[Nottingham] Magazine distros
Martin
martin at ml1.co.uk
Sun May 9 23:45:22 BST 2004
Martin wrote:
>> From: Michael Leuty <mike at leuty.net>
> [...]
>> On Sat, 2004-05-01 at 13:10, Martin wrote:
>>
>>> Later, I may be 'offline' for 'some time'...
>>
>> How did the conversion to Mandrake 10.0 go?
>>
>> (If you're still there, Martin L...)
>
> ... Still in progress!
>
> Took less than 30mins to very easily install all the standard stuff
> (Mandrake 10.0.1 aka "Official"). Far too easy. Autodetected my
[...]
> What does take up a lot of time is adding all the old customisations
[...]
Now back fully online and pretty much tweaked up. Also bashed up...
Got caught out by /etc/hosts.allow and unrelatedly by the crazy
crossings of the ftp 'active' vs 'pasive' crossings stuff on the firewall.
Now to try out my bash installation tweaks on two more installs.
The record install time has been less than 10 mins from bare partition
to getting online. The worst has been my own machine!!!
And the default fonts are just fantastic! Far better than some of the
propriatary junk I've suffered.
Also added another quote or two to my quotes file:
####
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d7:5a:ee:68:a8:eb:88:ac:34:2d:fb:34:c4:49:55:da.
Please contact your system administrator.
Add correct host key in /home/XXX/.ssh/known_hosts to get rid of this
message.
Offending key in /home/XXX/.ssh/known_hosts:5
Password authentication is disabled to avoid man-in-the-middle attacks.
X11 forwarding is disabled to avoid man-in-the-middle attacks.
Permission denied (...).
- Trying a ssh login after upgrading linux on the host PC
####
(Yes, very nasty, I'd inflicted Mandrake 10 onto the poor machine (:-))
The best of the options I've seen has just got to be this one for shorewall:
####
#
# FOR ADMINS THAT REPEATEDLY SHOOT THEMSELVES IN THE FOOT
#
# Normally, when a "shorewall stop" command is issued or an error occurs
during
# the execution of another shorewall command, Shorewall puts the
firewall into
# a state where only traffic to/from the hosts listed in
# /etc/shorewall/routestopped is accepted.
#
# When performing remote administration on a Shorewall firewall, it is
# therefore recommended that the IP address of the computer being used for
# administration be added to the firewall's /etc/shorewall/routestopped
file.
#
# Some administrators have a hard time remembering to do this with the
result
# that they get to drive across town in the middle of the night to restart
# a remote firewall (or worse, they have to get someone out of bed to drive
# across town to restart a very remote firewall).
#
# For those administrators, we offer ADMINISABSENTMINDED=Yes. With this
setting,
# when the firewall enters the 'stopped' state:
#
# All traffic that is part of or related to established connections is still
# allowed and all OUTPUT traffic is allowed. This is in addition to traffic
# to and from hosts listed in /etc/shorewall/routestopped.
#
# If this variable is not set or it is set to the null value then
# ADMINISABSENTMINDED=No is assumed.
#
ADMINISABSENTMINDED=Yes
####
That makes four installs over the weekend, and counting.
All good fun!
(:-))
Martin
Mandrake 10.0.1 ('Official Powerpack') GNU Linux
with STONKIN' GOOD FONTS!!!
--
----------------
Martin Lomas
martin at ml1.co.uk
----------------
More information about the Nottingham
mailing list