Hey Everyone,
Some new good scripts in here, tuning, etc. The list is now 171 and growing
strong!
--David
---------------------
N 5/21/99 Added the URL for the SSL-encrypted Apache
* Sent WWW server. Also updated the IPCHAINS
Update * section with a new backup URL to Juanjo's site.
[Section 5 - URLs]
N Added a little newbie clarification note that the
1,2,9, and 10 numbers in the 192.168.0.db file
are the IP addresses of the internal machines.
[Section 24 - Named]
G Fixed a path problem with the M4 compiling in the
Sendmail section
[Section 25 - Sendmail]
I I didn't realize that my NTP update script for
Redhat would spam root every fifteen minutes (the
one I use doesn't). So, I've fixed that and
I changed the hardware clock update string from
"clock -w" to "clock --systohc"
[Section 26]
N Added the note that users can install either the
standard or SSL-encrypted versions of Apache
[Section 37 - Apache]
N Fixed a typo in the Redhat section where I was
editing /etc/crontabs instead of the correct
filename /etc/crontab.
[Section 41]
Thanks to [EMAIL PROTECTED] and
[EMAIL PROTECTED] for the
sharp eyes!
------------------
N 5/12/99 Updated the Table of Contents to reflect the use of
PPP for both PRIMARY and BACKUP links.
[Section 2]
Updated the Features list to reflect the PPP section
supporting both
primary and backup connections.
[Section 3]
N Added a 2GB IBM Ultrastar SCSI HD to the system. I
also lost the WD 1.2GB drive a SECOND time. Nice
that it has a 5 yr warantee but this is silly!
Thank GOD for backups!
[Section 4]
G Added the /usr/local/sbin/recycle script to top the
output from the "logit" script but restore the TTY
logging.
[Section 8]
N Moved the /root/logit script to /usr/local/sbin
[Section 8]
N Moved the file permissions stuff to its own little
sub-section and described what they are for.
[Section 8]
I Moved the SUID section and the command line now
outputs to /etc/info/suid-results. Once reviewed,
the file should be renamed to
/etc/info/suid-results-reviewed. This file is then
used by the /var/log/sendlogs" file to make sure
that no new SUID files have been added to the system!
[Section 8]
G Added a "ls -laR" and "du" listing of the entire
system to /etc/info from the /var/log/sendlogs script.
These lists prove to be invaluable if you loose a disk
or data and wasn't sure what you might have lost!
[Section 9]
G Added my "dmesg copy" rc.local hint so that when your
Linux box's output of "dmesg" is worthless due to
kernel logging junk, you'll have a copy in
/etc/info/dmesg
[Section 9]
I Added a SUID checker to the /var/log/sendlogs script to
check the filesystem for any new/changed SUID files.
This is a very nice feature but you need to follow the
changes I made today in [Section 8] for this to work.
[Section 9]
G Noted that TrinityOS currently only covers the IPFWADM
firewall ruleset.
But.. I DO have a IPCHAINS port for
the TrinityOS rulesets. Until I integrate them
into TrinityOS, feel free to email me for a copy.
I also noted that the new IP-MASQ-HOWTO covers IPCHAINS
in detail.
[Section 10]
G Clarified that there ARE simple IPCHAINS rules for IP
Masqurading in
[Section 44]. This will be integrated
into Section 10 with teh SGML port of TrinityOS.
[Section 10]
G Noted that TrinityOS currently only covers the 2.0.x
kernels. I DO have 2.2.x kernel configs for TrinityOS.
Until I integrate then into TrinityOS, feel free to
email me for a copy.
[Section 12]
G Added the configuration to to establish a currently
MANUAL BACKUP ppp link for any permanent linked users
(ADSL, Cablemodems, etc). This includes a short but
strong IPFWADM ruleset to enable enable the PPP0 link
as a temporary backup link while remaining secure.
Once I receive my ISDN line, I plan on adding the
configurations on how
to do this backup link in a
AUTOMATIC fashion based upon specific network
connectivity criteria.
[Section 22]
------------------
N 5/11/99 Updated the /etc/rc.d/rc.cdrom script to allow the
mount/unmount'ing of individual CDs.
[Section 32 - CD-ROM changer]
------------------
N 5/10/99 Added PGP/GPG to the Future Feature section
[Section 3 - Future Features]
I Added a little blurb in the DNS section on how it is
important to do all your domain changes, etc to the
Internic with PGP or at least CRYPT-PW.
[Section 24 - DNS]
G Changed the configs so the CD-ROM changer mounts
all CDROM-changer CDs under a subdirectory
(~hpe/CDROMs/CdromX). This is
important because
Samba would re-scan all the CDs about every
30 minutes. This was a pain. [Section 29 - BRU -
don't backup the CDROMs from the new path]
[Section 32 - CD Changer - Mount the CDs to a new sub-
directory]
[Section 33 - Samba - Don't do locking on the CDROMs]
------------------
N 5/09/99 Updated the IP MASQ email list address
[Section 5]
------------------
C* 5/08/99 Added a compatibility report about some security options I
added
to the /etc/sendmail.cf file. Some of these
options might create problems with other broken SMTP
servers out on the Internet.
[Section 25]
------------------
G 5/06/99 Fixed the chmod'ing of the wrong file of
/etc/cron.daily/sendlogs
to the correct
/etc/cron.daily/a-sendlogs. Thanks to
[EMAIL PROTECTED] for this one
[Section 8]
I Added a new section called "Common Observations,
Q&A, etc" with common questions, problems, etc.
[Section 99]
------------------
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
