Re: how to get columns to line up in summary?
On Wed, Aug 06, 2003 at 05:06:40PM -0400, Scott Mcdermott wrote: > Paul Bijnens on Wed 6/08 22:45 +0200: > > But if you only have one computer and it is the server and > > client itself, then there is indeed no problem to using > > "localhost". (But don't say we didn't warn you :-) > > now *that* is a reasonable answer. > > I'm still concerned though, that anyone on any client can > restore any files if they have control of DNS. I'm sure our > finance people wouldn't like our DNS admin to be able to see > everyone's salaries, for instance. That might be one reason to encrypt the backups. A method was posted using pgp about 18 months ago. jl -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
RE: how to get columns to line up in summary?
How far do you want to take your paranoia? I take it pretty far as a system admin, but I think I know where to draw the line. I am not sure why you insist on clinging so stubbornly to localhost for DLEs, but I have read enough on this group in the last 9 months (as long as I have been a member) to agree with the people that seem to know what they are doing. Repeatedly, the people having problems and using localhosts, report that the problems are reduced or eliminated when they use properly documented FQDNs for their systems. I am tired of beating this dead horse. Go your own way, but don't expect us to agree with it. Don Donald L. (Don) Ritchey E-mail: [EMAIL PROTECTED] -Original Message- From: Scott Mcdermott [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 12:18 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: how to get columns to line up in summary? [EMAIL PROTECTED] on Wed 6/08 12:13 -0500: > And anyone who can get local root on his/her workstation > can use 'amrecover' to obtain any filesystem backed up from > 'localhost', since localhost is valid on any system. then what prevents joe user from just modifying /etc/hosts on his machine to pretend he is the system he wants to restore from? what prevents DNS admin from changing his zone files so he can recover /etc/passwd on some machine he doesn't control but wants to? This e-mail and any of its attachments may contain Exelon Corporation proprietary information, which is privileged, confidential, or subject to copyright belonging to the Exelon Corporation family of Companies. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank You.
Re: how to get columns to line up in summary?
> "Jon" == Jon LaBadie <[EMAIL PROTECTED]> writes: [...] Jon> That might be one reason to encrypt the backups. Jon> A method was posted using pgp about 18 months ago. The reference I found was from 1999, and was very fuzzy on details. If someone is actually doing this, could they update the FAQ-o-matic with details? Jack. -- Jack Twilley jmt at twilley dot org http colon slash slash www dot twilley dot org slash tilde jmt slash pgp0.pgp Description: PGP signature
Re: how to get columns to line up in summary?
On Tue, Aug 05, 2003 at 12:13:38PM -0400, Scott Mcdermott wrote: > anyone know of an easy way to get columns to appear somewhat > legibly without hacking the amanda source? > > localhostuser-e1 12390460 12390460.00 --33:36 6147.200195 > 33:36 6146.399902 > I don't recall ever seeing 6 decimal places printed out. That is the default for C language printf. But I thought it was only printing 1 or 2 decimal places. I didn't really care if the rate was 6147 KB/s or 6147.20 KB/s :)) So I did hack my copy to get rid of decimal places in all columns. > here's my columnspec: > > > HostName=0:-1,Disk=4:-1,Level=1:-1,OutKB=2:-1,Compress=1:-1,DumpTime=2:-1,DumpRate=1:-1,TapeTime=3:-1,TapeRate=1:-1 > > docs say using -1 lets field size be calculated from largest > one, but that doesn't appear to be the case? Never noted that before in the man page. Learn something new every day :) So I don't know if it does, or has ever, worked. But I'll wager that getting rid of the 21 fractional chars would do nothing but help. -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
Re: how to get columns to line up in summary?
[EMAIL PROTECTED] on Wed 6/08 12:13 -0500: > And anyone who can get local root on his/her workstation > can use 'amrecover' to obtain any filesystem backed up from > 'localhost', since localhost is valid on any system. then what prevents joe user from just modifying /etc/hosts on his machine to pretend he is the system he wants to restore from? what prevents DNS admin from changing his zone files so he can recover /etc/passwd on some machine he doesn't control but wants to?
Re: how to get columns to line up in summary?
On Wednesday 06 August 2003 14:25, Scott Mcdermott wrote: >[EMAIL PROTECTED] on Wed 6/08 12:26 -0500: >> How far do you want to take your paranoia? I take it >> pretty far as a system admin, but I think I know where to >> draw the line. > >what are you talking about? you think if anyone with root on >any client amanda backs up, or the DNS admin, can restore >files from any amanda-backed-up machine, that is paranoia? >I'm glad you don't work for us... > >> I am not sure why you insist on clinging so stubbornly to >> localhost for DLEs, > >only because no one seems to have a solid technical reason >not want to use them, but just talk about some kind of >voodoo magic; I don't cling to using localhost at all, I'm >merely saying there is nothing wrong with it (and my backups >run fine with it) > >> use properly documented FQDNs for their systems. > >ok how about localhost.localdomain. That's an FQDN. No its not, its a univesal name for all machines. >seriously, I agree that the real machine name should be used >if only for correctness; I only wish to understand WHY it is >said to be wrong and cause problems. The only 100% bulletproof alternative to the FQDN is that FQDN's ip address, NOT 127.0.0.1 either. I'm like Randy, this horse has no more liquid blood, riger mortis has well and truely set in... We preach against it, its in the FAQ, and in the docs in the archives. You been given several good, not always security related reasons why its a bad practice. Some of them have come from longtime highly experienced, teaching on the side SysAdmins, like Jon. Me? I'm just a home user who happens to have been bit by it too, so I had a lot of wheels to re-invent before I was back to "my" system. Go your own way, but when a recovery goes south, we don't want to hear about it. Jean-Louis, JRJ: How about a new subroutine that checks the DLE's and sumarily rejects anything resembling 'localhost'. Call it from both amcheck AND amdump before they do anything else. -- Cheers, Gene AMD [EMAIL PROTECTED] 320M [EMAIL PROTECTED] 512M 99.27% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attornies please note, additions to this message by Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
Re: how to get columns to line up in summary?
On Tuesday 05 August 2003 16:25, Russell Adams wrote: >> Also, get rid of 'localhost'! Amanda is a client/server program >> and will only work right (although no effect on this formatting >> problem) for all functions if the FQDN of the machine is used. We >> should fix a filter to add this to the sig of every message posted >> thru the list. If you cannot recover, you have been warned. > >I've heard this before. What exactly is the problem with localhost? >Could you elaborate? > >Russell Primarily its a security issue because *any* machine can be localhost. By using the FQDN, there is then no ambiguity as to which machine is being addressed. Its simply good practice. amrecover and amrestore IIRC are trained to reject localhost because the files are portable, and trying to restore to localhost might even try to restore a wintel boxes code to a box with a moto cpu in it. Thats a bit far fetched, but that is one scenario that won't, for obvious reasons, work. Finally, amanda is a client/server model. By using localhost, you are attempting to bypass that client/server relationship. -- Cheers, Gene AMD [EMAIL PROTECTED] 320M [EMAIL PROTECTED] 512M 99.27% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attornies please note, additions to this message by Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
Re: how to get columns to line up in summary?
Gene Heskett on Tue 5/08 20:02 -0400: > > I've heard this before. What exactly is the problem with > > localhost? Could you elaborate? > > Primarily its a security issue because *any* machine can > be localhost. By using the FQDN, there is then no > ambiguity as to which machine is being addressed. Its > simply good practice. > > amrecover and amrestore IIRC are trained to reject > localhost because the files are portable, and trying to > restore to localhost might even try to restore a wintel > boxes code to a box with a moto cpu in it. Thats a bit > far fetched, but that is one scenario that won't, for > obvious reasons, work. but there is only *one* machine on which "localhost" is used, and that is the amanda server, no? "localhost" always means the same thing on that machine. > Finally, amanda is a client/server model. By using > localhost, you are attempting to bypass that client/server > relationship. but localhost is a valid, relative hostname. If I put "localhost" in a DLE, then localhost is a known, unchanging machine, relative to the machine that is using the name "localhost"
Re: how to get columns to line up in summary?
Scott Mcdermott wrote: [EMAIL PROTECTED] on Wed 6/08 12:26 -0500: How far do you want to take your paranoia? I take it pretty far as a system admin, but I think I know where to draw the line. what are you talking about? you think if anyone with root on any client amanda backs up, or the DNS admin, can restore files from any amanda-backed-up machine, that is paranoia? I'm glad you don't work for us... I am not sure why you insist on clinging so stubbornly to localhost for DLEs, only because no one seems to have a solid technical reason not want to use them, but just talk about some kind of voodoo magic; I don't cling to using localhost at all, I'm merely saying there is nothing wrong with it (and my backups run fine with it) use properly documented FQDNs for their systems. ok how about localhost.localdomain. That's an FQDN. seriously, I agree that the real machine name should be used if only for correctness; I only wish to understand WHY it is said to be wrong and cause problems. There is nothing wrong. It only happens very ofteb, that people start with one computer that is client and server itself. They use localhost there. Then a few weeks/months later, they add another client. More follow. And then they also want to switch their server to some more powerful machine, or a machine with a larger tapedrive. That's were the trouble starts, but they don't see it yet. Then they want to restore from some archived tape they had. And they need to specify "localhost", but they mean the "other" localhost... Fill in the scenario yourself. But if you only have one computer and it is the server and client itself, then there is indeed no problem to using "localhost". (But don't say we didn't warn you :-) -- sitting on the beach, on my holiday, testing the wireless network my provider put here... don't expect me to answer more on this within 2 weeks or so - I'm on holiday... -- Paul -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ...* * ... "Are you sure?" ... YES ... Phew ... I'm out * ***
Re: how to get columns to line up in summary?
Paul Bijnens on Wed 6/08 22:45 +0200: > But if you only have one computer and it is the server and > client itself, then there is indeed no problem to using > "localhost". (But don't say we didn't warn you :-) now *that* is a reasonable answer. I'm still concerned though, that anyone on any client can restore any files if they have control of DNS. I'm sure our finance people wouldn't like our DNS admin to be able to see everyone's salaries, for instance.
Re: how to get columns to line up in summary?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 06 August 2003 11:45, Scott Mcdermott wrote: > Gene Heskett on Tue 5/08 20:02 -0400: > > > I've heard this before. What exactly is the problem with > > > localhost? Could you elaborate? > > > > Primarily its a security issue because *any* machine can > > be localhost. By using the FQDN, there is then no > > ambiguity as to which machine is being addressed. Its > > simply good practice. > > > > amrecover and amrestore IIRC are trained to reject > > localhost because the files are portable, and trying to > > restore to localhost might even try to restore a wintel > > boxes code to a box with a moto cpu in it. Thats a bit > > far fetched, but that is one scenario that won't, for > > obvious reasons, work. > > [..snip..] > > but localhost is a valid, relative hostname. If I put > "localhost" in a DLE, then localhost is a known, unchanging > machine, relative to the machine that is using the name > "localhost" Too many times, I have seen network-aware software mis-behave when "localhost" is specified even though localhost was properly defined in the hosts file. One example that has burned me a couple of times is attempting to use Netscape to reach localhost. I have seen Netscape load pages off the net when given the url: http://localhost/. Shouldn't happen, but that does not prevent it from happening. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/MWih+ShVRkQlJBIRAiLsAJ41uOLVG4E6/tlKXVW6erbqbtvHYACdFJ7H OasLFjLzZUynjZxcVPKghJs= =scNx -END PGP SIGNATURE-
how to get columns to line up in summary?
anyone know of an easy way to get columns to appear somewhat legibly without hacking the amanda source? here's what output looks like for me: HOSTNAME DISK L ORIG-KB OUT-KB COMP% MMM:SS KB/s MMM:SS KB/s -- -- localhost/export/corp 1 9639610 9639610.00 --25:51 6213.5025:52 6212.200195 localhost/export/local 1 2865760 2865760.00 -- 7:51 6083.299805 7:51 6080.00 localhostuser-a1 11103710 11103710.00 --32:49 5639.00 32:50 5637.50 localhostuser-b1 30240 30240.00 -- 0:07 4593.600098 0:07 4566.50 localhostuser-c0 10103330 10103330.00 --28:10 5978.50 28:10 5977.50 localhostuser-d1 6710600 6710600.00 --20:51 5365.70019520:51 5363.600098 localhostuser-e1 12390460 12390460.00 --33:36 6147.200195 33:36 6146.399902 here's my columnspec: HostName=0:-1,Disk=4:-1,Level=1:-1,OutKB=2:-1,Compress=1:-1,DumpTime=2:-1,DumpRate=1:-1,TapeTime=3:-1,TapeRate=1:-1 docs say using -1 lets field size be calculated from largest one, but that doesn't appear to be the case?
RE: how to get columns to line up in summary?
And anyone who can get local root on his/her workstation can use 'amrecover' to obtain any filesystem backed up from 'localhost', since localhost is valid on any system. This applies to all those sensitive file systems that are stored on your server and password/access protected to keep the riff-raff out. As has been repeatedly stated in this group before, Use of 'localhost' in DLEs is discouraged. This is true for many reasons, not all of them obvious. Don Donald L. (Don) Ritchey E-mail: [EMAIL PROTECTED] -Original Message- From: Scott Mcdermott [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 10:45 AM To: [EMAIL PROTECTED] Subject: Re: how to get columns to line up in summary? Gene Heskett on Tue 5/08 20:02 -0400: > > I've heard this before. What exactly is the problem with > > localhost? Could you elaborate? > > Primarily its a security issue because *any* machine can > be localhost. By using the FQDN, there is then no > ambiguity as to which machine is being addressed. Its > simply good practice. > > amrecover and amrestore IIRC are trained to reject > localhost because the files are portable, and trying to > restore to localhost might even try to restore a wintel > boxes code to a box with a moto cpu in it. Thats a bit > far fetched, but that is one scenario that won't, for > obvious reasons, work. but there is only *one* machine on which "localhost" is used, and that is the amanda server, no? "localhost" always means the same thing on that machine. > Finally, amanda is a client/server model. By using > localhost, you are attempting to bypass that client/server > relationship. but localhost is a valid, relative hostname. If I put "localhost" in a DLE, then localhost is a known, unchanging machine, relative to the machine that is using the name "localhost" This e-mail and any of its attachments may contain Exelon Corporation proprietary information, which is privileged, confidential, or subject to copyright belonging to the Exelon Corporation family of Companies. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank You.
Re: how to get columns to line up in summary?
[EMAIL PROTECTED] on Wed 6/08 12:26 -0500: > How far do you want to take your paranoia? I take it > pretty far as a system admin, but I think I know where to > draw the line. what are you talking about? you think if anyone with root on any client amanda backs up, or the DNS admin, can restore files from any amanda-backed-up machine, that is paranoia? I'm glad you don't work for us... > I am not sure why you insist on clinging so stubbornly to > localhost for DLEs, only because no one seems to have a solid technical reason not want to use them, but just talk about some kind of voodoo magic; I don't cling to using localhost at all, I'm merely saying there is nothing wrong with it (and my backups run fine with it) > use properly documented FQDNs for their systems. ok how about localhost.localdomain. That's an FQDN. seriously, I agree that the real machine name should be used if only for correctness; I only wish to understand WHY it is said to be wrong and cause problems.
Re: how to get columns to line up in summary?
On Tuesday 05 August 2003 12:13, Scott Mcdermott wrote: >anyone know of an easy way to get columns to appear somewhat >legibly without hacking the amanda source? > >here's what output looks like for me: > >HOSTNAME DISK L ORIG-KB OUT-KB COMP% MMM:SS KB/s > MMM:SS KB/s -- -- >localhost/export/corp 1 9639610 9639610.00 --25:51 > 6213.5025:52 6212.200195 localhost/export/local 1 > 2865760 2865760.00 -- 7:51 6083.299805 7:51 > 6080.00 localhostuser-a1 11103710 11103710.00 > --32:49 5639.0032:50 5637.50 localhostuser-b > 1 30240 30240.00 -- 0:07 4593.600098 0:07 > 4566.50 localhostuser-c0 10103330 10103330.00 > --28:10 5978.5028:10 5977.50 localhostuser-d > 1 6710600 6710600.00 --20:51 5365.70019520:51 > 5363.600098 localhostuser-e1 12390460 12390460.00 > --33:36 6147.20019533:36 6146.399902 > >here's my columnspec: > > > HostName=0:-1,Disk=4:-1,Level=1:-1,OutKB=2:-1,Compress=1:-1,DumpTim >e=2:-1,DumpRate=1:-1,TapeTime=3:-1,TapeRate=1:-1 > >docs say using -1 lets field size be calculated from largest >one, but that doesn't appear to be the case? I'm using this, and it looks pretty decent in my email reports: columnspec "Disk=1:18,HostName=0:10,Level=1:3,OrigKB=1:9,OutKB=1:9,Compress=1:7,DumpTime=1:7,DumpRate=1:7,TapeTime= 1:7,TapeRate=1:7" Bear in mind that of the number:doublet, the first one is leading spaces, the second one is how many to use for the data proper. Like you, I saw the -1 note, but all it would do is muck the columns out of line. Also, get rid of 'localhost'! Amanda is a client/server program and will only work right (although no effect on this formatting problem) for all functions if the FQDN of the machine is used. We should fix a filter to add this to the sig of every message posted thru the list. If you cannot recover, you have been warned. -- Cheers, Gene AMD [EMAIL PROTECTED] 320M [EMAIL PROTECTED] 512M 99.27% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attornies please note, additions to this message by Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
Re: how to get columns to line up in summary?
> Also, get rid of 'localhost'! Amanda is a client/server program and > will only work right (although no effect on this formatting problem) > for all functions if the FQDN of the machine is used. We should fix > a filter to add this to the sig of every message posted thru the > list. If you cannot recover, you have been warned. I've heard this before. What exactly is the problem with localhost? Could you elaborate? Russell
