From gdb@freecar.com Thu Apr 16 23:34:39 1998 From: gdb@freecar.com To: users@lists.opensuse.org Subject: RE: [S.u.S.E. Linux] shoutdown ? Date: Thu, 16 Apr 1998 16:34:39 -0700 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3419190461813436887==" --===============3419190461813436887== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable CTRL-ALT-DEL On 17-Apr-98 Jaeha Lee wrote: > >hi, > >What is the best way to shutdown Linux by non-root user ? > >Cheers >jae > > > >-- >To get out of this list, please send email to majordomo@suse.com with >this text in its body: unsubscribe suse-linux-e ---------------------------------- http://homepages.skylink.net/~gec= ko/index.html> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS d+(-) s:+ a29 C++$ UL++>++++ P+++$ L++>++++ E? W+++$ N+(-) o? K- w+++$(--) O M-- V- PS-- PE++ Y++ PGP++ t+ 5 X R+ !tv b++++ DI+++ D++ G++>G+++ e h+ r* y+ ------END GEEK CODE BLOCK------ ---------------------------------- -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============3419190461813436887==-- From jae@student.unsw.EDU.AU Fri Apr 17 00:10:23 1998 From: jae@student.unsw.EDU.AU To: users@lists.opensuse.org Subject: [S.u.S.E. Linux] shoutdown ? Date: Fri, 17 Apr 1998 10:10:23 +1000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7175563936963233083==" --===============7175563936963233083== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit hi, What is the best way to shutdown Linux by non-root user ? Cheers jae -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============7175563936963233083==-- From mskinner@verio.net Fri Apr 17 00:16:15 1998 From: mskinner@verio.net To: users@lists.opensuse.org Subject: [S.u.S.E. Linux] Suse as Firewall Date: Thu, 16 Apr 1998 17:16:15 -0700 Message-ID: <199804170016.RAA06916@core.atmnet.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8205202834908886429==" --===============8205202834908886429== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Has any setup Suse on a pc to just be a firewall? one ethernet in and one ethernet out? or is there a faq for firewalling out there.. thanks Mark Skinner -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============8205202834908886429==-- From gecko@benham.net Fri Apr 17 00:32:56 1998 From: gecko@benham.net To: users@lists.opensuse.org Subject: RE: [S.u.S.E. Linux] Suse as Firewall Date: Thu, 16 Apr 1998 17:32:56 -0700 Message-ID: In-Reply-To: <199804170016.RAA06916@core.atmnet.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3736810978949198674==" --===============3736810978949198674== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Look in either /usr/docs/howto or /usr/docs/howto/mini On 17-Apr-98 Mark Skinner wrote: > >Has any setup Suse on a pc to just be a firewall? >one ethernet in and one ethernet out? >or is there a faq for firewalling out there.. >thanks >Mark Skinner > >-- >To get out of this list, please send email to majordomo@suse.com with >this text in its body: unsubscribe suse-linux-e ---------------------------------- http://homepages.skylink.net/~gec= ko/index.html> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS d+(-) s:+ a29 C++$ UL++>++++ P+++$ L++>++++ E? W+++$ N+(-) o? K- w+++$(--) O M-- V- PS-- PE++ Y++ PGP++ t+ 5 X R+ !tv b++++ DI+++ D++ G++>G+++ e h+ r* y+ ------END GEEK CODE BLOCK------ ---------------------------------- -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============3736810978949198674==-- From bb@suse.com Fri Apr 17 00:55:46 1998 From: bb@suse.com To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] Suse as Firewall Date: Thu, 16 Apr 1998 17:55:46 -0700 Message-ID: <3536A892.255D33F0@suse.com> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5423602063118991773==" --===============5423602063118991773== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The Gecko wrote: >=20 > Look in either /usr/docs/howto or /usr/docs/howto/mini >=20 There is a firewall package included on our CDs. I'm currently working on a english version of our firewall howto. See http://www.suse.com/~bb/fw-howto/> for the first= draft. It's almost ready, but still needs spellchecking... Ciao, BB > > > >Has any setup Suse on a pc to just be a firewall? > >one ethernet in and one ethernet out? > >or is there a faq for firewalling out there.. > >thanks > >Mark Skinner > > > >-- > >To get out of this list, please send email to majordomo@suse.com with > >this text in its body: unsubscribe suse-linux-e >=20 > ---------------------------------- > http://homepages.skylink.net/~g= ecko/index.html> > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GCS d+(-) s:+ a29 C++$ UL++>++++ P+++$ L++>++++ E? W+++$ N+(-) o? K- w+++$(= --) > O M-- V- PS-- PE++ Y++ PGP++ t+ 5 X R+ !tv b++++ > DI+++ D++ G++>G+++ e h+ r* y+ > ------END GEEK CODE BLOCK------ > ---------------------------------- > -- > To get out of this list, please send email to majordomo@suse.com with > this text in its body: unsubscribe suse-linux-e --=20 Bodo Bauer S.u.S.E., LLC fon +1-510-835 7873=20 bb@suse.de 458 Santa Clara Avenue fax +1-510-835 7875 http://www= .suse.com> Oakland CA, 94610 USA -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============5423602063118991773==-- From adavis@hayson.vmarketing.com Fri Apr 17 06:02:55 1998 From: adavis@hayson.vmarketing.com To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] Suse as Firewall Date: Fri, 17 Apr 1998 02:02:55 -0400 Message-ID: <19980417020255.A28933@Hayson.vmarketing.com> In-Reply-To: <199804170016.RAA06916@core.atmnet.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4841107037988312278==" --===============4841107037988312278== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thu, Apr 16, 1998 at 05:16:15PM -0700, Mark Skinner wrote: > Has any setup Suse on a pc to just be a firewall? > one ethernet in and one ethernet out? > or is there a faq for firewalling out there.. There is a Firewall-HOWTO on sunsite (and alot of other places) http://sunsite.unc.edu/LDP/> --=20 Andrew L. Davis Network Operations adavis@vprlnk.net ViperLink International -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============4841107037988312278==-- From thko@wtal.de Fri Apr 17 07:20:40 1998 From: thko@wtal.de To: users@lists.opensuse.org Subject: RE: [S.u.S.E. Linux] Suse as Firewall Date: Fri, 17 Apr 1998 09:20:40 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0175702263306177359==" --===============0175702263306177359== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > Has any setup Suse on a pc to just be a firewall? > one ethernet in and one ethernet out? > or is there a faq for firewalling out there.. You might take a look at "<= A HREF=3D"http://www.xos.nl/linux/ipfwadm/paperhttp://www.xos.nl/linux/i= pfwadm/paper>" ... Thomas -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============0175702263306177359==-- From brauki@cww.de Fri Apr 17 15:08:45 1998 From: brauki@cww.de To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] shoutdown ? Date: Fri, 17 Apr 1998 17:08:45 +0200 Message-ID: <3537707D.6EA3843@cww.de> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0513200175780100277==" --===============0513200175780100277== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit gdb@freecar.com wrote: > > CTRL-ALT-DEL Hey, this is _not_ windooze!! ;-) Truly, it works fine. Unless you have to find the right mioment to switch off, otherwise it goes back to linux. If you want a "proper" way look for "sudoers". The manpages examples tell most of it. > > On 17-Apr-98 Jaeha Lee wrote: > > > >hi, > > > >What is the best way to shutdown Linux by non-root user ? > > > >Cheers > >jae > > > > > -- > To get out of this list, please send email to majordomo@suse.com with > this text in its body: unsubscribe suse-linux-e -- ========================================== __ _ Jürgen Braukmann e-mail: brauki@cww.de | / / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | / /__/ / _ \/ // /\ \/ / ========================================== /____/_/_//_/\_,_/ /_/\_\ -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============0513200175780100277==-- From jae@student.unsw.EDU.AU Fri Apr 17 21:37:39 1998 From: jae@student.unsw.EDU.AU To: users@lists.opensuse.org Subject: RE: [S.u.S.E. Linux] shoutdown ? Date: Sat, 18 Apr 1998 07:37:39 +1000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9119333333078818842==" --===============9119333333078818842== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Anything else ? On Thu, 16 Apr 1998 gdb@freecar.com wrote: >=20 > CTRL-ALT-DEL >=20 >=20 > On 17-Apr-98 Jaeha Lee wrote: > > > >hi, > > > >What is the best way to shutdown Linux by non-root user ? > > > >Cheers > >jae > > > > > > > >-- > >To get out of this list, please send email to majordomo@suse.com with > >this text in its body: unsubscribe suse-linux-e >=20 > ---------------------------------- > http://homepages.skylink.net/~g= ecko/index.html> > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GCS d+(-) s:+ a29 C++$ UL++>++++ P+++$ L++>++++ E? W+++$ N+(-) o? K- w+++$(= --) > O M-- V- PS-- PE++ Y++ PGP++ t+ 5 X R+ !tv b++++ > DI+++ D++ G++>G+++ e h+ r* y+ > ------END GEEK CODE BLOCK------ > ---------------------------------- > -- > To get out of this list, please send email to majordomo@suse.com with > this text in its body: unsubscribe suse-linux-e >=20 >=20 -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============9119333333078818842==-- From jae@student.unsw.EDU.AU Fri Apr 17 22:00:43 1998 From: jae@student.unsw.EDU.AU To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] shoutdown ? Date: Sat, 18 Apr 1998 08:00:43 +1000 Message-ID: In-Reply-To: <3537707D.6EA3843@cww.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6483227955119473963==" --===============6483227955119473963== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit hi, I read man page about "sudoers", but too many things I don't understand. please can you give me simple example, I'm not on the network, it's truly stand-alone home PC. On Fri, 17 Apr 1998, Juergen Braukmann wrote: > > gdb@freecar.com wrote: > > > > CTRL-ALT-DEL > > Hey, this is _not_ windooze!! ;-) > > Truly, it works fine. Unless you have to find the right mioment to > switch off, otherwise it goes back to linux. If you want a "proper" way > look for "sudoers". The manpages examples tell most of it. > -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============6483227955119473963==-- From brauki@cww.de Sat Apr 18 08:42:50 1998 From: brauki@cww.de To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] shoutdown ? Date: Sat, 18 Apr 1998 10:42:50 +0200 Message-ID: <3538678A.5CB7F1F8@cww.de> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2907876160814461179==" --===============2907876160814461179== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Jaeha Lee wrote: > > hi, > > I read man page about "sudoers", but too many things I don't understand. > please can you give me simple example, I'm not on the network, it's truly > stand-alone home PC. > OK, here we go. I give you my /etc/sudoers: --------------------------8<---------------------------------------- # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the man page for the details on how to write a sudoers file. # # Host alias specification Host_Alias LOCAL=slartibartfast # User alias specification User_Alias SYSTEM=braukman,dk4jb # Cmnd alias specification Cmnd_Alias DOWN=/sbin/halt # User privilege specification root ALL=(ALL) ALL SYSTEM LOCAL=DOWN # brauki is allowed to shutdown slartibartfast without giving his password: brauki slartibartfast=NOPASSWD:DOWN # and so might his alter ego braukman ;-) braukman slartibartfast=/sbin/halt NOPASSWD:ALL # --------------------------8<---------------------------------------- to shout down my system I issue a 'sudo /sbin/halt'. I am not asked to give my password, since I turned that off. that should do the trick. you must install the sudo-package first. an other tip to shut down a system is the following: create a user say... down modify /etc/passwd: [...] nobody:x:-2:-2:nobody:/tmp:/bin/bash brauki:x:500:100:Juergen Braukmann:/home/brauki:/bin/bash down:x:0:100:shutdownuseer:/tmp:/sbin/halt [...] ^^^^^^^^^^^ switch to another console log in as down and enjoy. ;-) (I have not tried that one, but I remember someone sugesting that...) Jürgen ps: I have just tried that, it works if you give "down" the uid 0 (root) it's a good idea, to have a password on that account, too ;-) in my opinion it comes next to ctrl-alt-del, the proper way is sudo. nice to be root and able to change messages already in /etc/mqueue ... ;-)) wq ^^ oupps.. wrong editor ;-) -- ========================================== __ _ Jürgen Braukmann e-mail: brauki@cww.de | / / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | / /__/ / _ \/ // /\ \/ / ========================================== /____/_/_//_/\_,_/ /_/\_\ -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============2907876160814461179==-- From jae@student.unsw.EDU.AU Sat Apr 18 16:15:19 1998 From: jae@student.unsw.EDU.AU To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] shoutdown ? Date: Sun, 19 Apr 1998 02:15:19 +1000 Message-ID: In-Reply-To: <3538678A.5CB7F1F8@cww.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7729037234309004780==" --===============7729037234309004780== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Thank you very much really !!! Cheers jae On Sat, 18 Apr 1998, Juergen Braukmann wrote: > > Jaeha Lee wrote: > > > > hi, > > > > I read man page about "sudoers", but too many things I don't understand. > > please can you give me simple example, I'm not on the network, it's truly > > stand-alone home PC. > > > > OK, here we go. I give you my /etc/sudoers: > > --------------------------8<---------------------------------------- > # sudoers file. > # > # This file MUST be edited with the 'visudo' command as root. > # > # See the man page for the details on how to write a sudoers file. > # > > # Host alias specification > Host_Alias LOCAL=slartibartfast > # User alias specification > User_Alias SYSTEM=braukman,dk4jb > # Cmnd alias specification > Cmnd_Alias DOWN=/sbin/halt > # User privilege specification > root ALL=(ALL) ALL > SYSTEM LOCAL=DOWN > # brauki is allowed to shutdown slartibartfast without giving his > password: > brauki slartibartfast=NOPASSWD:DOWN > # and so might his alter ego braukman ;-) > braukman slartibartfast=/sbin/halt NOPASSWD:ALL > # > --------------------------8<---------------------------------------- > > > to shout down my system I issue a 'sudo /sbin/halt'. I am not asked to > give my password, since I turned that off. that should do the trick. you > must install the sudo-package first. > > an other tip to shut down a system is the following: > create a user say... down > > modify /etc/passwd: > > [...] > nobody:x:-2:-2:nobody:/tmp:/bin/bash > brauki:x:500:100:Juergen Braukmann:/home/brauki:/bin/bash > down:x:0:100:shutdownuseer:/tmp:/sbin/halt > [...] > ^^^^^^^^^^^ > switch to another console log in as down and enjoy. ;-) > > (I have not tried that one, but I remember someone sugesting that...) > > Jürgen > > > ps: I have just tried that, it works if you give "down" > the uid 0 (root) > > it's a good idea, to have a password on that account, too ;-) > > in my opinion it comes next to ctrl-alt-del, the proper way is > sudo. nice to be root and able to change messages already in > /etc/mqueue ... ;-)) > > wq > ^^ oupps.. wrong editor ;-) > > -- > ========================================== __ _ > Jürgen Braukmann e-mail: brauki@cww.de | / / (_)__ __ ____ __ > Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | / /__/ / _ \/ // /\ \/ / > ========================================== /____/_/_//_/\_,_/ /_/\_\ > -- > To get out of this list, please send email to majordomo@suse.com with > this text in its body: unsubscribe suse-linux-e > > -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============7729037234309004780==-- From mailinfo@cgicon.com Sun Apr 19 16:51:45 1998 From: mailinfo@cgicon.com To: users@lists.opensuse.org Subject: Re: [S.u.S.E. Linux] Suse as Firewall Date: Mon, 20 Apr 1998 00:51:45 +0800 Message-ID: <353A2BA1.765B583@cgicon.com> In-Reply-To: <199804170016.RAA06916@core.atmnet.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0648258363676385653==" --===============0648258363676385653== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Mark Skinner wrote: >=20 > Has any setup Suse on a pc to just be a firewall? > one ethernet in and one ethernet out? > or is there a faq for firewalling out there.. > thanks > Mark Skinner The most famous firewalls for Linux are the buildin capabilities managed with ipfwadm - no additional tools required - and FWTK and SOCKS.=20 1. SuSE Linux has the first type of firewall support buildin, which is usually maintained with -=20 see: man ipfwadm * correct me, if I'm wrong * - - - But this is a type of packet filtering router and is=20 suitable for dividing subnets or as a simple firewall, if the connection with internet is NOT=20 24 hours AND with a dynamic IP. If in use 24 hours with a leased line and a static IP - it's not secure enough. Two application level firewalls are 2. FWTK This is the most famous kit in the Linux community 3. SOCKS The other Application level Firewall (exactly: circuit level), called SOCKS5, look here: http://www.socks.nec.com/> and http://www.socks5toolkit.nec.com/> Performance diff.: Type 1 does not need as much computing power as type 2 or 3. The SOCKS5 package compiles and runs *smooth* on Linux (ELF) without any problems, it's easy of use and has features which gives you the ability for VPN. Now any apps can be socksified - not the restrictions as FWTK. The FWTK has some advantage in that there can be a setup more restrictive for the office staff, but both (SOCKS5 and FWTK) give high protection from outside. But SOCKS5 is much more flexible and user friendly. Additionally as I know from many other mailings, the SOCKS has a better performance than FWTK. The machine we use for SOCKS5 is a EPoX-mainboard, P166+ CyRIX, 32 MB RAM, AHA-2940 + 2 GB SCSI (one GIGA is enough also), two NE-2000 compatible cards and if 10 - 15 ? people are mailing and surfing, the load on the machine is pretty high sometimes... so for a bigger office I would consider a 200 Pro + and 64 MB RAM. The bastion host is dual homed with different IP on both network cards. To setup/install the cards, I reserved a small DOS- partition for the DOS tools of the cards, in Linux then, since Linux recognizes only one card alone, I enter parameters into lilo.conf (see HowTos for multiple ethernet...) Even it's a server, I recommend to install X-windows for the first time, you have a good control in several windows and SOCKS5 has additional abilities of graphical statistics... It'a good to be able to watch both cards and the output of the SOCKS5 server (debugging mode) plus machine load. (NOTE: X-Windows has vulnerabilities concerning security !!! - so the bastion host should run later without X. SOCKS5 has tools for logging and statistics running on another machine) Additionally on such a firewall can be installed a proxy server, wich caches content for your users. But with that I have no practical experience yet. Squid is famous and by reading mailings maybe best. SuSE comes with Squid preinstalled ! Very nice. I highly recommend to take a good book on firewalling ! Best Regards, Lu PS. I choosed SOCKS5 as bastion host for a company and we run it on top of Caldera OpenLinux Base, but there should be no difference in modern distributions today (SuSE, Caldera, RedHat, etc...) --=20 Ludwig Richter CGI consult http://www.cgicon.com/> Lu@cgicon.com With Acknowledge: richter@cgicon.com _________________________________________________________ Sent with Netscape Communicator 4.04 on S.u.S.E.Linux 5.2 -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e --===============0648258363676385653==--