RE: Error on upgrade from 7.3 to 8.0 error: "/etc/X11/prefdm: lin e 1: GNOME: command not found"
> -Original Message- > From: Lucas Albers [mailto:admin@;cs.montana.edu] > Sent: Monday, October 28, 2002 3:39 PM > To: [EMAIL PROTECTED] > Subject: Error on upgrade from 7.3 to 8.0 error: > "/etc/X11/prefdm: line > 1: GNOME: command not found" > > > After upgrading a system from 7.3 to 8.0 I get the following > error when > I do a ctrl-alt-F1 login > "/etc/X11/prefdm: line 1: GNOME: command not found" > > The first line of this file is $!/bin/sh which is a softlink to bash. > In Redhat 7.3 this is also a softlink from /bin/sh to bash I always use #!/bin/sh, which works for me, not $!/bin/sh and am not sure what that does. JMF
RE: Mmm.. Is someone trying to hack me?
> -Original Message- > From: Joshua Melbourne White [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 7:02 AM > To: [EMAIL PROTECTED] > Subject: Re: Mmm.. Is someone trying to hack me? > > > Thanks for the input. I tried doing what you said with > iptables, but it > doesnt recognize it as a command. Any suggestions? I would just ignore it. I believe it is the Nimda virus that started about a year ago. Someone has a compromised Win IIS server, which is trying to spread the worm. I still get these to this day, but not near the volume. The fortunate thing is that it only affects IIS and not Apache as is evidenced by the failure below. > > > 199.203.11.241 - - [26/Nov/2002:01:43:58 -0500] "GET > > > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" > 404 346 "-" "-" > > > > > > Doesn't look too good to me. Can someone explain what > this person was > > > trying to do? Whatever he did, it gave the following error: > > > > > > [Tue Nov 26 01:43:58 2002] [error] [client > 199.203.11.241] File does not > > > exist: /var/www/html/scripts > > > > > > Thanks for any help. JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: (no subject)
> -Original Message- > From: Eugene Piskunov [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 04, 2002 5:22 PM > To: [EMAIL PROTECTED] > Subject: (no subject) > > > Hello all! > > Strange problem with my RH8.0 and resolve hosts > from /etc/hosts. (computer not connected to network but it have > eth0ð1) > Firts RH resolve host from bind, and after from /etc/hosts > resolving host after timeout (10 sec). > named.conf is: order hosts, bind. > How make resolve from /etc/hosts first? > Edit /etc/nsswitch.conf. hosts line should say: hosts: files dns If it is not there, add it. JMF James Francis TechRx Inc. 530 Lindbergh Dr. Coraopolis, Pa. 15108 Phone: (412) 474-1078 Fax: (412) 474-1074 -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Re[2]: (no subject)
> -Original Message- > From: Eugene Piskunov [mailto:[EMAIL PROTECTED]] > Sent: Sunday, December 08, 2002 4:55 PM > To: James Francis > Subject: Re[2]: (no subject) > > > Hello James, > > Saturday, December 7, 2002, 4:08:52 AM, you wrote: > > >> > >> > >> Hello all! > >> > >> Strange problem with my RH8.0 and resolve hosts > >> from /etc/hosts. (computer not connected to network but it have > >> eth0ð1) > >> Firts RH resolve host from bind, and after from /etc/hosts > >> resolving host after timeout (10 sec). > >> named.conf is: order hosts, bind. > >> How make resolve from /etc/hosts first? > >> > JF> Edit /etc/nsswitch.conf. > JF> hosts line should say: > JF> hosts: files dns > JF> If it is not there, add it. > > My /etc/nsswitch.conf. > hosts line should say: > hosts: files dns > > But this not resolve my problem. Ok...try this. In /etc, check host.conf. This file should say: order hosts,bind The "order hosts,bind" line doesn't need to be in the named.conf file. host.conf is the resolver configuration file. Do a man on host.conf as there are a few options. Add a host to /etc/hosts and try pinging it and see if it reads the IP address in from /etc/hosts. If it does, you are good to go. After changing the host.conf, you may have to restart named, /etc/init.d/named restart Let me know how it goes... > > > > -- > Best regards, > Eugenemailto:[EMAIL PROTECTED] -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Re[4]: DNS Resolver Issues
> Tuesday, December 10, 2002, 2:49:55 AM, you wrote: > > >> >> > >> >> > >> >> Hello all! > >> >> > >> >> Strange problem with my RH8.0 and resolve hosts > >> >> from /etc/hosts. (computer not connected to network > but it have > >> >> eth0ð1) > >> >> Firts RH resolve host from bind, and after from /etc/hosts > >> >> resolving host after timeout (10 sec). > >> >> named.conf is: order hosts, bind. > >> >> How make resolve from /etc/hosts first? > >> >> > >> JF> Edit /etc/nsswitch.conf. > >> JF> hosts line should say: > >> JF> hosts: files dns > >> JF> If it is not there, add it. > >> > >> My /etc/nsswitch.conf. > >> hosts line should say: > >> hosts: files dns > >> > >> But this not resolve my problem. > JF> Ok...try this. > > JF> In /etc, check host.conf. This file should say: > JF> order hosts,bind > JF> The "order hosts,bind" line doesn't need to be in the > named.conf file. > JF> host.conf is the resolver configuration file. Do a man > on host.conf as > JF> there are a few options. > JF> Add a host to /etc/hosts and try pinging it and see if it > reads the IP > JF> address in from /etc/hosts. If it does, you are good to > go. After > JF> changing the host.conf, you may have to restart named, > JF> /etc/init.d/named restart > > JF> Let me know how it goes... > > Sorry, I make mistake in my first message. > The "order hosts,bind" in host.conf, of course. > But, If I pinging host from this file, all it Ok. > and if I telnet host timeout is arise. After timeout telnet connect to > host from /etc/hosts. It sounds like it is going to the host file first(ping works). When you telnet, what IP address does it bring up? It should say "Trying xx.xx.xx.xx..." This should be the IP address in your hosts file. Maybe someone else on the list can help as well. I am unable to duplicate the problem here. JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Hostname help
> -Original Message- > From: Ryan McDougall [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 12:35 PM > To: RedHat 8.0 Psyche > Subject: Hostname help > > > Hello everyone, > > I know that this is a pretty basic issue and I may be making > too much of it, > but I was wondering about setting my hostname, especially > with the hostname > command (I figure that sets whatever needs to be set, but if > not please let me > know if there is another CLI command/program to do it). Let > me give you some > background before I delve into my questions. I have 2 > computers behind a > Netgear MR314 router, the 2 pcs can talk to each other... I > can ssh into my > RH8.0 box but I cannot see my webpage, because it did not > start due to fully > qualified domain issues. My specific questions are about the > fully qualified > name, how to set it behind this firewall and which files need > to be edited? I > have dhcp so how do I but a line in the /etc/hosts file? Simply edit /etc/sysconfig/network file. Change the HOSTNAME= line to your FQDN. e.g. HOSTNAME=foobar.foo.com, foo.com is your domain and foobar is your hostname. Also, change your the hosts file to also reflect the FQDN. With DHCP, you will need to put the IP address in there that is dynamically assigned to you. Another alternative is to specify your ServerName in /etc/httpd/conf/httpd.conf, but I prefer changing your hostname via the network file. After the change, reboot, do a hostname, and you should see the FQDN you set it too. JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Hostname help
> -Original Message- > From: Michael Schwendt [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 12, 2002 3:11 PM > To: [EMAIL PROTECTED] > Subject: Re: Hostname help > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thu, 12 Dec 2002 11:01:43 -0800 (PST), Ryan McDougall wrote: > > > Thank you sosososososo much for replying... Like I said > before please > > excuse my stupidity on this one... But don't I need to own > the domain > > foo.com, or is it because I'm behind this router that it is > safe to do > > whatever I want? > > Depends. Avoid any valid top-level domain and any domain that > doesn't belong to you. It could cause confusion when such a hostname > from your private LAN makes it onto the Internet (for instance, > www.example.net and www.mydomain.com do exist, the domain .home.net, > too). Feel free to use something which does not exist or is unlikely > to be created, e.g. hostname.example, hostname.localdomain, > hostname.intranet. Michael is right. I made an assumption you had a domain already. hostname.localdomain would work. You could use anything you want for the hostname part in that example. Your ISP may also assign a hostname for you which you could use. AT&T assigned some goofy hostname (can't remember what it was) to me originally, which I was able to use as .attbi.com. JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Hostname help
> -Original Message- > From: John Nall [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 8:07 AM > To: [EMAIL PROTECTED] > Subject: Re: Hostname help > > > > - Original Message - > From: "Tomas Larsson" <[EMAIL PROTECTED]> > > > > Can you ping the Linux box from Win with IP. > > Make sure that you enter all hosts in LMHOSTS file in Win. > > A further query on this: There are two files, LMHOSTS.SAM > and HOSTS, which > appear to be similar. They are found in C:\i386 and also in > c:\windows\system32\drivers\etc on my system. Should the > hosts be entered 1. You only need to work in c:\windows\system32\drivers\etc 2. lmhosts.sam is not used. It is sample lmhosts file. If you want to use it, you must copy it to lmhosts. Unless you have lmhosts lookup enabled in your tcp/ip properties under windows, I wouldn't worry about it, because it is not used. 3. Edit c:\windows\system32\drivers\etc\hosts. Add lines at the end of the file after the # signs, such as thus: xxx.xxx.xxx.xxx hostname Substitute the xxx's with the ip-address and hostname with the hostname of your linux box, and you will be able to ping the hostname. JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Why Telnet? (Was RE: Connection refused - why?)
> -Original Message- > From: Shoemaker, Michael (STL) [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 11:15 AM > To: [EMAIL PROTECTED] > Subject: Why Telnet? (Was RE: Connection refused - why?) > > > Out of curiosity, why telnet? > > Its seems there is no gain using telnet over ssh. Why would > anyone expose the security risks associated with telnet, even > on an isolated network? I just see no reason to use it and > Id like to hear why other do. At work, we use lots of Unix machines: AIX, HP, Sun, etc., along with Linux. SSH is not always available or installed by default. Telnet is always available. CRT is our corporate standard for the telnet client (and we paid for it). ssh does add some network overhead via the encryption, and when you are paying for private frame, it adds up. All of our major clients use telnet in their private networks. A secure and segregated network using multiple firewalls, NAT, IDS, multiple VLANS, and only opening-up the ports we need is the primary means to protect the network. If someone hacks through all that, then it is already too late and the choice of telnet/ssh on the local backend net is already a moot point, IMHO JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: man pages have funny characters
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 31, 2002 8:07 AM > To: [EMAIL PROTECTED] > Subject: man pages have funny characters > PROBLEM > > Whenever i bring up a man page (see example below), there are > all these > funny characters in it. Do I need to re-install on the XFREE > packages to > solve this issue? The only dependency I saw for man was that > it needed > GROFF which is installed. Thanks for your help! You need to set you LANG environment variable to en_US. export LANG=en_US will do it. You can add this into your .bash_profile if you are running bash. You can also modify /etc/sysconfig/i18n and change the LANG line there to equal en_US. This file is sourced by /etc/profile and will set it system wide. This is due to some older software (I assume you are running a terminal emulator) not recognizing en_US.UTF-8. JMF -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: tripwire reports won't print with twprint...
[EMAIL PROTECTED] wrote: > I've set up and configured tripwire, successfully initialized the > database and now want to view the report file. Below is the excerpt > from the RH8 documentation... > > The /usr/sbin/twprint command is used to view encrypted Tripwire > reports and databases. > Viewing Tripwire Reports > The twprint -m r command will display the contents of a Tripwire > report in clear text. You > must, however, tell twprint which report file to display. > A twprint command for printing Tripwire reports looks similar to the > following: > > /usr/sbin/twprint -m r --twrfile /var/lib/tripwire/report/.twr > > The -m r option in the command directs twprint to decode a Tripwire > report. The --twrfile option directs twprint to use a specific > Tripwire report file. > > When I execute the above command line on the twr file, it returns an > error message saying the file is not encrypted and dumps me out to > the prompt. If I try to cat or view the file, it's all encrypted. > What am I doing wrong here? BTW, I can view the database file just > fine. Thanks! I don't think you are doing anything wrong. The command should work fine. It is saying "Note: Report is not encrypted." This is normal, but following that should be the contents of the report like: Note: Report is not encrypted Tripwire(R) 2.3.0 Integrity Check Report Report generated by: root Report created on:Thu 09 Jan 2003 04:04:17 AM EST Database last updated on: Wed 01 Jan 2003 11:54:57 PM EST ... Are you getting that? Or is just saying the Note and dumping you to a prompt? JMF James Francis TechRx Inc. 530 Lindbergh Dr. Coraopolis, Pa. 15108 Phone: (412) 474-1078 Fax: (412) 474-1074 -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: tripwire reports won't print with twprint...
[EMAIL PROTECTED] wrote: > James Francis <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 01/09/2003 03:47 PM > Please respond to psyche-list > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > cc: Subject:RE: tripwire reports won't print with > twprint... It just dumps me out to a prompt...no report follows... Interesting. What is the size of the files? Did you try running /usr/sbin/tripwire --check by hand, which should generate a report? That should dump some output on the screen and also put the same output in the twr file for your machine in /var/lib/tripwire. This would at least check your installation for you. JMF James Francis TechRx Inc. 530 Lindbergh Dr. Coraopolis, Pa. 15108 Phone: (412) 474-1078 Fax: (412) 474-1074 -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
RE: Tripwire
Mike Vanecek wrote: > -- Original Message --- > From: Michael Fratoni <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Sent: Tue, 14 Jan 2003 21:18:26 -0500 > Subject: Re: Tripwire > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On Tuesday 14 January 2003 05:10 pm, Mike Vanecek wrote: >>> After doing putting in emailto = root in a dozen places in >>> twpol.txt, running the twinstall.sh script, and doing a tripwire -m >>> c, not surprisingly I get a report of about 150 file exceptions. I >>> just hate the thought of going through and manually editing >>> (commenting out) those exceptions in the twpol.txt file and >>> updating. I have tried the >>> -I option, read the doco 4 times, and searched google and >>> tripwire.org for information. >>> >>> Does a simpler method of correcting the twpol.txt file exist than >>> just sitting down with the exception report and manually editing. >>> What a pain! >>> >>> Thanks, Mike. >> >> Not that I am aware of. The stock policy file included assumes that >> all packages from the distro are installed. >> >> My solution was to print the report and spend some time editing >> manually. > > I was worried you would say that. After installing a couple of > systems, editing out 170+ lines is a real pain. I tried the -I > interactive mode with hopes that would work, but nada. > > Regards, Mike. Go to your /var/lib/tripwire/report directory. Do a ls -lrt. The last file displayed is the latest tripwire report. Do a tripwire --update --twrfile where filename is the file from the listing. After a few seconds, the exceptions will be brought up in vim, where you can look through them or edit them. Do a :x when you are satisfied and you are done. Pretty easy. JMF James Francis TechRx Inc. 530 Lindbergh Dr. Coraopolis, Pa. 15108 Phone: (412) 474-1078 Fax: (412) 474-1074 -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list
