Date: Sun, 2 Jan 100 09:42:26 EST From: Dwight McKay (The Moderator) Reply-To: Suns-at-Home@net-kitchen.com Subject: Suns-at-Home Digest V13 #1 To: Suns-at-Home-List Suns-at-Home Digest Sun, 2 Jan 10 Volume 13 : Issue 1 Today's Topics: [suns-at-home] Re: A good free Firewall free firewall Old Sun 3/75 SparcStation 10 - Networking Problem Suns-at-Home Digest V12 #37 (3 msgs) Warning: Internet gateway boxes at risk of attack! WTB: SparcClassic(s) xvnews on Solaris 7 +--------------------------------------------------------------------------+ | Submissions: suns-at-home@net-kitchen.com | | Requests: suns-at-home-request@net-kitchen.com | | WWW Archive access: http://www.net-kitchen.com/~sah | +--------------------------------------------------------------------------+ ---------------------------------------------------------------------- Date: Mon, 27 Dec 1999 01:43:26 -0500 From: Erik Fichtner Subject: [suns-at-home] Re: A good free Firewall To: suns-at-home@net-kitchen.com A good free firewall for SunOS 4.1.x and Solaris 2.x is Darren Reed's IPFilter package. http://coombs.anu.edu.au/~avalon/ip-filter.html -- Erik Fichtner; Warrior SysAdmin (emf|techs) 34.9908% http://www.obfuscation.org/~techs N 38 53.055' W 77 21.860' 764 ft. "What's the most effective Windows NT remote management tool?" "A car." -- Stephen Northcutt [This is part of what I use to defend my systems at home. It works real well] [but is dependent on getting a good ruleset. Read the examples it comes with] [carefully! --ddm ] - ------------------------------ Date: Wed, 29 Dec 1999 10:41:11 -0500 (EST) From: "John A. Turner" Subject: free firewall To: Suns-at-Home@net-kitchen.com > Can anyone recommend me a good free Firewall? Running an ss4 w/ > 2.5.1 at home and i'd like some protection. GNATbox (http://www.gnatbox.com/) offers a free "Light" version of their beautiful firewall (http://www.gnatbox.com/Pages/gblight.html) buy or put together a bare-bones Pentium box (don't even need a hard drive - it fits on a floppy), and slap GNATbox Light on it check out the FAQ at their site for details, but basically all it requires is an Intel (or compatible) CPU, 16MB RAM, floppy, 2 Ether cards, and away you go -- John A. Turner, Ph.D. Senior Research Associate Blue Sky Studios http://www.blueskystudios.com/ One South Road, Harrison, NY 10528 http://www.lanl.gov/home/turner/ Phone: (914) 381-8400 http://john.turner.org/ - ------------------------------ Date: Sun, 26 Dec 1999 14:57:52 -0800 (PST) From: "Anthony A. D. Talltree" Subject: Old Sun 3/75 To: Suns-at-Home@net-kitchen.com Be aware that the backplanes on 3/75's tend to fail. Something about faulty soldering. - ------------------------------ Date: Tue, 28 Dec 1999 19:41:21 -0600 From: Brian Durham Subject: SparcStation 10 - Networking Problem To: suns-at-home@net-kitchen.com Guys and Gals: I've been reading s-a-h for nearly a year now in anticipation of my workplace retiring a SparcStation 10 I used to use. Tonight, I brought it home. I haven't talked to the person who used to use it, but it seems to have a dead Ethernet connector . I connected it to my small LAN (10 Mbs 10-Base T) and didn't receive any indications of the connection being alive. A year ago, this machine was in my office at work and was on the LAN. Any hints? I haven't cracked the case open yet... too tired after carrying 20 inch monitor upstairs to my apartment. Best, Brian Durham - ------------------------------ Date: 27 Dec 1999 02:57:34 GMT From: peter@taronga.com (Peter da Silva) Subject: Suns-at-Home Digest V12 #37 To: Suns-at-Home@net-kitchen.com >I sense history being edited here. Linux came about because Linus >Torvalds thought he could improve on Andy Tanenbaum's existing Minix kernel by >properly supporting 386s and above in a flat 32-bit address space. Linus has also said that if 386BSD had come out a year earlier there would not have been a Linux. This was long before the *BSD splits. The whole history of both platforms is a lot more complex *and* intertwined than anyone seems willing to admit now that Linux has the "high ground". -- This is The Reverend Peter da Silva's Boring Sig File - there are no references to Wolves, Kibo, Discordianism, or The Church of the Subgenius in this document Executive Vice President, Corporate Communications, Entropy Gradient Reversals. - ------------------------------ Date: 27 Dec 1999 03:15:30 GMT From: peter@taronga.com (Peter da Silva) Subject: Suns-at-Home Digest V12 #37 To: Suns-at-Home@net-kitchen.com >Bill Jolitz re-implemented the bits necessary to turn of 4.3-Net/2 back >into a real operating system (which he described in a series of Dr.Dobbs >articles), and the release of 386/BSD (0.0 Feb/92). After Bill got >swamped too much to keep up with development of 386/BSD, a group of >enthusiasts joined primarily by their affiliation on Usenet released the >first unofficial patch kit to 386/BSD, and eventually an entire new >release called "NetBSD" (0.8 released 19 Apr 1993). Originally Bill had >endorsed their effort as an interim 386/BSD release, but he withdrew his >endorsement and support. The split between Jolitz and what became NetBSD and FreeBSD was already starting to happen with the patch-kit releases, before they were called anything but "386BSD patchkit whatever". But Jordan Hubbard took over as the patchkit maintainer before that. I don't think it's fair to say that FreeBSD was split off from NetBSD. The split between the people who still thought you could deal with Jolitz and the ones who just wanted to take the code and run was already under way back then. I'm pretty sure the "FreeBSD" name was coined before "NetBSD", or at least when it was coined Jordan hadn't heard of the other name... because he commented that he wished he'd come up with "NetBSD"... it was a politically better and less confusing name than FreeBSD. -- This is The Reverend Peter da Silva's Boring Sig File - there are no references to Wolves, Kibo, Discordianism, or The Church of the Subgenius in this document Executive Vice President, Corporate Communications, Entropy Gradient Reversals. - ------------------------------ Date: Mon, 27 Dec 1999 23:28:43 -0600 From: Garry Garrett Subject: Suns-at-Home Digest V12 #37 To: Suns-at-Home@net-kitchen.com > Date: Mon, 20 Dec 1999 17:43:03 -0800 > From: "jc bernardo" > Subject: A good free Firewall > To: suns-at-home@net-kitchen.com > > Can anyone recommend me a good free Firewall? Running an ss4 w/ 2.5.1 at home and i'd like some protection. I've used "The Firewall Toolkit" before, but now that the authors make the commercial product "Gauntlet", I'm not sure that it's being maintained. If you wanted to, you could use TCPWrappers to procect your Sparc4. Basically, you compile the program "tcpd" and you shove it in your /etc/inetd.conf file so that inetd calls tcpd instead of whatever daemon it's supposed to. The tcpd program looks in /etc/hosts.allow and /etc/hosts.deny to see if the requested connection is allowed. If it is allowed, tcpd calls the real daemon (in.ftpd, in.telnetd, etc.) just like inetd would have. If not, then it simply drops the connection. Then your exposure would be down to stand alone daemons that run as root listening for IP traffic. Sendmail is the biggest culprit. Get the latest sendmail from www.sendmail.org or the latest patches for Sun's own sendmail, and keep an eye out for new patches. As far as the firewalling goes, you could set up SOCKs (probably better solutions out there, but again, this is one that I have used). I hope someone has a better solution for you then the mis-mash of products I've listed, but if they don't the tools I've mentioned are workable. > - ------------------------------ > Date: Sat, 25 Dec 1999 12:24:51 -0500 > From: Ray Pfaff > Subject: Question about gcc and siginfo.h > To: Suns-at-Home@net-kitchen.com > > Having been a SunOS user, I decided that the deal Sun had to upgrade to Solaris 6 and then 7 was too good to pass up. I then used a Walnut Creek CD-ROM ("GNU Tools ++ for Solaris Users") and installed gcc 2.7.21 using the pkgadd command so that I had a C compiler to use. If I try to compile something simple, like the typical "hello > world" program, I have no problems. If I try to compile anything using siginfo.h, I get the following error: > > /usr/include/sys/siginfo.h line 74: parse error before pthread_attr_t > > It appears to me that the type pthread_attr_t isn't defined. I don't know if this will be helpful, but there used to be a file running around the net known as the "Solaris 2 Porting FAQ". It's focus is on porting from SunOS 4.x to Solaris 2.x, but I've found it useful in the past in troubleshooting why some piece of (freeware) code written for other flavors of Unix doesn't want to port to Solaris. I have a URL (but I'm not on-line at the moment to verify it) as: http://ns.uoregon.edu/portability-faq/portingFAQ.html (see my web page should I have a type-o in the above). > - ------------------------------ > "From: Garry Garrett > " > "> Subject: "unix clones" > "> Thanks to those who have corrected mistakes in my brief "history". I've learned a few wrinkles that I didn't know before(BSD resolving the copyright issues, AIX moving on from SVR0 - a tid-bit that I picked up from an AIX newsgroup when I said that Solaris was "SVR4 with a heavy BSD accent" whereupon I was corrected by several people that AIX had more BSD than Solaris). When I stated that Linux "came about" because of intellectual property issues, I meant to say "became popular because of..." (which was the take on it that I had at the time). > - ------------------------------ > > Date: Mon, 20 Dec 1999 13:38:40 -0800 > From: "Paul Khoury" > Subject: Suns-at-Home Digest V12 #36 > To: "ashley_m@poboxes.com" , > > On Sat, 18 Dec 99 14:33:11 EST, Dwight McKay (The Moderator) wrote: > > >Date: Wed, 08 Dec 1999 07:55:39 -0800 > >From: Ashley M > >Subject: Sparc 2 Ethernet troubles > >To: suns-at-home@net-kitchen.com > > > >I recently bought a used Sparc 2, which did not have an ethernet card. I > >installed Solaris 7 and then bought two SBus ethernet cards for the machine > >(I want it to act as a NAT for my home network - I'll probably install > >OpenBSD when the machine actually works). The problem is that neither of > >the cards work in the system, individually or together. I can Test Net and > >the loopback works fine but it gives me cable errors. I've several cables, > >that I know work, with the same results. I know this is going to sound like a dumb question, but do you see error messages about /dev/null? I had a weird problem with an Ultra1/140 where (somehow) /dev/null (and/or the corresponding /devices/pseudo/mm@0:null file) got messed up, and as a side effect, none of the network interfaces would start up. Try removing both /dev/null and /devices/pseudo/mm@0:null and do a "shutdown" and a "boot -r". You will have to then reboot again as the devices aren't built until after some programs try to use /dev/null. It may not be your solution, but it shouldn't hurt anything to try. One more dumb question: both cards aren't plugged into the same hub are they? Suns, unlike PC ethernet cards, have get their MAC address (by default) from the Sun and not from the card. If you plug 2 ethernet cards from the same Sun into the same hub, you will have problems. 1 ethernet card can answer to multiple IP addresses, so you would just plug in one card and give it 2 addresses (one from your ISP and a "private" IP address that it shares with your LAN). > - ------------------------------ > > Date: Mon, 20 Dec 1999 13:53:31 -0800 > From: "Paul Khoury" > Subject: Using a PC as an X-Terminal > To: "suns-at-Home@net-kitchen.com" , > > Does anyone have any recomendations on using a PC > or older SPARC (IPC or SS1/1+) as an X-Term? I've known people who have used Sun3's as X-Terms. I know people who have older Suns (IPC, etc.) who run OpenWin on the box, and just about everything else is run on other boxes on their network, making their IPC effectively a glorified X-Term. I have a SparcClassic at work that I run "xterm" programs on, but the bulk of what I run is run on other servers via X-Windows. I will say this, however, when I download a large web page on Netscape (which is running on a Sparc20 elsewhere in the network), when I scroll up and down in Netscape, things slow down and my hard drive goes nuts (paging I presume) on my SparcClassic. The buffering for the scroll bar is done on my X-server and not on the server that is actually running Netscape. You may not need much hard drive to use an older Sun for an X-Term, but you might want to max out the RAM. Of course, I average having about 60 windows open at a time (20+ perfmeters, calendar manager, calctool, these things all add up), so my use of X-Windows is probably not typical. I've given up on Exceed. My 60+ windows average means that I crashed Exceed about every other day (just more than it could handle). If you are thinking of a PC, I would put a stripped down Linux on it (or perhaps some flavor of BSD if that is to your liking) with X-Windows. By "stripped down" I mean take off (or don't load in the first place) things that you aren't going to use. For example, if you are just using it for X-Windows, why run sendmail? I suspect you will get more reliablity and capability out of that than with Exceed and some incantation of Windoze. I would say Solaris for X86, but if you have an older PC to work with, it may not have enough umph to run Solaris (more overhead than Linux/BSD from what I hear). Lastly, I really love the "L-keys" (those "extra" function keys on the left hand side of the keyboard). They integrate so well with OpenWindows and really are (IMHO) a boon to your productivity. The Compose key is also nice if you occasionally work with Foreign languages (Western European ones anyway). If I were given the choice, I'd pick an older Sun (with that Sun keyboard) over a PC in many cases - but that's my own personal preference. > - ------------------------------ -- Garry Garrett http://monarch.papillion.ne.us/~ggarrett - ------------------------------ Date: Tue, 28 Dec 1999 22:25:56 -0800 From: "Brian P. Costello" Subject: Warning: Internet gateway boxes at risk of attack! To: Suns-at-Home@net-kitchen.com I have been using a Sparc box running Solaris 2.5.1 as my DSL internet gateway for about 5 months now. Besides being a router, it is my smtp mail server and web server. Early this month it was broken into. I still don't know how they got in. They modified /etc/inetd.conf, make copies of /etc/passwd and /etc/shadow, and added root accounts. I don't know what else they did but it was 2 days before I realized something was up. We all need to lock down any system that is directly connected to the internet, especially if it has a static IP address. I thought I knew a thing or 2 about security. I have read "Computer Security Basics" and "Practical UNIX Security". I thought that since my system is not advertised and the only thing on it is my email and family web page, "who would want to break into it?" I was wrong, I didn't know squat about security and they are out there and want in. How did I realize something was up? I saw a message on the console that su: rfcs succeeded for danz , neither of these accounts exist so I knew something wasn't right. I immediately disconnected the DSL line and started probing the system. The system seemed to lock up when I tried to ls -la different directories while logged in under my user account. I rebooted and found many errors such that many services were not running. It locked up again when I tried to log in. I rebooted again and logged in as root. I did more checking and ran a ls -latR from the / directory to get a list of all files sorted by modification time. I then saw the copies of passwd and shadow and that inetd.conf was modified as well. I then used ufsdump to back up the entire system to tape and loaded a fresh install of 2.6 HW 3/98. I then loaded the latest security patches and configured the system as it was before. Before I brought it back "on-line" I shut down almost all services in /etc/inetd.conf and started searching for more security stuff. I quickly found http://www.fish.com/titan which has a downloadable set of scripts that tighten security for sun boxes. It also directed me to use tcp_wrappers for services that need to run as well as wu_ftpd instead of the ftpd that comes with Solaris. I configured titan for my installation and ran it. I now think (and I emphasize think) that it is a little more secure but I know the crackers are out there. I now log everything I can and review the log files daily when possible. I have been seeing probes on ftp as root and anonymous from IP addresses supposedly in Korea this past week. I am currently writing a script that will summarize the log files and mail it to me when run as a cron job. I am in need of a way to determine the date of the day before the program is run. I don't think there is a tool already on the system but I don't know that for sure. I am sure it can easily be dine in C but my C is way to rusty to do it myself. I would seriously appreciate any programming help I could get. I would highly recommend checking out these web pages to further educate yourself: http://www.sunworld.com/sunworldonline/common/security-faq.html http://www.sun.com/blueprints/1299/minimization.html http://www.sun.com/blueprints/1299/network.html I would very much like to hear what else anyone has to say on this very important issue (at least I think it should be very important to us all). -- Brian P. Costello brian@costello.mine.nu San Francisco Bay Area http://costello.mine.nu - ------------------------------ Date: 26 Dec 99 17:56:21 EST From: Harry Regan Subject: WTB: SparcClassic(s) To: suns-at-home@net-kitchen.com Hello-- Does anyone out there have one or more SparcClassics they want to part with? Preferably real cheap and not necessarily working... Please drop me a line. Thanks. ___________________________________________________________________ ---- Harry J. Regan ---- Phone: 202.310.2719 ---- FAX: 212.202.3923 ---- harry.regan@usa.net ---- hregan@lepus.com ____________________________________________________________________ Get free email and a permanent address at http://www.amexmail.com/?A=1 - ------------------------------ Date: Sun, 26 Dec 1999 17:51:10 GMT From: Huge Subject: xvnews on Solaris 7 To: Suns-at-Home@net-kitchen.com Has anyone ported xvnews to Solaris 7? It's far and away my favourite newsreader (and I've made some small modifications), but I cannot get it to compile any more since I upgraded from 4.1.3 to 7; axalotl{huge}120: uname -a SunOS axalotl 5.7 Generic_106541-08 sun4m sparc SUNW,SPARCstation-10 axalotl{huge}121: gcc -v Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/2.8.1/specs gcc version 2.8.1 axalotl{huge}122: cd ~/prog/news/xvnews /home/huge/prog/news/xvnews axalotl{huge}123: make making all in ./guide/libguide... cc -O -I/usr/include -I.. -c gio.c gio.c: In function `gio_printf': gio.c:994: `__builtin_va_alist' undeclared (first use in this function) gio.c:994: (Each undeclared identifier is reported only once gio.c:994: for each function it appears in.) *** Error code 1 make: Fatal error: Command failed for target `gio.o' Current working directory /home/huge/prog/news/xvnews-2.3/guide/libguide *** Error code 1 make: Fatal error: Command failed for target `all' I'm not a (professional) C programmer, and fixing this looks way beyond my knowledge.... Regards, Hugh. -- "The road to Paradise is through Intercourse." The uk.transport FAQ; http://www.huge.org.uk/transport/FAQ.html - ------------------------------ End of Suns-at-Home Digest ******************************