Hi all, I apologize for the following questions - some may be more general Linux questions while others hopefully relate directly to Icecast: 1) With regards to the recent buffer-overflow exploit and the recommendation of running icecast as a non-root user, how exactly does one do that? I've changed the UID and GUID of the icecast directory and files and binaries to nobody, but what user should I be when starting the icecast server (e.g. nobody or root)? When I check the admins that are connected it outputs: [Id: 0] [Host: icecast console] [Connected for: 8 seconds] [Commands issued: 0] End of admin listing (1 listed) Is the ID num of 0 to be a concern? 2) I was able to run the icecast server but when I tried to connect to it with IceS the streamer gets kicked off with the following error: [06/Feb/2001:01:44:50] [0:Main Thread] Kicking unknown 1 [140.180.148.145] [Access Denied (tcp wrappers) [generic connection]], connected for 0 seconds I've compiled icecast with both encryption and tcp_wrappers enabled. I've added to my /etc/hosts.deny file the line icecast: ALL@ALL EXCEPT localhost and to my /etc/hosts.allow file the line icecast: ALL@.princeton.edu with the intent to allow only IP addresses within the Princeton domain access to the server. I believe that those files however are readable only by root; can i use the ACL in place of those files then? Furthermore, I've used mkpasswd (one not provided with the icecast package; I actually couldn't locate mkpasswd.c in the src dir of the tarball distribution) to create encrypted passwords for the encoder, admin, and operator, which I then copied exactly and replaced the "hackme" dummy passwords in icecast.conf. So should the same text string that mkpasswd outputted be used as the password parameter provided to the streamer (e.g. IceS)? I'm running Icecast 1.3.7 and IceS 0.0.1beta5 on a PII 233 Mhz 128 Mb RAM running Mandrake 7.0. Any help and suggestions would be greatly appreciated, Thanks, Andrew --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
On Tue, 17 Apr 2001, Andrew M. Wu wrote:> Hello all, > > I have been having some trouble getting my Icecast server and IceS > streamer up and running properly. I have successfully compiled both > (Icecast 1.3.10 and IceS 0.0.1beta5) with libwrap and encrypt enabled. > > I can start up Icecast fine, with the following logged messages on > startup: > > Icecast Version 1.3.10 Initializing... > Icecast comes with NO WARRANTY, to the extent permitted by law. > You may redistribute copies of Icecast under the terms of the > GNU General Public License. > For more information about these matters, see the file named COPYING. > Starting thread engine... > [17/Apr/2001:01:56:37] Icecast Version 1.3.10 Starting.. > [17/Apr/2001:01:56:37] Starting Admin Console Thread... > -> [17/Apr/2001:01:56:37] Starting main connection handler... > -> [17/Apr/2001:01:56:37] Listening on host 140.180.148.145... > -> [17/Apr/2001:01:56:37] Listening on port 8000... > -> [17/Apr/2001:01:56:37] Listening on port 8001... > -> [17/Apr/2001:01:56:37] Using 'wuhoo.princeton.edu' as servername... > -> [17/Apr/2001:01:56:37] Server limits: 30 clients, 30 clients per > source, 10 sources, 5 ad > mins > -> [17/Apr/2001:01:56:37] WWW Admin interface accessible at > http://wuhoo.princeton.edu:8000/ > admin > -> [17/Apr/2001:01:56:37] Starting Calender Thread... > -> -> [17/Apr/2001:01:56:37] Starting UDP handler thread... > -> [17/Apr/2001:01:56:37] Starting relay connector thread... > -> [17/Apr/2001:01:56:37] [Bandwidth: 0.000000MB/s] [Sources: 0] [Clients: > 0] [Admins: 1] [U > ptime: 0 seconds] > > (I have set user and group to a user 'icecast' - at least I hope that that > is what Icecast and IceS will be running under (as user/group icecast and > not root, as entering 'admins' gives me: >Assuming you su to user 'icecast' before you start them.> > Listing admins > [Id: 0] [Host: icecast console] [Connected for: 1 minutes and 42 seconds] > [Commands issued: > 0] > End of admin listing (1 listed) > > > Does the 'Id: 0' have any signficance (security-wise)?No, that's just the first Id number giving out.> > However, when I try to start up IceS, it exits with the following error: > > Logfile opened > Failed connecting to server 127.0.0.1, error: Not connected to server. > Ices Exiting... > > and Icecast logs the following: > > -> [17/Apr/2001:01:48:55] Kicking unknown 1 [127.0.0.1] [Access Denied > (tcp wrappers) [gener > ic connection]], connected for 0 seconds > > > (The time is incorrect but the error message is the same.) > > And in icecast logs I have the following: > > Apr 17 01:48:55 wuhoo icecast: warning: /etc/hosts.allow, line 1: can't > verify > hostname: gethostbyname(localhost.localdomain) failed >Hmmm, seems like a name lookup problem. You can try substituting 127.0.0.1 for 'localhost' in your /etc/hosts.allow and deny files, saving the computer the need to look up anything at all. Hope that helps, Harvey> > > Could any of you inform me what I have done wrong? > > Included in my /etc/hosts.allow file is the following: > > ALL:ALL@.princeton.edu > icecast: ALL@.princeton.edu,localhost > icecast_admin: ALL@.princeton.edu,localhost > icecast_client: ALL@.princeton.edu,localhost > icecast_source: 1.2.3.4,localhost > > . > . > . > > > where 1.2.3.4 corresponds to my actual IP > > and in my /etc/hosts.deny I have > > # Mandrake-Security : if you remove this comment, remove the next line > too. > ALL:ALL@ALL EXCEPT localhost > icecast:ALL@ALL EXCEPT localhost, ALL@.princeton.edu > icecast_client:ALL@ALL EXCEPT localhost, ALL@.princeton.edu > icecast_admin: ALL@ALL EXCEPT localhost, ALL@.princeton.edu > > . > . > . > > my /etc/host.conf looks like > > order hosts, nis, bind > multi on > > and my /etc/hosts file looks like > > 127.0.0.1 localhost.localdomain localhost # 0 > 1.2.3.4 wuhoo.princeton.edu wuhoo andrewwu # 0 > > > > I am running Linux kernel 2.4.2 on a Mandrake 7.0 base system. > > Thank you for your help. > > Andrew > > > --- >8 ---- > List archives: http://www.xiph.org/archives/ > icecast project homepage: http://www.icecast.org/ > To unsubscribe from this list, send a message to 'icecast-request@xiph.org' > containing only the word 'unsubscribe' in the body. No subject is needed. > Unsubscribe messages sent to the list will be ignored/filtered. >--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Hello all, I have been having some trouble getting my Icecast server and IceS streamer up and running properly. I have successfully compiled both (Icecast 1.3.10 and IceS 0.0.1beta5) with libwrap and encrypt enabled. I can start up Icecast fine, with the following logged messages on startup: Icecast Version 1.3.10 Initializing... Icecast comes with NO WARRANTY, to the extent permitted by law. You may redistribute copies of Icecast under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. Starting thread engine... [17/Apr/2001:01:56:37] Icecast Version 1.3.10 Starting.. [17/Apr/2001:01:56:37] Starting Admin Console Thread... -> [17/Apr/2001:01:56:37] Starting main connection handler... -> [17/Apr/2001:01:56:37] Listening on host 140.180.148.145... -> [17/Apr/2001:01:56:37] Listening on port 8000... -> [17/Apr/2001:01:56:37] Listening on port 8001... -> [17/Apr/2001:01:56:37] Using 'wuhoo.princeton.edu' as servername... -> [17/Apr/2001:01:56:37] Server limits: 30 clients, 30 clients per source, 10 sources, 5 ad mins -> [17/Apr/2001:01:56:37] WWW Admin interface accessible at http://wuhoo.princeton.edu:8000/ admin -> [17/Apr/2001:01:56:37] Starting Calender Thread... -> -> [17/Apr/2001:01:56:37] Starting UDP handler thread... -> [17/Apr/2001:01:56:37] Starting relay connector thread... -> [17/Apr/2001:01:56:37] [Bandwidth: 0.000000MB/s] [Sources: 0] [Clients: 0] [Admins: 1] [U ptime: 0 seconds] (I have set user and group to a user 'icecast' - at least I hope that that is what Icecast and IceS will be running under (as user/group icecast and not root, as entering 'admins' gives me: Listing admins [Id: 0] [Host: icecast console] [Connected for: 1 minutes and 42 seconds] [Commands issued: 0] End of admin listing (1 listed) Does the 'Id: 0' have any signficance (security-wise)? ) However, when I try to start up IceS, it exits with the following error: Logfile opened Failed connecting to server 127.0.0.1, error: Not connected to server. Ices Exiting... and Icecast logs the following: -> [17/Apr/2001:01:48:55] Kicking unknown 1 [127.0.0.1] [Access Denied (tcp wrappers) [gener ic connection]], connected for 0 seconds (The time is incorrect but the error message is the same.) And in icecast logs I have the following: Apr 17 01:48:55 wuhoo icecast: warning: /etc/hosts.allow, line 1: can't verify hostname: gethostbyname(localhost.localdomain) failed Could any of you inform me what I have done wrong? Included in my /etc/hosts.allow file is the following: ALL:ALL@.princeton.edu icecast: ALL@.princeton.edu,localhost icecast_admin: ALL@.princeton.edu,localhost icecast_client: ALL@.princeton.edu,localhost icecast_source: 1.2.3.4,localhost . . . where 1.2.3.4 corresponds to my actual IP and in my /etc/hosts.deny I have # Mandrake-Security : if you remove this comment, remove the next line too. ALL:ALL@ALL EXCEPT localhost icecast:ALL@ALL EXCEPT localhost, ALL@.princeton.edu icecast_client:ALL@ALL EXCEPT localhost, ALL@.princeton.edu icecast_admin: ALL@ALL EXCEPT localhost, ALL@.princeton.edu . . . my /etc/host.conf looks like order hosts, nis, bind multi on and my /etc/hosts file looks like 127.0.0.1 localhost.localdomain localhost # 0 1.2.3.4 wuhoo.princeton.edu wuhoo andrewwu # 0 I am running Linux kernel 2.4.2 on a Mandrake 7.0 base system. Thank you for your help. Andrew --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.