SSH and chroot()
Hi all, I've written a small patch for F-Secure SSH version 1 (1.2.30) which adds a chroot() to home directory option to SSH. Basically this works by specifying GuestUser directives in /etc/sshd_config, listing which users should be chroot()ed to their home. I have informed the SSH mailing list, but I have had no response, so I guess F-secure has abandoned SSH 1 and they are not adding new features anyway. Having said that, I believe it is a useful and security-enhancing feature (certainly in my case!). The patch is at: http://chris.ritc.co.uk/ssh.patch comments would be appreciated =) Cheers, Chris. ___ __ _ / __// / ,__(_)_ | Chris Wilson <[EMAIL PROTECTED]> | Phone: 01223 503 190 | / (_ / ,\/ _/ /_ \ | Tech Director - Caliday Project | RITC (Cambridge) Ltd | \ _//_/_/_//_/___/ | Unix Systems & Network Engineer | Cambridge CB5 8LA UK |
Re: LinkWalker
I have this same robot on my site. Can i Block this robot using .htaccess files..??? Chris http://www.truefootball.com http://www.worldofjerseys.com
Re: LinkWalker
I have this same robot on my site. Can i Block this robot using .htaccess files..??? Chris http://www.truefootball.com http://www.worldofjerseys.com
SSH and chroot()
Hi all, I've written a small patch for F-Secure SSH version 1 (1.2.30) which adds a chroot() to home directory option to SSH. Basically this works by specifying GuestUser directives in /etc/sshd_config, listing which users should be chroot()ed to their home. I have informed the SSH mailing list, but I have had no response, so I guess F-secure has abandoned SSH 1 and they are not adding new features anyway. Having said that, I believe it is a useful and security-enhancing feature (certainly in my case!). The patch is at: http://chris.ritc.co.uk/ssh.patch comments would be appreciated =) Cheers, Chris. ___ __ _ / __// / ,__(_)_ | Chris Wilson <[EMAIL PROTECTED]> | Phone: 01223 503 190 | / (_ / ,\/ _/ /_ \ | Tech Director - Caliday Project | RITC (Cambridge) Ltd | \ _//_/_/_//_/___/ | Unix Systems & Network Engineer | Cambridge CB5 8LA UK | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
At 07:27 AM 5/21/01 +0200, Robert Waldner wrote: >On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: >>I know this isn't Debian specific. But I'm just wondering if it's fine >>to route routable IP addresses over non-routable IP addresess. > >Yes, although many would consider it bad practice (I am an example), > because you´ll face trouble when you have to debug something, and have > non-routable IPs on some path. We should probably clarify "non-routable" by saying "non-publicly routable". Routers have no concept of restricted ip ranges other than what is programed into them. As long as you are debugging from a place that "knows about" your private ip's, there shouldn't be a problem. At GE we cross privates to go from public to public all the time. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
At 08:00 AM 5/22/01 +0200, Robert Waldner wrote: > >On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>We should probably clarify "non-routable" by saying "non-publicly routable". > >Well, we could also say RFC1918, couldn´t we ;-? LOL >- DNS, you´ll have to set up split DNS for your RFC1918- and external > IPs I consider that to be good sense from a security standpoint regardless. >- in Real Life, you sometimes _will_ have to debug from the outside of > your network >- in Real Life, someone else _will_ debug from the outside (and quite > probably complain about the RFC1918-IPs or simply be fed up) Hehe, yeah I receive complaints from those people from time to time. :D But it's a moot point since the firewalls filter anything useful... ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
While we're on this subject, does anyone know what IANA plans to do with the vast number of "reserved" ip ranges. There are atleast 75 reserved class A ranges that I don't know what they're reserved for. People are claiming we're running out of ip addresses but as far as I can see there's more than enough left for decades to come. At 09:28 PM 6/1/01 +0200, Marc Haber wrote: >On Tue, 22 May 2001 08:00:01 +0200, Robert Waldner ><[EMAIL PROTECTED]> wrote: >>On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>>We should probably clarify "non-routable" by saying "non-publicly routable". >> >>Well, we could also say RFC1918, couldn´t we ;-? > >I prefer to say "site local" which is both almost accurate and terse. >This is not offical terminology, but there is an RFC that calls the >"169.254.0.0/16" "link local", so "site local" seems fine. > >Greetings >Marc > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Ping - what the hell ?
I'm sorry, but ROFLMAO!!! At 05:18 PM 6/3/01 +0200, Przemyslaw Wegrzyn wrote: > > >On Sat, 2 Jun 2001, Craig Sanders wrote: > >> On Wed, May 30, 2001 at 09:41:54PM +0200, Przemyslaw Wegrzyn wrote: >> > Anyway, my problem seems to be hardware: >> > >> > czajnik@earth:~$ more /proc/misc >> > Segmentation fault >> > czajnik@earth:~$ >> >> some possible causes: >> >> 1. bad memory - most likely. >> >> 2. bad swap partition (or bad disk controller causing the swap partition to >> not work) >> >> 3. other bad hardware >> >> 4. bad libc6 or other library - not very likely. >> > >It' solved, there were 2 reasons. > Core dumps - hmmm, our admin borken the kernel by incorrectly patching >it. > Ping times - some stupid guy inserted two different CPUs PII 400 and 450. > It's a miracle it was working all together... > >-=Czaj-nick=- > > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
AT&T public router
A while back, AT&T had a publicly accessible router for doing route lookups and stuff like that. It supposedly knew about the whole world. The special thing about this router was that you didn't need a user name or password to log on with. It just gave you the IOS prompt. I haven't been on this router for a long time and I can't remember the exact name of it. It was something like ip-router.att.net or route.world.att.net. Does anybody remember this thing and have the host name? Thanks. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AT&T public router
Revisiting traceroute.org, I see that they have a whole list of route servers. :) At 01:09 PM 6/27/01 +0200, Russell Coker wrote: >Here's a machine that used to provide such a service, not sure if it >still does: > >route-views.oregon-ix.net ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
If the nodes in question are plugged into a switch with managment capabilities then you could set the security of the port to only allow legal mac/ip address's. It depends on the switch. You could go to the person and whack them on the head. Which might be the easiest. Chris At 06:12 PM 6/29/2001, anon wrote: >hello all, this is my first post. > >my problem is that some local users are changing their own local ip numbers >(like, 192.168.1.40 to 192.168.1.50) then bypassing the Traffic shaper >bandwidth limitation. (that was set on 192.168.1.40) > >anyone know how can i prevent this ? >thanks in advance -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
My first choice is also what the other Chris said, use a large LART on the offending [computer|user]. You can use smart switches to base the ip on pre-authorized MAC addresses. That way you are effectivly shaping based on MAC address. But in true hacker form, even that can be overcome. Some (most?) NIC's can have their MAC addresses set by software. So all some crafty luser has to do is change MAC addresses. The only sure fire way is to hard code the MAC and ip address into each port on a smart switch. That way even if they swap ethernet cables they won't be able to bypass the shaper, unless of course they know what MAC address the absconded cable goes with. :) At 12:07 PM 6/30/01 +0100, Karl E. Jorgensen wrote: >On Sat, Jun 30, 2001 at 06:23:19AM +0200, Maurice Verhagen wrote: >> >> On Fri, 29 Jun 2001, anon wrote: >> >> > my problem is that some local users are changing their own local ip numbers >> > (like, 192.168.1.40 to 192.168.1.50) then bypassing the Traffic shaper >> > bandwidth limitation. (that was set on 192.168.1.40) >> > >> > anyone know how can i prevent this ? >> >> This first that pops into mind is use DHCP and give a IP-lease to the >> machines in your local network based on the NIC's Mac address. I >> guess the only way out for the "bad guys" is to swap the NICs from another >> machine to get the same effect as changing the IPs now. > >Nope. DHCP does not prevent people from changing their IP >addresses, it merely makes it marginally more difficult. >Besides, the bad guys may choose not to use DHCP - this is >entirely up to the config on the client machines. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
One possible way to defeat this would be to use those metal "security chains" that they use to keep people from carrying off computers. Use a very short one, about 2" long. Affix one side to the computer case, and the other to the ethernet cable. Now, even this can be overcome if the crafty hacker should bring an extension cable with them. But there is still one method that will prevent anyone from stealing cable ports. Enclose the CPU case in an outer steel case. That way the cable head isn't accessible to anyone, hence, they can't unplug it. The only way to defeat that lockup is to physically cut the cable and attach a new jack head. But if you need that kind of security, you're in sad shape. :) Do they make steel braided ethernet cables? :P At 03:07 PM 7/3/01 +0200, Holger Lubitz wrote: >Jeff S Wheeler proclaimed: >> cards around. If I do not, they will grumble and/or disable the ethernet >> ports that unknown MAC addresses appear on. In some areas (e.g. student >> labs) they do that automatically so kids can't just bring their laptop in >> and hop on napster at 100Mbit. > >Easy. Disconnect any machine, set your MAC/IP-addresses to its >addresses, connect your laptop. >Don't know its addresses? Just sniff around on the port for a while, but >make sure you keep quiet. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Power down
That is a function of the bios. Some support it, some don't. Either your bios's don't support it (my suspicion) or shutdown isn't sending the signal. 'man shutdown' might have some useful insight. I'ld also call the motherboard manufacturer to make sure they support self power off. Also check the bios config to see if it's there and/or enabled. At 07:22 PM 7/6/01 -1000, D wrote: >Please excuse the simple question, but it's something that's been bothering me. I've been running various debian machines as servers for quite some time now. The problem started when I got two new servers. All of the other machines (excluding the two new ones) were on the older side ( <= P2 ). The problem is that when I shut down the servers.. they don't turn off. It's particularly irritating to me because all of my servers run headless. With my older machines, I never gave a second thought to the shut down process as they'd always turn themselves off as soon they finished wrapping things up. The new ones just halt and stay on. To make things even worse.. the hard drives in the new machines are so quiet I can't tell if they've finished everything. >Anyway, does this have something to do with newer power management stuff in the bios? Something changed in the debian configs? All i'd like is for the servers to turn themselves off at system halt like my old servers do. > >Thanks for your time ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Maybe... "off topic".
I know that One Net makes Linux based firewalls. Called "Incinerator". They're at www.one.net. At 08:32 AM 7/12/01 +0200, TooManySecrets wrote: >Hi. > >Excuse me this off topic, but my boss want (only for political budgets) >prices of commercial hardware firewall's. I only use Linux for make this, and >I don't know (except "infamous" Cisco :)) any solution with these >requeriments. > >Anybody can help me, please? > >I will apologize about my bad english... sorry... :( > >Have a nice day ;-) >TooManySecrets > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Host my own box as my own ISP?
I think you're on the wrong list. This list is for the discussion of the Debian distribution of Linux for ISP's. Why are you running super expensive Windows 2000 when you could be using the much more flexible and robust, not to mention FREE, Debian? If you could tell us what you're trying to do we can give you some advice on how to do it with Linux. At 01:05 PM 8/14/01 -0700, etalent wrote: >How do I set up/configure Windows 2000 Advanced server as ISP host on >my own box, which is a Compaq 7495 with Windows 2000 Advanced server. >My 'net connection is Bellsouth USB DSL. -Thanks > > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sniffer
Larry, that's a good solution but it was a little cryptic on the explanation. Let me expound some for Ann's benefit. Ann, what we're talking about is using the console on the router to do all administration, and *never* telneting to it. But physically going to all the routers and setting up a laptop is a little cumbersome. The solution is to essentially set up a totally independent serial network for the administration of the routers and switches. A serial cable is run from the console port on the router back to a central, and *heavily secured*, server. The server has to have atleast as many serial ports as you have routers so you might need to buy a serial card, like Cyclades or Comtrol or something. Comtrol supports 128 serial ports per box, last time I checked. With all this hooked up, each tty on the server corresponds to a specific router. Now just fire up your favorite terminal emulator and you can open a serial connection to any router you want. And since you're ssh'ed into the server, no one can see what you're doing or steal passwords. If you want it even more secure, don't put the server on the network at all. If this server is in a convenient location you can just walk over to it and log on it's console for the ultimate in unsniffable security! There is another option that Cisco and some switches support call AAA (triple-A) authentication. I forget what it stands fore but basically your off loading the authentication from the router to a remote server called an ACE server. That stands for Access Control & Encryption. It's made by a company called Security Dynamics (recently acquired by RSA). To access something protected by AAA auth you have to have a physical card that generates auth tokens. To log in you type in the token from the card plus a PIN. The router sends this information back to the ACE server and if it's valid lets you access the resource. This method is extremely secure because there's essentially no fixed password to steal! Even if someone sniffs your PIN they still can't get in because they don't have the card. If they steal the card it's useless without your secret PIN! Combine AAA with ssh and you have a nearly impregnable line of security. At 02:21 PM 8/14/01 -0400, Larry Morrow wrote: >Just my $02. AND how we do it. > >Connect a serial cable to the console port of your routers./switches and then >ssh into your debian server and use minicom. > >Larry > >At 11:05 AM 8/14/2001 -0700, ann kok wrote: >>Dear all >> >>I learnt that sniffer program can steal password >>and secure shell can prevent it >> >>But how do I do it in Cisco router? >>and >>Do I have any methods to prevent the sniffer program >>to my router and servers? >> >>TIA >> >>Cheers > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone know what this file is?
I found a reference to it in a zsh changelog. It appears to be a C directive but as to why it's showing up in weblogs... maybe bad code? :) Here's the URL: http://www.bme.jhu.edu/resources/whitaker/doc/zsh-doc-3.1.6dev22/Documentati on/ChangeLog And the excerpt: 2000-01-19 Peter Stephenson <[EMAIL PROTECTED]> * Sven: 9373: Src/Modules/parameter.c: missing keys with special parameters. * Sven: 9371: Completion/Core/_files, Completion/Core/_path_files, Doc/Zsh/compsys.yo: file-patterns style for overriding choices for file completion built into completion functions. * Sven: 9370: Src/text.c: missing tstack initialisation. * pws: 9367: Src/cond.c, Src/parse.c, Test/04redirect.ztst, Test/07cond.ztst: fixes for 9332: `[' tests didn't work, skipping conditions with `&&' and `||' didn't work, always use WC_END marker to terminate code. * Tanaka Akira: 9360: Completion/User/_cvs: new -C option to cvs update, better descriptions. * Tanaka Akira: 9359: Completion/Debian/_apt, Completion/Base/_regex_arguments: argument handling for apt-cache. At 08:20 AM 8/19/01 -0400, Peter Billson wrote: >Hey all, > I am getting requests for a file named: > > __wc_end_ > >in my Web server logs. Anyone know what this file is? Code Red makes me >think this is another Windoze exploit that I am unaware of. > A search on google only returns a handful of results and they are all >server stats with this file being requested but not found. > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP thro' firewall
The WS FTP thingy you're refering to is for going through proxies. Some folks just don't know the difference between firewalls and proxies. :) To do this just set up port forwarding on the firewall. Use ipchains or something and only allow ftp connections from your known boxes to pass through. Allow nothing from the jungle side. You should then be able to transparently connect to the outside world. At 12:58 PM 8/28/01 +, Martin WHEELER wrote: >Given a small local network, with nodes using a variety of OSes (Winx; >SuSE; Debian), and a firewall using Mandrake SNF, how does one FTP thro' >the firewall (safely) from one of the Debian (kernel 2.2.19) nodes? > >Or is this a complete no-no? > >Apparently the Win version of WS FTP has some sort of arrangement to >allow this -- I can't seem to find any documentation to allow it under >Debian 2.2r3+testing. > >Any help appreciated. >-- >Martin Wheeler -StarTEXT - Glastonbury - BA6 9PH - England >[EMAIL PROTECTED] http://www.startext.co.uk/ > > www.gateway.gov.uk -- the UK government's £18M Microsoft-only website > -- "all your government database are belong to us" -- Nice sig. :) Er, I mean Zig. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP thro' firewall
Are you also permitting the ftp-data port to go through? Ftp is 21, and I sorta forget the number for ftp-data. :) At 10:32 PM 8/28/01 +, Martin WHEELER wrote: >230 User logged in, access restrictions apply. >Remote system type is UNIX. >Using binary mode to transfer files. >ftp> pwd >257 "/u/x/x/x/" is current directory. >ftp> cd docs >250 CWD command successful. >ftp> ls >200 PORT command successful. >. . . . . >425 Can't build data connection: Operation timed out. >ftp> > >Huh? [snip] >ISP (UK's biggest) now claims that Un*x is not supported by them; and on >being upbraided at supporting only Evil Empire boxen, responded : "At >the end of the day, all things said and done, it is _the_ standard, >isn't it?". >Gawdelpus. ] LOL!, Ya, "the" standard. The standard for lamers who don't know what they're doing. Ever hear of the three monkeys? Hear no evil see no evil speak no evil. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Suspect Web Server has been hacked :(
I think it's probably too late for that. The only way to be 100% about your "disinfected" system is to fdisk it and rebuild from scratch. You can save your config files and data files, if you're sure they too haven't been altered. But say somebody relaxed an obscure security setting in some config file that will make it easy for them to get right back in. The only sure fire way of detecting what was done is to use something like tripwire to take a snapshot of the system *before* it goes online again. Then save that snapshot off-system on write protected media. Like a floppy disk with the write protect tab set or a CD. Then do a nightly comparison of the system to the snapshot. But keep in mind that the comparison software itself can be hacked so it should run off-system too. Periodically do manual scans, because if you just have a cron job running to alert you to instrusion, somebody can just change the crontab to send you bogus "alls-well" status reports, when in fact the thing ain't even running!! At 09:34 AM 8/30/01 +0200, Craig wrote: >Hi debian fellas > >I need to know if there is any software for debian to >detect the presence of backdoors or rootkits. I suspect >that our old debian web server has been compromised. > >..Craig ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: connecting to an ISP which runs windoze NT
There are proprietary Microsoft login schemes that they might be using. I'ld call them up and ask. If you can't connect then they are not PPP compliant. If it's asking for any domain information that would be a tipoff. You can always try sniffing the login sequence. Try sniffing from both Linux and Windows. Also were you able to able to directly dial in with a terminal program and receive an IP address? Another possibility is that they have your account screwed up. At 05:09 PM 9/3/01 -0700, Paul Scott wrote: >Hi, > >I'm trying to connect to my ISP which runs on NT. I have tried several >configurations with pppconfig and verified a lot with minicom. > >I believe I have the correct combination of username and password since >other variations of username which include the ISP domain as suggested >by things I have read all give invalid username/password. > >The response I get with the logical choice of username and password give >me "Requested Service Denied." > >The default response to CONNECT is \d\c which I have tried as well as >CLIENT which was suggested by http://axion.physics.ubc.ca/ppp-linux.html > >I have tried both PAP and CHAP and static and dynamic DNS. > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
sources.list - testing
ok, i have a question: What should I put in sources.list to get the best testing system? i currently put in the 2 lines as suggested at http://www.debian.org/releases/woody/index deb http://http.us.debian.org/debian testing main contrib non-free deb http://non-us.debian.org/debian-non-US testing/non-US main non-free this seemed to break a lot of things though...i am trying to upgrade a potato system to host web sites thanks in advance, -chris zubrzycki == == Remember: it's a "Microsoft virus", not an "email virus", a "Microsoft worm", not a "computer worm". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rogue Chinese crawler
The best way would be to block it at your router with an access list. Blocking it at the box is ok too but that takes a little bit of your resources. And you have to do it on each box on your network you want protected. The router block will protect your entire network in one fell swoop and cost your boxes no resources. You can block just his ip address with a deny statement, or if he's scanning from multiple ip's you can chunk his whole network. But that ip (139.175.250.23) is under a huge Seed-net /16. You might end up blocking legitimate traffic. You can try to guess his local subnet mask and block that, like a /27 or something. On a related topic I've been receiving an enormous amount of spam coming through Asian mx's. Is there any effort underway to try and get these people to lock down their networks? We've got a bunch of rogue mailservers over there. At 05:32 PM 11/23/01 +, Martin WHEELER wrote: >Is anyone else having problems with the robot from > > openfind.com.tw > >-- an intrusive, irritating, hard-to-get-rid-of crawler that completely >paralyses my system *every day*? > >Despite what I put in any robots.txt, this one disregards all rules and >just jams up my system, downloading every damn' thing in sight. >Mails to the owners are totally disregarded. > >Anyone know of a sure-fire robot killer under woody? > >Who should this thing be reported to to get it stopped? PS, the first time around I accidently only sent this to debian-security. :) ---==--- ___/`< WTC 911 >`\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Partition Help
So right now everything is on the / partition? Then what you want to do is blow away that huge unused partition and make partitions for atleast /tmp /var /home. /usr if you want plus the swap. You need to size out how much room each of those dir trees is going to need. Then take the box offline and mount the new partitions to /mnt. e.g. /mnt/var. Edit /etc/mtab to mount the new partions at boot. Then move the old dirs under / to their new locations. e.g. mv /var /mnt/var. Then reboot. The box shouldn't know the difference. At 08:38 AM 9/10/01 -0500, Information wrote: >We noticed the other day that we only had about 200 meg of space left left >on the drive. We did a df and found we only had 950 meg of space on the / >partition. We have an extended that that is the rest of the drive with a >regular Linux partition and the swap at the end. Our problem is the box does >not see this. We need to have this space and are not sure how to proceed. >Can we: >A. remove the extended and swap partition and put new ones in with the >needed space applied to /usr -- /var -- and /home and add /swap and not >loose the clients we have? >B. If so can we do this from the command line or from Webmin? >C. Will we have to do this from a console into the machine? ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Anyone with UK experience of broadband?
I'm hardly an ISP but I do currently run a very low volume Apache service serving mostly plain HTTP from one domain and the main reason I run my own small server is that I have run a few small but extremely publicly useful Email lists for years now and didn't like to hand them to yahoogroups. I think I need to move my server to my house and use broadband to connect it: bandwidth should be fine. I'm thinking of going for BT business500+ to do the necessary. Main reason for move is to have easier control of the machine and, above all, to have IPTABLES control of attacks and antiviral scanning (particularly in the light of the effects of the recent spate of worms working through M$ s'ware). I'm looking for anyone who's used a BT (I don't seem to have an alternative where I live, certainly NTL: and telewest don't cover) broadband connection with a debian box as firewall and NAT who might give me some advice for fee. Very best all: this is an excellent list for a debian supporting amateur to lurk on! Chris Chris Evans <[EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
UCE complaint
please stop UCEs/UBEs like this: --- begin original message --- Received: from murphy.debian.org (murphy.debian.org [216.234.231.6]) by www.psyctc.org (8.9.1a/8.9.1/Debian/GNU) with SMTP id HAA22089 for <[EMAIL PROTECTED]>; Fri, 21 Dec 2001 07:36:24 GMT Resent-Date: Fri, 21 Dec 2001 07:36:24 GMT Received: (qmail 26297 invoked by uid 38); 21 Dec 2001 07:17:42 - X-Envelope-Sender: [EMAIL PROTECTED] Received: (qmail 24757 invoked from network); 21 Dec 2001 07:17:06 - Received: from mkmm.cavecreek.net (64.38.226.213) by murphy.debian.org with SMTP; 21 Dec 2001 07:17:06 - Received: (from www@localhost) by mkmm.cavecreek.net (8.11.6/8.11.3) id fBL7GpV16228; Fri, 21 Dec 2001 00:16:51 -0700 (MST) (envelope-from www) Date: Fri, 21 Dec 2001 00:16:51 -0700 (MST) Message-Id: <[EMAIL PROTECTED]> Content-type: text/html From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Party with porn stars Resent-Message-ID: Resent-From: [EMAIL PROTECTED] X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/8560 X-Loop: [EMAIL PROTECTED] Precedence: list Resent-Sender: [EMAIL PROTECTED] Status: Hey everyone, Ever wanted to party with your favorite porn stars?? Well, now you can!! That's right. We at Ona zee pictures are constantly getting hundreds if not thousands of emails and phone calls from people asking how they can meet there favorite porn stars, so - Click on the link below to be removed from the Ona Zee Hot Release List. http://onazee.com/mailinglist/mailmachine.cgi?[EMAIL PROTECTED]";>http://onazee.com/mailinglist/mailmachine.cgi?[EMAIL PROTECTED] (Or copy and paste the link into your browser) - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- end original message --- PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans & Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LinkWalker
You should be able to tell if it cares about robots.txt by looking in the logs to see if it's downloading /robots.txt. If it is then something like: User-agent: LinkWalker Disallow: / will keep it off your site. If it doesn't, then iptables will keep it away. Robots info: http://www.global-positioning.com/robots_text_file/index.html The fact that it downloads binaries too makes me think it's a site sucker and not a legit spider. At 12:30 PM 12/23/01 -0800, Nick Jennings wrote: >On Sun, Dec 23, 2001 at 09:17:54PM +0100, Russell Coker wrote: >> >> I wasn't aware that there was any format to robots.txt, I thought that the >> mere presense of such a file would prevent robots from visiting. ---==--- ___/`< WTC 911 >`\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
long email names
I have a customer who wants to host his own email server, and he wants to have long email addresses, like .@domain.com , and map it to a local name that is less than 8 chars. What is the best email server to do this kind of mapping? -chris zubrzycki == == "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LinkWalker
Bwahahaha!! Man, that is low. Advertising to sysadmins through the access logs Sheesh. But now that you mention 7-24, I think I recognize that. I think they are a spam marketing outfit. At 02:31 PM 1/7/02 -0800, Nathan Strom wrote: >Personally, I think this is a rogue organization -- there was an entry >from this spider in our logs coming from a Seven24 IP with a HTTP >referrer of www.adultinterracialsexvideos.com/interracialsex/interracialgroupsexsen.html. >Needless to say, we do not run an adult web site and that referrer >site does NOT have a link to us. Likely Seven24 is trying to clutter >people's logs with references as a form of advertising. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: netscape o cosa ?
Purtroppo nè Netscape nè lo IE è molto stabile. Opera è Mozilla sono altri quei unici di che sappia. Potete spegnere sempre appena il Javascript. :) Forse il vostro sistema e instabile. At 07:37 PM 1/8/02 +0100, [EMAIL PROTECTED] wrote: >cosa usate voi per navigare in internet senza problemi ? (e non mi dite >lynx perche non supporta ne java ne tutte le altre cose !!!) > >io ho provato sia netscape che opera e con tutti e due ho problemi nella >magior parte dei siti che quindi mi tocca vederli con IE (soto W$) -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
Well, the rationale behind this is as you touched on, preventing spoofed address attacks. A paranoid lookup essentially verifies that the connecting system is a known legit host. In effect you're using your DNS system as another level of authentication. Say somebody wants to covertly log on or attack your system, so they give themselves a bogus ip. A paranoid lookup will stop that because there's no DNS entry. (I won't get into the mechanisms of these spoof type attacks) Now for connections originating from the internet this is little help since there are so many ways to spoof traffic/hack/attack/etc. What it can make a difference in is from traffic originating within your own network. Because that is a known entity and paranoid lookups should ALWAYS succeed. I don't know all the details of how it passes or fails you given RR DNS but it does something... At 01:29 AM 1/11/02 +0100, martin f krafft wrote: >yes, but *what* exactly does ALL:PARANOID prevent? establishing the >authenticity of the domain name is surel a good point, but that's for >finger/who/w and co. only because i don't even want to deal with/know >about a system administrator that parses logs based on domain names >rather than IPs... -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
At 10:01 PM 1/10/02 -0600, Nathan E Norman wrote: >Congratulations ... you just set up your DNS incorrectly. Every PTR >entry should resolve to a _unique_ name, and that name should resolve >to a _unique_ IP. That doesn't mean you can't have additional A >records doing load balancing. To give a POTS analogy, say you have 10 lines coming into your modem bank in a hunt group. That's when you have one number that scrolls over onto all 10 of the lines based on which ones are busy. However, all 10 of those lines have to have individual unique phone numbers even though they are reached through the common hunt group number. They all have unique phone number/circuit id pairs. >zone IN 3.2.1.in-addr.ARPA: > > 4 IN PTR host4.netblk1-2-3.madduck.net. > 4 IN PTR host5.netblk1-2-3.madduck.net. I assume you meant to write "5" there. ;) >zone IN netblk1-2-3.madduck.net: > > host4.netblk1-2-3.madduck.net. IN A 1.2.3.4 > host5.netblk1-2-3.madduck.net. IN A 1.2.3.5 > >zone IN madduck.net: > > mail.madduck.net. IN A 1.2.3.4 >IN A 1.2.3.5 > >Not all A records need PTR records. It never fails to amaze me how >many people don't understand this. This is sort of the function of canonical names. "Other" names for the IP besides the absolute name (or Loopback name in our parlance). But CNAME's are deprecated for other reasons. I personally never had any problems using them. >All the people who say "but I don't control the reverse for my IP(s)" >don't understand the issue ... it's up to the registered contact for >the block to make sure reverse resolution works. Of course that means >resolving to A records that the contact also controls. This is all >spelled out in the RFCs and best practice documents. It has been possible for some time now to allocate really really small IP blocks. I had a /27 allocated to me in ARIN once. I controlled my own reverse lookups that way. I don't know how small they will go though. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
At 04:22 AM 1/11/02 +0100, martin f krafft wrote: >a bogus IP won't even make it past OSI layer 4 on debian... rp_filter... There are ways of doing it such that the box has NO WAY of knowing that the traffic is spoofed. Granted, that is hard to do. Even paranoid lookups can be overcome. But it's just one more layer of defense and one more thing an attacker has to contend with. >interesting signature. serious or not? But of course. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
At 06:01 AM 1/11/02 +0100, martin f krafft wrote: >okay, why libwrap then? Once the network is compromised, it makes no difference what's on the box. If done properly, the compromised network is indistinguishable from the uncompromised network. That box is totally on it's own. :) >/29, although i've seen /30's. problem is that with that much of a >subnet, you are wasting a lot of IPs. the efficiency in terms of IP >usage for /30 is 50%!!! Come on... there are only 4 ip numbers in a /30!!! The only conceivable use for a /30 is as a point-to-point. /29 maybe for cable modem LANs... -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON
Actually, they would. Because the "e" in Re: is in lower case! :P At 05:14 PM 1/23/02 -0700, [EMAIL PROTECTED] wrote: >Of course, I just realized that anyone with that filter in place wouldn't be >receiving this mail B-) -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: new photos from my party!
FYI, no one bother decoding this, it's not a photo, actually a program/trojan. Malicious no doubt... At 10:24 PM 1/27/02 -0800, [EMAIL PROTECTED] wrote: >Hello! > >My party... It was absolutely amazing! >I have attached my web page with new photos! >If you can please make color prints of my photos. Thanks! > > >begin 666 www.myparty.yahoo.com >M35J0``,$__\``+@`0``` >M@`X?N@X`M`G-(;@!3,TA5&AI -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mass email distribution software
On Mon, Jan 28, 2002 at 05:46:46PM +0100, jogi hofmueller wrote: > i know that everyone hates spam. therefore i think the idea to put a > mailing-list-like mechanism with automated (un)subscribe procedure behind > such a thing would be not so bad because it would make it possible to > really unsubscribe from a list where i don't want to get anymore mails > from. The problem with this rationale is that most people don't bother trying to unsubscribe, since the unsubscribe instructions are usually just a method of verifying valid addresses. Chris Hilts [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[no subject]
Good evening everyone. I have a question for the group: Has anyone ever installed debian on a sun cobalt qube 3 server appliance? I am just wondering if there are any problems i should be aware of. (the standard os is a modified redhat). thanks for the help -Chris Zubrzycki Echo Internet Consulting http://www.echointernet.com 856.772.9000 == Security Is A Series Of Well-Defined Steps... chmod -R 0 / ; and smile :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
debian on a Sun Cobalt Qube 3 (x86) [Was ' ']
On Thursday, January 31, 2002, at 01:22 PM, NN_il_Confusionario wrote: ... > > On the other hand, Cobalt web interface for administation is a BAD BAD > thing whenever one knonws how to to more by hand: the interface is > incompatible with pratically *every* good thing that one can think > to do manually. > > And software updates by Sun/Cobalt have big, big latency times ... > So I understand why someone wants to replace Cobalt software with > Debian. yes, many of the things I want to do do not work well with the standard web interface, but upon deeper reading, i need at least a firmware update to use 2.4 series kernels, and it looks like I will have to use ext2 at least for my root and boot partitions, but with hope I can use XFS for everything else. I'll post my results in case anyone is interested. --Chris Zubrzycki == "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mass installation procedure for Debian?
> We install/reconfigure re-install almost on a daily basis via a local > network, which is far the fastest way, better than any CD. if you are lucky enough to never have to do a remote install... > I have played Fai once and actually I'm fiddling with bootcd. it does seem interesting. doesn't it. > Also jablicator has not been mentioned in this thread. It creates an > empty Debian Packages which depends on all packages that are installed > on your computer. So if you create various jablications for different > computer setups and put them on a local debian-mirror you just install > on a new computer the jablicated packages according to the needs of > this machine. very good idea, but I was wonering if anyone one the list has every made a custom boot cd, with specific packages and a custom kernel image/modules (xfs support, etc.) I have been searching the web, but not found much good information. thanks for the help. -chris zubrzycki == Security Is A Series Of Well-Defined Steps... chmod -R 0 / ; and smile :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: concurrent POP3 and IMAP servers?
On Mon, 2002-02-11 at 10:37, [EMAIL PROTECTED] wrote: > Hi, > > Is itpossible to have concurrent POP3 and IMAP servers running on my potato? > I don't want to annoy my current customers to switch their POP outlook > configuration, and just use IMAP for my new webmail service. > > Thank's Josep > Hi. Yes it is, I'm using the courier-pop, courier-imap and sqwebmail debian packages myself. Note that you need to switch to maildirs(if you aren't using it already) to use courier. -- -o) # Mvh. / \ # Chris Qvigstad _\_v # [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: concurrent POP3 and IMAP servers?
> What do you mean with switch to maildir. Because > I try to install sqwebmail and error like "Unable to open the maildir > for this account -- the maildir doesn't exist or has incorrect > ownership or permissions" . After succesfull login. > Where is the configuration, can u guide me one by one please. > > Thx. > > aku You probably use the standard mailbox format which stores all mail in one big file per user in a spool directory. Maildir is a different way to store mail, where all users have a directory(usually located in their /home/username dir) and every mail is stored in its own file in this dir. Sqwebmail can't find this maildir since you're using the mailbox format. If you have installed courier imap + pop you have to run: maildirmake Maildir in every users home directory as that user(or chown it later). You also probably need to set up you smtp to deliver to maildirs. -- -o) # Mvh. / \ # Chris Qvigstad _\_v # [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Antiviral checking for small server using postfx
This is surely an FAQ in its general form but doesn't seem to have been asked for some while. Specifics: I'm running a server mostly to serve up smallish (total membership <1k) Email lists relating to counselling/psychotherapy (not-for-profit stuff) using listar/ecartis and postfix under potato. I'd like to do antiviral filtering but budget is low. Any recommendations? TIA, Chris -- Chris Evans <[EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: byte counts differ
Never touched IIS, but you never know. If you uploaded the file in text mode, IIS could be translating the 's into 's. At 07:05 PM 3/14/02 -0700, Kevin wrote: >I'm uploading from Linux to an IIS FTP. After the file is sent, if I >check the byte count on the remote side and the byte count on the >local side they differ slightly. Anyone know why this is? -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: fsck on a remote computer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday, March 15, 2002, at 07:45 PM, Jason Lim wrote > On the same note, /fastboot makes sure no fsck is done. The conditional > if > statement skips everything if that is there. > > This is useful if you need the box up as much as possible, and reboots > only slow things down as little as possible because even if the box did > not reboot gracefully (power outage or something) there will be no > lengthy > fsck (of course, this also means there could be filesystem corruption, > but > you can't have it both ways). well, with xfs, I believe you can. It seems that you dont have to worry *too* much about non-gracefull (graceless?) reboots. The journaling filesystems are quite nice in that regard. - -chris zubrzycki - - -- PGP public key: http://homepage.mac.com/beren/publickey.txt ID: 0xA2ABC070 Fingerprint: 26B0 BA6B A409 FA83 42B3 1688 FBF9 8232 A2AB C070 Security Is A Series Of Well-Defined Steps... chmod -R 0 / ; and smile :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE8ksCX+/mCMqKrwHARAjx3AJ4na60a/heTBmUmLVEqdpYuTnvxnwCg0XWE 8GhSU3DybdOVapppBr+Svks= =Gija -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
what do you do with detected relay attempts?
I have just realised that I wasn't getting postfix relay block alerts under my new postfix set up (on a small Email list system). So I've twigged the right setting and am now getting the very satisfying messages like: In: MAIL FROM:<[EMAIL PROTECTED]> Out: 250 Ok In: RCPT TO:<[EMAIL PROTECTED]> Out: 554 <[EMAIL PROTECTED]>: Relay access denied which, of course, has the IP address and sender name in the subject line of the alert to me. A quick check confirms that they are congruent so I think I should report it to the system. I currently report all spam I get to abuse.net and spamcop.net as I want the anonymity I think they given my reports. Now I'm not sure of the best way to report something like the above. What do other people do? TIA, Chris -- Chris Evans <[EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mail Servers
I hate asking this, but I thought that this would be the fastest way to get the answer. I may be setting up a mail server for a factory. From what little I know so far, it will be for all a mail server for all five hundred employees. (one in each location) so they can check work related email. I was thinking about using woody, but have the following 2 questions. 1 What is the max user limit that woody + exim will support 2 Could someone point me to a good pointer / how-to for this. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail Servers
At 01:12 PM 3/18/02, you wrote: > > > 1 What is the max user limit that woody + exim will support > > > > It's WAY above 500. :-) > > > >It also seriously depends on what the hardware is. I think a 486/33 might >have a bit of trouble coping with 500 (or lets say 200-300) simultaneous >and concurrent users trying to check their email at the beginning of the >work day. I took that thought into account, I was thinking along the lines of a P3 400 with at least 384 megs of memory. Maybe over kill but I would rather have over kill than a dead mail server. Most of the people are factory line workers, so I don't really think that they will all log in at once. I'm not even sure why their management wants to give them all work email accounts. There are two offices with 500 (that gives me some room to play with actually, closer to 450) people in each one. I'm not sure if one mail server could handle it or not (never set one up before). I was also thinking of putting one in each shop for deversity. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail Servers
At 02:08 PM 3/18/02, Russell Coker wrote: >On Mon, 18 Mar 2002 19:12, Jason Lim wrote: > > > > 1 What is the max user limit that woody + exim will support > > > > > > It's WAY above 500. :-) > > > > It also seriously depends on what the hardware is. I think a 486/33 might > > have a bit of trouble coping with 500 (or lets say 200-300) simultaneous > > and concurrent users trying to check their email at the beginning of the > > work day. > >That depends on how many messages are waiting, whether the users leave mail >on the server, and whether they use mbox storage. > >If users leave mail on the server in mbox format, and they are emailing >around Word files etc then a new P3 machine with 1G of RAM and a RAID setup >of fast hard drives will have big problems. > >If the users do only plain-ascii mail with no big attachments, don't leave >their mail on the server, have a fast connection to the server, and Maildir >is used then 500 people logging on in a period of 10 minutes should work on a >486-33 with 64M of RAM. I hadn't even thought of using a RAID set up. I haven't had any experience with them. Hmm.. looks like I asked the right question in the right place after all. Thanks Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail Servers
At 05:34 PM 3/18/02, you wrote: > > I hadn't even thought of using a RAID set up. I haven't had any >experience with > > them. Hmm.. looks like I asked the right question in the right place >after all. >Most of us work in ISP/hosting type environments, so all your >considerations have already been considered by us before. I got help here >about optimizing outgoing email servers a while ago, and got lots of good >advice and stuff here (also discovered some new, previously undocumented >speed optimization techniques). So its all good for learning and helping >each other :-) I've always worked on the back bone end. First at AGIS (before, durring and after the spam days) and then at Global Crossing. This is a little different from what I'm used to. This whole thing started in a Subway over dinner last night. I was going to ask the Inet-Access people about it, but I had already decided to use Woody and Exim (due to money and familiarity with Debian) and didn't want a bunch of replies saying MTA X is better. I figured that this list would be less biased, and I wouldn't get as many flames. Thanks for the help everyone Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AVI stream
Sure, any media format can be streamed over Apache. The secret is the use of meta files. The "streaming" is a function accomplished by the client, not the server. All the so called streaming protocols out there are just glorified TCP/UDP data transfers with some bells and whistles thrown in. If you want something streamed into Media Player you just create a .asx metafile with it's contents pointing to the http location of the media. Media player automatically knows how to "pace" the download. Real Player works on the same principle. An example asx file: Boss's Speach Copyright Blah http://wherever.com/something.avi";> You mentioned copyright issues. It is impossible to keep someone from stealing *any* streamed content if they're determined. It wouldn't take much for someone to take apart your asx file and copy the URL into their browser and simply download it. One thing you can do is configure Apache to only serve the content if the browser id string matches the known media player browser types. This would prevent anyone from accessing the file from Netscape or IE or whatever. You'ld have to check your access logs to see what kind of id string it sends. One other thing to consider is that I think, but am not sure, that media player will keep a temp file of content received over http in the system temp directory. You'll have to test it to make sure. I think you can also embed "copyrighted material" tags in the file itself to tell media player that it can't be saved off. But like I said before, it is flat out impossible to safeguard streamed media from a true hacker. :) So all you will really be doing is keeping away the casual thief. That goes for Real Player too. So how many in your audience are going to think to look in %temp% for a copy of this?? At 11:29 AM 3/18/02 +0100, Michal Novotny wrote: >Hello! > >Is there a chance to stream avi/wma file from Debian box? > >For now I'm using RealServer for Linux, but (for clients) I need to add >support for Windows Media Player (standard player in MS Windows) :-( >I cannot use download, but stream. Copyright issues... > >Could anyone help me? -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Re: AVI stream
LOL dude! :) If u think I was calling anyone a thief u read something that I didn't type. The idea of what is thievery or allowed use rests solely in the mind of his customers. In this arena whatever *they* say goes. Forgive me if I used overly colloquial meanings of steal and thief. :) At 08:54 AM 3/19/02 +0100, Emile van Bergen wrote: >Hi, > >I really object to the idea that I am a "thief" if I want to view the >streamed content again, or show it to my wife, or if I want to convert >it to format Foo for display with player Bar which I happen to like a >lot. > -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Re: AVI stream
At 09:29 AM 3/19/02 +0100, Emile van Bergen wrote: >> In this arena whatever *they* say goes. > >Not when we're talking about what's criminal and what's not. Yes, that's true, but is irrelevant for his situation. His web hosts are coming to him saying "we want X". Whatever X is, whether that's streaming video people can't copy, etc, he has to provide that or they walk. That's why discussions of rightness or wrongness in these situations is moot. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
possible attack?
Logcheck has just reported 29 lines like these: Mar 21 07:54:51 www syslog-ng[137]: Error accepting AF_UNIX connection, opened connections: 100, max: 100 Mar 21 07:54:51 www syslog-ng[137]: Error accepting AF_UNIX connection, opened connections: 100, max: 100 and netstat -a shows a lot of connections: unix 1 [ ] STREAM CONNECTED 1123334 /dev/log unix 1 [ ] STREAM CONNECTED 1116966 /dev/log unix 1 [ ] STREAM CONNECTED 1116962 /dev/log unix 1 [ ] STREAM CONNECTED 1116959 unix 1 [ ] STREAM CONNECTED 1116958 unix 1 [ ] STREAM CONNECTED 1116955 ... and 20 to 40 or so more like that then: unix 1 [ ] STREAM CONNECTED 1116901 /dev/log unix 0 [ ] STREAM 924323 unix 1 [ ] STREAM CONNECTED 235/dev/log My sense is that someone is attacking the system possibly accidentally and it's about people trying to establish syslog-ng connections to my (solitary) box ... but I have to recognise that I'm out of my depth here. Man syslog-ng didn't throw much light on things for me. Anyone any advice? TIA, Chris PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans & Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: possible attack?
On 21 Mar 2002 at 13:41, Joerg Wendland wrote: > On Thu, Mar 21, 2002 at 08:51:49AM -0000, Chris Evans wrote: > > unix 1 [ ] STREAM CONNECTED 1123334 /dev/log > > Look at the protocol, it has nothing to do with the network, it is connected > through a UNIX socket. Thanks. I was clearly in mode! Apologies all! I went and read more of the documentation on syslog-ng after sending that and was happy that the syslog-ng.conf was only allowing information to it from the server through local sockets as you say. What I need now is a pointer to an introduction to UNIX sockets and to how I work out why my server is suddenly exceeding the syslog-ng connection limit. I think it was about a slightly higher than usual rate of activity in postfix but I'm not sure as I'm surprised it could have triggered that. I think if I got my head around syslog- ng.conf rather better and set up routes and filters that really made more sense of the logged data, I'd be in a better position to understand all this. Does anyone have a conf file they'd share with me? Ideally for a single server with SMTP, POP3, SSH, NTP, APCUPSD and very little else, though I guess more complex set ups would be even more informative. Thanks Joerg and TIA to anyone who can point me on further. Chris PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans & Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
lpr/samba
Hey guys. I've been trying to setup samba to be a print server to Windows clients. However I keep running into error messages and there doesn't seem to be any place in the documentation to find out what the various errors mean. I tried LPRng and CUPS but get basically the same thing. I've got samba showing the printers in network neighborhood. The only way I can get something out of the printer now is cat > /dev/lp0. :) Not even lpr works anymore. Does anybody know a good documentation/troubleshooting source? Poor documentation is still the one great bane of the Linux world. ;) Thanks. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On 3 May 2002 at 7:46, Jason Lim wrote: > > Does anyone really have the time or desire to scan through all that > mail? > > > > Haha... no sane person, at least ;-) Well, I do! But I am on this list a little under false pretences as I only run a very small Email list service so I don't have the volume of logs and error reports that many of you have to consider. I put in lots of antispam traps and all the anti-relaying postfix allows. Now I'm suddenly getting two apparently separate (qwest.net and kornet.net) IP addresses (well, several within each domain's IP space) trying to relay through me at 20 minute intervals. I've reported qwest.net to them and don't see any point with kornet.net as I've never had a reply from any of my umpteen spam reports to them. However, made me wonder if there was a service like abuse.net/spamcop that one can send the traces of such attempts to so that the sending IPs get reported and rbled if the volume goes up enough. Seems to me that if a lot of us who use postfix, even without all the other MTAs, were to use such a thing it would become a damn good rbl. Am I wrong? Is there such a thing? TIA, Chris P.S. apologies to those who see essentially the same message on postfix-users! -- Chris Evans <[EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Extended find an replace SOS
Like do you want to replace something in the html files, or alter their names systematically somehow... At 02:33 PM 7/10/02 +0200, Craig wrote: >Hi Guys > >I need to do an extended find and replace for a few >.htm files spanning a couple of subdirectories to >change some things. > >Anyone have a quick command to achieve this ?> -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: call me
The "nomail" option was mentioned. I'm not familiar with that, could someone explain how to use it? I assume it means that you are still a member of the list but you are not in the redistibution list. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: call me
I never got a password when I signed up, which was years upon years ago. And what is the URL? Are we even running mailman?? At 07:34 AM 7/12/02 -0400, Joe Block wrote: >Go to the administration web page, enter your email address and the >password you got sent when you joined the list, and you can set a >variety of parameters about your subscription - whether you're in digest >mode, whether you get acknowledgements from mailman when it receives a >posting from you, and yes, whether that email address actually receives >list mail. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ispman: pam/ldap+flat files
Hey all, I am setting up a server for virtual hosting. I chose to use ispman, because that seemed the best choice: most integrated, and openSource :-) I am brand new to openldap though. I set up ispman, and can use it to add domains and such, but I am not sure how to add ldap to the pam files so that it checks for local accounts, and if none, it then checks ldap. I saw some sample conf files on the net, but they did not come with any documentation. Could anyone point me to some good resources to get me going? I prefer online for the moment, I am planning on getting a book or two later. Thanks for the help, -chris zubrzycki - -- PGP public key: http://homepage.mac.com/beren/publickey.txt ID: 0xA2ABC070 Fingerprint: 26B0 BA6B A409 FA83 42B3 1688 FBF9 8232 A2AB C070 Unix _IS_ user friendly... It's just selective about who its friends are. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache / PHP4 config problem (newbee on PHP)
> > It seems to me that the php4 engine never starts to generate pages... Make sure the LoadModule line for php in apache's config file is uncommented. Then make sure you have MIME types set up for PHP files. AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps Should do the trick. -- Chris Hilts [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: INCREDIBLE EARNINGS $$$$$$$$$$$$$$$$$$
I instantly reported him to [EMAIL PROTECTED] His account should be deleted shortly. Mail with no stamp or return adress goes to the dead letter office where it is opened in an attempt to find out who sent it. It is then returned if possible, otherwise it goes to /dev/null. What you can do though is make the spammer's address the return address and send it to a bad to: address with no stamp. The post office will then attempt to return it to the spammers' address. I don't know of what use that would be in getting revenge on the spammers Unless they got thousands of letters. Better to sign them up for magazine subscriptions. At 02:05 PM 3/18/00 +0100, Russell Coker wrote: >What happens in the US to a parcel with no return address and no stamp? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: how to chroot to /home/ an ssh acct
At 07:28 PM 3/19/00 -0800, t s a d i wrote: >only sees numeric user ids and gids and not the corresponding name. is >this because /etc/passwd,group was not found (bec of chrooted ftp to Yep. For him, /etc does not exist. Stick some symlinks of any critical files he would need in /home. /home/etc/passwd =-> /etc/paswwd etc... +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Identifying Unique Website Visitors
I am fairly certain that Analog can be trained to understand *any* log file format, including custom ones, like you proposed. I think Analog is the best or one of the best analyzers out there. The amount of customization and detail is amazing. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Webserver stats for customers
At 12:00 PM 3/29/00 +0200, [EMAIL PROTECTED] wrote: >Wich one do you recomend for use with apache and separate stats for each >domain ? Yeah, Analog is dreamy for stats. Very customizable. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Firewalling
I think firewalls are overrated. They only do anything if there are some *unsecured* computers on your network that need protection. It's better to just lock down every machine, that way you're also protected from internal attacks. Really, the only thing I think that justifies them is port blocking. Your router can already do ip based filtering. Now how do you decide what ports to block? It turns out you have to be a little facist about it. Because you're deciding for other people what ports they "should" be using and which ones they "shouldn't". Windows is an operating system that probably does need protection though. At 08:31 PM 3/29/00 -0700, Kevin wrote: >router, then to the servers. I'm curious what kind of effect having a >firewalled router will have on the dialup customers as well as certain >servers like a shell provider. Also what would I firewall from the router. >I don't want to really restrict any ports for end dialup users as I've had You can have your firewall restrict ports on a per ip basis. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Making Debian Recognize 256 Meg of Ram
LOL! Oh, like trying to write to a non-existent memory location? :) At 09:14 AM 4/6/00 +1000, Neale Banks wrote: >2) Don't ever tell Linux that it has more memory than is really present - >it may take time, but Bad Things (or possibly just one fatally Bad Thing) >*will* happen. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: System clock
At 12:31 AM 4/8/00 +1000, Doug Bean << Mr Bean's Internet >> wrote: >My timezone is set correctly. >I just need to sync UTC time with local time. Set your hardware clock to GMT. Then set your timezone to GMT. Your system will then be in a +000 offset. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: How do I add a second IP range to a network?
At 10:09 PM 4/7/00 -0600, elyograg wrote: >have to happen is whatever body gave you the address space would have to >actually create an entry in their server for each address - yes, 62 >entries, that delegates DNS for those addresses to your DNS server. Either Actually, your upstream provider can delegate the reverse DNS authority to you. They create an entry for you in ARIN (or wherever) and any reverse lookups will get funneled to your server. This is how I had it set up with my ISP. >that or they just have to provide the reverse DNS for you. Major pain right there. I think the original poster wanted to know how to make his box listen to two subnets on the same interface. Can you restate your question? And give us a little more information on what you're trying to do. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Email confirmation...
At 04:27 PM 4/5/00 +, [EMAIL PROTECTED] wrote: >Is there a program or a script which sends a info to the sender that the email was successfully downloaded from the server by the receiver? Hmm, I don't think so unless you can hack your POP server. You would have to modify it so it remembered who to email when a user downloaded or viewed a certain message. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Ethernet card recommendations?
Speaking of the SMC cards, I ran SMC EtherEZ's 10BaseT on ISA and got some weird behaviour from time to time. When I first set it up, things were great. Getting 7Mbps ftp transfers. But this began to decline and then finally flucuate. Before I turned off the network it was varying from 2-4Mbps. But if you want "serious" performance go with gigabit over fiber. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: System clock
At 10:50 AM 4/9/00 +1000, Doug Bean << Mr Bean's Internet >> wrote: >UTC) when I set to GMT or any other timezone except UTC. It sort of makes no >difference what happens I get exim sending >with the right time or the system is the right time and exim is out by 10. >If Exim is sending with the right time, Radius is then out by 10Hrs. It sounds like the problem is that Exim doesn't know what offset it's in. That is definatly an on-topic question for the Exim list. Once you get your system clock set to GMT, anything showing the wrong time is a problem with that particular piece of software. Do the Exim docs say anything about it? It "should" use the system time and timezone by default. But it sounds like Exim is assuming the system clock is local time and is then trying to convert back to GMT. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Ethernet card recommendations?
At 02:43 PM 4/8/00 -0400, LeighK wrote: >I don't know if you noticed this, but the transfer problems seemed to be >one-way, outgoing. Incoming transfers occured at the proper speed, but >outgoing was extremely slow. As far as I can remember, it was slow both ways. Uploading to server and downloading from server. I guess no more EtherEZ's for us. :) Unless a special new driver comes out for it. I was running the default driver, out-of-the-box from the install routine. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
At 05:42 PM 4/10/00 +1000, Robert Ruzbacky wrote: >Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed >Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 A lookup: can't get "114.trusted.net" host entry. PTR lookup: Official Name: 114.trusted.net IP Address: 209.140.0.114 The frontways and reverse DNS must agree. You must sync the DNS entries. >Is this because my hosts.deny file is set to ALL: PARANOID Yes. >Is there a way to "fix" this, as I am assuming that the machine that is denied access cannot >access my server to browse a web page or send e-mail. This message seems to crop up when someone tries to send email mainly. AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: FTP upload by email
Yeah, it's pretty much mandatory that the encoded file be encrypted and signed. I know of programs that will email files TO you. Never heard of one that YOU could email a file to. But I think it's definately feasible. A simple pipe to a script should do the trick. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: FTP upload by email
I should also add that there will have to be some kind of time sensitivity or other uniqueness test. Otherwise some malicious intermediary could intercept the message and save it for a while and then resubmit it into the mailstream. The destination would authenticate the message and old data would be posted to wherever. A way to guard against this would be to include time information in the encrypted portion of the file set. e.g. putting a serial number or time stamp in the file and having the script reject any material with an older serial number than the current version. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
At 08:04 AM 4/12/00 +0200, Tamas TEVESZ wrote: > > AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. >not true. they are ued by any program which has libwrap support. But is that enabled by default? Or is modification required. I did some testing a while back and not every service rejected connections. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Server Motherboards with multiple PCI buses
At 06:24 PM 4/14/00 -0500, J. Currey wrote: >Well supporting gigabit Ethernet for one, and 4 100Mb sub networks >and logging. It would take an astonishing amount of traffic to max out the interfaces. I don't think a PC based system could handle a fraction of what you propose. I think you need to look to a non-Intel platform, like Alpha or something. >PCI bandwidth is about 132 MB/sec (32bit at 33MHz), and with 100MB/sec? taken I thought the PCI bus speed was the same as the CPU base speed (FSB). You're saying the PCI bus is fixed at 33MHz? >SCSI controllers to use the AGP slot (since AGP is really PCI @ 66MHZ >with a funny connector <- flame target) . There are SCSI raid adapters >that are using PCI 66MHZ. Maybe it's time for motherboards with multiple AGP's. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: ipaccounting
Try something with cron and tcpdump. There are numerous ip accounting programs out there. Look on the Debian package list. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: pop3 server....
At 10:10 AM 4/19/00 +0200, Christian Jannesson wrote: >Whats so speciall about cucipop? I use qpopper and i havent had any >trouble with it. It's more secure than other poppers. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
off topic
Hate to be off topic but I don't know where else to find this out. Can someone in Romania give me a translation for "alternau". Along with some semantics characterization? Thanks. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: grepping in ps output
On Fri, Apr 28, 2000 at 07:39:37PM -0400, B.C.J.O wrote:
> Evi Nemeth had a good trick for dealing with that situation using the
> short test notation:
>
> f'rinstance, you want to nuke every process owned by user:
>
> kill -9 `ps aux | grep [u]ser | awk '{print $2}'`
>
> ... where the trick is obviously the square brackets around the first
> letter in the username, testing for the existence of that letter in the
> grep output. This prevents the grep from being killed off before the
> command can complete.
Actually all it does is prevent kill from trying to kill a non-existant
(or entirely new, but that's unlikely) process. The "ps aux" pipeline,
including the grep, will have finished before "kill -9" starts, since
kill needs the output for its command line args.
Neat trick though. I'll have to remember that.
- Chris
Re: using nsupdate to add a new zone?
If I had a zone file that big I'ld chop the domain up into subdomains to spread out the DNS work. Unless you're talking about hundreds of pages, a normal text editor should be fine. At 10:35 PM 5/3/00 +1000, Adam Cassar wrote: >How are isp's with large zone file entires managing their existing zones >(using nsupdate i presume) and adding new zones? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: a question on "netstat"s output
At 01:12 AM 5/7/00 -0700, t s a d i wrote: >Active Internet connections (w/o servers) >Proto Recv-Q Send-Q Local Address Foreign Address State >tcp0 39595 bangus.myphilippine:www ME21-66.i-manila.c:1520 ESTABLISHED >tcp0201 bangus.myphilippine:www 210.23.110.23:1129 ESTABLISHED >tcp0 20091 bangus.myphilippine:www 203.177.21.243:1551 ESTABLISHED >tcp0 25491 bangus.myphilippine:www cisco8-s1.pacific:56495 ESTABLISHED The "local address" side shows your ip/FQDN:port and the "foreign address" side shows the remote side ip/FQDN:port. So in line 1, a connection is established between bangus's port www and ME21-66's port 1520. The www part is the system's translation of the port number to show what service is connected to the remote side. It can also show telnet, ftp, etc, or the actual port number. Try man netstat. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: "fake" packages
Just use "--force-depends". It overrides package dependancies. At 12:59 PM 5/7/00 -0600, elyograg wrote: >How hard is it to create "fake" packages? What I'm after is this: A >package that will "lie" to the system with a "provides: httpd" line or >"provides: mail-transport-agent" or something similar. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Seting a Gateway
It looks like all you want is just a Linux router. A gateway joins two or more disimilar networks, I believe. Like ethernet<->token ring or ATM<->FDDI. Check out the following packages : zebra ipchains There are other ones that I can't think of right now. :) I'm pretty sure there is a linux router How-To as well. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 11:36 AM 5/10/00 +0200, Dariush Pietrzak wrote: >btw, why do you choose mysql? it ain't free, it ain't any good >try Oracle, Sybase, PostgresSQl, >they are ok, and Postgres is free MySQL is faster and I believe easier. I doubt he would need transactions just to log Web stats. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 09:23 PM 5/11/00 +1000, Craig Sanders wrote: >it's faster for some things, but i find it really clumsy and difficult >to work with. postgres' psql is vastly superior to the mysql admin tool >- and from what i hear, psql is supposed to be even better in the new >version 7. I was only considering the application to web stats. For any kind of "real" database work I'ld say use Postgres. For elementary or trivial purposes, MySQL's speed makes it worth it. Especially for webstats. If you have even a moderately busy site, the log files can get enormous. In a piping situation, a slow database could even slow down the web server. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: strange .vbs "thing"
At 04:58 AM 5/13/00 +, [EMAIL PROTECTED] wrote: >computer but i tried to send a .jpg file to my friend recently >and i relised that it has a jpg.vbx extension. Anyone there knows what If you have any *.jpg.vbs files on your computer it means you HAVE been infected by the worm. Unless some yahoo came on your computer and renamed them to mess with you. >could happend to my files? they will not affect me because I d not run vb >on my machine. but... anyone knows what could cause it??? tomorrow If you have IE5 OR Win 98 you have vbs host. In order for the worm to spread you have to have Outlook, but not to just get infected. If you ran the attachment, you got infected. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 10:10 AM 5/12/00 +1000, Craig Sanders wrote: >i don't see how. apache just sends the log data out to the pipe, it >doesn't wait for the pipe program to commit the record to the database. >as far as delaying apache goes, it's probably less of a delay than >writing it to a text file. I see what you're saying. But a slow or messed up pipe can lead to lost log data. This is a situation where MySQL being faster would make it worth it. I think it would be safer to use that perl thingy to just write the data to a table as fast as possible and then let the database touch it only after the log file is closed. Hell, it might even be better to just set up a customlog that writes in table format. Lost data is bad. :) +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 07:24 PM 5/13/00 -0500, Nathan E Norman wrote: >So what happens when you're reading the requests database and Apache >wants to write more data? With MySQL, the table is locked and now you >just lost data. More often, you want to read data but the writer has >locked the table. I'd noticed this before but hadn't really thought >about the issue. That's all solved by a wonderful little tool called savelog. Your database proggy should not be allowed to touch the log file until it is closed and rotated out of production. Have a cron script using SQL parse the log file after it has been rotated. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
The "database" is the table of raw data and an index. Apache can be made to write its log file in the form of a table, via customlog. Why use a pipe for something that Apache can do nativly? Unless you want up to the second SQL-ified stats, just run savelog daily to rotate the logs. Now unleash SQL on the log files to parse and index the table of data. Only after this has been done is it "really" a database that you can use all kinds of neat tools on. Think of it as Analog on steroids and HGH. :) At 08:31 PM 5/13/00 -0500, Nathan E Norman wrote: >WHAT log file? The database table is the "log file" ... there's no >transferlog on disk in the form of a file. The object of the game (in >this thread anyway) is to get Apache to write directly to a database. >You can do that with mod_perl or by piping the log output to a perl >script that knows what to do. See Craig's sample script a few posts >back in this thread. > >I can't see why I'd want to load some old rotated log file into a database; >I'd rather just run analog on it at that point. However, I don't want >to have a few hundred log files for all my different virtual hosts. You can make Apache log everything to one log file. Even if you pipe directly into SQL format, you'ld still have all those logs unless you're piping (logging) to the same spot. Personally, I don't really trust piping with things of this magnitude. It's much safer to get the data on disk and THEN start playing with it. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: user server
At 05:21 PM 5/15/00 -0500, Wayne Sitton wrote: >the users can log in and access their ftp. Now what I can't seem to get >done is to get apache to recognize that /~username goes to >/home/username/html Change the USERDIR directive in http.conf to point to the new location. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: user server
At 03:44 PM 5/15/00 -0700, Jeremy C. Reed wrote: >My config has: >UserDir public_html It doesn't have to be public_html. It can be anything you want. Even /home/username, though I wouldn't suggest that. I used .www. (NCSA tradition :) >You should also have the mod_userdir in use. >You may have a line like this in your Apache configs: >LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so What does mod_userdir give you? Don't tell me they actually put such a basic function in as a module! +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
At 07:29 PM 5/16/00 -0400, Jeremy Hansen wrote: >I'm a long time Red Hat user. Basically the company I'm working for is Sorry about that. :) >Dpkg vs RPM RPM is a piece of crap compared to dpkg, and now we have apt (advanced package tool). It's a handler for dpkg, but it's intelligent. The killer feature is its ability to do *recursive upgrades of your entire box* in order, with dependacies. I had to use rpm once and I really felt hobbled by it's lack of information. For a real world example [TM], rpm tells you what *files* a package depends on while dpkg tells you what *packages* a package depends on. The latter is incredibly more useful. Another example, say you want to upgrade a package, but the new version depends on newer versions of other packages and maybe even a new pacakge. Apt will find out what packages you need, install them in order, and then install the package you want. Let's see rpm do that. Debian even has a utility to install rpm packages! So any custom legacy red had packs you have you can carry over into Debian. >Customization of the distro Very easily. You can make .debs to your heart's content. >Autoinstall (Red Hat's kickstart) > This is also something fairly important. We need this as we do a > lot of mass installs. For mass installs, just make a standard issue CD, boot from that CD, and copy over the OS. Or you could even make a disk image and dd it onto the hard drive. That assumes you have the same hard drive in all the machines. You can turn a 20GB drive into a 10GB drive. :) But even if you have 4 or 5 different hard drives in your organization, using disk images will still save you tons of time. Thats what we do at GE, if somebody has a funky problem with their machine, we don't reinstall Windows and all the apps, we just reimage the hard disk. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
I have to disagree there. I've found Debian packs to be extremely up to date, atleast on the security end. And even on routine maintanance, the lag is not that bad. At 08:44 PM 5/16/00 -0700, David Lynn wrote: >I agree - dpkg and apt are great compared to rpm's. However, that's all >assuming that there are debian packages out there that are up to date >(which they're generally not). But this seems to be the only major >drawback I've found to Debian. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
The only real difference between stable and unstable is that unstable has up to date packages. The only thing stable has over unstable is the track history of "yeah all this stuff has worked together for a LONG time". At 12:16 AM 5/17/00 -0400, Will Lowe wrote: >Actually, unstable is usually pretty close to up-to-date. I know (of) >quite a few people who run unstable on their production boxes; they just >do a little bit of in-house testing first. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
Sorry, but I was so underwhelmed by rpm's capabilities and my reaction was so one sidedly negative that I can't describe it any other way. It is what I typed. At 02:55 PM 5/17/00 +0200, Wichert Akkerman wrote: >Previously Chris Wagner wrote: >> RPM is a piece of crap compared to dpkg, and now we have apt (advanced >> package tool). > >Can we please not be so negative about rpm? I'll agree that dpkg is >better (and of course I'm completely not biased here :), but rpm >is not a piece of crap. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
