[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] mysql on RAQXtr

Subject: [cobalt-users] mysql on RAQXtr
From: "Husband, John (Infolink)" <jhusband@xxxxxxxxxxxx>
Date: Thu Feb 6 15:40:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I learned that you can un tar the MYSQL.pkg file from pkgmaster.com .
Then run the rpm.  Rpm -Uvh mysql.etc

This works great!  My understanding is that one of the problems with the
XTR is pkg files just don't seem to work sometimes.  But since a PKG
file is mostly a tar'ed rpm with a new extention, one can reverse the
process manually.

Gluck,

-John

BTW That's to Richard Kurth of www.directphp.com for learning me this
trick!

-----Original Message-----
From: cobalt-users-request@xxxxxxxxxxxxxxx
[mailto:cobalt-users-request@xxxxxxxxxxxxxxx] 
Sent: Thursday, February 06, 2003 3:00 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: cobalt-users digest, Vol 1 #5598 - 8 msgs

Send cobalt-users mailing list submissions to
	cobalt-users@xxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	http://list.cobalt.com/mailman/listinfo/cobalt-users
or, via email, send a message with subject or body 'help' to
	cobalt-users-request@xxxxxxxxxxxxxxx

You can reach the person managing the list at
	cobalt-users-admin@xxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cobalt-users digest..."


Today's Topics:

   1. What ports shouldnt be closed (Robbert Hamburg (HaVa Web- &
Procesdesign))
   2. Re: What ports shouldnt be closed (Bruce Timberlake)
   3. RE: What ports shouldn't be closed (BSmith@xxxxxxxxxxx)
   4. Re: Re: What ports shouldnt be closed (Robbert Hamburg (HaVa Web-
& Procesdesign))
   5. Re: Meaning of: www sshd[11208]: warning: /etc/hosts.deny, line
103: can't verify hostname (Charles Teton)
   6. Re: Re: What ports shouldnt be closed (E.B. Dreger)
   7. RE: mysql 3.23.54 pkg from pkgmaster.com corrupt??? (Brian
Dowding)
   8. RE: What ports shouldn't be closed (E.B. Dreger)

--__--__--

Message: 1
From: "Robbert Hamburg \(HaVa Web- & Procesdesign\)" <user@xxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Thu, 6 Feb 2003 18:24:25 +0100
Subject: [cobalt-users] What ports shouldnt be closed
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

Hello Guys,

I have a question. The company we get our datatraffic and ips etc from
wants
to close as much as possible ports at the firewall for our outplaced
cobalts.

The box is running:

Ftp
pop3
imap
mysql
http
GUI- admin
GUI- siteadmin
ASP - chilisoft.
dns
webmin

 What port should not be closed ??
Thanks for helping out.
Please advice.

Robbert


--__--__--

Message: 2
From: Bruce Timberlake <bruce@xxxxxxxxxx>
Organization: BRTNet.org
To: cobalt-users@xxxxxxxxxxxxxxx
Date: Thu, 6 Feb 2003 09:34:09 -0800
Subject: [cobalt-users] Re: What ports shouldnt be closed
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Ftp - 20, 21
> pop3 - 110
> imap - 143
> mysql - 3306 (but shouldn't be open to the outside world)
> http - 80
> GUI- admin - 81
> GUI- siteadmin - 81
> ASP - chilisoft - 3000-3025 (admin is 5100-5102) see /etc/services 
and /home/chilisoft/README.* files
> dns - 53
> webmin - ???

Also,
HTTPS = 443
HTTPS UI = 444
telnet = 23
ssh = 22 (should be used instead of telnet if at all possible)

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+QpyRvLA2hUZ9kgwRAmTHAJ9GsS+SMDRrs/BzMPPkMDuWl0wSHACggUiY
30hiTiAW6DvZeWoqPOQYDrI=
=FTtT
-----END PGP SIGNATURE-----


--__--__--

Message: 3
From: BSmith@xxxxxxxxxxx
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] What ports shouldn't be closed
Date: Thu, 6 Feb 2003 12:35:28 -0500 
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

-----Original Message-----

Hello Guys,

The box is running:

Ftp		20/21 (TCP)
pop3		110 (TCP)
imap		220  (TCP/UDP)
mysql		Block It! - Make users use phpmyadmin, give them local
user
names/passwords
		to use.  Or get their IP address (if Static), and just
allow
that
http			80  (TCP) / 443-SSL  (TCP)
GUI- admin		444 (RaQ 550, QUBE, XTR) 81 (RaQ 1,2,3,4)
GUI- siteadmin	See above
ASP - chilisoft.	BLOCK IT
dns			53/TCP/UDP
webmin		??? check your config.


Robbert
_____________________________________


I would recommend learning the BASIC IP ports ... Read this file:
/etc/services

Run a NETSTAT:

netstat -na (Get's port numbers)

netstat -a (Get's Port Eng-Name)

Go to:

www.iana.org & Read! :)

~Brian.


--__--__--

Message: 4
From: "Robbert Hamburg \(HaVa Web- & Procesdesign\)" <user@xxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-users] Re: What ports shouldnt be closed
Date: Thu, 6 Feb 2003 18:52:58 +0100
Reply-To: cobalt-users@xxxxxxxxxxxxxxx




> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > Ftp - 20, 21
> > pop3 - 110
> > imap - 143
> > mysql - 3306 (but shouldn't be open to the outside world)
> > http - 80
> > GUI- admin - 81
> > GUI- siteadmin - 81
> > ASP - chilisoft - 3000-3025 (admin is 5100-5102) see /etc/services 
> and /home/chilisoft/README.* files
> > dns - 53
> > webmin - ???
> 
> Also,
> HTTPS = 443
> HTTPS UI = 444
> telnet = 23
> ssh = 22 (should be used instead of telnet if at all possible)
> 
> - -- 


Thanks Bruce,

Constructive comments as always :-)

Regards,

Robbert


--__--__--

Message: 5
Date: Thu, 6 Feb 2003 18:18:23 +0000
From: Charles Teton <info@xxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Re: Meaning of: www sshd[11208]: warning:
/etc/hosts.deny, line 103: can't verify hostname
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

> From: Larry Smith <lesmith@xxxxxxxxx>
>
> Charles,
>
>   It means that reverse DNS is not working on that IP/hostname:
>
> <TEST>
> root: host 64.58.161.121
> 121.161.58.64.IN-ADDR.ARPA domain name pointer 
> 64-58-161-121.cbi.cox-oc.net
>
> root: host 64-58-161-121.cbi.cox-oc.net
> Host not found.
> </TEST>
>
> EG: the IP maps to the name, but the name does not map back to the IP.

Thanks, it was the sshd bit that was getting me worried...

Charles Teton


--__--__--

Message: 6
Date: Thu, 6 Feb 2003 18:19:37 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Re: What ports shouldnt be closed
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

BT> Date: Thu, 6 Feb 2003 09:34:09 -0800
BT> From: Bruce Timberlake


BT> ssh = 22 (should be used instead of telnet if at all possible)

Definitely.  However, upgrading SSH becomes an issue... one must
re-enable telnet (ick) or run SSH on another port (what I
recommend).  If using the latter, select a port that isn't
commonly used; i.e., if the machine is compromised, you don't
want it listening on the "standard" botnet ports.

FTP presents another set of problems that I'll detail in a
separate message.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.


--__--__--

Message: 7
From: "Brian Dowding" <brian@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] mysql 3.23.54 pkg from pkgmaster.com
corrupt???
Date: Thu, 6 Feb 2003 18:25:34 -0000
Organization: Equestrian Websites
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

This version works on XTR

http://pkgmaster.com/i386/Q3-XTR-MySQL-3.23.37-1.pkg

Best regards

Brian Dowding
[mailto:webmaster@xxxxxxxxxxxxxxxxxxxxxx]


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Richard Donahue
Sent: 06 February 2003 14:07
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] mysql 3.23.54 pkg from pkgmaster.com
corrupt???



----- Original Message -----
From: "Chris" <clathem@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, January 02, 2003 10:23 AM
Subject: Re: [cobalt-users] mysql 3.23.54 pkg from pkgmaster.com
corrupt???


>
> ----- Original Message -----
> From: "Bob McCoy" <bob@xxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Thursday, January 02, 2003 10:09 AM
> Subject: Re: [cobalt-users] mysql 3.23.54 pkg from pkgmaster.com
corrupt???
>
>
> > Yeah it's showing corrupt. I emailed them
> > ----- Original Message -----
> > From: "Chris" <clathem@xxxxxxxxxxxxx>
> > To: <cobalt-users@xxxxxxxxxxxxxxx>
> > Sent: Thursday, January 02, 2003 9:30 AM
> > Subject: [cobalt-users] mysql 3.23.54 pkg from pkgmaster.com 
> > corrupt???
> >
> >
> > > I am trying to install the mysql 3.23.54 package for the XTR from 
> > > pkgmaster.com but I keep getting messages that the package cannot 
> > > be verified or is corrupted. I've tried both downloading the 
> > > package to a
> > local
> > > machine and then uploading it to the Raq, and I've also tried 
> > > entering
> the
> > > URL to the .pkg.  Is anyone else having similar problems?
> > >
> > > Thanks,
> > > Chris
> >
> > Bob,
> > Yeah it's showing corrupt for us to we went back to 3.23.36 version 
> > and
it
> > works. I emailed them about and said he had had another complaint 
> > about
> the
> > same thing and that he may have to recompile it on an xtr again.
> >
> > Non
>
>
> Thanks Bob. I have emailed them as well but haven't heard back so I
thought
> I would check the list. Do you or anyone else have a link to the 
> previous released .pkg (3.23.36) for the Q3/XTR? I usually keep the 
> .pkg files but
I
> cannot seem to locate the MySQL package anywhere.
>
> Thanks again,
> Chris
>

I removed my old version of MySQL on a Qube 3 and have the same trouble
with
3.23.54 from pkgmaster. I left my password intact when removing the old
pkg
and didn't change it back to cobalt-mysql. When trying to install the
new
pkg it shows as being corrupt. Is it really corrupt or am I doing
something
wrong? Any help is greatly appreciated.

Rich
EBS



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.445 / Virus Database: 250 - Release Date: 01/21/2003

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users




--__--__--

Message: 8
Date: Thu, 6 Feb 2003 18:39:45 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] What ports shouldn't be closed
Reply-To: cobalt-users@xxxxxxxxxxxxxxx

> Date: Thu, 6 Feb 2003 12:35:28 -0500
> From: BSmith


> Ftp		20/21 (TCP)

It's not quite this simple.  FTP supports two modes -- passive
and active.  What you suggested will break passive FTP, which one
MUST support; failure to allow passive FTP will break FTP access
for clients with properly-configured firewalls.

In active mode, a server accepts inbound 21/TCP connections.  Any
such connection is used for control.  Data is sent from 20/TCP to
a randomly-selected port on the client machine.

However, many users run firewalls.  Accepting all traffic that
comes from 20/TCP is extremely foolish -- anyone can use a box to
which they have root access to create such a socket, thus
bypassing any TCP firewall rules.  Oops.

The solution to this problem is passive mode.  Rather than let
the server send 20/TCP --> ???/TCP, the server tells the client
"connect to me on this TCP port for your data"... the server then
creates a socket on some TCP port, and waits for the client to
connect to it.  Assuming the client's firewall will pass any
outbound traffic (a bad idea, IMHO, but that's another topic), it
can connect to the FTP server in passive mode.

This presents another problem:  On what additional ports must the
server listen for data connections?  To open 1024:65535 would
allow passive FTP, but sort of defeats the purpose of having a
firewall.  It would be nice to restrict the port range to, say,
12000:12999, and only allow those.

At least on newer versions, ProFTPD allows one to do just that.
Carefully select a port range for passive FTP.  Configure ProFTPD
and ipchains accordingly.  Again, FAILURE TO DO SO WILL BREAK FTP
ACCESS for clients with properly-configured firewalls.

This should be in the archives, but I suppose it doesn't hurt to
populate them a bit more. ;-)

It's a shame that applications use unregistered ports.  If
developers had stuck to IANA-approved port numbers, we'd have
nice, tidy ranges of ports that could be filtered according to
simple policies.  However, we're probably too far down the
slippery slope for this to happen. :-(


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.



--__--__--

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

End of cobalt-users Digest
Prev by Date: [cobalt-users] Qube 3 Printing to HP990Cxi
Next by Date: [cobalt-users] RAQ 550 MYSQL 3.23.54 -- After install and reboot service will not start
Previous by thread: [cobalt-users] [RaQ3] Excessive use, possible DNS problem?
Next by thread: [cobalt-users] RAQ 550 MYSQL 3.23.54 -- After install and reboot service will not start
Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index