Linux-Setup Digest #167, Volume #20 Tue, 5 Dec 00 18:13:09 EST
Contents:
apache security and ipchains ("Darren Welson")
Networking error + Hollywood card added ([EMAIL PROTECTED])
Re: Init.d stops after a given number of started services ("Pierre-Philippe Ravier")
Re: Upgrade RH6.2 to RH7.0 ("Philip Burness")
Re: KDE2 (Chris Ward)
Re: Newbie questions (Chris Ward)
IRQ Problems (Matthew Alicton)
Re: windows VFAT partitions too fat?! (Svend Olaf Mikkelsen)
Re: IRQ Problems (Black Dragon)
Re: Kernel Modules or not? ("Michael")
talkd & MDK7.2 (Maik Schwandt)
Linux telnet windows ([EMAIL PROTECTED])
Re: why can't one boot from /dev/hdb? (Svend Olaf Mikkelsen)
Re: disabling ftp/rlogin/telnet to use SSH (Black Dragon)
Re: Linux telnet windows (Black Dragon)
Re: apache security and ipchains ("David K. Means")
Re: RCS and Samba (Black Dragon)
Re: PPP-connection on demand (Black Dragon)
Re: I815 can not work under kernel 2.2.16 and XFree86 4.0.1 (Allen Mcintosh)
----------------------------------------------------------------------------
From: "Darren Welson" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking,comp.os.linux.security
Subject: apache security and ipchains
Date: Tue, 5 Dec 2000 12:37:51 -0800
I have a very tight firewall equipped with IPCHAINS, SQUID (web proxy), and
SOCKSv5. I also have an intranet Apache web server set up that I would like
to allow SELECT individuals to access via the internet. I am not sure how
best to handle this as to minimize my security risk, but allow these select
users to access the site as long as they have a password.
What is the best way to do this?
The firewall and the web server are on the same machine.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.networking
Subject: Networking error + Hollywood card added
Date: Tue, 05 Dec 2000 21:27:40 GMT
Hello,
I am running Redhat 6.1 at home. I dual-boot my PC with Win98, and
connect it to my laptop which also has Win98. Until recently, my
networking was working fine. Whether I was booted in Linux or Win98, I
could see my laptop from my desktop and vice versa.
Recently, I added the Hollywood decoder card. I have noticed that since
then, my laptop cannot communicate with my desktop. When I am booted
into Win98, my laptop and desktop can see each other. However, when I
boot back into Linux, they cannot. I cannot even ping between my
desktop and laptop - I get a "Destination host unreachable" message. I
am not sure that the addition of the card has caused this problem, but
I think that is the case since I haven't changed any of my
configurations lately and networking was working before.
As a test, I booted into Win98 and printed out the system properties.
Then I booted back into Linux and noticed that when in Win98, the
Hollywood decoder card uses IRQ9 while in Linux it uses IRQ3 (which is
the same IRQ as my network card). Somehow I don't think this is right.
Can anyone tell me how I can change this? While booting, eth0 comes up
OK. Ifconfig and netstat -nr give valid outputs.
Please help!!! Your response will be appreciated. Where can I start
looking for my problems. I don't want to remove the card and try over
again, but I will if I have to.
Thank you
Jaideep
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Pierre-Philippe Ravier" <[EMAIL PROTECTED]>
Subject: Re: Init.d stops after a given number of started services
Date: Tue, 5 Dec 2000 21:50:25 -0000
Hello,
I don't need DNS in fact, because my network only relies on the /etc/hosts
file in my case. How can I deactivate the use of DNS ?
I need to be a SMB client as well in order to print to a Windows NT machine,
but I don't need to be a SMB server. Therefore the smb daemon is probably
useless in my case, can you confirm that ?
Thanks.
"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
news:90jkmj$qsv$[EMAIL PROTECTED]...
> In <90jcov$gid$[EMAIL PROTECTED]> Pierre-Philippe Ravier
<[EMAIL PROTECTED]> writes:
>
> I suspect you are running into DNS timeouts. Why are you running smb?
> GEt rid of smb, sendmail.
> I doubt that those were the services for which it quit. I suspect rather
that they
> quit on the service AFTER those services.
>
> ]I have updated my Mandrake 7.1 to 7.2 and can't finish the boot anymore.
> ]It stops while doing the init.d sequence. I can go to maintenance mode
> ]and update config file as I wish (fortunately). Seeing that the
> ]computers stopped during init.d I began to remove services one by one.
> ]Doing that I removed amd, sybase, nfslockd, xfs because they were the
> ]different services for which the computer stopped. But it looks like
> ]whatever I do, Linux stops to work when it has started a specific
> ]number of services. Now it fails at SMB and I am sure that if I remove
> ]this service it will fail at the next one.
> ]If I press CTRL-ALT-DEL it tries to stop the service before the last
> ]one, and hang there. IF I press CLTR-ALT-DEL again I hear a little disk
> ]activity bu nothing more displays. Further presses do the same noise
> ]and that's all. The message I see is :
> ]Stopping rwho services:
>
> ]I had similar messages, with a different service name, when I gradually
> ]removed services from init.d .
>
> ]Do you have an idea what is this strange behaviour ? The PC did not
> ]have this problem with Mandrake 7.1 ! Mandrake is a distribution based
> ]on RedHat.
>
> ]Thank you
>
>
> ]Sent via Deja.com http://www.deja.com/
> ]Before you buy.
------------------------------
From: "Philip Burness" <[EMAIL PROTECTED]>
Subject: Re: Upgrade RH6.2 to RH7.0
Date: Tue, 5 Dec 2000 21:59:46 +0000 (UTC)
Upgrade worked OK for me however be careful about the new configuration
file locations and formats. Old configuration files are stored as
<name>.rpmsave as somebody has already mentioned however samba now has it's
own directory in /etc/samba and it would appear that samba starts as a
master browser which caused afew problems on our network. Also the http
DocumentRoot location has changed so if you have any web pages beware.
Phil
Graham Daniell <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> Hi,
>
> I am currently using RH6.2 and am very happy with it at present. I have
> downloaded RH7.0 from a mirror site and have installed it on a spare PC,
> and it looks even better.
>
> I am wondering if I can upgrade RH6.2 to RH 7 without incurring any
> problems. Can anyone confirm if this is possible / likely to cause no
> major dramas? Anyone have experience with this?
>
> Thanks,
> Graham Daniell
> [EMAIL PROTECTED]
>
------------------------------
From: Chris Ward <[EMAIL PROTECTED]>
Subject: Re: KDE2
Reply-To: Chris Ward <[EMAIL PROTECTED]>
Date: Tue, 05 Dec 2000 22:06:45 +0000
On Tue, 5 Dec 2000 10:56:37 -0100, Dragan Colak <[EMAIL PROTECTED]> wrote:
>where have you got these RPMs from? www.suse.com and www.suse.de
>have updates for SuSE Linux 6.4 and 7.0, only. I don't know if they
>support KDE2 on SuSE Linux 6.3. But if you want to try it, you could try
>to get a newer version of libc on ftp.suse.com.
For what it's worth SuSE 6.4 came with KDE(1). but when I upgraded to Version
7.0, KDE was also upgraded to KDE2.
Chris Ward.
Apply ROT13 to get e-mail address
------------------------------
From: Chris Ward <[EMAIL PROTECTED]>
Subject: Re: Newbie questions
Reply-To: Chris Ward <[EMAIL PROTECTED]>
Date: Tue, 05 Dec 2000 22:06:45 +0000
On Mon, 4 Dec 2000 21:10:54 -0700, "Warnick" <No [EMAIL PROTECTED]> wrote:
>Also, I began a large print job that I was not able to finish. Now each time
>I start up my printer it begins printing this large document again, from the
>begining. I'm not sure how to take it out of que.
Yes, I've occasionally had that sort of problem. The most useful command I
eventually discovered was 'lpc' - only available to root. It has various
commands and arguments so try typing 'lpc help' to discover its potential. If
you're not careful you could disable your printer altogether - until you find
the right command to enable it again.
Chris Ward.
Apply ROT13 to get e-mail address
------------------------------
From: Matthew Alicton <[EMAIL PROTECTED]>
Subject: IRQ Problems
Date: Tue, 05 Dec 2000 16:10:00 -0600
Reply-To: [EMAIL PROTECTED]
Hi there,
I recently purchased a new linux compatible modem. Although I can get
it to work under linux, there is one big problem, I always have to
manually the irq. The modem is on com3 and the default irq for com3 is
something other than what I have. So before I dial-up anywhere, I always
have to 'setserial /dev/modem irq 5'. What I wonder about, is there any
config file, or utility out there that will assign or set (as default)
the irq for com3 as irq 5? Simple isn't it, but I simply cannot figure
it out.
If you could help me, I would be grateful!
Thanks
------------------------------
From: [EMAIL PROTECTED] (Svend Olaf Mikkelsen)
Subject: Re: windows VFAT partitions too fat?!
Date: Tue, 05 Dec 2000 22:23:01 GMT
Eric <[EMAIL PROTECTED]> wrote:
>> >disk /dev/hda: 255 heads 63 sectors 2498 cylinders
>> >units = cylinders of 16065 * 512 bytes
>> >
>> >device boot start end blocks id system
>> >
>> >/dev/hda1 * 1 255 2048224+ b win95 fat32
>> >partition 1 does not end on cylinder boundary:
>> >phys=(1023,15,63) should be (1023,254,63)
>> >
>>
>> The type of this extended partition should be 0F, not 05. Also it
>> seems as the partition tables are written using a wrong BIOS
>> translation. The output from fdisk however cannot be used for
>> evaluating that.
>> --
>> Svend Olaf
>
>Hi svend-olaf,
>
>Another question for you..... again :-)
>
>How do you conclude that the translation was wrong?
>Am I correct in assuming that you conclude this through the not cylinder
>aligned partitions?
>
>And I wonder, If someone would delete these partitions and recreate
>them, but now cylinder aligned, would that do any damage to the FS on
>that partition? I don't think it would, but I am not sure about this.
>
>Perhaps one should resize the FS too afterwards, to match the new
>partition size, or else tools like PM may get confused?
>
>Eric
The above tables are made using a 16 heads translation (end head is
15), while the usual BIOS setting for a disk this size would be LBA
mode with a 255 heads setting.
The partition table CHS values however may be correct, if the BIOS is
set to NORMAL mode. This can be the case, since the fdisk information
may not be correct.
Another way to verify that the tables are made using a 16 heads
translation is to look at the number 2048224+ for hda1. This is
2*2048224+1 sectors = 4096449 sectors. In front of hda1 we usually
have 63 sectors. Then (4096449+63)/16/63 = 4064 is a full number of
cylinders.
If the partition tables match a BIOS setting, but the BIOS setting
currently is wrong, the solution is to redetect the disk in BIOS, and
then manually set the correct mode if the mode still is wrong.
For programs that use the BIOS for reading and writing the disk, such
as DOS and Lilo, the result of having wrong partition tables, or
primary partitions that do not end at a cylinder boundary, is
unpredictable. The reason for this is some subtle BIOS features.
--
Svend Olaf
------------------------------
From: [EMAIL PROTECTED] (Black Dragon)
Subject: Re: IRQ Problems
Date: Tue, 05 Dec 2000 22:22:38 GMT
On Tue, 05 Dec 2000 16:10:00 -0600 in comp.os.linux.setup,
<[EMAIL PROTECTED]> `Matthew Alicton' said:
: I always
: have to 'setserial /dev/modem irq 5'. What I wonder about, is there any
: config file, or utility out there that will assign or set (as default)
: the irq for com3 as irq 5?
Put the command "setserial /dev/modem irq 5" in your rc.local init script.
On Red Hat for example, the file is located in: /etc/rc.d/rc.local .
--
Black Dragon
Sign The Linux Driver Petition:
http://www.libralinux.com/petition.english.html
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Kernel Modules or not?
Date: Tue, 5 Dec 2000 16:25:34 -0600
"Oliver D. Bedford" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Michael <[EMAIL PROTECTED]> writes:
>
> > When compiling a new kernel what are the advantages or disadvantages
> > to using modules?
>
> If security is a top priority you should not be using modules.
>
> Oliver
Thank you all.
I have read the kernel how-to but maybe i'm a little to slow to really
digest it all. The security answer will put me on the right track.
Thanks Michael
------------------------------
From: Maik Schwandt <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.mandrake,comp.os.linux.misc
Subject: talkd & MDK7.2
Date: Tue, 05 Dec 2000 23:32:08 +0100
H!
I want to have a talk daemon running on my MDK7.2 system. Therefore i
installed the package ntalk-0.10-1TL.i386.rpm which provides a talk
client and two talk daemons (in.talkd and in.ntalkd). I edited a file
called talk and copied it into /etc/xinetd.d/ because my xinetd.conf
holds the following line:
includedir /etc/xinetd.d
the file /etc/xinetd.d looks like this:
service talk
{
socket_type = dgram
protocol = tcp
wait = yes
user = root
server = /usr/sbin/in.talkd
disable = no
}
but whenever i try to "talk" to somebody my talk client shows the
following error message:
error on read from talk daemon : verbindungsaufbau abgelehnt (111)
knows anyone how to solve that problem?
greetz
Maik
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.linux,comp.os.linux.misc,alt.os.linux
Subject: Linux telnet windows
Date: Tue, 05 Dec 2000 22:31:58 GMT
HI all,
I'm very familiar with Unix, but new to Linux. I now have a
new Linux desktop at work.
I've always relied on the menus to cut and paste into telnet
windows. But the mouse is causing me some mistakes now.
Is there a telnet tools for Linux out there that has the
standard Edit menu, with both the standard Cut and Paste
commands?
Thanks
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Svend Olaf Mikkelsen)
Crossposted-To: alt.os.linux.mandrake,gnu.utils.help
Subject: Re: why can't one boot from /dev/hdb?
Date: Tue, 05 Dec 2000 22:41:47 GMT
"Dan Jacobson" <[EMAIL PROTECTED]> wrote:
>boot=/dev/fd0
boot=/dev/hdb
>map=/boot/map
>install=/boot/boot.b
>vga=normal
>default=linux
>keytable=/boot/us.klt
>prompt
>timeout=50
disk=/dev/hda
bios=0x81
disk=/dev/hdb
bios=0x80
>message=/boot/message
>menu-scheme=wb:bw:wb:bw
>image=/boot/vmlinuz
> label=linux
> root=/dev/hdb1
> initrd=/boot/initrd.img
> append=" hdc=ide-scsi"
> read-only
>other=/dev/hda1
> label=windows
> table=/dev/hda
> map-drive=0x80
> to=0x81
> map-drive=0x81
> to=0x80
--
Svend Olaf
------------------------------
From: [EMAIL PROTECTED] (Black Dragon)
Subject: Re: disabling ftp/rlogin/telnet to use SSH
Date: Tue, 05 Dec 2000 22:39:50 GMT
On 05 Dec 2000 11:13:23 -0500 in comp.os.linux.setup,
<[EMAIL PROTECTED]> `Greg Trafton' said:
: Hi, All. I do not want others to be able to login to my system by
: using rlogin or telnet or ftp or (are there others?) and instead use
: SSH to login. but I'd like to be able to stil have access to rlogin ,
: telnet, and ftp. what's the best way to do this?
See:
/etc/inetd.conf (/etc/xinetd.conf on RH7)
/etc/hosts.allow
/etc/hosts.deny
and the accompanying documentation.
--
Black Dragon
Sign The Linux Driver Petition:
http://www.libralinux.com/petition.english.html
------------------------------
From: [EMAIL PROTECTED] (Black Dragon)
Crossposted-To: alt.linux,comp.os.linux.misc,alt.os.linux
Subject: Re: Linux telnet windows
Date: Tue, 05 Dec 2000 22:45:13 GMT
On Tue, 05 Dec 2000 22:31:58 GMT in comp.os.linux.setup,
<[EMAIL PROTECTED]> `[EMAIL PROTECTED]' said:
: HI all,
:
: I'm very familiar with Unix, but new to Linux. I now have a
: new Linux desktop at work.
:
: I've always relied on the menus to cut and paste into telnet
: windows. But the mouse is causing me some mistakes now.
:
: Is there a telnet tools for Linux out there that has the
: standard Edit menu, with both the standard Cut and Paste
: commands?
When running telnet in an xterm:
left-click-highlight = copy
middle-click = paste (simultaneous left-right-click on two button mouse)
--
Black Dragon
Sign The Linux Driver Petition:
http://www.libralinux.com/petition.english.html
------------------------------
From: "David K. Means" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking,comp.os.linux.security
Subject: Re: apache security and ipchains
Date: 5 Dec 2000 22:55:15 GMT
"Darren Welson" <[EMAIL PROTECTED]> wrote in message
news:90jkl0$8ed$[EMAIL PROTECTED]...
> I have a very tight firewall equipped with IPCHAINS, SQUID (web proxy),
and
> SOCKSv5. I also have an intranet Apache web server set up that I would
like
> to allow SELECT individuals to access via the internet. I am not sure how
> best to handle this as to minimize my security risk, but allow these
select
> users to access the site as long as they have a password.
> What is the best way to do this?
>
> The firewall and the web server are on the same machine.
I would take two steps to reduce the risk of unauthorized users
getting access over the Internet.
1) I would use the Apache Allow and Deny directives inside
the relevant <Directory> tag to restrict the inquiring host names/addresses.
This is possible to spoof, but reduces the chance of random attacks.
2) I would set up a (shadow password) account for each of the SELECT
users on my local machine, and then use the Apache Require user userid
userid userid
specification inside the same <Directory> tag.
I might be tempted to set up these user accounts with automatic password
aging,
so as to encourage the external users to change their password fairly
frequently, but
then I would have to install and maintain sshd on my server, so that these
users could
safely log in to make the password changes. Your call about this one.
------------------------------
From: [EMAIL PROTECTED] (Black Dragon)
Subject: Re: RCS and Samba
Date: Tue, 05 Dec 2000 22:52:41 GMT
On Tue, 05 Dec 2000 11:22:08 +0100 in comp.os.linux.setup,
<[EMAIL PROTECTED]> `Ignasi' said:
: I have the following network structure:
:
:
: - A server using OS/2 Warp Server .
: - Stations in Linux, OS/2 and WNT.
:
:
: I have been developing several projects using RCS from OS/2 and WNT. I'd
: like to use it now from Linux RH6.2. I have proper connections from
: Linux computers to OS/2 warp Server using Samba, and I can use RCS
: without problems using Root user name, but when I try to work from a
: normal user enviroment, I have always access problems. That's related
: to access configuration and not to RCS software, but I'm not able to
: configure RCS files to a 777 using chmod, even from root. -rwxr-xr-x is
: the best access words I'm getting.
:
: I tried to include user in adm group using linuxconf but I got the same
: situation
:
: what am I going wrong ?
:
: Could anyone help me ?
Try "lsattr" then "chattr -i" on the RCS files befor using chmod.
See the man pages for both.
--
Black Dragon
Sign The Linux Driver Petition:
http://www.libralinux.com/petition.english.html
------------------------------
From: [EMAIL PROTECTED] (Black Dragon)
Subject: Re: PPP-connection on demand
Date: Tue, 05 Dec 2000 22:55:12 GMT
On 05 Dec 2000 12:20:50 +0200 in comp.os.linux.setup,
<[EMAIL PROTECTED]> `Jarmo Hurri' said:
: This may well be an FAQ, but I was unable to find the answer from
: standard references...
:
: So what do I have to do at boot time to make ppp connect on demand,
: that is, if a program tries to connect to the network?
"diald"
Can be found at [ http://freshmeat.net ]
--
Black Dragon
Sign The Linux Driver Petition:
http://www.libralinux.com/petition.english.html
------------------------------
Crossposted-To: comp.os.linux.x,comp.os.linux.hardware
Subject: Re: I815 can not work under kernel 2.2.16 and XFree86 4.0.1
From: [EMAIL PROTECTED] (Allen Mcintosh)
Date: 5 Dec 2000 18:06:18 -0500
In article <90j6ld$2du$[EMAIL PROTECTED]>, w_h_lee <[EMAIL PROTECTED]> wrote:
>I install linux on I815 system. The kernel is 2.2.16 which include the
>module agpgart.o. The XFree86 is 4.0.1 which support the I810 chipset. There
>is an error "device is busy" when I do "modprobe agpgart" and the module is
>not loaded. I use the agpgart.o from the intel support web and it work. Then
>I run startx after config the XF86Config and it fail. The XFCom_i810 Xserver
>is work under XFree86 3.3.6 and can not work with the XF86Config file in
>4.0.1 format. The logfile and config files are in the attachment. Please
>help me to let it work. Thanks.
The following worked for me (running kernel 2.2.17, but 2.2.16 should work
fine):
1) Install XFree86 3.3.6
2) Obtain server and agpgart.c from the Intel website.
3) Install server and agpgart.o
Is there a reason you are using XF86 4.0.1?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.setup) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Setup Digest
******************************
