Broadband Security - Mandriva

This is a discussion on Broadband Security - Mandriva ; Moe Trin wrote: >> Speaking of /etc/hosts, I found http://everythingisnt.com/hosts.html >> which is "a very simple hack which takes ad server URLs and redirects >> them to non-existant numerical addresses," like "127.0.0.1 >> www.doubleclick.net" and a few hundred entries like ...

+ Reply to Thread
Page 4 of 7 FirstFirst ... 2 3 4 5 6 ... LastLast
Results 61 to 80 of 130

Thread: Broadband Security

  1. Re: Broadband Security

    Moe Trin wrote:
    >> Speaking of /etc/hosts, I found http://everythingisnt.com/hosts.html
    >> which is "a very simple hack which takes ad server URLs and redirects
    >> them to non-existant numerical addresses," like "127.0.0.1
    >> www.doubleclick.net" and a few hundred entries like that.

    >
    > Look in the Usenet newsgroups "alt.privacy", "alt.privacy.spyware", and
    > at google - there are several of these lists, some quite extensive (and
    > some quite useless).


    It never occurred to me to look for other lists. Thanks for the pointers!

    > Some resolver code wants to see exactly one line with a given IP
    > address, and one line with a given FQDN.

    [snip]
    > Make sure your firewall is NOT blocking access to 127.0.0.0/8:80, or you
    > will have a further delay in the web page loading while you wait for the
    > connections to time out.


    Guess that means I'll have to check both the software firewall and the
    router. I really know very little about networking, so far, but I'm
    sure I'll learn. I can still remember when compiling a package from
    source seemed beyond my abilities.

    > You need to be somewhat careful of what you are
    > blocking, as some of these servers are both content providers and
    > advertisement providers.


    Well, the nice part about ad blocking is that I don't have to block 100%
    of the ads. (Unlike the 100% figure that antivirus and antispyware hope
    to achieve!) Whatever ads I can block easily is good, but before I put
    a lot of time and effort into it, there are other things that are more
    important. You'll be hearing all about those soon!

    > Personally, I don't bother, as I primarily use a text-based browser
    > rather than a "dazzle-'em-with-graphics" tool unless it is absolutely
    > required.


    As they always say, Linux is all about choices. I couldn't even guess
    at how many Linux web browsers are available.

    Thanks again for all your help with everything!

    Adam

  2. Re: Broadband Security

    Bit Twister wrote:
    > Yes, you may also want to get into the mirror section of the Mandriva
    > Control Center and under Options set wget as default fetch utility.


    Good idea! It took me a while to find it.

    > Yep, you do not need to fight two problems at the same time.
    > urpmi for a copy that is supposed to run, learn how to configure it,
    > then get the latest release and start hacking again.


    Once I get aide-0.11 configured, that should pretty much take care of
    security. My next problem is to try to remember all the mailing lists
    and web sites that I gave my old address to.

    > Crackers, are turning around known exploit cracks within about 48 hours or
    > so of an update and go hunting for systems without the updates.
    >
    > That is one of the reasons I check for updates every night.


    Now that I have broadband, I ought to do the same. With dialup, I think
    the updates came out faster than I could download them!

    >> 127.0.0.1 localhost ozymandias ozymandias.sands.invalid

    >
    > Yuck, how about
    >
    > 127.0.0.1 ozymandias.sands.invalid ozymandias localhost


    Okay, done, and thanks! But why? Thanks again for your help with
    everything!

    Adam

  3. Re: Broadband Security

    On Fri, 15 Jun 2007 01:27:46 GMT, Adam wrote:
    >
    > Once I get aide-0.11 configured, that should pretty much take care of
    > security.


    Hmmm, define security. If aide complains about a security breach, you
    have no security.

    Do goto sourceforge and read the notes to see what you are missing and
    re-read the next paragraph.


    >> Crackers, are turning around known exploit cracks within about 48 hours or
    >> so of an update and go hunting for systems without the updates.


    > >
    > > 127.0.0.1 ozymandias.sands.invalid ozymandias localhost

    >
    > Okay, done, and thanks! But why?


    man hosts




    hint (ozymandias localhost) are aliases


  4. Re: Broadband Security

    Bit Twister wrote:
    > Hmmm, define security. If aide complains about a security breach, you
    > have no security.


    Defining "security" could be, and I'm sure has been, a long thread in
    itself. My off-the-cuff definition would be: no data gets sent out
    unless I want it sent out, and no files get changed unless I want them
    changed. I'm sure there are lots of better definitions out there.

    My aide.conf (which is NOT at /etc/aide.conf) now looks like this:

    database=[somewhere]
    database_out=[somewhere]
    /bin R
    /boot R
    /etc R
    /lib R
    /opt R
    /sbin R
    /usr R
    !/var/log/.* # ignore the log dir it changes too often
    !/var/spool/.* # ignore spool dirs as they change too often

    I'm probably checking more files, and more thoroughly, than I need to,
    but better to start out with too much than too little.

    > Do goto sourceforge and read the notes to see what you are missing and
    > re-read the next paragraph.
    >
    >>> Crackers are turning around known exploit cracks within about 48 hours or
    >>> so of an update and go hunting for systems without the updates.


    Looks like I need to learn more about cron, and write some scripts, and
    schedule security stuff to run daily, or nightly.

    I'm running aide-0.11, but have the source to aide-0.13.1. ChangeLog in
    0.13.1 seems to show mostly bug fixes since 0.11 was released, and minor
    additions. The only thing that looks like a real lack is "Set
    meaningful exitcodes when --check is used" which was added in 0.13 and
    would be handy in a script.

    > man hosts


    No man page for hosts on my system, but nice Q&A at
    http://www.linuxquestions.org/questi...d.php?t=302189 . Now
    the first non-comment line in my /etc/hosts (sorry about line wrap) is

    127.0.0.1 ozymandias.sands.invalid ozymandias localhost.localdomain
    localhost

    Thanks again! I gotta admit I'm learning a lot here.

    Adam

  5. Re: Broadband Security

    On Fri, 15 Jun 2007 15:10:55 GMT, Adam wrote:

    > No man page for hosts on my system,


    click up a terminal,
    su - root
    urpmi man-pages
    exit

    man hosts


    > Looks like I need to learn more about cron, and write some scripts, and
    > schedule security stuff to run daily, or nightly.



    To see when system wide cron jobs run,
    cat /etc/crontab
    if your system is on 24 hours day, 7 days a week.
    If not on 24/7 you might want to install anacron

    To understand the crontab fields,
    man -s5 crontab

    Cron jobs are pretty easy depending on the job. Very simple script example:

    -----8<-----8<-----8<--Cut below this line---8<-----8<-----8<-----8<
    #!/bin/bash
    #************************************************* **********
    #*
    #* scriptname_here - cron script 101 example only
    #*
    #* Mails root a null body message with the subject containg the
    #* program name and program's status/return code in subject line
    #*
    #************************************************* **********

    some_command_here with_some_arguments_here-maybe
    if [ $? -ne 0 ] ; then
    mail -s "$0 returned code $?" root < /dev/null > /dev/null
    fi

    exit 0
    #******* end of scriptname_here ********************************
    -----8<-----8<-----8<--Cut above this line---8<-----8<-----8<-----8<

    First thing after saving, add execute permission with
    chmod +x scriptname_here

    You swap out /some_command_here with_some_arguments_here_maybe/
    with command and arguments of your choice. Test script with the command

    ../scriptname_here

    Once it works, you copy it to
    /etc/cron.hourly
    /etc/cron.daily
    /etc/cron.monthly
    /etc/cron.weekly
    depending on your needs.

    For extra points, read http://tldp.org/LDP/abs/html/index.html

  6. Re: Broadband Security

    On Fri, 15 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Adam wrote:

    >Moe Trin wrote:


    >[adam@ozymandias ~]$ echo $HOSTNAME
    >ozymandias.sands.invalid


    Looks fine. This is the name your system thinks of itself as (in
    addition to 'localhost'). You have to be careful with luser friendly
    tools that attempt to configure the hostname in a dynamic situation.
    KPPP had an incredibly st00pid idea of resetting the hostname to match
    that of the local address on a dialup link - this resulted in the
    desktop refusing to open further applications because the hostname
    had _changed_ (remember that X is a _network_ aware application

    [compton ~]$ whatis xhost
    xhost (1x) - server access control program for X
    [compton ~]$

    and this caused all kinds of frivolity). For a while, Red Hat had a
    similarly dumb function in the network configuration scripts, and I
    see hints of similar problems in DHCP setups from them and others.

    >> Hostname can be fun, or a nightmare, depending on who has to choose
    >> them.

    >
    >I remember looking at a complete list of BITnet hosts, or something like
    >that, in the mid-80s. Some of the hostnames were clever, if you "get"
    >hacker humor.


    You don't see lists of hostnames like you used to (because of security)
    but I still like to pay attention to any names I see if only to get a
    suggestion for the next time I need a name. My home systems are named
    after spacecraft, and the list of available names I have now will keep
    me going for a long time to come.

    >> We _suggest_ using themes for names


    >I'm a volunteer at the local SPCA, and every week the front desk staff
    >has to come up with names for the new arrivals. Sometimes they don't
    >have any ideas but they name them anyway. Last week a litter of five
    >kittens ended up being named Reebok, Nike, Adidas, etc.


    Only one of the last four cats we got from the recycling center kept
    the name he was given (he had two - Sandy, which we used, and Scratch
    which didn't fit him at all). Kiri is a Siamese named after an opera
    singer, Good Sam is a companion type of guy, and Smokie is a gray puff
    who has been nicknamed "Wiff" or "Wiffer". Last time I was in the
    shelter, I noticed that they weren't stressing names that much.

    >[adam@ozymandias ~]$ rpm -qa | grep glibc
    >glibc-2.4-4mdk
    >glibc-devel-2.4-4mdk


    Hmmm, I would think that would provide the needed header files.

    >Anyway as described in another post, I managed to get hooked up to the
    >repositories, and then 'urpmi --wget aide' got me version 0.11
    >downloaded and installed. I consider the problem solved. Now all I
    >have to do is figure out how to use the darn thing.


    3530 2006-12-15 05:56 aide-0.13.1/doc/aide.1
    9020 2006-12-15 05:56 aide-0.13.1/doc/aide.conf.5
    24857 2006-12-09 23:59 aide-0.13.1/doc/manual.html
    17646 2006-12-15 05:55 aide-0.13.1/ChangeLog
    6826 2006-11-25 04:08 aide-0.13.1/README

    That's out of 0.13.1, and I do recall having troubles compiling this
    mess, but can't remember what - I think it was a dependency problem.
    Anyway, try 'rpm -qd aide' and see what it lists for documentation.

    Old guy

  7. Re: Broadband Security

    On Fri, 15 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Adam wrote:

    >Moe Trin wrote:


    >> Make sure your firewall is NOT blocking access to 127.0.0.0/8:80, or you
    >> will have a further delay in the web page loading while you wait for the
    >> connections to time out.

    >
    >Guess that means I'll have to check both the software firewall and the
    >router.


    127.0.0.0/8 has nothing to do with your router. The point I'm making is
    that most Linux firewalls use a "DROP" rule (drop the packet as if it
    never existed) rather than a "REJECT" rule (either send an ICMP Type 3
    Code error, or respond to a TCP packet with a "REJ" flag on
    the handshake (closing the connection immediately). Without a firewall,
    the kernel does the right thing, and sends the ICMP "Unreachable" or
    TCP 'REJ" response when someone attempts to connect to a port where
    no one is listening. With the "DROP" rule, your web browser/etc.
    would have to wait until the connection attempt times out (30 to 90
    seconds) rather than getting the door slammed in it's face, and getting
    on with the show without further delay.

    >I really know very little about networking, so far, but I'm sure I'll
    >learn.


    It's a fairly broad subject, depending how deeply you want to get into
    the subject. I've probably taken over a dozen college classes covering
    various aspects from the hardware and bits-on-the-wire level up to how
    IP address schemes and network layout are concerned. I _usually_ refer
    to the W. Richard Stevens books that I think I've mentioned in the past
    ("TCP/IP Illustrated, Volume 1" 0-201-63346-9), but the "Linux Network
    Administator's Guide" from the LDP is also very helpful.

    >I can still remember when compiling a package from source seemed beyond
    >my abilities.


    ;-) Well, yeah - that's rather intimidating to the inexperienced,
    but it's not impossible.

    >Well, the nice part about ad blocking is that I don't have to block 100%
    >of the ads. (Unlike the 100% figure that antivirus and antispyware hope
    >to achieve!)


    ---------------------
    Installing a recent version of common_sense.exe should prevent programs from
    "installing themselves". (-- Thor Kottelin in c.s.m.)
    ----
    "common_sense.exe" isn't installed - it makes it harder to hit the icon
    that says "Click Here to get your system screwed", and users get frustrated
    when that happens. Microsoft says that would reduce their profits.
    ---------------------

    I can't say that anti-malware is not needed in *nix - that's why we've
    got a couple of guys that audit source before it gets to a distribution
    server, but most of the stuff they've turned up over the years has been
    ordinary coding fsck-ups rather than malicious.

    >Whatever ads I can block easily is good, but before I put a lot of time
    >and effort into it, there are other things that are more important.
    >You'll be hearing all about those soon!


    Oh my - what plans are afoot now?

    Old guy

  8. Re: Broadband Security

    Bit Twister wrote:
    > click up a terminal,
    > su - root
    > urpmi man-pages
    > exit
    >
    > man hosts


    I got all the update mirrors pointing to working servers, and then it
    worked!

    > If not on 24/7 you might want to install anacron


    I power down when I leave ("There is life outside your apartment" --
    AVENUE Q). I already installed anacron, on the advice of David W.
    Hodgins earlier in this very thread:

    [adam@ozymandias ~]$ /sbin/chkconfig --list | grep anacron
    anacron 0ff 1ff 2n 3n 4n 5n 6ff

    It looks like all I have to do is write a script to do whatever-it-is,
    and then put it in /etc/cron.* (where * is daily, weekly, or monthly).
    Or do I have to do something with /var/spool/anacron/cron.* ? Do all
    the scripts in /etc/cron.* get executed, even if some fail (return nonzero)?

    Thanks for your sample script. I've already written a few trivial
    scripts, so I think I can move up to writing simple ones.

    > For extra points, read http://tldp.org/LDP/abs/html/index.html


    That looks really useful. Thanks again!

    Adam

  9. Re: Broadband Security

    On Sat, 16 Jun 2007 01:44:34 GMT, Adam wrote:
    >
    > It looks like all I have to do is write a script to do whatever-it-is,
    > and then put it in /etc/cron.* (where * is daily, weekly, or monthly).


    Yep, you have it down pat.

    > Or do I have to do something with /var/spool/anacron/cron.* ?


    No, anacron checks around and if a cron job has not run because system was
    down it will start the job.


    > Do all the scripts in /etc/cron.* get executed, even if some fail
    >(return nonzero)?


    Yes.


  10. Re: Broadband Security

    On Sat, 16 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <6gHci.45$p45.20@trndny01>, Adam wrote:

    >Bit Twister wrote:


    >> If not on 24/7 you might want to install anacron

    >
    >I power down when I leave ("There is life outside your apartment" --
    >AVENUE Q).


    "Life"... wasn't that a magazine? ;-)

    >I already installed anacron, on the advice of David W. Hodgins
    >earlier in this very thread:


    Note that 'anacron' does not handle tasks scheduled more often than
    "daily", so if you have things that are scheduled more frequently,
    you'll ALSO need to be running a "normal" cron daemon like 'vixie-cron'
    which is pretty much a *nix standard. There is also an application
    called 'fcron' that replaces both vixie-cron and anacron by combining
    the features of both.

    >> For extra points, read http://tldp.org/LDP/abs/html/index.html

    >
    >That looks really useful. Thanks again!


    It _really_ is - I recommend it constantly.

    Old guy

  11. Re: Broadband Security

    Moe Trin wrote:
    > Only one of the last four cats we got from the recycling center


    I love the term "recycling center"!

    > Kiri is a Siamese named after an opera singer


    I have a recording of WEST SIDE STORY with her. I'm not a big fan of
    opera, though. The last time I went to the opera, I fell asleep. So
    did the main character.

    >> 'urpmi --wget aide' got me version 0.11 downloaded and installed.

    >
    > That's out of 0.13.1, and I do recall having troubles compiling this
    > mess, but can't remember what - I think it was a dependency problem.
    > Anyway, try 'rpm -qd aide' and see what it lists for documentation.


    It lists the doc files that came with 0.11. I think I'll make do with
    0.11 until either a new rpm or one I can compile comes out. The changes
    from 0.11 to 0.13.1 seemed to be mostly bug fixes and minor enhancements.

    Adam

  12. Re: Broadband Security

    Bit Twister wrote:
    >> It looks like all I have to do is write a script to do whatever-it-is,
    >> and then put it in /etc/cron.* (where * is daily, weekly, or monthly).

    >
    > Yep, you have it down pat.


    It's that easy? The question I *won't* ask just yet
    is what kind of tasks that should do, because I know to check Google
    before asking. The question I *will* ask is, these scripts will be
    generating some output... is there a convention for what to do with it?
    Send all of it to a specific file somewhere in /var ? Use Sendmail to
    send it all to root? What's the usual *nix thing to do with those
    programs that run during the night and generate voluminous reports?
    Thanks again for your help with this and all my other questions!

    Adam

  13. Re: Broadband Security

    Moe Trin wrote:
    >> I power down when I leave ("There is life outside your apartment" --
    >> AVENUE Q).

    >
    > "Life"... wasn't that a magazine? ;-)


    What's a magazine? Is it those things that come in PDF files? :-)

    > Note that 'anacron' does not handle tasks scheduled more often than
    > "daily", so if you have things that are scheduled more frequently,
    > you'll ALSO need to be running a "normal" cron daemon like 'vixie-cron'
    > which is pretty much a *nix standard. There is also an application
    > called 'fcron' that replaces both vixie-cron and anacron by combining
    > the features of both.


    Seems like I have too many choices here! What are the advantages of
    each? Which would you recommend? I can't think of any tasks that would
    be more often than daily. Thanks again for your help with this and
    everything else!

    Adam

  14. Re: Broadband Security

    On Sun, 17 Jun 2007 03:52:25 GMT, Adam wrote:
    >
    > It's that easy?


    Hey, either you learn how to work the computer, or the computer works you. 8-)


    > The question I *won't* ask just yet is what kind of tasks that should do,


    Heheheh, linux is kinda like, you have a machine shop with all the tools,
    some automated and can run from a CAD document, or a hand rasp you use
    by hand. If you have to a repetive task, create the commands to
    automate the process.

    You are going to be limited by your imagination and/or knowledge.

    I have system cron jobs and user cron jobs. I make my user cron like
    the system cron setup.

    $ cd $HOME/.cron
    $ ls
    cron.job daily msg hourly monthly todo.txt weekly

    $ cat cron.job
    # DO NOT EDIT THIS FILE - edit the master and reinstall.
    # (cron.job installed on Sat Jun 19 21:49:26 2004)
    # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
    MAILTO="bittwister"
    ################################################## ##################
    #minute (0-59), #
    #| hour (0-23), #
    #| | day of the month (1-31), #
    #| | | month of the year (1-12), #
    #| | | | day of the week (0-6 with 0=Sunday)#
    #| | | | | commands #
    #30 01 * * * /home/jim/bin/cleartmp #
    ################################################## ##################
    0 0-23 * * * /bin/nice -n 19 /usr/bin/run-parts /home/bittwister/.cron/hourly
    02 4 * * * /bin/nice -n 19 /usr/bin/run-parts /home/bittwister/.cron/daily
    12 4 * * 0 /bin/nice -n 19 /usr/bin/run-parts /home/bittwister/.cron/weekly
    22 4 1 * * /bin/nice -n 19 /usr/bin/run-parts /home/bittwister/.cron/monthly
    32 4 * * * /bin/nice -n 19 /local/bin/ck_mail_msg


    The scripts in .cron/* directories create *_msg files and ck_mail_msg
    mails me the todo.txt file and any *_msg files in $_msg_dir.

    $ echo $_msg_dir
    /home/bittwister/.cron/msg

    > The question I *will* ask is, these scripts will be
    > generating some output... is there a convention for what to do with it?


    Depends on where you work.

    Such a simple question, larger considerations are needed.

    Let's say your scrips dumps output to /tmp using process id as file name.
    Think about how you are going to find the offending script filling up /tmp. :-(
    Some examples:

    some_cmd > /tmp/$$ Yuck. /tmp/2342
    some_cmd > /tmp/${0}.$$ ok, maybe. /tmp/some_cmd.2342
    _date=$(date + '%a %b %e'
    some_cmd > /tmp/${0}_$_date.log Better. /tmp/some_cmd_Mon_Jan_15.log
    some_cmd > /tmp/${0}_$_date.rpt Better. /tmp/some_cmd_Mon_Jan_15.rpt


    Then a cron job mails root that /tmp is getting full :-(
    You look in /tmp and wonder what job is leaving all those files laying
    around. Which format would you want?
    You might want the .rpt left and script needs to delete .log upon
    completion, if no errors.

    Where the temp working direcory is, can be different where you want the
    output to go.
    Another consideration is, what happens if you decide to use different
    partitions because you are tired of /tmp running out of space and want
    scripts to use other directories for their storage. Example var solution:

    _fn=${0}_$_date
    some_cmd -r $TMP/$_fn.rpt -l $TMPDIR/$_fn.log

    Now the environment vars defines where the files are created.
    snippet from my environment.
    You might want to try the command on your terminal.

    $ env | sort | grep -i tmp
    GCONF_TMPDIR=/tmp
    TMPDIR=/home/bittwister/tmp
    TMP=/home/bittwister/tmp

    > Send all of it to a specific file somewhere in /var ?


    Hmm, kinda like the question: How long will the string need to be?
    Depends, should file surive accross reboots or disappear, do you want
    user/root created scripts to write to same places vendor-supplied
    scripts do their thing, ...

    Maybe /usr/tmp; you are the system admin, you get to control your life.

    Looks like you need to write the System Application Programming Standard for
    your application programmers to use. :-)
    Yuck, visions of weeks spent in standards committe meetings flash
    before my eyes as I type this. :-(

    You might consider some light reading http://rute.2038bug.com/index.html.gz
    and glance at Chapter 35. The LINUX File System Standard

    I downloaded/installed rute.html.tar.bz2 and created a link to it in
    my /local/doc/index.html for the quick and dirty research for where to
    start to go looking. Snippet from my Admin Diary follow:

    # add rute admin linux manual

    cd /usr/share/doc
    tar -xjf /accounts/downloads/rute.html.tar.bz2
    chmod -R 644 rute
    chmod 755 rute


    > Use Sendmail to send it all to root?


    Ugly question there, why are you indicating /Sendmail/.
    When you ask questions to computer subject matter experts, you may get
    very involved GIGO answers.

    MTA (Mail Transport Agent) depends on what MTA installed, qmail,
    postfix, sendmail, exim, ...

    Your scripts could just
    mail -s "what ever" $MAILTO < /some/filename
    and not care who or what MTA installed.

    I see two parts for your question about cron jobs that I will hit on here.
    Your system cron jobs _mail_ information to root. Your _user_ jobs
    mail information to the _user_.

    > What's the usual *nix thing to do with those
    > programs that run during the night and generate voluminous reports?


    Depends on the Requirements Document which the script was designed from. 8-)

    Mail/process/delete it, or have the job run in user space and let
    the user dispose of the results.

  15. Re: Broadband Security

    Adam wrote:

    > I know
    > CAT5E has to be treated with respect -- no sharp bends, and so on. The
    > line is about ten feet longer than it has to be. Is there a "best" way
    > to coil it up, or otherwise keep the excess out of everyone's way? Can
    > I just put it in a coil a foot across and tie it with a twist tie, or is
    > there some recommended way to keep from distorting the signal?


    I hope you don't buy $500 "speaker cables"! You won't "distort" the signal,
    you'll just distort the cable itself. You should just coil it up - not too
    tightly - and find somewhere to hide the excess.

    Chris

  16. Re: Broadband Security

    On Sun, 17 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <2e2di.1066$jb5.682@trndny09>, Adam wrote:

    >Moe Trin wrote:


    >> "Life"... wasn't that a magazine? ;-)

    >
    >What's a magazine? Is it those things that come in PDF files? :-)


    No, I get most of mine in ASCII text format. Actually, I was going to
    say 'wasn't that a magazine like "Look"'

    >> Note that 'anacron' does not handle tasks scheduled more often than
    >> "daily", so if you have things that are scheduled more frequently,
    >> you'll ALSO need to be running a "normal" cron daemon like 'vixie-cron'
    >> which is pretty much a *nix standard. There is also an application
    >> called 'fcron' that replaces both vixie-cron and anacron by combining
    >> the features of both.

    >
    >Seems like I have too many choices here!


    ((sunsite|metalab.unc.edu)|ibiblio.org) isn't keeping up to track any
    more, but they list nine different cron packages, and that doesn't
    include the desktop helper crap. Generally, the 24/7 daemons used are
    dillon-cron (mainly Slackware and clones) and vixie-cron (just about
    everyone else), though there are a few others. These all work by waking
    up every minute, checking /etc/crontab and usually something like
    /var/spool/cron (or /var/lib/crontabs or /var/cron if you have something
    ancient) so see if there are any jobs to run. Many distributions use a
    program called 'run-parts' which gets called out of the _system_
    crontab (/etc/crontab) to run jobs that may be in some specified
    directory like /etc/cron.hourly or some such. As noted, the crontab
    has the first five fields on each entry to specify minutes, hours,
    day of month, month of year, and day of week, and with appropriate
    entries and combinations of entries, you can have cron jobs running
    every minute or once every couple of years. The big problem is that
    these daemons run the job when scheduled. If the system was not running
    at that time, tough bananas.

    For non-24/7 systems, there are at least two replacements - anacron and
    fcron (there may be more). In the 'non-24/7' mode, these daemons can
    not run a job scheduled more often than daily, and GENERALLY run what
    ever jobs haven't been run in the required interval (daily, monthly,
    yearly, and combinations there-of) some set time after the system is
    booted. This may or may not be a good thing. One type of job is a
    database update - variously "makewahat" (makes the database used by the
    'whois' and 'apropos' commands) and "updatedb" (makes the database used
    by the 'locate' command). On a 24/7 system, these jobs run at 0:dark:30
    when no one is likely to be using the system - simply because they are
    enormous resource hogs, even when nice'd down to a +19. On a non-24/7
    system, these jobs are run a few minutes after power-on, and you can
    see the systems come to a standstill while these jobs run 'find /
    -everything_up_the_whazoo | burn-more-CPU-cycles | make-it-pretty >
    some.data.base.somewhere".

    >Which would you recommend?


    [compton ~]$ uptime
    6:20pm up 93 days, 21:52, 20 users, load average: 0.20, 0.15, 0.09
    [compton ~]$

    >I can't think of any tasks that would be more often than daily.


    What's in /etc/cron.hourly ? What are in the system and usr crontabs?
    I've got about a dozen jobs in those three places. Some are system type
    of jobs, some are monitoring logs - it's really an individual thing.

    Old guy

  17. Re: Broadband Security

    On Sun, 17 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Adam wrote:

    >Moe Trin wrote:
    >> Only one of the last four cats we got from the recycling center

    >
    >I love the term "recycling center"!


    Your trim nearly changed the context there. Kiri was turned in by her
    former owner who apparently couldn't afford the vet bills. The Humane
    Society patched her up, and we got her as a "second chance kitty".
    Sandy's owner died, and the poor guy was seven year old so no one wanted
    him. Good Sam and Smokie were both picked up off the streets without
    collars or embedded tags. So in all cases, the cats _were_ recycled.

    >> Kiri is a Siamese named after an opera singer

    >
    >I have a recording of WEST SIDE STORY with her.


    I'll stick with the original Broadway cast TYVM. I've got several CDs of
    Dame Kiri, as I do think she has a decent voice. I like Kathleen Battle
    more so, but why quibble.

    >I'm not a big fan of opera, though. The last time I went to the opera,
    >I fell asleep. So did the main character.


    I'm right with you there. There are some pieces from opera that I really
    like... there are some people with absolutely _flawless_ voices, but other
    than "The Rabbit of Seville" and "What's Opera, Doc", I'm not sure when
    the last time I attended an opera was - decades ago in the .uk I think.
    Then there are the unusual voices - Pearl Bailey in "Porgy and Bess", or
    Juanita Hall in "South Pacific" (her "Bali Hai" still makes me stop and
    turn up the volume).

    >It lists the doc files that came with 0.11. I think I'll make do with
    >0.11 until either a new rpm or one I can compile comes out. The changes
    >from 0.11 to 0.13.1 seemed to be mostly bug fixes and minor enhancements.


    As mentioned up-thread, there are 25 bug-fix/change/improvements between
    0.11 and 0.13, and three more to 0.13.1 which seems to be the latest. None
    look to be critical/deadly.

    Old guy

  18. Re: Broadband Security

    Bit Twister wrote:
    > Hey, either you learn how to work the computer, or the computer works you. 8-)


    Somebody asked what I thought of Linux, and I think what you said is a
    good answer to that! (And kind of how I feel about Linux vs. Windows.)

    >> The question I *will* ask is, these scripts will be
    >> generating some output... is there a convention for what to do with it?

    >
    > Looks like you need to write the System Application Programming Standard for
    > your application programmers to use. :-)

    [snip]
    > You might consider some light reading http://rute.2038bug.com/index.html.gz
    > and glance at Chapter 35. The LINUX File System Standard


    Thanks! Bookmarked, printed out, and will be read offline tonight or
    tomorrow. I see that I'll have to make some sysadmin-type decisions here!

    Let me put my question another way: If someone knowledgeable were to
    take over as sysadmin of my system, where would be the first few places
    they would look for results from the night's cron jobs?

    Moe Trin also raised a good point that I can't see a simple answer to:
    > The big problem is that these daemons run the job when scheduled. If
    > the system was not running at that time, tough bananas. For non-24/7
    > systems, there are at least two replacements - anacron and fcron
    > (there may be more). In the 'non-24/7' mode, these daemons [...]
    > GENERALLY run what ever jobs haven't been run in the required
    > interval [...] some set time after the system is booted. This may or
    > may not be a good thing. [...] On a 24/7 system, these jobs run at
    > 0:dark:30 when no one is likely to be using the system - simply
    > because they are enormous resource hogs, even when nice'd down to a
    > +19. On a non-24/7 system, these jobs are run a few minutes after
    > power-on, and you can see the systems come to a standstill while
    > these jobs run 'find / -everything_up_the_whazoo |
    > burn-more-CPU-cycles | make-it-pretty > some.data.base.somewhere".


    My system does NOT run 24/7. Mainly, it's turned off when I'm not home.
    I hate to think of powering it up and suddenly having everything slow
    to a crawl. I can't see any easy way around this, though. OTOH it's
    usually on all night, so those jobs could usually be run at 4 AM. Hmmm.
    I guess I'll have to get used to thinking like a sysadamin!

    Adam

  19. Re: Broadband Security

    Christopher Hunter wrote:
    >> I know CAT5E has to be treated with respect -- no sharp bends, and so on.

    >
    > I hope you don't buy $500 "speaker cables"! You won't "distort" the signal,
    > you'll just distort the cable itself. You should just coil it up - not too
    > tightly - and find somewhere to hide the excess.


    Thanks, Chris. I think I'll just shove the excess under my computer
    desk. It's such a mess of cables that I don't think one more will be
    noticed!

    Btw my speakers (stereo system ones, not computer ones) are hooked up
    with Radio Shack 16-gauge speaker cable, currently US $11 for 50 feet.
    I'll pay a little extra (over, say, 18-gauge) because they *may* make a
    difference, and doesn't cost that much more. Likewise, I'll pay for 40
    feet of CAT5E (instead of a dollar-store cord) because it doesn't cost
    that much and again, it *may* make a difference. Sometimes I have fun
    reading magazines or ads aimed at the "hi-finatic" market, and seeing
    how much of a fuss they make over something trivial.

    Adam

  20. Re: Broadband Security

    Moe Trin wrote:
    [cron]
    > The big problem is that these daemons run the job when scheduled. If
    > the system was not running at that time, tough bananas.
    >
    > For non-24/7 systems, there are at least two replacements - anacron and
    > fcron (there may be more). [...] On a 24/7 system, these jobs run at
    > 0:dark:30 when no one is likely to be using the system - simply because
    > they are enormous resource hogs, even when nice'd down to a +19. On a
    > non-24/7 system, these jobs are run a few minutes after power-on, and
    > you can see the systems come to a standstill


    My system will NOT be on 24/7, but I don't want it that sluggish after
    every power-up. I don't really see any way around that. OTOH my system
    is usually on all night, so maybe I could get anacron to run them at 4
    AM if it's on. I'll have to get used to making sysadmin-type decisions!

    Adam


+ Reply to Thread
Page 4 of 7 FirstFirst ... 2 3 4 5 6 ... LastLast