devil-linux-discuss Mailing List for Devil-Linux (Page 398)

Hi,

IPTraf is already on our ToDo list.
It will be included in the 0.6 release.

Heiko
=

How about iptraf

http://cebu.mozcom.com/riker/iptraf/


IPTraf is a console-based network statistics utility for Linux. It =
gathers a variety of figures such as TCP connection packet and byte =
counts, interface statistics and activity indicators, TCP/UDP traffic =
breakdowns, and LAN station packet and byte counts.=20


chiao,

Ian Perez

From the NESSUSD manpage:
>Because nessusd is a security scanner, it is dangerous to let everyone use it.
>This man page describes how to configure nessusd properly, so that it can not
>freely be used for evil purposes.

Gee -- I wonder how you do that, they are crackers after all ;)

My thought is to supply a tarfile of a version configured by one of the DL
users/developers and then allow users to merge it w/ DL when the User Build Kit
is completed.  The only reason I mention this is that DL may get a reputation
for being an instant cracker tool.  This would be terrible for our reputations.

On the User Build Kit, I started working on it, as well as trying to develop an
gerneralized knowledge of CD boot linuxes.  Unfortunately I am going to have to
spend time learning about Linux clusters and Blade servers in hopes of being
hired by a major Linux VAR -- wish me luck :)


--- Heiko Zuerker <hz...@pr...> wrote:
> 
> Hi,
> 
> what to others think about this?
> 
> Heiko
> 
> On 07/08/2002 07:05:31 PM "Marco Schierle" wrote:
> >Hi,
> >
> >It would be great to have a nessusd in your distribution.
> >
> >Thanx
> >marco
> >
> >
> >
> >-------------------------------------------------------
> >This sf.net email is sponsored by:ThinkGeek
> >Oh, it's good to be a geek.
> >http://thinkgeek.com/sf
> >_______________________________________________
> >Devil-linux-discuss mailing list
> >Dev...@li...
> >https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Stuff, things, and much much more.
> http://thinkgeek.com/sf
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss


=====
John van Vlaanderen

      #############################################
      #    CXN, Inc. Contact:  jo...@th...   #               #
      #      Proud Sponsor of The Linux Society   #
      #        http://www.thelinuxsociety.org     #                 
      #############################################

__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com

Hi,

what to others think about this?

Heiko

On 07/08/2002 07:05:31 PM "Marco Schierle" wrote:
>Hi,
>
>It would be great to have a nessusd in your distribution.
>
>Thanx
>marco
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Oh, it's good to be a geek.
>http://thinkgeek.com/sf
>_______________________________________________
>Devil-linux-discuss mailing list
>Dev...@li...
>https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss



=

Hi,

It would be great to have a nessusd in your distribution.

Thanx
marco

how about including an identd that has masquerade/nat support? (so request can be forwarded to the machine using the service?

maybe oident do the work (small, fast, nat/masq support, lot of options, well tested)

-- 
-- Use of a keyboard or mouse may be linked to serious injuries or disorders.  
Diego Torres - dt...@co... - Madrid / España

Hey,

I don't have much time, so here a short answer:

you have to create the dnscache infos under the directory /service.
Also you don't need to configure the start of svscan in the
/etc/init.d/rc?.d directories.
At the end of the file /etc/inittab is a commented line for the  start =
of
the daemon tools.

Heiko
=

Hi, I like route2, though I didnt at first.

Could you please document some of the more its more useful functions,
informally.

This would help because I want to start looking updating the present
/etc/syscongif/network/script

It will be useful to me to get the routing procedures into rote memory !!**

Also, a dozen or so examples would be fantastic fodder for my Linux Society
meetings.

Thanks, John

**( neurally routed in cranial terms ;).  I happen to be getting over acute
post traumatic stress disorder from the WTC attack, I worked there on the day
of the crisis, so the connections between neurons and the adrenal gland are a
big thing on my mind.

--- Chad Martin <ch...@th...> wrote:
> Heiko Zuerker wrote:
> > Chad Martin wrote:
> > 
> > | Problem:  When loading the firewall during the DL bootup, DL gives the
> > | following error:  ip: command not found (or whatever).  I don't know
> > | enough about shell scripts to determine whether the script would exit at
> > | that error or not.
> > 
> > You need to install the package "IPROUTE2".
> 
> Yup.  This solved the problem.
> 
> Chad Martin
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss

=====
John van Vlaanderen

      #############################################
      #    CXN, Inc. Contact:  jo...@th...   #               #
      #      Proud Sponsor of The Linux Society   #
      #        http://www.thelinuxsociety.org     #                 
      #############################################

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Heiko Zuerker wrote:
> You have 2 options:
> 
> 1) Use masquerading (I think you will anyway) and setup the computers in
> your LAN to use the ISPs DNS Servers (not really good)

Well, this works.  Why is it not really good?

> 2) Setup a DNS Cache. You can either use the DNSCACHE package from D.J.
> Bernstein (doku: http://cr.yp.to ) or you use BIND. Both programs are
> available on DL.

I gave this a shot.  Here's what I found out.  Please let me know if I 
should take this to a different forum, or ask Mr. Bernstein himself 
about these issues.

First, I configured DL to install DAEMONTOOLS and DJBDNS on boot, since 
the documentation for dnscache claims that it requires/wants svscan to 
run it.  That all worked out great.

I ran:
dnscache-conf root root /etc/dnscachex 192.168.0.1
to set up the cache.  This means that root will run dnscache, and that 
root will own the logs.  Also, 192.168.0.1 is the DL server's LAN side 
address.  Since I didn't want to go through the pain of adding new users 
to my DL installation just to run this service, I set both of the users 
to root.  This configuration script seemed to do what it should have.

I ran:
ln -s /etc/dnscachex /service
to "tell" svscan about the new dnscache service, and I ran:
touch /etc/dnscachex/root/ip/192.168.0
to tell dnscache to accept external cache requests from that network.

I verified that the above commands did what I thought they should.  Now 
all that should have remained was to start svscan, and make sure it 
would start on reboot, right?

When I start svscan by hand, it runs without error, AFAIK, however it 
doesn't start dnscache, according to the process list using "ps ax". 
Also, my local clients can't use my DL installation for a DNS server. 
The only clues the docs give is to make sure that supervise is in 
svscan's path.  Using which, I verified that supervise, dnscache, 
dnscache-conf and svscan were all in root's path, and root should be 
running all of this, right?

I also made an attempt to start svscan from the rc3.d directory.  First 
I tried symlinking S13svscan directly to /usr/sbin/svscan, but that 
didn't work.  I then tried to copy /etc/init.d/firewall to 
/etc/init.d/svscan and edit the body of the one if statement to run 
/usr/sbin/svscan, but that threw up a bunch of errors about files not 
found that should obviously be there.  What I wouldn't give for a simple 
rc.local file in DL.

If anybody could shed some light on all of this, I'd appreciate it.  I 
don't need to run a dnscache, but it would be a neat feature.

TIA,
Chad Martin

Heiko Zuerker wrote:
> Chad Martin wrote:
> 
> | Problem:  When loading the firewall during the DL bootup, DL gives the
> | following error:  ip: command not found (or whatever).  I don't know
> | enough about shell scripts to determine whether the script would exit at
> | that error or not.
> 
> You need to install the package "IPROUTE2".

Yup.  This solved the problem.

Chad Martin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

I'm out of town for the next 4 weeks. I'm not sure how often I can read
my emails, but I'll try to do it at least once a day.

Please try to help out eachother.

I also expect to release shortly after this time the version 0.5 and
Beta 1 of 0.6.

Heiko
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj0dwGUACgkQzRJAyNsjWPmnwQCeP14QWVTL9epPr67+Z4W8GpnV
kVcAoKkwSwQj/PB71EmSz4A2o4zc2vQB
=Iwvu
-----END PGP SIGNATURE-----

Andrew Davis wrote:
> I was wondering if anyone else had problems with the pc32net
> 
> drivers? I followed the setup documentation, but my new devil linux box 
> doesn't
> 
> seem to be able to locate the two netgear ethernet cards that I have 
> installed.

pc32net is just an example in the documentation, it's not a catchall 
driver.  Check the NetGear website to see what linux driver they use. 
My NetGear FA311 uses the natsemi driver.

Chad Martin

Ok, just a shot in the dark :)

tulip

You put it in the ifcfg-eth* file.

I generally boot my machine w/ a redhat disk, see what kudzu finds, look in the
modules file (on redhat) and then transfer the information.  Fool proof until
we implement hardware detection.

John



--- Andrew Davis <ad...@ik...> wrote:
> Hi all!
> 
> Newbie question:
> 
> I was wondering if anyone else had problems with the pc32net
> drivers? I followed the setup documentation, but my new devil linux box
> doesn't
> seem to be able to locate the two netgear ethernet cards that I have
> installed.
> 
> These cards work great under RH and BSD, but don't seem to be working
> for DL. PLEASE HELP!!!!
> 
> Thanks in advance,
> 
> Andrew
> 


=====
John van Vlaanderen

      #############################################
      #    CXN, Inc. Contact:  jo...@th...   #               #
      #      Proud Sponsor of The Linux Society   #
      #        http://www.thelinuxsociety.org     #                 
      #############################################

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Hi all!

Newbie question:

I was wondering if anyone else had problems with the pc32net
drivers? I followed the setup documentation, but my new devil linux box =
doesn't
seem to be able to locate the two netgear ethernet cards that I have =
installed.

These cards work great under RH and BSD, but don't seem to be working
for DL. PLEASE HELP!!!!

Thanks in advance,

Andrew

Thank you for sending an e-mail message to su...@ho.... However, this is not a monitored e-mail address.  

If you are already signed in to your Hotmail account, click "Help" in the upper right corner. This gives you access to our great self-help instructions as well as our automated answer system. If you cannot find your answer in either source, you can easily click a link in Help to contact our MSN Hotmail Customer Support Staff directly.

>>> To retrieve or change your password if you have a secret question

  - Go to:
     https://memberservices.passport.com/ppsecure/MSRV_ResetPW.asp

If you need technical assistance, but cannot gain access to your account, go to the MSN Hotmail sign-in page and click the "Contact Us" link under "All About Hotmail" on the left.

Please note that you will not receive a reply if you respond directly to this message.

On Thu, 27 Jun 2002 02:51:48 +0200
"Emmanuel ESCARABAJAL" <ee...@fr...> wrote:
> Is the Devil-linux version of openssh compiled with these options in 
> 0.5b6 ? and in 0.5rc1 ?

No.
We use none of this options, so you're on the safe side!

-- 

cu
   Heiko

We are Penguin, Resistance is futile!

http://www.devil-linux.org

Hello all,

I get this info from SuSE secutity mailing list :

ISS and the OpenSSH team just released advisories concerning the
OpenSSH vulnerability. These advisories state that the vulnerability
exists only if the package has been compiled with support for S/Key
or BSDAUTH authentication. Inspecting the patches included in the
OpenSSH advisory however show that there is a second vulnerability that
can be exploited when interactive keyboard mode is enabled (via the
PAMAuthenticationViaKbdInt option in sshd_config).


Is the Devil-linux version of openssh compiled with these options in 
0.5b6 ? and in 0.5rc1 ?

Thank you for this great work, i Love DL !

MaNU

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's added to the feature requests.

Heiko
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj0aGgkACgkQzRJAyNsjWPmiAQCguK75K4eSFDdFkzExc7jDySWm
egMAoM4lPcHpi26H6Jp7KN8l0Sli1WYN
=+3nx
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I didn't find the tool under Freshmeat, do you have a website for it?

Heiko
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj0aDlUACgkQzRJAyNsjWPkvawCeOzPKnOMMtynGn1OTvrPEHRkE
dRwAoIcc0EON/E9CPRF0B4MPQkOWB5ep
=ZVud
-----END PGP SIGNATURE-----

Hi Devil-Linux dev(i)lopers!

What about including sar in the next release of Devil-Linux?

Many admins use sar and mrtg in combination to monitor the CPU-usage. =20
This is not only for resource planning, but it's also easy to see=20
irregular usage of a host.  Thus this kind of monitoring is crusial for =
a=20
firewall host like Devil-Linux.


--=20
Bj=F8rn Rasmussen                         Tel:     +47 38 04 09 55, +47 =
911=20
27367
Bj=F8rn Rasmussen Nettverkstjenester	   E-mail:   bj...@se...
Moneheia 47,
Kristiansand,  4656                     Org.nr.  981 646 770

RHCE:  http://www.redhat.com/rhce/rhce807001641802868.html
MCSE, MCP, MCP+I:  NT 4.0

--- mo...@se... wrote:
> Date: Tue, 25 Jun 2002 17:39:10 -0600 (MDT)
> From: mo...@se...
> To: sec...@se...
> Subject: Moderator Apologies and Special Note for OpenSSH users
> 

FYI, From OpenSSH list:

> Hello all Secure Shell subscribers.
> 
> For anyone who hasn't heard or seen the OpenSSH web site, there is a
> serious vulnerability in OpenSSH. The following is a quote
> from http://www.openssh.com
> 
> "OpenSSH 3.3 released June 21, 2002.
> Contains support for SSH1 and SSH2 protocols.
> 
> A yet undisclosed vulnerability exists in OpenSSH. You are strongly
> encouraged to upgrade immediately to OpenSSH 3.3 with the
> UsePrivilegeSeparation option enabled. Privilege Separation blocks this
> problem. Keep an eye out for the upcoming OpenSSH 3.4 release on Monday
> that fixes the vulnerability itself."
> 
> 


=====
John van Vlaanderen

      #############################################
      #    CXN, Inc. Contact:  jo...@th...   #               #
      #      Proud Sponsor of The Linux Society   #
      #        http://www.thelinuxsociety.org     #                 
      #############################################

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bret,

please send this kind of requests to the Mailinglists.

The most common problem is, that you have to setup masquerading, so the
internal computers can access the internet.
Another problem is probably the routing table (only when you use
official addresses behind the firewall). In this case you have to add
the routing commands at the end of the firewall rules
(/etc/init.d/firewall.rules).

Heiko

bre...@at... wrote:
| Hello,
|
| I downloaded and installed devil-linux for the first
| time and I was very impressed.  It was extremely easy to
| set up, and is packed with features that are easily
| configurable.  I am having just one issue though.  I
| apologize for asking you for tech support, I read the
| documentation several times and checked the mailing list
| archives but did not find a solution.
|
| Basically, I have devil-linux up and running on a
| system.  This system can see the internet and my
| internal network.  But it is not performing basic
| routing of my internal computers to the internet.  I can
| go in and modify the rc.firewall file and manually add
| routing rules, but from the doc's it seems it would have
| done this.
|
| Thank you for your time,
|
| Bret
|


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj0ZwiEACgkQzRJAyNsjWPklRwCgmjWvnY+6FAmxT7S7OYHXtaUD
P9oAniUi/qeJhyDWzqsjwGuUPG6YboGd
=hGzI
-----END PGP SIGNATURE-----

Of course, as simple as that!!  Thanks Heiko!!  :-)


>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 26.06.02, 02:37:05, Heiko Zuerker <he...@zu...> wrote regarding=
=20
Re: [Devil-Linux-discuss] Homedirectories:


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> Bj=F8rn Rasmussen wrote:
> | Perhaps the floppy can be used for this home-directory and then made=

> | write-protected?

> It's easy!
> You have to modify the file /sbin/save-config to include /home, that's=
=20
all.
> The best is to place the modified file into the /etc folder (suggestio=
n:
> /etc/scripts/save-config).

> Heiko
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6-2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

> iEYEARECAAYFAj0ZDLEACgkQzRJAyNsjWPnOSwCfUnbD2ipgK1N03tL5Ywtg42jz
> eE8AoMGxnjV/d6ZAA/6HvR3ySM97bcOd
> =3D7kOz
> -----END PGP SIGNATURE-----

Thanks, great!!  :-)


>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 26.06.02, 02:47:08, Heiko Zuerker <he...@zu...> wrote regarding=
=20
Re: [Devil-Linux-discuss] Quickly checking packages versionnumbers:


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> Bj=F8rn Rasmussen wrote:
> | Is there a way to quickly check versionnumbers of software included =
on
> | the Devil-Linux CD-ROM?

> Currently not, I document this request and I will include it in the ne=
xt
> release.

> |
> | I see the "/cdrom/packages/packages.lst" contains some numbers, but =

they
> | don't seem like versionnumbers.

> That file contains only the size of the packages.

> Heiko
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6-2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

> iEYEARECAAYFAj0ZDwwACgkQzRJAyNsjWPkAAACghY2m7Cb+vGXpCtkFFtTSUxI3
> XgUAoNmaQ5GskCW+rzriquwBQt1WFSBv
> =3DCKPS
> -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bjørn Rasmussen wrote:
| Is there a way to quickly check versionnumbers of software included on
| the Devil-Linux CD-ROM?

Currently not, I document this request and I will include it in the next
release.

|
| I see the "/cdrom/packages/packages.lst" contains some numbers, but they
| don't seem like versionnumbers.

That file contains only the size of the packages.

Heiko
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj0ZDwwACgkQzRJAyNsjWPkAAACghY2m7Cb+vGXpCtkFFtTSUxI3
XgUAoNmaQ5GskCW+rzriquwBQt1WFSBv
=CKPS
-----END PGP SIGNATURE-----