Hey Everyone, Recently, I have been unable to telnet into my machine (Suse 7.2). This is because /bin/login is missing, (I am very suspious about this) So how do I go about replacing it? Thanks, Brandon Caudle -------------- 15yr Old Avid Unix User (HP-UX,FreeBSD,Linux) Larkhaven Golf Course Charlotte, NC "There cannot be a crisis next week. My schedule is already full." -- Henry Kissinger
1. Please, don't cross-post. If you have to send the same message to several lists, use bcc 2. Is this a machine that's on the internet? If so, you should never use telnet. Telnet transmits everything in cleartext, including passwords, so you'd have hackers in your system in about five seconds. ssh is a safe replacement. In suse 7.2 telnet is off by default. There is good reason for this. 3. If your system has been hacked, I'd say the only way to be sure you were rid of all backdoors etc. was a full reinstall. 4. When you've done the reinstall, set up a firewall *before* going live on the net. SuSEfirewall is good enough for most purposes. Anders On Wednesday 29 August 2001 23.57, Brandon Caudle wrote:
Hey Everyone, Recently, I have been unable to telnet into my machine (Suse 7.2). This is because /bin/login is missing, (I am very suspious about this) So how do I go about replacing it?
Thanks,
Brandon Caudle -------------- 15yr Old Avid Unix User (HP-UX,FreeBSD,Linux) Larkhaven Golf Course Charlotte, NC
"There cannot be a crisis next week. My schedule is already full." -- Henry Kissinger
i dont think /bin/login is missing or else you would not even be able to login locally. i would use ssh rather than telnet anyway and im sure you have been told that by others. telnet just isnt secure. if you must run it, dont allow everyone access to it. for example, i can do telnet ns1.larkhavengolf.com and get a login prompt. of course i dont have an account so i cant login but i could attempt to and if i knew email addresses for users on your system, i would have a good starting point (all i would have to do is guess a password). while ssh does exactly the same thing as telnet, at least its encrypted. here are some basic security tips... 1. dont run any services you dont need i believe you are running apache, sendmail, bind, telnet, pop3, ssh and ftp 2. only allow access to certain services based on ip addresses. make use of /etc/hosts.allow for this, especially for things like telnet, pop3, sshd and ftp 3. do not, please, run samba on your valid ip address. you can setup which interface to listen on in /etc/smb.conf. its fine to listen on the local lan address, but having port 139 open on the wan address is dangerous. 4. keep up with updates. especially on things like bind and sendmail and ftp and telnet. 5. run a port scan of your machine and see what all shows up. is there anything there you didnt know was running? if so, shut it down 6. pick a good root password, one that is at least 8 characters long with weird things like ? and ^ in it along with lower and uppercase letters. 7. dont allow users to have shells on your system if they dont need them. ftp and pop3 both work without the user having a valid shell. the only reason someone needs a shell is if they want to do is check email and store files with ftp. you can eliminate their shell by changing /bin/bash to /bin/false after their username in /etc/passwd 8. remove unneccessary accounts from /etc/passwd. things like codadmin and such. suse is notorious for loading up the /etc/passwd file with junk accounts. these are just suggestions, things i do to make our servers more secure. i have seen lots of people throw up a linux box on the internet and it get hacked right away because of something minor that was overlooked and all of a sudden the guys in suits that make all the decisions decide that they should use NT because it is more secure (or at least thats what the high paid consultants who come in tell them) I not saying this would happen to you, just that i have seen it happen before and you seem pretty new to this so I just wanted to give you some advice. On Wed, 29 Aug 2001, Brandon Caudle wrote:
Hey Everyone, Recently, I have been unable to telnet into my machine (Suse 7.2). This is because /bin/login is missing, (I am very suspious about this) So how do I go about replacing it?
Thanks,
Brandon Caudle -------------- 15yr Old Avid Unix User (HP-UX,FreeBSD,Linux) Larkhaven Golf Course Charlotte, NC
"There cannot be a crisis next week. My schedule is already full." -- Henry Kissinger
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
No I was able to login in locally even though there was NO /bin/login I did a find / -name login and found it in /usr/lib/heimdal/bin and it may not be the one from /bin but it works, I am login in via ssh, now and have quit using telnet, but is there a way to ssh in windows? I am going to reload this weekend (suse 7.2) because there may be some back doors so no worries Brandon Caudle -------------- 15yr Old Avid Unix User (HP-UX,FreeBSD,Linux) Larkhaven Golf Course Charlotte, NC "There cannot be a crisis next week. My schedule is already full." -- Henry Kissinger ----- Original Message ----- From: <dog@intop.net> To: "Brandon Caudle" <bcaudle@hotmail.com> Cc: "Suse" <suse-linux-e@suse.com> Sent: Friday, August 31, 2001 10:44 AM Subject: Re: [SLE] /bin/login missing
i dont think /bin/login is missing or else you would not even be able to login locally. i would use ssh rather than telnet anyway and im sure you have been told that by others. telnet just isnt secure. if you must run it, dont allow everyone access to it. for example, i can do telnet ns1.larkhavengolf.com and get a login prompt. of course i dont have an account so i cant login but i could attempt to and if i knew email addresses for users on your system, i would have a good starting point (all i would have to do is guess a password). while ssh does exactly the same thing as telnet, at least its encrypted. here are some basic security tips...
1. dont run any services you dont need i believe you are running apache, sendmail, bind, telnet, pop3, ssh and ftp 2. only allow access to certain services based on ip addresses. make use of /etc/hosts.allow for this, especially for things like telnet, pop3, sshd and ftp 3. do not, please, run samba on your valid ip address. you can setup which interface to listen on in /etc/smb.conf. its fine to listen on the local lan address, but having port 139 open on the wan address is dangerous. 4. keep up with updates. especially on things like bind and sendmail and ftp and telnet. 5. run a port scan of your machine and see what all shows up. is there anything there you didnt know was running? if so, shut it down 6. pick a good root password, one that is at least 8 characters long with weird things like ? and ^ in it along with lower and uppercase letters. 7. dont allow users to have shells on your system if they dont need them. ftp and pop3 both work without the user having a valid shell. the only reason someone needs a shell is if they want to do is check email and store files with ftp. you can eliminate their shell by changing /bin/bash to /bin/false after their username in /etc/passwd 8. remove unneccessary accounts from /etc/passwd. things like codadmin and such. suse is notorious for loading up the /etc/passwd file with junk accounts.
these are just suggestions, things i do to make our servers more secure. i have seen lots of people throw up a linux box on the internet and it get hacked right away because of something minor that was overlooked and all of a sudden the guys in suits that make all the decisions decide that they should use NT because it is more secure (or at least thats what the high paid consultants who come in tell them) I not saying this would happen to you, just that i have seen it happen before and you seem pretty new to this so I just wanted to give you some advice.
On Wed, 29 Aug 2001, Brandon Caudle wrote:
Hey Everyone, Recently, I have been unable to telnet into my machine (Suse 7.2). This is because /bin/login is missing, (I am very suspious about this) So how do I go about replacing it?
Thanks,
Brandon Caudle -------------- 15yr Old Avid Unix User (HP-UX,FreeBSD,Linux) Larkhaven Golf Course Charlotte, NC
"There cannot be a crisis next week. My schedule is already full." -- Henry Kissinger
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
On Fri, 2001-08-31 at 14:52, Brandon Caudle wrote:
No I was able to login in locally even though there was NO /bin/login I did a find / -name login and found it in /usr/lib/heimdal/bin and it may not be the one from /bin but it works, I am login in via ssh, now and have quit using telnet, but is there a way to ssh in windows? I am going to reload this weekend (suse 7.2) because there may be some back doors so no worries
Brandon Caudle -------------- 15yr Old Avid Unix User (HP-UX,FreeBSD,Linux) Larkhaven Golf Course Charlotte, NC
"There cannot be a crisis next week. My schedule is already full." -- Henry Kissinger
PuTTy is a good and free SSH client for Windows, you can get it at: http://www.chiark.greenend.org.uk/~sgtatham/putty/ Good luck, Steven
I have a SUSE 7.2 sendmail vanilla config. (out of box) It's hostname is mail.seventythirdstreet.com My dns is set for seventythirdstreet.com so that the mx record points to mail.seventythirdstreet.com When I send mail to peter@mail.seventythirdstreet.com it works fine. When I send mail to peter@seventythirdstreet.com I get a relay error as follows: <peter@seventythirdstreet.com>: 64.81.61.39 does not like recipient. Remote host said: 550 5.7.1 <peter@seventythirdstreet.com>... Relaying denied Giving up on 64.81.61.39. Any ideas? Thanks
On Fri, 2001-08-31 at 15:01, Peter Kellner wrote:
I have a SUSE 7.2 sendmail vanilla config. (out of box)
It's hostname is mail.seventythirdstreet.com
My dns is set for seventythirdstreet.com so that the mx record points to mail.seventythirdstreet.com
When I send mail to peter@mail.seventythirdstreet.com it works fine.
When I send mail to peter@seventythirdstreet.com I get a relay error as follows: <peter@seventythirdstreet.com>: 64.81.61.39 does not like recipient. Remote host said: 550 5.7.1 <peter@seventythirdstreet.com>... Relaying denied Giving up on 64.81.61.39.
Any ideas?
Thanks
Yes, make sure that you have "seventythirdstreet.com" added to your sendmail.cw file. You also may want to add that address to the "relay-domains" file. Good luck, Steven
That fixed the relay problem, but now I have a different problem. My SUSE system name is mail and domain is seventythirdstreet.com My DNS is set as mail.seventythirdstreet.com is 64.81.61.39 seventythirdstreet.com is 64.81.61.39 my MX record points to mail.seventythirdstreet.com When I send to peter@mail.seventythirdstreet.com everything works perfect. When I send to peter@seventythirdstreet.com I get the following error. The original message was received at Fri, 31 Aug 2001 12:14:54 -0700 from web11705.mail.yahoo.com [216.136.172.71] ----- The following addresses had permanent fatal errors ----- <peter@seventythirdstreet.com> ----- Transcript of session follows ----- 554 5.0.0 MX list for seventythirdstreet.com. points back to mail.seventythirdstreet.com 554 5.3.5 <peter@seventythirdstreet.com>... Local configuration error Any ideas? At 03:08 PM 8/31/2001 -0400, Steven Hatfield wrote:
On Fri, 2001-08-31 at 15:01, Peter Kellner wrote:
I have a SUSE 7.2 sendmail vanilla config. (out of box)
It's hostname is mail.seventythirdstreet.com
My dns is set for seventythirdstreet.com so that the mx record points to mail.seventythirdstreet.com
When I send mail to peter@mail.seventythirdstreet.com it works fine.
When I send mail to peter@seventythirdstreet.com I get a relay error as follows: <peter@seventythirdstreet.com>: 64.81.61.39 does not like recipient. Remote host said: 550 5.7.1 <peter@seventythirdstreet.com>... Relaying denied Giving up on 64.81.61.39.
Any ideas?
Thanks
Yes, make sure that you have "seventythirdstreet.com" added to your sendmail.cw file. You also may want to add that address to the "relay-domains" file.
Good luck, Steven
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
On Fri, 2001-08-31 at 15:25, Peter Kellner wrote:
That fixed the relay problem, but now I have a different problem.
My SUSE system name is mail and domain is seventythirdstreet.com
My DNS is set as
mail.seventythirdstreet.com is 64.81.61.39 seventythirdstreet.com is 64.81.61.39 my MX record points to mail.seventythirdstreet.com
When I send to peter@mail.seventythirdstreet.com everything works perfect.
When I send to peter@seventythirdstreet.com I get the following error.
The original message was received at Fri, 31 Aug 2001 12:14:54 -0700 from web11705.mail.yahoo.com [216.136.172.71]
----- The following addresses had permanent fatal errors ----- <peter@seventythirdstreet.com>
----- Transcript of session follows ----- 554 5.0.0 MX list for seventythirdstreet.com. points back to mail.seventythirdstreet.com 554 5.3.5 <peter@seventythirdstreet.com>... Local configuration error
Any ideas?
At 03:08 PM 8/31/2001 -0400, Steven Hatfield wrote:
On Fri, 2001-08-31 at 15:01, Peter Kellner wrote:
I have a SUSE 7.2 sendmail vanilla config. (out of box)
It's hostname is mail.seventythirdstreet.com
My dns is set for seventythirdstreet.com so that the mx record points to mail.seventythirdstreet.com
When I send mail to peter@mail.seventythirdstreet.com it works fine.
When I send mail to peter@seventythirdstreet.com I get a relay error as follows: <peter@seventythirdstreet.com>: 64.81.61.39 does not like recipient. Remote host said: 550 5.7.1 <peter@seventythirdstreet.com>... Relaying denied Giving up on 64.81.61.39.
Any ideas?
Thanks
Yes, make sure that you have "seventythirdstreet.com" added to your sendmail.cw file. You also may want to add that address to the "relay-domains" file.
Good luck, Steven
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Perhaps you should remove the bare domain name from the sendmail.cw file, and try again.. maybe just having it in your relay domains file is sufficient, and having it in sendmail.cw causes a looping problem. Good luck, Steven
Hello, I am a bit of a newbie to sound under linux, hope this description is useful: I am having problems with my sound card after I recompiled my kernel -- the rest of the system works fine. My system: Suse 7.2 Iwill kk266 mobo with built in C-media sound card. I ran (make) menuconfig and removed nearly all the uneeded sound related modules, but kept the C-media modules selected. After recompile there is no sound and YAST2 claims the modules can not be found. I re-ran menuconfig and re-relected nearly all the sound modules hoping one of them was the needed module. Recompiled again, but still I have the same error. Any idea where I should look? Thanks, Dominic
On Friday 31 August 2001 04:39 pm, Dominic Maraglia wrote:
Hello,
I am a bit of a newbie to sound under linux, hope this description is useful:
I am having problems with my sound card after I recompiled my kernel -- the rest of the system works fine.
My system:
Suse 7.2 Iwill kk266 mobo with built in C-media sound card.
I ran (make) menuconfig and removed nearly all the uneeded sound related modules, but kept the C-media modules selected. After recompile there is no sound and YAST2 claims the modules can not be found.
I re-ran menuconfig and re-relected nearly all the sound modules hoping one of them was the needed module. Recompiled again, but still I have the same error.
Any idea where I should look?
Thanks, Dominic
SuSE uses the ALSA sound modules (www.alsa-project.org). You don't mention whether you were recompiling from the sources provided with 7.2 or not. If not then you will have to go to the above site and download the util, lib, and driver files for ALSA and install them. alsaconf is the program that configures the sound... you might try running that and see what it does. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 08/31/01 16:54 + +----------------------------------------------------------------------------+ "The sooner you fall behind, the more time you'll have to catch up."
Hey Bruce, On Friday 31 August 2001 13:56, Bruce Marshall wrote:
SuSE uses the ALSA sound modules (www.alsa-project.org). You don't mention whether you were recompiling from the sources provided with 7.2 or not. If not then you will have to go to the above site and download the util, lib, and driver files for ALSA and install them.
I am recompiling with the default sources from a fresh 7.2 install. The confusing part is ALSA was working fine in the past...
alsaconf is the program that configures the sound... you might try running that and see what it does.
I ran alsaconf and found an interesting error: Loading driver: Starting sound driver: snd-card-cmipci /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol unregister_sound_dsp /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol register_sound_dsp /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol unregister_sound_special /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol register_sound_special /lib/modules/2.4.4-4GB/misc/snd.o: insmod /lib/modules/2.4.4-4GB/misc/snd.o failed /lib/modules/2.4.4-4GB/misc/snd.o: insmod snd-card-cmipci failed Setting the PCM volume to 100% and the Master output volume to 75% The ALSA sound driver was not detected in this system. The ALSA sound driver was not detected in this system.
On Friday 31 August 2001 05:16 pm, Dominic Maraglia wrote:
Hey Bruce,
On Friday 31 August 2001 13:56, Bruce Marshall wrote:
SuSE uses the ALSA sound modules (www.alsa-project.org). You don't mention whether you were recompiling from the sources provided with 7.2 or not. If not then you will have to go to the above site and download the util, lib, and driver files for ALSA and install them.
I am recompiling with the default sources from a fresh 7.2 install. The confusing part is ALSA was working fine in the past...
alsaconf is the program that configures the sound... you might try running that and see what it does.
I ran alsaconf and found an interesting error:
I would guess your compile might need a few sound options.. Sounds like something is missing.
Loading driver: Starting sound driver: snd-card-cmipci /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol unregister_sound_dsp /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol register_sound_dsp /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol unregister_sound_special /lib/modules/2.4.4-4GB/misc/snd.o: unresolved symbol register_sound_special /lib/modules/2.4.4-4GB/misc/snd.o: insmod /lib/modules/2.4.4-4GB/misc/snd.o failed /lib/modules/2.4.4-4GB/misc/snd.o: insmod snd-card-cmipci failed
Setting the PCM volume to 100% and the Master output volume to 75% The ALSA sound driver was not detected in this system. The ALSA sound driver was not detected in this system.
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 08/31/01 17:32 + +----------------------------------------------------------------------------+ "It is better to remain silent and thought a fool, than to open your mouth and remove all doubt." - Anonymous
participants (7)
-
Anders Johansson -
Brandon Caudle -
Bruce Marshall -
dog@intop.net -
Dominic Maraglia -
Peter Kellner -
Steven Hatfield