[A guest commentary from our News Bytes editor. I asked him to summarize the controversy on Slashdot regarding SSH/SSL vulnerabilities, and to assess whether we need an article on it. -Mike]

Date: Thu, 28 Dec 2000 16:55:56 +0000 Subject: Re: Late News Bytes additions
From: Michael Conry michael.conry@softhome.net

Hi Mike, please find attached the <A HREF="lg_bytes61.html">news bytes 61 file</A>. I did go through the SSH issues, and summarised them briefly. I kind of skirted around the SSL because it seemed less clear cut, and very much an issue of implementation and protecting users from themselves. Most discussion in the links focussed on SSH in any case.

I would recommend, not an article on Holes in SSH, but rather an article on security in general. Lots of contradictory messages on Slashdot indicate that people still don't really understand what is going on or how exactly to administer a public key system.

The issues are not new, but are inherent in public key systems. pgp,gnupg is the same (how can i be sure the key i think is yours is really yours?). The biggest issue is probably users (lusers) ignoring warning messages.

The new dsniff software is probably worth commenting on also. I included a link in my short discussion, but have not studied it. What could be very interesting would be for an article to highlight how to use tools like this to strengthen your system/network by scrutinising it and probing it. Focus tends to be on how these tools allow malicious people to break other people's systems.

bye for now
michael

[There were several other messages this month, but it's 10:45pm on New Year's Eve, and I want to publish LG and get to the club by 12. The letters will be printed next month. -Mike.]

"Linux Gazette...making Linux just a little more fun!"

Contents: Distro News News in General Software Announcements

Selected and formatted by Michael Conry

Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release.

January 2001 Linux Journal

The January issue of Linux Journal is on newsstands now. This issue focuses on Multimedia. Click here to view the table of contents, or here to subscribe. All articles through December 1999 are available for public reading at http://www.linuxjournal.com/lj-issues/mags.html. Recent articles are available on-line for subscribers only at http://interactive.linuxjournal.com/.

Vendors: Linux Journal's 2001 Buyer's Guide wants your product listings! Listings are absolutely FREE of charge, however you must register your products by January 15, 2001. The deadline is firm so make certain to get your free listings in today. http://www.linuxjournal.com/bg/.

Caldera

OREM, UT-December 19, 2000- Caldera Systems, Inc., announced that they have contracted with Richard Sharpe of the Samba team to create a client library that will make Linux and Microsoft integration easier for developers. The Caldera-funded project includes the development of library source code, associated reorganization and reuse of Samba code and documentation of the library API. The library and documentation will be available under the General Public License (GPL). Caldera's engineering group will work with the Samba team to complete the project by February 2001.

"Richard Sharpe is perfectly suited for this project," said John Terpstra, vice president of technology and Open Source strategist for Caldera Systems, "We believe this library built with Samba code will become the standard for developers writing software that integrates with Microsoft networks."

Developers interested in more technical detail on the project can visit the Samba Web page.

Mandrake

CAMBRIDGE, MASSACHUSETTS, USA (December 4, 2000) - Integrated Computer Solutions, Inc. (ICS), the leading supplier of commercial OSF/Motif products and support, and MandrakeSoft, publisher of the Linux-Mandrake operating system, announced the immediate availability of Open Motif optimized for the Linux-Mandrake operating system. More details are available in the press release

Open Motif optimized for the Linux-Mandrake 7.2 operating system is available for free downloads at the MotifZone, ICS's Motif portal site (www.motifzone.net). Open Motif is also bundled with the Linux-Mandrake 7.2 PowerPack Deluxe.

Red Hat

RESEARCH TRIANGLE PARK, N.C.--December 11, 2000-- Red Hat, Inc. today announced that Cradle Technologies, Inc., is leveraging a broad set of Red Hat's embedded technologies and services as part of its strategy to supply a revolutionary silicon platform for stream processing applications.

The Cradle contract includes consulting services and porting of Red Hat's GNUPro embedded development tools, eCos and embedded Linux operating systems, to Cradle's Universal Microsystem platform (UMS). Cradle's UMS platform will make it possible for new embedded systems to be developed simply by redesigning software, rather than by constantly rebuilding the entire chip hardware.

RESEARCH TRIANGLE PARK, N.C.--December 13, 2000-- In further embedded Linux developments, Red Hat announces a deal with Rymic Systems that will put Red Hat Linux (uClinux) behind as many as 50,000 Army trucks and fighting vehicles. These vehicles will run a next-generation Rymic appliance that assesses, in real time, the likelihood of vehicle failure.

The device will monitor dozens of specific variables on an array of military vehicles, and provide decision-makers with additional information when considering which forces to deploy, which fighting vehicles to pull back from the battlefield and which vehicles require immediate maintenance and repairs.

For more information on Red Hat Embedded Linux please visit www.redhat.com/embedded.

SuSE

Oakland, Calif., USA (December 1, 2000) -- SuSE Linux announced a new strategic alliance with SGI. Under the alliance agreement, SGI will make an equity investment in SuSE Linux and will co-operate on the development, deployment and support of the Linux operating system and infrastructure code.

Earlier this year, the companies successfully introduced Linux FailSafe, a scalable and modular high-availability solution based on IRIS FailSafe system software developed for the SGI IRIX operating system. Linux FailSafe offers advanced clustering capabilities to Linux. SuSE, SGI and others also cooperated in the highly regarded IA-64 Trillian Linux effort.

SuSE have also brought it to our attention that there is integrated backward-compatible Pentium 4 recognition in the standard Linux kernel 2.2.16 included in SuSE Linux 7.0. A boot disk image of the kernel can be downloaded from their ftp site

Upcoming conferences and events

SSH/SSL Vulnerability

There have been a few articles going around regarding possible security risks associated with the use of SSH and SSL. Kurt Seifried has written several times on this subject, as far back as September 1999. More recently he has returned to the topic in an article on www.SecurityPortal.com, and a follow up article responding to some of the feedback he got from readers. This topic seems to have stirred up quite a reaction, and has been further discussed by the contributors to Slashdot.

Without wanting to repeat too much of the discussion that has gone before, the issue basically boil down to one of key exchange and trust. The only real risk to SSH security is in the initial contact with a machine when you do not know whether it is in fact the host you think it is. This is not an SSH problem, as such, but rather is a difficulty with any public key encryption system. The trick is to find a secure way to distribute your public key that does not inconvenience your users too much.

Also, the largest risk to security is not, in general, software problems. Many problems actually originate from users who ignore or do not understand warning signs that something is wrong. The problems with software highlighted in these articles are the extent to which they leave themselves open to poor use.

It is certainly worth pointing out that none of these links highlight any NEW flaw in the SSH/SSL system or implementation. The main reason for the recent focus on these issues is the release of a new piece of software: dsniff, which makes easy interception of SSH traffic more convenient for a wider number of people. This is not because it exploits any weakness, rather it provides some handy tools to automate the interception process. However, wide availability of these tools does increase the chance of casual attacks on systems.

The take-home message is that the best way to keep a system secure is by educating yourself your boss and your users about security. It is only by understanding what is going on that you have any chance of keeping your system healthy (hardly earth-shattering news, but true none-the-less).

Linux Clusters Powering Genome Research

SALT LAKE CITY, UTAH, Dec. 14, 2000 - Linux NetworX, Inc., a provider of large-scale clustered computer solutions announced that the Lawrence Berkeley National Laboratory, Berkeley Calif., has selected a Linux NetworX cluster computer system for its Drosophila Genome Project.

Using the Linux NetworX cluster system with 40 processors, Berkeley Lab is analyzing and sequencing the Drosophila (fruit fly) genome. The Drosophila's 15,000 genes are similar to a human's 100,000 genes and have been used extensively in the past as a model organism for research studies.

"The Linux NetworX cluster is much more cost efficient than the systems we've used in the past," said Erwin Frise, systems manager and biomedical scientist, Lawrence Berkeley National Laboratory. Frise also explains that because clusters are highly scalable, Berkeley Lab will in the future be able to add additional compute modules to the system to keep it up to date, something not feasible with a supercomputer.

New look for ShowMeLinux

Vancouver, British Columbia. December 1st, 2000 - LuteLinux.com, a Canadian-based Linux developer announces the unveiling of ShowMeLinux's exciting new look. LuteLinux had previously announced the addition of ShowMeLinux to their family of services, LuteLinux is hosting all future issues and has taken over as publisher of ShowMeLinux. The new look was created by Adam Puchalski, a welcomed new addition to both LuteLinux and ShowMeLinux, as their Graphic/Web designer, and co-editor of ShowMeLinux.

ShowMeLinux is published with the goal of helping readers develop an in-depth understanding of the Linux movement through rich, beginner friendly content. It explores practices for configuring, deploying and maintaining the latest Linux technology.

HP and Sprint PCS Form Wireless Email Alliance

Linux based BizRelations Inc. Announces First Fully Functional Wireless Email in time for Holidays

BizRelations have largely based their IT infrastructure on an Open Source Linux foundation. BizRelations has successfully been using the Linux Virtual Server (LVS) along with RedHat's Piranha clustering tool to provide high availability and scalability for web, email and SQL services. Sybase ASE 11.0.3.3 for Linux was the SQL server chosen by BizRelations, while the email solution chosen was qmail Another core function is monitoring the availability of systems and networks. To fill this requirement NetSaint was used. "If there are any problems, an email gets sent to the support cellphone stating the nature of the problem." says Patrick Petersen (President of BizRelations). After running with RedHat Linux for over a year, even if Windows 2000 was a free alternative, BizRelations would willingly shell out the money for Linux.

Linux Links

Salon take a look at free wireless TCP/IP networks in the US. The originators see it as an extension of the Open-Source/Free-Software ethos.

ZD-Net take an in-depth look at running Linux on laptops. (For anyone wanting to turn their shiny new toy into a real computer!)

Newsforge comment on Bruce Perens' move to HP as head of the company's Linux and open-source strategies. This is being touted as the first Open-Source foray into the upper echelons of Big Business

East Bay Express looks at a life in a TelCo call centre. Makes you look a bit differently at those frustrating periods on hold.

Some links courtesy of Slashdot:

• NSA Linux distribution is discussed in a Slashdot article and in a different tone on the official website where, incidentally, you can download it for yourself. Look it up soon, though, because they still aren't 100% sure they can continue to distribute it.
• Linux 2000 timeline
• Turbolinux have demonstrated the use of a Linux cluster to crack 5-character NT passwords in just one minute. Read more here. (Please note, Turbolinux does not endorse breaking passwords, they just like building good clusters!)
• A look at why UCITA is BAD. The issues are complicated, but this is a very important issue to the future of software distribution and engineering.

• For those wanting to keep in touch with the BSD side of things, the Duke of URL has a review of Free BSD 4.2 (even draws comparisons against Linux).
• The Finnish Software Engineering distribtion Best Linux 2000 R3 is out. Read the review and find out how good Linux is in the homeland.

The Linuxcare support Database is available online if you have some problems you need solutions for.

OS Opinion take a look at the difficulties with complicated software, in particular the ramifications of OSX's UNIX/BSD heritage.

Some highlights from Linux Weekly News:

• If anyone is still in doubt what Linux IS, and would like a smile, check out this article.
• Those of an artistic temperament should look at Penguin Art.
• Also, courtesy of LWN comes this link to Salon's round up of tech stories and non-stories of 2000AD.

KDE 2.0.1

KDE have announced release of KDE 2.0.1. The official announcement is available here.

There is also a KDE Beta available for download.

XFree86 4.0.2

XFree86 have released XFree86 4.0.2, and the Duke of URL has posted a review . Highlights include ATI Radeon support.

For the official news, refer to the XFree86 news section. Before you actually download or use this you will also probably want to check out the Release Notes

Smart Batteries

SoftTools Technology, Inc. has announced their new Linux Smart Battery System Software Suite (Linux SBS3). The Linux SBS3 is a complete software solution for Portable systems that provides support for systems that incorporate Smart Battery System components under Linux. A User Friendly applet with a GUI for multiple smart batteries and/or regular batteries that read and provide accurate information to the user is also available.

Free Download of Configuration Management System Elego ComPact

The establishment of elego Software Solutions GmbH has been announced in Berlin. The new company specializes in software configuration management (SCM), and offers a wide range of support, service, and general consulting in the area of configuration management (CM).

Elego ComPact is a full-featured configuration management (CM) system based on the well-known and reliable version control system CVS. Elego ComPact extends CVS capabilities by adding new functions and concepts, including build management and component model. Elego ComPact may be used freely for all non-commercial purposes; commercial users must obtain a license.

Elego ComPact claims to add missing features and concepts to the basic CVS system:

You may download a current development snapshot of Elego ComPact for evaluation purposes or free private use via FTP or HTTP from their download page.

For more information see www.elego-software-solutions.com

VMware Enters Server Market

PALO ALTO, Calif., December 5, 2000 - VMware, Inc.. For the latest VMware press releases, check out: www.vmware.com/news/.

VMware have made a number of announcements around two new server products:

• - VMware Enables Intel Server Customers to Scale their Internet Computing Infrastructures Safely, Reliably and on Demand
• - VMware Announces Initial Adopters of its New Server Products - CenterBeam, Inc., eOnline, Inc., Merrill Lynch, and ProTier
• - Compaq, Dell, IBM and VA Linux are Founding Partners in VMware's Preferred Server Hardware Vendor Program
• - VMware Forms Professional Services Organization and Announces New Offerings to Ensure Customer Success

WARP Aim to Improve Web Performance

NEW YORK, NY * November 1, 2000 * WARP Solutions, Inc., providers of Web infrastructure software for the area of optimum performance of Internet applications, have launched the WARP Performance Suite, initially consisting of WARP Intelligent Content Distributor, WARP Global Load Balancer and WARP Load Balancer. Additional products - - WARP Dynamic Content Director, WARP Cache Master and WARP Secure - - are being rolled out on an individual basis during the fourth quarter and early next year. This suite of modules aim to enhance web-server performance with emphasis on "performance, reliability, scalability, security, speed and interoperability". WARP's initial launch will run on Solaris, Compaq Tru64 and Linux platforms.

ACCESS Introduces Linux-based Browser Development Kit

MILPITAS, Calif./TOKYO, Japan - December 11, 2000 - ACCESS Co., Ltd. introduced a NetFront 2.6 Linux Software Development Kit (SDK) for the worldwide market. This should speed the integration of ACCESS' popular NetFront browser into Linux-based Internet appliances and other non-PC applications.

Since its introduction in 1995, NetFront browsers have been shipped in over 18 million embedded devices from 40 manufacturers. NetFront is an ideal browser for Internet TVs, PDAs (personal digital assistants), set-top boxes, car navigation systems, smart phones, web/screen phones, vertical Internet terminals, video game consoles and Internet kiosks.

The browser kernel is less than 270 KB of code and fits in 1.3 megabytes of ROM and 2 megabytes of RAM. It supports the full HTML 3.2 specification and selected portions of HTML 4.0. It supports frames, JavaScript, cookies, web printing and multilingual capabilities.

This SDK lets developers customize the user interface to their desired look and feel and add plug-in applications tailored for specific applications. NetFront version 2.6 SDK for Linux will be available as a full source code package. The SDK includes the NetFront version 2.6 browser kernel, a sample user interface module and PIM suite, the Internet mail module, a sample library for peer interface layer and graphics layer (GTK/SDL), and documentation. An SDK with five-seat development license is available for $40,000 including three months support.

Linux-Based Intranet Broadcast Solutions

The first system offered by the alliance is a Linux-based server solution, providing users a viable means to stream broadcast-quality transmissions. It includes 2netFX's StreamRider client and ThunderCast/IP server software and Zapex's ZL-330 encoder with Dolby digital audio and MPEG-2 video. It is the first encoder of its type to achieve Dolby certification for Linux operating systems, and it eliminates inherent lip-sync issues by providing Transport Stream multiplexing within the Zapex encoder.

The ZL-330 produces high quality video images at low bit rates. "The resulting low-bandwidth video stream from the ZL-330 permits an unlimited number of users to access a multicast video," says Gary Marsh, Zapex vice president of sales and marketing. "Coupled with the 2netFX software, PC users can interactively select which programming they wish to view, then capture and store the video locally. Effectively, customers can select their own viewing schedules, depending on application."

Linux2order.com

Fox On Linux

Fox on Linux is a commercial Linux application, providing businesses with a sophisticated, graphical software package to deal with their core financial accounting needs. Fox on Linux can be integrated with other corporate front-end applications and comes with online support and training. Flexible in its operation, multi-user, and with a 12KBS low bandwidth requirement it can be accessed over the Internet. Installation is claimed to be easy, so a system can be up and running in a very short time. For further briefing or a chance to trial Fox on Linux software go to www.foxonlinux.com.

Other Software

Copyright © 2000, Michael Conry and the Editors of Linux Gazette.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 61 of Linux Gazette, January 2001

Contents:

¶: Greetings From Heather Stern

Baffled

A rather unique query (I hope)

info needed --or--

What is Linux?
the screensavers look great!

Linux Installation question

Abt.. Michael Lauzon's Q in issue 60.. --or--

Tell me about the K guys
SCI-Linux project to use multiple package types?

minimum configuration Linux ? --or--

Data Recovery Vendor Seeks Linux Basics RAIDs do not guarantee safety for your data

a question --or--

Linux, UNIX, what's the difference?

linux question

Red Hat 7.0 Crackerz!

Transmitting PaperPort files with .max Definitely some Windows file format

Help Me Delete Linux

Removing Linux: Sacrilege!

uninstall linux --or--

Another uninstall: Getting to a Root Prompt to Blow it All Away

setting root password

I can't seem to write to my vfat (Windoze) file system with any user other than root.

For Jim Dennis...Hello from South Texas --or--

Firewall for a SOHO
Small World, isn't it?

Something comparable to Services in NT

Editing fstab file for tape backup

Mail gets nowhere?

Loading SuSE Linux 6.4 via NFS

RE: classified disk

multiple subnets, one DNS

Linux vs. DESQview??? --or--

responding to DESQview/386 Die Hards into the Next Millennia

DOS partition from Linux

e-mails not getting through

exit X & shutdown --or--

Exiting X and Rebooting with One Keystroke

Multiplexing ppp connections

[Tony@thermo-king.com: new to Linux]

Trident Providia 9685

The New network On The BLock

Mail Daily sylog message to remote e-mail

automation for minicom --or--

Scripted Serial Sessions

About Epson Stilus Color 670 --or--

Setting up print filters.

Xwindows

diald on a smoothwall box

...a bulk friendly ISP?

Greetings from Heather Stern

Hello everyone, and welcome once again to The Answer Gang. As the fog starts to lift this morning I am enjoying the fluffy greyness and savoring a good cup of coffee. I leave it entirely to your imagination whether I'm talking about the weather or my clouded thoughts.

We have some really juicy threads this month and I hope you like them. I'd like to encourage anybody who feels like asking us questions, to consider the following guidelines:

• Please use a real subject. We hate having to reply to "your mail" (the classic default coughed up by our mailers, when replying to a blank subject line). "Help" or "Linux trouble" is not much help to us. I know it sounds strange, there's a batch of us here, but it will probably greatly increase your chance of being one of the lucky souls who gets a direct answer. Try actually stating your linux flavor, and what kind of trouble. Examples: "RH 7 sound config?" "SuSE NFS install" etc.
• This is a Linux webzine - ask us questions about free software. For those of you from AOL, if the members' help forum can't answer you, don't expect us to be any help at all (unless it's about Linux). Windows has its own magazines and sites, and frankly most of the Gang hasn't used Windows except in a cross-platform context in a long time.
  That said, If you work for a Windows 'zine, you should really read one or two of the items this issue...
• Requests for anonymity are honored here. But if you don't want us to publish your question and the answers, don't expect us to be interested in helping you much. Several of us are consultants for a living, so unless it's helping a few hundred people at once, we're not inclined to do freebies.
• If you're using a foreign language and can manage to use an English subject, please give a shot at asking your question in English, too. We're quite forgiving of spotty English, if we can tell what you're asking. Otherwise there's a couple of months lag while we have a translator look at your stuff, if we even have someone to translate for your language. Babelfish is only good for a laugh.
• We reserve the right to be curmudgeonly. So flaming us for a lack of formality will get you laughed at. We've also got ethics here and if you don't, you'll get a serious drubbing. However, we don't bother publishing answers that don't have some meat to them.

Spam seems to be down this month, and I don't think we got any non-computing questions this time around. Must be a Christmas present

It's a new year and I look forward to some interesting New Year's resolutions. In past years I've made selections such as 1600x1200 (the year I got the beautiful monitor I use daily) and 600 dpi (a printer, of course)...

Baffled

From Patrick Green

Answered By Jim Dennis

James I am at a loss here so I thought I would give you a try. I exited out of a root session (not su) and I go back a couple hours later to login. I enter my user name and lo and behold, no password prompt. So I cold boot it (hate that) comes back up just fine, go to login ...no password prompt. Any ideas?

[Jim] First you'll want to get to a shell prompt. I'd treat this as though your /etc/passwd or /bin/login files are corrupt. So, start Linux using the init=/bin/sh kernel parameter (passed from the LILO: prompt --- or LOADLIN, GRUB or whatever boot loader you're using.

If that doesn't work, get out a rescue diskette or CD. Remember Tom's (http://www.toms.net/rb).

Once you've done that try to confirm that your /etc/passwd, /etc/group and various /etc/pam.d files are sane. They should "look right" (if you've seen copies before).

If you have backups of your /etc/passwd and /etc/group files, restore them to an alternate location (/tmp) and run diff on them. See if the differences seem reasonable.

If this is an RPM based system try the rpm -Va command to verify the integrity of your /bin/login and other binaries. (If you have a full tar backup of your root and /usr filesystems you can use the 'tar df' or 'tar dzf' directives to report on differences between your current files and those in your backup.

If you're running Debian there are several ways to check the integrity of your files; none of them is as easy to explain and/or type as rpm -Va (that's one of the very few deficiencies in the apt and dpkg systems). You can run debsums or tripwire or aide if you have any of them --- but that's probably a matter of closing the barn door while the horses are already astray in this case.

There is a possibility that your /bin/login program is corrupt or that an attacker has compromised your system and attempted to replace /bin/login (or some other files) with a broken version (perhaps linked against some library you don't have even just having the wrong permissions or something like that).

Of course I'd also check the /var/log/messages and related files to see if there are any clues in there; do a fsck on your root filesystem, try to run /bin/login from a rescue shell prompt, etc. You can even temporarily replace /bin/login with a one-line wrapper script. Rename it to login.binary or some such an write a shell script like:

       #!/bin/sh
       exec /usr/sbin/strace -o /tmp/login.strace/$$.out /bin/login.binary

... then try to login (rebooting as necessary, or just start a shell on one of your virtual console with an appropriate line in your /etc/inittab files).

It's an unusual problem, but these sorts of techniques will help you narrow down what's happening.

(Obviously your kernel, your root filesystem and the init program are working. Your getty seems to be working enough to display an "issue" file and accept a username. So we've already narrowed it down to getty and login --- either getty is failing to successfully execute the login command, or the login command is failing to emit a password prompt. Since the latter is somewhat more likely we focus on it.)

A rather unique query (I hope)

From Karen Gartner

Answered By Ben Okopnik, Mike Orr

Running RH 7 - Dell Precision 420, 18GB SCSI HD @ 10K rpm, 1 CD-ROM, 1 CD-RW, 19" screen w. Diamond Fire GL1 video card and therein is the start of my problem.

The latest version of the Diamond fire GL1 driver for linux will only work with kernel 2.2.14. RH 7 uses 2.2.16 so I have to backtrack to an earlier kernel in order to use Gnome & KDE (I'm stuck in consoleland right now).

[Ben] Interesting. The first possibility that I would explore would be to search the web (or possibly contact the author) for a patch for the Diamond video code, rather than downgrading the kernel. Chances are relatively high that the necessary changes would be trivial (on the other hand, it may require a major code rewrite, but it wouldn't hurt to check.)

Indeed I have installed the new (old?) kernel but on booting, only 1 scsi host is recognized where there should be 3, there's an IDE recognition problem, and ultimately I get the message "kernel panic: VFS: unable to mount root fs 08:02". I have checked lilo.conf and all is well there.

[Ben] Well, the "kernel panic" message says that it's not finding a bootable device/useable boot record on device 08:02 (if I recall correctly, that means "device with major number 8, minor number 2", otherwise known as "/dev/sda2", the 2nd partition of your 1st SCSI HD.) Is that what your boot device is supposed to be? (side query: have you re-run "lilo"? It never hurts to do so, and if you've changed anything having to do with booting - and you have - you must do so.)

[Mike] Not finding the root partition to mount. The boot sector is a different story, and if you made it this far, it's functioning correctly.

At least your panic message has the word "root" in it. When it happens to me, I get a cryptic "unable to open initial VC" (=virtual console) or something like that. Because displaying a login: prompt requires a virtual console, which requires a device in the /dev/ directory, which requires a root partition to be mounted.

[Ben] If you are unable to mount the root partition (you are correct in that regard - I misspoke), I don't think that you will ever get anywhere near the login prompt; the boot will fail at that point. It is true, though, that a missing or damaged "/dev" directory will cause the "VC" message - as will a "no virtual terminals" setting in the kernel configuration.

[Ben] Where did the new (old?) kernel come from? If it's a "stock" RedHat kernel, I would be rather surprised - RH compiles theirs with every bell, whistle, and gilliwhillikin included. I certainly haven't had any fail to detect SCSI hosts/devices, but that may just be because I've done only a few "RH on SCSI" installations. I certainly have not had any SCSI detection problems with Debian, even SCSI-emulation setups (that being what I have at home.)

If it's a kernel that someone else compiled, I would definitely check the configuration... scratch that. I would not use a custom-compiled kernel while bringing up a new system in the first place. I recommend that you don't either.

By the way, are you certain that you should see 3 SCSI hosts, rather than three SCSI devices? There is a difference, and it's an important one. The host adapters are interfaces between the PC and the SCSI devices; it would be exceedingly rare (if even possible) to find three of them in one system.

[Mike] You should find out which device it's complaining about. Look in Documentation/devices.txt in your kernel source. Block device 8:2 is indeed /dev/sda2.

(You can also look in the /dev/MAKEDEV script, because this is the script that made all those device files. However, I find it harder to read.)

[Ben] It's even easier to look in the "/dev" directory using Midnight Commander, and scroll down until you see a match for those numbers. Possibly simplest of all would be

ls /dev|grep "8, *2 "

[Mike] Provided the /dev directory is there and is intact.

Note also that there are two types of devices, "block" and "character". Disk drives are block devices. The same major number may be assigned to one block device and a different character device.

What I would like to do is take the config file from 2.2.16 and copy it to 2.2.14. Everything but the video card works tickety boo in 2.2.16. The problem is, where do I find the config file from 2.2.16? 2.2.14 is in usr/src/linux of course, which was created on the install, but where does the old .config file reside?

Is that even a good idea to solve the issue? Any and all help is mightily appreciated.

[Ben] I would say that this is not a good idea at all. Configurations - and thus, config files - vary wildly between kernel versions. On the other hand, printing out the old configuration and walking through the new one to make sure that it's as close as possible to the original would be very useful. On my system (I'm running Debian, but I don't think it would be very different on others), the config file is in

"/usr/src/kernel-source-<version>/.config"

[Mike] This is the normal Linux convention. Actually, you can place your build tree anywhere, but you should make /usr/src/linux a symlink to it so that the compiler will find the include files. (Is this still required now that glibc has its own kernel headers?)

[Ben] Good luck in resolving your problem.

What is Linux?

the screensavers look great!

From David Cruz

Answered By Mike Orr, Heather Stern

i live in south africa and find it hard to source help from anyone here.i recently saw a friend how is running his pc on linux software.very impressive.i myself have windows 2000,which works well but when it comes to graphics and proffessional look you're way ahead.i've been trying hard searching the net for the last week for your softwear but came up with nothing.

[Mike] The following URLs contain material on what Linux is, what you can do with it, and where to find it:

http://www.linuxresources.com , sections:

• "What is Linux"?
• "About Linux distributions" (general information)
• "Linux distributions" (information about each major distribution)
• "GLUE" (look for a Linux users group in South Africa)

http://www.linuxdoc.org/HOWTO/META-FAQ.html This is the Linux Meta-HOWTO, which gives an overview of where to find different kinds of Linux information.

http://www.linuxdoc.org Home site for Linux documentation. Click on "mirrors" and find a mirror in South Africa to read; it will be faster and cheaper than using the USA server.

http://www.linuxnewbie.org A site dedicated to helping new Linux users and those who just want to see what Linux is before deciding whether to run it.

http://www.linuxstart.com A site which tries to be a "user-friendly index of Linux information".

.the one thing i found incredible was your screensavers- radar, bumps(the blue torch searching in the dark,compass

[Mike] Does anybody know which programs he's talking about? Is it the standard X screensavers (xlockmore), the xscreensaver package, or something that comes with KDE or Gnome?

I don't use screensavers; I prefer to make the screen go black and switch to power-saving mode. If I want to watch "eye candy", I'll run an application which does this. Fortunately, xscreensaver screen savers can also be run as applications in their own windows, not just as screen savers.

[Heather] The radar screensaver he is talking about is one of the utilities which can be used as an xscreensaver module, or simply run as a seperate app. By default it just looks cute, but it has command line options to "ping" some specified hosts your local network and thus be more realistic "sonar" for your situation. Several of the nicer toys like this need to be fetched seperately from xscreensaver package itself.

Gnome uses a GTK based front end to xscreensaver, which shows a number of these sorts of descriptions, including for the extras (it mentions their homesites, so you know where to get them from. Maybe handy even if you hate Gnome?) I have to say it was useful when I was trying to decide which modules to not bother using. I don't really like the idea of a truly random screen toy, as some of these artsy things are just plain ugly.

I don't remember what K uses. Anyways asking whether a given module is in xscreensaver or in xlockmore is a lost cause. The two are always in a race and at any given time, both have lots of cool eye candy, and a lot of it is GPL so you could port it if you felt like. You can have both installed, but only run one or the other at a time.

Linux Installation question

From Layne Gossett

Answered By Mike Orr, Heather Stern

Is there an option for specifying that I would like to be prompted for all of the kernel options during installation, much like you get when building your own kernel?

[Mike] I assume that by "during installation" you mean you want to customize the kernel options at each boot, not the first time you install Linux using your distribution's install program.

You cannot set the compile-time options (=the "make menuconfig" options) at boot time. However, there are lots and lots of other kernel options you can set from the LILO: promit or by adding an

append="myoption1 myoption2=myvalue1,myvalue2"

line in /etc/conf.lilo and re-running lilo. See the Bootprompt-HOWTO for all the options you can set. http://www.linuxdoc.org/HOWTO/BootPrompt-HOWTO.html

Some other options can be set at runtime via the /proc filesystem. For instance,

echo 1 >/proc/sys/net/ipv4/ip_forward

will turn on IP forwarding. Echoing a zero will turn it off. Documentation for these files is in the appropriate subsystems' docs and HOWTOs. (And actually, most are not documented very well.)

Although I have read the HOWTOs on building my own kernel, I still have not been able to get it to work out yet. I've had a lot of luck installing Red Hat from the CD, but I'd like to have firewalling and IP Masq capabilities from a "clean" installation (and remove things like PCMCIA, etc.).

[Mike] For masquerading, you must compile the kernel with IP forwarding and IP masquerading. Then you need to enable it in one of your boot scripts. For instance, my Debian /etc/init.d/rc.firewall contains:

/sbin/modprobe ip_masq_ftp # Only neded if masquerading non-passive FTP.
echo "1" > /proc/sys/net/ipv4/ip_forward # Turn on IP forwarding.
/sbin/ipchains -M -S 7200 10 160 # Debian default timeouts.
/sbin/ipchains -P forward DENY # Deny any other kinds of forwarding.
/sbin/ipchains -A forward -s 10.0.0.0/8 -j MASQ
# Masquerade from the 10.0.0.0 network to the outside world.

Try running these commands manually and see if you can get masquerading working with your current kernel.

For more security, you can build a more elaborate set of ipchains rules. (Note: ipchains requires a 2.2.x kernel, which I assume is what you have.)

[Heather] The Debian installer does ask about these things, but just to prepare the modules listing, not to prepare a whole kernel. And its prompts are rather wimpy - you really have best luck if you already know what you are looking for.

Tell me about the K guys

SCI-Linux project to use multiple package types?

From Manoj Warrier

Answered By Heather Stern, Mike Orr

Dan is right. Use one of the user friendly, mouth feeding distros and U stay a newbie unless U make a habit of reading the Linux Gazette and Linux Journal articles out of curiosity as to what happens under the hood...

But, my ears picked up at Heather's comment -> "I think the K guys have the right idea, writing a front end that deals with more than one package type". It sounds exactly like something I need. We are compiling a set of software (most of the links provided at "http://Scilinux.freeservers.com") which we think go into making an Enviornment for scientific computing on Linux. We plan to make a CDROM by April 2001 (GPL) with the sources / RPMs / other binaries and have a Tcl/Tk interface to install these on a existing Linux/GNU PC. We are still wondering if there is "a front end GUI that can deal with more than 1 pacakage type".

[Heather] kpackage is allegedly able to deal with both .deb and .rpm package types. I assume that you still need the underlying libraries, so it knows what to call. It may also be strongly dependent on alien, a script which eases the conversion between package types.

If you're going to write your own GUI, definitely take a look at alien, the packaging APIs, and the apps which already exist to deal with these package types alone. Just make sure not to mix licenses in any incompatible ways...

So who are this K guys? KDE develoment team? ...

[Heather] Yes. The full name of KDE is "the K Desktop Environment" where according to the FAQ, K stands for Kool. But they refer throughout their docs to K, for example, the K menus, the K button, etc.

[Mike] Of course, it was named after CDE, the Common Desktop Environment GUI that many commercial Unices use.

... to which Manoj replies ...

Hi and thanks,

Elaborating more on my task at hand,

Work to be done -> Create a CDROM with scientific software which can be installed on a PC already running Linux.

Problem faced -> There are various distros of Linux, various versions of Linux software, therefore a binary which works on one may not work on the other.

[Heather] This is more a matter of the library dependencies than the limits of any one distro. ldd <binaryname> would tell you which libraries it expects, and if those are really already present, you can force it to install, over its packagemaneger's objection, and it will work.

(1) Thanks. I did not know this.

[Heather] In some cases the kernel may lack something, in which case providing a usable kernel with modules would be a good idea. Don't forget pcmcia modules and setup if you want to gracefully handle laptops.

Not planning on this (at least not in the pre-alpha version). Also wondering where I can keep the CDROM for free downloading (Power cuts, etc, are quiet common this place).

Policy -> Do not want to creae another distro of Linux (Linux from scratch is the way to do it ... am I right??) on which we can then make pre-compiled binaries.

[Heather] Sort of contrary to this, people call "Bastille Linux" a distro even though it's strictly symbiotic to RedHat. You might look at Rock Linux (designed to put the whole thing together from sources) or piggyback on Slackware (which was an early distro, and is pretty strong in the compiler department) or on debian (if it's got the packages you want already, since it has so many).

Therefore plan -> Have the sources, binaries (*.rpm, slackware *.tgz, *.deb, etc..) on a CDROM and have a Tcl/Tk script to install your choice. The script would try to compile the sources for your Linux distro if none of the binaries packed with the CDROM works for you. I realise that a script that compiles from source for your distro of linux will take a loooooot of time, and it is close to impossible to make it work for all distros .. SO ANY IDEAS??

[Heather] with the aid of alien I use rpm's on my debian box and .deb's on my SuSE box fairly freely. Admittedly I did grab 3 deb's to bring lynx-ssl over but it was worth it... and not very hard, debian's dependency tree was accurate.

(2) Using alien seems to be a stop gap solution ( I still have to check it out ).

[Heather] If you also provide the basic libraries that your packages expect, and you are really careful about adding them, you could do okay. The tricky part is things like libjpeg6a versus libjpeg6b (for example). If you get some app that really only wants a specific libary and nothing else will do, you'll have to use LD_PRELOAD variables.

(3) Hopefully we will not need to use LD_PRELOAD. Providing basic libraries is most appealing (after using ldd "binaryname" to find the library dependencies for all the softwarewe plan to pack).

[Heather] The point of using LD_PRELOAD would be if using this with an unknown locally installed system - if your users will be booting from your CD-ROM, then you'll know their environment is correct, and LD_PRELOAD will be unnecessary.

You can use them anyway, and keep all your known support libraries in a little link farm, or something. Probably don't even need hardlinks.

Why go into it at all -> At my Institute (Insttute for plasma research, Ahmedabad, India) we have a lot of ppl using Linux and most of them do not have Octave, Scilab, Numerical libraries, yorick, xfig, lyx, AbiWord, pvm, mpich, ftncheck, etc. etc. etc... on thier Linux PCs. It would be convinient to therefore have a CDROM which would install these on thier PCs.

[Heather] Just offhand I've seen most of those in a debian capt list. Make note, I do point at non-free and non-US, so you may need to do that, or fight licensing hassles, to distribute them.

Never used Debian (Indian PC mags have never given a free version). Here RedHat sems to rule the roost. We get at least 2 CDROMS every year..

Another problem is getting started using these new software. Detailed 100+page manuals are very useful after you get started. therefore we have plans of short getting started guides for these software. I guess there are other people who also might find such a CDROM useful. Thats why we started this.

[Heather] All my best wishes go to you, the Linux world needs more documenters

Meanwhile Ill be exploring alien and kpackage. kpackage would probably need the underlying libraries ... Not everybody has this.

[Heather] There are tricks for unwrapping an rpm or a deb without having the library installed yet. The Linuxcare Bootable Business Card (BBC) does this to install ssh on-the-fly since when they began the project, the U.S. still had overly eager anti-crypto laws. (It can be argued that they're still rather crazy - see the EFF - but I'll leave that be for now.) You can get the BBC at its new site: http://open-projects.linuxcare.com/BBC

Which leads me to ask -> Dont youll think fondly about the window manager which you could work on within 5 seconds of typing "startx" at your console on your 16 MB RAM 486? This could be a silly sentiment ...

[Heather] I recommend looking at fvwm2, it's what I use for a lightweight setup that still offers "normal" menus. And flwm (fast light window manager) comes highly recommended from the debian-laptops mailing list.

I use fvwm. flwm sounds good. Must check it out.

[Heather] If you're going to write your own GUI, definitely take a look at alien, the packaging APIs, and the apps which already exist to deal with these package types alone. Just make sure not to mix licenses in any incompatible ways...

and YES !! we have to check out licenses in detail (the least attractive part of the project), but I guess we might be able to distribute most of it since this is never going to be a commercial CDROM. Ill put it up for free downloading (Is there anyone who will provide this service - A mount point for a CDROM having a tar gzipped version of it?). Dont know if I can convince my Institute to CDwrite and mail the CDROM to whoever requests it and pays mailing charges. In fact dont know if anybody will want it, but we learn quiet a lot (ldd "binary name", alien, etc..) doing this.

Thanks once again.

Manoj

Then there was this great - user friendly OS which overwrote your MBR whenever you installed it...

[Heather] You're welcome, and good luck in your project.

Data Recovery Vendor Seeks Linux Basics

RAIDs do not guarantee safety for your data

From Support

Answered By Jim Dennis, Mike Orr

I wonder if you could point me to a FAQ that would answer the following question:

We are a small company specializing in Data Recovery. HardDisk "crashes" and the like.

We have a client that used a network Disk Drive from a company called NETGEAR. It appears that they have built their product round Linux (The good news !)

[Jim] Yes. I've heard that the Netgear NAS (network attached storage) products use an embedded Linux system). However I don't know any details about their configuration.

[Mike] I have a bit of sympathy in my heart for data recovery companies, because we had to use one at the hospital I worked at in 1994. I was doing data entry into a FoxPro database and the Novell server crashed. To top it off, this was 3pm on Christmas Eve and most people were gone. Troubleshooting proved that the server would reliably crash when accessing the middle of certain files in the NetWare filesystem--and these were the database data files.

It took a week to recover. We were between sysadmins and didn't have a backup, because our disk capacity was 2 GB but our tape drive had not kept pace -- it was still a measly 250 MB model. A guest sysadmin from the hospital-wide pool came, did the standard bindery tests (akin to fsck), called a couple consultants who didn't help, called a CNE but didn't engage him since he wouldn't have done more than we'd already done--but would have charged $50 anyway!

We discovered that disk mirroring is not always a good thing. The mirror drive was supposed to be our backup. And it did backup well: it backed up the corrupted data!

The sysadmin noted my comments about the hard drive making noises, and wrote in a report, "It done sound like a car need bearings." We sent the drive to OnTrack; they took it apart, charged $2000, and sent back a tape containing all the files they could recover. Out of all the consultants and CNEs we called, they were the only competent ones in this whole process. They also sent back an amusing analysis report: "Severe hard drive damage. Drive should be replaced." Duh!

We replaced both drives, because the other one was acting up too. Both were part of a bad Maxtor batch that were causing problems in other parts of the hospital as well. They had 12-month warranties, and the drives were failing in the 11th or 13th months.

Thus far, we have regrettably no experience of Linux. I wish to Install a minimum configuration of Linux on a Win98 test PC in order that i may copy the data on their (undamaged) harddisk to another FAT32 harddisk and thereafter backup to CD's.

Right now i'm downloading 2 * 675Mb of "Linux" in ISO format. I doubt that i need 10% of it for this task, but i have no knowledge of the required files to get a minimal system running. Is there an FAQ that would explain to a willing but uneducated guy, how to proceed.

[Jim] You don't mention which ISO images you're downloading. It's probably excessive in any event. Generally you can install a fairly full Linux distribution from one CD (the second CD on many distributions contains source code and/or extra software, sometimes including shareware and other "non-free" stuff (demoware, etc)).

1. how to install a minimum version of Linux

[Jim] This is a very difficult question to answer given that you haven't told me which distribution you're downloading. Distributions differ more in their installation and initial configuration than in any other regard.

It would also be difficult, even if you had provided this information, since it requires essentially a chapter length exposition.

[Mike] If you want just a minimal Linux installation to just copy data off a Linux partition, consider Tom's Root Boot. It's a minimal Linux system on a bootable floppy, with the utilities needed in a typical rescue situation. Our sysadmins swear by it for all manner of workstation setup tasks.

http://www.toms.net/rb

However, I echo Jim's statement that you need to know the basics of Linux utilities in order to do an effective data transfer. Many people have had to embark on an unanticipated self-taught crash course, but it means spending a weekend with the HOWTOs and manual pages or a book.

2. how to copy files from a Linux Partition on one disk to a fat 32 partition on a second disk.

[Jim] This part would be quite easy once you have Linux installed. Linux support FAT32 and MS-DOS filesystems (including the VFAT long filename support). So you'd use a command sequence something like this:

  mkdir /mnt/netgear
  mkdir /mnt/windows
  mount -t ext2 /dev/hdb1 /mnt/netgear
  mount -t vfat /dev/sda1 /mnt/windows
  cd /mnt/netgear && cp -ax . /mnt/windows

... this assumes that you have installed Linux unto your first IDE drive (the master on the primary controller) which is called /dev/hda under Linux. It therefore assumes that the hard drive which you've extracted from the Netgear NAS unit is the second IDE drive (slave on the primary IDE controller) which is called /dev/hdb under Linux. This all presumes that you made the necessary changes to the pin settings on your hard drives to get the hardware working.

I also assume that you're using a SCSI disk (though you could use a third or fourth IDE drive --- or even a fifth, sixth, etc). /dev/sda is the first SCSI hard drive on any normal Linux system (though this may change in the future, with devfs).

So, this example makes many assumptions about how you've installed Linux and what hardware you have available. There are MANY other ways to do this.

Other than that the example basically makes a pair of mountpoints (places at which filesystem can be connected), mounts the Netgear drive to one and the Win '9x drive/filesystem to another changes to the top of the netgear directory tree and copies everything on that filesystem (recursively) unto the VFAT partition.

Note: I'm also assuming that the Netgear is not functioning as a NAS and that you're removing the hard disk from it and connnecting it to one of your lab machines. That seems pretty obvious to me, since you'd just attach to it via the network directly from a Win '9x/NT box if the NAS services were working; right?

I'm also assuming that Netgear is using ext2 (the dominant Linux native filesystem). If they're using Reiserfs or some other filesystem --- then you'd have to do things a bit differently. If that is the case; you'd be best advised to use the SuSE distribution which already includes support for Reiserfs --- otherwise you'd have to patch and build your own custom kernels; which is not a task to be undertaken by novices.

(S.u.S.E. is the only major distribution that already supports Reiserfs. Netgear might have patched their system to support it given that Reiserfs' "journaling" features would be very desirable on any Linux-based headless NAS device!)

3. Am i inventing work unnecessarily. maybe there exist tools to read Linux partitions and copy DATA to Fat32. Something in the Style of Partition magic ( but to actually COPY files.)

[Jim] There used to be a set of ext2 (Linux extended filesystem version 2) utilities for OS/2 and Win32 (NT and '9x). However I'm not sure that they are the best for your purposes.

It would probably be best to buy a nice large hard drive (6Gb or better), put it in one of your lab workstations, install Linux from CD (I prefer Debian; but S.u.S.E. might be more to your liking --- S.u.S.E. is the most popular distribution in Europe and has very good support for various continental languages).

Once you have Linux installed and the Netgear drive attached you can "dump" a raw (bitwise) image of the entire drive into a single Linux file using a command like:

   dd if=/dev/hdb of=/some/path/with/lots/of/free/space bs=1024k

... or you could dump each filesystem/partition by using the commands:

   fdisk -l /dev/hdb

... and then (for each of the partitions listed there: let's say it's 1, 2, 3, 5 and 6; skipping 4 since it might/would be the extended partiton container:

   for i in 1 2 3 5 6; do
      dd if=/dev/hdb$i of=/lots-of-space/netgear-image.hdb$i.bin
      done

(This last is a bit fancy for a novice. However, you can just type the commands one at a time until that little snippet of shell code makes sense). (Obviously you'll need to put in your own names in place of the of= paths that I've listed here).

NOTE: if the netgear filesystems are larger than 2Gb then you might need a very new kernel with LFS (large filesystem support) or you could use "raw" partitions (unallocated space) on your new large Linux disk.

This "dd" approach is handy if you want to preserve a full snapshot of the filesystem (in it's damaged state) before attempting data recovery. That way, if your filesystem check and repair efforts cause more damage you can always start from scratch.

In general I'd say that there is way too much about Linux to learn before you'd understand how to do filesystem or data recovery. As I'm sure you know from your experience with FAT/VFAT/FAT32 based filesystems, one must generally be expert in an OS prior to being competant at data recovery under it.

I would be most grateful for any advice you could offer.

[Jim] You could look for a good Linux training consultant to come in and give you're team a crash course. You'll find that Linux really is a data recovery person's dream tool suite. Although it's not "easy to use" it does offer full access to the system hardware and has very good support for the filesystems of various operating systems.

My best Christmas greetings from Sweden, Tony Kvarnstrom

Linux, UNIX, what's the difference?

From Alex

Answered By Heather Stern

Hi, I have a question that's been on my mind lately. I've looked around the web and gotten some roundabout answers. The question is, what is Linux?

[Heather] Linux began life as a kernel that would act like Minix but run on Linus' 80386 and mount up his minix filesystems. He shared it and was encouraged by folks submitting their own patches. People just can't make their mouth say "Linus' Minix" for very long, but I can't pinpoint when it got compressed to Linux. Maybe one of our readers could

[Mike] Vaguely I recall Lars Wirzenius mentioning the origin of the name Linux in a talk at Linux Expo 1998. I think he said something like it wasn't Linus who came up with the name. He just uploaded it to the FTP site and the FTP admin had to come up with a label for it, so he called it Linux. But I may be remembering wrong.

Where's that message where Linus recounts how his first success in building Linux was to develop a multitasker that allowed one process to write "a" repeatedly to the screen while another process wrote "b"? I think in there it mentions that one of his early names for the system, when he was in an extremely frustrated mood, was Buggix.

[Heather] As time rolled on and "distributions" were gathered and sold, the press likes to call the distributions Linux too, while others argue that only the kernel is Linux and the rest is (for example) Red Hat or SuSE or whatever.

The most popular answer on the net seems to be "Linux is a UNIX-like OS". Well, then what is UNIX? And why isn't Linux UNIX?

[Heather] There is someone who presently administers the trademark work UNIX and they don't feel like branding Linux with it for free. FreeBSD has the same "problem" - both are at this point well established systems that people already experienced in UNIX will find comfortable features in.

The trademark began life as AT&T Bell Labs UNIX, and has been traded and sold a number of times since. For a while Novell owned it ... in fact, for a brief time it looked like Novell could become the source of a new, completely non Microsoft based system, because they had Netware, they had DR DOS, they had WordPerfect and its family of apps... but they either didn't see it or had so many internal politics they couldn't do it.

The current trademark holders are the Open Group. Their babble about rights to use their trademark is at: http://www.unix-systems.org/trademark.html

Anyways, UNIX shouldn't be used as a generic term, because that's against the principles of trademark. Let me illustrate with an example that a few more people will understand. You can't call something Coca-Cola (http://www.coca-cola.com) that's not. You're not supposed to call it Pepsi either (http://www.pepsi.com, but you can't use the site at all from lynx; try their investor relations site, http://www.pepsico.com instead) unless it's really Pepsi. But you can call it a "Coca-Cola like soda" or say something "tastes kinda like Pepsi" and you're safest with "a cola" or "a soda pop". For the curious out there, I drink either, but prefer RC (http://www.rccola.com).

So Linux is "an operating system" which only "tastes like MS Windows" if you select a window manager with a theme that tries really hard to do that, but tends to "taste like UNIX". Admittedly it tastes a bit more like these if you go the extra mile and run WINE or have the iBCS compatability module around so you could try to run the respective binaries.

[Mike] Funny, just today I saw a story in Linux Weekly News where Sun claims Solaris is a version of Linux because it can run programs compiled for Linux, and maddog says this proves we've never come to a consensus on what "Linux" really means. Purists say Linux means just the kernel, but maddog cites Linus as predicting that mainframes with highly-customized kernels will also be "Linux sytems" in the future.

http://www.lwn.net/2000/1221

Is AIX or Solaris or SunOS or HP-UX a UNIX?

[Heather] AIX and Solaris are blessed with this trademark under "UNIX 98", HP-UX and Tru64 among others are blessed under "UNIX 95". (You can see the Open Group's Registered Product Catalog if you care: http://www.opengroup.org/regproducts/catalog.htm

I don't think SunOS ever got so blessed; it was a BSD derivitive after all. You can read some about the confusions between SunOS and Solaris in this handy note: http://www.math.umd.edu/~helpdesk/Online/GettingStarted/SunOS-Solaris.html

If so, what makes them a UNIX and Linux not a UNIX? Is it kernel specific? What's the deal?

[Heather] I hope this helped.

linux question

From Ted Mims

Answered By Dan Wilder

I hope you can help me out. I am running a box with Linux 6.0. I had a hacker a few weeks ago that primarily set up some shielded irc channels and modified my dns for his needs (exactly what they were, I am not sure). Anyway, somehow he made it so that my securetty file is ignored. I am having no luck locking root out of telnet. securetty has the correct format and permissions and pam_securetty.so is not commented in the /etc/pam.d/login file. Do you happen to have any suggestions? All I want to do is re-restrict direct-in root access. I would greatly appreciate any elightenment you can offer. Thanks

Ted H. Mims

[Dan] The executive summary: reinstall, secure the new system, copy data from the old.

Unfortunately, once a system is compromised, you can't trust the pieces. The skilful cracker, or even the less skilled in this day of script kiddees, will have replaced system binaries such as /bin/login, /bin/ls, /bin/ps, and on and on. This places you in a shifting hall of mirrors when you attempt repair on a running system. Especially if you attempt this repair while the system is connected to the network. I know very few sysadmins who would be up to this challenge, fewer still who would be assured of success, and almost none who would attempt it except on a wager or as a sport. I would be the last to suggest you attempt this based on a few pointers.

The prudent course of action is a fresh install on a new hard drive. Do this on a system without any connection to an outside network.

Upgrade named. http://www.isc.org/products/BIND is the URL. Use bind-8.2.2 patchlevel 7 for an easy upgrade from what's on most 6.0 distributions. Or, see if the ftp site for your distribution has an upgrade. Eight bugs, including one allowing remote exploit and providing the attacker with full access at whatever privilege level named runs at, have been located in older versions of bind.

Eliminate all services the system does not need, by turning them off in /etc/inetd.conf or the equivalent xinetd config files.

Establish secure passwords for all accounts.

At that point, take the hard drive from the old system and mount it for example on /mnt. Copy valuable data from the old hard drive to the new. Examine all configuration files you may copy over carefully.

Don't allow telnet from remote systems. The password is transmitted in plaintext, not a very good idea in this age of sniffers.

Consider instead installing ssh or openssh, if remote access is needed, or if you're on a LAN with more than a handful of hosts or with users who are not highly trusted employees. Be aware that even ssh is not 100% proof against "man in the middle" compromise.

<digression> That "6.0" doesn't mean much if you don't specify the distribution, for example "Red Hat" or "SuSE" Each Linux distribution maintains its own versioning system, with only very rough equivalence between distributions. </digression>

.... Ted found the breakage ...

I just needed to actually pen the question to someone. I figured it out all by my lonesome. Thanks anyway. He had bypassed pam and sent it back to the login.defs file which of course did not have a CONSOLE directive.

Ted H. Mims

Red Hat 7.0

Crackerz!

From George Hawthorn

Answered By Ben Okopnik, Heather Stern

Answer Guy,

I've searched every Linux site I can find to understand why after months of trouble free operation, I am unable to login to my RH 7.0 server at the terminal. Everything is working fine, web server, ftp, router but I simply cannot login as root or anybody else for that matter. I can do a 'linux single' boot but under a normal boot, when I get the login: prompt and type root, I'm back at the login prompt again. I realize this is an imposition, but I'm getting desperate.

Thanks for your time,

George Hawthorn

[Ben] First, a quick possibility: Take a look at my '"Cannot execute /bin/bash: Permission denied" - solved!' article in Issue #52 of the Linux Gazette. It may contain an answer to your question. Note also that people are able to log in if your ftp, etc. services are usable - they are logging in as a very low-privilege user ("nobody", or "ftp"), but they are logging in.

[Heather] Here's an even faster possibility (maybe even the same) - did you upgrade PAM recently by any chance? The default files from a PAM upgrade usually are not the same as your normal policy. One time I ended up only being able to get in via ssh ... and that, only because my key was already in place, so it wasn't dropping down to standard authentication.

[Ben] Second - when you do log in via 'single', what does the system look like? Has the password file changed? (Hint: it is a Good Idea to have dated snapshots of "/etc" along with your regular backups; a tarred/gzipped archive should easily fit on a floppy.) Try making a copy of "/etc/passwd" (or "/etc/shadow" if you use shadow passwords), then edit it to remove the password hash for root -

root:1XaFDYn7EapuP:0:0:root:/root:/bin/bash

Chop out the second field:

root::0:0:root:/root:/bin/bash

When you next log in as "root", you won't need a password - just make sure to create one immediately. If you still cannot log in, then something in the system itself is giving you problems; once again, refer to the above article.

As to reasons why this happened in the first place: well, the scary-but- obvious reason could be that some "script-kiddie" got into your system and did a dance on it. Not to panic; as long as you've got good backups, the damage can be undone (and if you're running a publicly accessible server and _don't_ have backups, I'm afraid you've gone beyond any help I can give.) It could also be that some program you've installed - and I haven't heard of anything like this with progs from established distributions, whereas just slapping in a random tarball could do this - has messed up your libraries or other vital files.

In my experience with Linux, I've come to an expectation that I did not have with MS Windows or OS/2 - "stuff" doesn't just happen. There is a reason for this; whether a security problem caused by random services enabled in "/etc/inetd.conf" (I strongly suggest reading the Security-HOWTO if you have not done so previously) or a problematic program installation, you need to track it down and resolve it. Particularly in the case of a break-in, it is not something you want to happen again.

Good luck

... George adds some context ...

Ben,

Thanks so much for the speedy reply. I'm going to read through your e-mail very carefully. I can tell you that I've done nothing to the server for months accept FTP files to it, Telnet to it, add a couple of users etc. It's been running perfectly since August of this year, and so I "think" I can rule out my actions as the cause. I haven't installed any additional programs. As for the security issue, this was and still is my immediate concern. I wonder if someone has got in and done "something". I did see a couple of bad login attempts using lastb. I do have copies of ALL important files, and so could simply reinstall the OS, but then I'd be no better off...just waiting for it to happen again. Thanks once again for your help. I'll let you know if I find the cause.

... then following Ben's advice, investigates more carefully ...

Ben, Following your article in issue #52, I looked at /bin/login (using linux single) and noticed that it is owned by root and lp (have no idea what lp is ...sounds like a print queue).

[Ben] Just to hazard a guess - since I don't know the layout of your system or anything else about it - an attacker may indeed have come in via your remote print system; there are exploits (if I remember correctly) that use it, since it requires a high level of privilege to access the hardware ports. I would at least check into security measures involving the print system - the first of which would be to make sure that I'm running "rlpr" or "lprng" for my remote services. The second would most likely be a search of COTSE <http://www.cotse.com/unix.htm>;, Insecure.org <http://www.insecure.org/sploits_linux.html>;, or NetworkICE <http://www.networkice.com/advice/Exploits>; for known exploits against whatever I am running.

I booted up another pc with RH 7.0 and noticed that its /bin/login ownership is root and root. I tried chown root.root login, but get the 'permission denied response'. I also edited /etc/shadow with no luck. I agree with your theory that reinstalling teaches you nothing. My master plan was to FTP the login "program" from a working pc to the server in the hope that login is somehow corrupted on the server.

[Ben] "/bin/login" and "/bin/bash" are typically good things to check when looking for intrusion "footprints", especially a "/bin/bash" that's been set SUID (this means that anyone running that shell has full root privileges!) The fact that you're unable to chown "login" means that FTPing a good "login" binary will not help - you probably won't be able to delete the old one. In fact, it's a pretty strong indicator that...

I rebooted the server using the linux single command, and then SU to login as root. I was scrolling through previous commands and was surprised to see many commands that I didn't enter. Someone created a user called "Poped" as far as I can tell, and then entered commands such as

rm -f /bin/login chattr -i /bin/login

It would seem that someone gained access. What do you t