Net-acct
Has anyone got any scripts to get usefull per IP accounting info out of the net-acct log for a time period or know where i can get one ?? Cheers Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
Previously Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. netsaint, mon. tkined is useful as well (part of scotty now iirc). Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
http://www.netsaint.org/ is probably what you're looking for. something like... apt-cache search network monitor might unveil a few other candidates... On Mon, 2002-04-29 at 18:26, Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford The I.T.E.C. Company P.M.B. 146 368 South McCaslin Boulevard Louisville, CO 80027 USA (303) 604-2550 (voice) (866) 604-2550 (toll free) (303) 664-0036 (fax) http://www.itec-co.com * The Information transmitted in this email is intended for the addressee only and may contain confidential and/or privileged material. Any review, retransmission or other use of the contents by persons other than the addressee is prohibited. If you have received this email in error, please contact the sender and delete the material. This message has been scanned by Norton Anti-Virus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- /* Chad C. Waters Knock Knock. - Who's there? /* [EMAIL PROTECTED] Bill Gates. - Bill Gates who? /* www.waterz.net Bill Gates it when you use Linux. signature.asc Description: This is a digitally signed message part
Re: A Linux version of system and network monitoring?
29 Apr 2002, Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford http://www.netsaint.org/ might be what your looking for. -- /Martin Grape Network and System Admin Trema (Europe) AB Email : [EMAIL PROTECTED]| Trema (Europe) AB Phone : +46-8-4061161 | Drottningatan 33, 1st floor GSM : +46-70-6326350| S-103 24 Stockholm, Sweden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. http://www.kernel.org/software/mon/ ? @+ -- DouRiX --- Crawford The I.T.E.C. Company P.M.B. 146 368 South McCaslin Boulevard Louisville, CO 80027 USA (303) 604-2550 (voice) (866) 604-2550 (toll free) (303) 664-0036 (fax) http://www.itec-co.com * The Information transmitted in this email is intended for the addressee only and may contain confidential and/or privileged material. Any review, retransmission or other use of the contents by persons other than the addressee is prohibited. If you have received this email in error, please contact the sender and delete the material. This message has been scanned by Norton Anti-Virus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Do-Risika RAFIEFERANTSIARONJY, SysAdmin mailto:[EMAIL PROTECTED] Simicro Internet, mailto:[EMAIL PROTECTED], http://internet.simicro.mg Tel : (+261) 20 22 648 83 (GMT +3), Fax : (+261) 20 22 661 83 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
- Original Message - From: Crawford Rainwater [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, April 30, 2002 1:26 AM Subject: A Linux version of system and network monitoring? Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford Maybe this will help... Regards, Jaan Debian Projecthttp://www.debian.org/ Debian based Telemetry Box Distribution released[EMAIL PROTECTED] January 25, 2001 [ This post was written by Christoph Lameter [EMAIL PROTECTED] ] Version 1.0 of the Telemetry Box Distribution has finally been released. The Tbox distribution is a Debian GNU/Linux 'potato' based custom Linux version for remote monitoring and maintenance of networks. A telemetry box allows remote management and diagnostics. It uses a customized version of netsaint to gather data. Netsaint has been enhanced so that the configuration is possible via the Tbox Webinterface through SQL structures. Netsaint logs into a SQL table. Tools on the Tbox can then display the data in a variety of ways (graphs or reports). Some of the functionality of the Tbox: - Discovery module (Scan network and write results to SQL database) - Ticket System (Can be hooked into siteROCKs problem tracking system). - PathFinder (Network infrastructure analysis and troubleshooting module written by me. Tested with monitoring all network paths to all educational institutions (edu.zone) for a week (3 IPs)). - Apache/PHP/MySQL/PHPMyadmin - Fully manageable via a webinterface. All major setup can be done via the Web. - SSH/HTTPS support out of the box. - Easy installation (network card detection, auto-partitioning and formatting, no useless questions asked) of Debian usable without any Unix know-how. - NT Diagnostic module (NSServicer) - Keynote data integration - Modified CURL tool that works as a URL analyzer for netsaint. - Report module: Performance data. Router data and graphical reports. - Intelligent ticket system (can localize point of network failure and asses impact of the failure) Installation from CD Image -- It is highly advisable to install from a CD image. The CD image at http://openrock.net/tb/iso/ccimage_v1.0.iso fits on a Credit Card sized CD (only 50 MB) and contains all functionality. I will have these CDs physically available at the LWE in Europe at the beginning of February. The telemetry software can be installed as an add on to existing Debian installations but it requires modifications to apache and/or PHP. See http://openrock.net for details. Opensource contributions Sources are available from http://openrock.net/tb/local/sources. Patches to existing software have been or will be contributed to the respective opensource projects. openrock.net has been outfitted with a kernel based http server (with patches implementing range and virtual hosting). Downloading should be no problem. Note that we do not consider this version to be of production quality. Some features are only working under certain conditions. Some components have a prototype character. There are various issues that are being improved on. Help would be appreciated. Ideally we would like to have everything part of standard Debian. The biggest problem was the ease of installation and handling which required some changes to packages which might not be welcome. siteROCK http://www.siterock.com the specialists for 24x7 monitoring made this release possible. Christoph Lameter, January 23, 2001 -- Nils Lohner E-Mail: [EMAIL PROTECTED] Debian Press Team Press: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
On Tue, Apr 30, 2002 at 07:38:59AM +0200, Wichert Akkerman wrote: Previously Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. netsaint, mon. tkined is useful as well (part of scotty now iirc). Netsaint is a very nice package, but it has been replaced by nagios. It is essentially the same thing, but netsaint is dead and won't be developed. There are no nagios debian packages that I know of. See http://www.netsaint.org/upcoming.php -- #!perl # Life ain't fair, but root passwords help. # Eric Veldhuyzen http://terra.nu/ $!=$;=$_+(++$_);($:,$~,$/,$^,$*,$@)=$!=~ # [EMAIL PROTECTED] /.(.)...(.)(.)(.)..(.)..(.)/;`$^$~$/$: $^$*$@$~ $_$;` #Perl Monger msg06530/pgp0.pgp Description: PGP signature
Re: Net-acct
Hi Marcel! On 30 Apr 2002, at 11:26, Marcel Welschbillig wrote: Has anyone got any scripts to get usefull per IP accounting info out of the net-acct log for a time period or know where i can get one ?? I know about http://phpipacstats.sourceforge.net/ Which is a really nice Webfrontend for ipac(-ng). bye Josef -- BERGMANN engineering consulting http://bec.at/ A great many people think they are thinking when they are really rearranging their prejudices. - Edward R. Murrow -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 30 April 2002 12:46 am, Martin Grape wrote: http://www.netsaint.org/ might be what your looking for. This has been ursurped by Nagios at http://www.nagios.org/ . I am working on debs for it. - -- Warren Turkal Linux User GPG Fingerprint: 30C8 BDF1 B133 14CB 832F 2C5D 99A1 A19F 559D 9E88 GPG Public Key @ http://www.cbu.edu/~wturkal/wturkal.gpg -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8zkyXmaGhn1WdnogRAqY+AJ0WOBRdxXv8/oh2FKW6tpkvDsi//gCeIhaq BBuUbF1uRVIOMsPH9SerBgE= =KtRM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Why is there a prompt for a root shell when the default linux kernel boots?
Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) This seems something related to the cramfs filesystem (ramdisk) but I'm not knowledgeable about it. I would like: 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual 2.- someone to step up an explain how to disable this behavior IMHO the boot-floppies kernel should not ship with this option enabled (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships with this. Regards Javi (Securing Debian Manual editor/author FYI) PS: I have been unable to find any reference on this in the debian mailing lists... msg06535/pgp0.pgp Description: PGP signature
Re: A Linux version of system and network monitoring?
On Mon, Apr 29, 2002 at 04:26:18PM -0600, Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. Though it specifically says it's not trying to compete with Tivoli and Openview: http://packages.debian.org/unstable/net/spong-server.html (and spong-client, and spong-network, and spong-www). May have already been mentioned on the isp list. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
PPTP with Encryption
Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
Last time I checked, PPTP comes with encryption. All you have to do is configure it. From Freshmeat: PoPToP About: PoPToP is a PPTP server for use in PPTP VPN environments. The current release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. With the relevant patches, PoPToP supports Windows PPTP clients with the full range of encryption and authentication features. From apt-cache: pptpd - PoPToP Point to Point Tunneling Server I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. -Anne On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ msg06538/pgp0.pgp Description: PGP signature
Re: PPTP with Encryption
At 8:43 AM -0700 4/30/02, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. Not unless the packaged pptpd/ppp has something else, from the poptop.org page: # Available PPPD patch allows Windows compatible encryption and authentication (MSCHAPv2 and MPPE 40-128 bit RC4 encryption) So it seems like theres SOMETHING I need to add to pppd to get encryption to work with it, and (from my reading) it seems like there's a patch that also needs to go in the kernel to make that pppd change work as well. D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
On Tue, Apr 30, 2002 at 12:03:09PM -0400, Derek J. Balling wrote: I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. Not unless the packaged pptpd/ppp has something else, from the poptop.org page: # Available PPPD patch allows Windows compatible encryption and authentication (MSCHAPv2 and MPPE 40-128 bit RC4 encryption) You're right.. (I guess you do want to encrypt to a Windows box, so make sure you're using full strength RC4.. 40 bit keys can be brute forced). According to the poptop FAQ: 3.0 PPP (and MSCHAPv2/MPPE) Installation It is only necessary to use PPP 2.3.8 if you want Microsoft compatible MSCHAPv2/MPPE authentication and encryption. The reason for this is that the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. If you don't need Microsoft compatible authentication/encryption any 2.3.x PPP source will be fine. [...] The instructions look like you need to make a kernel module. So it seems like theres SOMETHING I need to add to pppd to get encryption to work with it, and (from my reading) it seems like there's a patch that also needs to go in the kernel to make that pppd change work as well. Out of curiousity, why PPTP? Why not IPSec? There's better compatibility with IPSec (FreeSWAN), and it looks like poptop hasn't been updated in a long time (since 1999). Also, Win2K and I think (don't quote me on this) WinXP have builtin IPSec support. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ msg06540/pgp0.pgp Description: PGP signature
Re: PPTP with Encryption
You need the mppe-kernel-modul *and* a patch for the pppd. It would be really nice if there were .deb's Martin On Tue, Apr 30, 2002 at 08:43:21AM -0700, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. From Freshmeat: PoPToP About: PoPToP is a PPTP server for use in PPTP VPN environments. The current release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. With the relevant patches, PoPToP supports Windows PPTP clients with the full range of encryption and authentication features. From apt-cache: pptpd - PoPToP Point to Point Tunneling Server I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. -Anne On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
looks like there's a package for the patch: kernel-patch-mppe - ppp_mppe module for pppd xn On Tue, Apr 30, 2002 at 12:03:09PM -0400, Derek J. Balling wrote: At 8:43 AM -0700 4/30/02, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. Not unless the packaged pptpd/ppp has something else, from the poptop.org page: # Available PPPD patch allows Windows compatible encryption and authentication (MSCHAPv2 and MPPE 40-128 bit RC4 encryption) So it seems like theres SOMETHING I need to add to pppd to get encryption to work with it, and (from my reading) it seems like there's a patch that also needs to go in the kernel to make that pppd change work as well. D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling [EMAIL PROTECTED] wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? As a side note: have you considered that using the encryption in pptp forces you to store userpasswords in cleartext? For my ISP [1] that was a reason not to use pptp's encryption, especially since MS-CHAPv2 contains known security holes [2]. 1. http://www.xs4all.nl 2. http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/ -- Tim van Erven [EMAIL PROTECTED] OpenPGP Key ID: 712CB811Fingerprint: F6C9 61EE 242C C012 36D5 BBF8 6310 D557 712C B811 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
At 6:52 PM +0200 4/30/02, Tim van Erven wrote: On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling [EMAIL PROTECTED] wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? As a side note: have you considered that using the encryption in pptp forces you to store userpasswords in cleartext? For my ISP [1] that was a reason not to use pptp's encryption, especially since MS-CHAPv2 contains known security holes [2]. Yes, unfortunately, for our predominant workstation (Win98), M$'s PPTP client is ubiquitous and other solutions are not necessarily so commonly deployed. D (who would LOVE to move to a _MORE_ secure solution, but is content, for now, to only allow himself and one other to even have accounts on the box with the cleartext passwds) -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
yeah, it's a mess. i spent 2 days trying to get poptop working a few months ago. once i got everything patched and running and could setup a vpn between pptp-linux and pptpd, i still couldn't get win98 to connect to pptpd. i gave up and decided next time i'd try to use ipsec with freeswan. good luck, xn On Tue, Apr 30, 2002 at 01:20:21PM -0400, Derek J. Balling wrote: looks like there's a package for the patch: kernel-patch-mppe - ppp_mppe module for pppd Except that that patch is against 2.4.0 There's a lot of disjointed pieces, and not all of them seem to be maintained or kept current: o pptpd - which seems to (now) not require any special effort o pppd needs to be patched or include support for mppe o kernel needs to be patched or include support for mppe And that very chaos is what led me to ask if anyone has more current info on how to make this work? ;-) D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
On Tue, Apr 30, 2002 at 01:24:21PM -0400, Derek J. Balling wrote: As a side note: have you considered that using the encryption in pptp forces you to store userpasswords in cleartext? For my ISP [1] that was a reason not to use pptp's encryption, especially since MS-CHAPv2 contains known security holes [2]. Yes, unfortunately, for our predominant workstation (Win98), M$'s PPTP client is ubiquitous and other solutions are not necessarily so commonly deployed. D (who would LOVE to move to a _MORE_ secure solution, but is content, for now, to only allow himself and one other to even have accounts on the box with the cleartext passwds) Ugh.. I'd never be content with cleartext passwords, especially given how many security solutions are around today. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ msg06547/pgp0.pgp Description: PGP signature
Re: PPTP with Encryption
At 11:23 AM -0700 4/30/02, Anne Carasik wrote: (who would LOVE to move to a _MORE_ secure solution, but is content, for now, to only allow himself and one other to even have accounts on the box with the cleartext passwds) Ugh.. I'd never be content with cleartext passwords, especially given how many security solutions are around today. Falls in the category of show me another solution that's already on every user's system, and I'll happily drink of that fountain instead. I agree with you 100%, but in the environment I'm dealing with, folks are reticent to go add additional software to their expenses, and (for windows users, which like it or not is still 90+% of the userbase) almost any non-M$ solution incurs a cost. :( I'm not content with cleartext passwords, per se, but making do with such, and strictly limiting access to the box which has them visible, so maybe my choice of words was a bit wrong, but I didn't really want to have launch into the windows users are idiots who won't get REAL secure stuff, so I have to make do with what little security I can coax out of them diatribe. ;-) D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linuxkernel boots?
Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual Where is the problem ? You are installing a system. If you dont like the prompt, dont look at it. 2.- someone to step up an explain how to disable this behavior Dont look at it. Or dont install a system. PS: I have been unable to find any reference on this in the debian mailing lists... Because it is no problem. -- begin OjE-ist-scheisse.txt bye, Joerg Registered Linux User #97793 @ http://counter.li.org end -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 04:30:58PM +0200, Joerg Jaspert wrote: Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes: 2.- someone to step up an explain how to disable this behavior Dont look at it. Or dont install a system. Funny. However, the kernel used by the installation is setup as the default kernel. So it stays there after installation. PS: I have been unable to find any reference on this in the debian mailing lists... Because it is no problem. Believe me, it is. Feel free to point me to the place in the installation manual that explains this behaviour. Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 04:30:58PM +0200, Joerg Jaspert wrote: Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual Where is the problem ? You are installing a system. If you dont like the prompt, dont look at it. I did not understand his question as a problem - rather a request for information. I would also like to know. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch For whosoever will save his life shall lose it. But whosoever will lose his life for my sake, the same shall save it. Luke 9:24 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
#include hallo.h Javier Fernández-Sanguino Peña wrote on Tue Apr 30, 2002 um 03:50:27PM: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) This is a default for the initrd's linuxrc. You installed one of our official 2.4.x kernels. This seems something related to the cramfs filesystem (ramdisk) but I'm not knowledgeable about it. I would like: 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual Sense? This prompt is good for loading some modules when the autodetection fails, so it is only used in seldom cases. 2.- someone to step up an explain how to disable this behavior IMHO the boot-floppies kernel should not ship with this option enabled We do not. (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships Dito. Show me a system with such problem after a fresh installation. Javi (Securing Debian Manual editor/author FYI) Security, soso. Well, since this rescue environment has an executable shell with root permissions, it _may_ be a security hole, since you can damage partitions easily, for example. To disable this shell, edit /etc/mkinitrd/mkinitrd.conf and set DELAY=0. Then recreate the initrd image (dpkg-reconfigure kernel-image-2.4.x-yz). Gruss/Regards, Eduard. -- We are the OE of Borg. You will be quoted awfully. Sigtrenner is futile. msg06552/pgp0.pgp Description: PGP signature
Re: Why is there a prompt for a root shell when the default linuxkernel boots?
Javier Fernández-Sanguino Peña wrote: 2.- someone to step up an explain how to disable this behavior Maybe something like this: 1. In /etc/mkinitrd/mkinitrd.conf, set: DELAY=0 2. Then regenerate your ramdisk image, for example: cd /boot mkinitrd -o initrd.img-2.4.18-k7 /lib/modules/2.4.18-k7 (This is a guess by reading the docs, I have not tested myself). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 05:20:14PM +0200, Eduard Bloch wrote: (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships Dito. Show me a system with such problem after a fresh installation. I know two: my laptop (fresh woody installation, cdimages of last month) and a user who has complained to me. I will stamp the latest cdimage and test them (tomorrow)... Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
On Mon, Apr 29, 2002 at 04:26:18PM -0600, Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. I have been looking for such a thing for quite some time, there are already some very good answers in this thread. In any case, free software has yet to get to the functionality provided by the HP Openview suite or Tivoli. For example, there is not (yet) an integrated framework for both network management (through SNMP) and system management (through local agents) similar to the one provided by propietary systems. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Nobody mentioned it, but Debian ships also with cheops which provides a GNOME gui for network monitoring. *However* it is not as thorough as netsaint et al, useful if you want a GUI however. Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 06:05:27PM +0200, Javier Fernández-Sanguino Peña wrote: On Tue, Apr 30, 2002 at 05:20:14PM +0200, Eduard Bloch wrote: (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships Dito. Show me a system with such problem after a fresh installation. I know two: my laptop (fresh woody installation, cdimages of last month) and a user who has complained to me. I will stamp the latest cdimage and test them (tomorrow)... Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linuxkernel boots?
Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. The default install does not, but the bf2.4 flavor does. Please take a look at the dists/woody/main/disks-i386/current directory in the Debian archives. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linuxkernel boots?
On Tue, 30 Apr 2002, Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. That might be the default behaviour on an i386-compatible but on sparc (and probably all non-i386 archs) a 2.4 kernel is installed by the woody-install. IIRC even on an i386 a 2.4 kernel can be installed by woody through the bf2.4-flavour. regards, Thomas -- - Support bacteria - they're the only culture some people have -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 10:17:00PM +0200, Santiago Vila wrote: Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. The default install does not, but the bf2.4 flavor does. Please take a look at the dists/woody/main/disks-i386/current directory in the Debian archives. And the stock kernel images available in woody include 2.4 kernels. These, also, have an initrd that offers a root shell, I believe. Luca -- Luca Filipozzi, Debian Developer [dpkg] We are the apt. You will be packaged. Comply. gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue Apr 30, 2002 at 03:50:27PM +0200, Javier Fernández-Sanguino Peña wrote: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) This seems something related to the cramfs filesystem (ramdisk) but I'm not knowledgeable about it. I would like: It is there as part of the installer to make like easier for those wishing to do things that the installer does not support by default. It has nothing whatsoever to do with cramfs or the kernel. 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual This shell is part of the installer, not part of Debian. 2.- someone to step up an explain how to disable this behavior Do what you want to your boot-floppies. The boot-floppies have been this way for years and I like it as is. It is not a security hole. If some malicious person has physical accesss to your computer, you have far bigger problems than the Debian boot-floppies. -Erik -- Erik B. Andersen http://codepoet-consulting.com/ --This message was written using 73% post-consumer electrons-- msg06560/pgp0.pgp Description: PGP signature
Re: Why is there a prompt for a root shell when the default linux kernel boots?
#include hallo.h Luca Filipozzi wrote on Tue Apr 30, 2002 um 02:01:57PM: a look at the dists/woody/main/disks-i386/current directory in the Debian archives. And the stock kernel images available in woody include 2.4 kernels. These, also, have an initrd that offers a root shell, I believe. bf2.4 was _especially_ designed to be non-modular, working without initrd. Other (big) kernel-image-2.4.x packages use initrd. Gruss/Regards, Eduard. -- !netgod:*! time flies when youre using linux !doogie:*! yeah, infinite loops in 5 seconds. !Teknix:*! has anyone re-tested that with 2.2.x ? !netgod:*! yeah, 4 seconds now -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote: It is there as part of the installer to make like easier for those wishing to do things that the installer does not support by default. It has nothing whatsoever to do with cramfs or the kernel. you're just wrong. the 2.4 kernel images have a feature to drop to a prompt at boot time. this will come up at every boot. i question the utility of this feature, because there's not much you can do from this shell, but it's much to late to change at this point. it is worth documenting. -- Mike Stone msg06563/pgp0.pgp Description: PGP signature
Re: world readable log files and /etc/ files
On Mon, Apr 29, 2002 at 12:43:15PM +0200, Lupe Christoph wrote: On Monday, 2002-04-29 at 02:40:57 +1000, Ian Cumming wrote: I was just cleaning up after rebuilding a machine, and I decided to take a look at the log file and /etc permissions. [...] /etc/smb/smb.conf This one can have user names, so I guess it would be better off with tighter access modes. smbclient needs to read smb.conf, even when run by an unpriviledged user. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
A Linux version of system and network monitoring?
Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford The I.T.E.C. Company P.M.B. 146 368 South McCaslin Boulevard Louisville, CO 80027 USA (303) 604-2550 (voice) (866) 604-2550 (toll free) (303) 664-0036 (fax) http://www.itec-co.com * The Information transmitted in this email is intended for the addressee only and may contain confidential and/or privileged material. Any review, retransmission or other use of the contents by persons other than the addressee is prohibited. If you have received this email in error, please contact the sender and delete the material. This message has been scanned by Norton Anti-Virus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: world readable log files and /etc/ files
It is also important to remember not to chown log files. If you do this you could run into problems. The proccess that writes the file may not be able too. From: Wichert Akkerman [EMAIL PROTECTED] To: debian-security@lists.debian.org Subject: Re: world readable log files and /etc/ files Date: Sun, 28 Apr 2002 21:06:35 +0200 MIME-Version: 1.0 Received: from murphy.debian.org ([65.125.64.134]) by hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Sun, 28 Apr 2002 12:10:17 -0700 Received: (qmail 10946 invoked by uid 38); 28 Apr 2002 19:06:45 - Received: (qmail 10906 invoked from network); 28 Apr 2002 19:06:43 - Received: from cabal.xs4all.nl (HELO mx1.wiggy.net) ([EMAIL PROTECTED]) by murphy.debian.org with SMTP; 28 Apr 2002 19:06:43 - Received: from wichert by mx1.wiggy.net with local (Exim 3.35 #1 (Debian))id 171u0J-0003Ux-00for debian-security@lists.debian.org; Sun, 28 Apr 2002 21:06:35 +0200 X-Envelope-Sender: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Mail-Followup-To: debian-security@lists.debian.org References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.3.28i Resent-Message-ID: [EMAIL PROTECTED] Resent-From: debian-security@lists.debian.org X-Mailing-List: debian-security@lists.debian.org archive/latest/7034 X-Loop: debian-security@lists.debian.org List-Post: mailto:debian-security@lists.debian.org List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] Precedence: list Resent-Sender: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 28 Apr 2002 19:10:18.0777 (UTC) FILETIME=[561ED890:01C1EEE8] Previously Ian Cumming wrote: I was quite alarmed. There seem to be many files with world readable permissions, which _shouldnt_. If you don't trust your local users on a server you have a different problem imho. What is the policy for log files? I understand that it doesnt do _that_ much harm allowing others to read, but it does disclose more than I want to reveal. World-readable except for files with sensitive information. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Net-acct
Has anyone got any scripts to get usefull per IP accounting info out of the net-acct log for a time period or know where i can get one ?? Cheers Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
Previously Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. netsaint, mon. tkined is useful as well (part of scotty now iirc). Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
29 Apr 2002, Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford http://www.netsaint.org/ might be what your looking for. -- /Martin Grape Network and System Admin Trema (Europe) AB Email : [EMAIL PROTECTED]| Trema (Europe) AB Phone : +46-8-4061161 | Drottningatan 33, 1st floor GSM : +46-70-6326350| S-103 24 Stockholm, Sweden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. http://www.kernel.org/software/mon/ ? @+ -- DouRiX --- Crawford The I.T.E.C. Company P.M.B. 146 368 South McCaslin Boulevard Louisville, CO 80027 USA (303) 604-2550 (voice) (866) 604-2550 (toll free) (303) 664-0036 (fax) http://www.itec-co.com * The Information transmitted in this email is intended for the addressee only and may contain confidential and/or privileged material. Any review, retransmission or other use of the contents by persons other than the addressee is prohibited. If you have received this email in error, please contact the sender and delete the material. This message has been scanned by Norton Anti-Virus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Do-Risika RAFIEFERANTSIARONJY, SysAdmin mailto:[EMAIL PROTECTED] Simicro Internet, mailto:[EMAIL PROTECTED], http://internet.simicro.mg Tel : (+261) 20 22 648 83 (GMT +3), Fax : (+261) 20 22 661 83 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
- Original Message - From: Crawford Rainwater [EMAIL PROTECTED] To: debian-security@lists.debian.org Cc: debian-isp@lists.debian.org Sent: Tuesday, April 30, 2002 1:26 AM Subject: A Linux version of system and network monitoring? Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford Maybe this will help... Regards, Jaan Debian Projecthttp://www.debian.org/ Debian based Telemetry Box Distribution released[EMAIL PROTECTED] January 25, 2001 [ This post was written by Christoph Lameter [EMAIL PROTECTED] ] Version 1.0 of the Telemetry Box Distribution has finally been released. The Tbox distribution is a Debian GNU/Linux 'potato' based custom Linux version for remote monitoring and maintenance of networks. A telemetry box allows remote management and diagnostics. It uses a customized version of netsaint to gather data. Netsaint has been enhanced so that the configuration is possible via the Tbox Webinterface through SQL structures. Netsaint logs into a SQL table. Tools on the Tbox can then display the data in a variety of ways (graphs or reports). Some of the functionality of the Tbox: - Discovery module (Scan network and write results to SQL database) - Ticket System (Can be hooked into siteROCKs problem tracking system). - PathFinder (Network infrastructure analysis and troubleshooting module written by me. Tested with monitoring all network paths to all educational institutions (edu.zone) for a week (3 IPs)). - Apache/PHP/MySQL/PHPMyadmin - Fully manageable via a webinterface. All major setup can be done via the Web. - SSH/HTTPS support out of the box. - Easy installation (network card detection, auto-partitioning and formatting, no useless questions asked) of Debian usable without any Unix know-how. - NT Diagnostic module (NSServicer) - Keynote data integration - Modified CURL tool that works as a URL analyzer for netsaint. - Report module: Performance data. Router data and graphical reports. - Intelligent ticket system (can localize point of network failure and asses impact of the failure) Installation from CD Image -- It is highly advisable to install from a CD image. The CD image at http://openrock.net/tb/iso/ccimage_v1.0.iso fits on a Credit Card sized CD (only 50 MB) and contains all functionality. I will have these CDs physically available at the LWE in Europe at the beginning of February. The telemetry software can be installed as an add on to existing Debian installations but it requires modifications to apache and/or PHP. See http://openrock.net for details. Opensource contributions Sources are available from http://openrock.net/tb/local/sources. Patches to existing software have been or will be contributed to the respective opensource projects. openrock.net has been outfitted with a kernel based http server (with patches implementing range and virtual hosting). Downloading should be no problem. Note that we do not consider this version to be of production quality. Some features are only working under certain conditions. Some components have a prototype character. There are various issues that are being improved on. Help would be appreciated. Ideally we would like to have everything part of standard Debian. The biggest problem was the ease of installation and handling which required some changes to packages which might not be welcome. siteROCK http://www.siterock.com the specialists for 24x7 monitoring made this release possible. Christoph Lameter, January 23, 2001 -- Nils Lohner E-Mail: [EMAIL PROTECTED] Debian Press Team Press: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
On Tue, Apr 30, 2002 at 07:38:59AM +0200, Wichert Akkerman wrote: Previously Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. netsaint, mon. tkined is useful as well (part of scotty now iirc). Netsaint is a very nice package, but it has been replaced by nagios. It is essentially the same thing, but netsaint is dead and won't be developed. There are no nagios debian packages that I know of. See http://www.netsaint.org/upcoming.php -- #!perl # Life ain't fair, but root passwords help. # Eric Veldhuyzen http://terra.nu/ $!=$;=$_+(++$_);($:,$~,$/,$^,$*,$@)=$!=~ # [EMAIL PROTECTED] /.(.)...(.)(.)(.)..(.)..(.)/;`$^$~$/$: [EMAIL PROTECTED] $_$;` #Perl Monger pgpOMQ5D7dci0.pgp Description: PGP signature
Re: Net-acct
Hi Marcel! On 30 Apr 2002, at 11:26, Marcel Welschbillig wrote: Has anyone got any scripts to get usefull per IP accounting info out of the net-acct log for a time period or know where i can get one ?? I know about http://phpipacstats.sourceforge.net/ Which is a really nice Webfrontend for ipac(-ng). bye Josef -- BERGMANN engineering consulting http://bec.at/ A great many people think they are thinking when they are really rearranging their prejudices. - Edward R. Murrow -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unsubscribe
-Original Message- From: Jaan Sarv [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 30, 2002 8:21 AM To: debian-security@lists.debian.org Cc: debian-isp@lists.debian.org Subject: Re: A Linux version of system and network monitoring? - Original Message - From: Crawford Rainwater [EMAIL PROTECTED] To: debian-security@lists.debian.org Cc: debian-isp@lists.debian.org Sent: Tuesday, April 30, 2002 1:26 AM Subject: A Linux version of system and network monitoring? Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Thanks in advance. --- Crawford Maybe this will help... Regards, Jaan Debian Projecthttp://www.debian.org/ Debian based Telemetry Box Distribution released[EMAIL PROTECTED] January 25, 2001 [ This post was written by Christoph Lameter [EMAIL PROTECTED] ] Version 1.0 of the Telemetry Box Distribution has finally been released. The Tbox distribution is a Debian GNU/Linux 'potato' based custom Linux version for remote monitoring and maintenance of networks. A telemetry box allows remote management and diagnostics. It uses a customized version of netsaint to gather data. Netsaint has been enhanced so that the configuration is possible via the Tbox Webinterface through SQL structures. Netsaint logs into a SQL table. Tools on the Tbox can then display the data in a variety of ways (graphs or reports). Some of the functionality of the Tbox: - Discovery module (Scan network and write results to SQL database) - Ticket System (Can be hooked into siteROCKs problem tracking system). - PathFinder (Network infrastructure analysis and troubleshooting module written by me. Tested with monitoring all network paths to all educational institutions (edu.zone) for a week (3 IPs)). - Apache/PHP/MySQL/PHPMyadmin - Fully manageable via a webinterface. All major setup can be done via the Web. - SSH/HTTPS support out of the box. - Easy installation (network card detection, auto-partitioning and formatting, no useless questions asked) of Debian usable without any Unix know-how. - NT Diagnostic module (NSServicer) - Keynote data integration - Modified CURL tool that works as a URL analyzer for netsaint. - Report module: Performance data. Router data and graphical reports. - Intelligent ticket system (can localize point of network failure and asses impact of the failure) Installation from CD Image -- It is highly advisable to install from a CD image. The CD image at http://openrock.net/tb/iso/ccimage_v1.0.iso fits on a Credit Card sized CD (only 50 MB) and contains all functionality. I will have these CDs physically available at the LWE in Europe at the beginning of February. The telemetry software can be installed as an add on to existing Debian installations but it requires modifications to apache and/or PHP. See http://openrock.net for details. Opensource contributions Sources are available from http://openrock.net/tb/local/sources. Patches to existing software have been or will be contributed to the respective opensource projects. openrock.net has been outfitted with a kernel based http server (with patches implementing range and virtual hosting). Downloading should be no problem. Note that we do not consider this version to be of production quality. Some features are only working under certain conditions. Some components have a prototype character. There are various issues that are being improved on. Help would be appreciated. Ideally we would like to have everything part of standard Debian. The biggest problem was the ease of installation and handling which required some changes to packages which might not be welcome. siteROCK http://www.siterock.com the specialists for 24x7 monitoring made this release possible. Christoph Lameter, January 23, 2001 -- Nils Lohner E-Mail: [EMAIL PROTECTED] Debian Press Team Press: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 30 April 2002 12:46 am, Martin Grape wrote: http://www.netsaint.org/ might be what your looking for. This has been ursurped by Nagios at http://www.nagios.org/ . I am working on debs for it. - -- Warren Turkal Linux User GPG Fingerprint: 30C8 BDF1 B133 14CB 832F 2C5D 99A1 A19F 559D 9E88 GPG Public Key @ http://www.cbu.edu/~wturkal/wturkal.gpg -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8zkyXmaGhn1WdnogRAqY+AJ0WOBRdxXv8/oh2FKW6tpkvDsi//gCeIhaq BBuUbF1uRVIOMsPH9SerBgE= =KtRM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unsubscribe
-Original Message- From: Josef Bergmann [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 30, 2002 9:20 AM To: debian-security@lists.debian.org Subject: Re: Net-acct Hi Marcel! On 30 Apr 2002, at 11:26, Marcel Welschbillig wrote: Has anyone got any scripts to get usefull per IP accounting info out of the net-acct log for a time period or know where i can get one ?? I know about http://phpipacstats.sourceforge.net/ Which is a really nice Webfrontend for ipac(-ng). bye Josef -- BERGMANN engineering consulting http://bec.at/ A great many people think they are thinking when they are really rearranging their prejudices. - Edward R. Murrow -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Why is there a prompt for a root shell when the default linux kernel boots?
Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) This seems something related to the cramfs filesystem (ramdisk) but I'm not knowledgeable about it. I would like: 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual 2.- someone to step up an explain how to disable this behavior IMHO the boot-floppies kernel should not ship with this option enabled (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships with this. Regards Javi (Securing Debian Manual editor/author FYI) PS: I have been unable to find any reference on this in the debian mailing lists... pgpHp89rnAltZ.pgp Description: PGP signature
Re: Why is there a prompt for a root shell when the default linux kernel boots?
Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual Where is the problem ? You are installing a system. If you dont like the prompt, dont look at it. 2.- someone to step up an explain how to disable this behavior Dont look at it. Or dont install a system. PS: I have been unable to find any reference on this in the debian mailing lists... Because it is no problem. -- begin OjE-ist-scheisse.txt bye, Joerg Registered Linux User #97793 @ http://counter.li.org end -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 04:30:58PM +0200, Joerg Jaspert wrote: Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes: 2.- someone to step up an explain how to disable this behavior Dont look at it. Or dont install a system. Funny. However, the kernel used by the installation is setup as the default kernel. So it stays there after installation. PS: I have been unable to find any reference on this in the debian mailing lists... Because it is no problem. Believe me, it is. Feel free to point me to the place in the installation manual that explains this behaviour. Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
PPTP with Encryption
Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 04:30:58PM +0200, Joerg Jaspert wrote: Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual Where is the problem ? You are installing a system. If you dont like the prompt, dont look at it. I did not understand his question as a problem - rather a request for information. I would also like to know. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch For whosoever will save his life shall lose it. But whosoever will lose his life for my sake, the same shall save it. Luke 9:24 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
#include hallo.h Javier Fernández-Sanguino Peña wrote on Tue Apr 30, 2002 um 03:50:27PM: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) This is a default for the initrd's linuxrc. You installed one of our official 2.4.x kernels. This seems something related to the cramfs filesystem (ramdisk) but I'm not knowledgeable about it. I would like: 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual Sense? This prompt is good for loading some modules when the autodetection fails, so it is only used in seldom cases. 2.- someone to step up an explain how to disable this behavior IMHO the boot-floppies kernel should not ship with this option enabled We do not. (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships Dito. Show me a system with such problem after a fresh installation. Javi (Securing Debian Manual editor/author FYI) Security, soso. Well, since this rescue environment has an executable shell with root permissions, it _may_ be a security hole, since you can damage partitions easily, for example. To disable this shell, edit /etc/mkinitrd/mkinitrd.conf and set DELAY=0. Then recreate the initrd image (dpkg-reconfigure kernel-image-2.4.x-yz). Gruss/Regards, Eduard. -- We are the OE of Borg. You will be quoted awfully. Sigtrenner is futile. pgpFsgdqqTutt.pgp Description: PGP signature
Re: Why is there a prompt for a root shell when the default linux kernel boots?
Javier Fernández-Sanguino Peña wrote: 2.- someone to step up an explain how to disable this behavior Maybe something like this: 1. In /etc/mkinitrd/mkinitrd.conf, set: DELAY=0 2. Then regenerate your ramdisk image, for example: cd /boot mkinitrd -o initrd.img-2.4.18-k7 /lib/modules/2.4.18-k7 (This is a guess by reading the docs, I have not tested myself). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
Last time I checked, PPTP comes with encryption. All you have to do is configure it. From Freshmeat: PoPToP About: PoPToP is a PPTP server for use in PPTP VPN environments. The current release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. With the relevant patches, PoPToP supports Windows PPTP clients with the full range of encryption and authentication features. From apt-cache: pptpd - PoPToP Point to Point Tunneling Server I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. -Anne On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpoTiz2GzaBc.pgp Description: PGP signature
Re: PPTP with Encryption
At 8:43 AM -0700 4/30/02, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. Not unless the packaged pptpd/ppp has something else, from the poptop.org page: # Available PPPD patch allows Windows compatible encryption and authentication (MSCHAPv2 and MPPE 40-128 bit RC4 encryption) So it seems like theres SOMETHING I need to add to pppd to get encryption to work with it, and (from my reading) it seems like there's a patch that also needs to go in the kernel to make that pppd change work as well. D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 05:20:14PM +0200, Eduard Bloch wrote: (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships Dito. Show me a system with such problem after a fresh installation. I know two: my laptop (fresh woody installation, cdimages of last month) and a user who has complained to me. I will stamp the latest cdimage and test them (tomorrow)... Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
On Tue, Apr 30, 2002 at 12:03:09PM -0400, Derek J. Balling wrote: I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. Not unless the packaged pptpd/ppp has something else, from the poptop.org page: # Available PPPD patch allows Windows compatible encryption and authentication (MSCHAPv2 and MPPE 40-128 bit RC4 encryption) You're right.. (I guess you do want to encrypt to a Windows box, so make sure you're using full strength RC4.. 40 bit keys can be brute forced). According to the poptop FAQ: 3.0 PPP (and MSCHAPv2/MPPE) Installation It is only necessary to use PPP 2.3.8 if you want Microsoft compatible MSCHAPv2/MPPE authentication and encryption. The reason for this is that the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. If you don't need Microsoft compatible authentication/encryption any 2.3.x PPP source will be fine. [...] The instructions look like you need to make a kernel module. So it seems like theres SOMETHING I need to add to pppd to get encryption to work with it, and (from my reading) it seems like there's a patch that also needs to go in the kernel to make that pppd change work as well. Out of curiousity, why PPTP? Why not IPSec? There's better compatibility with IPSec (FreeSWAN), and it looks like poptop hasn't been updated in a long time (since 1999). Also, Win2K and I think (don't quote me on this) WinXP have builtin IPSec support. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpx2WQb2HIoE.pgp Description: PGP signature
Re: PPTP with Encryption
You need the mppe-kernel-modul *and* a patch for the pppd. It would be really nice if there were .deb's Martin On Tue, Apr 30, 2002 at 08:43:21AM -0700, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. From Freshmeat: PoPToP About: PoPToP is a PPTP server for use in PPTP VPN environments. The current release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. With the relevant patches, PoPToP supports Windows PPTP clients with the full range of encryption and authentication features. From apt-cache: pptpd - PoPToP Point to Point Tunneling Server I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. -Anne On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
looks like there's a package for the patch: kernel-patch-mppe - ppp_mppe module for pppd xn On Tue, Apr 30, 2002 at 12:03:09PM -0400, Derek J. Balling wrote: At 8:43 AM -0700 4/30/02, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. Not unless the packaged pptpd/ppp has something else, from the poptop.org page: # Available PPPD patch allows Windows compatible encryption and authentication (MSCHAPv2 and MPPE 40-128 bit RC4 encryption) So it seems like theres SOMETHING I need to add to pppd to get encryption to work with it, and (from my reading) it seems like there's a patch that also needs to go in the kernel to make that pppd change work as well. D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling [EMAIL PROTECTED] wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? As a side note: have you considered that using the encryption in pptp forces you to store userpasswords in cleartext? For my ISP [1] that was a reason not to use pptp's encryption, especially since MS-CHAPv2 contains known security holes [2]. 1. http://www.xs4all.nl 2. http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/ -- Tim van Erven [EMAIL PROTECTED] OpenPGP Key ID: 712CB811Fingerprint: F6C9 61EE 242C C012 36D5 BBF8 6310 D557 712C B811 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
looks like there's a package for the patch: kernel-patch-mppe - ppp_mppe module for pppd Except that that patch is against 2.4.0 There's a lot of disjointed pieces, and not all of them seem to be maintained or kept current: o pptpd - which seems to (now) not require any special effort o pppd needs to be patched or include support for mppe o kernel needs to be patched or include support for mppe And that very chaos is what led me to ask if anyone has more current info on how to make this work? ;-) D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
At 6:52 PM +0200 4/30/02, Tim van Erven wrote: On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling [EMAIL PROTECTED] wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? As a side note: have you considered that using the encryption in pptp forces you to store userpasswords in cleartext? For my ISP [1] that was a reason not to use pptp's encryption, especially since MS-CHAPv2 contains known security holes [2]. Yes, unfortunately, for our predominant workstation (Win98), M$'s PPTP client is ubiquitous and other solutions are not necessarily so commonly deployed. D (who would LOVE to move to a _MORE_ secure solution, but is content, for now, to only allow himself and one other to even have accounts on the box with the cleartext passwds) -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
yeah, it's a mess. i spent 2 days trying to get poptop working a few months ago. once i got everything patched and running and could setup a vpn between pptp-linux and pptpd, i still couldn't get win98 to connect to pptpd. i gave up and decided next time i'd try to use ipsec with freeswan. good luck, xn On Tue, Apr 30, 2002 at 01:20:21PM -0400, Derek J. Balling wrote: looks like there's a package for the patch: kernel-patch-mppe - ppp_mppe module for pppd Except that that patch is against 2.4.0 There's a lot of disjointed pieces, and not all of them seem to be maintained or kept current: o pptpd - which seems to (now) not require any special effort o pppd needs to be patched or include support for mppe o kernel needs to be patched or include support for mppe And that very chaos is what led me to ask if anyone has more current info on how to make this work? ;-) D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
On Tue, Apr 30, 2002 at 01:24:21PM -0400, Derek J. Balling wrote: As a side note: have you considered that using the encryption in pptp forces you to store userpasswords in cleartext? For my ISP [1] that was a reason not to use pptp's encryption, especially since MS-CHAPv2 contains known security holes [2]. Yes, unfortunately, for our predominant workstation (Win98), M$'s PPTP client is ubiquitous and other solutions are not necessarily so commonly deployed. D (who would LOVE to move to a _MORE_ secure solution, but is content, for now, to only allow himself and one other to even have accounts on the box with the cleartext passwds) Ugh.. I'd never be content with cleartext passwords, especially given how many security solutions are around today. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpWoXwofngwG.pgp Description: PGP signature
Re: PPTP with Encryption
At 11:23 AM -0700 4/30/02, Anne Carasik wrote: (who would LOVE to move to a _MORE_ secure solution, but is content, for now, to only allow himself and one other to even have accounts on the box with the cleartext passwds) Ugh.. I'd never be content with cleartext passwords, especially given how many security solutions are around today. Falls in the category of show me another solution that's already on every user's system, and I'll happily drink of that fountain instead. I agree with you 100%, but in the environment I'm dealing with, folks are reticent to go add additional software to their expenses, and (for windows users, which like it or not is still 90+% of the userbase) almost any non-M$ solution incurs a cost. :( I'm not content with cleartext passwords, per se, but making do with such, and strictly limiting access to the box which has them visible, so maybe my choice of words was a bit wrong, but I didn't really want to have launch into the windows users are idiots who won't get REAL secure stuff, so I have to make do with what little security I can coax out of them diatribe. ;-) D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
On Mon, Apr 29, 2002 at 04:26:18PM -0600, Crawford Rainwater wrote: Folks, Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. I have been looking for such a thing for quite some time, there are already some very good answers in this thread. In any case, free software has yet to get to the functionality provided by the HP Openview suite or Tivoli. For example, there is not (yet) an integrated framework for both network management (through SNMP) and system management (through local agents) similar to the one provided by propietary systems. This would be used to monitor a remote system being up or down along with potentially UPS networked device as well. Nobody mentioned it, but Debian ships also with cheops which provides a GNOME gui for network monitoring. *However* it is not as thorough as netsaint et al, useful if you want a GUI however. Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 06:05:27PM +0200, Javier Fernández-Sanguino Peña wrote: On Tue, Apr 30, 2002 at 05:20:14PM +0200, Eduard Bloch wrote: (whatever this is for). I was quite surprised when I saw this but a user has just mailed me asking for an answer on why does Debian woody ships Dito. Show me a system with such problem after a fresh installation. I know two: my laptop (fresh woody installation, cdimages of last month) and a user who has complained to me. I will stamp the latest cdimage and test them (tomorrow)... Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. The default install does not, but the bf2.4 flavor does. Please take a look at the dists/woody/main/disks-i386/current directory in the Debian archives. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, 30 Apr 2002, Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. That might be the default behaviour on an i386-compatible but on sparc (and probably all non-i386 archs) a 2.4 kernel is installed by the woody-install. IIRC even on an i386 a 2.4 kernel can be installed by woody through the bf2.4-flavour. regards, Thomas -- - Support bacteria - they're the only culture some people have -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 10:17:00PM +0200, Santiago Vila wrote: Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. The default install does not, but the bf2.4 flavor does. Please take a look at the dists/woody/main/disks-i386/current directory in the Debian archives. And the stock kernel images available in woody include 2.4 kernels. These, also, have an initrd that offers a root shell, I believe. Luca -- Luca Filipozzi, Debian Developer [dpkg] We are the apt. You will be packaged. Comply. gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue Apr 30, 2002 at 03:50:27PM +0200, Javier Fernández-Sanguino Peña wrote: Culd someone explain why is there a root shell prompt for the Linux kernel: Press ENTER to obtain a shell (waits 5 seconds) This seems something related to the cramfs filesystem (ramdisk) but I'm not knowledgeable about it. I would like: It is there as part of the installer to make like easier for those wishing to do things that the installer does not support by default. It has nothing whatsoever to do with cramfs or the kernel. 1.- an explanation on why this is shipped by default (to add it to the Securing Debian Manual This shell is part of the installer, not part of Debian. 2.- someone to step up an explain how to disable this behavior Do what you want to your boot-floppies. The boot-floppies have been this way for years and I like it as is. It is not a security hole. If some malicious person has physical accesss to your computer, you have far bigger problems than the Debian boot-floppies. -Erik -- Erik B. Andersen http://codepoet-consulting.com/ --This message was written using 73% post-consumer electrons-- pgpT7x8wY2chO.pgp Description: PGP signature
Re: Why is there a prompt for a root shell when the default linux kernel boots?
#include hallo.h Luca Filipozzi wrote on Tue Apr 30, 2002 um 02:01:57PM: a look at the dists/woody/main/disks-i386/current directory in the Debian archives. And the stock kernel images available in woody include 2.4 kernels. These, also, have an initrd that offers a root shell, I believe. bf2.4 was _especially_ designed to be non-modular, working without initrd. Other (big) kernel-image-2.4.x packages use initrd. Gruss/Regards, Eduard. -- !netgod:*! time flies when youre using linux !doogie:*! yeah, infinite loops in 5 seconds. !Teknix:*! has anyone re-tested that with 2.2.x ? !netgod:*! yeah, 4 seconds now -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote: It is there as part of the installer to make like easier for those wishing to do things that the installer does not support by default. It has nothing whatsoever to do with cramfs or the kernel. This is what I was thinking at first, but it sounds from further discussion like this shell is still there after installation has completed and the machine has been rebooted. Like whatever it is that spawns that shell is still present in the initrd that is installed with the kernel. And this is the case only if using the kernel 2.4 boot floppies. Is this all accurate? noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpTfJdA5nqFS.pgp Description: PGP signature
Re: Why is there a prompt for a root shell when the default linux kernel boots?
On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote: It is there as part of the installer to make like easier for those wishing to do things that the installer does not support by default. It has nothing whatsoever to do with cramfs or the kernel. you're just wrong. the 2.4 kernel images have a feature to drop to a prompt at boot time. this will come up at every boot. i question the utility of this feature, because there's not much you can do from this shell, but it's much to late to change at this point. it is worth documenting. -- Mike Stone pgpz3gzauyD0S.pgp Description: PGP signature
RE: Why is there a prompt for a root shell when the default linuxkernel boots?
Where might one find documentation on this bf2.4 kernel? Javier Fernández-Sanguino Peña wrote: Now that I think of it this might be an issue with self-installed kernels. I'm going to document this behavior in the Manual, commit the changes and close the bug. Of course, woody does *not* install 2.4 kernels IIRC. The default install does not, but the bf2.4 flavor does. Please take a look at the dists/woody/main/disks-i386/current directory in the Debian archives. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]