Good Morning, I have a issue I have had since installing OSS 11.0 RC1. I have a a box now with OSS 11.0, KDE4, RT61 PCI wireless, 160GB SATA HDD, and 2 GB DDR2 Memory. I dual-boot with Vista (yeah I know, but need windows for some specific apps and work software that won't run under Crossover-Pro 7.0). My mainboard is a ECS P4M800PRO-M. Now the issue. Now matter what I do and how many times I set the correct time in CMOS, every time I boot OSS, the time is off by 4 hrs. Yes, I have the correct timezone and region setup. I manually change it,but get "Unable to contact time server." when I hit the apply button. I have OSS 11.0 w/KDE4 on my Toshiba Laptop and no such problem, so it is not KDE4. No issues at all with date. Any config files I need to look at and fix? I upgraded to GM from RC1. Any other pointers would be greatly appreciated. --Keith -- Praise God from whom all blessings flow. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-06-22 at 09:29 -0400, Keith B. Boykin wrote:
Now the issue. Now matter what I do and how many times I set the correct time in CMOS, every time I boot OSS, the time is off by 4 hrs.
Known thing for beta testers. chkconfig boot.clock on chkconfig boot.getclock on - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIXmFFtTMYHG2NR9URAo0aAJ46C7f2lHr549n+kxhkFHUMa/0ebQCgl+mK kdZxzMChx2OrYkHADO5jdKw= =SX/q -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun June 22, 2008 10:27:09 am Carlos E. R. wrote:
The Sunday 2008-06-22 at 09:29 -0400, Keith B. Boykin wrote:
Now the issue. Now matter what I do and how many times I set the correct time in CMOS, every time I boot OSS, the time is off by 4 hrs.
Known thing for beta testers.
chkconfig boot.clock on chkconfig boot.getclock on
-- Cheers, Carlos E. R.
Thanks Carlos, that did it! Keith -- Praise God from whom all blessings flow. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, 2008-06-22 at 09:29 -0400, Keith B. Boykin wrote:
Good Morning,
I have a issue I have had since installing OSS 11.0 RC1.
I have a a box now with OSS 11.0, KDE4, RT61 PCI wireless, 160GB SATA HDD, and 2 GB DDR2 Memory. I dual-boot with Vista (yeah I know, but need windows for some specific apps and work software that won't run under Crossover-Pro 7.0). My mainboard is a ECS P4M800PRO-M.
Now the issue. Now matter what I do and how many times I set the correct time in CMOS, every time I boot OSS, the time is off by 4 hrs. Yes, I have the correct timezone and region setup. I manually change it,but get "Unable to contact time server." when I hit the apply button. I have OSS 11.0 w/KDE4 on my Toshiba Laptop and no such problem, so it is not KDE4.
IIRC a few versions back one had to disable the firewall when setting up NTP, and re-enable it after it's initial contact. Assuming that you are using KDE3, are you sure that the clock in the panel is set to display for your locale?
No issues at all with date.
Any config files I need to look at and fix? I upgraded to GM from RC1. Any other pointers would be greatly appreciated.
--Keith -- Praise God from whom all blessings flow.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2008/6/22 Mike McMullin
IIRC a few versions back one had to disable the firewall when setting up NTP, and re-enable it after it's initial contact.
IMO, disabling the firewall to use ntp not recommended. Better supply the -u option to ntpdate. Kind regards Ingolf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 09:38 +0200, Ingolf Steinbach wrote:
2008/6/22 Mike McMullin <>:
IIRC a few versions back one had to disable the firewall when setting up NTP, and re-enable it after it's initial contact.
IMO, disabling the firewall to use ntp not recommended. Better supply the -u option to ntpdate.
Simply open the udp ntp port on the firewall and it works. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX3t5tTMYHG2NR9URAo4DAJ9cOXsZ0OMOywOmGd6NLSO1FnG2swCfcOcw TO3IwlOVCYn2xCZNeCIUKEk= =Nbyh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Monday 2008-06-23 at 09:38 +0200, Ingolf Steinbach wrote:
2008/6/22 Mike McMullin <>:
IIRC a few versions back one had to disable the firewall when setting up NTP, and re-enable it after it's initial contact.
IMO, disabling the firewall to use ntp not recommended. Better supply the -u option to ntpdate.
Simply open the udp ntp port on the firewall and it works.
-- Cheers, Carlos E. R.
Carlos, within the past couple of weeks someone in this forum stated that if one was using a modem/router, which has a firewall builtin, then it was not necessary to activate the firewall in Suse. Would this be the correct thing to do? Ciao. -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 21:41 +1000, Basil Chupin wrote:
Carlos, within the past couple of weeks someone in this forum stated that if one was using a modem/router, which has a firewall builtin, then it was not necessary to activate the firewall in Suse. Would this be the correct thing to do?
IMHO, no. You can do that, many people do, specially windows users. My router came with the firewall disabled, by the way, so it's better not to assume that it is enabled. They usually use NAT, and that is also some protection. But I feel much safer with all the internal machines having their firewalls enabled. If the router fails, I have a second line of defense. If one machine is compromised, the rest may remain safe. It makes life a bit more complicated, but not much. And it would be a real mistake for suse to disable the firewall by default: there is no way for them to know if the user's router is reliable or not. Maybe it has a wifi with a breakable configuration, for instance. I have heard many histories about such setups... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX5FNtTMYHG2NR9URAurBAJ4nKssG8BFG1BBqB9LTNSFaPpT07ACgh6rY NSAZkyg5a2XjqiUzTjwfE0k= =sVMw -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Monday 2008-06-23 at 21:41 +1000, Basil Chupin wrote:
Carlos, within the past couple of weeks someone in this forum stated that if one was using a modem/router, which has a firewall builtin, then it was not necessary to activate the firewall in Suse. Would this be the correct thing to do?
IMHO, no.
You can do that, many people do, specially windows users. My router came with the firewall disabled, by the way, so it's better not to assume that it is enabled. They usually use NAT, and that is also some protection.
But I feel much safer with all the internal machines having their firewalls enabled. If the router fails, I have a second line of defense. If one machine is compromised, the rest may remain safe.
It makes life a bit more complicated, but not much.
And it would be a real mistake for suse to disable the firewall by default: there is no way for them to know if the user's router is reliable or not. Maybe it has a wifi with a breakable configuration, for instance. I have heard many histories about such setups...
Thanks, it all makes sense not to shut down the firewall in suse. Ciao. -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Jun 23, 2008 at 5:04 AM, Carlos E. R.
And it would be a real mistake for suse to disable the firewall by default: there is no way for them to know if the user's router is reliable or not.
Explain again why Linux needs a firewall at all please Carlos... -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-23 at 08:21 -0700, John Andersen wrote:
On Mon, Jun 23, 2008 at 5:04 AM, Carlos E. R. <> wrote:
And it would be a real mistake for suse to disable the firewall by default: there is no way for them to know if the user's router is reliable or not.
Explain again why Linux needs a firewall at all please Carlos...
No, ask that to a security expert, I'm not. I simply believe it's safer with one, and I trust the experts when they say it's safer with one. At least, it's another level of security, and a good one at its job. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIX/yXtTMYHG2NR9URAiWvAKCSBYIbeSuVFbdDzl2MlunQjzL48wCeMMwQ NsbuSYU5efBW0upgX32ZptA= =bhwT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Jun 23, 2008 at 12:42 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2008-06-23 at 08:21 -0700, John Andersen wrote:
On Mon, Jun 23, 2008 at 5:04 AM, Carlos E. R. <> wrote:
And it would be a real mistake for suse to disable the firewall by default: there is no way for them to know if the user's router is reliable or not.
Explain again why Linux needs a firewall at all please Carlos...
No, ask that to a security expert, I'm not. I simply believe it's safer with one, and I trust the experts when they say it's safer with one.
At least, it's another level of security, and a good one at its job.
Well the question was intended to be somewhat rhetorical, to provoke some thought. I'm not a security expert, but I play one for sake of argument..... In My Humble Opinion... If the machine is a router/gateway, you need it. If the machine is behind a router, you don't need it. If the machine is Joe User connected directly to the internet and Joe is not sharing files etc, you don't need it. Reason: Suse is not Red Hat. With Red Hat, after install, you have to run around closing ports and unused services to make your machine safe. With Suse nothing is open unless you request it to be open. The "another level" argument is valid providing there is a first level (another router) somewhere upstream. But it provides no additional protection to Joe User connected directly to the net. There is one slight difference between having a firewall and not, and that is when someone tries to connect to a firewalled port it usually just times out (packet dropped), whereas a without a firewall, you get Connection Refused (no port open) Some think that's a big difference, (because with Connection Refused you know there is an actual machine out there). But any number of other methods would reveal that in either case. I think a lot of Microsoft FUD has crept into the linux world. Microsoft needs a firewall because they have weak services listening on dozens of ports with no distinction between one interface or another. Once you allow a hole thru the firewall the same weak service answers the phone. Linux has strong services, and good security and the services themselves can usually decide to listen only to specific interfaces. Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with. So that's my humble opinion. Now I'm sure someone with doomsday scenarios will jump up and prove me wrong. (Again). ;-) -- ----------JSA--------- "Ubuntu" is an African word meaning "Suse is too hard for me". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with.
Some are, some are BSD, some such as Cisco, Adtran etc., are proprietary. Are there any that run Windows? -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2008-06-23 at 18:53 -0400, James Knott wrote:
John Andersen wrote:
Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with.
Some are, some are BSD, some such as Cisco, Adtran etc., are proprietary. Are there any that run Windows?
Even the quality of some are very questionable. My team got a present: A firewall made by "blue coat", not quite a small name in this business. It was compromised in less than a day.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-06-24 at 08:24 +0200, Hans Witvliet wrote:
John Andersen wrote:
Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with.
Some are, some are BSD, some such as Cisco, Adtran etc., are proprietary. Are there any that run Windows?
Even the quality of some are very questionable.
My team got a present: A firewall made by "blue coat", not quite a small name in this business. It was compromised in less than a day....
Uff. Mine hasn't, as far as I know, but the company hasn't done a single updated in years. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIYMhLtTMYHG2NR9URAp1WAKCVEykBnrWRbA6QmtaxzMge05jFqgCfZnti NJFwZsUcRVToIqqhpgy7EU8= =2dG2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 24 June 2008 11:11:10 Carlos E. R. wrote:
The Tuesday 2008-06-24 at 08:24 +0200, Hans Witvliet wrote:
John Andersen wrote:
Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with.
Some are, some are BSD, some such as Cisco, Adtran etc., are proprietary. Are there any that run Windows?
Even the quality of some are very questionable.
My team got a present: A firewall made by "blue coat", not quite a small name in this business. It was compromised in less than a day....
Uff.
Mine hasn't, as far as I know, but the company hasn't done a single updated in years.
-- Cheers, Carlos E. R.
I've no Idea why some one would think that windoze is going to provide a better firewall. Maybe you think linux based "hard" firewalls have kde etc in them. They just contain what's needed and some propriatry code. On linux I think that one of the problems is that setting up a firewall is a bit obtuse unless one is very much into linux itself. There is a program that can help a lot with that aspect - guarddog. Personally I think it should be in all distro's. At one point it was going to be included in KDE but for some reason that didn't happen. It works on an allow basis the default being deny. At least this way you can be sure of just what services are allowed and the user interface is as simple as it can be. There is also much info about on the web about making up a secure linux server that in real terms just behaves like a router. Almost any old pc will do. No monitor etc just what is needed to do the job. That's part of the problem many linux facilities tend to be rather complex and will do all sorts of things that many people don't want them to do - especially remotely. If the software isn't there it can't be run. That's a much safer solution than trying to disable it. It can't be exploited if it isn't there. BSD may be the best bet in that area. John -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John wrote:
I've no Idea why some one would think that windoze is going to provide a better firewall. Maybe you think linux based "hard" firewalls have kde etc in them. They just contain what's needed and some propriatry code.
On linux I think that one of the problems is that setting up a firewall is a bit obtuse unless one is very much into linux itself. There is a program that can help a lot with that aspect - guarddog. Personally I think it should be in all distro's. At one point it was going to be included in KDE but for some reason that didn't happen. It works on an allow basis the default being deny. At least this way you can be sure of just what services are allowed and the user interface is as simple as it can be.
There is also much info about on the web about making up a secure linux server that in real terms just behaves like a router. Almost any old pc will do. No monitor etc just what is needed to do the job. That's part of the problem many linux facilities tend to be rather complex and will do all sorts of things that many people don't want them to do - especially remotely. If the software isn't there it can't be run. That's a much safer solution than trying to disable it. It can't be exploited if it isn't there. BSD may be the best bet in that area.
John
I have "rolled my own" Linux firewalls for years now. Originally, it was Slackware on a 486, but my current one is a PIII & SUSE 10.0. I plan to upgrade to 10.3 in the near future. I like to install one version back from the current release, so most of the bugs will be out of it and then upgrade again, when support runs out. One thing I have, which I haven't seen in any consumer level firewall, is a 3rd port, where I connect my WiFi access, so that it's not directly connected to either my home network or the internet. Such a thing is certainly possible in commercial quality routers, but they're also a lot more expensive. I did it that way, so that even if someone manages to break WPA, they're still outside my firewall and need SSH or OpenVPN to reach my network. Also, SSH on my firewall is configured to use a key only and won't allow password access. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
it that way, so that even if someone manages to break WPA, they're still outside my firewall and need SSH or OpenVPN to reach my network. Also,
don't you think that if somebody is able to break your WPA, he will not be smart enough to break the rest? (yes, I know the weakiest part is the password backup :-) anyway, I think openSUSE don't allow enough importance to the firewall problem. I mean the Susefirewall2 is said to be extremely good (by the dev) and I'm pretty sure it is, but it is so little documented that this makes it useless... * why a firewall at all We speak of a server, here, so no user problem. if only the needed ports are listened, why should a firewall be used? seems true, however, I may have found some clue... * how to protect from intrusion or attacks? having no firewall let the security of your server at charge of the given daemon (sshd, httpd...). Is this daemon able to manage it, this is what I don't know. what I know is that I have a professional router (very cheap one, namely SMCWBR14T-G) with a decent documentation, and it claim to have a firewall able to stop attacks (DOS, for example) and is able to warn the admin when such attacks come (and have already warned me for some such things) Be warned than I don't pretend to be specially skilled. On the contrary, I read advices and find confused. I'm nearly sure susefirewall will adress also such things, but would like to know if it's really worth the supplementary work - doc really needed jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 06/24/2008 10:58 PM, jdd sur free wrote:
anyway, I think openSUSE don't allow enough importance to the firewall problem. I mean the Susefirewall2 is said to be extremely good (by the dev) and I'm pretty sure it is, but it is so little documented that this makes it useless... Actually, I find the config file (/etc/sysconfig/SuSEfirewall2) to be well commented, and the best documentation for it. With the pretty clear comments and examples there, it makes it quite manageable to configure the firewall. I would hardly call it useless with all the commented material in that file, and actually found it most useful to have the "documentation" right where I needed it. Trying to use the Yast module to configure it can be hard sometimes, as you miss out on some of the comments, but with an editor it seems quite straight forward to me. YMMV
-- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joe Morris wrote:
Actually, I find the config file (/etc/sysconfig/SuSEfirewall2) to be well commented,
I read it several times, but not recently, may be it's better. Two years ago it was nearly useless for me (the doc, not the firewall) jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-06-24 at 08:24 +0200, Hans Witvliet wrote:
John Andersen wrote:
Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with.
Some are, some are BSD, some such as Cisco, Adtran etc., are proprietary. Are there any that run Windows?
Even the quality of some are very questionable.
My team got a present: A firewall made by "blue coat", not quite a small name in this business. It was compromised in less than a day....
Uff.
Mine hasn't, as far as I know, but the company hasn't done a single updated in years.
I install a lot of Adtran gear and they do update AOS occasionally. I have no idea how secure it is though. I don't know the details, but in some ways it has a Unix feel to it. Some of the other equipment I work with definitely runs Linux. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (11)
-
Basil Chupin -
Carlos E. R. -
Hans Witvliet -
Ingolf Steinbach -
James Knott -
jdd sur free -
Joe Morris -
John -
John Andersen -
Keith B. Boykin -
Mike McMullin