From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Mon, 5 Sep 94 08:15:41 EDT Subject: Linux-Admin Digest #24 Linux-Admin Digest #24, Volume #2 Mon, 5 Sep 94 08:15:41 EDT Contents: Re: [ALERT] Password problem with Linux (Randolf Smith) Re: [ALERT] Password problem with Linux (Swen Thuemmler) Re: NCR53c810 Problems!! (HIGGINS@DELBOX.ZER.DE) Why doesn't Shell execute from hosts.deny?? (Jimmy) inn or cnews for linux? (rbehm@mclane.in-berlin.de) please help me with e2fsck!!!!!! (holzleitner@indmath.uni-linz.ac.at) Re: periodic execution (Delemar) Re: Linux Inside T-Shirts, Now Printing! (Jean-Paul Chia) Re: Q: Logging outgoing INET services (Alan Cox) Re: limits (Alan Cox) Re: Remote Shell from linux to Solaris? (Alan Cox) Re: Adaptec 2742 bootdisk: kernel panic (Alan Cox) Re: Which is better: tar->gzip or gzip->tar? (Alan Cox) Re: Linux as a firewall? (Alan Cox) Re: Security problem (Alan Cox) Re: comercial databases that run under linux (Alan Cox) Re: limits (Rafal Maszkowski) Re: pppd works but... (Alan Tsang) ---------------------------------------------------------------------------- From: biffs@u.washington.edu (Randolf Smith) Subject: Re: [ALERT] Password problem with Linux Date: 4 Sep 1994 05:45:16 GMT In article , Alex Nicolaou wrote: >munster@MCS.COM (Jerry Ablan) writes: > >>However, by mistake, when su'ing, I only typed in squiggle and IT LET ME IN! >>I further tested another password of mine that ended in a number and I left >>off the number (i.e. Butthole7, only typed Butthole), and it again let me > >Sorry to dissapoint you - old, old fact: many systems limit password to 8 >characters; you'll notice all your passwords are too long, which is the >real problem - nothing to do with numbers or letters or anything like that. Which begs the question--why do we still use the old, old encryption? I mean, with a shadowed .passwd file only one routine checks passwords anyway, so why insist on an antique DES-based algorithm? It would be easy to hack in a more modern message digester like MD5. You could even have salts and standard size passwd files (by adding characters and forgetting most of the digest). I would guess this has already been done, as it's a pretty obvious idea, but at least it should be included with a shadow passwd package so people looking for higher password security don't have to shop around. Randy Smith (biffs@u.washington.edu or rsmith@ee.washington.edu) ------------------------------ From: swen@uni-paderborn.de (Swen Thuemmler) Subject: Re: [ALERT] Password problem with Linux Date: 5 Sep 1994 07:15:56 GMT biffs@u.washington.edu (Randolf Smith) writes: >Which begs the question--why do we still use the old, old encryption? >I mean, with a shadowed .passwd file only one routine checks passwords >anyway, so why insist on an antique DES-based algorithm? It would >be easy to hack in a more modern message digester like MD5. You could >even have salts and standard size passwd files (by adding characters >and forgetting most of the digest). >I would guess this has already been done, as it's a pretty obvious idea, >but at least it should be included with a shadow passwd package so people >looking for higher password security don't have to shop around. The reason is compatibility: if you share passwords over a network via NIS or by rdist'ing /etc/passwd, the encryption algorithms must be compatible. Inventing a new and better encryption scheme in a compatible way is perhaps easily possible - but to convince all the rest of the Unix world to change their systems to use the new scheme would be too difficult. --Swen -- -------------------------------------------------------------------- Swen Thümmler | Telefon : +49 5251 602656 University of Paderborn FB 17 | Telefax : +49 5251 603853 Warburger Str. 100 | email : swen@uni-paderborn.de D-33095 Paderborn | Raum : D3.310 Germany | ------------- pgp public key at pgp-public-keys@io.com ------------- ------------------------------ From: HIGGINS@DELBOX.ZER.DE Subject: Re: NCR53c810 Problems!! Date: Sat, 03 Sep 1994 08:24:00 +0200 jpchia@iinet.com.au meinte am 02.09.94 zum Thema "NCR53c810 Problems!!": > I have a PCI Pentium, and a SC-2000 PCI SCSI-2 card, and I've got it > working in DOS, but I can't get Linux to reconize it.. BTW, I'm using > kernel version 1.1.44 And I have the NCR53c7,8xx Driver.. Take a newer Kernel, this kernels have a bug in the PCI (BIOS32) Code. > > And I get this error: > > scsi -ncr53c7,8xx : at PCI bus 0, device 6, function 0 > scsi -ncr53c7,8xx : warning : revision of 0 is less than 1 > scsi -ncr53c7,8xx : NCR53c810 at memory 0x30000000, io 0x0000, irq 0 > scsi0 : IRQ0 not free, detaching > scsi : 0 hosts > > Please help! :) > - JP > > -- > Jean-Paul Chia TheWiz @ IRC > Drasnian Technologies, Perth, Western Australia > PH +61-9-447-6261 FAX +61-9-447-4098 > jean-paul@drasnia.it.com.au, jpchia@iinet.com.au Ciao Higgins -- You can escape the gates of hell, say DOG and WINDOG, USE LINUX :-) ! ## CrossPoint v3.0 ## ------------------------------ From: brut@io.org (Jimmy) Subject: Why doesn't Shell execute from hosts.deny?? Date: 5 Sep 1994 03:21:30 -0400 Reply-To: brut@io.org Following the example in the Linux Network Administrator's Guide, I cannot seem to get Linux to execute a shell command when a site is rejected from /etc/hosts.deny. I have the following in my hosts.deny: in.ftpd: ALL EXCEPT LOCAL : \ echo "request from %d@%h" >> /var/log/finger.log; \ if [ %h != "vlager.vbrew.com" ]; then \ finger -l @%h >> /var/log/finger.log \ fi as per the example in the NAG guide, and while I can get the system to reject the ftp from connecting, the shell doesn't seem to execute. I've tried a simpler shell command but to no avail. Can anyone point out what it is I am doing wrong?? ------------------------------ From: rbehm@mclane.in-berlin.de Crossposted-To: news.software.nntp Subject: inn or cnews for linux? Date: 5 Sep 1994 08:18:22 GMT Reply-To: rbehm@mclane.in-berlin.de Hi! I'm trying to install a news system on my linux (1.0) which should easily interact with ifmail (or at least any fido gateway software), uucp, nntp and slip. For several reasons (mainly the included nntp) I deleted the cnews system (which also was very slow on my computer) and installed the binary distribution of inn for linux. Everything seemed to work fine - no problems like these mentioned in the FAQs conce rning innd not starting etc. Everything started - with ps -jax innd is seen to run with -i0 -p4. I had no problems in connecting from an OS/2 computer with IBMs TCP/IP installed. Reading the news works, as well as locally with tin. But posting doesn't work, and in debugging with inews -h and looking at the syslog I got several error messages like 'ca n't connect to server' etc. Before going into detailed posting of my configuration and error messages: Can anybody tell me if I should continue with inn? I have no experience as a 'newsmaster' - cnews confused me with it's complex structure and the need for an external nntp package, and inn seemed to work fine first. cu - Reinhart -- Home of ORION VII ------------------------------ From: holzleitner@indmath.uni-linz.ac.at Crossposted-To: comp.os.linux.help Subject: please help me with e2fsck!!!!!! Date: 5 Sep 1994 08:26:52 GMT I'm using Linux on a 486DX66 Labtop and I ahve the following serious Problem which really did cost me weeks of work and I could not get read of it. You are now my last change to get Linux work resonably. If you cannot help me too, I'll junk this Linux-shit! My Problem is the following: Sometimes, when I start XFree86 it hangs and the only possibility that I have is to turn off my computer. Well this schould not be so bad, sometimes systems used to hang and for such cases there is the program "e2fsck" to repair the destroied filesystem after such a crash. So I run it with option "-a" and it reports some errors, fix it and tells me that I schould reboot the system. (It really repairs it because when I run "e2fsck" imediately afterwards with option "-f" it will not find errors any more.) During the reboot the system comes up with the message "filesystem clean, but when I run "e2fsck" after the reboot there are the same errors again there!!!! So it will destroy my filesystem peace by peace every time the system hangs because I cannot repair the errors permanently. My last system was so destroied that it refused "root"-login!!!!!!!! So I got the newest version of Linux over the net, reinstalled my system and now I have the same shit again. So I hope that I made a mistake and you can tell me which, otherwhise it's impossible to run such a shity operating system on my machine. If you have any idea please e-mail me: holzleitner@indmath.uni-linz.ac.at Thank you a lot in advance! Holzleitner Ludwig ------------------------------ From: delemar@galet.icp.grenet.fr (Delemar ) Subject: Re: periodic execution Date: 05 Sep 1994 09:49:05 GMT In article zonni@electro.cute.fi (John Norris) writes: >From: zonni@electro.cute.fi (John Norris) >Newsgroups: comp.os.linux.admin >Date: 04 Sep 1994 16:36:36 GMT >Organization: BatMUD > > > >>> I have a program that i want to execute every 5 minutes, if, and [...] >Maybe put it in CRON ? like this: > >0,5,10,15,20,25,30,35,40,45,50,55 * * * * /home/foo/.bin/nettest host [...] Or preferably */5 * * * * /home/foo/.bin/nettest host DELEMAR Olivier ****************************************************************** * DELEMAR Olivier | Room : 527 * * ICP/INPG | Phone : 76-57-48-27 * * 46 Av. Felix VIALLET | Fax. : 76-57-47-10 * * 38031 GRENOBLE Cedex - FRANCE | e-mail : delemar@icp.grenet.fr * ****************************************************************** ------------------------------ From: jean-paul@drasnia.it.com.au (Jean-Paul Chia) Crossposted-To: aus.computers.linux,alt.linux.sux,alt.os.linux,comp.os.linux.development,comp.os.linux.help,comp.os.linux.misc Subject: Re: Linux Inside T-Shirts, Now Printing! Date: 5 Sep 1994 17:24:22 +0800 Dave Rossow (daver@MCS.COM) wrote: : jhs@dfw.net (Justin Scott) writes: : >Any type of JPEGs, etc we can see of the shirts before we order? : >I would love to have the "Linux Inside" as will as the "GNU Generation" : >shirts, but only if I can see pics before purchase : >Justin : Likewise! : dave : daver@mcs.com Well.. The GNU Generation is just text, because the cost to print the pciture of it would be around $28 US. Unless you really like the picture, and you really really want the picture version, then mail me, and maybe I can print a few. Anyways, Here is the Linux Inside one, I can't seem to find the GNU one. :) I'll post it ASAP.. Thank you. - JP -- CUT HERE -- begin 644 linux.gif M1TE&.#=A20!``*$``/____\``````````"P`````20!````"_H2/JHW/!13MR1B MR1$(#!7`[N*TRB;2*:`[%6*'/2[XV]6B-+/M!@P/7]5"9G,4EU)7QKLCK9!' M5-91%W&&Y@67X\9C>`@8N>@0XCAFII=H$$?CQWCT)CF5Y_7`1CF6B9:HRKJI M1RIQRB!TEB;HJFD+V`FZ4+<[*A@LK,AK^CBX\PIKS,D:?-#:6_5[B2B-&SNM MXOOD&TT,?.]5\U<[(H8^T=^OJR,$"ZZCET>3\^?W+U+-T\B0H90C07Z)BH]WR7TF6T^+#4@XN9%HKLB+`B0(P+]DWZ M=](;NGM13.(K-HGBMXD!5]6#L&@C3'+H9I84N;!ET*%,OR@IJJZASX`YH5$% M>=0+2CH5]>%491#K.$!;M[+TYXZD+J:JT'$MV,#DTGLVQSV-NI-G7+EI;>+* MI3.A0YP#V[%%A3>OA&B%[555IE9K0#^?9);2UT3[JGD?(UUE_'[CZ^_/GK"P`` !.Z51 ` end -- Jean-Paul Chia TheWiz @ IRC Drasnian Technologies, Perth, Western Australia PH +61-9-447-6261 FAX +61-9-447-4098 jean-paul@drasnia.it.com.au, jpchia@iinet.com.au ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: Q: Logging outgoing INET services Date: Mon, 5 Sep 1994 09:44:58 GMT In article <33t23a$2q1@cs1.bradley.edu> mojo@cs1.bradley.edu (Tony Bailey) writes: >Tcpwrapper does a great job of logging inbound requests, but we are >looking to log what the users are telnetting to, ftping to, etc. I >understand that a printk() will do it, but we're having trouble >understanding the sock_connect format. Add the following line to net/inet/tcp.c (this only logs tcp but thats the main stuff .. udp is connectionless so hard to log). [Put it up at the top] printk("TCP connect attempt to %s port %d\n", in_ntoa(usin->sin_addr.s_addr)); Add any user id info/times as desired to that. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: limits Date: Mon, 5 Sep 1994 09:46:54 GMT In article <012902AFCCBQJXKCVAJP@cml.com> dsnider@cml.com writes: > >What is the limit of telnet login sessions to Linux? And can it >be increased? With enough tty/pty pairs about 64 and it ought to be easy enough to double but a bit harder to pass. I wouldn't want to pass 64 sessions on a 386/486 box without some thought anyway. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: Remote Shell from linux to Solaris? Date: Mon, 5 Sep 1994 09:48:00 GMT In article <33t80d$mn4@hermes.acs.ryerson.ca> jnaughto@ee.ryerson.ca (JASON NAUGHTON) writes: > Has anyone successfully xon'ed, rsh'ed, or rlogin'ed to a >solaris work station from a linux station? Every time I try I happen >to receive this lovely message: > >jnaughto@crystal: ~$ rsh tesla >No utmpx entry. You must exec "login" from the lowest level "shell". >rlogin: connection closed. Get someone to fix the Solaris machine 8) Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ Crossposted-To: comp.os.linux.help From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: Adaptec 2742 bootdisk: kernel panic Date: Mon, 5 Sep 1994 10:06:00 GMT In article <33vl8g$1kg@news.bu.edu> fstarr@buphy.bu.edu (Francis W. Starr) writes: >Kernel panic=aha274x_isr: brkadrint, error=0xff, seqaddr=0x100 > >In swapper task - not syncing > >Following this, the floppy keep spinning and the machine does >nothing. Can anyone provide a suggestion?? Thanks. Remember the 2742 driver is ALPHA, mail detailed reports of hardware, disk errors seen to the author and offer to test any new versions he/she may have. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: Which is better: tar->gzip or gzip->tar? Date: Mon, 5 Sep 1994 10:12:04 GMT I for one use tar and then gzip -9 to get smallest files, but gzip and then tar in two cases 1. When I want to pull odd files out without uncompressing 30Mb of data 2. For backups. If you lose a chunk of a gzipped file you can throw it away pretty much. If you lose a chunk of tar you can get the other files out still. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: Linux as a firewall? Date: Mon, 5 Sep 1994 10:19:51 GMT In article <345u1f$bb1@gap.cco.caltech.edu> aaronp@wrath.ugcs.caltech.edu (Aaron Passey) writes: > Does anyone out there have a Linux machine set up as a firewall? I am >currently trying to set up one at the company I'm working at. I have a Linux >machine set up with two net cards and I have gotten the kernel to recognise >both cards. I have set up the static routing so one card will only see our >gateway to the internet while the other will see our subnet. My question is: >how do you filter the packets so we only allow outgoing ftp's and telnet >sessions and allow mosaic and mail both ways? Is there software availible to >do this? Is this even possible? You are a little out of your depth I assume. Get the SOCKS package from sunsite, get the tis firewall package from ftp.tis.com and join the firewall mailing list mentioned in its documentation. Prepare to learn a lot - but yes it can be done. BTW allowing only outgoing telnet/ftp is pointless anyone can telnet to a freenet site or a public service and use that to access other services. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: Security problem Date: Mon, 5 Sep 1994 10:26:48 GMT In article <344prv$dpg@asterix.informatik.uni-kiel.de> aw@informatik.uni-kiel.d400.de (Andreas Wacknitz) writes: >Hello Linuxers! > >I have a security problem with the popd coming with slackware 2.0: >You don't need a password when sending mails. Passwords are only requested >when reading mails. I can't believe that this the normal behaviour of a popd! >Am I wrong? Yep. The internet is fundamentally insecure. Mail security is up to the end user systems and agree policy between systems. Roughly speaking never trust any kind of email. If you want trusted (and secure) email get PGP installed. Alan -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: iialan@iifeak.swan.ac.uk (Alan Cox) Subject: Re: comercial databases that run under linux Date: Mon, 5 Sep 1994 10:29:08 GMT In article automata@netcom.com (Tony Peterman) writes: >What comercial databases run under linux. I have heard that ORACLE 6 will. >I am most interested in INFORMIX, but other comercial systems that have an >SQL interface are of intrest. Look at ======= http://www.linux.org.uk/LxCommercial.html Updates gratefully appreciated. For example Rdb is available for Linux but I don't have any blurb. -- ..-----------,,----------------------------,,----------------------------,, // Alan Cox // iialan@www.linux.org.uk // GW4PTS@GB7SWN.#45.GBR.EU // ``----------'`----------------------------'`----------------------------'' ------------------------------ From: rzm@dain.oso.chalmers.se (Rafal Maszkowski) Subject: Re: limits Date: Mon, 5 Sep 1994 11:23:44 GMT Alan Cox (iialan@iifeak.swan.ac.uk) wrote: > In article <012902AFCCBQJXKCVAJP@cml.com> dsnider@cml.com writes: > >What is the limit of telnet login sessions to Linux? And can it > >be increased? > With enough tty/pty pairs about 64 and it ought to be easy enough to > double but a bit harder to pass. I wouldn't want to pass 64 sessions on > a 386/486 box without some thought anyway. I can imagine 32 sessions each ttysnoop-ed through additional pair (ttysnoop can't deallocate/reallocate tty/ptys, can it?). R. -- Rafal Maszkowski rzm@oso.chalmers.se http://www.mat.uni.torun.pl/~rzm Opinia publiczna powinna byc zaalarmowana swoim nieistnieniem - St. J. Lec ------------------------------ From: atsang@hk.net (Alan Tsang) Subject: Re: pppd works but... Date: 4 Sep 1994 11:42:52 GMT Thanks to Terry Dawson who advise I should upgrade the ifconfig and give me a pointer where I can get the newer version. [Quoted from his e-mail to me] It is simply an indication that your 'ifconfig' doesn't know what the PPP protocol type is. You could upgrade it to a newer version. You can get newer versions from: sunacm.swan.ac.uk net-tools-1.1.nn where nn is the latest prior to, or equalling your kernel version. [Unquoted] ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************