Re: Securing system
The only thing you might trust is ssh. The only way to be safe is to not have your computer connected to the internet at all. :) In article [EMAIL PROTECTED] you wrote: : Hi Mark, : The first thing you should do is comment telnet back in until you have drawn up your security strategy ;-) : The standard things people will tell you to do are: : - turn everything off : - use inetd/wrappers with PARANOIA for anything you *have* to have on : - use packet filtering ie ipchains : - use a logchecker : - keep backups for WHEN you get broken into. : Unfortunately if you are on a cable modem you are easy meat since your available 24/7 and because often the people who connect have no real security idea they are a useful staging post for a cracker. I currently get scanned about 2x a day at work and often they are from IP's that resolve to cable modems. : I would suggest that you ate tke time to review material at cert such as the architectural design of unix security, the LDP has some good links and there is the security HOWTO (or equiv titled). For a faster/dirtier guide try: : https://www.seifried.org/lasg/ : This is a book on securing your system by Kurt Seifried, I haven't read the new version but the first one was perfectly capable if RH focused. : HTH, : Steve : On Sun, Jul 04, 1999 at 02:21:58PM -0700, Mark Wagnon wrote: : Hi all: : : Okay. I seem to have my two computers networked together. In fact I've : telneted into my machine that has a direct internet connection to : write this email. : : I have some questions on how to go about making my system more : secure. When I first had my cable modem installed, one of the first : things I did was comment out the services in /etc/inet.conf. Now I've : gone back and un-commented the line for telnet (I assumed I had to in : order to telnet into my gateway (is that right?)). But i've read in : the past that telnet isn't very secure and that people can intercept : logins and passwords when one telnets to a computer. : : Can anyone supply some security related resources that can get this : neophyte started? I realize that the first thing I should do is : upgrade my kernel (and I'll do it today). : : tia : -- : __ _ : Mark Wagnon Debian GNU/ -o) / / (_)__ __ __ : Chula Vista, CA /\\/ /__/ / _ \/ // /\ \/ / : [EMAIL PROTECTED] _\_v/_/_//_/\_,_/ /_/\_\ :http://www.debian.org : : : -- : Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null : -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -Maxime De La Rochefoucauld 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: /etc/profile not executable
In article [EMAIL PROTECTED] you wrote: : Last week I installed Debian-2.1 on a few machines, then : I attempted to put some configuration into profile. Actually : I created a directory /etc/profile.d and a few scripts within : it. /etc/profile was modified with : for file in /etc/profile.d/*.sh ; do : if [ -x $file ] ; then :. $file : fi : done : Well, this didn't work. I hadn't gotten it to work at home : either (back in May when I first got 2.1). : Curious, I put in some echo lines, and finally discovered : that /etc/profile was never executed. Soon I found out why, : just look at the permissions! : -rw-r--r-- 1 root root 412 May 21 03:08 /etc/profile : drwxr-xr-x 2 root root 1024 May 21 03:20 /etc/profile.d : The shell never even attempts to execute profile, so it never : gets a chance to descend into the subdirectory profile.d. : /etc/profile should be exectuable by everyone. : #chmod 755 /etc/profile /etc/profile should not be executable. It does not contain a #!/bin/sh in the begin, because it is used by all bourne shell clones, as well as korn shell. First please make sure that the scripts in /etc/profile.d are executable since you are checking, though they need not be. Second understand that login shells run /etc/profile. Other shells like xterms do not, unless you use the -ls option. Login shells can be checked because they print the message of the day. Other shells do not. I do not like this action. And have ~/.bashrc do a . /etc/profile But please remember that /etc/profile is a global change, and should only be done there when you want all users to be affected. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: wmware on Debian
In article [EMAIL PROTECTED] you wrote: : Has anyone installed VMware on a Debian system? There are no instructions on : their website for Debian, only SuSE, Caldera, and RedHat. : Just download the tarball and follow the instructions. Worked a treat for : me. : That is, until I decided it was crap and removed it ;) VMware is really great and really worth the $99 bucks. :) -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: syslog: ----MARK---- ?
In article [EMAIL PROTECTED] you wrote: : The above message keeps popping up in my syslog every 20 minutes, and : I couldn't figure out from where it originated. My guess is smail, but : smail's configuration files did not provide any clues either. It's from the logging program, it put those in just so you know it's still working. Don't worry about it, it can save a lot of grief. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: Dselect odd behaviour
In article [EMAIL PROTECTED] you wrote: : I'm using dselect under potato using apt to ftp://sunsite.org.uk/ : and something strange seems to have happened. I did an 'update' and : now all the descriptions have disappeared. Also most of the packages : I don't have installed have gone. I've tryed updating again but to : no avail. Any hints on how to deal with this? Have you tried another mirror? Try editing your /etc/apt/source.list file and use ftp://ftp.debian.org, just to check. Occasionally mirrors don't get update correctly. I've gotten this before when using the canadian mirror. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: libc6-2.1.1 ... safe to install?
In article [EMAIL PROTECTED] you wrote: : On 10-May-99 J Horacio MG wrote: : I have some packages which require version 2.1.1 from libc6 (which I : expect it can be found in potato). My question is, do I have to expect : any problems if I install it in slink, or is it just as straight forward : as upgrading any other package? : If you upgrade a slink installation to libc6 2.1.1, you will probably have : some problems. I know I did, and I went back to libc6 2.07 : I suppose you could upgrade to potato and avoid the problems. : If you try it on a slink system, do not go back from the potato version of : ld.so to the slink version or you will break the system; I just kept the newer : ld.so when I went back to the older libc6. Do not upgrade only libc6. It will break your system if you do. If you want to upgrade to libc6, upgrade all the way to potato. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: Re[2]: libc6-2.1.1 ... safe to install?
In article [EMAIL PROTECTED] you wrote: : [EMAIL PROTECTED] (Phillip Deackes) writes: :I had three problems. The first, JAVA, has now been resolved. : How was it solved? Is there a new jdk package which works? It hasn't. IIRC, The jdk maintainer can't get it to compiler. : A problem which is solved is octave which is now working. : wmaker has some problems, but works. qps dumps core. gif2png dumps : core. Looks like the maintainers hadn't recompiler them yet. : smail behaves strangely. Use exim, it is the default sendmail replacement, since slink. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: dhcpc breaks when I use kernel 2.2.7
In article [EMAIL PROTECTED] you wrote: : Hi, I'm finally switching from kernel 2.0.35 to the new 2.2.7 kernel : and I'm having problems with the dhcpc daemon. Namely, it doesn't : seem to work. : My ethernet card shows up at boot time with both kernels, all daemons : seem to start up properly with no errors. Has anyone seen anything : like this? : I'm using the following dhcpcd client: : dhcpcd 0.70-5 a DHCP client The networking model for Linux change drastically between 2.0.x and 2.2.x. DHCP completely breaks, do a search in dselect for dhcp, there is a version which works. If you don't see one, I know it's in potato. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: libc6-2.1.1 ... safe to install?
On Wed, May 12, 1999 at 02:07:32PM +0200, J Horacio MG wrote: ~ In article [EMAIL PROTECTED] you wrote: ~ ~ : On 10-May-99 J Horacio MG wrote: ~ : I have some packages which require version 2.1.1 from libc6 (which I ~ : expect it can be found in potato). My question is, do I have to expect ~ : any problems if I install it in slink, or is it just as straight forward ~ : as upgrading any other package? ~ ~ : If you upgrade a slink installation to libc6 2.1.1, you will probably have ~ : some problems. I know I did, and I went back to libc6 2.07 ~ ~ : I suppose you could upgrade to potato and avoid the problems. ~ ~ : If you try it on a slink system, do not go back from the potato version of ~ : ld.so to the slink version or you will break the system; I just kept the newer ~ : ld.so when I went back to the older libc6. ~ ~ Do not upgrade only libc6. It will break your system if you do. If ~ you want to upgrade to libc6, upgrade all the way to potato. So, what's the list of what should be upgraded? I would imagine that the first thing to do is to compile and run a 2.2.x kernel, the entire potato base directory... what else? Yes, running 2.2.x kernel is very helpful. I know that things like Eterm, and ssh use the new pts/# terminals rather then ttyp#. The best way to upgrade from slink to potato, is to edit your /etc/apt/sources.list file, which contains where you get packages via ftp or http. And change stable (or slink) to potato. Then do a apt-get update, apt-get upgrade-dist. This might be a problem however, since libc6-2.1 conflicts with the timezone package. This is because libc6 now provides timezones. It can be a very complicated mess. I've also seen on this thread someone saying about the need to upgrade the X system... to xfree 3.3.3? If your running the current xfree86 version in slink, the upgrade to 3.3.3.1 will be just fine. Amazingly they did a fairly good job on it. It will run fine, I did rerun XF86Setup. My card is better supported in 3.3.3.1, and I got my some problems fix doing so. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Roxen
Hi, I'm interested in using the Roxen webserver, however, I'm currently running Apache, and don't want anything to break. Does anyone know of any problems which will occur if I do so? -dan PS. Please cc me a copy of any replies. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: error 550 not a plain file (NEWBIE ?)
In article [EMAIL PROTECTED] you wrote: : I've got debian as far as my first boot but can't get dselect to install my : packages via ftp and am not too keen on the alternatives. It connects to the : site but returns the message 'not a plain file' when attempting to open : 'Packages.gz'. Any help would be realy appreciated. Try using another server. Also if your going to ftp, might as well use apt, it's far nicer and will take many different locations to build the package listing. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: .forward file -- How do you retain a copy when forwaeding
In article [EMAIL PROTECTED] you wrote: : Basically I want to send a copy mail received by my work account : to my home account and not erase it on my work account. The simple solution is to use procmail. Though I don't know the exact things to put in your ~/.procmailrc file. I have used it to mail messages of certain critera to another account, as well as saving it in another mailbox on the host system. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: GNOME install
In article [EMAIL PROTECTED] you wrote: : I run slink and would like to know the best way (and easy) to get gnome : installed. : Are there .deb packages for gnome 1.0.x? : May I just get the .debs and install on slink or I need potato? Check out this url: http://www.debian.org/~jim/debian-gtk-gnome -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: How unstable is unstable?
In article [EMAIL PROTECTED] you wrote: Your problem was you didn't upgrade fully... Debian Potato is a major change from slink (2.2). Potato binaries will not always run reliably on previous systems, because Potato now run glibc2.1 while slink run glibc2.0 : I've sworn off the unstable directory since I downloaded a buggy C library : that trashed by entire system. I ended up having to do a reinstall from : bootable CD because even the mount command couldn't complete its task. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: tz screwed up with new libc 2.1
In article [EMAIL PROTECTED] you wrote: : I just upgraded from 2.07 to glibc 2.1. : alls well except the octton picking time zone. libc6 now provides timezones, and therefore must conflict with timezones. So my suggestion is to install libc6, and not timezones. : if i have /etc/locatime -- /usr/share/zoneinfo/EST5EDT for example, i : get a time 4 hours earlier that it really is. i switched over to NT : and the time reads correct there. Are you running at UTC time? Check /etc/default/rcS Also did you try to reboot? There was a race condition which was affecting cron, which I believe was corrected, but I might be wrong. : if i pull the link in /etc, i get : (gustav)~/: date : Sun Apr 25 21:00:16 /etc/localtime 1999 : which happens to be the correct time, but when i send mail: : Date: Sun, 25 Apr 1999 20:57:37 + (/etc/localtime) cuz you have not time zone set -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
Re: Debian vs. RedHat
In article [EMAIL PROTECTED] you wrote: : In article [EMAIL PROTECTED], : Luca Filipozzi [EMAIL PROTECTED] wrote: : :It's unfortunate that the Debian install is difficult in comparison to : :RedHat. : In some ways, I actually think it's hard compared to Slackware. And : that's BAD.. Honestly how often do you install? Hopefully not very often. : :I prefer Debian because I think that it is more solidly built : :distribution than RedHat. : Well, more *logically* built anyway. In fact, I think it's about the most : logically built Linux distribution I've seen. The solid part is : something I'm still trying and failing to convince myself of (see : below). Part of the problem with RH updating is very difficult. : :The debian package selection tool, dselect, is : :*very* good and powerful. : Here's the fun part. What it *tries* to do is very good and powerful. : Unfortunately, it doesn't seem to be able to do it without generating : profuse errors faster than the eye can read for screens and screens. I : was told back in the Hamm days that this was normal, that dselect checks : dependencies but not incorrect sequences of installation (i.e., accessory : components could try to throw themselves at the drive before the program : they go with existed). I could hardly believe it. The official word from : the Debian site was that you were supposed to run dselect over and over : until the pieces fell into place, that enough runs and it'd all get : there, maybe messy, but it's all there, right? Oh brother. Dselect is a major problem, however it's actually not that bad. I have no problems with dselect. : So then they started making promises about apt. When Slink comes : out it'll all work right. Well, Slink is out, and I've just installed : it, and I don't think I could even count the errors refering to : non-existent (not yet installed) components I've just seen racing past my : screen as the components try to throw themselves into apps that aren't : there. Same as Hamm. Where does apt even enter into this? The install : put me in dselect -- does dselect control apt in the background? I : wonder, because I never saw it. Apt unfortunately isn't fully complete in Slink. The Potato version is more full feature. Apt is the Future Debian Package Manager. IMHO, the Slink version seems to be a front-end to dpkg. It since if you know what package you want, but other then that not much. Apt however does do a better job at calculating depencies. Which means, the order of installation. It will reduce the number of problems, but won't catch all of them. Apt will however attempt to install packages which didn't install the first time. Apt is also nice, because it allows me to get packages off of multiple sites. In dselect, select Access and choose Apt. It will then use apt instead of dpkg. Apt will install, configure, and remove all in one run in Install so you won't need to use config and remove. And always remember that packages may be broken :( especially in Unstable. : Are we supposed to believe that verbose diagnostics like this : are indicative of an installation that's OK??? Sure why not. J/K? There is far too many messages flying by the screen and it's impossible to read it all. -- Dan Nguyen | It is with true love as it is with ghosts; [EMAIL PROTECTED] | everyone talks of it, but few have seen it. [EMAIL PROTECTED]| -La Rochefocauld, Maxims 25 2F 99 19 6C C9 19 D6 1B 9F F1 E0 E9 10 4C 16
