mikaowx

Hi all! I am in a situation where I urgently need to run a vnc server on my MDK 10.1 box. The connection works just fine. The bothering thing is that we have 100Mbit ethernet there and as you may have recognized when a vnc client tries to connect to the server, the server automatically offers authenticated users the Xkbor (whatever it is called) the simpliest and most bandwidth savy environment. However we would need more comfortable environment to get our job easily done. How is it possible to switch the default desktop for vnc connections? thanks in advance: mikaowx

Solved! Now I have it! Thanks.

I've just noticed I cant find draksec on the 2005LE Download edition. Have I overlooked something? Isnt draksec included in this edition?

Jeez! I havent thought this would solve my problem but it did! Since I dont run ssh from xinetd I figured it has nothing to do with hosts.allow. Now I know it has. Thanks again

Here's the only entry I've found in /var/log/auth.log Apr 1 10:12:20 mooo sshd[4438]: Received signal 15; terminating. Apr 1 10:12:21 mooo sshd[4500]: Server listening on 192.168.200.10 port 22. Other logs just wont show any valuable info about what happened. The interesting thing is, I havent changed anything in the configuration files since it has been working. I am therefore suspecting something is wrong with draksec or the way it handles file permissions. I'll try to set the original values of permissions on files back to normal manually. Would someone with a working sshd post me the listing of /etc/sshd and its contents, file and directory permissions? I would also need the orig perm of /etc/sshd directory itself. Thanks in advance

I have two Mdk 10.1 boxes which had been installed months ago with sshd enabled on them. Sshd was working at the beginning on both macines. I could login from any other boxes. Then I set http service up on both. Since those services have to be running to serve clients from the internet I decided to use draksec to make them more secure. Now I cant connect to any of these boxes even if I set security level to low and have iptables emptied. What went wrong? Has anyone had similar experience? Any help would be appreciated, Thanks

Meanwhile another question arose; the previous installation had been done automatically by the mandrake installer at sysinstall , therefore am I to suspect that it had created the necessary certificates automatically? Are certs made automatically at reinstall? Thanks

I have reinstalled sshd which has worked absolutely fine but for other reasons I had uninstalled it before. Now it wouldnt let users in, here's /var/log/auth.log: Apr 1 10:12:20 mooo sshd[4438]: Received signal 15; terminating. Apr 1 10:12:21 mooo sshd[4500]: Server listening on 192.168.200.10 port 22. What on earth does address already in use mean? ps axu dont provide me any further information on this since there arent any other instances of sshd running. I've tried to switch the service off and back on again but that wouldnt help either? I hope it's not a ufo playing tricks on me unnoticed :) Anyways, firewall switched off, msec has been set to level 3. Although it has been set to higher in the past. Do you think I have spioiled up something with msec?

Finally I have digged up some usefull info about how to stop the ssl version from starting up along with apache, -for those of you who havent got a clue it's in /usr/lshare/doc/apachexxx/ssl.conf where the pattern SSLEngine=on/off directive is meant to control whether to start the ssl version with apache.- but in my case it's the other way around. I am about to stop the service listening on port 80. Other infos are pointing out to this like; one should change the IFDefine directive in commonhttpd.conf where the ports apache listening on are determined. It says you should modify this directive to have apache listen only on 443 not on the regular port 80. Why isnt that working? IMHO it's simply because both versions are using the same config file and if the ssl service started the regular service throws an error message saying "port 443 already in use". It's logical isnt it? Would be pleased to hear about any solutions to this.

Yes, I would need just that! In this case though I am trying to get the ssl version running. Do I have to comment the ssl module out avoiding it from loading to get rid of the ssl service if I wanted to have apache to run normally? What should I do if I wanted to run the ssl service only? Cuz basically this is what I am about to do now. Dont know how to do that or what to change in the configuration files?

I mean apache2 is compiled in a way that you cant start the normal http or the ssl service separately, both come alive when starting the service. Some years back when I used apache 1.3 there were apachectl and apachectl-ssl or you could also start them from init.d as two different types of service. I even saw there's a sample ssl.conf somewhere among the librarys, which used to be the way if one wanted to configure and run apache ssl. Is there a way to this with the shipped version?

Hi. My problem is that I cant actually start apache2 listening only on port 80 or 443 on Mandrake 10.1 as it was on apache 1.3. There arent even separate apachectl commands or any other commands to do that. Is there a solution to solve this in the configuration or is this the way apache2 has been precompiled? Do I need to download and compile apache2 to suit this need of mine? Thanks

It's all up and running! I havent had the slightest clue about this service. The most convenient way tough! They also have services like ip cloaking, MX host backup and superior dns. Never mind, that I dont even know what some of those services are ! :D You guys both deserve a good pint for helping me out! Thanks again sellis, Qchem!

This advice makes sense.This is meaningful. Are you saying you have this up and running already? I must must have overlooked something when I read about dyndns. How have you configured it regarding the site? Wasnt it too hard? What kind of records do you have to create at the site? A pointer? This router also has the ability to handle dynamic dns so I might just go ahead and try it. Concerning the mailing process I have found one very lightweight MTA which I would like to share with you all who are or in the future might be interested in such a "mission", some might have heard of ssmail. It's basically a Local SMTP relay,with options like sender and domain can of course be masquaraded so this one would simply shoot the mail out to space. No doubt it's tiny but it doesnt even become a demon so there arent many security issues to worry about. thanks in advance

Hi. Why dyndns isnt the way? Because all of your users have to be configured with it I guess. What would anyone out of the unknown benefit of me being registered at dyndns if they dont even know how to set their own dns server settings? Right? You flicked a switch in my mind while I've been thinking of this and I think I have the solution! I am gratefull! Qchem! How about having your script somehow insert the result into a local copy of the html? After that have automated ftp upload it (I already know how to do it since I have done this several times when I was working with login scripts) to the website's ftp at scheduled intervals where it can be loaded and displayed from. I admit I havent seen cron doing hourly jobs tough. Daily jobs maybe. Is this hourly schedule possible to do with cron? Obviously this is the simpliest idea so far. The posting trouble still active tough!