[SunHELP] RE:(U//FOUO) SunHELP digest, Vol 1 #1535 - 15 msgs

Ives Keith M Cont AFIWC/IOT Keith.Ives at LACKLAND.AF.MIL
Thu Feb 21 11:46:02 CST 2002


Classification: UNCLASSIFIED
Security Control Marking: FOR OFFICIAL USE ONLY

You are only going to restore 1 filesystem at a time.  What I would do is
start the restore with -iv (interactive and verbose).  That way you can see
exactly whats happening (i.e the file system intended to be restored).

-----Original Message-----
From: sunhelp-request at sunhelp.org [mailto:sunhelp-request at sunhelp.org]
Sent: Thursday, February 21, 2002 4:33 AM
To: sunhelp at sunhelp.org
Subject: SunHELP digest, Vol 1 #1535 - 15 msgs


Send SunHELP mailing list submissions to
	sunhelp at sunhelp.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.sunhelp.org/mailman/listinfo/sunhelp
or, via email, send a message with subject or body 'help' to
	sunhelp-request at sunhelp.org

You can reach the person managing the list at
	sunhelp-admin at sunhelp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of SunHELP digest..."


Today's Topics:

   1. RE: Sparc5 (Dale Ghent)
   2. RE: Sparc5 (Chris Barnes)
   3. RE: Sparc5 (Dale Ghent)
   4. RE: Sparc5 (Chris Barnes)
   5. RE: sshd2 - remote connection (Markham, Richard)
   6. RE: sshd2 - remote connection (Fogg, James)
   7. RE: Re: Open Boot (Robert Novak)
   8. Server/Workstation (victor kiyan)
   9. Re: I need Help (Ravi Katti)
  10. Re: sshd2 - remote connection (Kurt Huhn)
  11. Re: Copying data from one server to another (Will Yardley)
  12. Re: Server/Workstation (Will Yardley)
  13. Ultra 10 for Sale. (Assad Khan)
  14. Help  on ufsrestore (gsd)
  15. Bind 8.2.3 from SUNFREEWARE (Sangbutsarakum, Patai)

--__--__--

Message: 1
Date: Wed, 20 Feb 2002 16:09:26 -0500 (EST)
From: Dale Ghent <daleg at elemental.org>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Subject: RE: [SunHELP] Sparc5
Reply-To: sunhelp at sunhelp.org

On Thu, 21 Feb 2002, Chris Barnes wrote:

| Ok kool coz I read somewhere to plug the null modem into ttya and make
sure
| there is no keyboard plugged in. If I plug the other end of the null modem
| into the serial port of my laptop and run a terminal program that can
| emulate vt100 at 9600,N,8,1 then I should have full access to the machine
at
| the prom level and in the os?

yes.

/dale

--__--__--

Message: 2
From: Chris Barnes <Chris_Barnes at rams.com.au>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Subject: RE: [SunHELP] Sparc5
Date: Thu, 21 Feb 2002 08:18:36 +1100
Reply-To: sunhelp at sunhelp.org

Do you know anything about the 2 sets of jumpers on the system board that
determine weather the serial ports are rs-232 or rs-432? I read in the
Sparc5 installation manual that if I'm using x.25 in Europe then I need to
change the those two jumpers which will change the serial ports from rs-432
to rs-232...
I only ask because I have actually tried using my laptop with the null modem
in ttya but I don't get anything in my terminal program. I know the null
modem works, I tested it between two other machines, then between my laptop
and another machine. So this makes me think that he serial ports on the
sparc 5 are set incorrectly.
Any ideas?

--

-----Original Message-----
From: Dale Ghent [mailto:daleg at elemental.org] 
Sent: Thursday, 21 February 2002 8:09 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Sparc5

On Thu, 21 Feb 2002, Chris Barnes wrote:

| Ok kool coz I read somewhere to plug the null modem into ttya and make
sure
| there is no keyboard plugged in. If I plug the other end of the null modem
| into the serial port of my laptop and run a terminal program that can
| emulate vt100 at 9600,N,8,1 then I should have full access to the machine
at
| the prom level and in the os?

yes.

/dale
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp

Searching for "A Better Way" to a home loan ?. Call RAMS on 13 7267, or go
to http://www.rams.com.au

The e-mail and any attachments may contain confidential information.  If you
receive it in error you must not use or disclose the information. You must
tell us and delete it. We do not waive any legal privilege by sending it.
RAMS does not promise that the email is free from virus defect or error.

--__--__--

Message: 3
Date: Wed, 20 Feb 2002 16:21:58 -0500 (EST)
From: Dale Ghent <daleg at elemental.org>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Subject: RE: [SunHELP] Sparc5
Reply-To: sunhelp at sunhelp.org

On Thu, 21 Feb 2002, Chris Barnes wrote:

| Do you know anything about the 2 sets of jumpers on the system board that
| determine weather the serial ports are rs-232 or rs-432? I read in the
| Sparc5 installation manual that if I'm using x.25 in Europe then I need to
| change the those two jumpers which will change the serial ports from
rs-432
| to rs-232...
| I only ask because I have actually tried using my laptop with the null
modem
| in ttya but I don't get anything in my terminal program. I know the null
| modem works, I tested it between two other machines, then between my
laptop
| and another machine. So this makes me think that he serial ports on the
| sparc 5 are set incorrectly.

Should be set to RS-232 for the most compatability.

Run 'eeprom | grep tty' from a shell prompt and see if the serial ports on
the sparc5 are indeed set to 9600/8/n/1

/dale

--__--__--

Message: 4
From: Chris Barnes <Chris_Barnes at rams.com.au>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Subject: RE: [SunHELP] Sparc5
Date: Thu, 21 Feb 2002 08:29:38 +1100
Reply-To: sunhelp at sunhelp.org

That brings me to my second question.
I have only recently bought this sparc 5...it looks like it is very new
because it was still in the box still wrapped in plastic with all manuals
and stuff, and the invoice reads something about how it was shipped with
"SOL2.3" I don't know if that means its got solaris 2.3 on it but I seem to
be having a lot of trouble getting past the ok prompt. I thought it should
simply boot into solaris automatically, or if not I could simply type
boot[enter] and it will boot into solaris, but I am getting an error...i
cant quote it exactly right now because the machine is at home but basically
it looks like it checks /devices, then it checks /dev, then it says
something about nothing to boot, trying cdrom..there's no cdrom so then it
says its trying the network. Then it says "program terminated" and drops me
to an ok prompt.
I don't know if this means there isn't any os installed...i don't know too
much about SPARC machines...i've only really played around with Solaris for
intel.


--

-----Original Message-----
From: Dale Ghent [mailto:daleg at elemental.org] 
Sent: Thursday, 21 February 2002 8:22 AM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] Sparc5

On Thu, 21 Feb 2002, Chris Barnes wrote:

| Do you know anything about the 2 sets of jumpers on the system board that
| determine weather the serial ports are rs-232 or rs-432? I read in the
| Sparc5 installation manual that if I'm using x.25 in Europe then I need to
| change the those two jumpers which will change the serial ports from
rs-432
| to rs-232...
| I only ask because I have actually tried using my laptop with the null
modem
| in ttya but I don't get anything in my terminal program. I know the null
| modem works, I tested it between two other machines, then between my
laptop
| and another machine. So this makes me think that he serial ports on the
| sparc 5 are set incorrectly.

Should be set to RS-232 for the most compatability.

Run 'eeprom | grep tty' from a shell prompt and see if the serial ports on
the sparc5 are indeed set to 9600/8/n/1

/dale
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp

Searching for "A Better Way" to a home loan ?. Call RAMS on 13 7267, or go
to http://www.rams.com.au

The e-mail and any attachments may contain confidential information.  If you
receive it in error you must not use or disclose the information. You must
tell us and delete it. We do not waive any legal privilege by sending it.
RAMS does not promise that the email is free from virus defect or error.

--__--__--

Message: 5
From: "Markham, Richard" <RMarkham at hafeleamericas.com>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Subject: RE: [SunHELP] sshd2 - remote connection
Date: Wed, 20 Feb 2002 16:38:14 -0500
Reply-To: sunhelp at sunhelp.org

ill clarify

1) External = outside the firewall
2) Internal = inside the firewall

things are working between this external server and the internal network
since 
there are rules in place within our pix firewall.

overall goal here is to find and document what security measures are in
place on 
the external server in regards to the outside world.  In my own testing I
see that 
is blocking ICMP from the outside world and also the running services such
as proftpd 
and ssh2 are blocked (outside world only). I found that this blocking is not
part of 
these two service's configurations, nor the presence of the software base
firewalls 
I previous listed.  Sorry that I haven't been very thourough on my
descriptions.
I will check into your suggestion.


-----Original Message-----
From: Fogg, James [mailto:JFogg at vicinity.com]
Sent: Wednesday, February 20, 2002 2:59 PM
To: 'sunhelp at sunhelp.org'
Subject: RE: [SunHELP] sshd2 - remote connection


Umm.. sounds like proxy arp is enabled and/or a netmask is set wrong. Of
course, this is assuming I even understand what you are trying to say.

James Fogg, Network Engineer
Vicinity Corporation - New Hampshire
(603) 442-1751

~ -----Original Message-----
~ From: Markham, Richard [mailto:RMarkham at hafeleamericas.com]
~ Sent: Wednesday, February 20, 2002 11:36 AM
~ To: 'sunhelp at sunhelp.org'
~ Subject: RE: [SunHELP] sshd2 - remote connection
~ 
~ 
~ sorry my point was not clear.  the functionality of ssh is 
~ working this
~ is network related.
~ 
~ restatement:
~ I cannot connect from external(home) to external(work) but I 
~ can connect
~ external(work) to internal(work).  My first guess was that something 
~ along the lines of ipf, ipfw, ipchains, iptables, sunscreen, 
~ tcpwrappers
~ is installed.  This external(work) box is blocking ICMP as well.  The
~ apps listed above, I have now checked for so I am thinking 
~ perhaps there 
~ is some routing tables set in the internet router.  This setup was 
~ previously implemented and I am disecting the setup.  The 
~ reality is that 
~ I can ssh through VPN anyway so nothing needs to be changed, 
~ but do to 
~ this day and age everything has to be documented =).
~ 
~ Again thank you in consideration for my issue.  =)
~ 
~ 
~ 
~ -----Original Message-----
~ From: Dicu Silviu [mailto:linuxsil at yahoo.com]
~ Sent: Wednesday, February 20, 2002 10:26 AM
~ To: sunhelp at sunhelp.org
~ Subject: Re: [SunHELP] sshd2 - remote connection
~ 
~ 
~ what do you mean "the ability to ssh to a
~ particular box" ?
~ 
~ 
~ to connect with a password, with keys or something like rsh ?
~ 
~ 
~  
~ --- "Markham, Richard" <RMarkham at hafeleamericas.com> wrote:
~ > I want to let one remote host have the ability to ssh to a
~ > particular box.
~ > Currently through a leg in the firewall all the lan boxes can ssh
~ > to this
~ > host.  So on the outside this box is only protected by its own
~ > configuration.
~ > I uncommented IgnoreRootRhosts  no
~ > and then created a ~/.rhosts files and am not able to connect.  Am
~ > I in the 
~ > right direction?
~ > _______________________________________________
~ > SunHELP maillist  -  SunHELP at sunhelp.org
~ > http://www.sunhelp.org/mailman/listinfo/sunhelp
~ 
~ 
~ =====
~ Silviu Dicu
~ Yahoo! Sports - Coverage of the 2002 Olympic Games
~ http://sports.yahoo.com
~ _______________________________________________
~ SunHELP maillist  -  SunHELP at sunhelp.org
~ http://www.sunhelp.org/mailman/listinfo/sunhelp
~ _______________________________________________
~ SunHELP maillist  -  SunHELP at sunhelp.org
~ http://www.sunhelp.org/mailman/listinfo/sunhelp
~ 
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp

--__--__--

Message: 6
From: "Fogg, James" <JFogg at vicinity.com>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Subject: RE: [SunHELP] sshd2 - remote connection
Date: Wed, 20 Feb 2002 14:29:22 -0800
Reply-To: sunhelp at sunhelp.org

OK, this sounds like you are hacking your own company. Don't blame me if you
get fired, but what I suggest is running nmap against your outside interface
from both the inside and outside. This will reveal all the open ports and
conduits. Just a warning, if you were doing this in my company you would be
made to "walk the plank" (in other words, you would be fired), and yes, we
would notice the hacking attempts.

James Fogg, Network Engineer
Vicinity Corporation - New Hampshire
(603) 442-1751

~ -----Original Message-----
~ From: Markham, Richard [mailto:RMarkham at hafeleamericas.com]
~ Sent: Wednesday, February 20, 2002 4:38 PM
~ To: 'sunhelp at sunhelp.org'
~ Subject: RE: [SunHELP] sshd2 - remote connection
~ 
~ 
~ ill clarify
~ 
~ 1) External = outside the firewall
~ 2) Internal = inside the firewall
~ 
~ things are working between this external server and the 
~ internal network
~ since 
~ there are rules in place within our pix firewall.
~ 
~ overall goal here is to find and document what security 
~ measures are in
~ place on 
~ the external server in regards to the outside world.  In my 
~ own testing I
~ see that 
~ is blocking ICMP from the outside world and also the running 
~ services such
~ as proftpd 
~ and ssh2 are blocked (outside world only). I found that this 
~ blocking is not
~ part of 
~ these two service's configurations, nor the presence of the 
~ software base
~ firewalls 
~ I previous listed.  Sorry that I haven't been very thourough on my
~ descriptions.
~ I will check into your suggestion.
~ 

--__--__--

Message: 7
Date: Wed, 20 Feb 2002 08:48:58 -0800 (PST)
From: Robert Novak <rnovak at indyramp.com>
To: sunhelp at sunhelp.org
Subject: [SunHELP] RE: Re: Open Boot
Reply-To: sunhelp at sunhelp.org

On Tue, 19 Feb 2002, Dale Ghent wrote:

> setenv input-device ttya keyboard (sets the primary to ttya, secondary to
> 				   keyboard)

I'm not sure that this will work (even with the =) since the system
won't notice a missing ttya in the way you expect. 

The default behaviour is the opposite... If 'input-device' is set to
"keyboard" and there's no keyboard detected, it fails over to ttya for
input-device and output-device. I suspect on a working system, ttya will
always be detected, and if it's not, you probably have bigger problems
that a keyboard won't solve.

I don't think there's an auto-failover for output-device. If there is no
keyboard, both input and output are set to ttya. The PROM will tell you
this on the screen (if attached) before going blank and switching all
output to ttya.

--Rob

-- 
Robert Novak, Indyramp Consulting * rnovak at indyramp.com *
indyramp.com/~rnovak
	"I don't want to doubt you, Know everything about you
      I don't want to sit Across the table from you Wishing I could run."

--__--__--

Message: 8
Date: Wed, 20 Feb 2002 15:03:25 -0800 (PST)
From: victor kiyan <vkiyan at yahoo.com>
To: sunhelp at sunhelp.org
Subject: [SunHELP] Server/Workstation
Reply-To: sunhelp at sunhelp.org

Hi,
I'm new in the business of UNIX with lots of
questions, recently bought a SPARCstation 5 with
Solaris 8, what do I need to do if I want to logon
from outside (from work for instance)using a regular
PC? would it work as a server as well? thanx in advance...victor
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

--__--__--

Message: 9
From: "Ravi Katti" <ravikatti at hotmail.com>
To: sunhelp at sunhelp.org
Subject: Re: [SunHELP] I need Help
Date: Thu, 21 Feb 2002 00:39:57 +0000
Reply-To: sunhelp at sunhelp.org

Did you try www.stokely.com? You get all the info you need.

----Original Message Follows----
From: "Akif Raza" <akf747 at hotmail.com>
Reply-To: sunhelp at sunhelp.org
To: sunhelp at sunhelp.org
Subject: [SunHELP] I need Help
Date: Sun, 17 Feb 2002 16:47:14 +0000

Hi

I am so sorry about Sun Solaris I really like its security reliabilty but
really dont like its help or forum I am working on sun platforms for about
more then 6 years but i am working on java side or other development but in
case of solaris dialup. I am really fedup this is really so horible to
configure it there are two many sites which tells about its dialing
procedure but there are like garbage i dont see any thing same on these
sites some of them tells about solstice some tells about pppd there are both
disgusting to configure. I have also visited on www.kempston.net sites they
didnt describe ppp dialing or ppp dialin configuration properly why cant Sun
by it self develop a proper and easier configuration tool for dialing in and
out. please help me out I have US Robotics external modem and i have both
solaris on Intel and sparc Platform and i want to dial ISP for internet and
dial in and out for both Intel to Sparc solaris and vice versa so please
provide me proper information about this. I will be very thank full to you


Thank You



Akif Raza



_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

--__--__--

Message: 10
From: "Kurt Huhn" <kurt at k-huhn.com>
To: <sunhelp at sunhelp.org>
Subject: Re: [SunHELP] sshd2 - remote connection
Date: Wed, 20 Feb 2002 19:41:07 -0500
Reply-To: sunhelp at sunhelp.org

> conduits. Just a warning, if you were doing this in my company you would
be
> made to "walk the plank" (in other words, you would be fired), and yes, we
> would notice the hacking attempts.
>

Unless you provide adequate warning, and a clear description of what you're
doing.  I make it a habit to do that at least once per month...

Kurt

--__--__--

Message: 11
Date: Wed, 20 Feb 2002 16:56:34 -0800
From: Will Yardley <william+sun at hq.newdream.net>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Organization: New Dream Network
Subject: [SunHELP] Re: Copying data from one server to another
Reply-To: sunhelp at sunhelp.org

Dale Ghent wrote:
> |
> | I have a large filesystem (~20 - 25 gig) that I need to copy to another
> | server. What is the best way to get the data from one server to another?
> 
> If you have ssh (or rsh - ick!) running on the two systems in question,
> you can do a tar racross the network, like so:

you might also look at rsync (tunneled over ssh, of course)...

this is cool too since you can run it a second time after you're done
and it will update anything that's changed since you last copied stuff
over (and only the stuff that's changed).

rsync also deals properly (in my experience) with copying device nodes,
fifos and the like.

-- 
William Yardley
GnuPG public key: http://infinitejazz.net/will/pgp/gpg.asc

--__--__--

Message: 12
Date: Wed, 20 Feb 2002 17:03:24 -0800
From: Will Yardley <william+sun at hq.newdream.net>
To: sunhelp at sunhelp.org
Organization: New Dream Network
Subject: [SunHELP] Re: Server/Workstation
Reply-To: sunhelp at sunhelp.org

victor kiyan wrote:

> I'm new in the business of UNIX with lots of questions, recently
> bought a SPARCstation 5 with Solaris 8, what do I need to do if I want
> to logon from outside (from work for instance)using a regular PC? 

i highly recommend using openssh and not telnet or some other insecure
protocol. there are openssh packages at the sun freeware site, or you
can compile and install it yourself.... 

this link may also be of help:
http://www.sun.com/blueprints/0701/openSSH.pdf

once you've installed it, you can use an ssh client (see
http://freessh.org for some free clients; i recommend putty for windows
and the macssh.com one for mac) to connect from anywhere.

if your box is on a link that's remotely accessible, i'd highly suggest
locking down or shutting off most remotely available services (ie ftp,
telnet, rlogin, named, rpc... pretty much everything in inetd).... and
possibly replacing sendmail with postfix.

the default configuration for solaris is very insecure, so make sure you
install the most recent patch cluster, and disable stuff you don't need.

HTH.

-- 
William Yardley
GnuPG public key: http://infinitejazz.net/will/pgp/gpg.asc

--__--__--

Message: 13
From: "Assad Khan" <assad at assad.dynup.net>
To: <sunhelp at sunhelp.org>
Date: Thu, 21 Feb 2002 03:06:22 -0500
Subject: [SunHELP] Ultra 10 for Sale.
Reply-To: sunhelp at sunhelp.org

Hi,

I have an Ultra 10 That I want to sell, I like the machine, but I am craving
SMP so I want to get an Ultra 2. :)

Here are the specs:

300 MHz UltraSPARC IIi CPU

256 MB RAM

10.1 GB IBM 60GXP HDD, 7200 RPM

Creator 3D Series 2 (I believe) FFB

Built in VGA Fram Buffer, 10/100 (hme) Ethernet, Sound.

Floppy Drive.

24X CDROM Drive.

Solaris 8 Pre-Install and Media (CDR).

$400+Shipping. Will be professionally boxed.

Here are the pictures:

http://assad.dynup.net/u10-1.jpg
http://assad.dynup.net/u10-2.jpg
http://assad.dynup.net/u10-3.jpg

The Monitor is *NOT* Included!

Thanks.
Assad.

--__--__--

Message: 14
From: "gsd" <gaurang123 at yahoo.com>
To: <sunhelp at sunhelp.org>
Date: Thu, 21 Feb 2002 16:03:12 +0530
Subject: [SunHELP] Help  on ufsrestore
Reply-To: sunhelp at sunhelp.org

Dear All,

I hv taken full system backup of /,/usr,/var,/opt,/temp on a single
cartridge
with

ufsdump ofcu /dev/rmt/2cbn file-sys

suppose if i need to restore only one file system from by backup,lets say
/usr

mt -f /dev/rmt/2 fsf 2
ufsrestore rf /dev/rmt/2 /usr

will work as 'r' in ufsrestore argument ref. to recursive restore.Does it
mean
it will restore all filesystems available on cartridge or only given file
system where fsf pointer is targeted.(mt -f /dev/rmt/2 fsf n)

Rgds.,
Gaurang

--__--__--

Message: 15
From: "Sangbutsarakum, Patai" <patais at reach.com>
To: "'sunhelp at sunhelp.org'" <sunhelp at sunhelp.org>
Date: Thu, 21 Feb 2002 17:36:32 +0700
Subject: [SunHELP] Bind 8.2.3 from SUNFREEWARE
Reply-To: sunhelp at sunhelp.org

Dear folks,
Now, I'm running bind 8.2.3 download from Sun Freeware.
I've try to use $GENERATE. but look likes it doesn't work.
in /var/adm/messages shows "..rejected due to errors (serial
2002022106)"
but when I comment GENERATE out, no such complain.
 
Anybody please suggest me,
Is there possible to use $GENERATE in solaris package.?
Or I need to compile from scratch by myself.
 
Regards,
Pat.


--__--__--

_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp


End of SunHELP Digest

Classification: UNCLASSIFIED
Security Control Marking: FOR OFFICIAL USE ONLY



More information about the SunHELP mailing list