some
pointers that would be great. Please cc:[EMAIL PROTECTED] since I
don't always read every message that comes through this newsgroup.
Thanks much!
-Josiah
http://bork.hampshire.edu (the Linux box I'm referring to here)
------------------------------
Reply-To: "Curt" <[EMAIL PROTECTED]>
From: "Curt" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: can't send email through qmail
Date: Sun, 16 May 1999 04:34:12 -0500
Sorry, I didn't read your original post as carefully as I should have.
add the following to hosts.allow , replacing 'local network' with my IPs
(i.e. 192.168.2. )
tcp-env: 'local netowrk' : setenv=RELAYCLIENT
tcp-env: ALL
and the following in to inetd.conf ( you probably have this)
smtp stream tcp nowait qmaild /usr/sbin/tcpd
/var/qmail/bin/tcp-env /var/qmail/bin/qmail-smtpd
This will allow clients on your local net to use this system as a relay.
Kelvin Leung <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi Curt,
>
> I found that it doesn't work with your suggestion. I have to put the
> destination domain into rcpthosts in order to get it to work. For
instance,
> if I send to [EMAIL PROTECTED], I have to put microsoft.com in rcpthosts
to
> make it work.... Is it weird?
>
> Kelvin
>
> Curt wrote:
>
> > add MYDOMAIN to /var/qmail/control/rcpthosts
> > and /var/qmail/control/locals
> > and /var/qmail/control/defaultdomain
> >
> > Kelvin Leung <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Hello,
> > >
> > > I have a qmail setup in my RH 5.1 system. It is connected to internet
> > > through cable modem. I have PC clients connected to this server which
> > > use Netscape as email client. But the PC client cannot send email
> > > outside the local network. Any email going outside of this local
network
> > > will get the following error message:
> > >
> > > The mail server responded:
> > > sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> > > Please check the message recipients and try again.
> > >
> > > And I have execute the qmail-showctl, with the following setting
shown:
> > >
> > > ============================================================
> > > [root@MYHOSTNAME qmail-1.03]# qmail-showctl
> > > qmail home directory: /var/qmail.
> > > user-ext delimiter: -.
> > > paternalism (in decimal): 2.
> > > silent concurrency limit: 120.
> > > subdirectory split: 23.
> > > user ids: 80, 81, 82, 0, 83, 84, 85, 86.
> > > group ids: 80, 81.
> > >
> > > badmailfrom: (Default.) Any MAIL FROM is allowed.
> > >
> > > bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
> > >
> > > bouncehost: (Default.) Bounce host name is MYHOSTNAME.MYDOMAIN.
> > >
> > > concurrencylocal: (Default.) Local concurrency is 10.
> > >
> > > concurrencyremote: (Default.) Remote concurrency is 20.
> > >
> > > databytes: (Default.) SMTP DATA limit is 0 bytes.
> > >
> > > defaultdomain: Default domain name is MYDOMAIN.
> > >
> > > defaulthost: (Default.) Default host name is MYHOSTNAME.MYDOMAIN.
> > >
> > > doublebouncehost: (Default.) 2B recipient host: MYHOSTNAME.MYDOMAIN.
> > >
> > > doublebounceto: (Default.) 2B recipient user: postmaster.
> > >
> > > envnoathost: (Default.) Presumed domain name is MYHOSTNAME.MYDOMAIN.
> > >
> > > helohost: (Default.) SMTP client HELO host name is
MYHOSTNAME.MYDOMAIN.
> > > idhost: (Default.) Message-ID host name is MYHOSTNAME.MYDOMAIN.
> > >
> > > localiphost: (Default.) Local IP address becomes MYHOSTNAME.MYDOMAIN.
> > >
> > > locals:
> > > Messages for localhost are delivered locally.
> > > Messages for MYHOSTNAME.MYDOMAIN are delivered locally.
> > >
> > > me: My name is MYHOSTNAME.MYDOMAIN.
> > >
> > > percenthack: (Default.) The percent hack is not allowed.q
> > >
> > > plusdomain: Plus domain name is home.com.
> > >
> > > qmqpservers: (Default.) No QMQP servers.
> > >
> > > queuelifetime: (Default.) Message lifetime in the queue is 604800
> > > seconds.
> > >
> > > rcpthosts:
> > > SMTP clients may send messages to recipients at localhost.
> > > SMTP clients may send messages to recipients at MYHOSTNAME.MYDOMAIN.
> > > SMTP clients may send messages to recipients at k166.MYDOMAIN.
> > > SMTP clients may send messages to recipients at k166.localdomain.
> > > SMTP clients may send messages to recipients at pm7300.MYDOMAIN.
> > > SMTP clients may send messages to recipients at pm7300.localdomain.
> > > SMTP clients may send messages to recipients at k166.
> > > SMTP clients may send messages to recipients at pm7300.
> > > SMTP clients may send messages to recipients at wonderland.dns.org.
> > >
> > > morercpthosts: (Default.) No effect.
> > >
> > > morercpthosts.cdb: (Default.) No effect.
> > >
> > > smtpgreeting: (Default.) SMTP greeting: 220 MYHOSTNAME.MYDOMAIN.
> > >
> > > smtproutes: (Default.) No artificial SMTP routes.
> > >
> > > timeoutconnect: (Default.) SMTP client connection timeout is 60
seconds.
> > >
> > > timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
> > >
> > > timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
> > >
> > > virtualdomains: (Default.) No virtual domains.
> > > [root@MYHOSTNAME qmail-1.03]#
> > >
> > > ===========================================================
> > >
> > > Please help... thanks.
> > >
> > > Kelvin
> > >
>
------------------------------
From: "Simon Portsmouth" <[EMAIL PROTECTED]>
Subject: Re: NT & Samba.... cannot connect
Date: Sun, 16 May 1999 10:43:01 +0100
rob <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> I have a samba server with nt client. Server shows up in network
> neighbourhood. I have yet to get into it. When I click on the server it
says
> incorrect username or password for file://(servername). What do I need to
> configiure to get this going?
>
You need to turn off password encrytion on the NT box (this is a registry
change, documented in the samba docs - N/B this will mean that passwords are
sent a plain text over your network a security risk).
Alternatively, and more securely you can compile encrypted password support
into samba.
Simon.
------------------------------
From: [EMAIL PROTECTED] (Christopher Schulte)
Crossposted-To: comp.protocols.smb
Subject: samba and ip masq
Date: Sun, 16 May 1999 10:22:58 GMT
Greetings,
I recently implemented a reserved network on my lan to play with some
new networking concepts.
I have one machine, 192.168.100.105 which is a windows98 box. It's
using a default gateway of 192.168.100.254 which is a linux box doing
ip masq with routes set up on both the reserved and real internet.
Using the windows machine I can access (for the most part) all
external internet resources just fine. Ip masq is working as it
should.
One problem I have seen is now another linux box (which is also on
both the reserved and external network) cannot mount the windows
drives anymore. Here's an example of the output:
[208 root@snaildust:~]# smbmount //juanita/c /juanita/
Password:
mount error: Device or resource busy
Please look at smbmount's manual page for possible reasons
Now, I can log in with the smbclient just fine:
[209 root@snaildust:~]# smbclient //juanita/c
Server time is Sun May 16 05:17:04 1999
Timezone is UTC-5.0
Password:
security=share
smb: \> ls
And I can browse the drive. It's just unable to actually mount it. I
tried specifying a different mount point, check to make sure it was
not already mounted, etc, etc. No luck.
Would I need some special kernel modules to make this function
correctly, due to the way the ports communicate together?
Many thanks!
--
Christopher Schulte
Replace usenet with chris to send mail.
Mail sent to [EMAIL PROTECTED]
will *never* get to me. I hate spam!
------------------------------
From: [EMAIL PROTECTED] (David De Ridder)
Subject: Re: Route and network broadcasts
Date: Sun, 16 May 1999 10:39:54 GMT
Reply-To: [EMAIL PROTECTED]
Whereto with speedy words Andrey Smirnov repli'd :
>I would suggest changing IP addresses to the private range: 192.168.x.x
You are completely right. Or to 10.x.x.x if he wants to persist using
Class A addresses. But that does not change the problem.
Kind regards,
+-----------------------------------------------------------------+
David 'Septimus' De Ridder <[EMAIL PROTECTED]>
"I take the positivist viewpoint that a physical theory is just a
mathematical model and that it is meaningless to ask whether it
corresponds to reality. All that one can ask is that its
predictions should be in agreement with observation."
- S.W. Hawking
+-----------------------------------------------------------------+
------------------------------
From: "@" <[EMAIL PROTECTED]>
Subject: User Permissions Woe....
Date: Sun, 16 May 1999 18:34:45 +0800
Hi,
I'm using samba and faced a problem....
How can I set permission for 2 different groups of users with different
access rights to access one directory full of files ??
eg...group accounts consists of 15 users and group sales consists of 13
users....they both need to access the same files in the same directory but
accounts can only read while sales can read and write...
how do i acheive that ??
Thanks in advance.
------------------------------
From: "Kai Krakow" <[EMAIL PROTECTED]>
Subject: Re: Masquerading security
Date: Sun, 16 May 1999 12:42:25 +0200
Reply-To: "Kai Krakow" <[EMAIL PROTECTED]>
> > Shouldn't be possible if you bind the masquerading to a special
> device,
> > means:
> >
> > If you allow the kernel to only forward packets from the local net
> (say
> > 192.168.1.0/24 or similar) when they came in on device eth0. Then
> spoofing
> > the packet to source 192.168.1.* but sending it in thru another
> device like
> > ppp0 will not forward this packet...
> >
> But how is it that you can bind a device to the masquerading. Can it
> be done through ipfwadm (2.0 kernel)? Or would the binding be done
> through manually changing the /proc/net/ip_xxxxx files? And if so
> whats the format for those arguments? I've tried reading some of the
> man pages but they only make a little sense to me.
>
> If you could give me more info or point me to it that'd be great. So
> many questions and so little answers ;-)
The parameters are "-W device" in ipfwadm and "-i device" in ipchains.
Malware wrote that this parameter describes the destination interface and
you cannot controll the interface the packets came from. I tried this and
it's true... :(
But you can disable source routed frames and activate rp_filter like
described in his article... This should be secure enough...
ciao
Kai
------------------------------
From: "Stephan M. Ott // OKDesign oHG" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security,comp.os.linux.setup,comp.os.linux.misc
Subject: Re: SECURITY ISSUES: Single user restriction at lilo boot:
Date: Sun, 16 May 1999 12:53:55 +0200
[EMAIL PROTECTED] schrieb in Nachricht ...
>According to <[EMAIL PROTECTED]>:
>
>
>The only way to get arround this problem is to enable the CMOS
>password on the machine so that the machine will not boot w/o the
>password. Just about all BIOSs these days seem to support the
>feature. Yes, it will really suck when Joe User power cycles the
>machine (or course we know Linux never crashes...) and you need to
>send someone out to key in the password.
A better way would be disable the floppy in the bios, then password-protect
the bios.
When doing it this way, the machine will start up again and go online, but
the system cannot be started from floppy.
>Be aware that it is not completely secure because (1) nvram can
>usually be cleared by setting a jumper on the motherboard
Err, yes, but in this case you would know that someone cleared the bois and
maybe have ways to get to know who was it.
and (2) the
>disk with the password can always be removed and mounted somewhere
>else.
Sorry, I can't follow you....
which disk with which password ?
>Of course, this is *not* a solution to your *real* problem...
That's true, but it could be *one* possibility.
--Stephan
------------------------------
From: [EMAIL PROTECTED] (RC)
Subject: SQUID 2.2
Date: Sat, 15 May 1999 10:52:54 GMT
Hi,
i installed Squid 2.2-stable. I define a PARENT proxy but
i doubt that is used! :((
When i navigate using Netscape and i launch netstat-command
i notice a lot of connection from my proxy directly to requested
site, there isn't any connection with parent-proxy.
Linux: RED HAT 5.2
Proxy: SQUID 2.2
PC: Celeron 333/ASUS-P2B/64MBram/10Gb HD
Can anyone help me?
TIA
(please e.mail reply too)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
