Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

Monday, April 08, 2019

Troubleshooting NSM Virtualization Problems with Linux and VirtualBox

I spent a chunk of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day troubleshooting a network security monitoring (NSM) problem. I thought I would share cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem and my investigation in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hopes that it might help ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs. The specifics are probably less important than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 general approach.

It began with ja3. You may know ja3 as a set of Zeek scripts developed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Salesforce engineering team to profile client and server TLS parameters.

I was reviewing Zeek logs captured by my Corelight appliance and by one of my lab sensors running Security Onion. I had coverage of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same endpoint in both sensors.

I noticed that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SO Zeek logs did not have ja3 hashes in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ssl.log entries. Both sensors did have ja3s hashes. My first thought was that SO was misconfigured somehow to not record ja3 hashes. I quickly dismissed that, because it made no sense. Besides, verifying that intution required me to start troubleshooting near cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software stack.

I decided to start at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom, or close to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom. I had a sinking suspicion that, for some reason, Zeek was only seeing traffic sent from remote systems, and not traffic originating from my network. That would account for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 creation of ja3s hashes, for traffic sent by remote systems, but not ja3 hashes, as Zeek was not seeing traffic sent by local clients.

I was running SO in VirtualBox 6.0.4 on Ubuntu 18.04. I started sniffing TCP network traffic on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SO monitoring interface using Tcpdump. As I feared, it didn't look right. I ran a new capture with filters for ICMP and a remote IP address. On anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r system I tried pinging cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remote IP address. Sure enough, I only saw ICMP echo replies, and no ICMP echoes. Oddly, I also saw doubles and triples of some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ICMP echo replies. That worried me, because unpredictable behavior like that could indicate some sort of software problem.

My next step was to "get under" cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM guest and determine if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM host could see traffic properly. I ran Tcpdump on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Ubuntu 18.04 host on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 monitoring interface and repeated my ICMP tests. It saw everything properly. That meant I did not need to bocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r checking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 switch span port that was feeding traffic to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VirtualBox system.

It seemed I had a problem somewhere between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM host and guest. On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same VM host I was also running an instance of RockNSM. I ran my ICMP tests on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RockNSM VM and, sadly, I got cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same one-sided traffic as seen on SO.

Now I was worried. If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem had only been present in SO, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I could fix SO. If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem is present in both SO and RockNSM, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem had to be with VirtualBox -- and I might not be able to fix it.

I reviewed my configurations in VirtualBox, ensuring that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Promiscuous Mode" under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Advanced options was set to "Allow All". At this point I worried that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re was a bug in VirtualBox. I did some Google searches and reviewed some forum posts, but I did not see anyone reporting issues with sniffing traffic inside VMs. Still, my use case might have been weird enough to not have been reported.

I decided to try a different approach. I wondered if running VirtualBox with elevated privileges might make a difference. I did not want to take ownership of my user VMs, so I decided to install a new VM and run it with elevated privileges.

Let me stop here to note that I am breaking one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rules of troubleshooting. I'm introducing two new variables, when I should have introduced only one. I should have built a new VM but run it with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same user privileges with which I was running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 existing VMs.

I decided to install a minimal edition of Ubuntu 9, with VirtualBox running via sudo. When I started cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM and sniffed traffic on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 monitoring port, lo and behold, my ICMP tests revealed both sides of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic as I had hoped. Unfortunately, from this I erroneously concluded that running VirtualBox with elevated privileges was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer to my problems.

I took ownership of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SO VM in my elevated VirtualBox session, started it, and performed my ICMP tests. Womp womp. Still broken.

I realized I needed to separate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two variables that I had entangled, so I stopped VirtualBox, and changed ownership of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian 9 VM to my user account. I cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n ran VirtualBox with user privileges, started cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian 9 VM, and ran my ICMP tests. Success again! Apparently elevated privileges had nothing to do with my problem.

By now I was glad I had not posted anything to any user forums describing my problem and asking for help. There was something about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 monitoring interface configurations in both SO and RockNSM that resulted in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 inability to see both sides of traffic (and avoid weird doubles and triples).

I started my SO VM again and looked at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script that configured cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interfaces. I commented out all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entries below cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 management interface as shown below.

$ cat /etc/network/interfaces

# This configuration was created by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Onion setup script.
#
# The original network interface configuration file was backed up to:
# /etc/network/interfaces.bak.
#
# This file describes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network interfaces available on your system
# and how to activate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. For more information, see interfaces(5).

# loopback network interface
auto lo
iface lo inet loopback

# Management network interface
auto enp0s3
iface enp0s3 inet static
  address 192.168.40.76
  gateway 192.168.40.1
  netmask 255.255.255.0
  dns-nameservers 192.168.40.1
  dns-domain localdomain

#auto enp0s8
#iface enp0s8 inet manual
#  up ip link set $IFACE promisc on arp off up
#  down ip link set $IFACE promisc off down
#  post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
#  post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

#auto enp0s9
#iface enp0s9 inet manual
#  up ip link set $IFACE promisc on arp off up
#  down ip link set $IFACE promisc off down
#  post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
#  post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

I rebooted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system and brought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enp0s8 interface up manually using this command:

$ sudo ip link set enp0s8 promisc on arp off up

Fingers crossed, I ran my ICMP sniffing tests, and voila, I saw what I needed -- traffic in both directions, without doubles or triples no less.

So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re appears to be some sort of problem with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way SO and RockNSM set parameters for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir monitoring interfaces, at least as far as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y interact with VirtualBox 6.0.4 on Ubuntu 18.04. You can see in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network script that SO disables a bunch of NIC options. I imagine one or more of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 culprit, but I didn't have time to work through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m individually.

I tried taking a look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network script in RockNSM, but it runs CentOS, and I'll be darned if I can't figure out where to look. I'm sure it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re somewhere, but I didn't have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time to figure out where.

The moral of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story is that I should have immediately checked after installation that both SO and RockNSM were seeing both sides of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic I expected cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to see. I had taken that for granted for many previous deployments, but something broke recently and I don't know exactly what. My workaround will hopefully hold for now, but I need to take a closer look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NIC options because I may have introduced anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r fault.

A second moral is to be careful of changing two or more variables when troubleshooting. When you do that you might fix a problem, but not know what change fixed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue.

Saturday, January 25, 2014

Suricata 2.0beta2 as IPS on Ubuntu 12.04

Today I decided to install Suricata, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open source intrusion detection and prevention engine from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Open Information Security Foundation (OISF), as an IPS.

I've been running Suricata in IDS mode through Security Onion on and off for several years, but I never tried Suricata as an IPS.

I decided I wanted to run Suricata as a bridging IPS, such that it did not route traffic. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, I could place a Suricata IPS between, say, a router and a firewall, or between a router and a host, and neicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r endpoint would know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPS was present.

Looking at available documentation across cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web, I did not see specific mention of this exact configuration. It's entirely possible I missed something useful, but most people running Linux as a bridge weren't using Suricata.

Those running Linux as a bridge sometimes enabled an IP address for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge, which is something I didn't want to do. (True bridges should be invisible to endpoints.)

Of course, to administer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge system itself, you ensure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box has a third interface and you assign that interface a management IP address.

I also noticed those using Suricata as an IPS tended to configure it as a router, giving IP addresses to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internal and external IP addresses. I wanted an invisible bridge, not a router.

The hardware I used for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge was a 2003-era Shuttle small form factor system with 512 MB RAM, two NICs (eth0 and eth1), and a wireless NIC (wlan0). I installed Ubuntu Server 12.04.3 LTS. I tried installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 64 bit version but realized cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box was too old for 64 bit. Once I tried a 32 bit installation I was working in no time.

The first step I took was to create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge. I wanted to deploy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system between a router and an endpoint with IP address 192.168.2.142, like this:

router <-> eth0/Linux bridge/eth1 <-> 192.168.2.142

These are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commands to create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge. This how-to was useful.

$ sudo apt-get install bridge-utils
$ sudo brctl addbr br0
$ sudo brctl addif br0 eth0
$ sudo brctl addif br0 eth1
$ sudo ifconfig eth0 0.0.0.0
$ sudo ifconfig eth1 0.0.0.0
$ sudo ifconfig br0 up

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge working, I could reach 192.168.2.142, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endpoint host, through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Ubuntu Linux bridge system. If I wanted to, I could watch traffic with Tcpdump on br0, eth0, or eth1.

Next I needed to install Suricata. I decided to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beta packages published by OISF as described here. I also had to install python-software-properties as shown in order to have add-apt-repository available.

$ sudo apt-get install python-software-properties

$ sudo add-apt-repository ppa:oisf/suricata-beta
You are about to add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following PPA to your system:
 Suricata IDS/IPS/NSM beta packages

http://www.openinfosecfoundation.org/
http://planet.suricata-ids.org/
http://suricata-ids.org/

Suricata IDS/IPS/NSM - Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine.

Open Source and owned by a community run non-profit foundation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Open Information Security Foundation (OISF).
 Suricata is developed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OISF, its supporting vendors and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 community.

This engine is not intended to just replace or emulate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 existing tools in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 industry, but will bring new ideas
 and technologies to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 field.

This new Engine supports:

Multi-Threading - provides for extremely fast and flexible operation on multicore systems.
File Extraction, MD5 matching - over 4000 types of file recognition/extraction transmitted live over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wire.
TLS/SSL certificate matching/logging
Automatic Protocol Detection (IPv4/6, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB )
Gzip Decompression
Fast IP Matching
Hardware acceleration on CUDA and GPU cards

and many more great features -
http://suricata-ids.org/features/all-features/
 More info: https://launchpad.net/~oisf/+archive/suricata-beta
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keyring `/tmp/tmpqk6Ubk/secring.gpg' created
gpg: keyring `/tmp/tmpqk6Ubk/pubring.gpg' created
gpg: requesting key 66EB736F from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpqk6Ubk/trustdb.gpg: trustdb created
gpg: key 66EB736F: public key "Launchpad PPA for Peter Manev" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
OK

$ sudo apt-get update
Now I was ready to install Suricata and Htp, a dependency.
$ sudo apt-get install suricata htp
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libhtp1 libnet1 libnetfilter-queue1 libnspr4 libnss3 libyaml-0-2
The following NEW packages will be installed:
  htp libhtp1 libnet1 libnetfilter-queue1 libnspr4 libnss3 libyaml-0-2
  suricata
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,510 kB of archives.
After this operation, 8,394 kB of additional disk space will be used.
Do you want to continue [Y/n]?
...snip...
With this process done I added rules from Emerging Threats. I found Samiux's blog post helpful.
$ cd /etc/suricata
$ sudo wget https://rules.emergingthreatspro.com/open/suricata/emerging.rules.tar.gz
$ sudo tar -xzf emerging.rules.tar.gz
$ sudo mkdir /var/log/suricata
$ sudo touch /etc/suricata/threshold.config

Now I had to edit /etc/suricata/suricata.yaml. The following diff shows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes I made to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original file.

$ diff -u /etc/suricata/suricata.yaml.orig /etc/suricata/suricata.yaml
--- /etc/suricata/suricata.yaml.orig    2014-01-25 21:39:57.542801685 -0500
+++ /etc/suricata/suricata.yaml 2014-01-25 21:41:31.530801055 -0500
@@ -46,7 +46,7 @@

 # Default pid file.
 # Will use this file if no --pidfile in command options.
-#pid-file: /var/run/suricata.pid
+pid-file: /var/run/suricata.pid

 # Daemon working directory
 # Suricata will change directory to this one if provided
@@ -208,7 +208,7 @@

   # a line based information for dropped packets in IPS mode
   - drop:
-      enabled: no
+      enabled: yes
       filename: drop.log
       append: yes
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
@@ -337,7 +337,7 @@

 # You can specify a threshold config file by setting "threshold-file"
 # to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 path of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 threshold config file:
-# threshold-file: /etc/suricata/threshold.config
+threshold-file: /etc/suricata/threshold.config

 # The detection engine builds internal groups of signatures. The engine
 # allow us to specify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 profile to use for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, to manage memory on an
@@ -373,7 +373,7 @@
   - inspection-recursion-limit: 3000
   # When rule-reload is enabled, sending a USR2 signal to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Suricata process
   # will trigger a live rule reload. Experimental feature, use with care.
-  #- rule-reload: true
+  - rule-reload: true
   # If set to yes, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 loading of signatures will be made after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 capture
   # is started. This will limit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 downtime in IPS mode.
   #- delayed-detect: yes
Next I added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following test rule to /etc/suricata/rules/drop.rules. The file location is arbitrary. I wrote a simple rule to alert on ICMP traffic from a test system, 192.168.2.126. All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following is one line. I just broke it for readability.
alert icmp 192.168.2.126 any -> any any (msg:"ALERT test ICMP ping from 192.168.2.106";
 icode:0; itype:8; classtype:trojan-activity; sid:99999998; rev:1;)

Notice I have no iptables rules loaded at this point:

$ sudo iptables -vnL
Chain INPUT (policy ACCEPT 5 packets, 392 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 4 packets, 240 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 4 packets, 496 bytes)
 pkts bytes target     prot opt in     out     source               destination

Now I was ready to see if Suricata would at least see and alert on traffic matching my ICMP test rule. First I started Suricata and told it to watch br0, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge interface.

$ sudo suricata -c /etc/suricata/suricata.yaml -i br0

25/1/2014 -- 22:44:13 -  - This is Suricata version 2.0beta2 RELEASE
25/1/2014 -- 22:44:16 -  - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
25/1/2014 -- 22:44:33 -  - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/dns-events.rules: No such file or directory.
25/1/2014 -- 22:44:51 -  - [ERRCODE: SC_ERR_PCAP_CREATE(21)] - Using Pcap capture with GRO or LRO activated can lead to capture problems.
25/1/2014 -- 22:44:51 -  - all 2 packet processing threads, 3 management threads initialized, engine started.
I don't care about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Warning or Error notices here. I could fix those but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are not germane to demonstrating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main point of this post.

On a separate system, 192.168.2.126, I pinged 192.168.2.142.

$ ping -c 2 192.168.2.142
PING 192.168.2.142 (192.168.2.142) 56(84) bytes of data.
64 bytes from 192.168.2.142: icmp_req=1 ttl=64 time=5.29 ms
64 bytes from 192.168.2.142: icmp_req=2 ttl=64 time=4.03 ms

--- 192.168.2.142 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 4.030/4.663/5.297/0.637 ms
Then I checked my Suricata logs:
$ ls -al /var/log/suricata/
total 88
drwxr-xr-x  3 root root  4096 Jan 25 22:50 .
drwxr-xr-x 11 root root  4096 Jan 25 21:38 ..
-rw-r--r--  1 root root     0 Jan 25 22:15 drop.log
-rw-r--r--  1 root root   392 Jan 25 22:50 fast.log
-rw-r--r--  1 root root     0 Jan 25 21:42 http.log
-rw-r--r--  1 root root 66008 Jan 25 22:50 stats.log
drwxr-xr-x  2 root root  4096 Jan 25 22:15 .tmp
-rw-r--r--  1 root root   388 Jan 25 22:50 unified2.alert.1390708237

$ cat /var/log/suricata/fast.log
01/25/2014-22:50:40.510124  [**] [1:99999998:1] ALERT test ICMP ping from 192.168.2.106 [**] [Classification: A Network Trojan was detected] [Priority: 1] {ICMP} 192.168.2.126:8 -> 192.168.2.142:0
01/25/2014-22:50:41.510464  [**] [1:99999998:1] ALERT test ICMP ping from 192.168.2.106 [**] [Classification: A Network Trojan was detected] [Priority: 1] {ICMP} 192.168.2.126:8 -> 192.168.2.142:0
That worked as expected. I got alerts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ICMP traffic matching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 test ALERT rule.

Now it was time to drop traffic!

I added a new rule to drop.rules, again broken only for readability here:

drop icmp 192.168.2.126 any -> any any (msg:"DROP test ICMP ping from 192.168.2.106";
 icode:0; itype:8; classtype:trojan-activity; sid:99999999; rev:1;)
I also disabled cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous ALERT rule by commenting it out.

Next I added iptables rules for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FORWARD chain, for traffic traversing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge. This Documentation was helpful.

$ sudo iptables -I FORWARD -j NFQUEUE

$ sudo iptables -vnL
Chain INPUT (policy ACCEPT 32 packets, 2752 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            NFQUEUE num 0

Chain OUTPUT (policy ACCEPT 25 packets, 2600 bytes)
 pkts bytes target     prot opt in     out     source               destination 
Finally I restarted Suricata, this time telling it to use queue 0, where NFQUEUE was waiting for packets for Suricata.
$ sudo suricata -c /etc/suricata/suricata.yaml -q 0
25/1/2014 -- 22:54:49 -  - This is Suricata version 2.0beta2 RELEASE
25/1/2014 -- 22:54:52 -  - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
25/1/2014 -- 22:55:08 -  - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/dns-events.rules: No such file or directory.
25/1/2014 -- 22:55:26 -  - all 3 packet processing threads, 3 management threads initialized, engine started.
With Suricata running in IPS mode, I tried pinging 192.168.2.142 from 192.168.2.126 as I did earlier.
$ ping -c 2 192.168.2.142
PING 192.168.2.142 (192.168.2.142) 56(84) bytes of data.

--- 192.168.2.142 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
Nothing got through! I confirmed that I could ping cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same box from anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r source IP address. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, only ICMP from 192.168.2.126 was blocked. Now check cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Suricata logs:
$ ls -al /var/log/suricata/
total 152
drwxr-xr-x  3 root root   4096 Jan 25 22:57 .
drwxr-xr-x 11 root root   4096 Jan 25 21:38 ..
-rw-r--r--  1 root root    294 Jan 25 22:57 drop.log
-rw-r--r--  1 root root    798 Jan 25 22:57 fast.log
-rw-r--r--  1 root root      0 Jan 25 21:42 http.log
-rw-r--r--  1 root root 125812 Jan 25 22:57 stats.log
drwxr-xr-x  2 root root   4096 Jan 25 22:15 .tmp
-rw-r--r--  1 root root    388 Jan 25 22:50 unified2.alert.1390708237
-rw-r--r--  1 root root      0 Jan 25 22:55 unified2.alert.1390708526
-rw-r--r--  1 root root    360 Jan 25 22:57 unified2.alert.1390708633

$ cat drop.log
01/25/2014-22:57:17.031400: IN= OUT= SRC=192.168.2.126 DST=192.168.2.142 LEN=84 TOS=0x00 TTL=64 ID=36055 PROTO=ICMP TYPE=8 CODE=0 ID=59729 SEQ=256
01/25/2014-22:57:18.038179: IN= OUT= SRC=192.168.2.126 DST=192.168.2.142 LEN=84 TOS=0x00 TTL=64 ID=36056 PROTO=ICMP TYPE=8 CODE=0 ID=59729 SEQ=512
Cool, those are our dropped ICMP packets. Checking fast.log we'll see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original two ALERT test messages, but check out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new DROP test messages too:
$ cat /var/log/suricata/fast.log
01/25/2014-22:50:40.510124  [**] [1:99999998:1] ALERT test ICMP ping from 192.168.2.106 [**] [Classification: A Network Trojan was detected] [Priority: 1] {ICMP} 192.168.2.126:8 -> 192.168.2.142:0
01/25/2014-22:50:41.510464  [**] [1:99999998:1] ALERT test ICMP ping from 192.168.2.106 [**] [Classification: A Network Trojan was detected] [Priority: 1] {ICMP} 192.168.2.126:8 -> 192.168.2.142:0
01/25/2014-22:57:17.031400  [Drop] [**] [1:99999999:1] DROP test ICMP ping from 192.168.2.106 [**] [Classification: A Network Trojan was detected] [Priority: 1] {ICMP} 192.168.2.126:8 -> 192.168.2.142:0
01/25/2014-22:57:18.038179  [Drop] [**] [1:99999999:1] DROP test ICMP ping from 192.168.2.106 [**] [Classification: A Network Trojan was detected] [Priority: 1] {ICMP} 192.168.2.126:8 -> 192.168.2.142:0
So that's it.

Note that with this configuration, if you stop Suricata cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host it's "protecting" is totally unreachable. You can restore connectivity by flushing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 iptables rules via this command:

$ sudo iptables -F
Now cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endpoint is reachable while Suricata is not running. To re-enable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPS, you have to set up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NFQUEUE via iptables again as shown previously.

Following cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se directions you have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foundation for building a bridged IPS using Suricata on Ubuntu Server 12.04. The next step would be to fix cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 configuration issues causing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 start-up error messages, make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bridge, firewall, and Suricata components available at start-up, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n build your own set of DROP rules. There are probably also optimizations for PF_RING and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r performance features. Good luck!

Do you run Suricata as an IPS? How do you do it? Have you tried cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new 2.x beta?

Friday, April 07, 2006

Converted FreeBSD SMP System to Debian

I decided my Dell PowerEdge 2300 needed to switch from FreeBSD to Debian. I wanted to try using this SMP system to run VMware Server Beta, which runs on Windows or Linux. I'd like to record two notes about how I got this system running Debian with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.4 kernel.

First, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Dell PowerEdge 2300 uses a Megaraid RAID system that is not supported by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.6 kernel that ships with Debian. I couldn't get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.4 version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation process to recognize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RAID eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, meaning Debian didn't see a hard drive on which to install itself. I found sites like Debian on Dell Servers and considered using custom .iso's for installation. Luckily I found a much simpler solution.

During cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation, after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hardware check failed to find my hard drive, I ran cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following commands.

cd /lib/modules/2.4.27-2-386/kernel/drivers/scsi
insmod megaraid.o

That allowed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Megaraid to be recognized, after which a hardware re-check found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RAID and permitted installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS.

I had to re-run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 install several times. At one point I was getting coredumps during package installation. I originally made progress using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 'expert' installation, which allowed me to select a SMP kernel. At my last reboot I didn't select that option and instead used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 standard 'linux' install. That put a non-SMP kernel on my system. I was able to apt-get my way to a SMP kernel, so that didn't cause much trouble.

Second, as far as installing VMware Server Beta went, I used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest 22874 version and followed my own instructions. (That is why I blog.) I tested cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new VMware Server using my latest Sguil VM. After running bunzip2 and tar, I remembered to 'chmod 777 *.vmx' to allow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM to run in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Server Console. I can report that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil VM runs fine in this new setup.

Tuesday, March 21, 2006

VMware Server Beta on Debian Status Report

I previously reported running FreeBSD 6.0 on my Hacom Lex Twister VIA 1 GHz Nehemiah. Today I decided to install Debian on it. I will warn you now that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of this post is documentation for my own reference, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hope it might help someone else. If you're looking for short, pithy security insights, today is not your day.

I used a USB-connected external CD burner as my installation source. The Hacom is very temperamental with it. I had to disable all booting sources except cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USB-CD. Next I booted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hacom with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USB-CD off. Once I got an error from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BIOS about a lack of bootable devices, I cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n turn on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USB-CD and press to try booting again.

Installing Debian on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hacom was fairly painless. I did not add any packages with aptitude during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation. That meant cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following packages were installed.

hacom:~# dpkg --list
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii adduser 3.63 Add and remove users and groups
ii apt 0.5.28.6 Advanced front-end for dpkg
ii apt-utils 0.5.28.6 APT utility programs
ii aptitude 0.2.15.9-2 terminal-based apt frontend
ii at 3.1.8-11 Delayed job execution and batch processing
ii base-config 2.53.10 Debian base system configurator
ii base-files 3.1.2 Debian base system miscellaneous files
ii base-passwd 3.5.9 Debian base system master password and group
ii bash 2.05b-26 The GNU Bourne Again SHell
ii bsdmainutils 6.0.17 collection of more utilities from FreeBSD
ii bsdutils 2.12p-4sarge1 Basic utilities from 4.4BSD-Lite
ii console-common 0.7.49 Basic infrastructure for text console config
ii console-data 2002.12.04dbs- Keymaps, fonts, charset maps, fallback table
ii console-tools 0.2.3dbs-56 Linux console and font utilities
ii coreutils 5.2.1-2 The GNU core utilities
ii cpio 2.5-1.3 GNU cpio -- a program to manage archives of
ii cramfsprogs 1.1-6 Tools for CramFs (Compressed ROM File System
ii cron 3.0pl1-86 management of regular background processing
ii dash 0.5.2-5 The Debian Almquist Shell
ii debconf 1.4.30.13 Debian configuration management system
ii debconf-i18n 1.4.30.13 full internationalization support for debcon
ii debianutils 2.8.4 Miscellaneous utilities specific to Debian
ii dhcp-client 2.0pl5-19.1 DHCP Client
ii diff 2.8.1-11 File comparison utilities
ii discover1 1.7.7 hardware identification system
ii discover1-data 1.2005.01.08 hardware lists for libdiscover1
ii dpkg 1.10.28 Package maintenance system for Debian
ii dselect 1.10.28 a user tool to manage Debian packages
ii e2fslibs 1.37-2sarge1 ext2 filesystem libraries
ii e2fsprogs 1.37-2sarge1 ext2 file system utilities and libraries
ii ed 0.2-20 The classic unix line editor
ii eject 2.0.13deb-8sar ejects CDs and operates CD-Changers under Li
ii exim4 4.50-8 metapackage to ease exim MTA (v4) installati
ii exim4-base 4.50-8 support files for all exim MTA (v4) packages
ii exim4-config 4.50-8 configuration for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exim MTA (v4)
ii exim4-daemon-l 4.50-8 lightweight exim MTA (v4) daemon
ii fdutils 5.4-20040228-1 Linux floppy utilities
ii findutils 4.1.20-6 utilities for finding files--find, xargs, an
ii gcc-3.3-base 3.3.5-13 The GNU Compiler Collection (base package)
ii gettext-base 0.14.4-2 GNU Internationalization utilities for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 b
ii grep 2.5.1.ds1-4 GNU grep, egrep and fgrep
ii groff-base 1.18.1.1-7 GNU troff text-formatting system (base syste
ii grub 0.95+cvs200406 GRand Unified Bootloader
ii gzip 1.3.5-10sarge1 The GNU compression utility
ii hostname 2.13 A utility to set/show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host name or domai
ii hotplug 0.0.20040329-2 Linux Hotplug Scripts
ii ifupdown 0.6.7 high level tools to configure network interf
ii info 4.7-2.2 Standalone GNU Info documentation browser
ii initrd-tools 0.1.81.1 tools to create initrd image for prepackaged
ii initscripts 2.86.ds1-1 Standard scripts needed for booting and shut
ii ipchains 1.3.10-15 Network firewalling for Linux 2.2.x
ii iptables 1.2.11-10 Linux kernel 2.4+ iptables administration to
ii iputils-ping 20020927-2 Tools to test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reachability of network ho
ii kernel-image-2 2.4.27-10sarge Linux kernel image for version 2.4.27 on 386
ii kernel-pcmcia- 2.4.27-10sarge Mainstream PCMCIA modules 2.4.27 on 386
ii klogd 1.4.1-17 Kernel Logging Daemon
ii libacl1 2.2.23-1 Access control list shared library
ii libattr1 2.4.16-1 Extended attribute shared library
ii libblkid1 1.37-2sarge1 block device id library
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries and Timezone
ii libcap1 1.10-14 support for getting/setting POSIX.1e capabil
ii libcomerr2 1.37-2sarge1 common error description library
ii libconsole 0.2.3dbs-56 Shared libraries for Linux console and font
ii libdb1-compat 2.1.3-7 The Berkeley database routines [glibc 2.0/2.
ii libdb3 3.2.9-22 Berkeley v3 Database Libraries [runtime]
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [runtime]
ii libdiscover1 1.7.7 hardware identification library
ii libgcc1 3.4.3-13 GCC support library
ii libgcrypt11 1.2.0-11.1 LGPL Crypto library - runtime library
ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime version)
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii libgpg-error0 1.0-1 library for common error values and messages
ii liblocale-gett 1.01-17 Using libc functions for internationalizatio
ii liblockfile1 1.06 NFS-safe locking library, includes dotlockfi
ii liblzo1 1.08-1.2 A real-time data compression library
ii libncurses5 5.4-4 Shared libraries for terminal handling
ii libnewt0.51 0.51.6-20 Not Erik's Windowing Toolkit - text mode win
ii libopencdk8 0.5.5-10 Open Crypto Development Kit (OpenCDK) (runti
ii libpam-modules 0.76-22 Pluggable Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication Modules for PAM
ii libpam-runtime 0.76-22 Runtime support for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PAM library
ii libpam0g 0.76-22 Pluggable Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication Modules library
ii libpcap0.7 0.7.2-7 System interface for user-level packet captu
ii libpcre3 4.5-1.2sarge1 Perl 5 Compatible Regular Expression Library
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libsigc++-1.2- 1.2.5-4 type-safe Signal Framework for C++ - runtime
ii libss2 1.37-2sarge1 command-line interface parsing library
ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries
ii libstdc++5 3.3.5-13 The GNU Standard C++ Library v3
ii libtasn1-2 0.2.10-3 Manage ASN.1 structures (runtime)
ii libtext-charwi 0.04-1 get display widths of characters on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term
ii libtext-iconv- 1.2-3 Convert between character sets in Perl
ii libtext-wrapi1 0.06-1 internationalized substitute of Text::Wrap
ii libtextwrap1 0.1-1 text-wrapping library with i18n - runtime
ii libusb-0.1-4 0.1.10a-9.sarg userspace USB programming library
ii libuuid1 1.37-2sarge1 universally unique id library
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers library
ii locales 2.3.2.ds1-22 GNU C Library: National Language (locale) da
ii login 4.0.3-31sarge5 system login tools
ii logrotate 3.7-5 Log rotation utility
ii mailx 8.1.2-0.200405 A simple mail user agent
ii makedev 2.3.1-77 creates device files in /dev
ii man-db 2.4.2-21 The on-line manual pager
ii manpages 1.70-1 Manual pages about using a GNU/Linux system
ii mawk 1.3.3-11 a pattern scanning and text processing langu
ii modutils 2.4.26-1.2 Linux module utilities
ii mount 2.12p-4sarge1 Tools for mounting and manipulating filesyst
ii nano 1.2.4-5 free Pico clone with some new features
ii ncurses-base 5.4-4 Descriptions of common terminal types
ii ncurses-bin 5.4-4 Terminal-related programs and man pages
ii net-tools 1.60-10 The NET-3 networking toolkit
ii netbase 4.21 Basic TCP/IP networking system
ii netkit-inetd 0.10-10 The Internet Superserver
ii nvi 1.79-22 4.4BSD re-implementation of vi
ii passwd 4.0.3-31sarge5 change and administer password and group dat
ii pciutils 2.1.11-15 Linux PCI Utilities
ii pcmcia-cs 3.2.5-10 PCMCIA Card Services for Linux
ii perl-base 5.8.4-8 The Pathologically Eclectic Rubbish Lister
ii ppp 2.4.3-20050321 Point-to-Point Protocol (PPP) daemon
ii pppconfig 2.3.11 A text menu based utility for configuring pp
ii pppoe 3.5-4 PPP over Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet driver
ii pppoeconf 1.7 configures PPPoE/ADSL connections
ii procps 3.2.1-2 The /proc file system utilities
ii psmisc 21.5-1 Utilities that use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 proc filesystem
ii sed 4.1.2-8 The GNU sed stream editor
ii slang1a-utf8 1.4.9dbs-8 The S-Lang programming library with utf8 sup
ii sysklogd 1.4.1-17 System Logging Daemon
ii sysv-rc 2.86.ds1-1 Standard boot mechanism using symlinks in /e
ii sysvinit 2.86.ds1-1 System-V like init
ii tar 1.14-2 GNU tar
ii tasksel 2.24 Tool for selecting tasks for installation on
ii tcpd 7.6.dbs-8 Wietse Venema's TCP wrapper utilities
ii telnet 0.17-29 The telnet client
ii usbutils 0.70-8 USB console utilities
ii util-linux 2.12p-4sarge1 Miscellaneous system utilities
ii wget 1.9.1-12 retrieves files from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web
ii whiptail 0.51.6-20 Displays user-friendly dialog boxes from she
ii zlib1g 1.2.2-4.sarge. compression library - runtime

That's pretty sparse. No SSH, no FTP client!

Here's my partioning scheme:

hacom:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda1 250M 52M 186M 22% /
tmpfs 245M 0 245M 0% /dev/shm
/dev/hda3 4.6G 33M 4.4G 1% /home
/dev/hda8 361M 8.1M 334M 3% /tmp
/dev/hda5 4.6G 122M 4.3G 3% /usr
/dev/hda6 2.8G 77M 2.6G 3% /var
/dev/hda4 216G 33M 205G 1% /vmware

The first packaged I added was SSH:

hacom:~# apt-get install ssh

After answering some sensible curses-based questions, I had SSH listening on port 22.

At this point I'm going to post my dmesg output here for those of you who want to know how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internals are recognized.

Linux version 2.4.27-2-386 (horms@tabatha.lab.ultramonkey.org)
(gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 Wed Aug 17 09:33:35 UTC 2005
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000001eff0000 (usable)
BIOS-e820: 000000001eff0000 - 000000001eff3000 (ACPI NVS)
BIOS-e820: 000000001eff3000 - 000000001f000000 (ACPI data)
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
495MB LOWMEM available.
On node 0 totalpages: 126960
zone(0): 4096 pages.
zone(1): 122864 pages.
zone(2): 0 pages.
ACPI: RSDP (v000 CLE266 ) @ 0x000f69b0
ACPI: RSDT (v001 CLE266 AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x1eff3000
ACPI: FADT (v001 CLE266 AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x1eff3040
ACPI: DSDT (v001 CLE266 AWRDACPI 0x00001000 MSFT 0x0100000e) @ 0x00000000
Kernel command line: root=/dev/hda1 ro
No local APIC present or hardware disabled
Initializing CPU#0
Detected 1002.300 MHz processor.
Console: colour VGA+ 80x25
Calibrating delay loop... 1998.84 BogoMIPS
Memory: 496364k/507840k available (1069k kernel code, 11088k reserved, 459k data, 96k init, 0k highmem)
Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Inode cache hash table entries: 32768 (order: 6, 262144 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
Page-cache hash table entries: 131072 (order: 7, 524288 bytes)
CPU: L1 I Cache: 64K (32 bytes/line), D cache 64K (32 bytes/line)
CPU: L2 Cache: 64K (32 bytes/line)
CPU: After generic, caps: 0381b83f 00000000 00000000 00000000
CPU: Common caps: 0381b83f 00000000 00000000 00000000
CPU: Centaur VIA Nehemiah stepping 08
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
Checking for popad bug... OK.
POSIX conformance testing by UNIFIX
ACPI: Subsystem revision 20040326
ACPI: Interpreter disabled.
PCI: PCI BIOS revision 2.10 entry at 0xfb400, last bus=3
PCI: Using configuration type 1
PCI: Probing PCI hardware
PCI: ACPI tables contain no PCI IRQ routing entries
PCI: Probing PCI hardware (bus 00)
PCI: Using IRQ router VIA [1106/3177] at 00:11.0
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
VFS: Disk quotas vdquot_6.5.1
devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options: 0x0
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with HUB-6 MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0x03f8 (irq = 4) is a 16550A
COMX: driver version 0.85 (C) 1995-1999 ITConsult-Pro Co.
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
Initializing Cryptographic API
NET4: Linux TCP/IP 1.0 for NET4.0
IP: routing cache hash table of 4096 buckets, 32Kbytes
TCP: Hash tables configured (established 32768 bind 65536)
Linux IP multicast router 0.06 plus PIM-SM
RAMDISK: cramfs filesystem found at block 0
RAMDISK: Loading 3692 blocks [1 disk] into ram disk... done.
Freeing initrd memory: 3692k freed
VFS: Mounted root (cramfs filesystem).
Freeing unused kernel memory: 96k freed
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
ide: late registration of driver.
VP_IDE: IDE controller at PCI slot 00:11.1
VP_IDE: chipset revision 6
VP_IDE: not 100% native mode: will probe irqs later
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
VP_IDE: VIA vt8235 (rev 00) IDE UDMA133 controller on pci00:11.1
ide0: BM-DMA at 0xee00-0xee07, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0xee08-0xee0f, BIOS settings: hdc:pio, hdd:pio
hda: WDC WD2500SB-01KBC0, ATA DISK drive
blk: queue df825b60, I/O limit 4095Mb (mask 0xffffffff)
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hda: attached ide-disk driver.
hda: 488397168 sectors (250059 MB) w/8192KiB Cache, CHS=30401/255/63, UDMA(33)
Partition check:
/dev/ide/host0/bus0/target0/lun0: p1 p2 < p5 p6 p7 p8 > p3 p4
Journalled Block Device driver loaded
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
Adding Swap: 1502036k swap-space (priority -1)
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,1), internal journal
SCSI subsystem driver Revision: 1.00
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,3), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,8), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,5), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,6), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,4), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Linux Kernel Card Services 3.1.22
options: [pci] [cardbus] [pm]
PCI: Found IRQ 11 for device 00:0c.0
PCI: Sharing IRQ 11 with 00:08.0
PCI: Sharing IRQ 11 with 00:10.0
PCI: Found IRQ 5 for device 00:0c.1
PCI: Sharing IRQ 5 with 00:09.0
PCI: Sharing IRQ 5 with 00:10.1
Yenta ISA IRQ mask 0x0008, PCI irq 11
Socket status: 30000006
Yenta ISA IRQ mask 0x0008, PCI irq 5
Socket status: 30000006
irda_init()
Intel(R) PRO/1000 Network Driver - version 5.2.52-k3
Copyright (c) 1999-2004 Intel Corporation.
PCI: Found IRQ 11 for device 00:08.0
PCI: Sharing IRQ 11 with 00:0c.0
PCI: Sharing IRQ 11 with 00:10.0
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
PCI: Found IRQ 5 for device 00:09.0
PCI: Sharing IRQ 5 with 00:0c.1
PCI: Sharing IRQ 5 with 00:10.1
e1000: eth1: e1000_probe: Intel(R) PRO/1000 Network Connection
PCI: Found IRQ 10 for device 00:0a.0
PCI: Sharing IRQ 10 with 00:10.2
PCI: Sharing IRQ 10 with 00:11.5
e1000: eth2: e1000_probe: Intel(R) PRO/1000 Network Connection
Via 686a/8233/8235 audio driver 1.9.1-ac3
PCI: Found IRQ 10 for device 00:11.5
PCI: Sharing IRQ 10 with 00:0a.0
PCI: Sharing IRQ 10 with 00:10.2
via82cxxx: Six channel audio available
PCI: Setting latency timer of device 00:11.5 to 64
ac97_codec: AC97 Audio codec, id: VIA97 (Unknown)
via82cxxx: board #1 at 0xEF00, IRQ 10
usb.c: registered new driver usbdevfs
usb.c: registered new driver hub
usb-uhci.c: $Revision: 1.275 $ time 09:50:48 Aug 17 2005
usb-uhci.c: High bandwidth mode enabled
PCI: Found IRQ 11 for device 00:10.0
PCI: Sharing IRQ 11 with 00:08.0
PCI: Sharing IRQ 11 with 00:0c.0
usb-uhci.c: USB UHCI at I/O 0xeb00, IRQ 11
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 1
hub.c: USB hub found
hub.c: 2 ports detected
PCI: Found IRQ 5 for device 00:10.1
PCI: Sharing IRQ 5 with 00:09.0
PCI: Sharing IRQ 5 with 00:0c.1
usb-uhci.c: USB UHCI at I/O 0xec00, IRQ 5
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 2
hub.c: USB hub found
hub.c: 2 ports detected
PCI: Found IRQ 10 for device 00:10.2
PCI: Sharing IRQ 10 with 00:0a.0
PCI: Sharing IRQ 10 with 00:11.5
usb-uhci.c: USB UHCI at I/O 0xed00, IRQ 10
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 3
hub.c: USB hub found
hub.c: 2 ports detected
usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
PCI: Found IRQ 7 for device 00:10.3
ehci_hcd 00:10.3: VIA Technologies, Inc. USB 2.0
ehci_hcd 00:10.3: irq 7, pci mem df9f5000
usb.c: new USB bus registered, assigned bus number 4
ehci_hcd 00:10.3: USB 2.0 enabled, EHCI 1.00, driver 2003-Dec-29/2.4
hub.c: USB hub found
hub.c: 6 ports detected
irda_init()
uhci.c: USB Universal Host Controller Interface driver v1.1
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001
e1000: eth0: e1000_watchdog: NIC Link is Up 100 Mbps Full Duplex
Real Time Clock Driver v1.10f
cs: IO port probe 0x0100-0x04ff: excluding 0x170-0x177 0x370-0x377 0x4d0-0x4d7
cs: IO port probe 0x0800-0x08ff: clean.
cs: IO port probe 0x0c00-0x0cff: clean.
cs: IO port probe 0x0a00-0x0aff: clean.

With that out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, we can talk about why I'm installing Debian on this box. I'd like to run VMware Server Beta on it. Sure, Debian is not an officially supported platform, but I read this post from a few days ago and thought "this can work."

The original post that gave me hope to run VMware Server Beta on Debian mentioned cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 requirement to add several packages. I added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following. Note that I use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 correct package names, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post does not.

hacom:~# apt-get install kernel-source-2.4.27
hacom:~# apt-get install kernel-headers-2.4.27-2-386
hacom:~# apt-get install build-essential

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se packages installed, I set up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel files as outlined in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post.

hacom:/usr/src# bzip2 -d kernel-source-2.4.27.tar.bz2
hacom:/usr/src# tar -xf kernel-source-2.4.27.tar
hacom:/usr/src# ln -s kernel-source-2.4.27 linux
hacom:/usr/src# mv /usr/src/kernel-source-2.4.27/include /usr/src/kernel-source-2.4.27/include.orig
hacom:/usr/src# ln -s /usr/src/kernel-headers-2.4.27-2-386/include /usr/src/kernel-source-2.4.27/include

Now I was ready to extract cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware archives and try installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

hacom:/tmp# cd /usr/local/src
hacom:/usr/local/src# ls
VMware-mui-e.x.p-22088.tar.gz VMware-server-e.x.p-22088.tar.gz
hacom:/usr/local/src# tar -xzf VMware-server-e.x.p-22088.tar.gz
hacom:/usr/local/src# cd vmware-server-distrib/
hacom:/usr/local/src/vmware-server-distrib# ls
FILES bin doc etc installer lib man sbin vmware-install.pl
hacom:/usr/local/src/vmware-server-distrib# ./vmware-install.pl
Creating a new installer database using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar3 format.

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary files?
[/usr/bin]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init directories (rc0.d/ to rc6.d/)?
[/etc]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init scripts?
[/etc/init.d]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 daemon files?
[/usr/sbin]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 library files?
[/usr/lib/vmware]

The path "/usr/lib/vmware" does not exist currently. This program is going to
create it, including needed parent directories. Is this what you want? [yes]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manual files?
[/usr/share/man]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation files?
[/usr/share/doc/vmware]

The path "/usr/share/doc/vmware" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want?
[yes]

The installation of VMware Server e.x.p build-22088 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-uninstall.pl".

Before running VMware Server for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, you need to configure it by
invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-config.pl". Do you want this
program to invoke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command for you now? [yes]

The correct version of one or more libraries needed to run VMware Server may be
missing. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output of ldd /usr/bin/vmware:
libm.so.6 => /lib/libm.so.6 (0x4001a000)
libdl.so.2 => /lib/libdl.so.2 (0x4003c000)
libpthread.so.0 => /lib/libpthread.so.0 (0x4003f000)
libX11.so.6 => not found
libXtst.so.6 => not found
libXext.so.6 => not found
libXt.so.6 => not found
libICE.so.6 => not found
libSM.so.6 => not found
libXrender.so.1 => not found
libz.so.1 => /usr/lib/libz.so.1 (0x40092000)
libc.so.6 => /lib/libc.so.6 (0x400a4000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

This program cannot tell for sure, but you may need to upgrade libc5 to glibc
before you can run VMware Server.

Hit enter to continue.

At this point I knew I had a problem. I didn't like seeing all of those "not found" messages, so I aborted and added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 necessary packages.

hacom:~# apt-get install libx11-6
hacom:~# apt-get install libxtst6
hacom:~# apt-get install libxt6
hacom:~# apt-get install libxrender1

When I later ran into trouble starting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web-based interface to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server, I realized I needed to add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se packages too:

hacom:~# apt-get install libdb2
hacom:~# apt-get install libxi6

Now I was ready to try installing VMware Server again.

hacom:/usr/local/src/vmware-server-distrib# ./vmware-install.pl

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary files?
[/usr/bin]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init directories (rc0.d/ to rc6.d/)?
[/etc]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init scripts?
[/etc/init.d]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 daemon files?
[/usr/sbin]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 library files?
[/usr/lib/vmware]

The path "/usr/lib/vmware" does not exist currently. This program is going to
create it, including needed parent directories. Is this what you want? [yes]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manual files?
[/usr/share/man]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation files?
[/usr/share/doc/vmware]

The path "/usr/share/doc/vmware" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want?
[yes]

The installation of VMware Server e.x.p build-22088 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-uninstall.pl".

Before running VMware Server for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, you need to configure it by
invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-config.pl". Do you want this
program to invoke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command for you now? [yes]

Making sure services for VMware Server are stopped.

Stopping VMware services:
Virtual machine monitor done
Bridged networking on /dev/vmnet0 done
DHCP server on /dev/vmnet1 done
Host-only networking on /dev/vmnet1 done
Bridged networking on /dev/vmnet2 done
Bridged networking on /dev/vmnet3 done
DHCP server on /dev/vmnet8 done
NAT service on /dev/vmnet8 done
Host-only networking on /dev/vmnet8 done
Virtual ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet done

You must read and accept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 End User License Agreement to continue.
Press enter to display it.
...omitted...
Do you accept? (yes/no) yes

Thank you.

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mime type icons?

Do you accept? (yes/no) yes

Thank you.

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mime type icons?
[/usr/share/icons]

The path "/usr/share/icons" does not exist currently. This program is going to
create it, including needed parent directories. Is this what you want? [yes]

What directory contains your desktop menu entry files? These files have a
.desktop file extension. [/usr/share/applications]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 application's icon?
[/usr/share/pixmaps]

Trying to find a suitable vmmon module for your running kernel.

None of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pre-built vmmon modules for VMware Server is suitable for your
running kernel. Do you want this program to try to build cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmmon module for
your system (you need to have a C compiler installed on your system)? [yes]

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 location of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory of C header files that match your running
kernel? [/lib/modules/2.4.27-2-386/build/include]

Extracting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sources of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmmon module.

Building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmmon module.

Using standalone build system.
make: Entering directory `/tmp/vmware-config0/vmmon-only'
make[1]: Entering directory `/tmp/vmware-config0/vmmon-only'
make[2]: Entering directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[2]: Leaving directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[2]: Entering directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[2]: Leaving directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[1]: Leaving directory `/tmp/vmware-config0/vmmon-only'
make: Leaving directory `/tmp/vmware-config0/vmmon-only'
The module loads perfectly in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 running kernel.

You have already setup networking.

Would you like to skip networking setup and keep your old settings as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are?
(yes/no) [yes]

I'm cheating here because I don't have output from my first run, where I set up networking. All I originally did was set up eth0 as a bridge for vmnet0. I set up eth1 as a bridge for vmnet2, and I also bridged eth2.

Extracting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sources of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmnet module.

Building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmnet module.

Using standalone build system.
make: Entering directory `/tmp/vmware-config0/vmnet-only'
make: Leaving directory `/tmp/vmware-config0/vmnet-only'
The module loads perfectly in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 running kernel.

/etc/init.d/httpd.vmware: line 120: status: command not found
Please specify a port for remote console connections to use [902]

Restarting internet superserver: inetd.
Configuring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API.

Building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API.

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API.

The installation of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API succeeded.

Do you want this program to set up permissions for your registered virtual
machines? This will be done by setting new permissions on all files found in
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "/etc/vmware/vm-list" file. [no]

Generating SSL Server Certificate

In which directory do you want to keep your virtual machine files?
[/vmware]

Do you want to enter a serial number now? (yes/no/help) [no]

Starting VMware services:
Virtual machine monitor done
Virtual ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet done
Bridged networking on /dev/vmnet0 done
Host-only networking on /dev/vmnet1 (background) done
Bridged networking on /dev/vmnet2 done
Bridged networking on /dev/vmnet3 done
Host-only networking on /dev/vmnet8 (background) done
NAT service on /dev/vmnet8 done
Starting VMware virtual machines... done

The configuration of VMware Server e.x.p build-22088 for Linux for this running
kernel completed successfully.

Now I was ready to set up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Management Interface.

hacom:/usr/local/src/vmware-server-distrib# cd ..
hacom:/usr/local/src# ls
VMware-mui-e.x.p-22088.tar.gz VMware-server-e.x.p-22088.tar.gz vmware-mui-distrib vmware-server-distrib
hacom:/usr/local/src# cd vmware-mui-distrib/
hacom:/usr/local/src/vmware-mui-distrib# ls
bin console-distrib doc etc mui vmware-install.pl
hacom:/usr/local/src/vmware-mui-distrib# ./vmware-install.pl
A previous installation of VMware software has been detected.

The previous installation was made by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar installer (version 3).

Keeping cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar3 installer database format.

Uninstalling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar installation of VMware Management Interface.

Shutting down http.vmware: done

This program previously created cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory /var/log/vmware-mui, and was about
to remove it. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are files in that directory that this program did not
create, it will not be removed.

The removal of VMware Management Interface e.x.p build-22088 for Linux completed
successfully. Thank you for having tried this software.

You must read and accept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 End User License Agreement to continue.
Press enter to display it.
...omitted...
Do you accept? (yes/no) yes

Thank you.

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary files?
[/usr/bin]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init directories (rc0.d/ to rc6.d/)?
[/etc]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init scripts?
[/etc/init.d]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Management Interface files?
[/usr/lib/vmware-mui]

The path "/usr/lib/vmware-mui" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want?
[yes]

In which directory would you like to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation files?
[/usr/lib/vmware-mui/doc]

The path "/usr/lib/vmware-mui/doc" does not exist currently. This program is
going to create it, including needed parent directories. Is this what you want?
[yes]

The installation of VMware Management Interface e.x.p build-22088 for Linux
completed successfully. You can decide to remove this software from your system
at any time by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
"/usr/bin/vmware-uninstall-mui.pl".

Before running VMware Management Interface for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, you need to
configure it by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-config-mui.pl".
Do you want this program to invoke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command for you now? [yes]

Configuring httpd.conf to run Apache as:
User: www-data and Group: nogroup

Set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of minutes before a http session times out. (This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 length
of time before someone connecting to VMware Management Interface will be logged
out) [60]

Generating SSL Server Certificate

Starting httpd.vmware: done

Installation of VMware Management Interface was successful

The configuration of VMware Management Interface completed successfully.

Now I had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware components running:

hacom:~# netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN 3192/inetd
tcp 0 0 0.0.0.0:8333 0.0.0.0:* LISTEN 1528/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1443/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1409/exim4
tcp 0 0 0.0.0.0:8222 0.0.0.0:* LISTEN 1528/httpd
tcp 0 300 192.168.2.18:22 192.168.2.5:1957 ESTABLISHED2580/sshd: richard

hacom:~# ps -ef | grep vm
www-data 1528 1 0 13:52 ? 00:00:02 /usr/lib/vmware-mui/apache/bin/httpd
-DSSL -DSSL_ONLY -DGSX -d /usr/lib/vmware-mui/apache
root 3322 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-bridge
-d /var/run/vmnet-bridge-0.pid /dev/vmnet0 eth0
root 3330 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-bridge
-d /var/run/vmnet-bridge-2.pid /dev/vmnet2 eth1
root 3334 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-bridge
-d /var/run/vmnet-bridge-3.pid /dev/vmnet3 eth2
root 3342 1 0 15:05 ? 00:00:00 /usr/bin/vmnet-natd
-d /var/run/vmnet-natd-8.pid -m /var/run/vmnet-natd-8.mac
-c /etc/vmware/vmnet8/nat/nat.conf
root 3348 1 1 15:05 ? 00:00:02 /usr/sbin/vmware-serverd -s -d
root 3413 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-netifup
-d /var/run/vmnet-netifup-vmnet1.pid /dev/vmnet1 vmnet1
root 3421 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-netifup
-d /var/run/vmnet-netifup-vmnet8.pid /dev/vmnet8 vmnet8
root 3437 1 0 15:05 ? 00:00:00 /usr/bin/vmnet-dhcpd
-cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases
-pf /var/run/vmnet-dhcpd-vmnet1.pid vmnet1
root 3439 1 0 15:05 ? 00:00:00 /usr/bin/vmnet-dhcpd
-cf /etc/vmware/vmnet8/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet8/dhcpd/dhcpd.leases
-pf /var/run/vmnet-dhcpd-vmnet8.pid vmnet8

When I tried to start a VM, however, I saw cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following in /var/log/vmware/vmware-serverd.log:

Mar 21 12:14:37: app| Attempting to launch vmx : /vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| New connection on socket server-vmxvmdb from host
localhost (ip address: local) , user: root
Mar 21 12:14:38: app| Connection from : /vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| Setting up autoDetect info.
Mar 21 12:14:38: app| VMServerdConnect: connecting to /vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| VMControl: Unexpected response from vmware-authd
(Error connecting to /usr/lib/vmware/bin/vmware-vmx process.)
Mar 21 12:14:38: app| vmserverd: Could not connect to virtual machine
/vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx:
Unexpected response from vmware-authd:
Error connecting to /usr/lib/vmware/bin/vmware-vmx process.
Mar 21 12:14:38: app| Failed to connect to vm:
/vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| VmsdCmd Command error: Operation failed to change
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 expected power state

Oh for Pete's sake. What could be wrong?

I looked closer at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logs and saw this:

Mar 21 12:07:45: app| HOSTINFO: Unknown CPU vendor "CentaurHauls" seen.
Mar 21 12:07:45: app| Failed to get information about CPUs.

In dmesg output I saw something similar:

/dev/vmmon[3301]: VMMON CPUID: Unrecognized CPU

This gave me enough for a better search in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware forums, where I found this post. Basically, VMware Server does not run on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Nehemiah CPU in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hacom.

Here's my /proc/cpuinfo:

hacom:/var/log/vmware# cat /proc/cpuinfo
processor : 0
vendor_id : CentaurHauls
cpu family : 6
model : 9
model name : VIA Nehemiah
stepping : 8
cpu MHz : 1002.300
cache size : 64 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr sep mtrr pge cmov pat mmx fxsr sse xstore
bogomips : 1998.84

At this point my project is stalled. I don't see a workaround. Maybe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final version will run on this box.

Monday, January 09, 2006

Impressive Debian Upgrade

I've previously posted about running Debian on my October 1994-era 90 MHz Pentium Quantex QP5/90 PM-3 with 80 MB RAM. I hadn't booted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box since June 2004. Today while reading a book on Debian I decided to try upgrading to Debian stable, also known as sarge or 3.1 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment.

When I started cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process, this was my uname output:

Linux oates 2.4.18-1-386 #1 Wed Apr 14 17:34:59 UTC 2004 i586 GNU/Linux


This is all I had to do:

cat /etc/apt/sources.list

deb http://ftp.us.debian.org/debian sarge main non-free contrib
deb http://non-us.debian.org/debian-non-US sarge/non-US main contrib non-free

# apt-get update

# apt-get --show-upgraded upgrade
Building Dependency Tree... Done
The following packages have been kept back:
honeyd libldap2 libopencdk8 lilo mutt
The following packages will be upgraded:
adduser apt apt-utils aptitude ash base-config base-files base-passwd bash
...edited...
util-linux wget whiptail zlib1g
125 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 42.9MB of archives.
After unpacking 4365kB of additional disk space will be used.
Do you want to continue? [Y/n]
...

# apt-get dist-upgrade
# apt-cache search kernel-image-2.4
...edited...
kernel-image-2.4.27-2-386 - Linux kernel image for version 2.4.27 on 386
kernel-image-2.4.27-2-586tsc - Linux kernel image for version 2.4.27 on Pentium-
Classic
kernel-image-2.4.27-2-686 - Linux kernel image for version 2.4.27 on PPro/Celero
n/PII/PIII/P4
...
# apt-get install kernel-image-2.4.27-2-386

At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process I added a line to /etc/kernel-img.conf to address a warning I didn't need to see in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future.

echo "do_initrd = Yes" >> /etc/kernel-img.conf

When I was done, this was my uname output:

Linux oates 2.4.27-2-386 #1 Wed Aug 17 09:33:35 UTC 2005 i586 GNU/Linux
$ cat /etc/debian_version
3.1

These steps happened without any problems. I was prompted to answer a few questions along cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, but accepting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 defaults in each case was sufficient. The process only took a few hours. I am very impressed. Debian seems like an excellent choice for ancient hardware.

Monday, January 02, 2006

Default Services in Debian

This morning I started reading Debian GNU/Linux 3.1 Bible by Benjamin Mako Hill, David B. Harris and Jaldhar Vyas. I installed Debian 3.1r1 in a VM. I did not select any software packages. When done, this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 netstat output I saw:

richard@debian:~$ netstat -na -A inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:819 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:813 0.0.0.0:*
udp 0 0 0.0.0.0:816 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*

Am I seriously seeing portmapper (111 TCP, UDP) listening? Port 113 TCP is ident. I used lsof to discover that rpc.statd was opening ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r ports I didn't recognize:

debian:~# lsof | grep IPv4 | grep 81
rpc.statd 2757 root 4u IPv4 13603 UDP *:813
rpc.statd 2757 root 5u IPv4 13612 UDP *:816
rpc.statd 2757 root 6u IPv4 13616 TCP *:819 (LISTEN)

I do not see any reason for a system installed in 2006 to have portmapper or rpc.statd enabled by default.

Wednesday, July 06, 2005

Linux on Non-Intel Hardware

I bought two "exotic" boxes two years ago to help me learn non-BSD, non-Linux, yet UNIX-like operating systems. A visit to my BejNet page shows I own a HP Visualize B2000 workstation and an IBM RS/6000 7043 43p (aka 7043-150) workstation. I bought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first to learn HP-UX and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second AIX. Aside from some puttering, I never did much with eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r and my original need to become familiar with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se declining market share operating systems decreased.

To get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se systems doing something more useful, I decided to replace each OS with a version of Linux. Neicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r was supported by NetBSD, although I did try to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NetBSD prep port (which is supposed to support CHRP and PReP) on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RS/6000. I couldn't get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NetBSD CD to boot on it, so I turned to Linux.

First I tried cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian hppa port on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 HP box. I was able to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CD to boot, but to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel loaded I had to enter cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 HP IPL and follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se three handy hints to set

ramdisk_size=32768

in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel boot parameters. Once I did that, I was able to get Debian running without a problem.

thornton:~# uname -a
Linux thornton 2.6.8-2-32-smp #1 SMP Mon Feb 7 22:19:10 EST 2005 parisc GNU/Linux

That rocks. Then it was time for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 RS/6000. This turned in to a much bigger project, and I almost gave up running anything ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than AIX on this beast. I found several posts in late 2004 in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 debian-powerpc mailing list about Linux on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 43p, and supposedly Ubuntu supports cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 43p too. Eventually I came across this post about CentOS and I knew I hit paydirt. Following Pasi Pirhonen's directions, I told my RS/6000 where to find my bootable CentOS CD and to send its output to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 serial console. In no time I had CentOS running on my RS/6000:

[root@murray ~]# uname -a
Linux murray 2.6.9-5.0.3.102.EC #1 Sun Mar 6 18:32:26 EET 2005 ppc ppc
ppc GNU/Linux
[root@murray ~]# cat /etc/redhat-release
CentOS release 4.0 (Final)

I had one problem: cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 passwd command did not work.

[root@murray ~]# passwd richard
passwd: error while loading shared libraries: liblaus.so.1: cannot open
shared object file: No such file or directory
[root@murray ~]# ldd /usr/bin/passwd
libuser.so.1 => /usr/lib/libuser.so.1 (0x0ffcb000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x0ff7e000)
libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x0ff16000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x0fef2000)
libdl.so.2 => /lib/libdl.so.2 (0x0fece000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x0fe1d000)
libpopt.so.0 => /usr/lib/libpopt.so.0 (0x0fdf4000)
libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x0fdd0000)
liblaus.so.1 => not found
libselinux.so.1 => /lib/libselinux.so.1 (0x0fda0000)
libc.so.6 => /lib/tls/libc.so.6 (0x0fc43000)
libpam.so.0 => /lib/libpam.so.0 (0x0fc1a000)
/lib/ld.so.1 (0x30000000)

John Hughes kindly replied to a post I made and told me to chat in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 centos-ppc room in irc.freenode.net. There I was advised to try this:

[root@murray ~]# rpm -ve --nodeps passwd.ppc
[root@murray ~]# rpm -Uvh http://beta.centos.org/centos/4.1beta/os/ppc/CentOS/RPMS/passwd-0.68-10.ppc.rpm
Retrieving http://beta.centos.org/centos/4.1beta/os/ppc/CentOS/RPMS/passwd-0.68-10.ppc.rpm
Preparing... ########################################### [100%]
1:passwd ########################################### [100%]
[root@murray ~]# passwd richard
Changing password for user richard.
New UNIX password:
Retype new UNIX password:
passwd: all aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication tokens updated successfully.

As you can see, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new passwd binary brought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 libraries it needed.

[root@murray ~]# ldd /usr/bin/passwd
libuser.so.1 => /usr/lib/libuser.so.1 (0x0fe10000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x0fd30000)
libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x0f910000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x0f8f0000)
libdl.so.2 => /lib/libdl.so.2 (0x0fe60000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x0f9c0000)
libpopt.so.0 => /usr/lib/libpopt.so.0 (0x0fa70000)
libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x0fe40000)
libselinux.so.1 => /lib/libselinux.so.1 (0x0fd00000)
libc.so.6 => /lib/tls/libc.so.6 (0x0fe80000)
libpam.so.0 => /lib/libpam.so.0 (0x0fd80000)
/lib/ld.so.1 (0x0ffd0000)

In IRC John told me that he and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r CentOS developers are working to support cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CentOS ppc port, which means cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will release a 4.1 version soon and provided updated rpms. There is also a forum for centos-ppc users.

Thanks to both cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian and CentOS teams for making this old hardware useful again!

By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "baby Tux" is no dig at Linux. That's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logo on a Thinkgeek shirt my wife bought my daughter for Facá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r's Day. :)

Monday, April 11, 2005

News from BSD Land

I have several short stories to report from BSD land. First, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DragonFly BSD project released DragonFly BSD 1.2 last Friday. DragonFly BSD is a continuation of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD 4.x branch by a separate development team. I downloaded and tried cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new release, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 single .iso boots as a live CD. This is a nice feature, as it lets you test your hardware's compatibility before installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS. I have no plans to run this OS in production, but I might deploy a test system in my lab.

Did you ever wonder why certain Linux users are so adamant about calling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir OS "GNU/Linux"? This is especially true of Debian users. To understand why, you should understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 history of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GNU HURD kernel. The HURD was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original kernel on which free software would run. The HURD wasn't making much progress when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel arrived, so people starting running GNU utilities on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel. People who remembered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 HURD kernel and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 importance of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GNU utilities prefer to say "GNU/Linux," to differentiate that setup from "GNU/HURD."

Today I saw that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian GNU/kFreeBSD project is making progress. This is a system where GNU userland tools run on top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD kernel, specifically 5.3 RELEASE. Yesterday a live CD for version 1.1 of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project appeared here. The installation instructions don't seem too complicated. The Gentoo/*BSD project is a similar endeavor, except cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have not yet released any files.

To those who ask "why?", I reply "why not?" Should enough people decide cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y do not like additional Linux kernel development problems, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y could try replacing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel with FreeBSD. I think it makes more sense for converts to simply run FreeBSD, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BSDs' userlands are more tightly integrated with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel than Linux. Still, projects like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se extend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 envelope of operating system understanding and show innovation.

Thursday, February 03, 2005

A Closer Look at Linux Kernel Development

Last month I wrote a blog entry titled Linux Kernel Development Problems in response to discoveries of new Linux kernel vulnerabilities. I wondered what people were saying about possibly forking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel to start a 2.7 branch. I found a fascinating thread from last month with subject starting with 2.7 on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 linux-kernel mailing list. In my previous article I cited Ted T'so's contribution to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 thread. Here are a few ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r thoughts on Linux kernel development from that discussion. (For background on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Linux development model, check here and here.)

My take is simple: I prefer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD development process. I avoid 6.0 CURRENT, except for lab test systems, because I know it has zero guarantee of stability. I play with 5.3 STABLE to see what might appear in FreeBSD 5.4. On production systems I run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "security" branch, which only has bug fixes and critical fixes (few are far between, in my experience).

For Linux, I would like to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old development model resurrected, as it mirrors this approach. The 2.5.z kernel was "CURRENT." The 2.4.z kernel was "STABLE." There wasn't really a "security" branch, but I like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea of incrementing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 .z to address security flaws.

Here is a sample of what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 linux-kernel thread posters had to say.

I agree with Bill Davidsen who writes:

"Several of us have suggested that only security fixes and fixes for bugs which resulting in crashes, hangs, filesystem damage and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 like be backported to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.6.N until 2.6.N+1 is released. No new drivers, schedulers (unless cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old one breaks), just fixes."

Adrian Bunk demonstrates that a lot of changes are being made:

"The 2.6.9 -> 2.6.10 patch is 28 MB, and while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes that went into 2.4 were limited since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most invasive patches were postponed for 2.5, now _all_ patches go into 2.6 ."

Alan Cox lets cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world know what he thinks of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.6.9 kernel:

"After 2.6.9-ac its clear that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 long 2.6.9 process worked very badly. While 2.6.10 is looking much better its long period meant cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 allegedly 'official' base kernel was a complete pile of insecure donkey turd for months. That doesn't hurt most vendor users but it does hurt those trying to do stuff on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 base kernels very badly."

Ted T'so opines that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.4 kernel wasn't as stable as everyone seems to remember:

"You have *got* to be kidding. In my book at least, 2.4 ranks as one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 less successful stable kernel series, especially as compared against 2.2 and 2.0. 2.4 was far less stable, and a vast number of patches that distributions were forced to apply in an (only partially successful) attempt to make 2.4 stable meant that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are some 2.4-based distributions where you can't even run with a stock 2.4 kernel from kernel.org. Much of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reputation that Linux had of a rock-solid OS that never crashed or locked up that we had gained during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.2 days was tarnished by 2.4 lockups, especially in high memory pressure situations."

Dave Jones from Red Hat posts a Linux distributors point of view. I recommend reading his whole post.

"The delta between 2.6.9 -> 2.6.10 was around 4000 changesets. Cherry picking csets to backport to 2.6.9 at this rate of change is nigh on impossible. You /will/ miss stuff...

So now we're at our 2.6.9-ac+a few dozen 2.6.10 csets and all is happy with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world. Except for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 regressions. As an example, folks upgrading from Fedora core 2, with its 2.6.8 kernel found that ACPI no longer switched off cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir machines for example. Much investigation went into trying to pin this down. Kudos to Len Brown and team for spending many an hour staring into bug reports on this issue, but ultimately cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cause was never found.

It was noted by several of our users seeing this problem that 2.6.10 no longer exhibits this flaw. Yet our 2.6.9-ac+backports+every-2.6.10-acpi-cset also was broken. It's likely Fedora will get a 2.6.10 based update before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fault is ever really found for a 2.6.9 backport.

This is just one example of a regression that crept in unnoticed, and got fixed almost by accident. (If it was intentionally fixed, we'd know which patches we needed to backport 8-)"

Felipe Alfaro Solana explains kernel tracking exhaustion:

"I would like to comment in that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue is not exclusively targeted to stability, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ability to keep up with kernel development."

Arjan van de Ven believes working on a single code base (2.6) is better than working on 2.7 and 2.6:

"as long as more things get fixed than new bugs introduced (and that still seems to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case) things only improve in 2.6.

The joint approach also has major advantages, even for quality: All testing happens on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same codebase. Previously, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 testing focus was split between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stable and unstable branch, to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 detriment of *both*."

David Lang doesn't care so much about kernel quality, since it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user's responsibility to test it prior to production:

"Sorry, I've been useing kernel.org kernels since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.0 days and even within a stable series I always do a full set of tests before upgrading. every single stable series has had 'paper bag' releases, and every single one has had fixes to drivers that have ended up breaking those drivers.

cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only way to know if a new kernel will work on your hardware is to try it. It doesn't matter if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 upgrade is from 2.4.24 to 2.4.25 or 2.6.9 to 2.6.10 or even 2.4.24 to 2.6.10

anyone who assumes that just becouse cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel is in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stable series cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can blindly upgrade cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir production systems is just dreaming."

Bill Davidsen explains why Linux distros make money:

"There is a reason why people pay big bucks to Redhat (and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs) for a five year contract to back port cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bug fixes to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original kernel and software. Barring some huge change I need, I expect to run AS3.0 for four more years for one application, 'learning experiences' are not a good thing."

Jesper Juhl lives at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stability extreme:

"Every morning when I turn on my machine I grab cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest -bk, build it with my usual config, install that kernel and reboot, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n use that as my "kernel of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day". I do this on both my home and work box (well, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 work box only does this on mondays) and I've had very little trouble so far."

Richard Moser points out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's more than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.4 and 2.6 kernels at play:

"The latest 2.0 version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel is: 2.0.40 2004-02-08 07:13 UTC F V VI Changelog

You have FOUR. 2.6, 2.4, 2.2, 2.0

In my scheme it's time to let go of 2.0; support moves to 2.6, 2.4, 2.2. ~ Development goes to 2.7, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same way cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2.6 model is done now (so that it's always usable and needs no feature freeze etc before release).
~ In 6 months, 2.2 support is dropped, support moves to 2.8, 2.4, 2.2 with development on 2.9. Support includes bugfixes (security and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise) only."

A recurring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365me that I don't specifically cite is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 burden on those who bundle distros. Several posters implied that it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 responsibility of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 distro developers to patch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vanilla kernels into shape for release in Red Hat and so on. Those running vanilla kernels are more or less expected to handle problems cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves. I don't think this is an appropriate answer, but I guess it is realisitc.

Monday, January 10, 2005

Linux Kernel Development Problems

Today's Slashdot features Security Holes Draw Linux Developers' Ire. Essentially cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GRSecurity Linux security patch developers are upset about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lack of response to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir discovery of Linux kernel vulnerabilities. This article by Brad Spengler features cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 31337 technique used to find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 holes:

"Using 'advanced static analysis':

cd drivers; grep copy_from_user -r ./* |grep -v sizeof

I discovered 4 exploitable vulnerabilities in a matter of 15 minutes. More vulnerabilities were found in 2.6 than in 2.4. It's a pretty sad state of affairs for Linux security when someone can find 4 exploitable vulnerabilities in a matter of minutes."

I am disappointed that this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case. I am not a kernel developer so I won't comment on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difficulties associated with removing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sorts of vulnerabilities. However, some of those that are kernel developers do not seem to be heeding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 warnings in books like Building Secure Software, which I reviewed last week. This is an unfortunate indictment of part of our software engineering community, especially when Linux is being deployed in ever more important places.

More disturbing for me was this email from kernel developer Ted Ts'o in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 linux-kernel mailing list:

"Not all 2.6.x kernels will be good; but if we do releases every 1 or 2 weeks, some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m *will* be good."

I could be accused of taking this out of context, but to me this sort of thinking is not what I want to hear associated with a kernel called stable. This is exactly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Slashdot commentator who brought this email to my attention. I saw cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same mentality in The Hacker Ethic, where ESR criticizes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BSD development model:

BSD is "carefully coordinated... by a relatively small, tightly knit group of people" [in comparison with Linux, where] quality was maintained not by rigid standards or autocracy but by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 naively simple strategy of releasing every week and getting feedback."

I prefer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BSD model, where users and administrators know that CURRENT is bleeding edge and STABLE is more or less that -- "stable." Those that need even more "stability" can track a security release, where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 primary changes are security fixes and critical bux fixes.

I think if we continue to see this sort of development process, Linux vendors will have no choice but to heavily patch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "vanilla" Linux kernel and provide that patched version in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir distros. They of course can do that, but I believe such patching contributes to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fragmentation of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux community. That increases cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 level of difficulty of writing projects like l7-filter, which itself requires patches for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel to operate.