manglement-compatible comparison of SuSE vs. Debian
One of our customers runs his firewall on SuSE. This is, obvious to any Debian user, not what one wants to support. However, in order to be able to convince him that changing to Debian would be a Good(tm) idea, I need a management-compatible comparison, preferrably from a third party. If it features a lot of buzzwords like "TCO", "maintenance costs" etc, even better ;) So, if some kind soul round here has a fitting URL at hand, please toss it my way. google was not very helpful in that regard, as what I found is either way too far in the technical details, or aimed at the switching-from-windos desktop-focused audience. cheers+TIA, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: manglement-compatible comparison of SuSE vs. Debian
On 26 Feb 2003 18:10:30 GMT, Harvey Kelly writes: >But, and please forgive my newbie-ignorance :) why do you want him to >switch? Surely the fact that he's running SuSE and seems happy with it >should be enough? Debian and SuSE are both Linux after all - different >flavours of course, but not that far apart. SuSE is a PITA to keep up-to-date compared with the simplicity and beauty of having security.d.o in sources.list and a one-line cron-job. Besides, Debian doesn't crap my hand-crafted config-files, and, probably the most important point: I *know* Debian. >Now if he was running Mandrake, then I'd understand... I'm in the position to never have touched Mandrake, thanks $deity. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: apt-get to unstable
On Mon, 24 Mar 2003 11:55:43 CST, "Irish, Jon D BAE Systems" writes: >This is probably a silly question, but how do you add unstable to >apt-get? I went into //etc/apt/sources.list, and added: > >deb http://ftp.us.debian.org/debian/ stable unstable main non-free >contrib change that to deb http://ftp.us.debian.org/debian/ stable main non-free contrib deb http://ftp.us.debian.org/debian/ unstable main non-free contrib >deb http://security.debian.org/ unstable/updates main contrib non-free and forget about security.d.o for unstable. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
`apt-get update` going "E: Dynamic MMap ran out of room"
Would it do that only on the "stable" box w/ only 32 MB RAM, I wouldn't wonder, but it's doing that also on a 256 MB "unstable" one. The error msg is exactly the same on both: .-.-.-.-.-.-.-.-.-.-. E: Dynamic MMap ran out of room E: Error occured while processing kscd (NewVersion1) E: Problem with MergeList /var/lib/apt/lists/security.debian.org_dists_stable_updates_main_binary-i386_Packages E: The package lists or status file could not be parsed or opened. E: Dynamic MMap ran out of room E: Error occured while processing kscd (NewVersion1) E: Problem with MergeList /var/lib/apt/lists/security.debian.org_dists_stable_updates_main_binary-i386_Packages E: The package lists or status file could not be parsed or opened. .-.-.-.-.-.-.-.-.-.-. Any hints? 6 other boxes (stable, testing and unstable ones) are not affected. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: `apt-get update` going "E: Dynamic MMap ran out of room"
On Mon, 27 Jan 2003 13:13:26 +0100, "Benedict Verheyen" writes: >Search the debian mailing list archives. It's asked about every other day. >write this APT::Cache-Limit 1000; into /etc/apt/apt.conf Thanks all, now it works again. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
pam_userdb and version of .db-file
Hi! One of the latest updates to my i386/stable-box gave me severe headaches wrt the subject. I run cyrus for providing a small handful of users with POP3/ IMAP4-access, and since I do not want all of them to have shells on my box, I authenticate them via pam_userdb and a separate password-file. Until recently this just worked. I'd create the .db-file with sendmails makemap from a "keyvalue\n"-style source. Now makemap produces "Version 8" (libdb3?) files, which pam_userdb cannot read. After much debugging I've now resorted to creating a "Version 5" .db-file with db_load (from libdb2-util). This seems like an ugly kludge (it's far from "intuitive", and db_load wants paired lines of input which means I have to rewrite all my little helper-scripts). Is there a "standard" or "preferred" way of doing this? Maybe one which has some probability of surviving the next libdb<$num>-upgrade? TIA+cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: GPG/PGP signing
>> > please don't sign your mails unless your keys are on the keyservers. Which keyservers would that be, then? Which keep in sync with which? >> keyserver the.earth.li I've never ever heard of "the.earth.li" before, for example. Does it sync with something sensible (like keyserver.net)? Or do you expect people to regularly search the wide 'net for each&every me-too - server that's out there. Or not. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: GPG/PGP signing
On Fri, 01 Nov 2002 19:37:14 GMT, Colin Watson writes: >On Fri, Nov 01, 2002 at 07:49:09PM +0100, Robert Waldner wrote: > >> >> keyserver the.earth.li >> >> I've never ever heard of "the.earth.li" before, for example. Does it >> sync with something sensible (like keyserver.net)? Or do you expect >> people to regularly search the wide 'net for each&every me-too - server >> that's out there. Or not. > >the.earth.li == wwwkeys.uk.pgp.net. It's no me-too server. I just happen >to use the first name because I've been using it since before it was >wwwkeys.uk.pgp.net. I knew that, I was only picking it up as an example, the question itself was meant more generally, and altogether serious. Let me rephrase that: To which keyserver is one expected to upload ones key, so that everyone on this (and near every other, for that matter) list will be able to get it? Me myself, I prefer keyserver.net, some others use keys.pgp.com, then there's *.pgp.net and http://www.cert.dfn.de/dfnpca/pgpkserv/ And surely, there's a ton of others out there. All of them? Impossible. A select few? Which ones, which criteria, will fit everyone (or as close as matters)? cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: GPG/PGP signing
On Sat, 02 Nov 2002 00:08:08 +0100, Thorsten Haude writes: >Well, yours is the first signature I was not able to get from >wwwkeys.eu.pgp.net. There are those that don't know about keyservers, >but everybody else seems to use *.pgp.net. Hmm? It sure is on there, for ages even: :) waldner@fsck->~ $ gpg --recv-key --keyserver wwwkeys.eu.pgp.net C33A2BC0 gpg: key C33A2BC0: "Robert Waldner <[EMAIL PROTECTED]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: Drive with no partition number
On Tue, 05 Nov 2002 09:44:54 CST, Rob VanFleet writes: <...> > it has no partition numbers. I can mount it as /dev/hdb and everything >works as normal, but I haven't seen that done before, so I'm wondering >if this is something that will cause me problems in the future, or if >it's perfectly normal. That's what I usually do if I don't need to boot from the drive or more than one filesystem living on it. I wouldn't see the point in adding that extra layer of abstraction. It won't even cause you problems in the future unless you want to access the data from OSs that assume a partition table on everything (eg windos). cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
latest apache security update broke php
Hi! As the subject says. All I get now from SSI-stuff like (correctly expanded to I did a diff between the old and new httpd.conf-files but found nothing usable. There's also nothing noted in error.log. php via apache-ssl (which I haven't upgraded yet) still works. Any hints? cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: ext2 vs ext3 vs xfs vs reiserfs
On Mon, 25 Nov 2002 10:53:25 EST, Derrick 'dman' Hudson writes: >| d) compatibility (is it possible to convert from one FS type to another) > >ext3 is just ext2 with a journal added (in a "hidden" .journal file). >If you have an older kernel without ext3 support you can still mount >the fs as ext2 and ignore without the journal at that point. Then you >can mount it later as ext3 (with a kernel that supports it). Which is especially cool if you created an "old" (as the Debian installer calls it) ext2-fs and later add the journal and thus convert it to ext3. Because that way you can still use 2.0-kernel - based tools like tomsrtbt (<http://www.toms.net/rb/>) for, say, disaster recovery. All my filesystems are "upgraded" ext2 for exactly that reason and I have yet to regret that decision. >AFAIK the other systems are not in any way compatible/interchangeable >with others. Yup. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
apache log question
Hi!
In httpd.conf, I have defined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/apache/referer_log referer
CustomLog /var/log/apache/agent_log agent
CustomLog /var/log/apache/access_log combined
However, agent_- and referer_log stay empty, and in access_log I never
ever have a referrer or user-agent logged.
I have a feeling that I will feel tremendously stupid, but I just can't
figure it out ATM, so TIA for any advice.
cheers,
&rw
--
/ Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \
\ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
signature.ng
Description: PGP signature
Re: apache log question
On Tue, 03 Dec 2002 00:23:09 +0100, Robert Waldner writes:
>LogFormat "%{Referer}i -> %U" referer
<...>
>I have a feeling that I will feel tremendously stupid, but I just can't
> figure it out ATM, so TIA for any advice.
Thanks to all who have pointed out my error in private mail (to save me
the shame ;) ).
Of course, when properly spelled as "Referrer", everything works out
just fine. ^^
cheers,
&rw
--
/ Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \
\ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
signature.ng
Description: PGP signature
Re: apache log question
On Mon, 02 Dec 2002 20:54:54 CST, Gary Turner writes: >Have you tried backing out of your current config and using the >sample/default httpd.conf from the package? Make the minimum edits and >browse from localhost to test. If that works, diff the two files. >Check all references to paths and logs. It's probably something as >simple as a typo :) I can't do that, as I'd have to remove all ~ 200 vhosts first ;) But >>Of course, when properly spelled as "Referrer", everything works out >> just fine. >This doesn't seem likely. you were right there , except that apache now logs at least "-" and the user-agent, which is more than simply nothing. And those files exists (I triple-checked right now), have the right permissions et al (apache screams bloody murder anyway if that isn't the case). yell4help? ;) cheers+TIA, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: How insecure are cable connections, versus dialup?
On Mon, 09 Dec 2002 02:22:34 PST, Vineet Kumar writes: >>> - install a firewall that just drops any incoming connection from your >>> cable-connected ethernet interface. (I would recommend using fwbuilder >> The security gained with this step is epsilon under Linux if you don't >> have services that aren't needed installed. >I've seen many redhat boxes in which installed rootkits included >something to the effect of 'echo "6969 stream tcp wait root /bin/sh" >> >/etc/inetd.conf'. Having a firewall up in this case prevents the >cracker from using the installed backdoor, even after an >intentionally-exposed service is broken. It's a very good safety net to >have, especially in the case of an always-on static-IP-address cable >connection, which is likely to be swept by script kiddies who then >later try to connect to the boxes their scripts successfully penetrated. Of course, the real point is to never rely on one safety net alone. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
sendmail just queueing everything
Hi! On my (home) box, I seem to to have a problem with sendmail: it just queues everything until I start a queue-run manually, then everything goes out as expected. Eg I send a mail at 01:18, and at 01:52 it's still in the queue, no problems mentioned. Connectivity was there all the time (I know, since I was ssh'ed into smart.host all the time and did stuff there). :) waldner@fsck->~ $ mailq -v MSP Queue status... /var/spool/mqueue-client is empty Total requests: 0 MTA Queue status... /var/spool/mqueue (2 requests) -Q-ID- --Size-- -Priority- ---Q-Time--- Sender/Recipient gBO0IpOB032162 1609 30832 Dec 24 01:18 gBO0qDOB001737 1261 31178 Dec 24 01:52 :) waldner@fsck->~ $ sudo runq -v Running the MSP queue... Running the MTA queues... Running /var/spool/mqueue/gBO0IpOB032162 (sequence 1 of 2) ... Connecting to smart.host. via relay... The log, actual delivery via hand-initiated runq: :) waldner@fsck->~ $ sudo grep gBO0IpOB032162 /var/log/mail/mail.log Dec 24 01:18:52 localhost sm-mta[32162]: gBO0IpOB032162: from=, size=2441, class=0, nrcpts=1, msgid=<200212240018.gBO0Ipav032161@home>, proto=ESMTP, daemon=MSA, relay=localhost [127.0.0.1] Dec 24 01:18:52 localhost sendmail[32161]: gBO0Ipav032161: to=some@where, ctladdr=waldner (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30570, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (gBO0IpOB032162 Message accepted for delivery) Dec 24 01:54:46 localhost sm-mta-queue[1805]: gBO0IpOB032162: to=, ctladdr= (1000/1000), delay=00:35:54, xdelay=00:00:01, mailer=relay, pri=120832, relay=smart.host. [i.p.a.d], dsn=2.0.0, stat=Sent (gBO0skBh032423 Message accepted for delivery) And yes, smart.host was responsive and accepting mail all the time (lots of mail initiated from other hosts in that timeframe). sendmail at both home and smart.host is 8.12.3-4. Any ideas/hints/flames? cheers+TIA, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: Permissions for non-root user to use ppp
Some (like me) who need send/expect may also have to chown root:dip /usr/bin/expect which is root:root by default (at least in slink). This way it worked for me. &rw >Brian Servis wrote: >> The default setup for Debian is to make everything for ppp use with >> ownership of root.dip. So you should have just added your user account >> to the dip group. See /usr/doc/ppp/README.Debian.gz for more info. My >> user is also in group dialout which my ttyS? devices are root.dialout. >> But I don't know if a current slink is setup by default that way or not >> anymore. -- - ___ - Robert Waldner Junior Network Engineer // / ___ _/_ -- <[EMAIL PROTECTED]> RW960-RIPE --- /--- / / / / /___/ / --- EUnet EDV-DienstleistungsgesmbH -- /___ /___/ / / /___ /_ Diefenbachgasse 35 A-1150 Wien - - Tel: +43 1 89933 0 Fax: +43 1 89933 533
Re: how do i NAT a legacy network ?
On Thu, 07 Oct 1999 11:48:10 +0530, "venu" writes: >NAT -- for 2.0.36 and 2.2.x is available ... but it does NOT support "Dynamic >NAT" i.e. 95.x.x.x NATed behind ONE IP If you use kernel 2.0.x, have a look at ipfwadm, the masquerading option does exactly what you want. The kernel does not actually know about RFC1918, it's all IP-adresses to him ;-) &rw -- - ___ - Robert Waldner Junior Network Engineer // / ___ _/_ -- <[EMAIL PROTECTED]> RW960-RIPE --- /--- / / / / /___/ / --- EUnet EDV-DienstleistungsgesmbH -- /___ /___/ / / /___ /_ Diefenbachgasse 35 A-1150 Wien - - Tel: +43 1 89933 0 Fax: +43 1 89933 533
exim and +@domain
Hi! I need above construct for use with procmail. How can I tell exim to accept all + and deliver it to ? &rw -- - ___ - Robert Waldner Junior Network Engineer // / ___ _/_ -- <[EMAIL PROTECTED]> RW960-RIPE --- /--- / / / / /___/ / --- EUnet EDV-DienstleistungsgesmbH -- /___ /___/ / / /___ /_ Diefenbachgasse 35 A-1150 Wien - - Tel: +43 1 89933 0 Fax: +43 1 89933 533
exim && received:-lines
How can I get exim to put the envelope-to in the received-line? please reply to the list, i'm not subscribed at home but at work... &rw
Re: 3com 3c905b
On Thu, 28 Oct 1999 18:21:49 MDT, Art Lemasters writes: > Those darned model numbers are confusing, aren't they? ;-) >I'm running the same driver for my 3c905tx, though. The config >for the 2.2.12 kernel said it was good for both the 3c59x series >and the 3c90x series ethernet cards, IIRC. the driver will work with the 3x509b, just use the disk that comes with the card and disable plug'n pray if you don't want to mess around with isapnp... &rw -- - ___ - Robert Waldner Junior Network Engineer // / ___ _/_ -- <[EMAIL PROTECTED]> RW960-RIPE --- /--- / / / / /___/ / --- EUnet EDV-DienstleistungsgesmbH -- /___ /___/ / / /___ /_ Diefenbachgasse 35 A-1150 Wien - - Tel: +43 1 89933 0 Fax: +43 1 89933 533
Re: Route Table, more info
On Tue, 23 Nov 1999 08:02:43 CST, "Marc Mongeon" writes: >Jason: > >You have nothing else on the ethernet segment that contains the router >internal interface and the debian eth1 interface, right? First, stop >paying for 2 IP addresses that you don't need. Assign "internal" IP >addresses to the router internal and debian eth1 interfaces, from one >of these IP networks: 10.0.0.0/8, 192.9.200.0/24, or, um... some class >B network whose number I can't think of right now. that would be: 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 _Don't_ use 192.9.200.0, these aren't private ip-adresses, take a look at RFC1918. &rw -- - ___ - Robert Waldner Junior Network Engineer // / ___ _/_ -- <[EMAIL PROTECTED]> RW960-RIPE --- /--- / / / / /___/ / --- EUnet EDV-DienstleistungsgesmbH -- /___ /___/ / / /___ /_ Diefenbachgasse 35 A-1150 Wien - - Tel: +43 1 89933 0 Fax: +43 1 89933 533
Re: Is sendmail open to relay?
On Thu, 25 Nov 1999 12:39:24 EST, Peter S Galbraith writes: >You can use a mail client on another machine (e.g. pine), set the >smarthost and try it. There used to be a web site that could do a test >for you: http://maps.vix.com/tsi/ar-test.html They don't do the >test anymore but have info. A working online-tester can be found at http://www.abuse.net/relay.html>. &rw -- - ___ - Robert Waldner Junior Network Engineer // / ___ _/_ -- <[EMAIL PROTECTED]> RW960-RIPE --- /--- / / / / /___/ / --- EUnet EDV-DienstleistungsgesmbH -- /___ /___/ / / /___ /_ Diefenbachgasse 35 A-1150 Wien - - Tel: +43 1 89933 0 Fax: +43 1 89933 533
Re: openssl-dev anywhere?
On Fri, 13 Sep 2002 13:24:41 +0200, "Heilig (Cece) Szabolcs" writes: >I need to compile bsdftpd-ssl on a Debian GNU/Liux box. >After configuring and running make, it drops error: <...> >I have openssl package installed, but i think, that compile >needed openssl headers. I think the place of that headers >have to be in openssl-dev or similar named package, but i can't >find that. How can i provide openssl headers in Debian >way? Go to http://www.debian.org/distrib/packages -> "Search the contents of packages" for "openssl/buffer.h": Et voila, it's libssl-dev. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg02148/pgp0.pgp Description: PGP signature
proprietary software problem (ut23003_demo)
Hi! As the subject says, I have a problem with unreal tournament 2003 (demo). On my home-box it works just fine, but on my laptop at work it doesn't. The output is: Xlib: extension "XiG-SUNDRY-NONSTANDARD" missing on display ":0.0". OpenGL renderer relies on DXTC/S3TC support. xdpyinfo doesn't find that externsion either. But since I'm using the more-or-less same setup on both PCs (X 4.1.0-16 with the latest and greatest nvidia drivers), I'm somewhat confused. googling for the problem didn't turn up anything either. Any hints? cheers+tia, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg02345/pgp0.pgp Description: PGP signature
Re: creating a c: filename
On Tue, 21 Dec 2004 10:37:33 +0100, Bob Alexander writes: >My Notes client under WINE setup needs to configure a directory called >dosdevice which needs to be populated by symlinks to the filesystem. > >These symlinks must be called c: d: etc > >I am not able to understand how can I create such "wierd" names. > >Tried with '' with "" with \: etc but nothing worked. Which filesystem do you use? On my laptop, ext3: :) [EMAIL PROTECTED]>/tmp $ mkdir d :) [EMAIL PROTECTED]>/tmp $ ln -s d d\: :) [EMAIL PROTECTED]>/tmp $ ls -la | grep d: lrwxrwxrwx1 waldner waldner 1 Dec 21 10:42 d: -> d cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpW9ghVL48Cv.pgp Description: PGP signature
Sarge box not rebooting..
Hi! I have a HP DL380 here with Sarge (current as of now) on it. Problem is that it's not rebooting, eg if I call `reboot` or `telinit 6`, it starts sending out TERM and KILL signals, and everything is stopping, up to and including klogd and syslogd. Then, instead of writing "Rebooting... " (and actually rebooting), as I'd expect, it again writes "Sending all processes the TERM signal ..." and does nothing more. fragula:/etc/rc6.d# ls -l ... lrwxrwxrwx 1 root root 13 2004-06-23 02:39 K89atd -> ../init.d/atd lrwxrwxrwx 1 root root 17 2004-06-23 02:40 K89hotplug -> ../init.d/hotplug lrwxrwxrwx 1 root root 15 2004-06-23 02:39 K89klogd -> ../init.d/klogd lrwxrwxrwx 1 root root 18 2004-06-23 02:39 K90sysklogd -> ../init.d/sysklogd lrwxrwxrwx 1 root root 18 2004-06-23 02:38 S20sendsigs -> ../init.d/sendsigs lrwxrwxrwx 1 root root 17 2004-06-23 02:38 S30urandom -> ../init.d/urandom lrwxrwxrwx 1 root root 22 2004-06-23 02:38 S31umountnfs.sh -> ../init.d/umountnfs.sh lrwxrwxrwx 1 root root 20 2004-06-23 02:39 S35networking -> ../init.d/networking lrwxrwxrwx 1 root root 18 2004-06-23 02:38 S40umountfs -> ../init.d/umountfs lrwxrwxrwx 1 root root 16 2004-06-23 02:38 S90reboot -> ../init.d/reboot Any hints? The /etc/init.d/reboot file is what I expected: echo -n "Rebooting... " reboot -d -f -i but as it doesn't even display "Rebooting" I guess it doesn't actually come as far as calling it. cheers+TIA, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpLkcc6j4wQf.pgp Description: PGP signature
Re: Sarge box not rebooting..
On Mon, 27 Dec 2004 12:25:08 +0100, John Smith writes: >On Mon, 2004-12-27 at 10:48 +0100, Robert Waldner wrote: >> I have a HP DL380 here with Sarge (current as of now) on it. Problem > It must be one of the most mentioned boxes on these lists, a >distinction I wouldn't crave, as it's manufacturer... (Hey, HP, are you >listening? You are using Debian inhouse, why don't you contribute a bit >more, we are convinced of the hardware quality!) Tell me about it :( - unfortunately I've no control whatsoever about the choice of hardware. >As it's not even displaying "Rebooting", did you check >the /etc/init.d/reboot permissions? How about calling it directly with >a sh -x? It doesn't come as far. I've checked further, and what's holding it up is /etc/rc6.d/S20sendsigs, the `killall5 -15`. I strace'd it, and the last thing I get is "rt_sigaction(-1, SIGSTOP" (note the missing ")"). If I background both killall5's, it comes as far as "Saving random seed... done", eg S30urandom finishes. Hmm, can it be that killall5 doesn't actually manage to *not* kill itself? This would be a quite grave bug. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpKee55JF7XP.pgp Description: PGP signature
Re: Sarge box not rebooting..
On Mon, 27 Dec 2004 18:25:43 GMT, "Miquel van Smoorenburg" writes: >>>> I have a HP DL380 here with Sarge (current as of now) on it. Problem >>>> is that it's not rebooting, eg if I call `reboot` or `telinit 6`, it >>>> starts sending out TERM and KILL signals, and everything is stopping, >>>> up to and including klogd and syslogd. Then, instead of writing >>>> "Rebooting... " (and actually rebooting), as I'd expect, it again >>>> writes "Sending all processes the TERM signal ..." and does nothing >>>> more. >> I've checked further, and what's holding it up >> is /etc/rc6.d/S20sendsigs, the `killall5 -15`. I strace'd it, and the >> last thing I get is "rt_sigaction(-1, SIGSTOP" (note the missing ")"). > >Ofcourse, by then the strace process is sigSTOPped too. Heisenbug. D'oh! >> If I background both killall5's, it comes as far as "Saving random >> seed... done", eg S30urandom finishes. >> >>Hmm, can it be that killall5 doesn't actually manage to *not* kill >> itself? > >Ofcourse it goes through great lengths to do exactly that - NOT >kill itself. It kills all processes _except_ itself and its >caller. Any hints on what it _could_ be, or on what I can do to further narrow down the problem? cheers+tia, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpZ2zDgEFQUZ.pgp Description: PGP signature
Re: Sarge box not rebooting..
On Tue, 28 Dec 2004 08:40:48 +0100, Robert Waldner writes:
>>>Hmm, can it be that killall5 doesn't actually manage to *not* kill
>>> itself?
>>Ofcourse it goes through great lengths to do exactly that - NOT
>>kill itself. It kills all processes _except_ itself and its
>>caller.
>Any hints on what it _could_ be, or on what I can do to further narrow
> down the problem?
Well, I expanded killall5.c with a couple printf's:
...
int main(int argc, char **argv)
{
...
signal(SIGTERM, SIG_IGN);
signal(SIGSTOP, SIG_IGN);
signal(SIGKILL, SIG_IGN);
/* Now stop all processes. */
// changes rw
printf("now doing kill(-1, SIGSTOP);\n");
kill(-1, SIGSTOP);
sent_sigstop = 1;
printf("done with kill(-1, SIGSTOP);\n");
...
and the last thing I see on the console is the first printf.
Screenshot (thanks to iLO) at
http://www.waldner.priv.at/temp/killall5.jpg
So to me it seems like "signal(SIGSTOP, SIG_IGN);" either isn't
honored, and killall5 itself killed, or else it kills something else
essential, but what could that be?
Plus, I've discovered 3 other boxen, various DL360/380, with the same
problem. Isn't there anyone else with Compaq/HP gear and this problem?
cheers,
&rw
--
/ Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \
\ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
pgpCXpBZM0NVH.pgp
Description: PGP signature
Re: Sarge box not rebooting..
On Tue, 28 Dec 2004 17:02:16 GMT, Miquel van Smoorenburg writes: >> So to me it seems like "signal(SIGSTOP, SIG_IGN);" either isn't >> honored, and killall5 itself killed, or else it kills something else >> essential, but what could that be? >No, kill(-1, SIGWHATEVER) is guaranteed to kill all processes >/except/ the caller. "man 2 kill" on any unix/linux box. What kernel >are you using, this might be a kernel bug. Is this an i386 or >another architecture ? 2.4.27, from kernel-image-2.4.27-1-386, i386 arch, straight Sarge from d-i RC2, `apt-get upgrade` up-to-date as of now. >(You're not running bootlogd somehow at shutdown time are you ?) Nope, only klogd is still running (I've put an `ps ax | grep log` right before the first killall5 call into sendsigs). >> Plus, I've discovered 3 other boxen, various DL360/380, with the same >> problem. Isn't there anyone else with Compaq/HP gear and this problem? >I doubt it is compaq specific, but there must be something else >out of the ordinary here or everybody would have this problem. If only I had any idea on what it could be :( I've put more info (`dpkg -l`, `ps auxwww`, cpuinfo, meminfo, lsmod) at http://www.waldner.priv.at/temp/machine.txt (it'd make for one long email otherwise). cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgp7l1c6LYEM9.pgp Description: PGP signature
Re: Sarge box not rebooting..
On Tue, 28 Dec 2004 18:30:27 +0100, Robert Waldner writes: >>No, kill(-1, SIGWHATEVER) is guaranteed to kill all processes >>/except/ the caller. "man 2 kill" on any unix/linux box. What kernel >>are you using, this might be a kernel bug. Is this an i386 or >>another architecture ? >2.4.27, from kernel-image-2.4.27-1-386, i386 arch, straight Sarge > from d-i RC2, `apt-get upgrade` up-to-date as of now. >I've put more info (`dpkg -l`, `ps auxwww`, cpuinfo, meminfo, lsmod) at > http://www.waldner.priv.at/temp/machine.txt (it'd make for one long > email otherwise). I've now tested through a couple kernel-images, and found that the problem does NOT manifest itself when it's an SMP-kernel, eg 2.4.26-1-686-smp and 2.4.27-1-686-smp are fine, but the default 2.4.26/7-1-386 and their respective -686 siblings aren't. What remains is the question if I should file this as a (grave?) bug against kernel-image-2.4.27-1-386. And, for people googling this up later: DO NOT run the standard Sarge kernel 2.4.27-1-386 on HP/Compaq DL380 machines, you won't be able to reboot/shutdown them. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgp8MVU6hK8bp.pgp Description: PGP signature
Re: Re: Sarge box not rebooting..
(not at the office today, I hope I got the reply right nonetheless) Miquel van Smoorenburg wrote: >Well, it would be perfect if you could reproduce this. Try something like: >If this prints "Caught SIGCLD" then that is a severe kernel bug. >Try both "cc foo.c" and "cc foo.c -lpthread" please. Doesn't print anything with neither 2.4.27-1-386 nor 2.4.27-1-686-smp, -lpthread makes no difference. >Oh and what is the output of "ldd /sbin/killall5" ? /sbin/killall5: libc.so.6 => /lib/libc.so.6 (0x4001b000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) /sbin/killall5.orig: libc.so.6 => /lib/libc.so.6 (0x4001b000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) (.orig is from the Debian package, the other one the self-built with the extra printf's). cheers, &rw -- -- "Frei nach Moores Gesetz: Der Ressourcenbedarf fuer ein und -- die selbe Aufgabe vervierfacht sich alle 18 Monate. Irgendwann -- wird man stolz sein, wenn man sleep(1) in Echtzeit schafft." -- - Andreas Riedel in d.a.s.r. pgpZzUAeCCd5t.pgp Description: PGP signature
Re: can't the shell do a better job
On Tue, 04 Jan 2005 11:01:32 +0100, Dani Belz writes: >Let's assume I search for 'cdrecord'. I find several entries in >history, but not the one I was searching for. So I do a C-a C-k or a >C-u to get an empty prompt again. But now, I am somewhere in the >middle of the history. Is there a possibility to jump to the end of >history again? C-c works for me. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpZDiP8qyXZF.pgp Description: PGP signature
Re: Debian on an old PC
On Wed, 05 Jan 2005 08:06:07 CST, Jacob S writes: >> I need some advice. Is debian fit for a Pentium 100MHz PC with 16MB >> RAM and approx 4Gb harddisk? Are there anyone who has experience with >> such a slow machine running debian (or any other linux dist)? 16 MB RAM is ok, provided you don't want anything (graphically) fancy. But for, say, fvwm2, mutt and a couple xterms it should be usable. >I'm currently using a Pentium 133Mhz with a 3GB hard drive for my >firewall. It does, however, have 64MB of ram instead of 16MB. Heh. I have a 386 with 4 MB RAM as a firewall ;) (although getting Woody on it was quite an adventure, as the installer alone needs more memory). >You could probably use your computer for similar purposes, though I >would recommend trying to get a little more ram in it. You could >also use it as a dumb terminal for running off a terminal server. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpW7W89QbhEu.pgp Description: PGP signature
Re: Broken part of ram -- 100% broken?
On Mon, 09 May 2005 12:44:25 PDT, Alexander Toresson writes: > just to check, I ran memtest86 on it, to check >the ram. Result: lots of errors between 14 and 17 mb. Run memtest86 repeatedly, and allow the machine to cool off between tests. It may well show that the "bad" parts aren't consistent between checks, in which case you're probably out of luck. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpJozt3MPTCF.pgp Description: PGP signature
Re: Installing redhat 7.2 under debian
On Tue, 07 Jun 2005 15:40:03 +0800, Gokul Poduval writes: >I have a new machine on which I have installed Debian Sarge. I need to run >some legacy applications that run only on redhat 7.2 (due to the stupid g++- >2.96). Redhat 7.2 wont install on my machine because of lack of drivers. Is >there anyway I can install a redhat 7.2 environment in a directory under >debian ? Short of running vmware, I'd guess that should be quite possible with Linux VServer, from <http://linux-vserver.org/short+presentation>: First for those who still haven't heard of the vserver project: It allows you to run linux inside linux: Any distributions inside any distributions. Each virtual server has its own packages, its own services, its own users and is confined to using some IP numbers only and some area(s) of the file system. You can think of them as virtual machines. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpgSa2Cevtj6.pgp Description: PGP signature
Re: apt or aptitude on sarge
On Wed, 08 Jun 2005 13:28:07 +0200, Frank Gevaerts writes: >> I note that it seems that aptitude is recommended over apt for Sarge. I >> was wondering if it's as str forward as just using aptitude from now on? >> eg I do not have to rebuild anything the first time i use aptitude (ie >> it uses the same dpkg info as apt - but in that case why is aptitude >> recommended over and above apt?) >AFAIK It has a somewhat different dependency reolution engine, which seems >to be better at large dist-upgrades than apt in most cases. I've upgraded 5 or 6 machines to Sarge since Monday, using aptitude. Whilst for the most part it worked fine, it "held back" a great many packages, though I wasn't able to figure out the reason. So I ran an `apt-get upgrade` afterwards, which also pulled those packages up to Sarge versions. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpoKBI1SsVEt.pgp Description: PGP signature
Re: limiting access
On Sun, 20 Aug 2000 11:18:17 PDT, kmself@ix.netcom.com writes: >> On Sun, Aug 20, 2000 at 02:11:00AM -0700, kmself@ix.netcom.com wrote: >> > As suggested, the restricted shell. Invoked with rbash or bash -r. >> >=20 >> > This doesn't allow changes to $PATH, users can't cd, and a number of >> > other restrictions exist. You *have* to either point users to a system >> > directory with commands they can use, or create a commands directory for >If it wasn't apparent, this was the sort of configuration I was >advocating. An alternative would be to have some sort of an "rbash/bin" >directory someplace which all restricted users could be pointed at. >You'd want to avoid including, for obvious reasons, /bin, /usr/bin, or >administrative commands. This is what I was looking for, now all I need is some time, and I´ll see what I can do (to them :). Thanks! cheers, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
q ad security.debian.org
Hi! Up till potato was released, I had a working entry deb http://security.debian.org/ stable updates in my apt/sources.list. Now I get Err http://security.debian.org stable/updates Packages 404 Not Found Someone willing to clue me up? I´m running all packages, except the kernel and samba, updated to potato here, TIA, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: q ad security.debian.org
>deb http://security.debian.org/ potato/updates main contrib non-free works. Thanks! I´ll have to remember that when woody becomes stable ;-) On Tue, 22 Aug 2000 11:26:03 +0200, Preben Randhol writes: >Robert Waldner <[EMAIL PROTECTED]> wrote on 22/08/2000 (11:20) : >> Someone willing to clue me up? I´m running all packages, except the >> kernel and samba, updated to potato here, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: ISP server assigned nameserver addressing - how?
On Tue, 22 Aug 2000 13:40:11 BST, Phillip Deackes writes: >I have always added my ISP's nameservers address to /etc/resolv.conf and >have found that most ISPs tend to specify that you should set up Windows >DUN for server assigned DNS addresses. On occasions I have found it very >difficult to get hold of actual numeric addresses. To be sure, add the nameservers to /etc/resolv.conf manually. I also suggest doing so in Windos, server-assigning nameservers tends to be somewhat unstable, so every _good_ ISP will hand you the addresses numerically, at least per request. >Can nameserver addresses be otained dynamically with Linux? All the >documentation I have read points to physically adding the address to >/etc/resolv.conf It´s a feature of PPP, if you do it the debian-way, just run pppconfig and set the nameservers to "dynamic". If you fire PPP manually, man pppd. I suggest turning on debugging in pppd, the assigned nameservers should be logged and you can then add them manually to resolv.conf. hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
getting rid of ide-scsi-emulation
Hi!
Until recently I had an IDE-cd-recorder, so I used ide-scsi-emulation
to get it running, compiled it into the kernel and put it into lilo
append="ether=5,0x360,eth1 hda=49585,16,63 hdc=ide-scsi
max_scsi_luns=1"
Now that I have a SCSI one, I want to get rid of the emulation, but
don´t want to compile yet another kernel, so I simply removed the
ide-scsi-bit from the append-line and re-run lilo
append="ether=5,0x360,eth1 hda=49585,16,63"
I thought all was well until I looked at the screen while rebooting
today (complete output at the far below):
scsi : detected 1 SCSI tape 9 SCSI cdroms total.
Now I physically have a scsi-tape, a scsi-cdr and an ide-cdrom, and I
know that last time I looked it said about 1 scsi tape and 1 scsi cdr,
just as it should.
Any hints (other than recompile without ide-scsi-emu)?
TIA,
&rw
scsi-ncr53c7,8xx : at PCI bus 0, device 12, function 0
scsi-ncr53c7,8xx : warning : revision of 35 is greater than 2.
scsi-ncr53c7,8xx : NCR53c810 at memory 0xf880, io 0xd400, irq 10
scsi0 : burst length 8
scsi0 : NCR code relocated to 0x90600 (virt 0x00090600)
scsi0 : test 1 started
scsi0 : NCR53c{7,8}xx (rel 17)
scsi1 : SCSI host adapter emulation for IDE ATAPI devices
scsi : 2 hosts.
scsi0 : target 1 accepting asynchronous SCSI
scsi0 : setting target 1 to asynchronous SCSI
Vendor: HPModel: C1533ARev: 9503
Type: Sequential-Access ANSI SCSI revision: 02
Detected scsi tape st0 at scsi0, channel 0, id 1, lun 0
scsi0 : target 4 accepting asynchronous SCSI
scsi0 : setting target 4 to asynchronous SCSI
Vendor: TEAC Model: CD-R58S Rev: 1.0K
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr0 at scsi0, channel 0, id 4, lun 0
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Detected scsi CD-ROM sr1 at scsi1, channel 0, id 0, lun 0
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr2 at scsi1, channel 0, id 0, lun 1
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr3 at scsi1, channel 0, id 0, lun 2
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr4 at scsi1, channel 0, id 0, lun 3
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr5 at scsi1, channel 0, id 0, lun 4
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr6 at scsi1, channel 0, id 0, lun 5
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr7 at scsi1, channel 0, id 0, lun 6
Vendor: ASUS Model: CD-S500/A Rev: 1.20
Type: CD-ROM ANSI SCSI revision: 02
Detected scsi CD-ROM sr8 at scsi1, channel 0, id 0, lun 7
scsi : detected 1 SCSI tape 9 SCSI cdroms total.
Type: CD-ROM ANSI SCSI revision: 02
--
/ Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \
\KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: ISP server assigned nameserver addressing - how?
On Tue, 22 Aug 2000 22:23:02 PDT, Nate Amsden writes: >in 99.9% of cases you do not have to use your ISP's DNS. you can use any >DNS(use mine if you want 209.102.24.193 & 194) to find an ISP's numeric >DNS i would suggest using WHOIS, or dig. But using "further" away DNS´s _will_ affect your browsing speed, eg if netscape wants to connect to a page with lots o banners or otherwise linked other sites there´s easily 20-30 dns-lookups per page, and netscape does them one after one, so there are seconds lost sometimes before netscape even gets the the whole page html-wise... &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Login with user name in CAPS
On Thu, 24 Aug 2000 09:36:31 EDT, "Lewis, James M." writes: >I didn't know linux did this. It's an old unix feature. >Way back when, there were terminals that only had uppercase. Umm, way back in an Austrian school, about 1995...terminals for a BS2000 (a sinix(unix-)clone from Siemens iirc) mainframe...20 pupils for their first experience with unix...teacher tells " this, then that, then " - pupil "can´t we just pipe this to grep and..." - teacher "do as your told, you don´t have to understand anything, thats not why you´re here" and yes, there were capital letters, only, then. scnr, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Password decrypting ? Sendmail problems ?
On Thu, 24 Aug 2000 23:49:16 +0200, Oliver Schoenknecht writes: > After >some search I got his password file which you see below ... I for >myself can make out the different users but the passwords are >encrypted does anyone of you know how to decrypt those strange >letters into clear text ? go to freshmeat.net and search for john, it´s a (more or less) brute -force password-cracker, if he was silly enough to choose an insecure password, you´re there. hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Password decrypting ? Sendmail problems ?
On Thu, 24 Aug 2000 22:56:03 PDT, Nate Amsden writes: >Robert Waldner wrote: >> go to freshmeat.net and search for john, it´s a (more or less) brute >> -force password-cracker, if he was silly enough to choose an insecure >> password, you´re there. > >thats one of the downsides to non-US systems, looks like that box is >german, finding dictionaries for foreign languages can be >difficult(finding good ones too) not that i've cracked any password >files for 5-6 years maybe things have changed.. hmm, my regular attempts here at work (in .at, german speaking) with john were getting results mostly after half an hours worth of computing. Password quality has been _much_ improved by my regular sessions with john ;-). My guess is (haven´t had a really close look at the documentation, though) that john simply leaves out all characters but lowercase und numbers. This greatly reduces the maximum number of possiblities... &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: You are a Linux Guru!
>On Fri, 25 Aug 2000 kmself@ix.netcom.com wrote: > >> I believe it's possible (and generally recommended) *not* to go about >> using dselect to install packages on installation. My generally >> suggested MO is to get the minimal install set (the default), and then >> start adding packages afterwards. This is actually what I like most on apt/dpkg: ever tried installing only the base-system and then just doing something like ´apt-get install exmh´? I´d like to see another package manager *that* powerful... &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
eth0-=promiscous mode?
Hi! I used tcpdump on my eth0-interface in promiscous mode and now I don´t know how to get it out of it :( Since my log-files are oversizing I have changed all my firewall-rules to non-logging for the time being but clearly this is not the ideal solution. A simple reboot would fix the problem, I´m sure, but I wouldn´t consider this until it´s the last option left. There *has* to be a more elegant way. Anybody willing to point me in the right direction? TIA, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: eth0-=promiscous mode?
On Fri, 25 Aug 2000 21:59:39 +0200, Robert Waldner writes: >Anybody willing to point me in the right direction? lart($self,"man ifconfig"); ifconfig --help didn´t show, but man... time to get out of panic-mode... &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: sendmail reports I/O problem
On Mon, 28 Aug 2000 11:40:04 +0200, Sven Burgener writes: >>>> DATA >354 Ok Send data ending with . >[EMAIL PROTECTED] ... I/O error This means your ISP has troubles (probably a too-full disk) on their mailserver. Phone them and complain. If they´re not wanting to accept mail bigger than <$SIZE> then they should complain at >>> MAIL From:<> SIZE=150895 where your mailserver tells them the size of the mail. hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Very strange system/sound problem
On Tue, 29 Aug 2000 19:08:02 BST, Barry Samuels writes: >Mains electricity supply (although the computer is on an UPS). >Faulty component somewhere. s/faulty/not properly grounded/ ? A tip: - Does it happen with headphones also? - Your speakers may have other grounding than your PC[1], so current may build up under some circumstances. hth, &rw 1: I guess they aren´t powered via the UPS? -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
q ad refusing smtp-conns with sendmail
Hi! I´m looking for a solution which will let me refuse smtp-connections from some hosts with specific 5xx-error-messages. Any hint in the right direction? (Other than writing my own sendmail-rules, I tried but didn´t really understand the most part of them.) I *think* there´s a package out there which does that, but I cannot recall the name... TIA, &rw
Re: q ad refusing smtp-conns with sendmail
On Wed, 30 Aug 2000 13:19:44 EDT, Richard A Nelson writes: >On Wed, 30 Aug 2000, Robert Waldner wrote: > >> >> I´m looking for a solution which will let me refuse smtp-connections >> from some hosts with specific 5xx-error-messages. > >sendmail will do this for you... > >The access.db will allow you to reject certain users and or sites, >and give you the opportunity to specify the rejection code. Thanks, exactly what I was looking for. >Make sure you're at a current sendmail release (8.11.0) and see Umm, I think I´ll stay with 8.9.3-21, never touch a running system ;-) &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: ssh from nt?
>There are three that I know of: > >* TeraTerm >* PuTTY >* SecureCRT (to complete the list) * F-secure SSH >Note, however, that TeraTerm and PuTTY will only work with SSH v1; if you >need SSH v2 your only choice (that I know of) is SecureCRT. f-secure does ssh2 also, but if I had the choice, I=B4d go for teraterm, much easier to configure, use and *free*. &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
general backup question/tar
Hi! At the moment I´m cycling through a few tapes doing backups every week or so with tar cvz --exclude /proc --exclude /dev --exclude /tmp / >/dev/st0 Are there any precautions I should take that I have forgotten/not yet heard about? I can do a recover to someplace (eg /tmp/recover) and get the files I need but is this considered good practice or am I missing something? Also, is there a possibility to find out (rather than trying through tar tv(Iz)) if a tape is tar.gz, tar.bz2 or plain tar? Thanks for any advice, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: general backup question/tar
On Sun, 03 Sep 2000 23:53:36 PDT, Alvin Oga writes: >my favorite topic for "flame wars"next to dns flames... ;-) >I like tar for backups > - and i dont worry about restore too much... > since if you need to restore...something else is probably > (seriously) wrong too > > - restoring a file from tape is too too painful... Hmm, restoring is a pita regardless from where ;-) . I have enough temp space to be able to do a full restore in case of trouble >since tapes are expensive compared to $100 for 20Gb of disks I agree that they´re not *that* much cheaper (at least DDS-2 tapes <-> large EIDE-disks) but a factor of 5 is a factor of 5 (90m DDS-2 tape (2GB) is about USD 2, eg USD 1/GB tape <-> USD 5/GB disk). Then there´s reliability (not a single tape has failed me in 7 years, but at least 10 disks have. and I have had *much* more tapes than disks). >I only use disks for backup of systems... > - disks backups are fast and can be almost hot swappable I don´t worry about speed, the box has all night ;-) . Also if I would like to have hot-swappable disk-backup _and_ at least 8 full backups, I´d have to buy 8 disks. And USD 1k is out of the question for me. My DDS-2 drive, refurbished, costs ~ USD 70... > - remember too that you have stuff on the original cdrom > so i rarely if ever backup /usr/X11R6 /lib etc..etc... I like *full* backups, no hassles, no problems with different versions etc pp. I simply do a full backup every week or so, cycling through (at the moment) 8 tapes. &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: sendmail reports I/O problem
On Mon, 04 Sep 2000 19:19:42 +0200, Sven Burgener writes: >it's me again. Problem's solved. that´s good ;-) >On Mon, Aug 28, 2000 at 03:29:08AM -0700, Nate Amsden wrote: >> i agree with robert, it must be a prob with your ISP. > >In fact you're correct. The problem was at our provider whose routers >/ mail servers weren't playing like they intended them to. > >(Although I didn't know that they "proxy" our outgoing SMTP connects. >Is this "usual"? Never seen it before. I can only see it in the headers.) No it isn´t, *good* ISPs deliver what you intend them to deliver: IP. While it´s considerably easy to get the access concentrators to do all kind of funky stuff (on-the-fly configurable stateful firewalls, really *weird* QoS, NAT, port redirection, non-[guess,script]able portals, the feature lists are _long_, see http://www.nortelnetworks.com/products/03/products/5000.html for an example) I would only accept a service where I have to explicitly state what features (and with them: problems) I want to have. It´s cleaner to do your billing based on bandwidth consumption or data volume, but geez, that´s not good for marketing :/ just my 0.02 $, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: sendmail reports I/O problem
On Mon, 04 Sep 2000 22:03:15 +0200, Sven Burgener writes: >But, it's none of their fsck'ing business what I do behind my little >468/25 box. :-P That´s correct. >I mean, I pay for their service, regardless of how intensively I use it. Let me guess: "unlimited (fair use)" or friends somewhere in the contract? That´s a marketing gag, nothing else. Most, if not all, ISPs have a *very* clear idea what "fair use" is in GB/month...real flat rates are *expensive*, at least here in europe. &rw stddisclaimer: opinions expressed are my own, not necessarily my employers... -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
OT: flat rates (Re: sendmail reports I/O problem)
On Tue, 05 Sep 2000 08:01:53 +0200, "J.T. Wenting" writes: >> >I mean, I pay for their service, regardless of how intensively I use it. >> >> Let me guess: "unlimited (fair use)" or friends somewhere in the >> contract? That´s a marketing gag, nothing else. Most, if not all, ISPs >> have a *very* clear idea what "fair use" is in GB/month...real flat >> rates are *expensive*, at least here in europe. >> >yes, but unless the contract specifically states the maximum, they cannot >legally enforce it (at least not here). Common practice for such "bad boys" is to either have them "grade up" to a volume based business account or to simply terminate the contract (read the AUP and the clauses in the contract, there are phrases like "unusual usage" or "ISP may terminate with the end of every calendar month" in every consumer contract I ever read). Good ISPs at least define clearly what they mean with "fair use", though ususally not in on the front page or in the prospects. >And KPN earns quite a bit from all those bytes that are transmitted, you >know :) s/KPN/KPNQwest/ ;-) I know, but nevertheless I like clear statements, even if that means volume/bandwidth-based billing. cheers, &rw stdddisclaimer: not speaking for any organization, only for myself. -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
gdi (WinDos-only?) printer
Hi! I just bought a cheap laser-printer, according to the homepage HP PCL6-compatible, with it´s own (2 MB) RAM, but now the manual states: "this is a GDI printer; it cannot be used with UNIX, OS/2, DOS etc". I couldn´t find anything useful in the archives (and via altavista), so I hope anyone can shed a little light on this...and, hopefully, a way I can use this printer with linux/debian, as a last resort maybe via smbprint? TIA, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Port 118
according to www.snort.org ist some kind of "SQL Services". hth, &rw On Sat, 16 Sep 2000 12:05:36 +0200, Sven Burgener writes: >What's port 118 for? I can't find it in /etc/services though I have it >in my logs as a denied (outgoing) packet (destination port is 118). -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Exim and DomainZero
bash-2.03# host -t mx dlesage.com dlesage.com MX 10 dlesage.dyn.dhs.org bash-2.03# host dlesage.dyn.dhs.org dlesage.dyn.dhs.org A 24.201.62.169 bash-2.03# telnet 24.201.62.169 25 Trying 24.201.62.169... bash-2.03# ping 24.201.62.169 PING 24.201.62.169 (24.201.62.169): 56 data bytes 64 bytes from 24.201.62.169: icmp_seq=0 ttl=240 time=153.2 ms It seems your MTA (exim) is not listening on port 25 (smtp) as is required if you want to receive mail (assuming that 24.201.62.169 is the correct IP and your ISP isn´t filtering port 25 to you). IIRC you can run exim in daemon mode or from inetd. ´man 5 exim´ or /usr/doc/exim/ should get you started. hth, &rw >Do you have the right DNS entries somewhere for your domain. In other words wh >o is providing DNS for you? > >>I've recently signed up with DomainZero to register my own domain >>(dlesage.com). Since I've got a cable connection at home, I figured I'd >>try to set up exim to receive emails sent to (user)@dlesage.com. Outgoing >>messages work fine, but messages sent to (user)@dlesage.com never show up, >>but never bounce either. -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Exim and DomainZero
On Tue, 19 Sep 2000 16:15:15 EDT, Daniel Lesage writes: >I'm not too sure what the MX Pref entry is. You can (and, mostly, should) have multiple MX-records for your domain. The lower the preference the more the record is preferred, eg the record with the lowest preference should get all the mail unless it is, for whatever reason, unavailable at the moment. The others serve as backups. &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Spammer by incompetence, RBL may be an option
The RBL is for spammers, that is, UCE (Unsolicited Commercial Email), UBE (Unsolicited Bulk Email), also, fraud (mailbombing etc) is sometimes considered spam. It is *not* intended for misconfigured/-programmed mailers, nor a list of open relays (ORBS http://www.orbs.org/ is doing that). Read http://maps.vix.com/rbl/candidacy.html . So, the RBL is simply the wrong place for something like that. Also the RBL is used throughout the internet for *blackholing* all IP-connectivity from spammers. If you misconfigured your MTA (or simply chose a, say, "broken", one), what would you say if you were cut off from ~ 40 % of the internet, as would be the effect if you were RBLed? I sent a (friendly) message to the postmaster at my.netvigator.com already, informing them of the problem and pointing out directions to fix it. You may want to do the same. cheers, &rw >On 20-Sep-2000 Osamu Aoki wrote: >> I hate stupid MTA causing this problem. I like idea to kick out >> my.netvigator.com (looks like chinese free e-mail account. I can not >> read chinese) from internet mail system. >> >> I understand debian ML can not do that. It may be best to report this -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Question about updates
On Wed, 20 Sep 2000 13:03:10 EDT, Harry Henry Gebel writes: >I have sources.list set to the following: >#deb http://security.debian.org stable/updates main contrib non-free That´s why it´s called "security".debian.org ;-) I use the following, and I´m getting all the proposed security-fixes announced via debian-security: deb http://security.debian.org/ potato/updates main contrib non-free deb http://security.debian.org/debian-non-US/ potato/non-US main contrib non-free >Will I get security updates with `apt-cache update ; apt-cache upgrade` >using this configuration, or are the security updates kept in a different >place. I guess my question could also be phrased: what is the criterion for >an updated package being placed in stable, and if I want to keep up with >security updates and bug fixes do I have to track anything else that the >default locations? You may want to subscribe to debian-security; there´s a link on the website under "Mailing Lists" somewhere. hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Spammer by incompetence, RBL may be an option
On Wed, 20 Sep 2000 12:19:58 PDT, kmself@ix.netcom.com writes: >On Wed, Sep 20, 2000 at 04:21:42PM +0200, Robert Waldner ([EMAIL PROTECTED] >at) wrote: >> Also the RBL is used throughout the internet for *blackholing* all=20 >> IP-connectivity from spammers. If you misconfigured your MTA (or=20 >> simply chose a, say, "broken", one), what would you say if you were=20 >> cut off from ~ 40 % of the internet, as would be the effect if you=20 >> were RBLed? > >A few dozen idiots is tolerable. A few dozen thousands of idiots gets >to be a real problem. Again, the RBL is mostly used to block *all IP*-connectivity, so that´s like shooting with cannons on bugs, blocking SMTP-connectivity would be much cleaner imho. Allowing for the needed granularity, there should be a "BML" (Broken Mta List), which one could use or not to his liking...who volunteers? Also note that none of this options would solve our current problem, because my.netvigators bounces get delivered via the list, and I don´t want to block murphy.debian.org ;-) so whatever the method, it would have to be used there, not on our ends. &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Spammer by incompetence, RBL may be an option
On Wed, 20 Sep 2000 16:27:13 MDT, Bruce Sass writes: >On Wed, 20 Sep 2000, Oliver Elphick wrote: >> Ask our list admins to unsubscribe these incompetents. Since we are >> only seeing responses to list postings, that will eliminate the >> problem. > >done I don´t think you´ve got the right (or all) subscriber(s) ;-) Your done was sent at Wed 22:27, but I´ve received another bounce from them now, at Thu 05:24 (all UTC+-0). cheers, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: pptpdconfig.pl
(sorry, haven´t got the rest of the thread, and it´s not yet showing up in the archives, so forgive me if I´m stating the obvious, repeating something, not getting the point etc pp ;) >> On Wed, Sep 20, 2000 at 11:21:37PM -0500, will trillich wrote: >> > trying to get VPN going, still, this time with pptpd--and the >> > config script seems kaflooey-- >> > >> ># apt-get install pptpd You may want to try pptp (no -d, though), you can get it from ftp://ftp.kpnqwest.at/pub/adsl/linux/ . It´s only for outgoing connections, though, so YMMV. The two versions are for different types of some alcatel-adsl-modems, the "upstream" homepage is stated somewhere in the accompanying documentation. hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Spammer by incompetence, RBL may be an option
On Thu, 21 Sep 2000 14:46:46 CDT, will trillich writes: >On Wed, Sep 20, 2000 at 04:21:42PM +0200, Robert Waldner wrote: >> I sent a (friendly) message to the postmaster at my.netvigator.com >> already, informing them of the problem and pointing out directions to >> fix it. You may want to do the same. > >i did too. three weeks ago. and last week. > >as you can see, they're concerned about taking immediate action. > >not. They´re not sending their bounces via the list (now? don´t know, have deleted the mails). Fixed the problem for me via /etc/mail/access: 208.167.231.173599 Thou art not considered worthy. Go away. (using sendmail) &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
OT (Re: Message saying this lists's mailbox is full)
On Thu, 21 Sep 2000 21:13:53 -0800, Ethan Benson writes: >oh well, such is life for the rest of us when clowns get the root >password and are called sysadmins. from my (private) sigrot-file: -- From empirical experience, your Exchange admin -- needs to put down the crack pipe and open a window -- to disperse the fumes. -- -- Joe Thompson, ASR SCNR, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Message saying this lists's mailbox is full
On Sat, 23 Sep 2000 03:21:17 +0200, Oswald Buddenhagen writes: >the point is, that it should be bounced to the mailing list, not the >sender. the mailing list software then filters these messages, so they >don't annoy the posters. s/mailing list/envelope-from/, which every senseful mailing-list software sets to some bounce-address. just for clarification, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
receive own posts (Re: Message saying this lists's mailbox is full)
On Sat, 23 Sep 2000 12:24:23 +0400, Rino Mardo writes: >2. senders to this list should not receive their own emails. > >i don't know about the 2nd one for the rest but i do received my own emails >which is annoying. Actually I like getting my own posts via the lists, it´s my insurance that they went where I want them. But that´s to everyones liking, listar has the per-user ECHOPOST option therefore. &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: What's with at.debian.org?
On Sun, 24 Sep 2000 09:42:48 +0200, Christian Pernegger writes: >The whole at.debian.org domain seems to have vanished - I >tried a nslookup from various servers including murphy, it >is just not there anymore! > >Anyone know WTH is up? No idea, therefore I´ve cc´ed the SOA ([EMAIL PROTECTED]). Judging from the ser# (292305) there was a change in the zonefile yesterday. As ftp.at.debian.org is still in the list at http://www.debian.org/distrib/ftplist I don´t think it vanished on purpose... Master of Hosts, could you shed a little light on this? [waldner:~] host -t any ftp.at.debian.org samosa.debian.org ftp.at.debian.org does not exist at samosa.debian.org (Authoritative answer) [waldner:~] host -t any at.debian.org samosa.debian.org at.debian.org does not exist at samosa.debian.org (Authoritative answer) tia, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: VIRUS WARNING - apologies
Well, if you´re not connected with X-envelope-sender: [EMAIL PROTECTED] I wouldn´t think you´d be responsible ;-) cheers, &rw On Tue, 26 Sep 2000 20:02:06 -, Pollywog writes: >Oh wait, I am not sure that I was responsible for this virus warning message, >now that I have looked at my headers. Can anyone tell me if I was the one who >sent it? > >-- >Andrew > >On 26-Sep-2000 Pollywog wrote: >> I apologize for this error. I just switched from Exim to Postfix and this >> took my by surprise. I will modify my configs to prevent recurrence. -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: tape drive
On Thu, 28 Sep 2000 16:56:27 CDT, [EMAIL PROTECTED] writes: >I just installed an HP SCSI Tape drive on my Debian(2.2) server. How do >I found out what device it installed it as, and how do I mount it, so I can ta >r stuff onto it? You don´t _mount_ a tape drive. You _t_ape _ar_chive (hence tar) stuff to/from it. Try "tar cv /path/to/file >/dev/st0", then "tar xv | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: tape drive
On Thu, 28 Sep 2000 17:47:57 CDT, [EMAIL PROTECTED] writes: >OK the tar cv /path/to/file >/dev/st0 works, but >tar xv >Sep 28 17:39:57 babylon5 kernel: Additional sense indicates Data phase error >Sep 28 17:43:56 babylon5 kernel: sym53c875E-0: SCSI parity error detected: SCR >3 DBC=190026fc SBCL=ae > >is this a problem with the tape drive, the SCSI card, or is it user error? SCSI parity error looks like a SCSI problem for me. Maybe the cable? &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Good Book for setting up T-1?
On Sat, 30 Sep 2000 10:59:32 PDT, George Bonser writes: >On Sat, 30 Sep 2000, [EMAIL PROTECTED] wrote: > >> i think your best off contacting your local telco company and asking them >> what they reccomend as far as CSU/DSU, and as far as routers, depends on >> your needs, i usually use cisco 2500 series for t1s. > >The 1600's are several hundreds of dollars cheaper. A 1601 is about $500 >cheaper than a 2501. and a 1601 is perfectly enough for a single T1, you don´t need the extra power of a 25xx for running a single line. Just make sure you go for a 1601_R_, not for an old CH-model. just my 2 cents, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
flamewar ;-? (Re: firewall (fwd))
On Sun, 01 Oct 2000 14:40:02 PDT, George Bonser writes: > c. intimidated by the brain-dead idiots at ORBS Actually, I don´t think Alan[0] is braindead. He does a quite good job, he just hasn´t his scripts under control[1], sometimes... Always remember, you don´t _have_ to use ORBS, although it´s cutting spam about 60 % at my private server. &rw 0: Alan Brown, he more-or-less is ORBS 1: adding multi-level-relays to the list _without_ prior notification. 2: or above.net is once again blackholing half manawatu.co.nz´s netblock, and some *really braindead* parser thinks ((no answer)==(127.0.0.2)) -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Serial port tunnel...
I guess you want to tunnel layer 2, not the serial port itself ;-) l2tp is the protocol you´re looking for, l2tpd is the only implementation for *n?x I´m aware of http://www.marko.net/l2tp/>, although at the moment it seems to only support PPP as layer-2-protocol. hth, &rw On Thu, 05 Oct 2000 13:47:47 BST, Max Lock writes: > > Hi folks, > > I'm sure I saw some software that will tunnel a serial port over IP and >make it appear as a local device on a remote machine. Does anyone have >any ideas where it may be located. I've been through freshmeat and >there's software to forward to an IP socket, by not a device file. > > -Cheers Max. -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: Linux on Desktops -- Are there stats anywhere?
On Wed, 14 Jun 2000 03:56:51 +0200, Preben Randhol writes: >Arcady Genkin <[EMAIL PROTECTED]> wrote on 13/06/2000 (19:05) : >> My bank rolled out a new version of web banking, which has a bug in >> Java Script. I sent them a bug report, to which I got a polite reply >> which boils down to ``Tough luck. We don't test on Linux.'' I had a similar[0] situation here. The bank fixed it when I told them "I and 7 others I know use your web-banking on non-Window$-platforms, together we do ~200k per year. If you want to lose us, that´s fine." Took them 3 days to fix it ;-) What I mean is: find some others with the same problem. Together you´ll probably have better luck. hth, &rw 0: java, not -script -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
q ad removing /var/cache/apt/archives/*
Hi! Since bash-2.03# du -sk /var/cache/apt/archives 350958 /var/cache/apt/archives this takes up pretty much space, my question is: can I safely remove the contents of the archives-directory? I couldn´t find anything regarding this in the docs, but some pointer to the proper FM would do fine ;-) cheers, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: tracing route
On Sun, 18 Jun 2000 13:03:45 +0200, Mirek Kwasniak writes: >Also ping has option -R to some interesting route analysis but this don't >works now. Is it a problem with my router blocking this feature or doesn't >current kernel support it? I don´t know about the kernel, but in general: ping -Rv is expecially useful if - you want to trace asymmetric routes - there´s a firewall inbetween which filters traceroute´s udp-packets jfyi, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
majordomo gone?
Hi! It seems that the majordomo-package is no more on the mirrors, neither in the stable/unstable/frozen hierarchies...it gets listed if you do a search via www.debian.org, though. Any hints? cheers, &rw
mailing-list managers (Re: majordomo gone?)
Hi! I'd be grateful if some people on the list would share their opinions on other mailinglist-managers. I've only used majordomo until now and don't know anything about others. tia, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
kernel compile woes
Hi!
I'm trying to compile a fresh kernel 2.0.38 (for ide-scsi-support).
The problem with gcc29 and kernels 2.0.x I know, so I installed gcc272
and changed the top-level-Makefile accordingly. So far, so good.
but a 'make bzImage' bombs out with
gcc272 -D__KERNEL__ -I/usr/src/linux-2.0.38-clean/include -Wall
-Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strength-reduce -pipe -m386
-DCPU=386 -c -o eata_dma.o eata_dma.c
gcc272: Internal compiler error: program cpp got fatal signal 11
make[3]: *** [eata_dma.o] Error 1
make[3]: Leaving directory `/usr/src/linux-2.0.38-clean/drivers/scsi'
make[2]: *** [first_rule] Error 2
make[2]: Leaving directory `/usr/src/linux-2.0.38-clean/drivers/scsi'
make[1]: *** [sub_dirs] Error 2
make[1]: Leaving directory `/usr/src/linux-2.0.38-clean/drivers'
make: *** [linuxsubdirs] Error 2
with lots of warnings like
{standard input}: Assembler messages:
{standard input}:16101: Warning: using `%al' instead of `%eax' due to `b' suffix
{standard input}:16394: Warning: using `%al' instead of `%eax' due to `b' suffix
before.
I've tried with kernel-source-2.0.38_2.0.38-2.deb, *-3.deb and with a clean
source from ftp.kernel.org. gcc is 2.95.2-12, gcc272 is 2.7.2.3-15, the system
is an almost-potato, with only samba and the kernel not up-to-date (eg
upgrade'd, not dist-upgrade'd).
Any hints?
cheers,
&rw
Re: kernel compile woes
On Wed, 21 Jun 2000 16:05:40 +0200, Thomas Guettler writes: >Kernel compiling is like a memory-tester. >The memory might work in normal circumstances, >but compiling a kernel fails. I don't really know if the RAM is on fault, since I can't afford to take the box offline for testing at the moment, I simply compiled the kernel on another debian-box. Lucky me to have one... I'll test the RAM when I have spare hardware and will post any results. Thanks for the help (also to the ones who mailed me privately)! cheers, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: postfix help
On Thu, 22 Jun 2000 16:41:10 BST, "Moore, Paul" writes: >From: Eric Gillespie, Jr. [mailto:[EMAIL PROTECTED] >> >> There's no such animal. I mentioned DynDNS in my post, and i'm >> mentioning it again. It's a free service that will give you a >> valid domain name which can be updated everytime you're IP is >> reassigned. Works great for those of us stuck on dialup links. > >Do you mean DynDNS? It sure ain't free - according to their pricing page (at >www.dyndns.com) there's a $50 pa charge, plus the cost of registering a >domain name. Try www.dyndns.ORG ;-) hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: 2.1 or 2.2 help - correction
On Thu, 29 Jun 2000 01:09:59 -, [EMAIL PROTECTED] writes: > My question is: > Should I Install 2.1 and upgrade the packages waiting until 2.2 become >stable; or install potato and upgrade for the 2.2 stable version when it >be released? I´ve installed potato yesterday and have yet to run into a real problem (ok, I haven´t configured X yet ;-), but I´d suggest going right for potato if you´re installing from scratch. The new features would be worth some problems and the more people are helping to test the sooner it´ll get the "stable" release ;-) . just my 2 cents, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: How to get dependencies also ...
On Thu, 29 Jun 2000 13:01:41 PDT, Dinesh Nadarajah writes: >I want to install a software package but I don't want >to download each of it's dependencies and install them >one by one. For e.g. if I wanted to install fvwm2, >then is there a command like: > >apt-get -install fvwm2 > >which will download not only fvwm2 but also all of >it's dependencies and install them (after informing me >of those dependencies)? apt-get install fvwm2 (without the "-") hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: apache & php
the following did it for me: --- ka:/home/waldner# grep php /etc/mime.types application/x-httpd-php phtml pht php application/x-httpd-php3php3 application/x-httpd-php3-source phps application/x-httpd-php3-preprocessed php3p ka:/home/waldner# grep php /etc/apache/httpd.conf LoadModule php3_module /usr/lib/apache/1.3/libphp3.so AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .phps ka:/home/waldner# grep html /etc/mime.types text/html html htm shtml hth, &rw On Thu, 06 Jul 2000 16:26:25 EST, "Allan Andersen" writes: >Hi, > >I'm trying to install apache and php - all of it >seems to be installed correct and works ok. But >when I try to load the site it would like to download >the page instead of viewing it. Any ideas ? > >Best Regards >Allan
software watchdog
Hi! My home-debian-box starts to behave rather odd lately, now and then it will freeze completely. The only thing working is ICMP, I can´t even get a TCP connection open, the screen is frozen, neither mouse nor keyboard will generate any event. I´ve already tried changing all I have on spare (read RAM and graphics adapter). Since there´s not even a single syslog-entry, I don´t really know where to start debugging. Would it make sense if I installed the "software watchdog" into the kernel in this case, so that the machine would (eventually) reboot when it hangs? This would be great because I´ll be on a trip next week and my girl-friend needs the debian-box as gateway/ mailserver in the meantime... tia, &rw
Re: software watchdog
On Fri, 07 Jul 2000 19:33:25 EDT, paul writes: >> My home-debian-box starts to behave rather odd lately, now and then it >> will freeze completely. >> >Is there anything consistent about the behavior? How long between reboot >and freeze? Are there any error messages during startup? What >applications are running when the machine freezes? (my bet is netscape) >What Debian version are you running (Slink, Potato)? What kernel version >are you running? Have you tried telneting to the machine to see if it is >a console only problem? Is the behavior in ANY way predictable? More info >is necessary if anyone is to be able to help. The box is running slink, with all packages, except the kernel and samba, "apt-get upgrade"´d to potato. Uptime is between 30 min and 5 days, I´m running X w/ fvwm95, setiathome in the background and, when I´m home, netscrap _may_ run. The system is IDE with a SCSI-streamer and -CD-recorder on a ASUS P54C-mobo with 4x16 MB FP-RAM and a Matrox Mystique as gfx card. 3 PCI-ethernet-cards, one ISA, and a SB16. Problem is that I can´t find any similarities between the hangs, the box can run ok for a few days, burning CDs, ripping and encoding mp3s, looking for ETs ;-), and doing ~1k mails per day, and at 3 am (according to my ping stats from outside) it´ll freeze. Since the connection to the outside is via PPTP, which hangs too, I can´t reach it anymore, although it answers to ICMP from local networks. but I can´t even get a TCP connection open (it sends nothing back, not even a syn_ack). The box is running as-is now for about a year, but is ~3 years old, so I guess it´s simply getting old. Cheap hardware isn´t built for running a 24/7 server, I guess. It shouldn´t get too hot, since I already underclocked it from 66/2.5 to 60/2 and I´m having 2 extra fans, one cooling the PCI and ISA cards, one cooling RAM. Also it sometimes freezes when loaded, sometimes when idling (I´ve disabled setiathome for testing). But that´s not the real problem, I´ll simply get a new used PC (used P1´s are for sale at about $ 100) when I´m back from the trip, what I need for the time being is a solution where it would simply reboot when having trouble, and I _guess_ the software watchdog _may_ be what I´m looking for in this case. tia, &rw
Re: software watchdog
On Sat, 08 Jul 2000 12:32:32 +1200, "C. Falconer" writes: >1) Temperature... has a CPU fan, case fan, or PSU fan seized up and >died? no, all fans running fine (see <[EMAIL PROTECTED]>) >2) Have you changed anything recently? moved it, rebooted it, run a >new kernel? no, the hardware hasn´t changed in about 6 months. >3) Run top, procinfo, vmstat -1, pppstats -w 1, netstat, free, df, and >look for anything odd or wrong. all looking fine, as far as I can tell (which doesn´t mean much, since I´m a lowly network engineer ;-) and know criscos better than *n*x). >4) Take the GF with you on your trip - they make great company. ah, no, it´s definitely a men-only-vacation, eg more about beer & playing quake than sun-taning & sightseeing ;-) cheers, &rw
Re: Compaq Armada 1750
What type is the card? Slink or Potato? I succeeded installing potato on a Compaq Armada M700 with a Kingston Ether/modem-combo, so I may be of help with slightly more specific questions ;-) cheers, &rw On Fri, 07 Jul 2000 04:49:51 PDT, Paulo Henrique Baptista de Oliveira writes: > Hi all Debian users, > I have to install Debian at a Compaq Armada 1750. I cant get the networ >k >pcmcia card to work. Anyone can help on this? > Thanks, Paulo Henrique
Re: burner & sound
On Fri, 28 Jul 2000 18:05:07 CDT, "techlists" writes: >second, I installed an ide CD-Rom Burner. It's recognized by the >system, as /dev/hdc I can mount it, but xcdroast does not see it. >I read the how to, and attempted to install the ide-scsi emulator. I >see it start up on boot, but When I open xcdroast, it still does not >recognize the burner. How can I check to see what I did wrong, >and How do I fix it? I don't know if it matters, but I'm running >enlightenment as my window manager. "cdrecord -scanbus" should tell you if the emulation works. hth, &rw
Re: t-dsl
On Sun, 30 Jul 2000 22:04:45 -0300, Linux Newbie writes: > This may sound like a silly question, but what is the >use/purpose of PPP over Ethernet? Why is it better than setting up a >connection with ifconfig eth0? Afaik Deutsche Telekom uses PPPoE for authentication/billing purposes, so he may not have the choice... &rw
Re: 3c90x woes
On Mon, 31 Jul 2000 13:16:58 PDT, "Raphael Crawford-Marks" writes: >as86 -0 -a -o bootsect.o bootsect.s >make[1]: as86: Command not found you´ll need the bin86-package >I've never heard of as86...couldn't find any packages by that name either. finding packages by filename is easiest via http://www.debian.org/distrib/packages imho. hth, &rw
Re: [Q] ports 757 and 1024
On 01 Aug 2000 14:35:50 +0900, Olaf Meeuwissen writes: >Would anyone happen to know what the ports 757 and 1024 are used for >of the top of their heads? according to http://www.snort.org/ 1024 is "ODD Packet - NetSpy", dunno about the other. hth, &rw
