Broadband Security - Mandriva

This is a discussion on Broadband Security - Mandriva ; David W. Hodgins wrote: > You don't need avahi-demon on if you don't have a lan. Turn if off > with "service avahi-daemon stop", and stop it from starting in > future with "chkconfig avahi-daemon off". > > Turning it ...

+ Reply to Thread
Page 2 of 7 FirstFirst 1 2 3 4 ... LastLast
Results 21 to 40 of 130

Thread: Broadband Security

  1. Re: Broadband Security

    David W. Hodgins wrote:
    > You don't need avahi-demon on if you don't have a lan. Turn if off
    > with "service avahi-daemon stop", and stop it from starting in
    > future with "chkconfig avahi-daemon off".
    >
    > Turning it off, is one of the first steps in resolving problems
    > with slow dns lookups.


    Many thanks, Dave! It's done. I don't know enough about the various
    daemons to know which ones I don't need. Is there anything else I can
    switch off because I don't have a LAN? Is there a list somewhere of
    which daemons do what, so maybe I can stop a few more that I don't need?
    Thanks!

    Adam

  2. Re: Broadband Security - Thanks!

    Christopher Hunter wrote:
    > Robert M. Riches Jr. wrote:
    >
    >> If you're not using wireless, you can disable it through the
    >> web-based configuration stuff on the router. For good
    >> measure, you can probably also remove the antenna.

    >
    > Switching off wireless in software should be enough. There is a /very/
    > minor chance that running the router with the antenna unplugged could
    > damage the transmit part of the wireless transceiver.

    =============
    Or you replace the antenna with a 50 or 75 Ohms dummy load, which I
    believe are readily available.


    Frank GM0CSZ / KN6WH

  3. Re: Broadband Security

    On Thu, 07 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <136h8a9qna8dra8@corp.supernews.com>, Adam wrote:

    >Moe Trin wrote:


    >> No servers - no services to the world? OK - 'netstat -apntu' should
    >> show nothing listening to your Ethernet interface.

    >
    >$ sudo netstat -apntu
    >Active Internet connections (servers and established)
    >Proto Recv-Q Send-Q Local Address Foreign Address State

    PID/Program name
    >tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN

    3136/cupsd
    >tcp 0 0 192.168.1.46:57161 63.245.209.11:80 ESTABLISHED

    5402/seamonkey-bin
    >tcp 0 0 192.168.1.46:57162 63.245.209.11:80 ESTABLISHED

    5402/seamonkey-bin

    Hmmm, surfing pr0n? No - 63.245.209.x is mozilla.com. Your end
    initiated the connections.

    >udp 0 0 0.0.0.0:32768 0.0.0.0:*
    >3016/avahi-daemon:


    David already id'ed this one - it's not needed and depending on the
    setup of any 'domain' or 'search' terms in /etc/resolv.conf, this could
    be a security issue. It's the Apple version of a ZeroConf name
    resolution tool. See draft-cheshire-dnsext-multicastdns-06.txt which
    expired last February, but should still be easily located with any search
    engine. The security issue is detailed in Section 25.

    >udp 0 0 0.0.0.0:68 0.0.0.0:*

    3473/dhclient

    DHCP client which is fine. Curious, did this put your eth0 interface into
    promiscuous mode ('/sbin/ifconfig eth0' and look at the third line) If so,
    chkrootkit will scream about a packet sniffer running.

    >udp 0 0 0.0.0.0:5353 0.0.0.0:*

    3016/avahi-daemon:

    above

    >udp 0 0 0.0.0.0:631 0.0.0.0:*

    3136/cupsd

    This is listening on all interfaces. I don't use cupsd but this may want
    to be looked at.

    >udp 0 0 :::32769 :::*

    3016/avahi-daemon:

    above - this is listening for IPv6 traffic, which you probably don't
    need/want.

    /etc/sysconfig/network, add: "NETWORKING_IPV6=no"
    /etc/modprobe.conf, add: "alias net-pf-10 off"
    /etc/modules.conf, add: "alias net-pf-10 off"
    /etc/sysconfig/network-scripts/ifcfg-eth0, change both IPV6* variables
    to "no"

    >> Tripwire is not really being maintained. The replacements are programs
    >> like aide. As for 'chkrootkit' (and the equally flawed 'rkhunter' from
    >> http://www.rootkit.nl), it is a total waste of diskspace, never mind the
    >> CPU cycles.

    >
    >What security-related programs would you recommend? (Recommendations
    >from anybody are welcomed!)


    Neither 'chkrootkit' or 'rkhunter'. There is an _experimental_ app called
    'Zeppoo-0.0.3" (released 15 months ago) which is somewhat more promising,
    but I don't recommend it for home or production use. Otherwise, I like
    aide.

    >And I think I may have found a bug in 2007.0's 'startx' script (if any
    >of its config files exist then X won't start) but more likely I'm doing
    >something wrong. I ended up changing the line in it to
    >defaultserverargs="-nolisten tcp" and now X starts but no longer listens.


    Can't say for sure, but the '-nolisten tcp' option is correct. If you are
    not trying to run a second box and access the desktop on the first, this
    option makes sense.

    >> "It's only called paranoid when they AREN'T after you"

    >
    >I actually asked a therapist about that once. She said that paranoia is
    > the delusion that they're after you. If they really ARE after you,
    >it's not a delusion.


    I'll drink to that.

    >> You could try 'nmap' - but unless you are testing from a site on the
    >> Internet, you aren't making an accurate test - and again (if you read
    >> the man page - see the -p option) this only tests a limited number of
    >> ports by default (although more than the charlatan at grc.com). You
    >> can tell nmap to test more ports (both TCP and UDP) but do so with
    >> care less you trigger a FOAD response from your firewall (or ISP).
    >> Again, nmap doesn't know about other Internet protocols.

    >
    >Hmmm. What if I found my DSL address (71.something, I think), then
    >went online with my dialup connection (address 216.179.something) and
    >tried to test the ports at 71.whatever ? Would that be valid?


    Yes, but check the TOS you have with both providers. Because nmap has
    been used (abused) by skript kiddiez everywhere, some providers may
    prohibit port scanning, and actually _do_ something about it. Others
    couldn't care less.

    Another possible problem is that either ISP may be filtering some
    ports. An example, more ISPs are blocking outbound to port 25 in an
    effort to slow down the Zombie Spam (rooted/0wn3d boxes being used
    to send spam directly to others). A way to check this is to scan
    from one source, while _logging_ at the destination. What didn't
    show up? Then use a tool like hping2, hping3, or tcptraceroute from
    the source and see where any block lies.

    >> It also helps to know how networking protocols work in the first
    >> place, but this is asking a lot of some users.

    >
    >I remember getting a passing grade in "Computer Networking" around
    >1990. I'm sure nothing has changed since then! :-)


    [compton ~]$ zcat rfcs/rfc-index.txt.06.07.07.gz | sed 's/^$/\%/' | tr
    -d '\n' | tr '%' '\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'
    | sed 's/.*Status: //' | tr -d '\)' | sort | uniq -c | column
    137 BEST CURRENT PRACTICE 1489 INFORMATIONAL
    129 DRAFT STANDARD 1545 PROPOSED STANDARD
    273 EXPERIMENTAL 87 STANDARD
    203 HISTORIC 909 UNKNOWN
    [compton ~]$ zcat rfcs/rfc-index.txt.06.07.07.gz | sed 's/^$/\%/' | tr
    -d '\n' | tr '%' '\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'
    | sed 's/(Format.*$//' | awk '{ print $NF }' | sort | uniq -c | column
    1 1968. 37 1982. 170 1996.
    22 1969. 49 1983. 192 1997.
    56 1970. 39 1984. 234 1998.
    168 1971. 41 1985. 259 1999.
    129 1972. 24 1986. 279 2000.
    131 1973. 42 1987. 193 2001.
    54 1974. 46 1988. 219 2002.
    21 1975. 52 1989. 234 2003.
    9 1976. 57 1990. 281 2004.
    20 1977. 95 1991. 327 2005.
    8 1978. 95 1992. 459 2006.
    7 1979. 175 1993. 119 2007.
    17 1980. 185 1994. 66 UNKNOWN)
    29 1981. 131 1995.
    [compton ~]$

    Well, there have been a few RFCs issued since 1990, but at least you
    had some training in this stuff. And before you get impressed over my
    command line skills, that first one took about ten minutes to create
    some time ago - I keep a file of useful commands like that so I can
    reuse them without busting a gut. The second command is merely a mod
    of the first, and took only a few seconds to think out (know what
    the data looks like, and then think how to get from there to where you
    want to go).

    >BTW I'm replacing my dollar-store phone extension cord with cat5e (with
    >RJ-11 connectors). Thanks again for all your help with this and all my
    >assorted connectivity problems!


    The important this is "is it working" - that's what we were trying to
    correct back then.

    Old guy

  4. Re: Broadband Security - Thanks!

    On 2007-06-08, Adam wrote:
    > Christopher Hunter wrote:
    >> Robert M. Riches Jr. wrote:
    >>
    >>> If you're not using wireless, you can disable it through the
    >>> web-based configuration stuff on the router. For good
    >>> measure, you can probably also remove the antenna.

    >>
    >> Switching off wireless in software should be enough. There is a /very/
    >> minor chance that running the router with the antenna unplugged could
    >> damage the transmit part of the wireless transceiver.

    >
    > Thanks, Robert and Christopher. I went through the configuration
    > screens on the router, and now Wireless is Disabled.
    >
    > I think I'll attach the antenna anyway, but not for technical reasons.
    > Mainly, if I don't attach it now, I'm not sure I'll be able to find it
    > later!


    Glad to be of some help.

    The matter of possibly losing the antenna is solvable. Mine
    is held on to the side of the router's case with a couple of
    pieces of tape.

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  5. Re: Broadband Security

    Moe Trin wrote:
    > On Thu, 07 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    > <136h8a9qna8dra8@corp.supernews.com>, Adam wrote:
    >
    >> Moe Trin wrote:

    >
    >>> No servers - no services to the world? OK - 'netstat -apntu' should
    >>> show nothing listening to your Ethernet interface.

    >> $ sudo netstat -apntu
    >> Active Internet connections (servers and established)
    >> Proto Recv-Q Send-Q Local Address Foreign Address State

    > PID/Program name
    >> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN

    > 3136/cupsd
    >> tcp 0 0 192.168.1.46:57161 63.245.209.11:80 ESTABLISHED

    > 5402/seamonkey-bin
    >> tcp 0 0 192.168.1.46:57162 63.245.209.11:80 ESTABLISHED

    > 5402/seamonkey-bin
    >
    > Hmmm, surfing pr0n? No - 63.245.209.x is mozilla.com. Your end
    > initiated the connections.
    >
    >> udp 0 0 0.0.0.0:32768 0.0.0.0:*
    >> 3016/avahi-daemon:

    >
    > David already id'ed this one - it's not needed and depending on the
    > setup of any 'domain' or 'search' terms in /etc/resolv.conf, this could
    > be a security issue. It's the Apple version of a ZeroConf name
    > resolution tool. See draft-cheshire-dnsext-multicastdns-06.txt which
    > expired last February, but should still be easily located with any search
    > engine. The security issue is detailed in Section 25.
    >
    >> udp 0 0 0.0.0.0:68 0.0.0.0:*

    > 3473/dhclient
    >
    > DHCP client which is fine. Curious, did this put your eth0 interface into
    > promiscuous mode ('/sbin/ifconfig eth0' and look at the third line) If so,
    > chkrootkit will scream about a packet sniffer running.
    >
    >> udp 0 0 0.0.0.0:5353 0.0.0.0:*

    > 3016/avahi-daemon:
    >
    > above
    >
    >> udp 0 0 0.0.0.0:631 0.0.0.0:*

    > 3136/cupsd
    >
    > This is listening on all interfaces. I don't use cupsd but this may want
    > to be looked at.
    >
    >> udp 0 0 :::32769 :::*

    > 3016/avahi-daemon:
    >
    > above - this is listening for IPv6 traffic, which you probably don't
    > need/want.
    >
    > /etc/sysconfig/network, add: "NETWORKING_IPV6=no"
    > /etc/modprobe.conf, add: "alias net-pf-10 off"
    > /etc/modules.conf, add: "alias net-pf-10 off"
    > /etc/sysconfig/network-scripts/ifcfg-eth0, change both IPV6* variables
    > to "no"
    >
    >>> Tripwire is not really being maintained. The replacements are programs
    >>> like aide. As for 'chkrootkit' (and the equally flawed 'rkhunter' from
    >>> http://www.rootkit.nl), it is a total waste of diskspace, never mind the
    >>> CPU cycles.

    >> What security-related programs would you recommend? (Recommendations
    >>from anybody are welcomed!)

    >
    > Neither 'chkrootkit' or 'rkhunter'. There is an _experimental_ app called
    > 'Zeppoo-0.0.3" (released 15 months ago) which is somewhat more promising,
    > but I don't recommend it for home or production use. Otherwise, I like
    > aide.
    >
    >> And I think I may have found a bug in 2007.0's 'startx' script (if any
    >> of its config files exist then X won't start) but more likely I'm doing
    >> something wrong. I ended up changing the line in it to
    >> defaultserverargs="-nolisten tcp" and now X starts but no longer listens.

    >
    > Can't say for sure, but the '-nolisten tcp' option is correct. If you are
    > not trying to run a second box and access the desktop on the first, this
    > option makes sense.
    >
    >>> "It's only called paranoid when they AREN'T after you"

    >> I actually asked a therapist about that once. She said that paranoia is
    >> the delusion that they're after you. If they really ARE after you,
    >> it's not a delusion.

    >
    > I'll drink to that.
    >
    >>> You could try 'nmap' - but unless you are testing from a site on the
    >>> Internet, you aren't making an accurate test - and again (if you read
    >>> the man page - see the -p option) this only tests a limited number of
    >>> ports by default (although more than the charlatan at grc.com). You
    >>> can tell nmap to test more ports (both TCP and UDP) but do so with
    >>> care less you trigger a FOAD response from your firewall (or ISP).
    >>> Again, nmap doesn't know about other Internet protocols.

    >> Hmmm. What if I found my DSL address (71.something, I think), then
    >> went online with my dialup connection (address 216.179.something) and
    >> tried to test the ports at 71.whatever ? Would that be valid?

    >
    > Yes, but check the TOS you have with both providers. Because nmap has
    > been used (abused) by skript kiddiez everywhere, some providers may
    > prohibit port scanning, and actually _do_ something about it. Others
    > couldn't care less.
    >
    > Another possible problem is that either ISP may be filtering some
    > ports. An example, more ISPs are blocking outbound to port 25 in an
    > effort to slow down the Zombie Spam (rooted/0wn3d boxes being used
    > to send spam directly to others). A way to check this is to scan
    > from one source, while _logging_ at the destination. What didn't
    > show up? Then use a tool like hping2, hping3, or tcptraceroute from
    > the source and see where any block lies.
    >
    >>> It also helps to know how networking protocols work in the first
    >>> place, but this is asking a lot of some users.

    >> I remember getting a passing grade in "Computer Networking" around
    >> 1990. I'm sure nothing has changed since then! :-)

    >
    > [compton ~]$ zcat rfcs/rfc-index.txt.06.07.07.gz | sed 's/^$/\%/' | tr
    > -d '\n' | tr '%' '\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'
    > | sed 's/.*Status: //' | tr -d '\)' | sort | uniq -c | column
    > 137 BEST CURRENT PRACTICE 1489 INFORMATIONAL
    > 129 DRAFT STANDARD 1545 PROPOSED STANDARD
    > 273 EXPERIMENTAL 87 STANDARD
    > 203 HISTORIC 909 UNKNOWN
    > [compton ~]$ zcat rfcs/rfc-index.txt.06.07.07.gz | sed 's/^$/\%/' | tr
    > -d '\n' | tr '%' '\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'
    > | sed 's/(Format.*$//' | awk '{ print $NF }' | sort | uniq -c | column
    > 1 1968. 37 1982. 170 1996.
    > 22 1969. 49 1983. 192 1997.
    > 56 1970. 39 1984. 234 1998.
    > 168 1971. 41 1985. 259 1999.
    > 129 1972. 24 1986. 279 2000.
    > 131 1973. 42 1987. 193 2001.
    > 54 1974. 46 1988. 219 2002.
    > 21 1975. 52 1989. 234 2003.
    > 9 1976. 57 1990. 281 2004.
    > 20 1977. 95 1991. 327 2005.
    > 8 1978. 95 1992. 459 2006.
    > 7 1979. 175 1993. 119 2007.
    > 17 1980. 185 1994. 66 UNKNOWN)
    > 29 1981. 131 1995.
    > [compton ~]$
    >
    > Well, there have been a few RFCs issued since 1990, but at least you
    > had some training in this stuff. And before you get impressed over my
    > command line skills, that first one took about ten minutes to create
    > some time ago - I keep a file of useful commands like that so I can
    > reuse them without busting a gut. The second command is merely a mod
    > of the first, and took only a few seconds to think out (know what
    > the data looks like, and then think how to get from there to where you
    > want to go).


    well, I'm impressed -- only 10 minutes to get it working, and it has awk
    and sed in it! That means proficiency in at least 3 languages. Any awk
    I've used, has taken longer than that just to find the instructions,
    never mind testing it.

  6. Re: Broadband Security - Thanks!

    On Sat, 09 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Highland Ham wrote:

    >Christopher Hunter wrote:


    >> Switching off wireless in software should be enough. There is a /very/
    >> minor chance that running the router with the antenna unplugged could
    >> damage the transmit part of the wireless transceiver.

    >=============
    >Or you replace the antenna with a 50 or 75 Ohms dummy load, which I
    >believe are readily available.


    50 Ohms - in commercial radio (other than cable TV), everything
    expects a half-wave dipole which should be 50 Ohms.

    But remember this is 2.4 GHz, not 80 meters, and something as crude
    as a 50 Ohm carbon composition resistor (MIL-R-11, or the more modern
    MIL-R-39008) isn't going to look anything like 50 Ohms resistive at
    those frequencies. A "metal film" (MIL-R-10509, or the more modern
    MIL-R-55182) at these low values would probably have a reasonable
    VSWR assuming the leads are short enough. Finding real dummy loads
    with suitable connectors is likely going to cost nearly as much
    as the wireless router itself. If you're desperate, a 20 foot length
    of decent (double shielded) coax like RG-142 or RG-223 shorted at the
    far end has enough insertion loss to look like a good termination.
    The radios are less that +25 dBm (316 milliwatt), so dissipation isn't
    going to be a problem.

    >Frank GM0CSZ / KN6WH


    Nah, I'm a Commercial - got my 1st Class RadioTelephone in 1959 ;-)

    Old guy


  7. One-liner commands (was Re: Broadband Security)

    On Sat, 09 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <5cuj4eF31edl5U1@mid.individual.net>, Frank Peelo wrote:

    >Moe Trin wrote:


    >> [compton ~]$ zcat rfcs/rfc-index.txt.06.07.07.gz | sed 's/^$/\%/' | tr
    >> -d '\n' | tr '%' '\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'
    >> | sed 's/.*Status: //' | tr -d '\)' | sort | uniq -c | column


    >> [compton ~]$ zcat rfcs/rfc-index.txt.06.07.07.gz | sed 's/^$/\%/' | tr
    >> -d '\n' | tr '%' '\n' | grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'
    >> | sed 's/(Format.*$//' | awk '{ print $NF }' | sort | uniq -c | column


    >> And before you get impressed over my command line skills, that first
    >> one took about ten minutes to create some time ago - I keep a file of
    >> useful commands like that so I can reuse them without busting a gut.
    >> The second command is merely a mod of the first, and took only a few
    >> seconds to think out (know what the data looks like, and then think
    >> how to get from there to where you want to go).

    >
    >well, I'm impressed -- only 10 minutes to get it working, and it has awk
    >and sed in it!


    Hmmm... the data file it's working from is the rfc-index.txt file from
    ftp://ftp.isi.edu//in-notes/ - but don't list that directory as there
    are over 4700 files - look for rfc-index*

    -rw-r--r-- 1 ftpuser ftpusers 812378 Jun 8 23:45 rfc-index.txt

    The data in that file look like this:

    2324 Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0). L. Masinter.
    April 1 1998. (Format: TXT=19610 bytes) (Status: INFORMATIONAL)

    2325 Definitions of Managed Objects for Drip-Type Heated Beverage
    Hardware Devices using SMIv2. M. Slavitch. April 1 1998. (Format:
    TXT=12726 bytes) (Status: INFORMATIONAL)

    Gotta watch those documents dated early in April - some of them aren't
    on the up-and-up. ANYWAY. I'm using 'zcat' to start things here,
    because the version of sed I'm using doesn't accept gzip'ed input. If
    the file were not compressed, the 'cat' would not be needed, as you
    can put the filename at the end of the sed (or awk, or cut, or grep)
    command. In order to extract data, it's desirable to get each entry
    onto a single text line

    sed 's/^$/\%/' | tr -d '\n' | tr '%' '\n'

    so the 'sed' puts a percent sign on each empty line, then the 'tr -d'
    deletes all new-line characters (making the entire file a single
    enormous line), and the second 'tr' replaces all percent signs with a
    new-line character - result is each entry is on a single line.

    grep '^[0-9]' | tr -s ' ' | grep -v 'Not Issued'

    The 'grep' grabs all lines that begin with a number (gets rid of the
    introduction and such), the next 'tr' squeezes out the duplicate spaces
    created when each entry was made into a single line, and the other 'grep'
    gets rid of 79 entries where the RFC was never issued.

    sed 's/.*Status: //' | tr -d '\)'

    The 'sed' strips off everything up to and including the word "Status: "
    on each line, while the 'tr' deletes the trailing parenthesis. On the
    modified one-liner,

    sed 's/(Format.*$//' | awk '{ print $NF }'

    the 'sed' gets rid of everything from the '(Format' to the end of the
    line, while the 'awk' selects the last data field in each record (line).

    sort | uniq -c | column

    sort the result, count the occurrences of each, and display the results
    in a column format. Let me repeat what I wrote earlier:

    know what the data looks like, and then think how to get from there
    to where you want to go

    The "magic" of the Unix command line is that there are many tools that
    can do similar things. But you don't have to learn all of them. Some
    tools to some things better than others, but there is usually at least a
    couple of ways to get from "A" to "B". Use the one that works for you.
    The idea is to get the results - "pretty" can come later if needed.

    >That means proficiency in at least 3 languages.


    My neighbor is an instructor at the local community college (accredited
    school, but only granting an Associates degree at best), and the
    students of his "Intro To UNIX" (CIS-70) class are doing this level of
    complexity at the ninth week (three "3 hour" classes a week) of this
    course. He does this using lots of examples, with explanations of how
    he chose this tool over that, and this sequence over that. The first
    three weeks, the students are flailing away trying to learn the first
    rudiments of 'vi', the Bourne shell, and the Berkeley "mail' application
    (clones of which are included in virtually every Linux distribution).
    Then they hit 'ls', 'grep', the concept of pipes, 'tr', 'cut', 'sed',
    awk, and so on. You may be surprised, but very few students drop out or
    fail this class. A good instructor helps of course.

    >Any awk I've used, has taken longer than that just to find the
    >instructions, never mind testing it.


    This is another reason why some of us dinosaurs post command line
    output, so that you can see what was done to get certain info. Another
    good source is right on your system - the boot scripts are mostly
    Bourne or Bash shell scripts - written by people who know their stuff,
    and are _flaunting_ it. Still another source is "The Grendel's" fine
    "Advanced Bash Scripting Guide" available at http://tldp.org/guides.html

    When you see something interesting, cut-and-paste it into a file for
    reference. Honestly, no one is going to charge you for this, and it
    often helps. When you see something you don't understand, look at the
    man page - we've done the hard work of getting it to run, and you have
    to figure out how/why. You can then 'grep' the file for ideas and
    examples when you need them.

    [compton ~]$ wc scripts*
    1140 6921 35232 scripts
    577 4721 21303 scripts.new
    1717 11642 56535 total
    [compton ~]$

    Above, I stated that you don't have to learn all of the commands. Here
    is why:

    [compton ~]$ ls `echo $PATH | tr ':' ' '` | grep -Evc '(:|^$)'
    1328
    [compton ~]$ echo $HISTSIZE
    1000
    [compton ~]$ history | cut -c7- | tr '|' '\n' | sed 's/^ *//' | cut -d' '
    -f1 | sort -u | wc -l
    81
    [compton ~]$

    There are 1328 commands in my PATH as a user (as root, it's about 1600).
    My shell remembers the last 1000 commands entered, and these "one-liners"
    count as one command, even though they may have 12 actual commands piped
    one to another. That last line looks at the history in this terminal,
    breaks the commands down into their individual parts, and sees how many
    _different_ commands I've used. Here, just 81 commands (it varies for
    me, from about 60 to perhaps 100). 81 commands, over, and over, and...

    Old guy

  8. Re: Broadband Security

    On Fri, 08 Jun 2007 18:41:08 -0400, Adam wrote:

    > Many thanks, Dave! It's done. I don't know enough about the various
    > daemons to know which ones I don't need. Is there anything else I can
    > switch off because I don't have a LAN? Is there a list somewhere of
    > which daemons do what, so maybe I can stop a few more that I don't need?


    It's going to vary a lot, depending on what you've installed.

    In mcc, select system, then "Enable or disable the system services".

    Each service has an info button. You can stop, and stop a service from
    running at boot, using that screen. Any service you have running, that
    the info isn't clear enough, to decide if you need it, you should ask about
    here.

    When you stop a service, using that screen, it's the save as running
    "service xxxx stop", where xxxx is the name of the file in /etc/rc.d/init.d

    Stopping the service from starting at boot, is the same as running
    "chkconfig xxxx off".

    You may want to post the output, from "chkconfig --list" here, which is
    part of how mcc gets the info it displays.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  9. Re: Broadband Security - Thanks!

    Moe Trin wrote:

    > On Sat, 09 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in
    > article , Highland Ham wrote:
    >
    >>Christopher Hunter wrote:

    >
    >>> Switching off wireless in software should be enough. There is a /very/
    >>> minor chance that running the router with the antenna unplugged could
    >>> damage the transmit part of the wireless transceiver.

    >>=============
    >>Or you replace the antenna with a 50 or 75 Ohms dummy load, which I
    >>believe are readily available.

    >
    > 50 Ohms - in commercial radio (other than cable TV), everything
    > expects a half-wave dipole which should be 50 Ohms.


    Nope - a half-wave dipole is about 72 ohms!

    That's one of the two reasons that my dipoles have Pawsey Stub Baluns
    attached: I use the balun to do unbalanced (coaxial line) to balanced, and
    impedance transformation from the 50 ohm line to the 72 ohms of the dipole.

    > Nah, I'm a Commercial - got my 1st Class RadioTelephone in 1959 ;-)


    Marine communications and commercial broadcast since the 1970's in my case!

    /Not/ /quite/ /as/ /old/ /a/ /guy!/

    Chris


  10. Re: Broadband Security - Thanks!

    Moe Trin wrote:
    snip
    > The radios are less that +25 dBm (316 milliwatt), so dissipation isn't
    > going to be a problem.

    =============================
    Tnx ,that's useful info

    Frank GM0CSZ / KN6WH

  11. Re: Broadband Security - Thanks!

    Highland Ham wrote:

    > Moe Trin wrote:
    > snip
    >> The radios are less that +25 dBm (316 milliwatt), so dissipation isn't
    >> going to be a problem.

    > =============================
    > Tnx ,that's useful info
    >
    > Frank GM0CSZ / KN6WH


    They're /supposed/ to be +25 dBm - I have an unmodified, straight
    out-of-the-box Netgear 316 which measures 890 mW at the antenna socket.
    Perhaps they assume their antenna is lossy!

    Microwave transistors at roughly 1 Watt are quite fragile - I wouldn't want
    to run one without a suitable load!

    Chris

  12. Re: Broadband Security

    Moe Trin wrote:
    >> tcp 0 0 192.168.1.46:57162 63.245.209.11:80 ESTABLISHED

    > 5402/seamonkey-bin
    >
    > Hmmm, surfing pr0n? No - 63.245.209.x is mozilla.com. Your end
    > initiated the connections.


    As the song from the Broadway musical "Avenue Q" puts it, "the Internet
    is for porn!"

    >> udp 0 0 0.0.0.0:32768 0.0.0.0:*
    >> 3016/avahi-daemon:

    >
    > David already id'ed this one - it's not needed


    avahi has since been disabled, as my desktop system is the only local
    computer.

    >> udp 0 0 0.0.0.0:68 0.0.0.0:*

    > 3473/dhclient
    >
    > DHCP client which is fine. Curious, did this put your eth0 interface into
    > promiscuous mode ('/sbin/ifconfig eth0' and look at the third line) If so,
    > chkrootkit will scream about a packet sniffer running.


    eth0 Link encap:Ethernet HWaddr 00:0A:E6:F9:E7:AE
    inet addr:192.168.1.46 Bcast:255.255.255.255 Mask:255.255.255.0
    inet6 addr: fe80::20a:e6ff:fef9:e7ae/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:156 errors:0 dropped:0 overruns:0 frame:0
    TX packets:117 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:101952 (99.5 KiB) TX bytes:9919 (9.6 KiB)
    Interrupt:10 Base address:0xcc00

    and chkrootkit did indeed report

    Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)

    What, if anything, should I do about this?

    >> udp 0 0 0.0.0.0:631 0.0.0.0:*

    > 3136/cupsd
    >
    > This is listening on all interfaces. I don't use cupsd but this may want
    > to be looked at.


    /etc/cups/cupsd.conf now includes

    Listen localhost:631
    Listen /var/run/cups/cups.sock

    Is that sufficient, or do I need to play around with Allow, BrowseAllow,
    BrowseDeny, Port, and other directives in that file?

    > /etc/sysconfig/network, add: "NETWORKING_IPV6=no"


    Okay, that file now reads

    NETWORKING=yes
    HOSTNAME=bestweb.net
    NETWORKING_IPV6=no

    I suppose I ought to change HOSTNAME to my new ISP's name, or can I
    change that to whatever name I want my computer to be called?

    > /etc/modprobe.conf, add: "alias net-pf-10 off"
    > /etc/modules.conf, add: "alias net-pf-10 off"
    > /etc/sysconfig/network-scripts/ifcfg-eth0, change both IPV6* variables
    > to "no"


    Okay, modprobe.conf had that line added, modules.conf didn't exist and
    now has only that one line, and ifcfg-eth0 looks like

    DEVICE=eth0
    BOOTPROTO=dhcp
    ONBOOT=yes
    METRIC=10

    so I didn't see anything to change.

    > I like aide.


    Downloaded aide 0.13.1. Un-tarred and ran configure. Was told it
    needed bison. Downloaded and installed bison. Now configure says it
    needs flex. Downloaded and installed flex. Now configure stops with:

    checking for unsigned short... yes
    checking size of unsigned short... configure: error: cannot compute
    sizeof (unsigned short)
    See `config.log' for more details.

    Now I'm stumped, because I'm sure gcc supports unsigned short, and that
    it most definitely has a size. Online search showed that this was a
    common problem, but I couldn't find a solution.

    > Another possible problem is that either ISP may be filtering some
    > ports. An example, more ISPs are blocking outbound to port 25 in an
    > effort to slow down the Zombie Spam (rooted/0wn3d boxes being used
    > to send spam directly to others). A way to check this is to scan
    > from one source, while _logging_ at the destination. What didn't
    > show up? Then use a tool like hping2, hping3, or tcptraceroute from
    > the source and see where any block lies.


    That sounds worth looking into. Anyway, it sounds like my system is now
    secure enough to switch to DSL for everyday use.

    Thanks again for all your help! One of these days I'll know enough to
    be able to help out someone else.

    Adam

  13. Re: Broadband Security

    David W. Hodgins wrote:
    >> Is there a list somewhere of
    >> which daemons do what, so maybe I can stop a few more that I don't need?

    >
    > In mcc, select system, then "Enable or disable the system services".
    >
    > Each service has an info button. You can stop, and stop a service from
    > running at boot, using that screen. Any service you have running, that
    > the info isn't clear enough, to decide if you need it, you should ask about
    > here.

    [snip]
    > You may want to post the output, from "chkconfig --list" here, which is
    > part of how mcc gets the info it displays.


    Thanks, Dave! Here's the latest 'chkconfig --list' :


    acpi 0ff 1ff 2ff 3n 4n 5n 6ff
    acpid 0ff 1ff 2ff 3n 4n 5n 6ff
    alsa 0ff 1ff 2n 3n 4n 5n 6ff
    atd 0ff 1ff 2ff 3n 4n 5n 6ff
    avahi-daemon 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    clamd 0ff 1ff 2n 3n 4n 5n 6ff
    crond 0ff 1ff 2n 3n 4n 5n 6ff
    cups 0ff 1ff 2n 3n 4n 5n 6ff
    dm 0ff 1ff 2ff 3ff 4ff 5n 6ff
    freshclam 0ff 1ff 2n 3n 4n 5n 6ff
    haldaemon 0ff 1ff 2ff 3n 4n 5n 6ff
    harddrake 0ff 1ff 2ff 3n 4n 5n 6ff
    iptables 0ff 1ff 2n 3n 4n 5n 6ff
    jexec 0n 1n 2n 3n 4n 5n 6n
    keytable 0ff 1ff 2n 3n 4n 5n 6ff
    kheader 0ff 1ff 2n 3n 4ff 5n 6ff
    messagebus 0ff 1ff 2ff 3n 4n 5n 6ff
    mtink 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    netfs 0ff 1ff 2ff 3n 4n 5n 6ff
    network 0ff 1ff 2n 3n 4n 5n 6ff
    network-up 0ff 1ff 2n 3n 4n 5n 6ff
    numlock 0ff 1ff 2ff 3n 4n 5n 6ff
    oki4daemon 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    partmon 0ff 1ff 2ff 3n 4n 5n 6ff
    pppoe 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    shorewall 0ff 1ff 2n 3n 4n 5n 6ff
    sound 0ff 1ff 2n 3n 4n 5n 6ff
    syslog 0ff 1ff 2n 3n 4n 5n 6ff
    wltool 0ff 1ff 2n 3n 4n 5n 6ff
    xfs 0ff 1ff 2n 3n 4n 5n 6ff
    xinetd 0ff 1ff 2ff 3n 4n 5n 6ff

    xinetd based services:
    cups-lpd: off
    cvs: off
    rsync: off


    Also, mcc has cups-lpd, cvs and rsync with "start when requested"
    unchecked (as implied above), and dm is stopped and has "on boot"
    unchecked but I guess it's part of using runlevel 5. In mcc I disabled
    acpi, because I'm not running a laptop, and rebooted, but the above list
    didn't show the change. What about haldaemon and kheader and netfs and
    network-up and wltool -- do I need those? I know I start up in runlevel
    3, but 99.9% of the time am in runlevel 5, mostly with only user 'adam'
    logged in. This desktop system is the only computer here, and I'm not
    providing ANY services to anyone else -- not even remote login. I want
    only the person physically in front of this system to be able to do
    anything. If anyone breaks into my home, I really don't think they'll
    take the time to reconfigure my system! Thanks again for all your help!

    Adam

  14. Re: Broadband Security

    On Sun, 10 Jun 2007 19:30:25 -0400, Adam wrote:
    > and chkrootkit did indeed report
    >
    > Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
    >
    > What, if anything, should I do about this?


    It is not a problem. With your system.

    >
    >
    >> /etc/sysconfig/network, add: "NETWORKING_IPV6=no"

    >
    > Okay, that file now reads
    >
    > NETWORKING=yes
    > HOSTNAME=bestweb.net
    > NETWORKING_IPV6=no
    >
    > I suppose I ought to change HOSTNAME to my new ISP's name, or can I
    > change that to whatever name I want my computer to be called?


    For cups and postfix to work without complaining, you need a FQDN
    (Fully Qualified Domain Name). You can pick you own host name and can
    make the domain name whatever you like if you add .invalid on the end.
    You normally do not want to stick your ISP on it because there might
    be a customer paying for the name you dreamed up.


    $ cat /etc/sysconfig/network
    NETWORKING_IPV6=no
    NOZEROCONF=yes <---- I recommend adding this line
    GATEWAYDEV=eth0
    GATEWAY=192.168.2.1
    HOSTNAME=wb.home.invalid <---- sets node name on boot (FQDN)
    NEEDHOSTNAME=no <---- keeps DHCP value from overwriting it
    NETWORKING=yes



    > DEVICE=eth0
    > BOOTPROTO=dhcp
    > ONBOOT=yes
    > METRIC=10


    Hmmm, what release of Mandriva are you running. I would expect
    something like

    $ cat /etc/sysconfig/network-scripts/ifcfg-eth0
    DEVICE=eth0
    BOOTPROTO=dhcp
    ONBOOT=yes
    METRIC=10
    MII_NOT_SUPPORTED=yes
    USERCTL=no
    RESOLV_MODS=yes
    IPV6INIT=no
    IPV6TO4INIT=no
    DHCP_CLIENT=dhclient
    NEEDHOSTNAME=no
    PEERDNS=yes
    PEERYP=no
    PEERNTPD=no



  15. Re: Broadband Security

    On Sun, 10 Jun 2007 19:30:21 -0400, Adam wrote:

    Quick summary. Install anacron and imap. Turn off clamd, freshclam, harddrake.
    Optionally turn off numlock, and wltool.

    For the below, where I've just stated what the service does, keep the
    current settings.

    > acpi 0ff 1ff 2ff 3n 4n 5n 6ff
    > acpid 0ff 1ff 2ff 3n 4n 5n 6ff


    Keep both of the above on, as you need it for temperature monitoring.

    > alsa 0ff 1ff 2n 3n 4n 5n 6ff


    Sound.

    > atd 0ff 1ff 2ff 3n 4n 5n 6ff


    Scheduled commands.

    > avahi-daemon 0ff 1ff 2ff 3ff 4ff 5ff 6ff


    Only needed if sharing with m$ systems.

    > clamd 0ff 1ff 2n 3n 4n 5n 6ff


    Only needed if downloading files/email, destined for a m$ system.
    Not needed for linux only use.

    > crond 0ff 1ff 2n 3n 4n 5n 6ff


    Regularly scheduled commands.

    > cups 0ff 1ff 2n 3n 4n 5n 6ff


    Printer subsystem.

    > dm 0ff 1ff 2ff 3ff 4ff 5n 6ff


    Login display manager.

    > freshclam 0ff 1ff 2n 3n 4n 5n 6ff


    Only needed to get updates for clamd, if you choose to keep running clamd.

    > haldaemon 0ff 1ff 2ff 3n 4n 5n 6ff


    Hardware abstraction layer. Needed to detect hot-plugging of devices.

    > harddrake 0ff 1ff 2ff 3n 4n 5n 6ff


    Looks for hardware changes at bootup. Can be very slow. I turn this off,
    and manually run "service harddrake start", when hardware changes.

    > iptables 0ff 1ff 2n 3n 4n 5n 6ff


    Packet filtering.

    > jexec 0n 1n 2n 3n 4n 5n 6n


    Used for executing java binaries. I'd turn this off, unless you have
    a specific application, that needs it.

    > keytable 0ff 1ff 2n 3n 4n 5n 6ff


    Loads map for keyboard.

    > kheader 0ff 1ff 2n 3n 4ff 5n 6ff


    Updates /boot/kernel.h, to reflect the currently booted kernel. Needed
    when multiple kernels are available to boot, such as after installing
    a kernel update.

    > messagebus 0ff 1ff 2ff 3n 4n 5n 6ff


    Inter-process communications.

    > mtink 0ff 1ff 2ff 3ff 4ff 5ff 6ff


    Only used for Epson inkjets.

    > netfs 0ff 1ff 2ff 3n 4n 5n 6ff


    Should only be needed for accessing file systems on a lan, but
    various problems crop up, if it isn't running.

    > network 0ff 1ff 2n 3n 4n 5n 6ff
    > network-up 0ff 1ff 2n 3n 4n 5n 6ff


    Needed for localhost network access, ppp, eth, etc.

    > numlock 0ff 1ff 2ff 3n 4n 5n 6ff


    Only needed if you like having numlock turned on for you.

    > oki4daemon 0ff 1ff 2ff 3ff 4ff 5ff 6ff


    Win printer support.

    > partmon 0ff 1ff 2ff 3n 4n 5n 6ff


    At boot time, warns you if a partition is getting full.

    > pppoe 0ff 1ff 2ff 3ff 4ff 5ff 6ff


    Unlikly you'll need point-to-point protocol over ethernet.

    > shorewall 0ff 1ff 2n 3n 4n 5n 6ff


    Firewall.

    > sound 0ff 1ff 2n 3n 4n 5n 6ff


    Obvious.

    > syslog 0ff 1ff 2n 3n 4n 5n 6ff


    Obvious.

    > wltool 0ff 1ff 2n 3n 4n 5n 6ff


    Hacks for specific hardware. Unlikely you need this. Left over from
    2007.0. Not available for 2007.1.

    > xfs 0ff 1ff 2n 3n 4n 5n 6ff


    Xorg font server.

    > xinetd 0ff 1ff 2ff 3n 4n 5n 6ff


    Starts internet services, when requested, based on the contents
    of /etc/xinetd.d. I use the pop3 server from the imap package, to
    read email sent to my linux userid, using the same mail client I
    use for email sent to my isp.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  16. Re: Broadband Security

    On Sun, 10 Jun 2007 19:30:25 -0400, Adam wrote:

    > Downloaded aide 0.13.1. Un-tarred and ran configure. Was told it


    Why? This is mandriva.

    urpmi aide

    Then carefully read the docs, and configure it. I've installed it, but
    haven't configured it yet.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  17. Re: Broadband Security

    On Sun, 10 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <136p1qi2ta6ob90@corp.supernews.com>, Adam wrote:

    >Moe Trin wrote:


    >> DHCP client which is fine. Curious, did this put your eth0 interface into
    >> promiscuous mode ('/sbin/ifconfig eth0' and look at the third line) If so,
    >> chkrootkit will scream about a packet sniffer running.

    >
    > eth0 Link encap:Ethernet HWaddr 00:0A:E6:F9:E7:AE
    > inet addr:192.168.1.46 Bcast:255.255.255.255 Mask:255.255.255.0
    > inet6 addr: fe80::20a:e6ff:fef9:e7ae/64 Scope:Link
    > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1


    Forgot about the IPv6 line. It depends on your
    DHCP client I guess. I would have expected this line to read

    UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

    which is what 'rkhunter' is looking for.

    >and chkrootkit did indeed report
    >
    > Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)


    It's using a different test (a compiled thing called "ifpromisc" which
    is looking through the /proc/ file system. The pathetic thing about
    either is that they don't bother to explain the test, or the possible
    _reason_ for a false alarm. chkrootkit ignores DHCP completely.

    [compton ~]$ zgrep -i dhcp anti.mal-ware/chkrootkit-0.47.tar.gz
    [compton ~]$

    >What, if anything, should I do about this?


    Don't bother using chkrootkit, or rkhunter ;-)

    >> This is listening on all interfaces. I don't use cupsd but this may want
    >> to be looked at.

    >
    >/etc/cups/cupsd.conf now includes
    >
    > Listen localhost:631
    > Listen /var/run/cups/cups.sock
    >
    >Is that sufficient, or do I need to play around with Allow, BrowseAllow,
    >BrowseDeny, Port, and other directives in that file?


    As noted, I don't use cupsd, but the answer would be in the netstat output.

    >Okay, that file now reads
    >
    > NETWORKING=yes
    > HOSTNAME=bestweb.net
    > NETWORKING_IPV6=no
    >
    >I suppose I ought to change HOSTNAME to my new ISP's name, or can I
    >change that to whatever name I want my computer to be called?


    You can use any hostname you want, BUT it's not a good idea to use a
    hostname (or domain name) _may_ exist in the world. This can result in
    confusion when an application wants to talk to the defined hostname. Is
    it this machine, or some host that may resolve by gethostbyaddr(2).
    The best solution if you don't own a registered domain is to choose one
    that will never exist on the Internet. This USUALLY means a hostname
    that ends in ".invalid" or the famous company "example.com" (see RFC2606
    which also reserves 'example.net' and 'example.org'). The normal
    expectation is that the name has a minimum of two dots such as
    foo.example.com - one separating the given hostname (foo) and one that
    separates the second level and top domain names (example.com).

    >Downloaded aide 0.13.1. Un-tarred and ran configure.


    Doesn't mandriva have it available?

    >Was told it needed bison. Downloaded and installed bison. Now
    >configure says it needs flex. Downloaded and installed flex.


    Welcome to dependency hell - here's your ukulele, we're temporarily
    out of accordions

    >Now configure stops with:
    >
    > checking for unsigned short... yes
    > checking size of unsigned short... configure: error: cannot compute
    > sizeof (unsigned short)
    > See `config.log' for more details.


    Are you missing the .devel packages? Try 'rpm -qa | grep devel'

    >Now I'm stumped, because I'm sure gcc supports unsigned short, and that
    >it most definitely has a size. Online search showed that this was a
    >common problem, but I couldn't find a solution.


    This _might_ be a function of the packages. The way they are set up on
    a typical rpm based system is that you have two families of packages.
    Using FC5 as an example, there was

    5181247 Sep 15 2006 glibc-2.4-11.i686.rpm
    16316240 Sep 15 2006 glibc-common-2.4-11.i386.rpm
    2014175 Sep 15 2006 glibc-devel-2.4-11.i386.rpm

    The first is the GNU libc libraries, the second is the common binaries
    and locale data for glib, while the last is the header and object files
    for development (compiling) using standard C libraries. You've probably
    got different version numbers, but the name scheme should be similar.

    >> Another possible problem is that either ISP may be filtering some
    >> ports. [...] A way to check this is to scan from one source, while
    >> _logging_ at the destination. What didn't show up? Then use a tool
    >> like hping2, hping3, or tcptraceroute from the source and see where
    >> any block lies.

    >
    >That sounds worth looking into.


    Networking tools, trials and tribulations can be fun

    >Anyway, it sounds like my system is now secure enough to switch to DSL
    >for everyday use.


    I'd agree

    Old guy

  18. Re: Broadband Security

    Bit Twister wrote:
    > For cups and postfix to work without complaining, you need a FQDN
    > (Fully Qualified Domain Name). You can pick you own host name and can
    > make the domain name whatever you like if you add .invalid on the end.
    > You normally do not want to stick your ISP on it because there might
    > be a customer paying for the name you dreamed up.
    >
    > $ cat /etc/sysconfig/network
    > NETWORKING_IPV6=no
    > NOZEROCONF=yes <---- I recommend adding this line
    > GATEWAYDEV=eth0
    > GATEWAY=192.168.2.1
    > HOSTNAME=wb.home.invalid <---- sets node name on boot (FQDN)
    > NEEDHOSTNAME=no <---- keeps DHCP value from overwriting it
    > NETWORKING=yes


    Okay, my /etc/sysconfig/network now looks exactly like that, except for
    the HOSTNAME of course. At the moment it reads "HOSTNAME=Ozymandias"
    ("Round the decay of that colossal Wreck"), but I gather I ought to add
    ".invalid" and maybe even something before that. (Btw my previous box
    was named UNIVAC and actually had an authentic logo for a case badge.)

    > Hmmm, what release of Mandriva are you running. I would expect
    > something like
    >
    > $ cat /etc/sysconfig/network-scripts/ifcfg-eth0
    > DEVICE=eth0
    > BOOTPROTO=dhcp
    > ONBOOT=yes
    > METRIC=10
    > MII_NOT_SUPPORTED=yes
    > USERCTL=no
    > RESOLV_MODS=yes
    > IPV6INIT=no
    > IPV6TO4INIT=no
    > DHCP_CLIENT=dhclient
    > NEEDHOSTNAME=no
    > PEERDNS=yes
    > PEERYP=no
    > PEERNTPD=no


    Okay, now my file looks just like yours too. I'm running Mandriva
    2007.0 Official.

    Thanks for all your help! Eventually I'll understand what I'm doing.

    Adam

  19. Re: Broadband Security

    David W. Hodgins wrote:
    > Quick summary. Install anacron and imap. Turn off clamd, freshclam, harddrake.
    > Optionally turn off numlock, and wltool.


    Thanks, Dave, will do! And thanks so much for your description of each
    entry in that file.

    >> wltool 0ff 1ff 2n 3n 4n 5n 6ff

    >
    > Hacks for specific hardware. Unlikely you need this. Left over from
    > 2007.0. Not available for 2007.1.


    I'm running 2007.0, but I checked and it doesn't look like I need it.

    >> Downloaded aide 0.13.1. Un-tarred and ran configure. Was told it

    >
    > Why? This is mandriva.
    >
    > urpmi aide


    I get "no package named aide" when I do that. That's why I downloaded
    it. And I checked my four installation CDs and it wasn't there either.

    Thanks again for taking the time to explain all this to me!

    Adam

  20. Re: Broadband Security

    Moe Trin wrote:
    >> What, if anything, should I do about this?

    >
    > Don't bother using chkrootkit, or rkhunter ;-)


    Okay, even I know how to do that!

    >> /etc/cups/cupsd.conf now includes
    >>
    >> Listen localhost:631
    >> Listen /var/run/cups/cups.sock
    >>
    >> Is that sufficient, or do I need to play around with Allow, BrowseAllow,
    >> BrowseDeny, Port, and other directives in that file?

    >
    > As noted, I don't use cupsd, but the answer would be in the netstat output.


    I'll look into that, as soon as I catch up with all my newsgroup posts.

    >> I suppose I ought to change HOSTNAME to my new ISP's name, or can I
    >> change that to whatever name I want my computer to be called?

    >
    > You can use any hostname you want, BUT it's not a good idea to use a
    > hostname (or domain name) _may_ exist in the world. This can result in
    > confusion when an application wants to talk to the defined hostname. Is
    > it this machine, or some host that may resolve by gethostbyaddr(2).
    > The best solution if you don't own a registered domain is to choose one
    > that will never exist on the Internet. This USUALLY means a hostname
    > that ends in ".invalid" or the famous company "example.com" (see RFC2606
    > which also reserves 'example.net' and 'example.org'). The normal
    > expectation is that the name has a minimum of two dots such as
    > foo.example.com - one separating the given hostname (foo) and one that
    > separates the second level and top domain names (example.com).


    Looks like I better change HOSTNAME=Ozymandias ("Round the decay of that
    colossal Wreck") to Ozymandias.foo.invalid or Ozymandias.example.org or
    something like that.

    >> Downloaded aide 0.13.1. Un-tarred and ran configure.

    >
    > Doesn't mandriva have it available?


    Not my copy (4 CDs) of 2007.0 Official. Tried urpmi and ls | grep.

    >> checking for unsigned short... yes
    >> checking size of unsigned short... configure: error: cannot compute
    >> sizeof (unsigned short)
    >> See `config.log' for more details.

    >
    > Are you missing the .devel packages? Try 'rpm -qa | grep devel'


    That returns a list of 54 packages. I remember checking the box to
    install them.

    > This _might_ be a function of the packages. The way they are set up on
    > a typical rpm based system is that you have two families of packages.
    > Using FC5 as an example, there was
    >
    > 5181247 Sep 15 2006 glibc-2.4-11.i686.rpm
    > 16316240 Sep 15 2006 glibc-common-2.4-11.i386.rpm
    > 2014175 Sep 15 2006 glibc-devel-2.4-11.i386.rpm
    >
    > The first is the GNU libc libraries, the second is the common binaries
    > and locale data for glib, while the last is the header and object files
    > for development (compiling) using standard C libraries. You've probably
    > got different version numbers, but the name scheme should be similar.


    [adam@Ozymandias ~]$ sudo urpmi glibc
    The package(s) are already installed

    Again, additional investigation is needed.

    >> Anyway, it sounds like my system is now secure enough to switch to DSL
    >> for everyday use.

    >
    > I'd agree


    Good! In the process I managed to delete everything in ~/.mozilla but
    that was my own fault. Oh well. Thanks again for all the time you've
    spent helping me!

    Adam

+ Reply to Thread
Page 2 of 7 FirstFirst 1 2 3 4 ... LastLast