From micros50 at verizon.net Sun Apr 1 20:38:58 2007 From: micros50 at verizon.net (mylar) Date: Sun, 01 Apr 2007 16:38:58 -0400 Subject: UPS comments In-Reply-To: <1175274293.18701.63.camel@prophead.corp.publichost.com> References: <200703280002.l2S02oNf017361@backup03.netmagic.net> <1175043391.18701.38.camel@prophead.corp.publichost.com> <10570.198.60.114.90.1175060765.squirrel@webmail.ourldsfamily.com> <1175274293.18701.63.camel@prophead.corp.publichost.com> Message-ID: <1175459938.4065.7.camel@manhattan.ruffe.edu> On Fri, 2007-03-30 at 10:04 -0700, Rick Stevens wrote: > > I have a distrust of Belkin stuff...at least their network gear. It > wasn't too long ago that they put code in one of their routers that > would redirect your connections to an advertising web site every fifth > or sixth web connection. They finally fessed up that they had done it. > >From that time on, I've looked askance at Belkin. Huh ??? what ?? I had never heard of this .. was this a regular router that you purchase and own or a complementary router supplied by some broadband ISP ?? Reason I ask is because as a Verizon FIOS customer I have their complementary Actiontec router. It works fine and has a lot of cool features and it runs on Linux. But I did notice that the routers web (control panel) interface has the Verizon logo as well as several links to Verizon sponsored sites. Fortunately they don't seem to go so far as to redirecting query's to advertisers sites. Sorry for going off topic but I was shocked to hear that Belkin did such a thing. Very unprofessional and even a security risk. mylar From rstevens at internap.com Mon Apr 2 16:43:59 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 02 Apr 2007 09:43:59 -0700 Subject: FC6 and ndiswrapper In-Reply-To: <46720.192.168.1.1.1175370377.squirrel@sujan.hallikainen.org> References: <36565.192.168.1.1.1175228336.squirrel@sujan.hallikainen.org> <1175273949.18701.58.camel@prophead.corp.publichost.com> <46720.192.168.1.1.1175370377.squirrel@sujan.hallikainen.org> Message-ID: <1175532240.18701.107.camel@prophead.corp.publichost.com> On Sat, 2007-03-31 at 11:46 -0800, Harold Hallikainen wrote: > > On Thu, 2007-03-29 at 20:18 -0800, Harold Hallikainen wrote: > >> I did an upgrade on my hp laptop from fc5 to fc6 and my wlan stopped > >> working. Here's some stuff I've found: > >> > >> [root at hhlaptop sbin]# /usr/sbin/ndiswrapper -l > >> Installed drivers: > >> bcmwl5 driver installed, hardware present > >> > >> So, it looks like it's there > >> > >> [root at hhlaptop sbin]# /sbin/modprobe ndiswrapper > >> FATAL: Module ndiswrapper not found. > >> > >> But maybe it isn't. > >> > >> Check versions between os and ndiswrapper... > >> > >> [root at hhlaptop sbin]# cat /proc/version > >> Linux version 2.6.18-1.2798.fc6 > >> (brewbuilder at hs20-bc1-6.build.redhat.com) > >> (gcc version 4.1.1 20061011 (Red Hat 4.1.1-30)) #1 SMP Mon Oct 16 > >> 14:39:22 > >> EDT 2006 > >> > >> > >> > >> [root at hhlaptop sbin]# /sbin/modinfo ndiswrapper > >> modinfo: could not find module ndiswrapper > >> > >> Still can't find ndiswrapper... > >> > >> Ideas? > > > > Harold, > > > > ndiswrapper isn't part of the standard distribution and must be rebuilt > > for each new kernel that gets installed. You did a major upgrade (FC5 > > to FC6), so the kernel was updated. Also note that if you update the > > kernel via yum, you will also need to rebuild ndiswrapper. > > > > ndiswrapper actually is made of several parts. The bit in /usr/sbin > > is the bit that sets up the Windows driver to be used. It generally > > doesn't change and can be used over all kernel versions. The second > > bit, ndiswrapper.ko, is the actual kernel module and is kernel-specific. > > It lives in the "/lib/modules/`uname -r`/misc" directory. > > > > THANKS to all! I uninstalled ndiswrapper, then installed the latest, and > IT WORKS! Next trick is to finish the upgrade of my server from FC4 to > FC6. At a minimum, it changed httpd.conf so it brings up a default web > page instead of where my stuff really is. So, I'll start digging through > stuff to see what doesn't work and fix it. I guess upgrades cannot just be > load it and run... Rather depends on how your old Apache was set up. If you did a custom configure and modified the /etc/rc.d/init.d script to start your server, yes, things will be different. FC6 uses Apache 2.x, with the config files in /etc/httpd/conf and the content in /var/www/html, and the startup script reflects that. I'm not sure anaconda is as nice about creating "rpmsave" versions of config files as rpm and yum are. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Reality: A crutch for those who can't handle science fiction - ---------------------------------------------------------------------- From rstevens at internap.com Mon Apr 2 16:50:19 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 02 Apr 2007 09:50:19 -0700 Subject: UPS comments In-Reply-To: <1175459938.4065.7.camel@manhattan.ruffe.edu> References: <200703280002.l2S02oNf017361@backup03.netmagic.net> <1175043391.18701.38.camel@prophead.corp.publichost.com> <10570.198.60.114.90.1175060765.squirrel@webmail.ourldsfamily.com> <1175274293.18701.63.camel@prophead.corp.publichost.com> <1175459938.4065.7.camel@manhattan.ruffe.edu> Message-ID: <1175532619.18701.115.camel@prophead.corp.publichost.com> On Sun, 2007-04-01 at 16:38 -0400, mylar wrote: > On Fri, 2007-03-30 at 10:04 -0700, Rick Stevens wrote: > > > > > I have a distrust of Belkin stuff...at least their network gear. It > > wasn't too long ago that they put code in one of their routers that > > would redirect your connections to an advertising web site every fifth > > or sixth web connection. They finally fessed up that they had done it. > > >From that time on, I've looked askance at Belkin. > > Huh ??? what ?? I had never heard of this .. was this a regular router > that you purchase and own or a complementary router supplied by some > broadband ISP ?? Off-the-shelf broadband/DSL router/firewall (can't recall the model offhand). HUGE buzz about it about 2-3 years ago. > Reason I ask is because as a Verizon FIOS customer I have their > complementary Actiontec router. It works fine and has a lot of cool > features and it runs on Linux. But I did notice that the routers web > (control panel) interface has the Verizon logo as well as several links > to Verizon sponsored sites. Fortunately they don't seem to go so far as > to redirecting query's to advertisers sites. Well, Belkin got their knuckles rather severely rapped about it (both from rather pissed-off clients and the FCC), put up a new firmware release, and had to notify all users about it. > Sorry for going off topic but I was shocked to hear that Belkin did such > a thing. Very unprofessional and even a security risk. Yup. They lost me as a potential network customer over it. I will reluctantly buy cables and power strips, but nothing a NIC plugs into. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Always remember you're unique, just like everyone else. - ---------------------------------------------------------------------- From harold at hallikainen.com Mon Apr 2 18:09:00 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Mon, 2 Apr 2007 11:09:00 -0700 (PDT) Subject: FC6 and ndiswrapper In-Reply-To: <1175532240.18701.107.camel@prophead.corp.publichost.com> References: <36565.192.168.1.1.1175228336.squirrel@sujan.hallikainen.org> <1175273949.18701.58.camel@prophead.corp.publichost.com> <46720.192.168.1.1.1175370377.squirrel@sujan.hallikainen.org> <1175532240.18701.107.camel@prophead.corp.publichost.com> Message-ID: <1860.208.73.10.106.1175537340.squirrel@sujan.hallikainen.org> > On Sat, 2007-03-31 at 11:46 -0800, Harold Hallikainen wrote: >> > On Thu, 2007-03-29 at 20:18 -0800, Harold Hallikainen wrote: >> >> I did an upgrade on my hp laptop from fc5 to fc6 and my wlan stopped >> >> working. Here's some stuff I've found: >> >> >> >> [root at hhlaptop sbin]# /usr/sbin/ndiswrapper -l >> >> Installed drivers: >> >> bcmwl5 driver installed, hardware present >> >> >> >> So, it looks like it's there >> >> >> >> [root at hhlaptop sbin]# /sbin/modprobe ndiswrapper >> >> FATAL: Module ndiswrapper not found. >> >> >> >> But maybe it isn't. >> >> >> >> Check versions between os and ndiswrapper... >> >> >> >> [root at hhlaptop sbin]# cat /proc/version >> >> Linux version 2.6.18-1.2798.fc6 >> >> (brewbuilder at hs20-bc1-6.build.redhat.com) >> >> (gcc version 4.1.1 20061011 (Red Hat 4.1.1-30)) #1 SMP Mon Oct 16 >> >> 14:39:22 >> >> EDT 2006 >> >> >> >> >> >> >> >> [root at hhlaptop sbin]# /sbin/modinfo ndiswrapper >> >> modinfo: could not find module ndiswrapper >> >> >> >> Still can't find ndiswrapper... >> >> >> >> Ideas? >> > >> > Harold, >> > >> > ndiswrapper isn't part of the standard distribution and must be >> rebuilt >> > for each new kernel that gets installed. You did a major upgrade (FC5 >> > to FC6), so the kernel was updated. Also note that if you update the >> > kernel via yum, you will also need to rebuild ndiswrapper. >> > >> > ndiswrapper actually is made of several parts. The bit in /usr/sbin >> > is the bit that sets up the Windows driver to be used. It generally >> > doesn't change and can be used over all kernel versions. The second >> > bit, ndiswrapper.ko, is the actual kernel module and is >> kernel-specific. >> > It lives in the "/lib/modules/`uname -r`/misc" directory. >> > >> >> THANKS to all! I uninstalled ndiswrapper, then installed the latest, and >> IT WORKS! Next trick is to finish the upgrade of my server from FC4 to >> FC6. At a minimum, it changed httpd.conf so it brings up a default web >> page instead of where my stuff really is. So, I'll start digging through >> stuff to see what doesn't work and fix it. I guess upgrades cannot just >> be >> load it and run... > > Rather depends on how your old Apache was set up. If you did a custom > configure and modified the /etc/rc.d/init.d script to start your server, > yes, things will be different. FC6 uses Apache 2.x, with the config > files in /etc/httpd/conf and the content in /var/www/html, and the > startup script reflects that. I'm not sure anaconda is as nice about > creating "rpmsave" versions of config files as rpm and yum are. > Thanks for the comments! I modified /etc/httpd.conf to set up the "main page" in my home (/home/harold/public_html) and various virtual host sites in other user homes. I'll print out my old httpd.conf and compare it with the new. Thanks! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From bfriend at antioch.edu Mon Apr 2 20:25:09 2007 From: bfriend at antioch.edu (Bruce A. Friend) Date: Mon, 02 Apr 2007 16:25:09 -0400 Subject: Installation Hangs when installing RHEL 4 or 5 on IBM eserver xseries 300 Message-ID: Subject line pretty much says it all. The installer runs until it gets to agpgart: Detected VIA Apollo Pro 133 chipset and there it stops. Does this in both gui and text mode install. I know this is not a powerhouse server but all I really want it to do is act as a firewall for another system. Thanks, Bruce A. Friend Antioch University Network Manager bfriend at antioch.edu From rstevens at internap.com Mon Apr 2 20:55:20 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 02 Apr 2007 13:55:20 -0700 Subject: Installation Hangs when installing RHEL 4 or 5 on IBM eserver xseries 300 In-Reply-To: References: Message-ID: <1175547320.18701.138.camel@prophead.corp.publichost.com> On Mon, 2007-04-02 at 16:25 -0400, Bruce A. Friend wrote: > Subject line pretty much says it all. The installer runs until it gets to > agpgart: Detected VIA Apollo Pro 133 chipset and there it stops. Does > this in both gui and text mode install. > > I know this is not a powerhouse server but all I really want it to do is > act as a firewall for another system. Hmmm. I've installed Fedora and CentOS on X330s and X335s, but I've not tried RHEL 4 or 5. I'd suggest two possible efforts: Try this at the "Boot>" prompt of the installer: linux text noprobe and see if that gets you along. If it doesn't, try: linux text ide=nodma One or the other should work. Once the system is booted in the normal OS, you can try to configure X by running "system-config-display" as the root user from the command line. If the "ide=nodma" is the line that got you in and you're running off SCSI disks, you should be OK as you've disabled DMA on IDE devices only. If you're using IDE disks, you may want to try finding out which IDE device is causing the issue (probably the CD drive). Try entering this command as the root user: hdparm -d1 /dev/hda This re-enables DMA on your first hard drive. See if the system is still responsive. If it is, then edit your /boot/grub/grub.conf file and modify the "ide=nodma" bit on the various "kernel" lines to read "hdc=nodma" (which will disable DMA on the CD drive ONLY instead of all IDE drives). Examples: WAS: kernel /boot/vmlinuz-(vers) ro root=LABEL=/ rhgb quiet ide=nodma CHANGE TO: kernel /boot/vmlinuz-(vers) ro root=LABEL=/ rhgb quiet hdc=nodma Good luck! Keep us informed, OK? ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Jimmie crack corn and I don't care...what kind of lousy attitude - - is THAT to have, huh? -- Dennis Miller - ---------------------------------------------------------------------- From inode0 at gmail.com Tue Apr 3 17:46:16 2007 From: inode0 at gmail.com (inode0) Date: Tue, 3 Apr 2007 12:46:16 -0500 Subject: UPS comments In-Reply-To: <200703280002.l2S02oNf017361@backup03.netmagic.net> References: <200703280002.l2S02oNf017361@backup03.netmagic.net> Message-ID: On 3/27/07, Bret Stern wrote: > I am thinking of adding a UPS (APC Back-UPS Pro 650) to one > of my servers because i'm bored. > > Is the apcupsd daemon the common solution for monitoring the UPS, > or is there a canned rpm with Fedora 6 which will handle a simple > controlled shutdown? I just installed RHEL5 Server on a system with an APC Back-UPS RS 1500 and it can be queried and manipluated via hal without any additional UPS packages it seems. I'm not sure yet what all functionality is available though. John From tpotter at techmarin.com Tue Apr 3 20:56:09 2007 From: tpotter at techmarin.com (Ted Potter) Date: Tue, 3 Apr 2007 13:56:09 -0700 Subject: Off Topic help Message-ID: <5ce05200704031356o34acd6d8r34003662d5fda613@mail.gmail.com> Greetings, Hoping for some help on email. Below is the reponse we receive when sending mail from one account. My question is this is the error message (Access not allowed) generated by the mailserver at the xcedia.com domain or is it generated by the google mailserver ? My guess is xcedia.com mail server is generating this message. Thus we need to find out why the xcedia.com mail server is doing this. Any comments or insights would be appreciated. Thank you Ted Potter ERROR MESSAGE: From: Mail Delivery Subsystem Date: Mar 27, 2007 12:07 PM Subject: Delivery Status Notification (Failure) To: donbury at icrs.biz This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: sean at xcedia.com Technical details of permanent failure: PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 Access not allowed -- Ted Potter tpotter at techmarin.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikerault at yahoo.com Tue Apr 3 21:09:10 2007 From: mikerault at yahoo.com (Michael Ault) Date: Tue, 3 Apr 2007 14:09:10 -0700 (PDT) Subject: Off Topic help In-Reply-To: <5ce05200704031356o34acd6d8r34003662d5fda613@mail.gmail.com> Message-ID: <780329.96740.qm@web30802.mail.mud.yahoo.com> This is a worm that is currently proliferating around the net. Do a google search on the attachmenet name and it will take you to the page telling you how to remove it. Mike --- Ted Potter wrote: > Greetings, > > Hoping for some help on email. Below is the reponse > we receive when sending > mail from one > account. My question is this > > is the error message (Access not allowed) generated > by the mailserver at the > xcedia.com > domain or is it generated by the google mailserver ? > > My guess is xcedia.com mail server is generating > this message. Thus we need > to > find out why the xcedia.com mail server is doing > this. > > Any comments or insights would be appreciated. > > Thank you > > Ted Potter > > ERROR MESSAGE: > > From: Mail Delivery Subsystem > > Date: Mar 27, 2007 12:07 PM > Subject: Delivery Status Notification (Failure) > To: donbury at icrs.biz > > This is an automatically generated Delivery Status > Notification > > Delivery to the following recipient failed > permanently: > > sean at xcedia.com > > Technical details of permanent failure: > PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 > Access not > allowed > > > > > > > > > > -- > Ted Potter > tpotter at techmarin.com > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe Michael R. Ault Oracle Specialist Quest Software 770-754-9057 www.quest.com mikerault.blogspot.com From tpotter at techmarin.com Tue Apr 3 21:22:25 2007 From: tpotter at techmarin.com (Ted Potter) Date: Tue, 3 Apr 2007 14:22:25 -0700 Subject: Off Topic help In-Reply-To: <780329.96740.qm@web30802.mail.mud.yahoo.com> References: <5ce05200704031356o34acd6d8r34003662d5fda613@mail.gmail.com> <780329.96740.qm@web30802.mail.mud.yahoo.com> Message-ID: <5ce05200704031422w4edbaa92gaf154be01c7d6c32@mail.gmail.com> hmm, we are not receiving or send email with any attachments, at least that we know of. Can you provide a link to this for me ? Thanks, PS if it is a worm I would suspect it is a xcedia.com problem and not a google.com problem. Thanks again ! Ted On 4/3/07, Michael Ault wrote: > > This is a worm that is currently proliferating around > the net. Do a google search on the attachmenet name > and it will take you to the page telling you how to > remove it. > > Mike > --- Ted Potter wrote: > > > Greetings, > > > > Hoping for some help on email. Below is the reponse > > we receive when sending > > mail from one > > account. My question is this > > > > is the error message (Access not allowed) generated > > by the mailserver at the > > xcedia.com > > domain or is it generated by the google mailserver ? > > > > My guess is xcedia.com mail server is generating > > this message. Thus we need > > to > > find out why the xcedia.com mail server is doing > > this. > > > > Any comments or insights would be appreciated. > > > > Thank you > > > > Ted Potter > > > > ERROR MESSAGE: > > > > From: Mail Delivery Subsystem > > > > Date: Mar 27, 2007 12:07 PM > > Subject: Delivery Status Notification (Failure) > > To: donbury at icrs.biz > > > > This is an automatically generated Delivery Status > > Notification > > > > Delivery to the following recipient failed > > permanently: > > > > sean at xcedia.com > > > > Technical details of permanent failure: > > PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 > > Access not > > allowed > > > > > > > > > > > > > > > > > > > > -- > > Ted Potter > > tpotter at techmarin.com > > > _______________________________________________ > > Redhat-install-list mailing list > > Redhat-install-list at redhat.com > > > https://www.redhat.com/mailman/listinfo/redhat-install-list > > To Unsubscribe Go To ABOVE URL or send a message to: > > redhat-install-list-request at redhat.com > > Subject: unsubscribe > > > Michael R. Ault > Oracle Specialist > Quest Software > 770-754-9057 > www.quest.com > mikerault.blogspot.com > > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > -- Ted Potter tpotter at techmarin.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From karlp at ourldsfamily.com Wed Apr 4 04:45:41 2007 From: karlp at ourldsfamily.com (Karl Pearson) Date: Tue, 3 Apr 2007 22:45:41 -0600 (MDT) Subject: Belkin Fiasco: WAS: Re: UPS comments In-Reply-To: <1175273949.18701.58.camel@prophead.corp.publichost.com> References: <36565.192.168.1.1.1175228336.squirrel@sujan.hallikainen.org> <1175273949.18701.58.camel@prophead.corp.publichost.com> Message-ID: <26263.198.60.114.90.1175661941.squirrel@webmail.ourldsfamily.com> In case you might want to read a bit about it, with a link to the belkin announcement, here's a link at lwn.net: http://lwn.net/Articles/57847/ which links to Belkin, but here's that link as it appeared in 2003 on MarketWire.com: http://www.marketwire.com/mw/release_html_b1?release_id=59792 Their 'apology' was pretty lame and was less than, uh, honest. I quote: "...it has never been Belkin policy to intentionally spam its customers." Right. That would explain why they wrote that code in the router. I still like the Belkin UPS I have. Karl From zhong.huang at msn.com Fri Apr 6 08:53:52 2007 From: zhong.huang at msn.com (Huang Zhong) Date: Fri, 06 Apr 2007 16:53:52 +0800 Subject: Red Hat Enterprise Linux ES Version 4 connect exchange Message-ID: Hi, Red Hat Enterprise Linux ES Version 4 connect Windowns Exchange 2003 server ? How _________________________________________________________________ ?????????????? MSN Messenger: http://messenger.msn.com/cn From rstevens at internap.com Fri Apr 6 15:31:37 2007 From: rstevens at internap.com (Rick Stevens) Date: Fri, 06 Apr 2007 08:31:37 -0700 Subject: Red Hat Enterprise Linux ES Version 4 connect exchange In-Reply-To: References: Message-ID: <1175873498.21362.4.camel@prophead.corp.publichost.com> On Fri, 2007-04-06 at 16:53 +0800, Huang Zhong wrote: > Hi, > > Red Hat Enterprise Linux ES Version 4 connect Windowns Exchange 2003 server > ? > > How Install evolution, evolution-connector, evolution-webcal and evolution-data-server. Most desktop installs have these already done. I quote from the "rpm -qi" bit for evolution: Evolution is the GNOME mailer, calendar, contact manager and communications tool. The tools which make up Evolution will be tightly integrated with one another and act as a seamless personal information-management tool. And for evolution-connector: The connector enables added functionality to Evolution when used with a Microsoft Exchange Server. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Programmers often confuse Halloween and Christmas. - - After all, 31 Oct is the same as 25 Dec! - ---------------------------------------------------------------------- From harold at hallikainen.com Sat Apr 7 17:19:46 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Sat, 7 Apr 2007 10:19:46 -0700 (PDT) Subject: hacked? Message-ID: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> It looks like my system has been hacked! It looks like someone in Russia uploaded a php script, then wandered around my system, then deleted the script. Im running phpwiki, which allows for uploads. Apparently, it allows for php scripts to be uploaded. I kinda thought php didn't allow access outside the public_html director, but it looks like they've wandered through the system. Here are a few lines from the log... 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 209 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 119 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 119 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 200 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a HTTP/1.1" 200 2867 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic HTTP/1.1" 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 Looking through the logs, it appears that only stuff in the public_html directory was accessed. I'm still looking, though. I'm guessing I should really do a fresh install of the OS and everything. I'll look at security fixes for phpwiki, or maybe get rid of it. Any other ideas on securing the system? THANKS! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From linuxr at gmail.com Mon Apr 9 02:04:09 2007 From: linuxr at gmail.com (Marc ) Date: Sun, 8 Apr 2007 22:04:09 -0400 Subject: hacked? In-Reply-To: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> Message-ID: Are you running SELinux? I know that you can use that to harden the machine to the point of not allowing someone to even ls and see any files, or not cd to directories you don't want, etc. If your version of RH is fairly recent, you probably have that option already, if not you can likely install it anyway. Marc On 4/7/07, Harold Hallikainen wrote: > > It looks like my system has been hacked! It looks like someone in Russia > uploaded a php script, then wandered around my system, then deleted the > script. Im running phpwiki, which allows for uploads. Apparently, it > allows for php scripts to be uploaded. I kinda thought php didn't allow > access outside the public_html director, but it looks like they've > wandered through the system. Here are a few lines from the log... > > 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST > /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 > > 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET > /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 > > 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > > 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > > 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 209 > > 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 119 > > 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 119 > > 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 > > 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET > /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 > > 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 200 > > 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a > HTTP/1.1" 200 2867 > > 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET > > /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic > HTTP/1.1" > > 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 > > 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 > > > Looking through the logs, it appears that only stuff in the public_html > directory was accessed. I'm still looking, though. > > I'm guessing I should really do a fresh install of the OS and everything. > I'll look at security fixes for phpwiki, or maybe get rid of it. > > Any other ideas on securing the system? > > THANKS! > > Harold > > > -- > FCC Rules Updated Daily at http://www.hallikainen.com - Advertising > opportunities available! > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rstevens at internap.com Mon Apr 9 16:55:15 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 09 Apr 2007 09:55:15 -0700 Subject: hacked? In-Reply-To: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> Message-ID: <1176137715.29152.31.camel@prophead.corp.publichost.com> On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: > It looks like my system has been hacked! It looks like someone in Russia > uploaded a php script, then wandered around my system, then deleted the > script. Im running phpwiki, which allows for uploads. Apparently, it > allows for php scripts to be uploaded. I kinda thought php didn't allow > access outside the public_html director, but it looks like they've > wandered through the system. Here are a few lines from the log... > > 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST > /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 > > 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET > /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 > > 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > > 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > > 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 209 > > 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 119 > > 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 119 > > 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 > > 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET > /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 > > 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 200 > > 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a > HTTP/1.1" 200 2867 > > 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic > HTTP/1.1" > > 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 > > 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET > /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 > > > Looking through the logs, it appears that only stuff in the public_html > directory was accessed. I'm still looking, though. > > I'm guessing I should really do a fresh install of the OS and everything. > I'll look at security fixes for phpwiki, or maybe get rid of it. > > Any other ideas on securing the system? Yes. 1. Enable SElinux and put it in "enforcing" mode 2. Make sure Apache is set to run as "apache" (not root) 3. Make sure you have "safe_mode = on" in your /etc/php.ini script 4. Limit uploads to a specific directory and do NOT allow them to be executed unless you approve them (upload quarantine) 5. Set permissions on "significant" directories so they can't be read or traversed by apache. I also like to build Apache so all the stuff it needs can be put in a chroot jail, and chroot it. Not easy, but useful. > > THANKS! > > Harold > > ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Is that a buffer overflow or are you just happy to see me? - ---------------------------------------------------------------------- From harold at hallikainen.com Mon Apr 9 17:28:11 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Mon, 9 Apr 2007 10:28:11 -0700 (PDT) Subject: hacked? In-Reply-To: <1176137715.29152.31.camel@prophead.corp.publichost.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> Message-ID: <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> > On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: >> It looks like my system has been hacked! It looks like someone in Russia >> uploaded a php script, then wandered around my system, then deleted the >> script. Im running phpwiki, which allows for uploads. Apparently, it >> allows for php scripts to be uploaded. I kinda thought php didn't allow >> access outside the public_html director, but it looks like they've >> wandered through the system. Here are a few lines from the log... >> >> 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 >> >> 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET >> /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 209 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 119 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 >> 119 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET >> /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 >> 200 >> >> 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a >> HTTP/1.1" 200 2867 >> >> 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic >> HTTP/1.1" >> >> 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 >> >> 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET >> /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 >> >> >> Looking through the logs, it appears that only stuff in the public_html >> directory was accessed. I'm still looking, though. >> >> I'm guessing I should really do a fresh install of the OS and >> everything. >> I'll look at security fixes for phpwiki, or maybe get rid of it. >> >> Any other ideas on securing the system? > > Yes. > > 1. Enable SElinux and put it in "enforcing" mode > > 2. Make sure Apache is set to run as "apache" (not root) > > 3. Make sure you have "safe_mode = on" in your /etc/php.ini script > > 4. Limit uploads to a specific directory and do NOT allow them to be > executed unless you approve them (upload quarantine) > > 5. Set permissions on "significant" directories so they can't be read or > traversed by apache. > > I also like to build Apache so all the stuff it needs can be put in a > chroot jail, and chroot it. Not easy, but useful. > >> >> THANKS! >> >> Harold >> THANKS to those who have commented thus far. This all happened within about 20 minutes. The writer of the phpWiki upload plugin has supplied a fix, but, of course, I want to do more than depend on that! As user apache, it looks like the intruder was only able to look at stuff in my public_html, which is public anyway. I do see an ls of my home directory (the directory below the public_html), but since apache does not own that directory, I don't think anything could be read. When I originally installed FC4, I had trouble with SE Linux preventing stuff from working. I finally disabled it. I'm in the middle of moving the server to FC6 (cloned the hard drive, now trying to get it to work...). I'll definitely try harder on SE Linux! My httpd access_log shows they used Google to find my system with the broken wiki upload. Here's the log entry: 89.110.7.202 - - [07/Apr/2007:01:18:10 -0700] "GET /BroadcastHistory/index.php/PhpWikiDocumentation HTTP/1.1" 200 31993 "http: //www.google.com/search?q=UpLoadPlugin+site:org&hl=en&rls=GGLG,GGLG:2006-04,GGLG:en&start=20&sa=N" "Mozilla/4.0 (compatible; M SIE 6.0; Windows NT 5.1; DeluxeNetwork)" I'm sure it's buried in the documentation, but how do I tell Apache to not interpret anything in a particular directory, just pass it back to the user? This upload directory is full of pdfs contributed by users. In my 10 years or so of running my own linux server, this is the second intrusion I've found. One was using an ssl bug that had been fixed, but I had not installed. This one, apparently, I'm the first to discover. The writer of the wiki plugin fixed it within hours of my asking about it. THANKS! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From rstevens at internap.com Mon Apr 9 17:41:33 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 09 Apr 2007 10:41:33 -0700 Subject: hacked? In-Reply-To: <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> Message-ID: <1176140494.29152.48.camel@prophead.corp.publichost.com> On Mon, 2007-04-09 at 10:28 -0700, Harold Hallikainen wrote: > > On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: > >> It looks like my system has been hacked! It looks like someone in Russia > >> uploaded a php script, then wandered around my system, then deleted the > >> script. Im running phpwiki, which allows for uploads. Apparently, it > >> allows for php scripts to be uploaded. I kinda thought php didn't allow > >> access outside the public_html director, but it looks like they've > >> wandered through the system. Here are a few lines from the log... > >> > >> 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST > >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET > >> /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 209 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 119 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 > >> 119 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 > >> 200 > >> > >> 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a > >> HTTP/1.1" 200 2867 > >> > >> 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic > >> HTTP/1.1" > >> > >> 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 > >> > >> 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET > >> /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 > >> > >> > >> Looking through the logs, it appears that only stuff in the public_html > >> directory was accessed. I'm still looking, though. > >> > >> I'm guessing I should really do a fresh install of the OS and > >> everything. > >> I'll look at security fixes for phpwiki, or maybe get rid of it. > >> > >> Any other ideas on securing the system? > > > > Yes. > > > > 1. Enable SElinux and put it in "enforcing" mode > > > > 2. Make sure Apache is set to run as "apache" (not root) > > > > 3. Make sure you have "safe_mode = on" in your /etc/php.ini script > > > > 4. Limit uploads to a specific directory and do NOT allow them to be > > executed unless you approve them (upload quarantine) > > > > 5. Set permissions on "significant" directories so they can't be read or > > traversed by apache. > > > > I also like to build Apache so all the stuff it needs can be put in a > > chroot jail, and chroot it. Not easy, but useful. > > > >> > >> THANKS! > >> > >> Harold > >> > > > THANKS to those who have commented thus far. This all happened within > about 20 minutes. The writer of the phpWiki upload plugin has supplied a > fix, but, of course, I want to do more than depend on that! As user > apache, it looks like the intruder was only able to look at stuff in my > public_html, which is public anyway. I do see an ls of my home directory > (the directory below the public_html), but since apache does not own that > directory, I don't think anything could be read. When I originally > installed FC4, I had trouble with SE Linux preventing stuff from working. > I finally disabled it. I'm in the middle of moving the server to FC6 > (cloned the hard drive, now trying to get it to work...). I'll definitely > try harder on SE Linux! My httpd access_log shows they used Google to find > my system with the broken wiki upload. Here's the log entry: > > 89.110.7.202 - - [07/Apr/2007:01:18:10 -0700] "GET > /BroadcastHistory/index.php/PhpWikiDocumentation HTTP/1.1" 200 31993 > "http: > //www.google.com/search?q=UpLoadPlugin+site:org&hl=en&rls=GGLG,GGLG:2006-04,GGLG:en&start=20&sa=N" > "Mozilla/4.0 (compatible; M > SIE 6.0; Windows NT 5.1; DeluxeNetwork)" > > I'm sure it's buried in the documentation, but how do I tell Apache to not > interpret anything in a particular directory, just pass it back to the > user? This upload directory is full of pdfs contributed by users. You could add an "AddHandler send-as-is .pdf" to an .htaccess file in that directory which would cause Apache to send the PDFs as-is (with http headers added, of course). > In my 10 years or so of running my own linux server, this is the second > intrusion I've found. One was using an ssl bug that had been fixed, but I > had not installed. This one, apparently, I'm the first to discover. The > writer of the wiki plugin fixed it within hours of my asking about it. Good response by the developer and he/she should be commended for it. However, one should never rely on third parties to secure one's machines...but you know that. :-) ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - If this is the first day of the rest of my life... - - I'm in BIG trouble! - ---------------------------------------------------------------------- From harold at hallikainen.com Mon Apr 9 18:00:01 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Mon, 9 Apr 2007 11:00:01 -0700 (PDT) Subject: hacked? In-Reply-To: <1176140494.29152.48.camel@prophead.corp.publichost.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> <1176140494.29152.48.camel@prophead.corp.publichost.com> Message-ID: <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> > On Mon, 2007-04-09 at 10:28 -0700, Harold Hallikainen wrote: >> > On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: >> >> It looks like my system has been hacked! It looks like someone in >> Russia >> >> uploaded a php script, then wandered around my system, then deleted >> the >> >> script. Im running phpwiki, which allows for uploads. Apparently, it >> >> allows for php scripts to be uploaded. I kinda thought php didn't >> allow >> >> access outside the public_html director, but it looks like they've >> >> wandered through the system. Here are a few lines from the log... >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET >> >> /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 >> 209 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 >> 119 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 >> >> 119 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 >> >> 200 >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a >> >> HTTP/1.1" 200 2867 >> >> >> >> 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic >> >> HTTP/1.1" >> >> >> >> 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 >> >> >> >> 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 >> >> >> >> >> >> Looking through the logs, it appears that only stuff in the >> public_html >> >> directory was accessed. I'm still looking, though. >> >> >> >> I'm guessing I should really do a fresh install of the OS and >> >> everything. >> >> I'll look at security fixes for phpwiki, or maybe get rid of it. >> >> >> >> Any other ideas on securing the system? >> > >> > Yes. >> > >> > 1. Enable SElinux and put it in "enforcing" mode >> > >> > 2. Make sure Apache is set to run as "apache" (not root) >> > >> > 3. Make sure you have "safe_mode = on" in your /etc/php.ini script >> > >> > 4. Limit uploads to a specific directory and do NOT allow them to be >> > executed unless you approve them (upload quarantine) >> > >> > 5. Set permissions on "significant" directories so they can't be read >> or >> > traversed by apache. >> > >> > I also like to build Apache so all the stuff it needs can be put in a >> > chroot jail, and chroot it. Not easy, but useful. >> > >> >> >> >> THANKS! >> >> >> >> Harold >> >> >> >> >> THANKS to those who have commented thus far. This all happened within >> about 20 minutes. The writer of the phpWiki upload plugin has supplied a >> fix, but, of course, I want to do more than depend on that! As user >> apache, it looks like the intruder was only able to look at stuff in my >> public_html, which is public anyway. I do see an ls of my home directory >> (the directory below the public_html), but since apache does not own >> that >> directory, I don't think anything could be read. When I originally >> installed FC4, I had trouble with SE Linux preventing stuff from >> working. >> I finally disabled it. I'm in the middle of moving the server to FC6 >> (cloned the hard drive, now trying to get it to work...). I'll >> definitely >> try harder on SE Linux! My httpd access_log shows they used Google to >> find >> my system with the broken wiki upload. Here's the log entry: >> >> 89.110.7.202 - - [07/Apr/2007:01:18:10 -0700] "GET >> /BroadcastHistory/index.php/PhpWikiDocumentation HTTP/1.1" 200 31993 >> "http: >> //www.google.com/search?q=UpLoadPlugin+site:org&hl=en&rls=GGLG,GGLG:2006-04,GGLG:en&start=20&sa=N" >> "Mozilla/4.0 (compatible; M >> SIE 6.0; Windows NT 5.1; DeluxeNetwork)" >> >> I'm sure it's buried in the documentation, but how do I tell Apache to >> not >> interpret anything in a particular directory, just pass it back to the >> user? This upload directory is full of pdfs contributed by users. > > You could add an "AddHandler send-as-is .pdf" to an .htaccess file in > that directory which would cause Apache to send the PDFs as-is (with > http headers added, of course). > >> In my 10 years or so of running my own linux server, this is the second >> intrusion I've found. One was using an ssl bug that had been fixed, but >> I >> had not installed. This one, apparently, I'm the first to discover. The >> writer of the wiki plugin fixed it within hours of my asking about it. > > Good response by the developer and he/she should be commended for it. > However, one should never rely on third parties to secure one's > machines...but you know that. :-) > > ---------------------------------------------------------------------- > - Rick Stevens, Principal Engineer rstevens at internap.com - It seems like I always have to depend on someone to secure the machines to some extent, whther it's the OS writers, the ap writers, or whatever. But, I'll do my best (and, yes, I am learning!). In the .htaccess, it seems that send-as-is *.pdf would not get around this problem, since the hacker put in something called 100.php.3 . But, could I put in send-as-is * and just have EVERYTHING sent as is, nothing interpreted? THANKS! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From rstevens at internap.com Mon Apr 9 18:26:54 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 09 Apr 2007 11:26:54 -0700 Subject: hacked? In-Reply-To: <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> <1176140494.29152.48.camel@prophead.corp.publichost.com> <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> Message-ID: <1176143214.29152.55.camel@prophead.corp.publichost.com> On Mon, 2007-04-09 at 11:00 -0700, Harold Hallikainen wrote: > > On Mon, 2007-04-09 at 10:28 -0700, Harold Hallikainen wrote: > >> > On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: > >> >> It looks like my system has been hacked! It looks like someone in > >> Russia > >> >> uploaded a php script, then wandered around my system, then deleted > >> the > >> >> script. Im running phpwiki, which allows for uploads. Apparently, it > >> >> allows for php scripts to be uploaded. I kinda thought php didn't > >> allow > >> >> access outside the public_html director, but it looks like they've > >> >> wandered through the system. Here are a few lines from the log... > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST > >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST > >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 > >> 209 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 > >> 119 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 > >> >> 119 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 > >> >> 200 > >> >> > >> >> 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a > >> >> HTTP/1.1" 200 2867 > >> >> > >> >> 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic > >> >> HTTP/1.1" > >> >> > >> >> 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 > >> >> > >> >> 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET > >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 > >> >> > >> >> > >> >> Looking through the logs, it appears that only stuff in the > >> public_html > >> >> directory was accessed. I'm still looking, though. > >> >> > >> >> I'm guessing I should really do a fresh install of the OS and > >> >> everything. > >> >> I'll look at security fixes for phpwiki, or maybe get rid of it. > >> >> > >> >> Any other ideas on securing the system? > >> > > >> > Yes. > >> > > >> > 1. Enable SElinux and put it in "enforcing" mode > >> > > >> > 2. Make sure Apache is set to run as "apache" (not root) > >> > > >> > 3. Make sure you have "safe_mode = on" in your /etc/php.ini script > >> > > >> > 4. Limit uploads to a specific directory and do NOT allow them to be > >> > executed unless you approve them (upload quarantine) > >> > > >> > 5. Set permissions on "significant" directories so they can't be read > >> or > >> > traversed by apache. > >> > > >> > I also like to build Apache so all the stuff it needs can be put in a > >> > chroot jail, and chroot it. Not easy, but useful. > >> > > >> >> > >> >> THANKS! > >> >> > >> >> Harold > >> >> > >> > >> > >> THANKS to those who have commented thus far. This all happened within > >> about 20 minutes. The writer of the phpWiki upload plugin has supplied a > >> fix, but, of course, I want to do more than depend on that! As user > >> apache, it looks like the intruder was only able to look at stuff in my > >> public_html, which is public anyway. I do see an ls of my home directory > >> (the directory below the public_html), but since apache does not own > >> that > >> directory, I don't think anything could be read. When I originally > >> installed FC4, I had trouble with SE Linux preventing stuff from > >> working. > >> I finally disabled it. I'm in the middle of moving the server to FC6 > >> (cloned the hard drive, now trying to get it to work...). I'll > >> definitely > >> try harder on SE Linux! My httpd access_log shows they used Google to > >> find > >> my system with the broken wiki upload. Here's the log entry: > >> > >> 89.110.7.202 - - [07/Apr/2007:01:18:10 -0700] "GET > >> /BroadcastHistory/index.php/PhpWikiDocumentation HTTP/1.1" 200 31993 > >> "http: > >> //www.google.com/search?q=UpLoadPlugin+site:org&hl=en&rls=GGLG,GGLG:2006-04,GGLG:en&start=20&sa=N" > >> "Mozilla/4.0 (compatible; M > >> SIE 6.0; Windows NT 5.1; DeluxeNetwork)" > >> > >> I'm sure it's buried in the documentation, but how do I tell Apache to > >> not > >> interpret anything in a particular directory, just pass it back to the > >> user? This upload directory is full of pdfs contributed by users. > > > > You could add an "AddHandler send-as-is .pdf" to an .htaccess file in > > that directory which would cause Apache to send the PDFs as-is (with > > http headers added, of course). > > > >> In my 10 years or so of running my own linux server, this is the second > >> intrusion I've found. One was using an ssl bug that had been fixed, but > >> I > >> had not installed. This one, apparently, I'm the first to discover. The > >> writer of the wiki plugin fixed it within hours of my asking about it. > > > > Good response by the developer and he/she should be commended for it. > > However, one should never rely on third parties to secure one's > > machines...but you know that. :-) > > > > ---------------------------------------------------------------------- > > - Rick Stevens, Principal Engineer rstevens at internap.com - > > > It seems like I always have to depend on someone to secure the machines to > some extent, whther it's the OS writers, the ap writers, or whatever. But, > I'll do my best (and, yes, I am learning!). > > In the .htaccess, it seems that send-as-is *.pdf would not get around this > problem, since the hacker put in something called 100.php.3 . But, could I > put in send-as-is * and just have EVERYTHING sent as is, nothing > interpreted? Yes, that would do it. And make sure you do that ESPECIALLY in the upload directory. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - To understand recursion, you must first understand recursion. - ---------------------------------------------------------------------- From karlp at ourldsfamily.com Tue Apr 10 02:39:39 2007 From: karlp at ourldsfamily.com (Karl Pearson) Date: Mon, 9 Apr 2007 20:39:39 -0600 (MDT) Subject: hacked? In-Reply-To: <1176143214.29152.55.camel@prophead.corp.publichost.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> <1176140494.29152.48.camel@prophead.corp.publichost.com> <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> <1176143214.29152.55.camel@prophead.corp.publichost.com> Message-ID: <25694.198.60.114.90.1176172779.squirrel@webmail.ourldsfamily.com> On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote: > On Mon, 2007-04-09 at 11:00 -0700, Harold Hallikainen wrote: >> > On Mon, 2007-04-09 at 10:28 -0700, Harold Hallikainen wrote: >> >> > On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: >> >> >> It looks like my system has been hacked! It looks like someone in >> >> Russia >> >> >> uploaded a php script, then wandered around my system, then deleted >> >> the >> >> >> script. Im running phpwiki, which allows for uploads. Apparently, it >> >> >> allows for php scripts to be uploaded. I kinda thought php didn't >> >> allow >> >> >> access outside the public_html director, but it looks like they've >> >> >> wandered through the system. Here are a few lines from the log... >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST >> >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >> >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >> >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" 200 >> >> 209 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" 200 >> >> 119 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" 200 >> >> >> 119 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 199 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" 200 >> >> >> 200 >> >> >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a >> >> >> HTTP/1.1" 200 2867 >> >> >> >> >> >> 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic >> >> >> HTTP/1.1" >> >> >> >> >> >> 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 2975 >> >> >> >> >> >> 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET >> >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 >> >> >> >> >> >> >> >> >> Looking through the logs, it appears that only stuff in the >> >> public_html >> >> >> directory was accessed. I'm still looking, though. >> >> >> >> >> >> I'm guessing I should really do a fresh install of the OS and >> >> >> everything. >> >> >> I'll look at security fixes for phpwiki, or maybe get rid of it. >> >> >> >> >> >> Any other ideas on securing the system? >> >> > >> >> > Yes. >> >> > >> >> > 1. Enable SElinux and put it in "enforcing" mode >> >> > >> >> > 2. Make sure Apache is set to run as "apache" (not root) >> >> > >> >> > 3. Make sure you have "safe_mode = on" in your /etc/php.ini script >> >> > >> >> > 4. Limit uploads to a specific directory and do NOT allow them to be >> >> > executed unless you approve them (upload quarantine) >> >> > >> >> > 5. Set permissions on "significant" directories so they can't be read >> >> or >> >> > traversed by apache. >> >> > >> >> > I also like to build Apache so all the stuff it needs can be put in a >> >> > chroot jail, and chroot it. Not easy, but useful. >> >> > >> >> >> >> >> >> THANKS! >> >> >> >> >> >> Harold >> >> >> >> >> >> >> >> >> THANKS to those who have commented thus far. This all happened within >> >> about 20 minutes. The writer of the phpWiki upload plugin has supplied a >> >> fix, but, of course, I want to do more than depend on that! As user >> >> apache, it looks like the intruder was only able to look at stuff in my >> >> public_html, which is public anyway. I do see an ls of my home directory >> >> (the directory below the public_html), but since apache does not own >> >> that >> >> directory, I don't think anything could be read. When I originally >> >> installed FC4, I had trouble with SE Linux preventing stuff from >> >> working. >> >> I finally disabled it. I'm in the middle of moving the server to FC6 >> >> (cloned the hard drive, now trying to get it to work...). I'll >> >> definitely >> >> try harder on SE Linux! My httpd access_log shows they used Google to >> >> find >> >> my system with the broken wiki upload. Here's the log entry: >> >> >> >> 89.110.7.202 - - [07/Apr/2007:01:18:10 -0700] "GET >> >> /BroadcastHistory/index.php/PhpWikiDocumentation HTTP/1.1" 200 31993 >> >> "http: >> >> //www.google.com/search?q=UpLoadPlugin+site:org&hl=en&rls=GGLG,GGLG:2006-04,GGLG:en&start=20&sa=N" >> >> "Mozilla/4.0 (compatible; M >> >> SIE 6.0; Windows NT 5.1; DeluxeNetwork)" >> >> >> >> I'm sure it's buried in the documentation, but how do I tell Apache to >> >> not >> >> interpret anything in a particular directory, just pass it back to the >> >> user? This upload directory is full of pdfs contributed by users. >> > >> > You could add an "AddHandler send-as-is .pdf" to an .htaccess file in >> > that directory which would cause Apache to send the PDFs as-is (with >> > http headers added, of course). >> > >> >> In my 10 years or so of running my own linux server, this is the second >> >> intrusion I've found. One was using an ssl bug that had been fixed, but >> >> I >> >> had not installed. This one, apparently, I'm the first to discover. The >> >> writer of the wiki plugin fixed it within hours of my asking about it. >> > >> > Good response by the developer and he/she should be commended for it. >> > However, one should never rely on third parties to secure one's >> > machines...but you know that. :-) >> > >> > ---------------------------------------------------------------------- >> > - Rick Stevens, Principal Engineer rstevens at internap.com - >> >> >> It seems like I always have to depend on someone to secure the machines to >> some extent, whther it's the OS writers, the ap writers, or whatever. But, >> I'll do my best (and, yes, I am learning!). >> >> In the .htaccess, it seems that send-as-is *.pdf would not get around this >> problem, since the hacker put in something called 100.php.3 . But, could I >> put in send-as-is * and just have EVERYTHING sent as is, nothing >> interpreted? > > Yes, that would do it. And make sure you do that ESPECIALLY in the > upload directory. Doesn't that prevent index.cgi type files from working correctly? Karl > ---------------------------------------------------------------------- > - Rick Stevens, Principal Engineer rstevens at internap.com - > - VitalStream, Inc. http://www.vitalstream.com - > - - > - To understand recursion, you must first understand recursion. - > ---------------------------------------------------------------------- > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > -- karl _/ _/ _/ _/_/_/ ____________ __o _/ _/ _/ _/ _/ ____________ _-\<._ _/_/ _/ _/_/_/ (_)/ (_) _/ _/ _/ _/ ...................... _/ _/ arl _/_/_/ _/ earson KarlP at ourldsfamily.com --- Senior Consulting Sys/DB Analyst http://consulting.ourldsfamily.com --- My Thoughts on Terrorism In America right after 9/11/2001: http://www.ourldsfamily.com/wtc.shtml --- The world is a dangerous place to live... not because of the people who are evil, but because of the people who don't do anything about it. - Albert Einstein --- From harold at hallikainen.com Tue Apr 10 04:34:10 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Mon, 9 Apr 2007 21:34:10 -0700 (PDT) Subject: hacked? In-Reply-To: <25694.198.60.114.90.1176172779.squirrel@webmail.ourldsfamily.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> <1176140494.29152.48.camel@prophead.corp.publichost.com> <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> <1176143214.29152.55.camel@prophead.corp.publichost.com> <25694.198.60.114.90.1176172779.squirrel@webmail.ourldsfamily.com> Message-ID: <57471.192.168.1.1.1176179650.squirrel@sujan.hallikainen.org> > > On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote: >> On Mon, 2007-04-09 at 11:00 -0700, Harold Hallikainen wrote: >>> > On Mon, 2007-04-09 at 10:28 -0700, Harold Hallikainen wrote: >>> >> > On Sat, 2007-04-07 at 10:19 -0700, Harold Hallikainen wrote: >>> >> >> It looks like my system has been hacked! It looks like someone in >>> >> Russia >>> >> >> uploaded a php script, then wandered around my system, then >>> deleted >>> >> the >>> >> >> script. Im running phpwiki, which allows for uploads. Apparently, >>> it >>> >> >> allows for php scripts to be uploaded. I kinda thought php didn't >>> >> allow >>> >> >> access outside the public_html director, but it looks like >>> they've >>> >> >> wandered through the system. Here are a few lines from the log... >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:19:39 -0700] "POST >>> >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6602 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:19:58 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php3 HTTP/1.1" 200 160099 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >>> >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:24 -0700] "POST >>> >> >> /BroadcastHistory/index.php/UpLoad HTTP/1.1" 200 6604 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:48 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=home HTTP/1.1" >>> 200 >>> >> 209 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=back HTTP/1.1" >>> 200 >>> >> 119 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:49 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=forward HTTP/1.1" >>> 200 >>> >> >> 119 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=up HTTP/1.1" 200 >>> 199 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:46 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3 HTTP/1.1" 200 18400 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:23:50 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=img&img=refresh HTTP/1.1" >>> 200 >>> >> >> 200 >>> >> >> >>> >> >> 89.110.7.202 - - [07/Apr/2007:01:24:40 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=ls&d=%2Fhome%2Fharold%2F&sort=0a >>> >> >> HTTP/1.1" 200 2867 >>> >> >> >>> >> >> 91.122.3.139 - - [07/Apr/2007:01:28:20 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=chmod&f=temp&d=%2Fhome%2Fharold%2Fpublic_html%2Fmusic >>> >> >> HTTP/1.1" >>> >> >> >>> >> >> 91.122.3.139 - - [07/Apr/2007:01:36:27 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove HTTP/1.1" 200 >>> 2975 >>> >> >> >>> >> >> 91.122.3.139 - - [07/Apr/2007:01:36:35 -0700] "GET >>> >> >> /BroadcastHistory/uploads/100.php.3?act=selfremove&rndcode=767&submit=767 >>> >> >> >>> >> >> >>> >> >> Looking through the logs, it appears that only stuff in the >>> >> public_html >>> >> >> directory was accessed. I'm still looking, though. >>> >> >> >>> >> >> I'm guessing I should really do a fresh install of the OS and >>> >> >> everything. >>> >> >> I'll look at security fixes for phpwiki, or maybe get rid of it. >>> >> >> >>> >> >> Any other ideas on securing the system? >>> >> > >>> >> > Yes. >>> >> > >>> >> > 1. Enable SElinux and put it in "enforcing" mode >>> >> > >>> >> > 2. Make sure Apache is set to run as "apache" (not root) >>> >> > >>> >> > 3. Make sure you have "safe_mode = on" in your /etc/php.ini script >>> >> > >>> >> > 4. Limit uploads to a specific directory and do NOT allow them to >>> be >>> >> > executed unless you approve them (upload quarantine) >>> >> > >>> >> > 5. Set permissions on "significant" directories so they can't be >>> read >>> >> or >>> >> > traversed by apache. >>> >> > >>> >> > I also like to build Apache so all the stuff it needs can be put >>> in a >>> >> > chroot jail, and chroot it. Not easy, but useful. >>> >> > >>> >> >> >>> >> >> THANKS! >>> >> >> >>> >> >> Harold >>> >> >> >>> >> >>> >> >>> >> THANKS to those who have commented thus far. This all happened >>> within >>> >> about 20 minutes. The writer of the phpWiki upload plugin has >>> supplied a >>> >> fix, but, of course, I want to do more than depend on that! As user >>> >> apache, it looks like the intruder was only able to look at stuff in >>> my >>> >> public_html, which is public anyway. I do see an ls of my home >>> directory >>> >> (the directory below the public_html), but since apache does not own >>> >> that >>> >> directory, I don't think anything could be read. When I originally >>> >> installed FC4, I had trouble with SE Linux preventing stuff from >>> >> working. >>> >> I finally disabled it. I'm in the middle of moving the server to FC6 >>> >> (cloned the hard drive, now trying to get it to work...). I'll >>> >> definitely >>> >> try harder on SE Linux! My httpd access_log shows they used Google >>> to >>> >> find >>> >> my system with the broken wiki upload. Here's the log entry: >>> >> >>> >> 89.110.7.202 - - [07/Apr/2007:01:18:10 -0700] "GET >>> >> /BroadcastHistory/index.php/PhpWikiDocumentation HTTP/1.1" 200 31993 >>> >> "http: >>> >> //www.google.com/search?q=UpLoadPlugin+site:org&hl=en&rls=GGLG,GGLG:2006-04,GGLG:en&start=20&sa=N" >>> >> "Mozilla/4.0 (compatible; M >>> >> SIE 6.0; Windows NT 5.1; DeluxeNetwork)" >>> >> >>> >> I'm sure it's buried in the documentation, but how do I tell Apache >>> to >>> >> not >>> >> interpret anything in a particular directory, just pass it back to >>> the >>> >> user? This upload directory is full of pdfs contributed by users. >>> > >>> > You could add an "AddHandler send-as-is .pdf" to an .htaccess file in >>> > that directory which would cause Apache to send the PDFs as-is (with >>> > http headers added, of course). >>> > >>> >> In my 10 years or so of running my own linux server, this is the >>> second >>> >> intrusion I've found. One was using an ssl bug that had been fixed, >>> but >>> >> I >>> >> had not installed. This one, apparently, I'm the first to discover. >>> The >>> >> writer of the wiki plugin fixed it within hours of my asking about >>> it. >>> > >>> > Good response by the developer and he/she should be commended for it. >>> > However, one should never rely on third parties to secure one's >>> > machines...but you know that. :-) >>> > >>> > ---------------------------------------------------------------------- >>> > - Rick Stevens, Principal Engineer rstevens at internap.com >>> - >>> >>> >>> It seems like I always have to depend on someone to secure the machines >>> to >>> some extent, whther it's the OS writers, the ap writers, or whatever. >>> But, >>> I'll do my best (and, yes, I am learning!). >>> >>> In the .htaccess, it seems that send-as-is *.pdf would not get around >>> this >>> problem, since the hacker put in something called 100.php.3 . But, >>> could I >>> put in send-as-is * and just have EVERYTHING sent as is, nothing >>> interpreted? >> >> Yes, that would do it. And make sure you do that ESPECIALLY in the >> upload directory. > > Doesn't that prevent index.cgi type files from working correctly? > > Karl > Since the upload directory is exclusively user contributed pdfs, I don't want Apache to interpret anything (its interpreting a php is what got me in trouble). So, I think "AddHandler send-as-is *" in the .htaccess of this directory is appropriate. By the way, if anyone is interested, you can see the wiki in question at http://www.hallikainen.org/BroadcastHistory . THANKS! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From micros50 at verizon.net Tue Apr 10 07:41:51 2007 From: micros50 at verizon.net (mylar) Date: Tue, 10 Apr 2007 03:41:51 -0400 Subject: hacked? In-Reply-To: <1176137715.29152.31.camel@prophead.corp.publichost.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> Message-ID: <1176190911.3757.4.camel@manhattan.ruffe.edu> On Mon, 2007-04-09 at 09:55 -0700, Rick Stevens wrote: > > I also like to build Apache so all the stuff it needs can be put in a > chroot jail, and chroot it. Not easy, but useful. How does one go about building or setting up this "chroot jail" ? I know a lot of the DNS "named" stuff runs in a chroot jail but that was already set up on installation. How do I set this up from scratch. Are there any good "howto's" or "tutorials" floating around that anyone can recommend ? This might be a good idea for some added security around here. Mylar From rstevens at internap.com Tue Apr 10 16:35:55 2007 From: rstevens at internap.com (Rick Stevens) Date: Tue, 10 Apr 2007 09:35:55 -0700 Subject: hacked? In-Reply-To: <25694.198.60.114.90.1176172779.squirrel@webmail.ourldsfamily.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> <1176140494.29152.48.camel@prophead.corp.publichost.com> <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> <1176143214.29152.55.camel@prophead.corp.publichost.com> <25694.198.60.114.90.1176172779.squirrel@webmail.ourldsfamily.com> Message-ID: <1176222955.29152.67.camel@prophead.corp.publichost.com> On Mon, 2007-04-09 at 20:39 -0600, Karl Pearson wrote: > On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote: > >> It seems like I always have to depend on someone to secure the machines to > >> some extent, whther it's the OS writers, the ap writers, or whatever. But, > >> I'll do my best (and, yes, I am learning!). > >> > >> In the .htaccess, it seems that send-as-is *.pdf would not get around this > >> problem, since the hacker put in something called 100.php.3 . But, could I > >> put in send-as-is * and just have EVERYTHING sent as is, nothing > >> interpreted? > > > > Yes, that would do it. And make sure you do that ESPECIALLY in the > > upload directory. > > Doesn't that prevent index.cgi type files from working correctly? Yes, it will. But in an upload directory, who cares? You don't want people snooping around in there anyway, do you? I don't. In my world, upload directories are quarantined...you can't look into them, know what's in them and you can't download from them...UNTIL I look them over and move them to a non-quarantined area. I also don't permit CGI scripts of ANY kind to run anywhere on my systems until I've checked them and given them a clean bill of health. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Okay, who put a "stop payment" on my reality check? - ---------------------------------------------------------------------- From rstevens at internap.com Tue Apr 10 16:52:56 2007 From: rstevens at internap.com (Rick Stevens) Date: Tue, 10 Apr 2007 09:52:56 -0700 Subject: hacked? In-Reply-To: <1176190911.3757.4.camel@manhattan.ruffe.edu> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1176190911.3757.4.camel@manhattan.ruffe.edu> Message-ID: <1176223976.29152.79.camel@prophead.corp.publichost.com> On Tue, 2007-04-10 at 03:41 -0400, mylar wrote: > On Mon, 2007-04-09 at 09:55 -0700, Rick Stevens wrote: > > > > > I also like to build Apache so all the stuff it needs can be put in a > > chroot jail, and chroot it. Not easy, but useful. > > How does one go about building or setting up this "chroot jail" ? I know > a lot of the DNS "named" stuff runs in a chroot jail but that was > already set up on installation. How do I set this up from scratch. Are > there any good "howto's" or "tutorials" floating around that anyone can > recommend ? This might be a good idea for some added security around > here. Well, the easiest way is to set up a completely separate partition or filesystem (you can do it with a directory if you wish) and create a directory tree that has all the stuff Apache may need (complete with /etc, /usr, /usr/lib, etc. and the files required), then chroot to that spot and run apache from there. In my case, I have an "/apache" tree (separate filesystem...actually a completely separate disk): # chroot /apache (now I'm in the fake directory tree) # /usr/sbin/httpd (this runs the apache in /apache/usr/sbin) # exit (now I'm back to the real system) Some links on how to do it: http://www.faqs.org/docs/securing/chap29sec254.html http://penguin.triumf.ca/chroot.html or simply google with "apache +chroot" as the search terms. As I said, it's not trivial since the chroot jail must contain ALL the stuff Apache needs (php, perl, mysql, etc.) so it sucks up a bunch of disk space. I use the separate disk model because I just install a minimal version of Linux on the second drive via the standard install mechanism. "mount /dev/sdb1 /apache" and go from there. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Microsoft Windows: Proof that P.T. Barnum was right - ---------------------------------------------------------------------- From harold at hallikainen.com Wed Apr 11 04:16:54 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Tue, 10 Apr 2007 21:16:54 -0700 (PDT) Subject: hacked? In-Reply-To: <1176222955.29152.67.camel@prophead.corp.publichost.com> References: <43903.192.168.1.1.1175966386.squirrel@sujan.hallikainen.org> <1176137715.29152.31.camel@prophead.corp.publichost.com> <1328.208.73.10.106.1176139691.squirrel@sujan.hallikainen.org> <1176140494.29152.48.camel@prophead.corp.publichost.com> <1365.208.73.10.106.1176141601.squirrel@sujan.hallikainen.org> <1176143214.29152.55.camel@prophead.corp.publichost.com> <25694.198.60.114.90.1176172779.squirrel@webmail.ourldsfamily.com> <1176222955.29152.67.camel@prophead.corp.publichost.com> Message-ID: <35882.192.168.1.1.1176265014.squirrel@sujan.hallikainen.org> > On Mon, 2007-04-09 at 20:39 -0600, Karl Pearson wrote: >> On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote: > >> >> It seems like I always have to depend on someone to secure the >> machines to >> >> some extent, whther it's the OS writers, the ap writers, or whatever. >> But, >> >> I'll do my best (and, yes, I am learning!). >> >> >> >> In the .htaccess, it seems that send-as-is *.pdf would not get around >> this >> >> problem, since the hacker put in something called 100.php.3 . But, >> could I >> >> put in send-as-is * and just have EVERYTHING sent as is, nothing >> >> interpreted? >> > >> > Yes, that would do it. And make sure you do that ESPECIALLY in the >> > upload directory. >> >> Doesn't that prevent index.cgi type files from working correctly? > > Yes, it will. But in an upload directory, who cares? You don't want > people snooping around in there anyway, do you? I don't. > > In my world, upload directories are quarantined...you can't look into > them, know what's in them and you can't download from them...UNTIL I > look them over and move them to a non-quarantined area. I also don't > permit CGI scripts of ANY kind to run anywhere on my systems until I've > checked them and given them a clean bill of health. > Hmmm. I put this in my upload directory as test.php.3: out of php and this in my .htaccess: Options +Indexes DirectoryIndex ../index.php?pagename=UpLoad AddHandler send-as-is * and Apache is interpreting the php (sending me Hello Test instead of the php source). Did I get something wrong in the AddHandler line? I also tried SetHandler send-as-is . Then, it appeared nothing was sent. My pdf files were corrupted. The php.3 showed up empty, including looking in the source window. Ideas? THANKS! Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From cinetron at passport.ca Wed Apr 11 19:48:09 2007 From: cinetron at passport.ca (jim ruxton) Date: Wed, 11 Apr 2007 15:48:09 -0400 Subject: FC6 freezing Message-ID: <1176320889.3732.23.camel@localhost.localdomain> Just wondering if anyone has any pointers for me. I was having trouble in FC5 with my system freezing so I decided to upgrade to FC6. For a few days everything seemed rock solid but now my system seems to freeze again approx. once a day. I haven't been able to gather anything useful from logs. Maybe the initial FC6 was ok but doing system upgrades has something unstable into the system again? I did a memory test and my RAM seems ok. Any thoughts as to how I can get to a solution of this. Thanks, Jim From bc98kinney at yahoo.com Thu Apr 12 00:53:42 2007 From: bc98kinney at yahoo.com (Bob Kinney) Date: Wed, 11 Apr 2007 17:53:42 -0700 (PDT) Subject: FC6 freezing In-Reply-To: <1176320889.3732.23.camel@localhost.localdomain> Message-ID: <798189.13522.qm@web30701.mail.mud.yahoo.com> If you haven't already, run memtest86 from the FC boot CD, and let it go overnight, or longer. Sometimes electronic problems are intermittent. Memtest is THE tool to use, and often picks up on errors other memory testers miss. Another advantage (over standalone module testers) is that it tests the entire system between the processor and the memory module, and thus will report on errors due to bad solder joints or other connections, failing chipset, etc. Of course that doesn't help isolate the problem. You also may have a disk drive problem. Although my own drive problem generated a kernel panic and not just a freeze, it is wise (and cheap) to rule this out, too. An excellent free tool for this is called Drive Fitness Test (DFT) from IBM and Hitachi. I haven't seen a drive it wouldn't test, and works on PATA, SATA, and SCSI. The test is data-safe. You can get it here: http://www.hitachigst.com/hdd/support/download.htm I like to run the exerciser (Alt-e at the main screen) and run at least 2 iterations. The exerciser is the same as the advanced test, but also performs an extensive seek test that pounds the drive pretty hard. Good luck ... --bc --- jim ruxton wrote: > Just wondering if anyone has any pointers for me. I was having trouble > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > days everything seemed rock solid but now my system seems to freeze > again approx. once a day. I haven't been able to gather anything useful > from logs. Maybe the initial FC6 was ok but doing system upgrades has > something unstable into the system again? I did a memory test and my RAM > seems ok. Any thoughts as to how I can get to a solution of this. > Thanks, > Jim > ____________________________________________________________________________________ The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php From rstevens at internap.com Thu Apr 12 00:58:25 2007 From: rstevens at internap.com (Rick Stevens) Date: Wed, 11 Apr 2007 17:58:25 -0700 Subject: FC6 freezing In-Reply-To: <1176320889.3732.23.camel@localhost.localdomain> References: <1176320889.3732.23.camel@localhost.localdomain> Message-ID: <1176339505.5829.0.camel@prophead.corp.publichost.com> On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > Just wondering if anyone has any pointers for me. I was having trouble > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > days everything seemed rock solid but now my system seems to freeze > again approx. once a day. I haven't been able to gather anything useful > from logs. Maybe the initial FC6 was ok but doing system upgrades has > something unstable into the system again? I did a memory test and my RAM > seems ok. Any thoughts as to how I can get to a solution of this. Just for giggles, try disabling the screen saver. There are more than a few that can cause issues with various X drivers--especially if you're using the nVidia drivers. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Veni, Vidi, VISA: I came, I saw, I did a little shopping. - ---------------------------------------------------------------------- From fgrant at powercom.net Thu Apr 12 14:48:53 2007 From: fgrant at powercom.net (Fred Grant) Date: Thu, 12 Apr 2007 09:48:53 -0500 Subject: FC6 freezing In-Reply-To: <1176320889.3732.23.camel@localhost.localdomain> References: <1176320889.3732.23.camel@localhost.localdomain> Message-ID: <1176389334.3778.8.camel@localhost.localdomain> On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > Just wondering if anyone has any pointers for me. I was having trouble > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > days everything seemed rock solid but now my system seems to freeze > again approx. once a day. I haven't been able to gather anything useful > from logs. Maybe the initial FC6 was ok but doing system upgrades has > something unstable into the system again? I did a memory test and my RAM > seems ok. Any thoughts as to how I can get to a solution of this. > Thanks, > Jim > I don't have a solution but have experienced the same thing since upgrading to FC5. In my case I have mouse movement but everything else is frozen. It hasn't happened for quite a while now but always seemed to occur at the most inopportune times. > -- Fred From bob at bobcatos.com Thu Apr 12 15:18:24 2007 From: bob at bobcatos.com (Bob McClure Jr) Date: Thu, 12 Apr 2007 10:18:24 -0500 Subject: FC6 freezing In-Reply-To: <1176389334.3778.8.camel@localhost.localdomain> References: <1176320889.3732.23.camel@localhost.localdomain> <1176389334.3778.8.camel@localhost.localdomain> Message-ID: <20070412151824.GC20813@bobcat.bobcatos.com> On Thu, Apr 12, 2007 at 09:48:53AM -0500, Fred Grant wrote: > On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > > Just wondering if anyone has any pointers for me. I was having trouble > > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > > days everything seemed rock solid but now my system seems to freeze > > again approx. once a day. I haven't been able to gather anything useful > > from logs. Maybe the initial FC6 was ok but doing system upgrades has > > something unstable into the system again? I did a memory test and my RAM > > seems ok. Any thoughts as to how I can get to a solution of this. > > Thanks, > > Jim > > > I don't have a solution but have experienced the same thing since > upgrading to FC5. In my case I have mouse movement but everything else > is frozen. It hasn't happened for quite a while now but always seemed > to occur at the most inopportune times. > > > -- > Fred The only problem I had with FC5 freezing was with xscreensaver, and I could still SSH in from another machine and give it a proper reboot without having to hit the reset button. After a few yum updates, it quit giving me problems. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. bob at bobcatos.com http://www.bobcatos.com You may say to yourself, "My power and the strength of my hands have produced this wealth for me." But remember the LORD your God, for it is he who gives you the ability to produce wealth. Deuteronomy 8:17-18a (NIV) From PTCull at lbl.gov Thu Apr 12 15:33:47 2007 From: PTCull at lbl.gov (Pete Cull x2315) Date: Thu, 12 Apr 2007 08:33:47 -0700 Subject: FC6 freezing Message-ID: <461E515B.8000808@lbl.gov> I believe we would do well to remember that bad capacitors can be with us for years to come. Any approach that independently tests the hardware is a fine way of pointing you in the right direction. From cinetron at passport.ca Thu Apr 12 17:11:47 2007 From: cinetron at passport.ca (jim ruxton) Date: Thu, 12 Apr 2007 13:11:47 -0400 Subject: FC6 freezing In-Reply-To: <798189.13522.qm@web30701.mail.mud.yahoo.com> References: <798189.13522.qm@web30701.mail.mud.yahoo.com> Message-ID: <1176397907.3772.5.camel@localhost.localdomain> On Wed, 2007-04-11 at 17:53 -0700, Bob Kinney wrote: > If you haven't already, run memtest86 from the FC boot CD, and let it > go overnight, or longer. Sometimes electronic problems are intermittent. > Memtest is THE tool to use, and often picks up on errors other memory > testers miss. Thanks I used memtest86 but not overnight. I can try this. In case it matters this is a laptop. > > An excellent free tool for this is called Drive Fitness Test (DFT) from > IBM and Hitachi. I haven't seen a drive it wouldn't test, and works on > PATA, SATA, and SCSI. The test is data-safe. You can get it here: > http://www.hitachigst.com/hdd/support/download.htm Thanks I will download it. Jim From cinetron at passport.ca Thu Apr 12 17:13:57 2007 From: cinetron at passport.ca (jim ruxton) Date: Thu, 12 Apr 2007 13:13:57 -0400 Subject: FC6 freezing In-Reply-To: <1176339505.5829.0.camel@prophead.corp.publichost.com> References: <1176320889.3732.23.camel@localhost.localdomain> <1176339505.5829.0.camel@prophead.corp.publichost.com> Message-ID: <1176398037.3772.8.camel@localhost.localdomain> Ok Rick I just disabled it and I will see what happens. However the freezeup sometimes happens when I am using the machine also, not only when idle. Jim On Wed, 2007-04-11 at 17:58 -0700, Rick Stevens wrote: > On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > > Just wondering if anyone has any pointers for me. I was having trouble > > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > > days everything seemed rock solid but now my system seems to freeze > > again approx. once a day. I haven't been able to gather anything useful > > from logs. Maybe the initial FC6 was ok but doing system upgrades has > > something unstable into the system again? I did a memory test and my RAM > > seems ok. Any thoughts as to how I can get to a solution of this. > > Just for giggles, try disabling the screen saver. There are more than a > few that can cause issues with various X drivers--especially if you're > using the nVidia drivers. > > ---------------------------------------------------------------------- > - Rick Stevens, Principal Engineer rstevens at internap.com - > - VitalStream, Inc. http://www.vitalstream.com - > - - > - Veni, Vidi, VISA: I came, I saw, I did a little shopping. - > ---------------------------------------------------------------------- > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > From cinetron at passport.ca Thu Apr 12 17:15:16 2007 From: cinetron at passport.ca (jim ruxton) Date: Thu, 12 Apr 2007 13:15:16 -0400 Subject: FC6 freezing In-Reply-To: <1176389334.3778.8.camel@localhost.localdomain> References: <1176320889.3732.23.camel@localhost.localdomain> <1176389334.3778.8.camel@localhost.localdomain> Message-ID: <1176398116.3772.10.camel@localhost.localdomain> On Thu, 2007-04-12 at 09:48 -0500, Fred Grant wrote: > On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > > Just wondering if anyone has any pointers for me. I was having trouble > > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > > days everything seemed rock solid but now my system seems to freeze > > again approx. once a day. I haven't been able to gather anything useful > > from logs. Maybe the initial FC6 was ok but doing system upgrades has > > something unstable into the system again? I did a memory test and my RAM > > seems ok. Any thoughts as to how I can get to a solution of this. > > Thanks, > > Jim > > > I don't have a solution but have experienced the same thing since > upgrading to FC5. In my case I have mouse movement but everything else > is frozen. It hasn't happened for quite a while now but always seemed > to occur at the most inopportune times. Yes this is exactly what happens to me. I usually have control over the mouse still. Does this provide any further clues? Jim > > From rstevens at internap.com Thu Apr 12 17:23:39 2007 From: rstevens at internap.com (Rick Stevens) Date: Thu, 12 Apr 2007 10:23:39 -0700 Subject: FC6 freezing In-Reply-To: <1176398037.3772.8.camel@localhost.localdomain> References: <1176320889.3732.23.camel@localhost.localdomain> <1176339505.5829.0.camel@prophead.corp.publichost.com> <1176398037.3772.8.camel@localhost.localdomain> Message-ID: <1176398619.5829.8.camel@prophead.corp.publichost.com> On Thu, 2007-04-12 at 13:13 -0400, jim ruxton wrote: > Ok Rick I just disabled it and I will see what happens. However the > freezeup sometimes happens when I am using the machine also, not only > when idle. Please bottom post when possible, Jim. You said this is a laptop. What make and model and what video chipset is it using ("lspci | grep VGA")? > Jim > On Wed, 2007-04-11 at 17:58 -0700, Rick Stevens wrote: > > On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > > > Just wondering if anyone has any pointers for me. I was having trouble > > > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > > > days everything seemed rock solid but now my system seems to freeze > > > again approx. once a day. I haven't been able to gather anything useful > > > from logs. Maybe the initial FC6 was ok but doing system upgrades has > > > something unstable into the system again? I did a memory test and my RAM > > > seems ok. Any thoughts as to how I can get to a solution of this. > > > > Just for giggles, try disabling the screen saver. There are more than a > > few that can cause issues with various X drivers--especially if you're > > using the nVidia drivers. > > > > ---------------------------------------------------------------------- > > - Rick Stevens, Principal Engineer rstevens at internap.com - > > - VitalStream, Inc. http://www.vitalstream.com - > > - - > > - Veni, Vidi, VISA: I came, I saw, I did a little shopping. - > > ---------------------------------------------------------------------- > > > > _______________________________________________ > > Redhat-install-list mailing list > > Redhat-install-list at redhat.com > > https://www.redhat.com/mailman/listinfo/redhat-install-list > > To Unsubscribe Go To ABOVE URL or send a message to: > > redhat-install-list-request at redhat.com > > Subject: unsubscribe > > > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - grep me no patterns and I'll tell you no lines - ---------------------------------------------------------------------- From cinetron at passport.ca Thu Apr 12 17:23:20 2007 From: cinetron at passport.ca (jim ruxton) Date: Thu, 12 Apr 2007 13:23:20 -0400 Subject: FC6 freezing In-Reply-To: <20070412151824.GC20813@bobcat.bobcatos.com> References: <1176320889.3732.23.camel@localhost.localdomain> <1176389334.3778.8.camel@localhost.localdomain> <20070412151824.GC20813@bobcat.bobcatos.com> Message-ID: <1176398600.3772.13.camel@localhost.localdomain> On Thu, 2007-04-12 at 10:18 -0500, Bob McClure Jr wrote: > On Thu, Apr 12, 2007 at 09:48:53AM -0500, Fred Grant wrote: > > On Wed, 2007-04-11 at 15:48 -0400, jim ruxton wrote: > > > Just wondering if anyone has any pointers for me. I was having trouble > > > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > > > days everything seemed rock solid but now my system seems to freeze > > > again approx. once a day. I haven't been able to gather anything useful > > > from logs. Maybe the initial FC6 was ok but doing system upgrades has > > > something unstable into the system again? I did a memory test and my RAM > > > seems ok. Any thoughts as to how I can get to a solution of this. > > > Thanks, > > > Jim > > > > > I don't have a solution but have experienced the same thing since > > upgrading to FC5. In my case I have mouse movement but everything else > > is frozen. It hasn't happened for quite a while now but always seemed > > to occur at the most inopportune times. > > > > > -- > > Fred > > The only problem I had with FC5 freezing was with xscreensaver, and I > could still SSH in from another machine and give it a proper reboot > without having to hit the reset button. After a few yum updates, it > quit giving me problems. I've been keeping up with updates but no luck. In fact it was working fine when I first installed FC6 and seems to have gotten worse since updating : ( Jim > > Cheers, From tkobayas at indiana.edu Thu Apr 12 17:43:59 2007 From: tkobayas at indiana.edu (tkobayas at indiana.edu) Date: Thu, 12 Apr 2007 13:43:59 -0400 Subject: VMPlayer and XP installation Message-ID: <20070412134359.1mnxgaj3wgsccg0c@webmail.iu.edu> Hi I have just installed RHEL 5.0 WS on my PC to explore what Linux offers. I am migrating from WIN to Linux just because of better memory allocation I heard. I am trying to install WIN software using vmplayer. But no luck so far. I am simply perplexed with vmplayer configuration and all. I apprecaite if anyone could kindly help me. thanks taka From cinetron at passport.ca Thu Apr 12 18:15:19 2007 From: cinetron at passport.ca (jim ruxton) Date: Thu, 12 Apr 2007 14:15:19 -0400 Subject: FC6 freezing In-Reply-To: <1176398619.5829.8.camel@prophead.corp.publichost.com> References: <1176320889.3732.23.camel@localhost.localdomain> <1176339505.5829.0.camel@prophead.corp.publichost.com> <1176398037.3772.8.camel@localhost.localdomain> <1176398619.5829.8.camel@prophead.corp.publichost.com> Message-ID: <1176401719.3772.18.camel@localhost.localdomain> > > > Just wondering if anyone has any pointers for me. I was having trouble > > > > in FC5 with my system freezing so I decided to upgrade to FC6. For a few > > > > days everything seemed rock solid but now my system seems to freeze > > > > again approx. once a day. I haven't been able to gather anything useful > > > > from logs. Maybe the initial FC6 was ok but doing system upgrades has > > > > something unstable into the system again? I did a memory test and my RAM > > > > seems ok. Any thoughts as to how I can get to a solution of this. > > > > > > Just for giggles, try disabling the screen saver. There are more than a > > > few that can cause issues with various X drivers--especially if you're > > > using the nVidia drivers. > > Ok Rick I just disabled it and I will see what happens. However the > > freezeup sometimes happens when I am using the machine also, not only > > when idle. > > > You said this is a laptop. What make and model and what video chipset > is it using ("lspci | grep VGA")? It is an HP Pavillion ZD7000 chip info. is below. 01:00.0 VGA compatible controller: nVidia Corporation NV31M [GeForce FX Go5600] (rev a1) Thanks, Jim From karlp at ourldsfamily.com Thu Apr 12 19:56:21 2007 From: karlp at ourldsfamily.com (Karl Pearson) Date: Thu, 12 Apr 2007 13:56:21 -0600 (MDT) Subject: VMPlayer and XP installation In-Reply-To: <20070412134359.1mnxgaj3wgsccg0c@webmail.iu.edu> References: <20070412134359.1mnxgaj3wgsccg0c@webmail.iu.edu> Message-ID: <51477.207.173.117.242.1176407781.squirrel@webmail.ourldsfamily.com> Download VMWare Server. Player is for previously installed instances, if I understand it correctly. VMWare's Server product is free, and very robust. Karl On Thu, April 12, 2007 11:43 am, tkobayas at indiana.edu wrote: > Hi > > I have just installed RHEL 5.0 WS on my PC to explore what Linux > offers. I am migrating from WIN to Linux just because of better memory > allocation I heard. > > I am trying to install WIN software using vmplayer. But no luck so far. > I am simply perplexed with vmplayer configuration and all. I apprecaite > if anyone could kindly help me. > > thanks > > taka > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > -- Karl L. Pearson karlp at ourldsfamily.com http://consulting.ourldsfamily.com --- My Thoughts on Terrorism In America right after 9/11/2001: http://www.ourldsfamily.com/wtc.shtml --- The world is a dangerous place to live... not because of the people who are evil, but because of the people who don't do anything about it. - Albert Einstein --- "To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it." --- From jwarren1234 at chartermi.net Thu Apr 12 22:03:07 2007 From: jwarren1234 at chartermi.net (Jeremy Warren) Date: Thu, 12 Apr 2007 18:03:07 -0400 (EDT) Subject: FC6 freezing In-Reply-To: <461E515B.8000808@lbl.gov> References: <461E515B.8000808@lbl.gov> Message-ID: <57707.192.168.1.1.1176415387.squirrel@192.168.1.55> On Thu, April 12, 2007 11:33 am, Pete Cull x2315 wrote: > > I believe we would do well to remember that bad capacitors can be with > us for years to come. > > > > Any approach that independently tests the hardware is a fine way of > pointing you in the right direction. > > _______________________________________________ Damn Dell GX270's Everytime I think they have all been fixed another pops up :( From tkobayas at indiana.edu Fri Apr 13 15:39:24 2007 From: tkobayas at indiana.edu (Takatsugu Kobayashi) Date: Sat, 14 Apr 2007 00:39:24 +0900 Subject: VMPlayer and XP installation In-Reply-To: <51477.207.173.117.242.1176407781.squirrel@webmail.ourldsfamily.com> References: <20070412134359.1mnxgaj3wgsccg0c@webmail.iu.edu> <51477.207.173.117.242.1176407781.squirrel@webmail.ourldsfamily.com> Message-ID: <461FA42C.5010506@indiana.edu> Karl Thank you very much. I just downloaded VM Server, and am configuring it. I cross my fingers to have it work :) Karl Pearson wrote: > Download VMWare Server. Player is for previously installed instances, if I > understand it correctly. VMWare's Server product is free, and very robust. > > Karl > > On Thu, April 12, 2007 11:43 am, tkobayas at indiana.edu wrote: > >> Hi >> >> I have just installed RHEL 5.0 WS on my PC to explore what Linux >> offers. I am migrating from WIN to Linux just because of better memory >> allocation I heard. >> >> I am trying to install WIN software using vmplayer. But no luck so far. >> I am simply perplexed with vmplayer configuration and all. I apprecaite >> if anyone could kindly help me. >> >> thanks >> >> taka >> >> _______________________________________________ >> Redhat-install-list mailing list >> Redhat-install-list at redhat.com >> https://www.redhat.com/mailman/listinfo/redhat-install-list >> To Unsubscribe Go To ABOVE URL or send a message to: >> redhat-install-list-request at redhat.com >> Subject: unsubscribe >> >> > > > From celawrence at lbl.gov Mon Apr 16 22:52:41 2007 From: celawrence at lbl.gov (chuck lawrence) Date: Mon, 16 Apr 2007 15:52:41 -0700 Subject: upgrade? Message-ID: <4623FE39.5080702@lbl.gov> I must be missing something... I want to upgrade es3 to es4, or centos4.2 to centos4.4. I have almost no config invested in either box (apps and user dirs come from nfs), so a clean install is a viable option. indeed, it's what I've always done. but I could upgrade instead, right? the first prompt says something about "install or upgrade". o can I upgrade while the os is running, as I can do with a kernel? o can I upgrade by booting from install media? o is there any difference between upgrading like this and just keeping packages up2date and then updating the kernel? adv(thanks)ance -chuck -- * ------------------- * ----------------------------* | charles e. lawrence | lawrence berkeley nat'l lab | | celawrence at lbl.gov | #1 cyclotron rd ms 50a6134 | | (510) 486-4682 | berkeley ca 94720 | * ------------------- * ----------------------------* www-eng.lbl.gov/~celawrence From rstevens at internap.com Tue Apr 17 17:52:52 2007 From: rstevens at internap.com (Rick Stevens) Date: Tue, 17 Apr 2007 10:52:52 -0700 Subject: upgrade? In-Reply-To: <4623FE39.5080702@lbl.gov> References: <4623FE39.5080702@lbl.gov> Message-ID: <1176832372.23345.81.camel@prophead.corp.publichost.com> On Mon, 2007-04-16 at 15:52 -0700, chuck lawrence wrote: > I must be missing something... > > I want to upgrade es3 to es4, or centos4.2 to centos4.4. I have almost > no config invested in either box (apps and user dirs come from nfs), so > a clean install is a viable option. indeed, it's what I've always done. Whoa! An upgrade from ES3 to ES4 is a MAJOR upgrade (going from a 2.4 kernel to a 2.6 kernel, sysfs to udev and a raft of other things). Something of that magnitude is usually best done through a fresh install. You can keep the users' home directories and such, but the OS should be wiped. Upgrading from CentOS 4.2 to 4.4 is a fairly minor update (equivalent to upgrading from ES4 Update 2 to ES4 Update 4). > but I could upgrade instead, right? the first prompt says something > about "install or upgrade". That's correct. > o can I upgrade while the os is running, as I can do with a kernel? It's possible, but I wouldn't. Any upgrade (note "upgrade" versus "update") is probably best done on a quiescent system, and off the install media. Also note that the FIRST thing you should do when the new, upgraded system comes up is to update it with current updates. Media always lags behind the current updates. > o can I upgrade by booting from install media? Yes. Boot from the install media. It will ask you if you want to upgrade an existing version or install a new one. This is true of both ES and CentOS. > o is there any difference between upgrading like this and just keeping > packages up2date and then updating the kernel? Yes, there are. Again, ES3 (based on Fedora Core 1) is a completely different beast than ES4 (based on Fedora Core 3). ES3 uses the older 2.4 kernel, uses SysFS and hotplug rather than udev, SELinux is a rather bodged-together security system, uses wuftpd rather than vsftpd, uses XFree86 instead of XOrg and a whole bunch of other things too numerous to mention. CentOS 4.2 and 4.4 use the same base systems, so keeping a 4.2 system up-to-date gets you much, much closer to a 4.4 system, although they aren't the same (for example, I believe 4.2 uses an older version of Gnome than 4.4). Note also that CentOS 4.2 is equivalent to ES4 Update 2, CentOS 4.4 is equivalent to ES4 Update 4. Of course, ES5 is now out, and so's CentOS 5--both based on Fedora Core 5. Fedora is the "bleeding edge" Red Hat Linux. We Fedora users are essentially the lab rats for potential Red Hat Enterprise Linux releases. We shook the bugs out of FC5 to the point where it was stable and solid, Red Hat did additional tweaks and now it has now become ES5. The current release of Fedora is FC6 with FC7 coming out "real soon now". I suspect RHEL (ES/AS)5 Update 1 (and CentOS 5.1) will be based on FC6 in a year or so, but that's just my opinion. I don't speak for Red Hat. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - LOOK OUT!!! BEHIND YOU!!! - ---------------------------------------------------------------------- From ddoucette at redlon-johnson.com Wed Apr 18 15:15:49 2007 From: ddoucette at redlon-johnson.com (Dan Doucette) Date: Wed, 18 Apr 2007 11:15:49 -0400 Subject: E-mail question Message-ID: <200704181515.l3IFFnQ2003581@redlon-johnson.com> Hello All, I've got a RedHat Linux box running sendmail. Recently we've added a group of users that need to be restricted to sending mail with in the domain only, no external mail should be sent/received. Anyone have any thoughts on how to do this? Thanks, Dan Doucette From hq4ever at gmail.com Wed Apr 18 15:34:19 2007 From: hq4ever at gmail.com (Maxim Veksler) Date: Wed, 18 Apr 2007 18:34:19 +0300 Subject: Installing X from terminal Message-ID: Hi, I had a system with X installed on it, I rpm -e it. Is there some command like the red hat installation that could reinstall all the relevant rpm's for X to load again ? Thank you, Maxim. -- Cheers, Maxim Veksler "Free as in Freedom" - Do u GNU ? From admin at sontayamyblog.com Thu Apr 19 10:41:08 2007 From: admin at sontayamyblog.com (The Configuration Your Server) Date: Wed, 18 Apr 2007 22:41:08 -1200 Subject: Installing X from terminal In-Reply-To: References: Message-ID: <46274744.1050508@sontayamyblog.com> See documentation LMS. http://www.sontayamyblog.com Thank you, Maxim Veksler wrote: > Hi, > > I had a system with X installed on it, I rpm -e it. > > Is there some command like the red hat installation that could > reinstall all the relevant rpm's for X to load again ? > > Thank you, > Maxim. > > -- Thank you, The Linux System & Configuration Your Server. Mr. Sontaya Photibut Administrator From hq4ever at gmail.com Wed Apr 18 16:05:55 2007 From: hq4ever at gmail.com (Maxim Veksler) Date: Wed, 18 Apr 2007 19:05:55 +0300 Subject: E-mail question In-Reply-To: <200704181515.l3IFFnQ2003581@redlon-johnson.com> References: <200704181515.l3IFFnQ2003581@redlon-johnson.com> Message-ID: On 4/18/07, Dan Doucette wrote: > Hello All, > > I've got a RedHat Linux box running sendmail. Recently we've added a group > of users that need to be restricted to sending mail with in the domain only, > no external mail should be sent/received. Anyone have any thoughts on how to > do this? > I would be looking at some blocking options of sendmail to exclusively deny those users from sending email with destination not containing .com > Thanks, > Dan Doucette > > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe > -- Cheers, Maxim Veksler "Free as in Freedom" - Do u GNU ? From manoharakn at yahoo.com Mon Apr 23 13:04:29 2007 From: manoharakn at yahoo.com (Manohar K N) Date: Mon, 23 Apr 2007 06:04:29 -0700 (PDT) Subject: How to Mount external usb hardisk in Linux Message-ID: <462245.41712.qm@web55003.mail.re4.yahoo.com> Hi Every one, Can you guide how access externela usb drive in linux pc. (or How to configure ) Thanks and Regards, Manohara.K.N --------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at bobcatos.com Mon Apr 23 16:29:24 2007 From: bob at bobcatos.com (Bob McClure Jr) Date: Mon, 23 Apr 2007 11:29:24 -0500 Subject: How to Mount external usb hardisk in Linux In-Reply-To: <462245.41712.qm@web55003.mail.re4.yahoo.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> Message-ID: <20070423162924.GA27697@bobcat.bobcatos.com> On Mon, Apr 23, 2007 at 06:04:29AM -0700, Manohar K N wrote: > Hi Every one, > > Can you guide how access externela usb drive in linux pc. (or How to configure ) > > Thanks and Regards, > Manohara.K.N Need to know more about your system. What distribution and version? What kind of hard drives do you have on your system? In general, your USB drive will be recognized as a SCSI drive. If you have no SCSI or SATA drives, it will show up as /dev/sda. If you have one SATA drive, the USB drive will appear as /dev/sdb because your SATA drive is probably /dev/sda. The way to find out is to su to root ("su -"), then tail /var/log/messages: tail -f /var/log/messages and then plug in the USB drive. Within five seconds, there should be some report of the USB drive. If you have a recent Linux distro, there may be new entry in /etc/fstab for that device. Then you may be able to say mount /dev/sda1 Again, we need more information to do more than speculate. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. bob at bobcatos.com http://www.bobcatos.com Why are you downcast, O my soul? Why so disturbed within me? Put your hope in God, for I will yet praise him, my Savior and my God. Psalm 42:11 (NIV) From harold at hallikainen.com Mon Apr 23 16:42:46 2007 From: harold at hallikainen.com (Harold Hallikainen) Date: Mon, 23 Apr 2007 09:42:46 -0700 (PDT) Subject: How to Mount external usb hardisk in Linux In-Reply-To: <20070423162924.GA27697@bobcat.bobcatos.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070423162924.GA27697@bobcat.bobcatos.com> Message-ID: <1175.208.73.10.106.1177346566.squirrel@sujan.hallikainen.org> > On Mon, Apr 23, 2007 at 06:04:29AM -0700, Manohar K N wrote: >> Hi Every one, >> >> Can you guide how access externela usb drive in linux pc. (or >> How to configure ) >> >> Thanks and Regards, >> Manohara.K.N > > Need to know more about your system. What distribution and version? > > What kind of hard drives do you have on your system? > > In general, your USB drive will be recognized as a SCSI drive. If you > have no SCSI or SATA drives, it will show up as /dev/sda. If you have > one SATA drive, the USB drive will appear as /dev/sdb because your > SATA drive is probably /dev/sda. > > The way to find out is to su to root ("su -"), then tail > /var/log/messages: > > tail -f /var/log/messages > > and then plug in the USB drive. Within five seconds, there should be > some report of the USB drive. If you have a recent Linux distro, > there may be new entry in /etc/fstab for that device. Then you may be > able to say > > mount /dev/sda1 > > Again, we need more information to do more than speculate. > > Cheers, > -- > Bob McClure, Jr. Bobcat Open Systems, Inc. On my FC6 laptop, USB drives just magically show up on the desktop when they are plugged in, so they're real easy to work with. Harold -- FCC Rules Updated Daily at http://www.hallikainen.com - Advertising opportunities available! From rstevens at internap.com Mon Apr 23 17:03:45 2007 From: rstevens at internap.com (Rick Stevens) Date: Mon, 23 Apr 2007 10:03:45 -0700 Subject: How to Mount external usb hardisk in Linux In-Reply-To: <462245.41712.qm@web55003.mail.re4.yahoo.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> Message-ID: <1177347826.28708.13.camel@prophead.corp.publichost.com> On Mon, 2007-04-23 at 06:04 -0700, Manohar K N wrote: > Hi Every one, > > Can you guide how access externela usb drive in linux pc. (or > How to configure ) Assuming something relatively current such as RHEL 4U3, 4U4 or Fedora Core 5 or 6, the drive should show up automatically in the /media directory. The directory it's mounted as will reflect the filesystem label (if any). For example, if the drive has a filesystem label such as "FlashData", then it will probably mount as "/media/FlashData". If there is no filesystem label (such as a DOS- or VFAT-formatted drive), then it will probably show up as "/media/disk". If it doesn't automatically mount, then the raw device name will be "/dev/sdDP" where "N" will be "a" if this is the first SCSI disk, "b" if it's the second and so on (NOTE: SATA drives are also considered SCSI drives in Linux). The "P" identifies the partition number in the drive, starting at 1. You will have to manually mount the drive by first creating a mountpoint as the root user: # mkdir /media/mydisk Then executing a mount command. Assuming this USB disk is the second SCSI drive (because you already have a SATA drive) and that the first partition on the USB drive is the partition with the file system (most likely): # mount /dev/sdb1 /media/mydisk Voila! Don't forget to unmount it before you unplug it: # umount /dev/sdb1 --OR-- # umount /media/mydisk Either command will work. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Any sufficiently advanced technology is indistinguishable from a - - rigged demo. - ---------------------------------------------------------------------- From tyche at ica.net Tue Apr 24 17:47:06 2007 From: tyche at ica.net (tyche at ica.net) Date: Tue, 24 Apr 2007 13:47:06 -0400 Subject: subject How to Mount external usb hardisk in Linux In-Reply-To: <462245.41712.qm@web55003.mail.re4.yahoo.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> Message-ID: <200704241347.06647.tyche@ica.net> On Monday 23 April 2007 09:04, Manohar K N wrote: > Hi Every one, > > Can you guide how access externela usb drive in linux pc. (or How > to configure ) > > Thanks and Regards, > Manohara.K.N > usb drives are scsi, mount /dev/sd? /mnt/dir hope this helps tyche From aan at geoph.itb.ac.id Wed Apr 25 14:49:08 2007 From: aan at geoph.itb.ac.id (Aan Anaya) Date: Wed, 25 Apr 2007 21:49:08 +0700 Subject: How to Mount external usb hardisk in Linux In-Reply-To: <462245.41712.qm@web55003.mail.re4.yahoo.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> Message-ID: <20070425144428.M49102@geoph.itb.ac.id> Hi Every one, ?? Can you guide me how to change hostid in? RHEL WS 3. Regards, Aan delivered by WebMail[at] www.geoph.itb.ac.id -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at bobcatos.com Wed Apr 25 14:57:13 2007 From: bob at bobcatos.com (Bob McClure Jr) Date: Wed, 25 Apr 2007 09:57:13 -0500 Subject: How to Mount external usb hardisk in Linux In-Reply-To: <20070425144428.M49102@geoph.itb.ac.id> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> Message-ID: <20070425145713.GA932@bobcat.bobcatos.com> On Wed, Apr 25, 2007 at 09:49:08PM +0700, Aan Anaya wrote: > Hi Every one, > ?? > Can you guide me how to change hostid in? RHEL WS 3. You mean hostname? You can change it in /etc/sysconfig/network (probably want to change it in /etc/hosts, as well), or you can run system-config-network. You may need to reboot for everything to take effect. > Regards, > > Aan Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. bob at bobcatos.com http://www.bobcatos.com If my people, who are called by my name, will humble themselves and pray and seek my face and turn from their wicked ways, then will I hear from heaven and will forgive their sin and will heal their land. 2 Chronicles 7:14 (NIV) From rriley at procuri.com Wed Apr 25 14:58:39 2007 From: rriley at procuri.com (Richard Riley) Date: Wed, 25 Apr 2007 10:58:39 -0400 Subject: How to Mount external usb hardisk in Linux In-Reply-To: <20070425144428.M49102@geoph.itb.ac.id> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> Message-ID: If you mean "hostname", look at the file "/etc/sysconfig/network". You should see it defined in there. Once you change it there, you would need to run the command "/sbin/service network restart" or reboot the machine to validate your change. You can change it on the fly with the command "hostname newhostname", but this would only last till the next reboot. ________________________________ From: redhat-install-list-bounces at redhat.com [mailto:redhat-install-list-bounces at redhat.com] On Behalf Of Aan Anaya Sent: Wednesday, April 25, 2007 10:49 AM To: Getting started with Red Hat Linux Subject: Re: How to Mount external usb hardisk in Linux Hi Every one, Can you guide me how to change hostid in RHEL WS 3. Regards, Aan delivered by WebMail[at] www.geoph.itb.ac.id -------------- next part -------------- An HTML attachment was scrubbed... URL: From aan at geoph.itb.ac.id Wed Apr 25 15:14:26 2007 From: aan at geoph.itb.ac.id (Aan Anaya) Date: Wed, 25 Apr 2007 22:14:26 +0700 Subject: How to change mac address In-Reply-To: <20070425145713.GA932@bobcat.bobcatos.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> Message-ID: <20070425150542.M47275@geoph.itb.ac.id> Thanks every body. I?m success to change hostname. Can we change mac address in linux ??? Thanks. On Wed, 25 Apr 2007 09:57:13 -0500, Bob McClure Jr wrote > On Wed, Apr 25, 2007 at 09:49:08PM +0700, Aan Anaya wrote: > > Hi Every one, > > > > Can you guide me how to change hostid in RHEL WS 3. > > You mean hostname? ?You can change it in /etc/sysconfig/network > (probably want to change it in /etc/hosts, as well), or you can run > system-config-network. ?You may need to reboot for everything to take > effect. > > > Regards, > > > > Aan > > Cheers, > -- > Bob McClure, Jr. ? ? ? ? ? ? Bobcat Open Systems, Inc. > bob at bobcatos.com ? ? ? ? ? ? http://www.bobcatos.com > If my people, who are called by my name, will humble themselves and > pray and seek my face and turn from their wicked ways, then will I > hear from heaven and will forgive their sin and will heal their land. > 2 Chronicles 7:14 (NIV) > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe ------------------------------- Aan Ibnu Anaya SeisLab Geoph http://www.geoph.itb.ac.id/~aan delivered by WebMail[at] www.geoph.itb.ac.id -------------- next part -------------- An HTML attachment was scrubbed... URL: From djuric at livingston.de Wed Apr 25 15:23:37 2007 From: djuric at livingston.de (Dalibor Juric) Date: Wed, 25 Apr 2007 17:23:37 +0200 Subject: How to change mac address In-Reply-To: <20070425150542.M47275@geoph.itb.ac.id> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> <20070425150542.M47275@geoph.itb.ac.id> Message-ID: <462F7279.9050308@livingston.de> Yes of course. Try this solution: |ifconfig eth1 down ifconfig hw ether 00:02:5C:11:2B:FA ifconfig eth1 up This will change mac from eth1 to ||00:02:5C:11:2B:FA.| | |Aan Anaya schrieb: > Thanks every body. I?m success to change hostname. > > Can we change mac address in linux ??? > > > Thanks. > * > > On Wed, 25 Apr 2007 09:57:13 -0500, Bob McClure Jr wrote* > > On Wed, Apr 25, 2007 at 09:49:08PM +0700, Aan Anaya wrote: > > > Hi Every one, > > > > > > Can you guide me how to change hostid in RHEL WS 3. > > > > You mean hostname? You can change it in /etc/sysconfig/network > > (probably want to change it in /etc/hosts, as well), or you can run > > system-config-network. You may need to reboot for everything to take > > effect. > > > > > Regards, > > > > > > Aan > > > > Cheers, > > -- > > Bob McClure, Jr. Bobcat Open Systems, Inc. > > bob at bobcatos.com http://www.bobcatos.com > > > If my people, who are called by my name, will humble themselves and > > pray and seek my face and turn from their wicked ways, then will I > > hear from heaven and will forgive their sin and will heal their land. > > 2 Chronicles 7:14 (NIV) > > > > _______________________________________________ > > Redhat-install-list mailing list > > Redhat-install-list at redhat.com > > https://www.redhat.com/mailman/listinfo/redhat-install-list > > To Unsubscribe Go To ABOVE URL or send a message to: > > redhat-install-list-request at redhat.com > > Subject: unsubscribe > > > ------------------------------- > Aan Ibnu Anaya > SeisLab Geoph > http://www.geoph.itb.ac.id/~aan > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > * delivered by WebMail[at] *www.geoph.itb.ac.id > > ------------------------------------------------------------------------ > > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe Dalibor Juric Red Hat Certified Technician Technical Support UNIX ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From akelly at corisweb.org Thu Apr 26 07:46:18 2007 From: akelly at corisweb.org (Andrew Kelly) Date: Thu, 26 Apr 2007 09:46:18 +0200 Subject: How to change mac address In-Reply-To: <462F7279.9050308@livingston.de> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> <20070425150542.M47275@geoph.itb.ac.id> <462F7279.9050308@livingston.de> Message-ID: <1177573578.2600.3.camel@localhost.localdomain> On Wed, 2007-04-25 at 17:23 +0200, Dalibor Juric wrote: > Yes of course. Try this solution: > ifconfig eth1 down > ifconfig hw ether 00:02:5C:11:2B:FA > ifconfig eth1 up > > This will change mac from eth1 to 00:02:5C:11:2B:FA. > > Aan Anaya schrieb: > > Thanks every body. I?m success to change hostname. > > > > Can we change mac address in linux ??? > > > > > > Thanks. > > > ??? Isn't the MAC provided by the NIC and unique to every NIC? Andy > > On Wed, 25 Apr 2007 09:57:13 -0500, Bob McClure Jr wrote > > > On Wed, Apr 25, 2007 at 09:49:08PM +0700, Aan Anaya wrote: > > > > Hi Every one, > > > > > > > > Can you guide me how to change hostid in RHEL WS 3. > > > > > > You mean hostname? You can change it in /etc/sysconfig/network > > > (probably want to change it in /etc/hosts, as well), or you can > > run > > > system-config-network. You may need to reboot for everything to > > take > > > effect. > > > > > > > Regards, > > > > > > > > Aan > > > > > > Cheers, > > > -- > > > Bob McClure, Jr. Bobcat Open Systems, Inc. > > > bob at bobcatos.com http://www.bobcatos.com > > > If my people, who are called by my name, will humble themselves > > and > > > pray and seek my face and turn from their wicked ways, then will > > I > > > hear from heaven and will forgive their sin and will heal their > > land. > > > 2 Chronicles 7:14 (NIV) > > > > > > _______________________________________________ > > > Redhat-install-list mailing list > > > Redhat-install-list at redhat.com > > > https://www.redhat.com/mailman/listinfo/redhat-install-list > > > To Unsubscribe Go To ABOVE URL or send a message to: > > > redhat-install-list-request at redhat.com > > > Subject: unsubscribe > > > > > > ------------------------------- > > Aan Ibnu Anaya > > SeisLab Geoph > > http://www.geoph.itb.ac.id/~aan > > > > ______________________________________________________________________ > > This email has been scanned by the MessageLabs Email Security > > System. > > For more information please visit http://www.messagelabs.com/email > > ______________________________________________________________________ > > delivered by WebMail[at] www.geoph.itb.ac.id > > > > ____________________________________________________________________ > > > > _______________________________________________ > > Redhat-install-list mailing list > > Redhat-install-list at redhat.com > > https://www.redhat.com/mailman/listinfo/redhat-install-list > > To Unsubscribe Go To ABOVE URL or send a message to: > > redhat-install-list-request at redhat.com > > Subject: unsubscribe > > Dalibor Juric > Red Hat Certified Technician > Technical Support UNIX > > > > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > _______________________________________________ > Redhat-install-list mailing list > Redhat-install-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-install-list > To Unsubscribe Go To ABOVE URL or send a message to: > redhat-install-list-request at redhat.com > Subject: unsubscribe From gerard.labadie at gmail.com Thu Apr 26 07:59:09 2007 From: gerard.labadie at gmail.com (gerard labadie) Date: Thu, 26 Apr 2007 09:59:09 +0200 Subject: How to change mac address In-Reply-To: <1177573578.2600.3.camel@localhost.localdomain> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> <20070425150542.M47275@geoph.itb.ac.id> <462F7279.9050308@livingston.de> <1177573578.2600.3.camel@localhost.localdomain> Message-ID: <6bfdb8ce0704260059o37f28b62h6424cd157fd57158@mail.gmail.com> 2007/4/26, Andrew Kelly : > > > > Isn't the MAC provided by the NIC and unique to every NIC? > > Andy Yes, but you can change it. For Vms (www.openvms.compaq.com) for example, when Decnet starts (before any other protocol like Tcpip, Lat, Lavc, Amds or any) it changes the Mac address from (for example 08-00-2B-.... to AA-00-04-00..., because it has the Decnet address in it. A Decnet address of 3.2 means (3*1024)+2= 3074 In hex, this is 0C04, so the Mac address will be (reversed) aa-00-04-00-04-0C See http://h71000.www7.hp.com/wizard/wiz_4244.html Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From admin at sontayamyblog.com Thu Apr 26 08:29:58 2007 From: admin at sontayamyblog.com (The Linux System & Configuration Your Server) Date: Thu, 26 Apr 2007 15:29:58 +0700 Subject: How to change mac address In-Reply-To: <6bfdb8ce0704260059o37f28b62h6424cd157fd57158@mail.gmail.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> <20070425150542.M47275@geoph.itb.ac.id> <462F7279.9050308@livingston.de> <1177573578.2600.3.camel@localhost.localdomain> <6bfdb8ce0704260059o37f28b62h6424cd157fd57158@mail.gmail.com> Message-ID: <46306306.2000006@sontayamyblog.com> An HTML attachment was scrubbed... URL: From rstevens at internap.com Thu Apr 26 18:00:39 2007 From: rstevens at internap.com (Rick Stevens) Date: Thu, 26 Apr 2007 11:00:39 -0700 Subject: How to change mac address In-Reply-To: <46306306.2000006@sontayamyblog.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> <20070425150542.M47275@geoph.itb.ac.id> <462F7279.9050308@livingston.de> <1177573578.2600.3.camel@localhost.localdomain> <6bfdb8ce0704260059o37f28b62h6424cd157fd57158@mail.gmail.com> <46306306.2000006@sontayamyblog.com> Message-ID: <1177610439.16736.57.camel@prophead.corp.publichost.com> On Thu, 2007-04-26 at 15:29 +0700, The Linux System & Configuration Your Server wrote: > Details here. http://www.sontayamyblog.com > > gerard labadie wrote: > > > > > > 2007/4/26, Andrew Kelly : > > > > > > Isn't the MAC provided by the NIC and unique to every NIC? > > > > Andy > > > > > > Yes, but you can change it. > > For Vms (www.openvms.compaq.com) for example, when Decnet starts > > (before any other protocol like Tcpip, Lat, Lavc, Amds or any) it > > changes the Mac address from (for example 08-00-2B-.... to > > AA-00-04-00..., because it has the Decnet address in it. > > A Decnet address of 3.2 means (3*1024)+2= 3074 > > In hex, this is 0C04, so the Mac address will be (reversed) > > aa-00-04-00-04-0C > > > > See http://h71000.www7.hp.com/wizard/wiz_4244.html Gang, PLEASE bottom post on this list. Top posting makes following the logic of the thread REALLY hard. As to the the original request: To change the host name: Edit /etc/sysconfig/network and change the "HOSTNAME=" item. This changes the name of the machine permanently and takes effect on a reboot. Use "hostname new-name-of-host" as root to change it immediately. To change the hardware (MAC) address of a NIC, do one of the following as root: ifconfig ethX down ifconfig ethX hw ether aa:bb:cc:dd:ee:ff ifconfig ethX up --or-- ip set link dev ethX brd aa:bb:cc:dd:ee:ff Note that there is no way to do this during the normal network setup. You have to either do it yourself or run a script that does it for you. If you MUST change the MAC on a NIC every time (a dubious thing in the first place), put the commands you want at the end of the commands in /etc/rc.d/rc.local. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens at internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - "People tell me I look at the dark side. That's not true. I have - - the heart of a small boy......in a jar right here on my desk." - - -- Stephen King - ---------------------------------------------------------------------- From pengcz at 126.com Fri Apr 27 04:47:51 2007 From: pengcz at 126.com (pengcz at 126.com) Date: Fri, 27 Apr 2007 12:47:51 +0800 (CST) Subject: problem with the tftpd deamon when config network install RHEL5 Message-ID: <46318077.00008A.21354@bj126app27.126.com> Hi ALL I have a problem with the tftpd when i want to setup a network installation server for RHEL 5 i want to change the tftpd root dir, so i change the server_args = -s /tftpboot to server_args= -s /mytest -c i used the -c options so i want to test that it can upload the file if need! after i restart the xinetd service and get the ok result ,i found that i get some error message fail in server permission denied or file no found or timeout i change the /mytest dir and all the file with the "chmod 777 * " but i can upload or download file when i reset the config with the /tftpboot dir,it is ok to download file ,anyone can give me a hand ?thanks in advanced -------------- next part -------------- An HTML attachment was scrubbed... URL: From P.C.M.Chiu at rl.ac.uk Fri Apr 27 07:31:27 2007 From: P.C.M.Chiu at rl.ac.uk (Chiu, PCM (Peter)) Date: Fri, 27 Apr 2007 08:31:27 +0100 Subject: How to change mac address In-Reply-To: <46306306.2000006@sontayamyblog.com> References: <462245.41712.qm@web55003.mail.re4.yahoo.com> <20070425144428.M49102@geoph.itb.ac.id> <20070425145713.GA932@bobcat.bobcatos.com> <20070425150542.M47275@geoph.itb.ac.id> <462F7279.9050308@livingston.de> <1177573578.2600.3.camel@localhost.localdomain><6bfdb8ce0704260059o37f28b62h6424cd157fd57158@mail.gmail.com> <46306306.2000006@sontayamyblog.com> Message-ID: That is this site http://www.sontayamyblog.com Quite a bit of non-english contents, but a search shows no reference to changing mac address. But I suspect ifconfig might do the trick. ________________________________ From: redhat-install-list-bounces at redhat.com [mailto:redhat-install-list-bounces at redhat.com] On Behalf Of The Linux System & Configuration Your Server Sent: 26 April 2007 09:30 To: Getting started with Red Hat Linux Subject: Re: How to change mac address Details here. http://www.sontayamyblog.com gerard labadie wrote: 2007/4/26, Andrew Kelly : Isn't the MAC provided by the NIC and unique to every NIC? Andy Yes, but you can change it. For Vms (www.openvms.compaq.com) for example, when Decnet starts (before any other protocol like Tcpip, Lat, Lavc, Amds or any) it changes the Mac address from (for example 08-00-2B-.... to AA-00-04-00..., because it has the Decnet address in it. A Decnet address of 3.2 means (3*1024)+2= 3074 In hex, this is 0C04, so the Mac address will be (reversed) aa-00-04-00-04-0C See http://h71000.www7.hp.com/wizard/wiz_4244.html Regards ________________________________ _______________________________________________ Redhat-install-list mailing list Redhat-install-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request at redhat.com Subject: unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: From karlp at ourldsfamily.com Fri Apr 27 22:00:10 2007 From: karlp at ourldsfamily.com (Karl Pearson) Date: Fri, 27 Apr 2007 16:00:10 -0600 (MDT) Subject: Software Raid on FC6 Message-ID: <48553.207.173.117.242.1177711210.squirrel@webmail.ourldsfamily.com> I'm installing a new mini-server for some emailgroups, web, etc. It has 2 Western Digital 80GB disks, plus will have a couple more used as hot backup via USB. My question, would you recommend the following RAID0 setup using the FC6 installation process? Both disks as MD0 and 74.5GB swap on both disks at 1.9GB each MD0 is then an ext3 partition of 74.5GB, using 'all' of MD0 Thoughts? Warnings? TIA -- Karl L. Pearson karlp at ourldsfamily.com http://consulting.ourldsfamily.com --- My Thoughts on Terrorism In America right after 9/11/2001: http://www.ourldsfamily.com/wtc.shtml --- The world is a dangerous place to live... not because of the people who are evil, but because of the people who don't do anything about it. - Albert Einstein --- "To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it." --- From pengcz at 126.com Sat Apr 28 06:43:57 2007 From: pengcz at 126.com (pengcz at 126.com) Date: Sat, 28 Apr 2007 14:43:57 +0800 (CST) Subject: problem wiht tftpd with rhel5 Message-ID: <4632ED2D.000003.15146@bj126app16.126.com> Dear all I have the problem when i want to upload or download the file from the tftp server ,here is the test steps: any suggestion will be apprieate !! [root at bootserver ~]# cat /etc/xinetd.d/tftp # default: off # description: The tftp server serves files using the trivial file transfer \ # protocol. The tftp protocol is often used to boot diskless \ # workstations, download configuration files to network-aware printers, \ # and to start the installation process for some operating systems. service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args =-u nobody -s /mylove per_source = 11 cps = 100 2 flags = IPv4 } [root at bootserver ~]# [root at bootserver ~]# ll /mylove/ total 40 -rwxrwxrwx 1 nobody nobody 86 Apr 24 16:35 1.txt -rwxrwxrwx 1 nobody nobody 10894 Apr 26 13:51 a.txt -rwxrwxrwx 1 nobody nobody 86 Apr 24 15:48 dhcpd.conf.test-tftp -rwxr-xr-x 1 nobody nobody 86 Apr 28 13:51 d.txt C:\Documents and Settings\peterp>tftp 192.168.1.1 get a.txt Timeout occurred C:\Documents and Settings\peterp> [root at bootserver ~]# /etc/init.d/xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ] [root at bootserver ~]# netstat -nlp | grep tftp udp 0 0 0.0.0.0:69 0.0.0.0:* 6355/in.tftpd [root at bootserver ~]# C:\Documents and Settings\peterp>tftp 192.168.1.1 get a.txt Timeout occurred C:\Documents and Settings\peter p> -------------- next part -------------- An HTML attachment was scrubbed... URL: From nlam87346 at library.usyd.edu.au Sat Apr 28 07:51:34 2007 From: nlam87346 at library.usyd.edu.au (Nikolas Lam) Date: Sat, 28 Apr 2007 17:51:34 +1000 Subject: problem wiht tftpd with rhel5 In-Reply-To: <4632ED2D.000003.15146@bj126app16.126.com> References: <4632ED2D.000003.15146@bj126app16.126.com> Message-ID: <1177746694.3462.4.camel@lits19.library.usyd.edu.au> On Sat, 2007-04-28 at 14:43 +0800, pengcz at 126.com wrote: > > Dear all > I have the problem when i want to upload or download the file > from the tftp server ,here is the test steps: > > any suggestion will be apprieate !! > Firewall? From pengcz at 126.com Sat Apr 28 08:56:10 2007 From: pengcz at 126.com (pengcz at 126.com) Date: Sat, 28 Apr 2007 16:56:10 +0800 (CST) Subject: problem wiht tftpd with rhel5 In-Reply-To: <1177746694.3462.4.camel@lits19.library.usyd.edu.au> References: <4632ED2D.000003.15146@bj126app16.126.com> <1177746694.3462.4.camel@lits19.library.usyd.edu.au> Message-ID: <46330C2A.000029.24747@bj126app23.126.com> NO,I have been disable the iptables ! now only the tftp download is available when i change the root directory to /tftpboot. if i want to change it ,it will fail for upload and downlaod, anyone who can give me a hand? ?2007-04-28?"Nikolas Lam" ??? On Sat, 2007-04-28 at 14:43 +0800, pengcz at 126.com wrote: > > Dear all > I have the problem when i want to upload or download the file > from the tftp server ,here is the test steps: > > any suggestion will be apprieate !! > Firewall? _______________________________________________ Redhat-install-list mailing list Redhat-install-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request at redhat.com Subject: unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: From rriley at procuri.com Sat Apr 28 19:36:25 2007 From: rriley at procuri.com (Richard Riley) Date: Sat, 28 Apr 2007 15:36:25 -0400 Subject: problem wiht tftpd with rhel5 In-Reply-To: <46330C2A.000029.24747@bj126app23.126.com> References: <4632ED2D.000003.15146@bj126app16.126.com><1177746694.3462.4.camel@lits19.library.usyd.edu.au> <46330C2A.000029.24747@bj126app23.126.com> Message-ID: You didn?t show the permissions on the /mylove directory itself. Hopefully 777. Do you have iptables disabled on both the server and the client? ________________________________ From: redhat-install-list-bounces at redhat.com [mailto:redhat-install-list-bounces at redhat.com] On Behalf Of pengcz at 126.com Sent: Saturday, April 28, 2007 4:56 AM To: nikolas lam; redhat-install-list Subject: Re: Re: problem wiht tftpd with rhel5 NO,I have been disable the iptables ! now only the tftp download is available when i change the root directory to /tftpboot. if i want to change it ,it will fail for upload and downlaod, anyone who can give me a hand? ?2007-04-28?"Nikolas Lam" ??? On Sat, 2007-04-28 at 14:43 +0800, pengcz at 126.com wrote: > > Dear all > I have the problem when i want to upload or download the file > from the tftp server ,here is the test steps: > > any suggestion will be apprieate !! > Firewall? _______________________________________________ Redhat-install-list mailing list Redhat-install-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request at redhat.com Subject: unsubscribe ________________________________ ????2006????????--???? -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart at sjsears.com Sun Apr 29 11:02:43 2007 From: stuart at sjsears.com (Stuart Sears) Date: Sun, 29 Apr 2007 12:02:43 +0100 Subject: problem wiht tftpd with rhel5 In-Reply-To: <46330C2A.000029.24747@bj126app23.126.com> References: <4632ED2D.000003.15146@bj126app16.126.com> <1177746694.3462.4.camel@lits19.library.usyd.edu.au> <46330C2A.000029.24747@bj126app23.126.com> Message-ID: <46347B53.1040100@sjsears.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 pengcz at 126.com wrote: > NO,I have been disable the iptables ! > > now only the tftp download is available when i change the root directory to /tftpboot. if i want to change it ,it will fail for upload and downlaod, > > anyone who can give me a hand? > > > > > ??2007-04-28??"Nikolas Lam" ?????? > > On Sat, 2007-04-28 at 14:43 +0800, pengcz at 126.com wrote: >> >> Dear all >> I have the problem when i want to upload or download the file >> from the tftp server ,here is the test steps: >> >> any suggestion will be apprieate !! >> > > Firewall? At a guess, on RHEL5 SELinux may be interfering... if you want your content in non-standard locations you often have to ensure that the directories you choose are given the correct security label... try this: 1. setenforce 0 if the tftp stuff works after that, then it will be an SELinux labelling issue, which you can solve as follows: 2. setenforce 1 (there really is no need to disable SELinux here...) and then 3. chcon -R --reference /tftpboot /mylove if /mylove is the directory that you wish to use... also bear in mind that local flie permissions have to be set correctly, too! see if it works after that and if not, post error messages from /var/log/messages and /var/log/audit/audit.log Regards Stuart - -- Stuart Sears RHCA RHCSS RHCX STFU PDQ RIAA MP3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFGNHtTamPtx1brPQ4RAuKFAJ43o7Ag+8d3Y7qyqVxkg6bpGwFyvwCfTKJN NSD0ZbXm8ObtdA24FrQrut0= =DWr3 -----END PGP SIGNATURE-----