Probably off-topic, but I need to rant anyways: I do not see where nor any How-To on the procedure for installing my own self-signed certificate. I even did a new tarball d/l from OpenSSL's site itself: OpenSSL 0.9.6a 5 Apr 2001 built on: Mon May 28 00:19:23 EDT 2001 platform: linux-sparcv9 options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: gcc -DTHREADS -D_REENTRANT -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W -DMD5_ASM It was successful, as was: /usr/ssl/misc/CA.pl -newca /usr/ssl/misc/CA.pl -newreq /usr/ssl/misc/CA.pl -signreq /usr/ssl/misc/CA.pl -pkcs12 "InSecurity.Org" I suppose my real issue is I wish I knew what I was doing more than just the 'trial and error' development approach... Thx for listening; -Sneex- :] ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
I agree on the "lack of documentation" thing. I'm a newbie, using Linux since July of last year. I have come to the conclusion that the documentation for Linux, especially the newer stuff, has falling badly behind - if it existed in the first place. I feel lucky that SuSE has at supplied some of the best docs available ( and this mail list) that aren't necessarily written for people with Comp sci/engineering degrees. I check the LDP site and find that much of it is out of date by 2 or in some case 3 version. Much of it is of little use. If it's hard for an experienced or veteran user think about us poor dumb newbies. It can get awfully confusing. There are packages and programs on my machine that I could probably make good use of. The problem is: A) finding info or docs about it, and B) what it's really used for once you get a doc about it. since the doc is usually a short snip about command line options. I wish there was a book I could get for my version, but usually I have to wait a minimum of 6+ months for a decent book to be published and by then the next version has been released and half of the OS is different. Just my 2 cents. Curtis Rey On Sunday 27 May 2001 11:47 pm, Bill Jones wrote:
Probably off-topic, but I need to rant anyways:
I do not see where nor any How-To on the procedure for installing my own self-signed certificate. I even did a new tarball d/l from OpenSSL's site itself:
OpenSSL 0.9.6a 5 Apr 2001 built on: Mon May 28 00:19:23 EDT 2001 platform: linux-sparcv9 options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: gcc -DTHREADS -D_REENTRANT -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W -DMD5_ASM
It was successful, as was: /usr/ssl/misc/CA.pl -newca /usr/ssl/misc/CA.pl -newreq /usr/ssl/misc/CA.pl -signreq /usr/ssl/misc/CA.pl -pkcs12 "InSecurity.Org"
I suppose my real issue is I wish I knew what I was doing more than just the 'trial and error' development approach...
Thx for listening; -Sneex- :]
____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
you know finding this stuff online isn't to hard... I wrote documentationa bout this like 2+ years ago. Anyways. Go to: http://www.securityportal.com/lasg/network-servers/www/index.html P.S. for suse guys: go steal /usr/share/ssl/certs/Makefile from a redhat system and plunk it into your apache distro =) Kurt Seifried, seifried@securityportal.com PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.securityportal.com/
Thanks for the tip on the Apache. RIght now I'm not running a server but it's good to know. Though to be honest I'm a little leary about using one distros files/progs on another - had big probs with Mandrake doing that. But, it could just be a problem with the Mandrake distro (7.1) because I read a few threads from Mand users about having a similar experience. Cheers. Curtis On Monday 28 May 2001 12:25 am, Kurt Seifried wrote:
you know finding this stuff online isn't to hard... I wrote documentationa bout this like 2+ years ago. Anyways. Go to:
http://www.securityportal.com/lasg/network-servers/www/index.html
P.S. for suse guys: go steal /usr/share/ssl/certs/Makefile from a redhat system and plunk it into your apache distro =)
Kurt Seifried, seifried@securityportal.com PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.securityportal.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Uhhmm. It's a makefile that runs command line "openssl" with the appriorate options to create the cert/whatever you need. For it to not work on SuSE properly would require your computer to be screwed up anyways. Look before you say it won't work =) Kurt
Thanks for the tip on the Apache. RIght now I'm not running a server but it's good to know. Though to be honest I'm a little leary about using one distros files/progs on another - had big probs with Mandrake doing that. But, it could just be a problem with the Mandrake distro (7.1) because I read a few threads from Mand users about having a similar experience.
Cheers. Curtis
On Monday 28 May 2001 12:25 am, Kurt Seifried wrote:
you know finding this stuff online isn't to hard... I wrote documentationa bout this like 2+ years ago. Anyways. Go to:
http://www.securityportal.com/lasg/network-servers/www/index.html
P.S. for suse guys: go steal /usr/share/ssl/certs/Makefile from a redhat system and plunk it into your apache distro =)
Kurt Seifried, seifried@securityportal.com PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.securityportal.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, Now that I am having all these problems with firewalls etc and maybe messed up my orginal firewall.rc.config file does any one have an orginal one that I could use as a template please ? Regards Matt -----Original Message----- From: Matt [mailto:matt@import-it.co.uk] Sent: 27 May 2001 02:34 To: suse-security@suse.com Subject: [suse-security] SuSEfirewall configuration help SuSEfirewall config... Please could someone send me an example of one with the following settings enabled please.. I use SAMBA, telnet, rlogin, ftp and vnc, ping, traceroute on 3 my machines 192.168.0.2 (SuSE 7.0, 192.168.0.3 (SuSE 6.4) and use my win2000 box to work on (192.168.0.1). these are all on eth0 with win2000 used to dialup on. I would like to set up 192.168.0.2 as my gateway/router but at the moment I have configured my win2000 box. However whilst setting up SuSEfirewall my system hung on the firewall first run initialisation. I can neither login or do anything on reboot. I could login in single user mode but I don't know how to do that ant directions ? Regards Matt
Coul I use http://www.linux-firewall-tools.com/cgi-bin/firewall.cgi Would the config there be ok and does SuSE work on the same process ? Regards Matt -----Original Message----- From: Matt [mailto:matt@import-it.co.uk] Sent: 27 May 2001 10:30 To: suse-security@suse.com Subject: [suse-security] Orginal firewall.rc.config file ? Hi, Now that I am having all these problems with firewalls etc and maybe messed up my orginal firewall.rc.config file does any one have an orginal one that I could use as a template please ? Regards Matt -----Original Message----- From: Matt [mailto:matt@import-it.co.uk] Sent: 27 May 2001 02:34 To: suse-security@suse.com Subject: [suse-security] SuSEfirewall configuration help SuSEfirewall config... Please could someone send me an example of one with the following settings enabled please.. I use SAMBA, telnet, rlogin, ftp and vnc, ping, traceroute on 3 my machines 192.168.0.2 (SuSE 7.0, 192.168.0.3 (SuSE 6.4) and use my win2000 box to work on (192.168.0.1). these are all on eth0 with win2000 used to dialup on. I would like to set up 192.168.0.2 as my gateway/router but at the moment I have configured my win2000 box. However whilst setting up SuSEfirewall my system hung on the firewall first run initialisation. I can neither login or do anything on reboot. I could login in single user mode but I don't know how to do that ant directions ? Regards Matt --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Now that I am having all these problems with firewalls etc and maybe messed up my orginal firewall.rc.config file does any one have an orginal one that I could use as a template please ?
You have it already to extract it look at rpm(8), this will get you on the right track, it goes something like the following : rpm -qf /etc/rc.config.d/firewall.rc.config Tells you which rpm package the file belongs to, you can confirm with, rpm -ql <package>. To see what files have been altered, use the verify option. rpm --verify <package> Perhaps you want to compare with the CD-ROM of installation? rpm -Vp /cdrom/suse/<packet>/<rpmfile> You can reinstall, and you can also extract the RPM to a different root directory, avoiding updating the machine rpm database. Another good option with many files, is to install the source rpm, and find the configuration file in their, and then diff. I like to use rcs(1) to have version control on these files, which allows me to record reasons for, and to easily back out changes with ci(1) and co(1). rcsdiff(1) is also very useful! Install the package from the development packets and then create an RCS directory in /etc. Remember to 'ci -u' to get an unlocked readable copy of the file, when you have made changes, you can see files status with $Id$ and the log in the file, with the $Log$ flag. Rob
Would this one work ok ? Hi Robert, http://www.jungcom.de/Linux/downloads/firewall.rc.config Would the above rc.firewall.config work ok on my setup where currently 192.168.0.1 is my windows 2000 box with a dialup and 192.168.0.2 and 192.168.0.3 (linux boxes). Once the linux box (192.168.0.2) boots up ok I will move it to dialing out on my linux box. all boxes have eth0 and 192.168.0.1 has the modem on. I connect to an ISP with a dynamic IP address and gateway address too. (I normaly set my boxes to 0.0.0.0 also). Regards Matt -----Original Message----- From: Robert Davies [mailto:Rob_Davies@NTLWorld.Com] Sent: 28 May 2001 15:51 To: Matt; suse-security@suse.com Subject: Re: [suse-security] Orginal firewall.rc.config file ?
Now that I am having all these problems with firewalls etc and maybe messed up my orginal firewall.rc.config file does any one have an orginal one that I could use as a template please ?
You have it already to extract it look at rpm(8), this will get you on the right track, it goes something like the following : rpm -qf /etc/rc.config.d/firewall.rc.config Tells you which rpm package the file belongs to, you can confirm with, rpm -ql <package>. To see what files have been altered, use the verify option. rpm --verify <package> Perhaps you want to compare with the CD-ROM of installation? rpm -Vp /cdrom/suse/<packet>/<rpmfile> You can reinstall, and you can also extract the RPM to a different root directory, avoiding updating the machine rpm database. Another good option with many files, is to install the source rpm, and find the configuration file in their, and then diff. I like to use rcs(1) to have version control on these files, which allows me to record reasons for, and to easily back out changes with ci(1) and co(1). rcsdiff(1) is also very useful! Install the package from the development packets and then create an RCS directory in /etc. Remember to 'ci -u' to get an unlocked readable copy of the file, when you have made changes, you can see files status with $Id$ and the log in the file, with the $Log$ flag. Rob --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Would this one work ok ? Hi Robert,
http://www.jungcom.de/Linux/downloads/firewall.rc.config
Would the above rc.firewall.config work ok on my setup
Sorry I can't answer this question, my previous reply was to help you recover the original version from an rpm. As for learning to use rcs, as an aid to sysadmin, it does save all kinds of silly problems, you won't regret the time invested. Rob
Hi Robert, Hmmm will do so. rcs or cvs is a good idea. I normaly save an orginal version of rc.config before doing some major work. But the rc.config.d directory was not on my list however I will do so infuture cheers. I do have a problem with FW_ -----Original Message----- From: Robert Davies [mailto:Rob_Davies@NTLWorld.Com] Sent: 28 May 2001 15:51 To: Matt; suse-security@suse.com Subject: Re: [suse-security] Orginal firewall.rc.config file ?
Now that I am having all these problems with firewalls etc and maybe messed up my orginal firewall.rc.config file does any one have an orginal one that I could use as a template please ?
You have it already to extract it look at rpm(8), this will get you on the right track, it goes something like the following : rpm -qf /etc/rc.config.d/firewall.rc.config Tells you which rpm package the file belongs to, you can confirm with, rpm -ql <package>. To see what files have been altered, use the verify option. rpm --verify <package> Perhaps you want to compare with the CD-ROM of installation? rpm -Vp /cdrom/suse/<packet>/<rpmfile> You can reinstall, and you can also extract the RPM to a different root directory, avoiding updating the machine rpm database. Another good option with many files, is to install the source rpm, and find the configuration file in their, and then diff. I like to use rcs(1) to have version control on these files, which allows me to record reasons for, and to easily back out changes with ci(1) and co(1). rcsdiff(1) is also very useful! Install the package from the development packets and then create an RCS directory in /etc. Remember to 'ci -u' to get an unlocked readable copy of the file, when you have made changes, you can see files status with $Id$ and the log in the file, with the $Log$ flag. Rob --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
[ since we're OT anyway, I don't mind too much jumping in :) ] On Mon, May 28, 2001 at 00:18 -0500, Curtis Rey wrote:
I agree on the "lack of documentation" thing. I'm a newbie, using Linux since July of last year. I have come to the conclusion that the documentation for Linux, especially the newer stuff, has falling badly behind - if it existed in the first place. I feel lucky that SuSE has at supplied some of the best docs available ( and this mail list) that aren't necessarily written for people with Comp sci/engineering degrees. I check the LDP site and find that much of it is out of date by 2 or in some case 3 version. Much of it is of little use. If it's hard for an experienced or veteran user think about us poor dumb newbies. It can get awfully confusing.
You - and other newbies - can change this situation and have the next newbies suffer less. As long as people ask their questions, have them answered and silently disappear (since _their_ problem has vanished), there won't be any valuable help for the next one to come across this problem. Those people have to ask again ... Now imagine something like this: You're a newbie. You just solved a problem. Plus (very important!) you still are aware of what's a problem for a newbie _besides_ the technical stuff. That's something experienced users won't see -- not because they are cruel, but they are just blind on this very eye. :) If a newbie would consider this situation a chance to contribute and provide his solution to other newbies - in a form that's of real help since it's not only about the tech stuff - things could and maybe would improve. But as long as you expect "the others" to tell you what to do - while they don't have too much time or a different POV too far away to help you - you have to wait and still don't get something that fits your expectation. Yes, we had these threads many, many, many times before. And no, it's not a flame against newbies. But I want to make them aware of the fact that crying "tell me, please, since you're the author and must instruct me" won't work. Only newbies themselves are able to provide the doc other newbies would need efficiently! Help yourself and others by contributing and not just consuming! virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
Excellent point made below, and responded to... ----- Original Message ----- From: "Gerhard Sittig" <Gerhard.Sittig@gmx.net> To: <suse-security@suse.com> Sent: Monday, May 28, 2001 11:49 AM Subject: Re: [suse-security] OT: OpenSSL Rant :/
[ since we're OT anyway, I don't mind too much jumping in :) ]
I'll second that...
You - and other newbies - can change this situation and have the next newbies suffer less.
As long as people ask their questions, have them answered and silently disappear (since _their_ problem has vanished), there won't be any valuable help for the next one to come across this problem. Those people have to ask again ...
This is precisely why I stick around Linux IRC areas and mailing lists. I have no skill at writing documentation. However, I can and do retain info well, as well as being able to regurgitate it with some decent speed and accuracy. To any newbies out there, GET INVOLVED! Find the answer that you need THEN MAKE IT PUBLIC! If you write documentation, WRITE IT! If you do web-pages, do one about the problem you had! (Can anyone say HOWTO?) If nothing else, HELP OTHERS OUT! There have been several times that I have gotten the "I can't thank you enough!" line. I always answer, "Sure you can! Just help someone else out when you can!" Grass-roots campaign. Gotta live it! Geordon
Something else to remember: some of us here are semi-insane (like me and I suspect nix =) and will cheerfully add stuff to our documentation (lasg/suse security faq respectively) if asked often enough ;). I try to copy "interesting" emails for questions I see a lot but don't always remember. Kurt Seifried, seifried@securityportal.com PGP Key ID: 0xAD56E574 Fingerprint: A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.securityportal.com/
Yes Gerhard, your absolutely right on this. I just helped a user (I beleive with more experience that I) getting his resolution to behave correctly with a simple addition to his XF86Config file (Option "IgnoreEDID" "1") and it did the trick. I always try to help out and find it very very gratifying that a newbie, such as myself, is able to help. I spend a fair amount of time watching this list, I ask questions, but also give answers (and avoid as much as possible giving bad answers). I find the mailing list is a valuable and excellent resource. The SuSE mailing list is by far the best I've found. I have not experienced any real derogatory remarks or comments from the Linux vets. As for the "what the experience user won't see", I understand this also. I'm in healthcare/medicine and if I or my colleques were to speak to the patients as we do with each other we would run the risk of A) driving people away from seeking health care until a crisis arises, and B) we also run the risk of confusing the patients - and this can have dire consequences that can hurt people (or worse in some case). I feel it is a responsibility that I contribute back to the community, especially considering how much the community contributes to me. Cheers. Curtis Rey On Monday 28 May 2001 11:49 am, Gerhard Sittig wrote:
[ since we're OT anyway, I don't mind too much jumping in :) ]
On Mon, May 28, 2001 at 00:18 -0500, Curtis Rey wrote:
I agree on the "lack of documentation" thing. I'm a newbie, using Linux since July of last year. I have come to the conclusion that the documentation for Linux, especially the newer stuff, has falling badly behind - if it existed in the first place. I feel lucky that SuSE has at supplied some of the best docs available ( and this mail list) that aren't necessarily written for people with Comp sci/engineering degrees. I check the LDP site and find that much of it is out of date by 2 or in some case 3 version. Much of it is of little use. If it's hard for an experienced or veteran user think about us poor dumb newbies. It can get awfully confusing.
You - and other newbies - can change this situation and have the next newbies suffer less.
As long as people ask their questions, have them answered and silently disappear (since _their_ problem has vanished), there won't be any valuable help for the next one to come across this problem. Those people have to ask again ...
Now imagine something like this: You're a newbie. You just solved a problem. Plus (very important!) you still are aware of what's a problem for a newbie _besides_ the technical stuff. That's something experienced users won't see -- not because they are cruel, but they are just blind on this very eye. :)
If a newbie would consider this situation a chance to contribute and provide his solution to other newbies - in a form that's of real help since it's not only about the tech stuff - things could and maybe would improve. But as long as you expect "the others" to tell you what to do - while they don't have too much time or a different POV too far away to help you - you have to wait and still don't get something that fits your expectation.
Yes, we had these threads many, many, many times before. And no, it's not a flame against newbies. But I want to make them aware of the fact that crying "tell me, please, since you're the author and must instruct me" won't work. Only newbies themselves are able to provide the doc other newbies would need efficiently! Help yourself and others by contributing and not just consuming!
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
participants (7)
-
Bill Jones -
Curtis Rey -
Geordon VanTassle -
Gerhard Sittig -
Kurt Seifried -
Matt -
Robert Davies