Linux-Setup Digest #701, Volume #19 Tue, 26 Sep 00 08:13:07 EDT
Contents:
Re: honeypot + syslogd (David Martin)
Re: error in loading shared libraries: libXmu.so.6: cannot open shared object (John)
Re: RAID 0 and dual boot (John)
Re: XFree86 4.0.1 and FireGl1 problem (John)
Re: linux CRASH!!!!???? (John)
Re: New Linux Install (Chris Sherlock)
Re: RH6.2 PCMCIA Network card (Mike Walsted)
Re: Kernel panic: No init found. Try the init= option... (jmsalvo)
Re: Shared memory (shmget) problem on v2.3.51 (John)
Re: how to unzip the file *.tar.bz2 ("Stephen Kennedy")
Re: Shared memory (shmget) problem on v2.3.51 (Tariq Hussain)
Re: VPN client software (Scott Twitchell - EWB Support)
----------------------------------------------------------------------------
From: David Martin <[EMAIL PROTECTED]>
Crossposted-To:
alt.computer.security,alt.linux,alt.os.security,comp.os.linux.x,comp.security.firewalls,comp.security.misc,comp.security.unix,linux.redhat.install,linux.redhat.misc
Subject: Re: honeypot + syslogd
Date: Tue, 26 Sep 2000 13:09:09 +0300
Reply-To: [EMAIL PROTECTED]
Rasputin wrote:
> [EMAIL PROTECTED] <Damian Menscher> wrote:
> >In comp.security.misc jhuman <[EMAIL PROTECTED]> wrote:
> >> I was reading the article by lance spitzner on builing a honeypot and he
> >> mentioned something about "recompiling syslogd" to read from a different
> >> configuration file other than syslog.conf like /var/tmp/conf. I was
> >> wondering how that is done? Any help would be great.
> >
> >First off, you _could_ just run it as syslogd -f /var/tmp/conf. If
> >you want to be a bit more sneaky, you could leave it running as usual,
> >but have /etc/syslog.conf point to a different file when it is
> >starting than what it is during normal operation.
>
> Do you mean a symlink? How is that secure?
>
> vi /etc/syslog.conf still gives a cracker the info they need that way.
> A recompile of syslog means you can leave a dummy syslog.conf, which STR
> was the point of the article.
>
> --
>
> Rasputin.
> Jack of All Trades - Master of Nuns.
I suspect he means that your syslog startup script points /etc/syslog.conf at
the real configuration file, then starts the syslog daemon, then points
/etc/syslog.conf at a fake file all using links. That way the process table
does not show any giveaway arguments and a vi of syslog.conf shows fake info.
Mind you, if I saw that the /etc/syslog.conf file was a link I would probably
suspect something was awry anyway...
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: error in loading shared libraries: libXmu.so.6: cannot open shared object
Crossposted-To: comp.os.linux
Date: 26 Sep 2000 17:33:39 +0800
In comp.os.linux.setup Dave Addison <[EMAIL PROTECTED]> wrote:
> PATH is not the appropriate variable, LD_LIBRARY_PATH is used to configure
> linked libraries (at least it is on Solaris and I think it works on Linux)
Sounds right.
> Alternatively there is a file in /etc which is used to set the system wide
> default for load libraries. I think it is called ld.conf and is used by the
> command ldconfig
/etc/ld.so.conf
> Otherwise you could try moving the .netscape directory in your home
> directory. With any luck this might stop netscape trying to load the missing
> file
or carefully inspect its contents to see if there's something you might change.
Removing the directory is somewhat drastic, I'd rather try something less so.
> Randell D. <[EMAIL PROTECTED]> wrote in message
> news:z2Hz5.9833$ly4.82773@NewsReader...
>> since removed) Real Player. I have also tried uninstalling Netscape, and
>> then re-installing it again. The error I get is
>>
>> "error in loading shared libraries: libXmu.so.6: cannot open shared object
>> file: No such file or directory."
>>
>> I have found libXmu.so.6 living in /usr/X11R6/lib and edited /etc/profile
>> value of PATH to include this, but this has not fixed the situation.
>>
I have several of them;-)
[jcs@possum jcs]$ locate libXmu.so.6
/usr/i386-glibc20-linux/lib/libXmu.so.6
/usr/i386-glibc20-linux/lib/libXmu.so.6.0
/usr/i486-linux-libc5/lib/libXmu.so.6.0
/usr/i486-linux-libc5/lib/libXmu.so.6
/usr/X11R6.3/lib/libXmu.so.6
/usr/X11R6.3/lib/libXmu.so.6.0
[jcs@possum jcs]$
I guess you're missing one. Here's what rpm says about them:
[jcs@possum jcs]$ rpm -qif /usr/i386-glibc20-linux/lib/libXmu.so.6.0
Name : compat-libs Relocations: (not relocateable)
Version : 5.2 Vendor: Red Hat Software
Release : 2 Build Date: Tue 25 May 1999 03:20:08 AM WST
Install date: Tue 23 Nov 1999 11:11:48 PM WST Build Host: porky.devel.redhat.com
Group : Development/Libraries Source RPM: compat-libs-5.2-2.src.rpm
Size : 2337039 License: LGPL
Packager : Red Hat Software <http://developer.redhat.com/bugzilla/>
Summary : Runtime and developemnt libraries for Red Hat Linux 5.2 backwards
compatibility
Description :
This package includes a number of run-time libraries that are compiled on
Red Hat Linux 5.2. This package is required if you want to do development
for Red Hat Linux 5.2 and other glibc 2.0 based systems.
[jcs@possum jcs]$ rpm -qif /usr/i486-linux-libc5/lib/libXmu.so.6.0
Name : libc Relocations: (not
relocateable)
Version : 5.3.12 Vendor: Red Hat
Software
Release : 31 Build Date: Fri 16 Apr
1999 12:46:03 PM WST
Install date: Tue 23 Nov 1999 11:17:47 PM WST Build Host:
porky.devel.redhat.com
Group : System Environment/Libraries Source RPM:
libc-5.3.12-31.src.rpm
Size : 5494780 License: distributable
Packager : Red Hat Software <http://developer.redhat.com/bugzilla>
Summary : The compatibility libraries needed by old libc.so.5
applications.
Description :
Older Linux systems (including all Red Hat Linux releases between 2.0
and 4.2, inclusive) were based on libc version 5. The libc package
includes the libc5 libraries and other libraries based on libc5.
With
these libraries installed, old applications which need them will be
able
to run on your glibc (libc version 6) based system.
The libc package should be installed so that you can run older
applications
which need libc version 5.
[jcs@possum jcs]$ rpm -qif /usr/X11R6.3/lib/libXmu.so.6
Name : XFree86-libs Relocations: (not
relocateable)
Version : 3.3.6 Vendor: Red Hat, Inc.
Release : 20 Build Date: Tue 07 Mar
2000 12:22:34 AM WST
Install date: Sat 08 Apr 2000 09:11:08 AM WST Build Host:
porky.devel.redhat.com
Group : System Environment/Libraries Source RPM:
XFree86-3.3.6-20.src.rpm
Size : 2107376 License: MIT
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary : Shared libraries needed by the X Window System version
11 release 6.
Description :
XFree86-libs contains the shared libraries that most X programs
need to run properly. These shared libraries are in a separate
package
in order to reduce the disk space needed to run X applications on a
machine without an X server (i.e., over a network).
If you are installing the X Window System on your machine, you will
need to install XFree86-libs. You will also need to install the
following packages: XFree86, one or more of the XFree86 fonts
packages, Xconfigurator, XFree86-xfs and X11R6-contrib. If you are
going to develop applications that run as X clients, you will also
need to install XFree86-devel.
[jcs@possum jcs]$
--
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: RAID 0 and dual boot
Date: 26 Sep 2000 17:38:37 +0800
schuetzen - RKBA! <[EMAIL PROTECTED]> wrote:
>
> I want to set my two 30gb HDD up in RAID 0 (mirror) using W98SE and SUSE 7.0.
> A guru tells me that this will not work well (if at all) because the two OS need
> to be on separate HDD.
> That I should set the two HDD up in RAID1 instead effectively creating a 60gb
> HDD but with W98 on one and SUSE on the other.
> Further, that he cannot see how the system would run with RAID0 even if I were
> to put both OS on the same HDD.
> This is not the reason I bought two of these HDD.
> Does he know what he is talking about? I certainly know nothing about Linux and
> only slightly more about RAID, etc.
I saw a device advertised at http:/www.everythinglinux.com.au/ only a few minutes ago.
Actually,
a whole family of them.
They install into your EIDE cable and give you raid0 mirroring on two drives.
The OS is not involved.
Scout around for the RAID cards link for more, then see if you can track down a
vendor near. You can also order/pay them electronically.
--
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: XFree86 4.0.1 and FireGl1 problem
Date: 26 Sep 2000 17:44:02 +0800
Jean-Christophe FABRE <[EMAIL PROTECTED]> wrote:
> I've downloaded XFree86 4.0.1 and the X Server provided by diamond for
> the FireGL1.
> I've installed and configured them.
> When I run startx, all the detection works fine, the server seems to be
> launched and then it gets back to the text mode showin an error message
> :
> fatal server error
> caught signal 11. server aborted
Signal 11 is a segv; something's trying to access memory it mustn't.
Sounds to me like DMM software's no better than when I bought a machine for OS/2
some years ago; it had a Diamond Stealth card in it, and the installer didn't install
the driver.
On checking, I discovered that I had the most benign of the DMM problems, others
involved applying an OS/2 2.1 patch to OS/2 3.0 and updating a system file to say OS/2
3.0
was OS/2 2.1 (and so making it impossible to install fixes).
I will continue to notbuy DMM goods.
--
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: linux CRASH!!!!????
Date: 26 Sep 2000 17:51:27 +0800
ykchew <[EMAIL PROTECTED]> wrote:
> hi there,
> i have install the redhat6.2 in my new pc (P3 667, S3Trio, 15 G B
> Harddisk, 256 RAM), after couple times of restart the pc. The linux is
> crash at mounting harddisk. It force to scan the harddisk and then crash the
> linux by showing "kmem_alloc: bad slab magic (corrupt) (name=buffer_head)
> any idea of what is happening?
Sounds like the kernel's stuffed (kmem_alloc).
Did you make a boot disk during install? If so, does that work?
If you can get it up I recommend getting the kernel update (2.2.16 is available from
RHS)
and installing that.
It's also possible that you have a RAM problem. If you have two sticks, take one out.
Whether or not that works, try with only the other.
If it works with one but not the other, there's a good chance the other's a dud.
It's also possible that there's a problem with the socket.
If you (or your retailer) has some hardware diagnostics, run them.
If all else fails, subscribe to zoot-list (see http://www.redhat.com/) and ask there.
You should get the attention then of some of the RHI gurus.
--
------------------------------
Date: Tue, 26 Sep 2000 21:47:20 +1000
From: Chris Sherlock <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.hardware,comp.os.linux.misc,comp.os.linux.advocacy,alt.os.linux.mandrake
Subject: Re: New Linux Install
>From what I understand, the new LBA32 extensions in LILO will circumvent
this problem. I don't know much more about this as I haven't had to
worry about hitting the 1024 cylinder ceiling yet.
Would someone care to comment?
Chris
"James M. Luongo" wrote:
>
> I plan on installing Linux Mandrake 7.1 for the first time. I need some
> help. How big should the partitions be? And, I heard something about
> LiLo not recognizing a Linux partition after a certain disk cylinder (or
> sector, whatever). I think it was 1023, but I'm not sure. Is this
> true? Help!
> --
> ------------------------
> James M. Luongo x1427
> Draper Laboratory Room 4207
> ------------------------
------------------------------
From: Mike Walsted <[EMAIL PROTECTED]>
Subject: Re: RH6.2 PCMCIA Network card
Crossposted-To: comp.os.linux.hardware,comp.os.linux.networking
Date: Tue, 26 Sep 2000 10:52:28 GMT
Just a guess, but you may have an IRQ conflict. (That was the problem when
it happened to me.) Look at your /etc/pcmcia/config.opts file, and ensure that
the right IRQs are included and excluded.
Hope this helps,
Mike Walsted
On Tue, 26 Sep 2000, MC wrote:
>I discovered that both cards wouldn't work together, but if I took one
>(the modem card on slot0) and placed the network card there instead
>(that is, from slot1 to slot0) the network card works fine. The problem
>appears to be diagnosed below. I hope this helps to everyone out there
>going through the same pains as I am.
>
>MC
>---
>
>From the PCMCIA-HowTo
>
>3.8 Resource conflict only with two cards inserted
>
>Symptoms:
>
>Two cards each work fine when used separately.
>When both cards are inserted, only one works.
>
>This usually indicates a resource conflict with a system device that
>Linux does not know about.
>PCMCIA devices are dynamically configured, so, for example, interrupts
>are allocated as needed,
>rather than specifically assigned to particular cards or sockets. Given
>a list of resources that appear
>to be available, cards are assigned resources in the order they are
>configured. In this case, the card
>configured last is being assigned a resource that in fact is not free.
>
>Check the system log to see what resources are used by the non-working
>card. Exclude these in
>/etc/pcmcia/config.opts, and restart the cardmgr daemon to reload the
>resource database.
------------------------------
From: jmsalvo <[EMAIL PROTECTED]>
Subject: Re: Kernel panic: No init found. Try the init= option...
Date: Tue, 26 Sep 2000 11:00:03 GMT
I found out why:
The entire /lib directory is missing!! -- /sbin/init is dynamically
linked to certain files in /lib.
I'm now slowly putting in all the files that were supposed to be in /lib
from another linux box (at the office).
Fortunately, the BootDisk-HOWTO proved to be very useful, and I created
my own boot+root disk.
Regards,
John Salvo
In article <8qn43r$sij$[EMAIL PROTECTED]>,
jmsalvo <[EMAIL PROTECTED]> wrote:
>
>
> Kernel 2.2.16
>
> Before I rebooted and got the message above, all files seems to have
> "disappared" (but not really. More on later/below). For example, 'ls'
or
> 'sh' gives a "No such file or directory".
>
> Unfortunately, I did not try '/bin/sh'.( I am saying this as this has
> impotance below)
>
> However, I can pwd, cd, set.
>
> I rebooted, and got the kernel panic specified in the subject of this
> post. The kernel panic shows after mounting the root fs in read-only
> mode and after the "Freeing unused kernel memory: 44kb freed" message.
>
> To get around the kernel panic, I tried, from within the LILO prompt,
> like:
>
> LILO: linux-latest init=/bin/sh debug root=/dev/hda7 panic=10
>
> ...without any luck.
>
> Now the strange part:
>
> I can mount and see the entire contents of my root partititon (and
> everything else for that matter), if I:
>
> * Boot from CD using the RedHat installation CD, then
> * Select Install
> * Tell the installation to use fdisk to partition hda (I did this only
> so I can mount the root fs), ...
> * Then while the installation is in fdisk ( but not changing anything
on
> the partititon tables ), I switch to a console (Alt+F2) for the bash
> prompt and I mount the root fs:
>
> mount -t ext2 hda7 /tmp/disk1
>
> .... and there is my root fs.
>
> * sbin/init is there (I tried executing /tmp/disk1/sbin/init to test
if
> it is corrupted. It worked so it is not corrupted)
> * bin/sh is there ( also tried executing /tmp/disk1/bin/sh. Worked. No
> file corruption )
> * etc/inittab is there and I can read it using 'cat
> /tmp/disk1/etc/inittab' )
>
> Verified that the root fs specified in the kernel is /dev/hda7, so I
ran
> :
>
> /tmp/disk1/usr/sbin/rdev /tmp/disk1/boot/vmlinuz-latest
>
> and it gave me:
>
> Root 0x0307
>
> ...which is correct.
>
> All in all:
>
> * Not a LILO problem
> Otherwise, the kernel would not have loaded in the first place and the
> kernel would not have been able to mount the root fs in read-only
mode.
>
> * Not a partition table problem.
> Otherwise, I would not have been able to mount and read/execute files
> from my root fs using the procedure above.
>
> * Not a kernel problem.
> Otherwise, rdev would have shown a different value for the root
> partition
>
> Any ideas out there?
>
> What is unique about a root partition / fs that allows it to be
mounted
> but not have the kernel read or execute anything?
>
> Regards,
>
> John Salvo
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: Shared memory (shmget) problem on v2.3.51
Date: 26 Sep 2000 18:19:35 +0800
Tariq Hussain <[EMAIL PROTECTED]> wrote:
> Hi Guys,
> I've been trying to use kernel v2.3.51, it recompiles fine. The previous
> version was v2.2.13. I've got all the correct version of additional
> packages. My problem is I get the following error when I do dmesg:
Why would you not go to the latest 2.4.0 kernel? They're not perfect,
but I'm sure they're better than 2.3.51 (which I think is one I couldn't run).
> shmget: shm filesystem not mounted
Mount it thus:
[jcs@possum jcs]$ grep shm /etc/fstab
none /var/shm shm defaults 0 0
[jcs@possum jcs]$
I've been doing that since 2.3.4x and it's worked well.
------------------------------
From: "Stephen Kennedy" <[EMAIL PROTECTED]>
Subject: Re: how to unzip the file *.tar.bz2
Date: Tue, 26 Sep 2000 12:30:30 +0100
"Scott Nolde" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> qiuyang wrote:
> >
> > hi,everyone
> > I don't know how to unzip the file with tar.bz2 ?
You can do it all in one too:
tar xvfz file.tar.gz
tar xvfI file.tar.bz2
Stephen.
------------------------------
From: Tariq Hussain <[EMAIL PROTECTED]>
Subject: Re: Shared memory (shmget) problem on v2.3.51
Date: Tue, 26 Sep 2000 12:33:19 +0000
John wrote:
> Tariq Hussain <[EMAIL PROTECTED]> wrote:
> > Hi Guys,
>
> > I've been trying to use kernel v2.3.51, it recompiles fine. The previous
> > version was v2.2.13. I've got all the correct version of additional
> > packages. My problem is I get the following error when I do dmesg:
>
> Why would you not go to the latest 2.4.0 kernel? They're not perfect,
> but I'm sure they're better than 2.3.51 (which I think is one I couldn't run).
>
> > shmget: shm filesystem not mounted
>
> Mount it thus:
> [jcs@possum jcs]$ grep shm /etc/fstab
> none /var/shm shm defaults 0 0
> [jcs@possum jcs]$
>
> I've been doing that since 2.3.4x and it's worked well.
==============================================
Thanks for that, it worked. I don't get the shmget errors anymore. I'm in the
process of trying out the 2.4.x kernels as well. As far as the 2.3.x kernels go
I've only tried 2.3.51, and so far it seems to be very solid.
Thanks again.
Tariq.
------------------------------
Date: Tue, 26 Sep 2000 08:02:03 -0400
From: Scott Twitchell - EWB Support <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking,comp.os.linux.misc
Subject: Re: VPN client software
My work has a VPN switch. I Have to start the VPN client software (currently in W 98)
and log in with a username and password (to get access through the gateway).
Scott
SCHeckler wrote:
> Define 'VPN' Are you talking about PPTP? SSH tunnels? ISAKMP?
>
> In <[EMAIL PROTECTED]>, Scott Twitchell - EWB Support wrote:
> >Does anyone know of any VPN client software for linux (I'm running Red Hat
> >6.1). I access my work network through VPN in windows but want to try it
> >through linux.
> >
> >Thanks,
> >
> >Scott
> >
> >
>
> --
> Gregory Spath
> [EMAIL PROTECTED], [EMAIL PROTECTED]
> SCHeckler in #mtbike on EFNet, fr33f411 on AIM
> http://freefall.homeip.net/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.setup) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Setup Digest
******************************
