$Date: 2008/02/05 21:55:46 $ $Revision: 1.107 $ Note: For those users that don't want to upgrade the kernel, I have the compiled the two LSI drivers for the 2.4.18 kernel. The latest versions can be found in V1.6-21. Only the two driver rpm's are supplied. You would replace the V1.7-x driver rpms with the V1.6-21 versions. DO NOT ATTEMPT TO UPGRADE V1.x or V2.x to V3.x It will render the SCS inoperable. ================================================== SCS Version: V3.2-15 (Feb 2008) Updated: cardd (V1.10) This change only affects the Sentinel units. Without this change, cardd would always report every serial port as missing. Running cardd will lock the exser driver so it can not be unloaded until cardd is stopped. exser serial driver (V3.2-11) Changes were made to support the changes made to cardd. ================================================== SCS Version: V3.2-14 (Nov 2007) Updated: webserver-1.0-1516.25.noarch.rpm In some cases the Enter splash image would overlap the Welcome text. This release moves the image down. A problem was found using IE6 to access the web server on a 48 port SCS. The serial port settings could not be accessed. This was fixed by limiting the serial port names to less than 20 characters. ================================================== SCS Version: V3.2-10 (Sept 2007) !! Critical bug fix !! A bug was discovered in the SCS web interface. If a user tried to reset a device port from 'getty' mode back to 'device' mode, /etc/rc.serial was recreated without any stty commands. Also, there are conditions where /etc/inittab was empty. The getty & modem options have been removed from the interface. These features are still available by modifying the appropriate configuration files. All users should upgrade their webserver rpm to a version later than 1.0-1516.15 You can determine your version with the command: rpm -q webserver (command result): webserver-1.0-1516.11 (this version should be updated) The update can be found on our ftp site: ftp://ftp.thinklogical.com ================================================== SCS Version: V3.2-8 (Aug 2007) Updated: pm and it's man page Added a command line option (--testri) to test for the RI signal. This is a debug setting and is not needed for normal operation. Added a seventh byte to the file /proc/lsi_config/som. This byte shows the status of the Sentinel's fourth I/O card. Changed the xineted section of /lsi/README to mention https. /etc/man.config was modified to insure that our stty man page is always found. The webserver had a race condition that sometimes prevented a user from being added. This is fixed in 1.0-1516.12. If you have an internal modem, it is will now be automatically enabled at startup. To prevent this, edit /etc/inittab, and add 2 (or more) '#' to the M1 line. Example: old line M1:2345:... new line ##M1:2345:... ================================================== SCS Version: V3.2-6 (Apr 2007) Updated: telnet2port.sh - added a --dell option & config file ability to specify selected ports to for telnet access - removed the 'USERID' option on the logging option, this option causes a tcp AUTH (port 113) request to the originating system, which may result in a long timeout before the connection is allowed rc.sysinit - appends to /etc/opt/etc.log the source of the RAM /etc dir. - no longer deletes ifcfg-bond0 on systems with 1 network interface sanity.check - compares RAM files to the CF saved image file (/misc/etc.tar.gz), tests ttyB* ports for off and 'getty' status tests that system startup files are executable and the symlinks are correct - check that the network configuration files exist pm - the test for non-LSI ports correctly handles a port that is off pm.8 - explanations of various error messages were added Added: README.modems - added to /usr/local/doc, it describes the workings of modems with an SCS python - added python24 rpms samba - added the client to mount Windows shares tzdata rpm - I created a SCS 2006m tzdata rpm that updates the timezone files RPM's that were added: python24-2.4.1-2_9.RHL8.0.at.i386.rpm CherrPy-2.2.1-1.noarch.rpm CherryTemplate-1.0.0-1.noarch.rpm cups-libs-1.1.17-0.9.i386.rpm libtiff-3.5.7-7.i386.rpm samba-client-2.2.7-5.8.0.i386.rpm samba-common-2.2.7-5.8.0.i386.rpm tzdata-2006m-3.el4.scs.noarch.rpm I removed linuxconf. that web-based interface was replaced with a custom package named webserver. It is python based, and located in /home/scs. stunnel uses a self-singed certificate located at usr/share/ssl/certs/scs.pem The first time the SCS is turned on, it generates the ssh host keys. This process take 2 to 3 minutes to complete. When the keys are being created, a message is displayed on the LCD front panel and the console port that the system requires a few minutes to complete this task. Some customers mistakenly thought the system was hung, and power cycled the units. ================================================== SCS Version: V3.1-21.1 (Feb 2007) updated the tzdata files. ================================================== SCS Version: V3.1-21 (Sept 2006) Modified: rc.sysinit - mount /etc to /misc/.orig-etc to allow access to the boot version of /etc after the RAM drive is mounted. halt - use /misc/.orig-etc to save critical files sredird - reworked to buffer more serial data into the TCP packet telnet2port.sh - --break option can be configured to NOT ask for confirmation before breaking a connection to a device port - R/O access to the device port s is available from port 7001 to 7048 - a list of sockets used for access will be printed ================================================== SCS Version: V3.1-20 (Aug 2006) SOM support (new SCS hardware) -- exser & db_proc modules were modified to support both old & new hardware -- lcd was modified for SOM support -- libcs_support updated from so.2.0 to so.3.0 for SOM support -- powerd version number was changed Modified: rc.sysinit - rebuild the library cache if user 'cloned' this system inittab - removed a comment that stated modems should not be installed on device ports This release will work with previous SCS hardware, there are no added features with the update (compared with V3.1-10) except for: rc.sysinit ================================================== SCS Version: V3.1-10 (June 2006) NOTE: Earlier rpms had an error in their uninstall script. This error caused some daemon programs to stop running after the rpm's were updated. The rpm's in question are: lsiscs-cardd, lsiscs-lcd, lsiscs-portlogd, lsiscs-powerd, and lsiscs-timeout. lsiscs-cardd only effects SCS Sentinels. lsiscs-powerd effects any SCS 'R' model (a dual power supply model) The remaining three rpm's effect all SCS models. By default, portlogd and timeoutd are not running, so this error only effects SCS units that have had these daemons enabled. All SCS units have the lcd daemon running; all 'R' units have the powerd daemon running; and all Sentinels have the cardd daemon running. What does this mean to you? If you upgrade these rpm's, then these daemons will be turned off. The commands to turn them back on are: /sbin/chkconfig --add XXX /sbin/service XXX start where XXX is one of these: cardd lcd portlogd powerd timeoutd Starting cardd or powerd on a non-Sentinel or non-'R' SCS is not a problem. They will determine the hardware is not present and will exit. portlogd and timeoutd require connfiguration files, so they should not be started unless you want them to run. By default they are not running. Normally, lcd is always running, and you should start it. The typical commands after a rpm update will be: /sbin/chkconfig --add lcd /sbin/service lcd start ## for dual power supply models /sbin/chkconfig --add powerd /sbin/service powerd start ## for Sentinels /sbin/chkconfig --add cardd /sbin/service cardd start These comments only apply when upgrading rpm's prior to V3.1-10. V3.1-10 and later rpm's will not have this problem. Modified: brk - V1.56: it now accepts a port number in addition to a port name. /etc/sudoers: a commented out line was added to allow customers to enable any member of the scsusers group to run the 'brk' command via sudo. /etc/mgetty+sendfax/mgetty.config - see below telnet2port.sh - V1.05: see below Modems may now be used on the SCS device ports. The user will have to modify the files /etc/sysconfig/lsi and /etc/mgetty+sendfax/mgetty.config in order to use this feature. Also, /etc/rc.serial will have to be edited, because modems are DCE devices, so our device ports must be in DTE mode. Then /etc/inittab must be edited to include a line that starts mgetty for each port that will have a modem attached to it. The script telnet2port.sh that allows unencrypted access to the device ports via TCP sockets was modified to now define a set of sockets, that when accessed, will break a connection on the corresponding device port. The default base socket is 9001. This feature is activated by adding the '--break' option when running the telnet2port.sh script. New: The kernel was recompiled and the advanced routing module was included. This gives more routing options for the SCS units with dual NICs. ================================================== SCS Version: V3.1-9 (Apr. 2006) Modified /etc/rc.serial to have the correct ttyS1 setup for modems. (changed clocal to -clocal) Also added comments to /etc/inittab about modems and flow control settings. Modems should only be used on the SCS console port 2. ================================================== SCS Version: V3.1-8 (Jan. 2006) Replaced openssl-0.9.6g-1 with openssl096-0.9.6-24.8.legacy openssl-devel-0.9.6b-36.8.legacy The legacy openssl package has support for the openSSL ENGINE. This feature is used by programs (dig, host, etc.) found in the bind-utils rpm. Non-Redhat/legacy openSSL builds do not have ENGINE support. (openSSL versions 0.9.7 and above have ENGINE support by default) Because of this, I had to revert back to the earlier version of openssl (0.9.6b). Added: LSI-INSTALL to /usr/local/doc/pam_radius. ================================================== SCS Version: V3.1-7 (Dec. 2005) Removed the following: openssl096-0.9.6-24.8.legacy openssl-devel-0.9.6b-36.8.legacy Upgraded to the following: cvs-1.11.2-9.legacy openssl-0.9.6g-1 openssh-4.2p1-1.norlug openssh-clients-4.2p1-1.norlug openssh-server-4.2p1-1.norlug Note: openSSH v4.2 increased the default key length to 2048. The SCS will create 1024 bit keys when the ssh server is started for the first time. Changed: The lsc alias was modified to use lsifuser in place of fuser. lsifuser is a modified version of fuser that does not support the killing of processes. Modified: sanity.check - modified to no longer look for files that were symlinked to /misc in V3.x The following man pages were updated to rflect the new features: lsi.1 lsi.5 lsi.8 New Features: The kernel was recompiled to include IPV6 support. The exser port driver was recompiled to allow getty to run on the ttyB* device ports. For more details, read the comments in /etc/sysconfig/lsi Factory Restore: by creating an epmty file called /.factoryrestore, and rebooting the SCS twice, the original /etc, /home, /var, and /root directories will be restored. Cloning: if the file .misc/clone.etc.tar.gz exists at startup, it will be expanded into the RAM drive instead of /misc/etc/tar.gz. This allows you to clone SCS's. This clones everything, so you will have duplicate SSH host and user SSH keys. If static IP addresses are used, they are duplicated. The clone file is renamed after expansion to prevent it from being used the next time the system is booted. You must reboot the SCS twice for all the changes to take effect. lcd: you can define the format used to display the date and time (see the comments located in /etc/sysconfig/lsi) and the man page for lcd. ================================================== SCS Version: V3.0-5 (Sept. 1, 2005) Fixed: lsiscs-linux.mods-3.0-5 /misc/halt - after inittab was moved from /misc to /etc (where it normally is located) a problem with init was discovered. Changes that were made to the version of inittab that is located in the RAM disk were not seen by init at startup. This is because init reads inittab at the start of the boot process, before the RAM disk is created and loaded. So init does not see the modified inittab file. Running telinit after the SCS is booted will cause init to read the modified file. halt was modified so that the RAM disk version of inittab is copied onto the CF after the RAM disk is unmounted. inittab was moved back to /etc so that linuxconf would be able to find and modify the file. Updated: sredird (V2.2.1-1.1.4) Added an inactivity timeout feature and a config file /etc/sysconfig/sredird. The config file contains the starting port/socket number (default is 6001), and the inactivity timeout delay (defaults to no delay). The delay is set on the command line with the -t or -T option. This sets the delay (in minutes), which if the telnet client is inactive for that period of time, the session will end. The -t option monitors both sent and received data, while -T only monitors sent data (from the user to the serial port). This is similar to the timeoutd daemon, but timeoutd only works with login sessions. Added: man page for telnet2port.sh ================================================== SCS Version: V3.0-2 (June 6, 2005) Added: sredird - serial port redirector for telnet to a port support /usr/local/sbin/telnet2port.sh script is used to enable sredird. By default, the script will assign ports from 6001, to change the starting port number, include the new number on the command line. Example, to start at port 9001: telnet2port.sh 9001 There is more information located in /usr/local/doc/telnet2port.README rcs-5.7-18 cvs-1.11.2-5 gd-1.8.4-9.i386.rpm libjpeg-6b-21.i386.rpm libstdc++-3.2.2-5.0.rh80.i386.rpm libxml-1.8.17-5.i386.rpm pciutils-2.1.10-2.i386.rpm stunnel-3.26-1.8.0.i386 joe-2.9.7-7.i386.rpm An alternative to vi, JOE also emulates several other editors. JSTAR is a close imitation of WordStar with many "JOE" extensions. JPICO is a close imitation of the Pine mailing system's PICO editor, but with many extensions and improvements. JMACS is a GNU-EMACS imitation. RJOE is a restricted version of JOE, which allows you to edit only the files specified on the command line. Commands: joe jstar jmacs rjoe jpico linuxconf-1.34r3-lsi.1.i386.rpm to the 512M CF version It is accessed by: https:SCSipADDRESS:8098 There is a default SSL certificate on the SCS. There is more information located in /usr/local/doc/linuxconf.README Updated: xinetd is now ON by default, starting stunnel and linuxconf stunnel will direct port 98 to localhost:8098 linuxconf will listen on localhost:98 only /root/.bash_profile to use more to display the LSI README during the first root login. /lsi/README to reflect the xinetd and linuxconf changes added a comment to /etc/fstab to tell linuxconf to ignore the missing swap file. brk (v1.53) - don't kill the parent task (the -l option) if the grandparent is init (pid = 1). This prevents xinetd from being killed. lcd {v2.0) - added options to reboot/poweroff the SCS from the front panel. powerd (V2.0) - it no longer overwrites /etc/motd. A new file, /etc/power.failure, has been created that will hold the power status messages. Messages are appended to this file, so that while powerd is running, a history is maintained. /etc/profile was modified to print the contents of /etc/power.failure during a user's login process. changes will now work if the locale is non-US nss-tacplus-HOWTO (added a section about /etc/sysconfig/nss_tacplus.conf) there is just 1 rc.serial file, not 4 (1 for each model of 8/16/32/48 ports) modules.conf - turned off eth2 thru eth7 fstab, inittab and rc are no longer synlink'd to /misc, they are back in /etc mtab is no longer a symlink to /proc/mounts, but a real file rc.sysinit was modified: a) update mtab during the boot process b) creates the user config files instead of untaring them at startup. (This removed the tar files from the lsiscs-lsi rpm). c) does not run cardd and powerd at startup if they are not needed (i.e. not a Sentinel or not a 2 power supply unit) d) if only 1 NIC, delete ifcfg-bond0 !!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!! Due (in part) to the change from 256 to 512Meg CompactFlash it is not possible to upgrade older systems to V3.x of the SCS software. Some selected lsi packages (lcd) can be upgraded. These rpm's will be located on the ftp site. !!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!! ================================================== SCS Version: V2.2-4 (Feb. 9, 2005) Added: TACPLUS support for logins libnss-tacplus-1.1.so - NSS/TACACS+ library /usr/local/doc/pam_tacacs/nss-tacplus-HOWTO /etc/redhat-release Some install scripts will not work if this file is missing added these rpms: dialog-0.9b-20020519.1.i386.rpm sharutils-4.2.1-12.i386.rpm Added kernel support for: 802.1q VLAN TUN/TAP Updated: connect (V2.16) - write to syslog the reason why a user is denied access due to the file/group permissions port_access (V2.12) - added TACACS+ support map.ltrx (V1.2) - fixed the connections and listdev commands (only in the 512Meg CF) Updated these rpms: glib2 2.2.1-0.0.rh80.kde.i386 libtool-libs 1.5.6-0.fdr.0.rh80.i386 libxml2 2.5.11-1.0.rh8.dag.i386 logwatch 5.2.2-0.1.0.rh8.dag.noarch nmap 2:3.70-2.0.rh8.dag.i386 tftp-server 0.34-0.dag.rh80.i386 ttcp 3.7-1.dag.rh80.i386 tftp 0.34-0.dag.rh80.i386 utempter 0.5.2-10.8.0.1.legacy.i386 Added examples to portlogd man page for the --delim option. ================================================== SCS Version: V2.1-0 (Oct. 29, 2004) Ethernet bonding support was added. This allows 2 NIC's to share the same IP address. If one link were to fail, the other remains operational. This feature onlys applies on the 'R' SCS units, the one's with dual NICs. Updated: Modified common rpm to say it provides perl(Tk) and perl(Term::ReadKey). Moved save.conf from the lsi rpm to the scripts rpm - save and save.conf are now in the same rpm. adduser (v1.3) now accepts a uid parameter (similar to useradd). However, it is restricted to a value below 10000. This was done to limit the size of the file /var/log/lastlog. The portlogd init script (/etc/init.d/portlogd) was modified to create a lock file. If portlogd was used with NFS, because there was no lock file, portlogd was not shut down before NFS was shut down - this caused an error during the shutdown process. The alias 'lsp' was modified (v1.6) to correctly report port names if a non-US locale was used. It looks for the word 'total' from ls, and changing the locale changes the word output from ls. The aliases are defined in the files /etc/profile.d/lsi.sh and lsi.csh. Fixed: The man page for editesc(1) had a typo that caused the example to display incorrectly. these rpm's were added: bc-1.06-10.i386.rpm ethtool-1.6-2.i386.rpm Kernel changes: enabled Ethernet bonding Two documents were added to /usr/local/doc/networking to explain bonding and how to set it up. ================================================== SCS Version: V2.0-5 (July 22, 2004) This release includes Revision G of the manual. Added the Modem-HOWTO to /usr/local/doc added these rpm's: ckermit-8.0.206-0.3.i386.rpm minicom-2.00.0-6.i386.rpm ================================================== SCS Version: V2.0-2 (June 3, 2004) Fixed: changehostname - deletes all HOSTNAME lines in the file /etc/sysconfig/network, and then inserts the new name. powerd (V1.8) - it would not always send an email on power supply fail. V1.9 fixes this. Updated: added /etc/sysconfig/powerd to the list of files in the lsi man page (5). added a reference to /etc/sysconfig/powerd to the man page for powerd (8). ================================================== SCS Version: V2.0-1 (May 13, 2004) Fixed: port_access (V2.9): intermittent denial of access when using NIS to validate users. The new version (V2.10) parses the nsswitch.conf itself, instead of using grep. the makefile /usr/local/sbin/makefile.ssh would exit if the grep in serial.ip (line 70) did not find a match. I added a '-' to the grep command. added this public key: gpg-pubkey-ff6382fa-3e1ab2ca.(none).rpm added these rpm's: dos2unix-3.1-12.i386.rpm iptraf-2.7.0-3.i386.rpm lokkit-0.50-21.8.0.i386.rpm mtr-0.49-7.i386.rpm nc-1.10-16.i386.rpm unix2dos-2.2-17.i386.rpm The International version also has these rpm's: kakasi-2.3.4-8.i386.rpm kakasi-dict-2.3.4-8.i386.rpm man-pages-cs-0.14-7.noarch.rpm man-pages-da-0.1.1-7.noarch.rpm man-pages-de-0.4-3.noarch.rpm man-pages-es-1.28-4.noarch.rpm man-pages-fr-0.9-9.noarch.rpm man-pages-it-0.3.0-9.noarch.rpm man-pages-ja-0.5-9.noarch.rpm man-pages-ko-20010901-6.noarch.rpm man-pages-pl-0.22-10.noarch.rpm man-pages-ru-0.7-3.noarch.rpm Updated: freetype-2.1.4-5.fdr.1.rh80.i386.rpm nmap-3.48-1.fdr.3.rh80.i386.rpm openssl096-0.9.6-24.8.legacy.i386.rpm openssl-0.9.6b-36.8.legacy.i386.rpm openssl-devel-0.9.6b-36.8.legacy.i386.rpm pcre-4.5-0.fdr.0.rh80.i386.rpm - ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated OpenSSL resolves security vulnerability Advisory ID: FLSA:1395 Issue date: 2004-05-08 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1395 CVE Names: CAN-2003-0851 CAN-2004-0081 - ----------------------------------------------------------------------- ================================================== ================================================== SCS Version 2.x now has an International version. It requires a 512 Mb CompactFlash instead of the standard 256 Mb. The new version contains all the locale files for non-US support. ================================================== ================================================== ================================================== SCS Version: V1.7-10 Updated: The 1.7-9 RPM's for exserial and device-data-block had an error in their install scripts. The script would fail if the module was not loaded when the RPM was run. The new RPM's fix this - there is no change in the drivers themselves. lsi.8 man page now includes the sanity.check script sanity.check: fixed a typo in line 54, added more tests, test that pm exists before running it. pm (V1.4): if an invalid configuration is detected, pm will now display the status of the DSR and CTS lines to aid in debugging the connection. pm.8: the man page is updated to give more detailed information about serial connections, and how to interpret the output from pm. ================================================== SCS Version: V1.7-9 Added: Added 'ssh-to-a-port' feature. This allows assigning an IP address to each device port. The following programs were modified: connect (V2.13 ) man page lsi(5), lsi(8) lsisshd (a modified openSSH sshd) added PAM modules for RADIUS and TACACS+ the RSA SecurID PAM agent tar file is located in /misc added a script 'sanity.check' that will verify the SCS files and operating condition Modified: added a low ramdisk space warning in /etc/profile connect (see above) cardd (V1.6): added support for the Sentinel's new fiber network card Changed the permissions on / to 755 (from 775) Fixed: port_access (V2.8): earlier versions did not parse nsswitch.conf correctly A workaround is to add a comment to the end of the port_access line. lcd (V1.21): if a hostname is greater than 24 characters, display the first 24 Removed the following pacakges: libjpeg-6b-21.i386.rpm librpm404-4.0.4-8x.27.i386.rpm Added/Updated the following packages: http://apt.kde-redhat.org/yum/fedora/8.0/stable/RPMS/gnupg-1.2.3-0.fdr.2.rh80.i386.rpm http://apt.kde-redhat.org/yum/fedora/8.0/stable/RPMS/libxml2-2.5.11-0.fdr.1.rh80.i386.rpm http://download.fedoralegacy.org/redhat/8.0/legacy-utils/i386/popt-1.7.1-1.8x.i386.rpm http://download.fedoralegacy.org/redhat/8.0/legacy-utils/i386/rpm-4.1.1-1.8x.i386.rpm http://download.fedoralegacy.org/redhat/8.0/updates/i386/slocate-2.7-1.8.0.legacy.i386.rpm Compiled for the LSI SCS (sshd_config file uses a server key length of 768 bits) openssh-3.7.1p2-1b.i386.rpm openssh-clients-3.7.1p2-1b.i386.rpm openssh-server-3.7.1p2-1b.i386.rpm The following public kets were added to the RPM database: gpg-pubkey-731002fa-400b9109 http://www.fedoralegacy.org/FEDORA-LEGACY-GPG-KEY gpg-pubkey-8df56d05-3e828977 http://www.fedora.us/FEDORA-GPG-KEY ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated kernel resolves security vulnerabilities Advisory ID: FLSA:1284 Issue date: 2004-03-02 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1284 CVE Names: CAN-2004-0077, CAN-2004-0075, CAN-2004-0010, CAN-2004-0003 http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm ----------------------------------------------------------------------- ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated slocate resolves security vulnerabilities Advisory ID: FLSA:1232 Issue date: 2004-02-11 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1232 CVE Names: CAN-2003-0848, CAN-2003-0056 http://download.fedoralegacy.org/redhat/8.0/updates/i386/slocate-2.7-1.8.0.legacy.i386.rpm ----------------------------------------------------------------------- ================================================== SCS Version: V1.7-7 Documentation: lsi.8 man page now includes the pm command added -q|--quiet to the monitor man page the man page for portlogd had a typo in the first synopsis line (portnumber was missing a 'p' and was not underlined) Added: pm (V1.0): a script to test device ports and report back if they are configured correctly. It is a dce/dte test, that helps eliminate connection questions. Modified: connect (V2.12): the --brkesc option will now accept a 1 character sequence Fixed: (these fixes do NOT require the updated kernel) edituser (V2.7), connect (V2.10), and port_access (V2.7): user names were being truncated to 9 characters, the limit is now 255 connect (V2.9): fixed a bug that caused connect to loop when stdin was a socket and the socket was closed in the middle of sequence checking halt: did not test for presence of /sbin/lcd in 2 places before executing /sbin/lcd powerd.helper: snmptrap did not run this needs the 2.4.20 kernel exser.o (V3.1-8): now limits write (or R/W) access to the device ports (ttyBn) to 1 user at a time earlier versions limited R/W not WRITE access fixed a bug that caused the module in use count to not be decremented. This would occur if a user without access permissions tried to access a port that was already in interactive mode. It now uses 'exser' as the module name, not serial. !!!!!!!!!!! Users should download lsiscs-exserial-1.7-7.i386.rpm and do an upgrade. !!!!!!!!!!! The file exser.o-2.4.18-27.8.0, contains the above fixes, but was compiled for the 2.4.18 kernel. Updated: rc.sysinit now creates /boot/kernel.h - which is a symllink to /var/local/kernel.h the LSI kernel rpm's now provide the kernel version port_access was rewritten to support the new connect/monitor and nsswitch.conf processing (new version is 2.x) edituser was rewritten to better handle user input (new version 2.x) replaced monitor with a symlink to connect (and there is no more monitor rpm) connect was rewritten to include monitor support (new version is 2.x) I added --noexit and --nobreak options to connect: these disable the exit and break sequence checking the --esc option was changed to --exitesc to match the form of the --brkesc option (--esc will still work) I added some shutdown LCD messages to halt to give more detail during the shutdown process. I added help text for the script adduser, included edituser options into the script. I added ppp support into the kernel I added iptables to the kernel /etc/rc.d/init.d/functions was modified to detect when syslogd reported a FAILURE during startup. This started after kernel 2.4.20 was installed. Added more copyright and license files to the image - ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated tcpdump resolves security vulnerability Advisory ID: FLSA:1222 Issue date: 2004-01-31 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1222 CVE Names: CAN-2003-0989, CAN-2004-0055, CAN-2004-0057 http://download.fedoralegacy.org/redhat/8.0/updates/i386/tcpdump-3.6.3-17.8.0.5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/8.0/updates/i386/libpcap-0.6.2-17.8.0.5.legacy.i386.rpm http://download.fedoralegacy.org/redhat/8.0/updates/i386/arpwatch-2.1a11-17.8.0.5.legacy.i386.rpm - ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated screen resolves security vulnerability Advisory ID: FLSA:1187 Issue date: 2004-01-26 Product: Red Hat Linux Keywords: Security Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1187 CVE Names: CAN-2003-0972 http://download.fedoralegacy.org/redhat/8.0/updates/i386/screen-3.9.11-11.legacy.i386.rpm - ----------------------------------------------------------------------- linux updates: kernel-2.4.20-28.8.src.rpm (RHSA-2003:417-08) fileutils-4.1.9-11.2 (RHSA-2003:309) glibc-2.3.2-4.80.8.i386.rpm (RHSA-2003:325) glibc-common-2.3.2-4.80.8.i386.rpm (RHSA-2003:325) glibc-devel-2.3.2-4.80.8.i386.rpm (RHSA-2003:325) gnupg-1.0.7-14.i386.rpm (RHSA-2003:390-18) iproute-2.4.7-7.80.1.i386.rpm (RHSA-2003:316) iptables-1.2.8-8.80.2.i386.rpm (RHSA-2003:213) nscd-2.3.2-4.80.8.i386.rpm (RHSA-2003:325) zebra-0.93a-5.8.0.i386.rpm (RHSA-2003:307) nmap-3.48-1 When upgrading the kernel with the scs-kernel-upgrade rpm, use the --install option. If you use the --upgrade option, the existing kernel and modules will be removed. Three rpm's are required for a kernel upgrade: the kernel, the exserial module, and the device_data_block module. If any other rpm dependancy occurs, those rpm's should be installed with the --upgrade option. Refer to the lsi-rpm-HOWTO for more information. V1.7-7 contains the 1.7-5 and 1.7-6 updates that were never shipped. ================================================== SCS Version: V1.6-21 Fixed: compiled exser.o and db_proc.o for kernel 2.4.18-27.8.0 (see the note at the beginning of this text for details) These rpms are for users that want the latest driver fixes, but don't want to upgrade to the newest kernel. ================================================== SCS Version: V1.6-20 Fixed: compiled exser.o for kernel 2.4.18-27.8.0 (see V1.7-7 for details) This rpm is for users that want the latest exser driver, but don't want to upgrade to the newest kernel. ================================================== SCS Version: V1.6-19 Fixed: awk script for NIS save (V1.63) will no longer follow NFS paths ================================================== SCS Version: V1.6-18 Fixed: man page for monitor misspelled EXAMPLES Updated: openssl-devel-0.9.6b-35.8 (RHSA-2003:291) openssl-0.9.6b-35.8 (RHSA-2003:291) openssl096-0.9.6-23.8 (RHSA-2003:291) ================================================== SCS Version: V1.6-17 New: Fixed: powerd V1.7 was reporting /bin/true will be run when no --helper option was given versions V1.8 did not report the version of powerd Updated: expanded the man page for connect added cardd to lsi(8) man page replaced openssh-3.5p1-1 with openssh-3.7.1p2-1 (RHSA-2003:279) replaced sendmail-8.12.8-5.80 with sendmail-8.12.8-9.80 (RHSA-2003:265) replaced sendmail-cf-8.12.8-5.80 with sendmail-cf-8.12.8-9.80 (RHSA-2003:265) replaced unzip-5.50-12 with unzip-5.50-32 (RHSA-2003:199) replaced pam_smb-1.1.6-5 with pam_smb-1.1.6-9.8 (RHSA-2003:261) replaced perl-5.8.0-55 with perl-5.8.0-88.3 (RHSA-2003:256) replaced perl-suidperl-5.8.0-55 with perl-suidperl-5.8.0-88.3 (RHSA-2003:256) removed /etc/ssh/ssh_config & /etc/ssh/sshd_config from lsiscs-linux.mods*.rpm save V1.62 will stay on the local filesystem when saving data to the compact flash. If NFS mount points are created in /etc, /var, /home, the mount point will be saved, but not the remote files. ================================================== SCS Version: V1.6-16 Updated: /usr/local/doc has Rev. D of the SCS manual ================================================== SCS Version: V1.6-15 (internal release only) This release updates the software to accomodate the Sentinel products. New: include pam_radius_auth.so (version 1.3.15) in /lib/security Fixed: Updated: /proc/lsi_config/modem: will show 1 if a modem is installed To reset the modem, write the string "reset" to /proc/lsi_config/modem Example: echo "reset" >/proc/lsi_config/modem cardd: included the '-d' (debug) option /etc/rc.serial: added a stty line (commented out) to initialize a modem on console 2 /etc/inittab: added a line (commented out) for a modem on console 2 ================================================== SCS Version: V1.6-14 (internal release only) Fixed: snmp supports LSI hardware, Rmon and tunnel MIBs Updated: added more content to the man pages for monitor and connect save command will not save /var/agentx directory increased the maximal mount count for /dev/hda2 ('/') form 20 to 60 added the cardd daemon to monitor the Sentinel for cards being removed/inserted The exser driver was modified to supply snmp with char MIB and rs232 MIB counts. By default, the driver will NOT keep counts for the number of char. sent or received. To enable these counts, parameters must be supplied as the driver is being loaded. The driver is loaded by the scrip /etc/rc.modules. These parameters are: 'show_rx_cnts=yes' and 'show_tx_cnts=yes'. Showing these values has been determined to be a possible security issue. Also I modified the exser driver to not allow connections to a port that has been removed. - It will report 'No such device' modified port_access logging: opening ttyB* as read-only is now a DEBUG level event not an INFO level. IOCTL users typically open the device as read-only, so this will reduce the size of the syslog file. ================================================== SCS Version: V1.6-13 Updated: rebuilt SNMP to support more MIBs ================================================== SCS Version: V1.6-12 New: added info pages for: bash, binutils, coreutils, find, grep, grub, mgetty, sed, tar and others Fixed: timeoutd - I added a helper script (/usr/local/sbin/timeout.sh) that kills any process that has a (parameter) file open. /lsi/save.conf - I added a nomail option and a comment why /misc/halt - during shutdown, copy the files /etc/sysconfig/clock & network from the RAM disk to the actual CF /etc dir. I was copying them to /tmp, but I could not be certain that /etc was unmounted at that point. /usr/local/sbin/powerd.helper is set executable Updated: added a '--yes' option to the brk command; brk won't asked for confirmation if --yes is supplied added content to man pages for connect and monitor ================================================== SCS Version: V1.6-10 New: man pages lsi.1, lsi.5, lsi.8, lsp.1 Fixed: edituser - added command line options for a non-interactive mode - increased the user line size deluser - works if the user does not exist adduser - now creates user config file with correct ownership - will work with edituser command line options Updated: man pages: reworked so they have a consistant look-and-feel ================================================== SCS Version: V1.6-9 New: added the LSI mibs to the snmp package (reports power supply status) Fixed: /home access modes SCS manual pdf now conatins only 1 image lsi.csh returns user to their original directory connect (V1.12) no longer displays 1 extra character Updated: modified the RPM contents to minimize the creation of *.rpmsave files during an update. *.rpmnew files will be created, but the user modified files will remain unchanged. added options --rpm and --all to versions command System package changes: replaced glibc-devel-2.3.2-4.80.i386.rpm with glibc-devel-2.3.2-4.80.6.i386.rpm replaced nfs-utils-1.0.1-2.i386.rpm with nfs-utils-1.0.1-2.80.i386.rpm replaced wu-ftpd-2.6.2-8.i386.rpm with wu-ftpd-2.6.2-12.i386.rpm removed ypserv-2.5-1.i386.rpm (duplicate) Bugs: edituser, editesc, editbrk: help text is missing newlines user input is limited to 40 characters per line deluser: the script would not run if the user did not exist adduser: created the user config file with the wrong owner would overwrite an existing user config file with the default settings ================================================== SCS Version: V1.6-6 New: powerd daemon for monitoring the dual power supplies of the 'R' models replaced the exser driver with a newer version rewritten for 2.4 kernels. Fixed: shadow passwords are enabled by default Updated: portlogging: we append to the log file when we start logging. we now use logrotate to control the log files Changed the default log file path to /var/log Changed the default name of the logfile to portlogd. Warn if EMAIL_ALARM_COUNT exceeds 2K. Replace each %n and %p in the email subject with the port number and the pattern metched when we send a email. System package changes: replaced bash-2.05b-5.i386.rpm with bash-2.05b-5.1.i386.rpm replaced bash-doc-2.05b-5.i386.rpm with bash-doc-2.05b-5.1.i386.rpm added expect-5.38.0-74.i386.rpm (install with --nodeps libtk.so.0 and libX11.so.6 are missing) replaced glibc-2.3.2-4.80.i386.rpm with glibc-2.3.2-4.80.6.i386.rpm replaced glibc-common-2.3.2-4.80.i386.rpm with glibc-common-2.3.2-4.80.6.i386.rpm replaced man-1.5j-11.i386.rpm with man-1.5k-0.8x.0.i386.rpm replaced nscd-2.3.2-4.80.i386.rpm with nscd-2.3.2-4.80.6.i386.rpm replaced tcpdump-3.6.3-3.i386.rpm with tcpdump-3.6.3-17.8.0.3.i386.rpm replaced unzip-5.50-5.i386.rpm with unzip-5.50-12.i386.rpm replaced xinetd-2.3.7-5.i386.rpm with xinetd-2.3.11-1.8.0.i386.rpm added ypserv-2.8-0.80E.i386.rpm replaced zlib-1.1.4-4.i386.rpm with zlib-1.1.4-8.8x.i386.rpm added gpg-pubkey-a686b5a7-3f0dc9ff.(none).rpm added gpg-pubkey-db42a60e-37ea5438.(none).rpm Bugs: /home dir. were created with access mode of 755, not 700 SCS manual pdf file contains 2 images of the manual lsi.csh did not return to the orig. dir, but left user in /lsi/ports connect would display 1 extra char. when showing last 'n' lines /usr/local/sbin/powerd.helper does not have the executable bits set snmp did not support the LSI hardware snmp character MIB was limited to 16 ports ================================================== SCS Version: V1.5-25 Fixed: /etc/logrotate.conf - added missingok to lastlog entry /etc/cron.daily - changed cron.daily/tripwire-check to not send a message if not running connect correctly displays the buffer versions now includes monitor and portlogd Bugs: lsi.csh - did not work portlogd - when it starts it overwrites the log file instead of appending halt - did not always save sysconfig/clock and network back to chicklet /etc shadow passwords are NOT enabled - the user must run authconfig to enable them timeoutd does not disconnect users if they are not running bash as their shell. sshd fork twice, the 1st one is recorded in /var/run/utmp, and that one is sent the signals. However, the signals are not passed on to the child processes. ================================================== SCS Version: V1.5-14 New: support for NIS port_access permissions portlogging now included Fixed: connect (V1.9), adduser, deluser, lsc (lsi.sh & lsi.csh) loading modules (rc.modules) exser 2.6.7 - proc buffers display 0 bytes when buffer is empty Updated: changed access permissions on port_access from 755 to 754 changed the symlink /usr/sbin/adduser to point to /usr/local/sbin/adduser changed save command to exclude some files in /var (dev/log, var/lock, var/run) stty now does error checking on rename rc.sysinit changed to echo /sbin/modprobe to /proc so kernel can load modules changed 'gethostname' to 'changehostname' Bugs: connect would not show what's in the buffer if there were fewer that 2660 char. versions did not show monitor or portlogd ================================================== SCS Version: V1.4-16 Bugs: connect: error in esc. seq. processing - dropping char. deluser: had a syntax eror in find - user was already deleted, so use UID NFS modules were not loading as needed (fixed in rc.modules) command 'lsc' could not list monitor ports stty rename: no error checking is done for rename, so user does not know if it works or failed new users are not members of the monitor group, so the user can not access monitor ports su - did not create PATH in the same order as login did; /usr/local was at end of the list this caused the standard adduser to be run ================================================== SCS Version: V1.4-6 Fixed: brk (V1.51) had a missing ';' in the while on line 24, it should read while [ $# -gt 0 ] ; do Bugs: portlogger not included snmp is included, but exser is not updating counts lcd - top line would blank: caused by running lcd while daemon is up fixed in V1.16 /var/log/lastlog was 19 Meg, should not be on chicklet NIS: add/edit user did not work if NIS is enabled versions had save and brk in the wrong places, so they were not shown