Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Am 31.08.2011 15:18, schrieb Always Learning: >>> uname -a = 2.6.35.4 #2 (don't know how this got installed) > >> This is not a CentOS-provided kernel; as has been said elsewhere >> in the thread, this is likely an OpenVZ kernel. Your hosting No stock OpenVZ kernel, see http://download.openvz.org/kernel/branches/ for the available OpenVZ kernel branches. 2.6.32 is the most recent. > A very helpful and knowledgeable poster, Walter Haidinger, in his email > dated Wed, 31 Aug 2011 13:10:16 +0200 (12:10 BST), gave what appears to > be an ideal solution. > * get a more recent iptables from netfilter.org > * install to a different location > * how to install it Please note that wanted to provide fix to your problem, which is hardly an ideal solution. You might want to read my reply to KB post and my emphasis on keeping a "clean" distribution. > The server provider's suggestion > > modprobe ipt_string So your kernel is missing the required iptables kernel module too. I really doubt that you've permission to load a kernel module from inside of an OpenVZ container. AFAIK this must be done on the host. Once the kernel module is loaded, you can try if your stock iptables works. If not, you'll have to try a newer release as I suggested in the first place. > So I am observing. > Thank you. Good luck, you're welcome. Regards, Walter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Am 31.08.2011 15:35, schrieb Karanbir Singh: >> PS: To install iptables from source is pretty straightforward: >> get the tarball from netfilter.org, unpack and run: >> ./configure --prefix=/opt/iptables&& make&& make install > > And at that point you lose. All management capability or the ability to > audit / track or even upgrade along the distro. Installing from source, > is almost always the wrong solution; There are *some* places where it Yes, it should be an exception. I wanted to present a fix to the OP problem. The correct solution would be to point him to a repository from where he can install/update a newer iptables package. Unfortunately, I don't know any. Installing from source should be considered the "quick & dirty" solution. That is why I install to a _distinct_ /opt directory, _not_ overwriting any rpm-owned files, and set the path to it only where needed, not globally. Your advice holds true if one is not careful to keep the distro "clean", i.e. prevent mixing it with non-distro files when running just running configure without --prefix (thus installing to /usr/local or, even worse, to /usr) or by installing "alien" other-distro rpm packages. Maybe it should be emphasized that it is _critical_ to keep a "clean" distribution. Otherwise yes, I absolutely agree with your statement above. Installing a few packages to a distinct directory don't hurt cleanliness, IMHO. It is not in the PATH by default and can easily be "uninstalled" by a "rm -r /opt/foo". Not to forget: Any manually installed package must be maintained anyways, regardless if built from source or installed by rpm. > might be a workable solution, but really do you want your first line of > machine defence to be from source ? Just the amount of effort needed to > make something like that work is huge. In my particular case, the new iptables are _only_ used to fill the mangle table. Anything else is done by the stock iptables, so only the QoS rules would be affected. Not that critical. Of course, when running a newer (read: unsupported) kernel, such as 2.6.32 or 2.6.35, on CentOS 5, you'd better verify everything works for you in a test environment before deploying it in the wild. Regards, Walter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 01/09/11 00:28, Always Learning wrote: > > On Wed, 2011-08-31 at 16:11 -0700, Craig White wrote: >> More to the point, he disables SELinux and then spends hours trying to >> improve security. > > Tell the world the ENTIRE story. > > Disabled it because things would not run. Said publicly in the last 7 > days will find time to learn about Selinux and the details of the file > description blocks which SElinux appear to use. > > I am trying to filter-out some web page access attepts in IP Tables. > When will you accept that has nothing to do with Selinux ? > It has EVERYTHING to do with SELinux because SELinux is designed to mitigate those security risks you are trying to prevent reaching httpd with IPTables as well as those you do not even know about yet. Security is not a product. It's not about one component. It's a process. The best security uses layers of defence, of which IPtables is just one layer. SELinux is another layer. Use the right tools for the job. Better still, use ALL of the tools available to you rather than concentrating all your time on one tool whilst leaving every other door wide open. Even if you can't fix it, turn ON SELinux and put it in permissive mode. It will allow shit to happen, but at least then it will WARN you that shit is happening. Better still, just fix the issues. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
> On 08/31/2011 08:51 PM, Jonathan Vomacka wrote: >> In the past this was my partition scheme: >> >> Root filesystem (/) = 10240MB (10GB) >> /boot = 200MB >> swap = 1024MB (1GB) >> /var = 20480MB (20GB) >> /tmp = 10240MB (10GB) >> /usr = 51200MB (50GB) >> /home = all remaining space on the drive > > Having /usr separate from the root file system is no longer recommended > or supported. There are various bits and pieces from /usr that now may Are you sure that's true? Reading the latest EL6 docs I have the impression it's recommended to put /usr on the same disk where / and /boot are. That's a good rule but I don't think it's meant to run without /usr. Simon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] No buffer space available - loses network connectivity
Hi, I have a centos 5.6 xen vps which loses network connectivity once in a while with following error. = -bash-3.2# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ping: sendmsg: No buffer space available ping: sendmsg: No buffer space available ping: sendmsg: No buffer space available ping: sendmsg: No buffer space available = All my investigation so far led me to believe that it is because skbuff cache getting full. = PROC-SLABINFO skbuff_fclone_cache22730851271 : tunables 54 278 : slabdata 44 44 0 skbuff_head_cache 1574 1650256 151 : tunables 120 60 8 : slabdata110110 0 SLAB-TOP Active / Total Objects (% used): 2140910 / 2200115 (97.3%) Active / Total Slabs (% used) : 139160 / 139182 (100.0%) Active / Total Caches (% used) : 88 / 136 (64.7%) Active / Total Size (% used) : 512788.94K / 520252.14K (98.6%) Minimum / Average / Maximum Object : 0.02K / 0.24K / 128.00K OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME 664000 620290 93%0.09K 16600 40 66400K buffer_head 409950 408396 99%0.21K 22775 18 91100K dentry_cache 343056 340307 99%0.08K 7147 48 28588K selinux_inode_security 338590 336756 99%0.74K 677185270872K ext3_inode_cache 143665 143363 99%0.06K 2435 59 9740K size-64 99540 99407 99%0.25K 6636 15 26544K size-256 96450 96447 99%0.12K 3215 30 12860K size-128 60858 60858 100%0.52K 86947 34776K radix_tree_node 12420 11088 89%0.16K540 23 2160K vm_area_struct 5895 4185 70%0.25K393 15 1572K filp 4816 3355 69%0.03K 43 112 172K size-32 2904 2810 96%0.09K 66 44 264K sysfs_dir_cache 2058 1937 94%0.58K3436 1372K proc_inode_cache 1728 1215 70%0.02K 12 14448K anon_vma 1650 1590 96%0.25K110 15 440K skbuff_head_cache 1498 1493 99%2.00K7492 2996K size-2048 1050 1032 98%0.55K1507 600K inode_cache 792767 96%1.00K1984 792K size-1024 649298 45%0.06K 11 5944K pid 600227 37%0.09K 15 4060K journal_head 590298 50%0.06K 10 5940K delayacct_cache 496424 85%0.50K 628 248K size-512 413156 37%0.06K 7 5928K fs_cache 404 44 10%0.02K 2 202 8K biovec-1 390293 75%0.12K 13 3052K bio 327327 100%4.00K3271 1308K size-4096 320190 59%0.38K 32 10 128K ip_dst_cache 308227 73%0.50K 447 176K skbuff_fclone_cache 258247 95%0.62K 436 172K sock_inode_cache 254254 100%1.84K1272 508K task_struct 252225 89%0.81K 289 224K signal_cache 240203 84%0.73K 485 192K shmem_inode_cache 204204 100%2.06K 683 544K sighand_cache 202 4 1%0.02K 1 202 4K revoke_table 195194 99%0.75K 395 156K UDP 159 77 48%0.07K 3 5312K eventpoll_pwq 145139 95%0.75K 295 116K files_cache 144 41 28%0.02K 1 144 4K journal_handle 140140 100%0.88K 354 140K mm_struct 140 77 55%0.19K 7 2028K eventpoll_epi 135135 100%2.12K1351 540K kmem_cache 121 45 37%0.69K 11 1188K UNIX 119114 95%0.52K 17768K idr_layer_cache 118 41 34%0.06K 2 59 8K blkdev_ioc 112 32 28%0.03K 1 112 4K tcp_bind_bucket 110 56 50%0.17K 5 2220K file_lock_cache 106 35 33%0.07K 2 53 8K avc_node 105 98 93%1.50K 215 168K TCP 105100 95%1.04K 157 120K bio_map_info 92 1 1%0.04K 1 92 4K dnotify_cache 80 18 22%0.19K 4 2016K tw_sock_TCP 70 44 62%0.27K 5 1420K blkdev_requests 59 23 38%0.06K 1 59 4K biovec-4 59 13 22%0.06K 1 59 4K fib6_nodes 59 11 18%0.06K 1 59 4K ip_fib_hash 59 11 18%0.06K 1 59 4K ip_fib_alias 53 53 100%0.07K 1
Re: [CentOS] CentOS 6 Partitioning Help
> The server which is housed at the datacenter only has a single 1TB > drive. Just to confirm, LVM allows you to increase and decrease space on > any partition on the fly, but setting each volume manually with EXT4 is > a physical mount? > > If I were to set hard limits by setting each volume on EXT4 (not using > the LVM option), do you recommend only setting up a /, /boot, and SWAP? > In the past this was my partition scheme: > > Root filesystem (/) = 10240MB (10GB) > /boot = 200MB > swap = 1024MB (1GB) > /var = 20480MB (20GB) > /tmp = 10240MB (10GB) > /usr = 51200MB (50GB) > /home = all remaining space on the drive > > Is the above a bad partition? > Man, a thread like this could go on for a long, long time.. In the last couple of years I find myself more in the John r. camp. Keeping OS separated from data. Having the OS on a 10gb part and keeping all data, including home dirs off the OS. part. Your OS is not likely to grow much, but your data will and it's very easy to move/copy the data partitions more manageable for backups too. I use this kind of set up on hosts on ESXi, windows, EC2. What's you backup strat, how about disaster recovery? Do you need snap shots, or do you need to freeze the file system or mount data part ro for your backups? Ext4, XFS, reiserfs, LVM, cough, cough, I'm very fond of zfs, sigh, maybe someday. Keep in mind some file systems can grow, but not shrink. I think the best bet is to install a couple of test systems vmware style and hack around a little. Test your backup and disaster recovery methods, grow/shrink partitions, test associated fs tools. You might find you're more comfortable doing/using certain things. oh disk1 /boot / /swap disk2 /data (including home if needed) my 2c ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On 08/31/11 6:51 PM, Jonathan Vomacka wrote: > The server which is housed at the datacenter only has a single 1TB > drive. Just to confirm, LVM allows you to increase and decrease space on > any partition on the fly, but setting each volume manually with EXT4 is > a physical mount? shrinking file systems is not easy, I generally try and avoid it. With LVM, growing logical volumes and the file systems contained within them is quite easy, as long as their is unallocated space in the volume group. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On 08/31/11 7:43 PM, Always Learning wrote: > I read none of it. figures. the original post asked... > 1) What is a good partition map/schema for a server OS where it's > primary purpose is for a LAMP server, DNS (bind), and possibly gameservers and you take off on a tangent about multiple small static partitions for multibooting BSD yada yada. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On 08/31/2011 08:51 PM, Jonathan Vomacka wrote: > In the past this was my partition scheme: > > Root filesystem (/) = 10240MB (10GB) > /boot = 200MB > swap = 1024MB (1GB) > /var = 20480MB (20GB) > /tmp = 10240MB (10GB) > /usr = 51200MB (50GB) > /home = all remaining space on the drive Having /usr separate from the root file system is no longer recommended or supported. There are various bits and pieces from /usr that now may get called during the boot sequence while only the root file system is mounted. Mostly, these support udev classification of various devices you might not have, so it's possible that everything would work just fine for you, but it's still not a recommended configuration. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On Wed, 2011-08-31 at 19:41 -0700, John R Pierce wrote: > On 08/31/11 7:07 PM, Always Learning wrote: > > I assume > Which part of LAMP server didn't you read? I read none of it. Why ask such time-wasting questions ? Go and have a cup of tea, pull-out your network card and settle down for the night :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On 08/31/11 7:07 PM, Always Learning wrote: > I assume Which part of LAMP server didn't you read? -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Map/Schema
At Wed, 31 Aug 2011 21:21:25 -0400 CentOS mailing list wrote: > > Good Evening All, > > I have a question regarding CentOS 6 server partitioning. Now I know > there are a lot of different ways to partition the system and different > opinions depending on the use of the server. I currently have a quad > core intel system running 8GB of RAM with 1 TB hard drive (single). In > the past as a FreeBSD user, I have always made a physical volume of the > root filesystem (/), SWAP, /tmp, /usr, /var, and /home. In the > partitioning manager I would always specify 10GB for root, 2GB or so for > SWAP, 20GB var, 50GB usr, 10GB /tmp, and allocate all remaining space to > my home directory as my primary data volume (assuming all my > applications are installed and ran from my home directories). I was > recently told that this is an old style of partitioning and is not used > in modern day Linux distributions. So more accurately, here are my > questions to the list: > > 1) What is a good partition map/schema for a server OS where it's > primary purpose is for a LAMP server, DNS (bind), and possibly gameservers > > 2) CentOS docs recommend using 10GB SWAP for 8GB of RAM. 1X the amount > of physical memory + 2GB added. (Reference: > http://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-diskpartitioning-x86.html). > > I was told this is ridiculous and will severely slow down the system. Is > this true? If so, what is a good swap space to use for 8GB of RAM? The > university of MIT recommends making MULTIPLE 2GB swap spaces equaling > 10GB if this is the case. Please help! Given machines now come with multiple Gigs of RAM now, swap is pretty much not needed (and if it is, the solution is to stuff more memory in the box or look to memory leaks). Usually 1-2 Gig of swap is enough to cover 'emergencies'. If you are hitting this limit, something is wrong somewhere (this assumes you have enough physical RAM). The 1X + 2G rule cited in the page above is excessive (where did that come from?). Short of memory leaks or memory intensive activities, you should never use much swap space -- some little used system daemons might get swapped out early on, but that should have little impact on system performance. The idea of MULTIPLE 2GB swap spaces is also dumb, and I belive relates to older kernels (2.4?) which could not handle swap partitions larger then 2GIG (and this might also be a 32-bit limitation as well). > > 3) Is EXT4 better or worse to use then XFS for what I am planning to use > the system for? > > Thanks in advance for all your help guys > > Kind Regards, > Jonathan Vomacka > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On Wed, 2011-08-31 at 21:51 -0400, Jonathan Vomacka wrote: > Root filesystem (/) = 10240MB (10GB) > /boot = 200MB > swap = 1024MB (1GB) > /var = 20480MB (20GB) > /tmp = 10240MB (10GB) > /usr = 51200MB (50GB) > /home = all remaining space on the drive You can just allocate the drive and Centos will store everything there. Not allocating specific space for specific directories gives you greater flexibility. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On Wed, 2011-08-31 at 21:41 -0400, Jonathan Vomacka wrote: > Also, any help you can give me regarding a partition map would be great. I'm probably different to many of the others who seem to have fixed ideas. I'm relatively new to Linux but not to computers. I assume your machine is a single user machine. If so, I would suggest 3 primary partitions (if the partition table is MS-DOS) each about 10 GB. These can be used for different operating systems, Centos, BSD etc. because the machine will multi-boot. A fourth partition made into an extended partition. The extended partition then made into several logical partitions to provide you with all the space you need. You do not need to use all the space in the extended partition and can keep the unused and unallocated extra space for future requirements. In the main Centos partition you can mount, using the entries in /etc/fstab, the logical partitions from the extended partition and attach them to whatever place you wish. Centos is very flexible. I mount extended (from the same HDD) and external (from other HDDs) partitions in /ax. I store confidential data on extended partitions and use LUKS to encrypt the entire extended partition. I also use LUKS on laptops and netbooks. This is my personal preference. I like the idea of having space for other operating systems in the 3 primary partitions. One can also use some of the space in the extended partition for more logical partitions to contain more operating systems. You can access data files stored on extended partitions from any of the operating system partitions (after being mounted of course) Centos 5.6 takes, depending on install options, between about 3.5 and 4 and a bit GB. Having everything in one big super partition on a end-user machine makes handling awkward. Breaking it down into manageable chunks is my preference. Remember it is your machine so you can be as flexible or as inflexible as you wish. I am sure some will have their own preferences totally radically different from mine. Best regards, Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help integrating CentOS 6 with existing network login infrastructure
On Aug 26, 2011, at 9:26, I wrote: > I think I solved the problem, but am out of the office today to fully test > it. It involved setting the default realm and adding some encryption types > to the /etc/krb5.conf file. What I still don't understand is what has > changed in CentOS 6 that causes a kickstarted system not to be able to > authenticate users whereas a CentOS 5 system can. I need to do a few more > installs to track down the root cause, and then I'll post an update here. I needed the following lines in the [libdefaults] section of the /etc/krb5.conf to let users authenticate against our Windows AD backend: default_tkt_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 whereas in CentOS 5 I only needed the following: default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5 I think I only needed to add the first encryption type to get it to work, but I left them all in for now. I hope this helps someone else in the future if they run into something similar. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
John, The server which is housed at the datacenter only has a single 1TB drive. Just to confirm, LVM allows you to increase and decrease space on any partition on the fly, but setting each volume manually with EXT4 is a physical mount? If I were to set hard limits by setting each volume on EXT4 (not using the LVM option), do you recommend only setting up a /, /boot, and SWAP? In the past this was my partition scheme: Root filesystem (/) = 10240MB (10GB) /boot = 200MB swap = 1024MB (1GB) /var = 20480MB (20GB) /tmp = 10240MB (10GB) /usr = 51200MB (50GB) /home = all remaining space on the drive Is the above a bad partition? On 8/31/2011 9:45 PM, John R Pierce wrote: > On 08/31/11 6:28 PM, Jonathan Vomacka wrote: >> 1) What is a good partition map/schema for a server OS where it's >> primary purpose is for a LAMP server, DNS (bind), and possibly gameservers > > my servers generally have 2 disks mirrored for the OS, then 2 or more > disks in a raid for the application file systems, be they databases, web > files, NFS shared data, or whatever. I generally make the OS raid an > LVM volume, then allocate /, /var, swap, and maybe /home out of that. > depending on what I'm doing, the data raid is probably also a LVM volume > group, and would have things like /var/www, /var/lib/pgsql/9.0/data, as > logical volumes, possibly /home, depending on usage patterns. > > but, my workloads are often disk IO intensive. Your Mileage May Vary. > Objects In Mirror May Be Closer Than They Appear. Caveat Emptor. etc etc. > > > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On 08/31/11 6:28 PM, Jonathan Vomacka wrote: > 1) What is a good partition map/schema for a server OS where it's > primary purpose is for a LAMP server, DNS (bind), and possibly gameservers my servers generally have 2 disks mirrored for the OS, then 2 or more disks in a raid for the application file systems, be they databases, web files, NFS shared data, or whatever. I generally make the OS raid an LVM volume, then allocate /, /var, swap, and maybe /home out of that. depending on what I'm doing, the data raid is probably also a LVM volume group, and would have things like /var/www, /var/lib/pgsql/9.0/data, as logical volumes, possibly /home, depending on usage patterns. but, my workloads are often disk IO intensive. Your Mileage May Vary. Objects In Mirror May Be Closer Than They Appear. Caveat Emptor. etc etc. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
Paul, Thanks for your reply. I have heard the suggestion of not using SWAP which is fine. My curiosity on the SWAP subject is now what happens if all memory is used or an application has a memory leak. Does the server crash if there is no SWAP and all available RAM is used? Will SWAP cause performance degradation issues? Also the system is not able to drop a core dump is the SWAP doesn't match the RAM. I guess I am a little worried because CentOS docs suggest 10GB of SWAP for 8GB of RAM, but it doesn't explain if any performance issues are seen, or if SWAP is still necessary if core dumps are not needed. I was hoping someone in the field who has had first hand experience can tell me these additional questions which may not be answered in the docs. Also, any help you can give me regarding a partition map would be great. On 8/31/2011 9:32 PM, Always Learning wrote: > > On Wed, 2011-08-31 at 21:28 -0400, Jonathan Vomacka wrote: > >> *Re-sending as it appears my original e-mail did not go through*. > >> Good Evening All, > > Bon soir. > > Both version of your email were received in Europe. > > On the subject of SWAP, I'm working on a standalone server with 8 GB RAM > and a AMD 3 core processor with Centos 5.6. I do not use swap and I > notice no detrimental effect. > > Best regards, > > Paul. > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 Partitioning Help
On Wed, 2011-08-31 at 21:28 -0400, Jonathan Vomacka wrote: > *Re-sending as it appears my original e-mail did not go through*. > Good Evening All, Bon soir. Both version of your email were received in Europe. On the subject of SWAP, I'm working on a standalone server with 8 GB RAM and a AMD 3 core processor with Centos 5.6. I do not use swap and I notice no detrimental effect. Best regards, Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 Partitioning Help
*Re-sending as it appears my original e-mail did not go through*. Good Evening All, I have a question regarding CentOS 6 server partitioning. Now I know there are a lot of different ways to partition the system and different opinions depending on the use of the server. I currently have a quad core intel system running 8GB of RAM with 1 TB hard drive (single). In the past as a FreeBSD user, I have always made a physical volume of the root filesystem (/), SWAP, /tmp, /usr, /var, and /home. In the partitioning manager I would always specify 10GB for root, 2GB or so for SWAP, 20GB var, 50GB usr, 10GB /tmp, and allocate all remaining space to my home directory as my primary data volume (assuming all my applications are installed and ran from my home directories). I was recently told that this is an old style of partitioning and is not used in modern day Linux distributions. So more accurately, here are my questions to the list: 1) What is a good partition map/schema for a server OS where it's primary purpose is for a LAMP server, DNS (bind), and possibly gameservers 2) CentOS docs recommend using 10GB SWAP for 8GB of RAM. 1X the amount of physical memory + 2GB added. (Reference: http://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-diskpartitioning-x86.html). I was told this is ridiculous and will severely slow down the system. Is this true? If so, what is a good swap space to use for 8GB of RAM? The university of MIT recommends making MULTIPLE 2GB swap spaces equaling 10GB if this is the case. Please help! 3) Is EXT4 better or worse to use then XFS for what I am planning to use the system for? Thanks in advance for all your help guys Kind Regards, Jonathan Vomacka ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 Partitioning Map/Schema
Good Evening All, I have a question regarding CentOS 6 server partitioning. Now I know there are a lot of different ways to partition the system and different opinions depending on the use of the server. I currently have a quad core intel system running 8GB of RAM with 1 TB hard drive (single). In the past as a FreeBSD user, I have always made a physical volume of the root filesystem (/), SWAP, /tmp, /usr, /var, and /home. In the partitioning manager I would always specify 10GB for root, 2GB or so for SWAP, 20GB var, 50GB usr, 10GB /tmp, and allocate all remaining space to my home directory as my primary data volume (assuming all my applications are installed and ran from my home directories). I was recently told that this is an old style of partitioning and is not used in modern day Linux distributions. So more accurately, here are my questions to the list: 1) What is a good partition map/schema for a server OS where it's primary purpose is for a LAMP server, DNS (bind), and possibly gameservers 2) CentOS docs recommend using 10GB SWAP for 8GB of RAM. 1X the amount of physical memory + 2GB added. (Reference: http://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-diskpartitioning-x86.html). I was told this is ridiculous and will severely slow down the system. Is this true? If so, what is a good swap space to use for 8GB of RAM? The university of MIT recommends making MULTIPLE 2GB swap spaces equaling 10GB if this is the case. Please help! 3) Is EXT4 better or worse to use then XFS for what I am planning to use the system for? Thanks in advance for all your help guys Kind Regards, Jonathan Vomacka ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 18:06 -0700, John R Pierce wrote: > On 08/31/11 4:28 PM, Always Learning wrote: > > Disabled it because things would not run. > > Always Talking. Never Learning. Always Learning despite the taunts ! Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 08/31/11 4:28 PM, Always Learning wrote: > Disabled it because things would not run. Always Talking. Never Learning. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache warns Web server admins of DoS attack tool
On 31/08/2011, at 11:07 PM, Karanbir Singh wrote: > On 08/31/2011 10:56 AM, Timo Schoeler wrote: >> Just released: >> https://www.apache.org/dist/httpd/Announcement2.2.html > > thanks. I guess we should wait on a fix from upstream, make sure its > tested etc. If there is interest in doing a local fix/build for c4/5/6 > testing repo's, please submit a patch and I can push it through the > buildsys. For the main distro, lets wait on the upstream fix. For EL 4, 5, 6: https://rhn.redhat.com/errata/RHSA-2011-1245.html Tom ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Thu, Sep 01, 2011 at 12:28:01AM +0100, Always Learning wrote: > > Tell the world the ENTIRE story. That you never listen to anyone but yourself? I'm confident that this is a known fact. > I am trying to filter-out some web page access attepts in IP Tables. > When will you accept that has nothing to do with Selinux ? About the same time you realize that it's futile and selinux will compartmentalize any risk if it was to occur. Hint: your way isn't always, nor is it even often, the best way. John -- The first lesson of economics is that we live in a world of scarcity. There is never enough of anything to satisfy all those who want it. The first lesson of politics is to ignore the first lesson of economics. -- Thomas Sowell (1930-), American economist and political commentator pgpZcOXwnXKed.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 packages
On 8/31/2011 3:30 PM, CS DBA wrote: > Hi all; > > does anyone know if the following packages are available (via yum) for > CentOS 6 and if so which repo they come from? > > Thanks in advance... > > > kmymoney > darktable > digiKam > You could try the search page at: http://pkgs.org/search/ I didn't get any hits for kmymoney nor darktable for CentOS 6 (there was for CentOS 5), but I did for digiKam: http://pkgs.org/search/?keyword=digikam&search_on=name&distro=82&arch=32-bit -Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, KDE 4: bad DNS traffic
On Wed, 31 Aug 2011 18:22:42 +, Michael D. Berger wrote: > On my new CentOS 6, KDE 4, running WireShark I see what appears to be > frequent nonsensical DNS queries, for example: >"settings-personal.desktop" and "settings-system.desktop". > The DNS response is always:"No such name". Do tell! These appear > especially when I click on things on the KDE menus. On my old CentOS 5 > box, on the same LAN, I see no such thing. I note that I have replaced > the original /etc/hosts with my own. Might these have been resolved in > the original? > > Thanks for your comments. > Mike. It appears that the peculiar URLs in the DNS queries are the name of files that appear in the directory: /usr/share/kde4/services/ I looked at a few with vi, and they appear to be lists of words for concepts in numerous languages. Does this help in determining why they should appear as URLs in DNS queries? Thanks, Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 16:11 -0700, Craig White wrote: > More to the point, he disables SELinux and then spends hours trying to > improve security. Tell the world the ENTIRE story. Disabled it because things would not run. Said publicly in the last 7 days will find time to learn about Selinux and the details of the file description blocks which SElinux appear to use. I am trying to filter-out some web page access attepts in IP Tables. When will you accept that has nothing to do with Selinux ? Have a nice day. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Aug 31, 2011, at 1:08 PM, Louis Lagendijk wrote: > On Wed, 2011-08-31 at 19:00 +0100, Always Learning wrote: >> On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote: >> >>> On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote: Rather than being a willing or passive victim to 100% of the attacks, I aim to reduce the penetrability of most of them. >> > Still useless: it is not the attacks that you know about and that show > themselves as errors in your logs (and filter from the log, that is the > only gain), but those where you have a real security hole that you have > to worry about. And those will be exploited from one of the many other > bots in the hackers botnet. > An empty log may give you a nice feeling of security, but it is false... > A lot of work, but very little if any gain. > Louis you're wasting your breath - I tried to tell him that a week ago but he only hears his own thoughts anyway. More to the point, he disables SELinux and then spends hours trying to improve security. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On Wed, Aug 31, 2011, m.r...@5-cent.us wrote: >Here's a thought I just thunk, folks: some scum, apparently in eastern >Europe, has harvested my email, and is using it in the Reply-To: in its >spamming efforts. Now, I realize that some mails go out from noreply, but >other than that, is there a good reason why a mailserver would not be >configured to send delivery failure to *both* Reply-To and From? This type of forging is generally referred to as a "Joe Job", and may be a conscious effort to impair the reputation of the forged sender or domain or perhaps an attempt to flood the mailboxes of antispammers (e.g. mail forged like ab...@antispam.example.com). Sending spam complaints to these addresses or to their ISPs is generally a waste of time and effort as the forged sender has nothing to do with the message as any cursory examination of the Received: headers in the message will confirm. The spam complaints are in themselves a type of abuse, and are referred to as "Blowback". Sometimes these complaints are the result of ignorance when they are manual complaints, or incompetence (e.g. early Barracuda e-mail appliances that did this by default). Configuring an MTA to bounce to the Reply-To: header is probably worse than useless as it could well flood poorly configured mailing lists with garbage when spam gets through the lists spam filters, then the complaints go back to the mailing list. Probably the best thing to do with this kind of delivery failure message which come in is to ignore them unless you feel like Don Quixote and like tilting at windmills. Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 packages
On Wed, 2011-08-31 at 16:30 -0600, CS DBA wrote: > Hi all; > > does anyone know if the following packages are available (via yum) for > CentOS 6 and if so which repo they come from? > > Thanks in advance... > > > kmymoney > darktable > digiKam > You might try #yum --enablerepo= search kmymoney darktable digiKam HTH CentOS Linux release 6.0 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to run yum update
On Wed, Aug 31, 2011 at 4:37 PM, david wrote: > Folks > > The system involved is a 32-bit system... > > If the system really is 32bit, then I'd question how you installed the rpmforge repo, as it's looking for 64bit packages. It's entirely possible that you installed the 64bit rpmforge-release package on a 32bit system, which would likely result in what you're seeing. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 packages
Hi all; does anyone know if the following packages are available (via yum) for CentOS 6 and if so which repo they come from? Thanks in advance... kmymoney darktable digiKam -- - Kevin Kempter - Constent State A PostgreSQL Professional Services Company www.consistentstate.com - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, KDE 4: bad DNS traffic
On Wed, 31 Aug 2011 16:19:05 -0400, m.roth-x6lchVBUigD1P9xLtpHBDw wrote: > Michael D. Berger wrote: >> On Wed, 31 Aug 2011 20:02:09 +0100, John Hodrien wrote: >>> On Wed, 31 Aug 2011, Michael D. Berger wrote: >>> On my new CentOS 6, KDE 4, running WireShark I see what appears to be frequent nonsensical DNS queries, for example: "settings-personal.desktop" and "settings-system.desktop". The DNS response is always:"No such name". Do tell! These appear especially when I click on things on the KDE menus. On my old CentOS 5 box, on the same LAN, I see no such thing. I note that I have replaced the original /etc/hosts with my own. Might these have been resolved in the original? >>> >>> Random stab in the dark... >>> >>> Are you running the autofs with /net or similar configured? >> >> How would I know? I get nothing from: ps -ef | grep -i autofs >> yum -y list installed | grep -i autofs > > Does rpm -qi autofs show nothing? If so, I'm a tad surprised, since that > takes care of not only nfs but also CD/DVDs and USB keys. > > mark Running: rpm -qi autofs shows: package autofs not installed at levels 3 and 5. Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On Wed, 2011-08-31 at 13:50 -0700, Josh Miller wrote: > That is not true as the remote server will present the envelope header > to your mail server upon connection. Surely the FROM is <> ? Paul ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Unable to run yum update
Folks The system involved is a 32-bit system, installed via the net about a week ago. The command yum update encountered the following diagonstic Error: Package: yaf-1.3.2-1.el6.rf.x86_64 (@rpmforge) Requires: libfixbuf-0.9.0.so.8()(64bit) Removing: libfixbuf-0.9.0-1.el6.rf.x86_64 (@rpmforge) libfixbuf-0.9.0.so.8()(64bit) Updated By: libfixbuf-1.0.1-1.el6.rf.x86_64 (rpmforge) Not found You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest The repositories I use are: base epel extras rpmforge updates virtualbox I wonder if using priorities would help? Rpmforge is "supposed" to be non-conflicting, but then Please let me know what I should do. David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On Wed, 2011-08-31 at 16:33 -0400, m.r...@5-cent.us wrote: > You're saying it uses the envelope, not if exists Reply-To, else From? The > problem I have with that is that a few of them have returned the email, > with full headers, and I see the *only* reference to my email address is > in the Reply-To. Will you tell us what mail server (MTA) is doing that ? Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On Wed, 2011-08-31 at 16:16 -0400, m.r...@5-cent.us wrote: > Here's a thought I just thunk, folks: some scum, apparently in eastern > Europe, has harvested my email, and is using it in the Reply-To: in its > spamming efforts. Now, I realize that some mails go out from noreply, but > other than that, is there a good reason why a mailserver would not be > configured to send delivery failure to *both* Reply-To and From? May I suggest you create a sub-domain and a user name the use that in public places ? For example:- m...@xyz.5-cent.us As soon as the nasty get that email address simple change the sub-domain. If you receive your own mails (meaning run your own mail server) then do not accept emails from sites where the host name does not exist or does not resolve to the HELO / EHLO or the IP address of the sending server. There are lots of other things you can do to reduce the spam, but only if you run your own mail server or use Google to filer-out the spam. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Error installing latest CentOS kernel from %post section of kickstart
On Aug 31, 2011, at 14:58, Ned Slider wrote: > Yes, it's a known issue: > > https://www.redhat.com/archives/rhelv6-list/2011-January/msg6.html > > https://bugzilla.redhat.com/show_bug.cgi?id=625216 > https://bugzilla.redhat.com/show_bug.cgi?id=657257 Thanks, the workarounds described in the bugzilla issues did indeed fix the problem, and this will be fixed and CentOS 6.1 when it becomes available. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 22:08 +0200, Louis Lagendijk wrote: > On Wed, 2011-08-31 at 19:00 +0100, Always Learning wrote: > > On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote: > > > > > On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote: > > > > Rather than being a willing or passive victim to 100% of the attacks, I > > > > aim to reduce the penetrability of most of them. > > > Still useless: it is not the attacks that you know about and that show > themselves as errors in your logs (and filter from the log, that is the > only gain), but those where you have a real security hole that you have > to worry about. And those will be exploited from one of the many other > bots in the hackers botnet. Geachte Louis, Ik ben niet hek ook niet stom! Ik weet het wel dat it is the undetected attacks that potentially can cause most damage. Perhaps I know this better than most people because when I first got a Centos VPS, and it was doing nothing, a partially installed Horde provided a entry for some Romanians who used that server as a IRC host. It was careful reading of the logs which revealed the successful break-in. I therefore highly recommend reading the various logs because they may reveal unusual happenings. > An empty log may give you a nice feeling of security, but it > is false... > A lot of work, but very little if any gain. Onzin. An empty log never ever gives me a sense of security because the first thing I am thinking is why is the log empty. Sensitive applications have a self-generated log stored away from the conventional logs and regularly perused. My logic to is seal-off as many potential accesses as possible. Your logic seems to be "do not bother because the successful attack will be unexpected". Ik ben zeker niet eens met jouw. I certainly disagree with that philosophy. ADULT EDUCATION ADVERTISEMENT The more one does in Centos investigating things and sealing-off IPs and ports and experimenting with IP Tables etc., the more one learns about the functioning of the Centos operating system. This acquired learning evolves into skills and is beneficial. Its acquisition will encourage people to understand more about their Centos installation(s) and make them more aware of the various risks and the wonderful things Centos can offer. Hoogachtend of mvg, Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 8/31/2011 4:50 PM, Josh Miller wrote: > On 08/31/2011 01:48 PM, Bowie Bailey wrote: >> On 8/31/2011 4:37 PM, Josh Miller wrote: >>> On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: You're saying it uses the envelope, not if exists Reply-To, else From? The problem I have with that is that a few of them have returned the email, with full headers, and I see the *only* reference to my email address is in the Reply-To. >>> You are seeing the "full" email headers. You will not see the envelope >>> headers unless you capture packets or view mail server logs, etc.. >> Actually, what you are interested in is the envelope sender that the >> remote server saw. And there is no way for you to see that unless you >> have access to the remote server's logs. >> > That is not true as the remote server will present the envelope header > to your mail server upon connection. Yes, but the issue was in confirming which email address was used in that connection. If you assume that the remote server is replying to the envelope header, then yes. But if you are trying to confirm that, then you do not have enough data. You could, of course, create your own message with known (and differing) From, Reply-To, and envelope headers and watch the result. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:57 PM, m.r...@5-cent.us wrote: > Josh Miller wrote: >> On 08/31/2011 01:37 PM, Josh Miller wrote: >>> On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: Josh Miller wrote: > On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: >> Stephen Harris wrote: Here's a thought I just thunk, folks: some scum, apparently in eastern Europe, has harvested my email, and is using it in the Reply-To: in its spamming efforts. Now, I realize that some >>> Anyway, the SMTP server should send the delivery failure to the >>> envelope address, which may be different to both the From and >>> Reply-To addresses. > >> >> Why don't you use your SPF record to prevent spoofing (to most >> providers...)? >> >> > dig -t txt 5-cent.us >> ... >> 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr >> include:hostmonster.com ?all" >> ... >> >> You have one but you're not using it to prevent spoofing. > > Um, because I'm not that deep into that? Thank you, I'll look at setting > that up. One question: is that in my registrar, or my hosting site? Given > it's an MX record, I'm guessing it's the former. It's a DNS record. Hostmonster is authoritative for your domain, so you'll likely use them. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
Josh Miller wrote: > On 08/31/2011 01:37 PM, Josh Miller wrote: >> On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >>> Josh Miller wrote: On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: > Stephen Harris wrote: >>> Here's a thought I just thunk, folks: some scum, apparently in >>> eastern Europe, has harvested my email, and is using it in the >>> Reply-To: in its spamming efforts. Now, I realize that some >>> >> Anyway, the SMTP server should send the delivery failure to the >> envelope address, which may be different to both the From and >> Reply-To addresses. > > Why don't you use your SPF record to prevent spoofing (to most > providers...)? > > > dig -t txt 5-cent.us > ... > 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr > include:hostmonster.com ?all" > ... > > You have one but you're not using it to prevent spoofing. Um, because I'm not that deep into that? Thank you, I'll look at setting that up. One question: is that in my registrar, or my hosting site? Given it's an MX record, I'm guessing it's the former. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:48 PM, Bowie Bailey wrote: > On 8/31/2011 4:37 PM, Josh Miller wrote: >> On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >>> You're saying it uses the envelope, not if exists Reply-To, else From? The >>> problem I have with that is that a few of them have returned the email, >>> with full headers, and I see the *only* reference to my email address is >>> in the Reply-To. >> You are seeing the "full" email headers. You will not see the envelope >> headers unless you capture packets or view mail server logs, etc.. > > Actually, what you are interested in is the envelope sender that the > remote server saw. And there is no way for you to see that unless you > have access to the remote server's logs. > That is not true as the remote server will present the envelope header to your mail server upon connection. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
http://www.openspf.org/Introduction - SPF FTW On Wed, Aug 31, 2011 at 4:47 PM, Stephen Harris wrote: > On Wed, Aug 31, 2011 at 04:27:00PM -0400, m.r...@5-cent.us wrote: > > Stephen Harris wrote: > > > Anyway, the SMTP server should send the delivery failure to the > envelope > > > address, which may be different to both the From and Reply-To > addresses. > > > > > That would be lovely. Unfortunately, a high percentage seem to use the > > Reply-To address. Trust me, the last four or five months, I've gotten > > probably hundreds, if not more, of delivery failures. And I wind up at > > least glancing at them, in case email to this list, or to a friend, has > > bounced. > > Envelopes can be forged just as easily as any header. > > -- > > rgds > Stephen > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 8/31/2011 4:37 PM, Josh Miller wrote: > On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >> You're saying it uses the envelope, not if exists Reply-To, else From? The >> problem I have with that is that a few of them have returned the email, >> with full headers, and I see the *only* reference to my email address is >> in the Reply-To. > You are seeing the "full" email headers. You will not see the envelope > headers unless you capture packets or view mail server logs, etc.. Actually, what you are interested in is the envelope sender that the remote server saw. And there is no way for you to see that unless you have access to the remote server's logs. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On Wed, Aug 31, 2011 at 04:27:00PM -0400, m.r...@5-cent.us wrote: > Stephen Harris wrote: > > Anyway, the SMTP server should send the delivery failure to the envelope > > address, which may be different to both the From and Reply-To addresses. > > > That would be lovely. Unfortunately, a high percentage seem to use the > Reply-To address. Trust me, the last four or five months, I've gotten > probably hundreds, if not more, of delivery failures. And I wind up at > least glancing at them, in case email to this list, or to a friend, has > bounced. Envelopes can be forged just as easily as any header. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:37 PM, Josh Miller wrote: > On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: >> Josh Miller wrote: >>> On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: Stephen Harris wrote: >> Here's a thought I just thunk, folks: some scum, apparently in eastern >> Europe, has harvested my email, and is using it in the Reply-To: in >> its spamming efforts. Now, I realize that some mails go out from >> > Anyway, the SMTP server should send the delivery failure to the > envelope address, which may be different to both the From and Reply-To > addresses. > That would be lovely. Unfortunately, a high percentage seem to use the Reply-To address. Trust me, the last four or five months, I've gotten >>> >>> The Reply-To address is an optional component of the email header and is >>> not used in email routing by mail servers. >> >> I'm well aware that it's an optional component. > > Thank you for that clarification. > >> >>> Mail server will send NDRs (non-delivery receipts) back to the envelope >>> sender every time with no regard for From or Reply-To. >> >> You're saying it uses the envelope, not if exists Reply-To, else From? The >> problem I have with that is that a few of them have returned the email, >> with full headers, and I see the *only* reference to my email address is >> in the Reply-To. > > You are seeing the "full" email headers. You will not see the envelope > headers unless you capture packets or view mail server logs, etc.. > > Mark, Why don't you use your SPF record to prevent spoofing (to most providers...)? > dig -t txt 5-cent.us ... 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr include:hostmonster.com ?all" ... You have one but you're not using it to prevent spoofing. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:33 PM, m.r...@5-cent.us wrote: > Josh Miller wrote: >> On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: >>> Stephen Harris wrote: > Here's a thought I just thunk, folks: some scum, apparently in eastern > Europe, has harvested my email, and is using it in the Reply-To: in > its spamming efforts. Now, I realize that some mails go out from > Anyway, the SMTP server should send the delivery failure to the envelope address, which may be different to both the From and Reply-To addresses. >>> That would be lovely. Unfortunately, a high percentage seem to use the >>> Reply-To address. Trust me, the last four or five months, I've gotten >> >> The Reply-To address is an optional component of the email header and is >> not used in email routing by mail servers. > > I'm well aware that it's an optional component. Thank you for that clarification. > >> Mail server will send NDRs (non-delivery receipts) back to the envelope >> sender every time with no regard for From or Reply-To. > > You're saying it uses the envelope, not if exists Reply-To, else From? The > problem I have with that is that a few of them have returned the email, > with full headers, and I see the *only* reference to my email address is > in the Reply-To. You are seeing the "full" email headers. You will not see the envelope headers unless you capture packets or view mail server logs, etc.. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
Josh Miller wrote: > On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: >> Stephen Harris wrote: Here's a thought I just thunk, folks: some scum, apparently in eastern Europe, has harvested my email, and is using it in the Reply-To: in its spamming efforts. Now, I realize that some mails go out from >>> Anyway, the SMTP server should send the delivery failure to the >>> envelope address, which may be different to both the From and Reply-To >>> addresses. >>> >> That would be lovely. Unfortunately, a high percentage seem to use the >> Reply-To address. Trust me, the last four or five months, I've gotten > > The Reply-To address is an optional component of the email header and is > not used in email routing by mail servers. I'm well aware that it's an optional component. > Mail server will send NDRs (non-delivery receipts) back to the envelope > sender every time with no regard for From or Reply-To. You're saying it uses the envelope, not if exists Reply-To, else From? The problem I have with that is that a few of them have returned the email, with full headers, and I see the *only* reference to my email address is in the Reply-To. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:27 PM, m.r...@5-cent.us wrote: > Stephen Harris wrote: >>> Here's a thought I just thunk, folks: some scum, apparently in eastern >>> Europe, has harvested my email, and is using it in the Reply-To: in its >>> spamming efforts. Now, I realize that some mails go out from noreply, >>> but >>> other than that, is there a good reason why a mailserver would not be >>> configured to send delivery failure to *both* Reply-To and From? >> >> You don't want to send rejects to more than one address 'cos you then >> have a simple message multiplier; send one message, generate two bounces; >> the mail server will be doubling the back-scatter problem! >> >> Anyway, the SMTP server should send the delivery failure to the envelope >> address, which may be different to both the From and Reply-To addresses. >> > That would be lovely. Unfortunately, a high percentage seem to use the > Reply-To address. Trust me, the last four or five months, I've gotten > probably hundreds, if not more, of delivery failures. And I wind up at > least glancing at them, in case email to this list, or to a friend, has > bounced. Mark, The Reply-To address is an optional component of the email header and is not used in email routing by mail servers. If the Reply-To is absent, mail clients compose a message to be sent to the sender listed in the From field instead. Mail server will send NDRs (non-delivery receipts) back to the envelope sender every time with no regard for From or Reply-To. -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
Spam filter that'll authorize the sending before receiving? Just a thought to stop the hundreds of emails... On Wed, Aug 31, 2011 at 4:27 PM, wrote: > Stephen Harris wrote: > >> Here's a thought I just thunk, folks: some scum, apparently in eastern > >> Europe, has harvested my email, and is using it in the Reply-To: in its > >> spamming efforts. Now, I realize that some mails go out from noreply, > >> but > >> other than that, is there a good reason why a mailserver would not be > >> configured to send delivery failure to *both* Reply-To and From? > > > > You don't want to send rejects to more than one address 'cos you then > > have a simple message multiplier; send one message, generate two bounces; > > the mail server will be doubling the back-scatter problem! > > > > Anyway, the SMTP server should send the delivery failure to the envelope > > address, which may be different to both the From and Reply-To addresses. > > > That would be lovely. Unfortunately, a high percentage seem to use the > Reply-To address. Trust me, the last four or five months, I've gotten > probably hundreds, if not more, of delivery failures. And I wind up at > least glancing at them, in case email to this list, or to a friend, has > bounced. > >mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
Stephen Harris wrote: >> Here's a thought I just thunk, folks: some scum, apparently in eastern >> Europe, has harvested my email, and is using it in the Reply-To: in its >> spamming efforts. Now, I realize that some mails go out from noreply, >> but >> other than that, is there a good reason why a mailserver would not be >> configured to send delivery failure to *both* Reply-To and From? > > You don't want to send rejects to more than one address 'cos you then > have a simple message multiplier; send one message, generate two bounces; > the mail server will be doubling the back-scatter problem! > > Anyway, the SMTP server should send the delivery failure to the envelope > address, which may be different to both the From and Reply-To addresses. > That would be lovely. Unfortunately, a high percentage seem to use the Reply-To address. Trust me, the last four or five months, I've gotten probably hundreds, if not more, of delivery failures. And I wind up at least glancing at them, in case email to this list, or to a friend, has bounced. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
> Here's a thought I just thunk, folks: some scum, apparently in eastern > Europe, has harvested my email, and is using it in the Reply-To: in its > spamming efforts. Now, I realize that some mails go out from noreply, but > other than that, is there a good reason why a mailserver would not be > configured to send delivery failure to *both* Reply-To and From? You don't want to send rejects to more than one address 'cos you then have a simple message multiplier; send one message, generate two bounces; the mail server will be doubling the back-scatter problem! Anyway, the SMTP server should send the delivery failure to the envelope address, which may be different to both the From and Reply-To addresses. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dealing with spoofing
On 08/31/2011 01:16 PM, m.r...@5-cent.us wrote: > Here's a thought I just thunk, folks: some scum, apparently in eastern > Europe, has harvested my email, and is using it in the Reply-To: in its > spamming efforts. Now, I realize that some mails go out from noreply, but > other than that, is there a good reason why a mailserver would not be > configured to send delivery failure to *both* Reply-To and From? There are two parts to an email that relate to routing; envelope header and email header. The only consideration given to routing is the envelope header which has sender and recipient, nothing else. Reply-To is part of the email header and is there for the email client to use. (See RFCs 2821, 2822.) HTH, -- Josh Miller Open Source Solutions Architect http://itsecureadmin.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, KDE 4: bad DNS traffic
Michael D. Berger wrote: > On Wed, 31 Aug 2011 20:02:09 +0100, John Hodrien wrote: >> On Wed, 31 Aug 2011, Michael D. Berger wrote: >> >>> On my new CentOS 6, KDE 4, running WireShark I see what appears to be >>> frequent nonsensical DNS queries, for example: >>> "settings-personal.desktop" and "settings-system.desktop". >>> The DNS response is always:"No such name". Do tell! These appear >>> especially when I click on things on the KDE menus. On my old CentOS 5 >>> box, on the same LAN, I see no such thing. I note that I have replaced >>> the original /etc/hosts with my own. Might these have been resolved in >>> the original? >> >> Random stab in the dark... >> >> Are you running the autofs with /net or similar configured? > > How would I know? I get nothing from: > ps -ef | grep -i autofs > yum -y list installed | grep -i autofs Does rpm -qi autofs show nothing? If so, I'm a tad surprised, since that takes care of not only nfs but also CD/DVDs and USB keys. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] dealing with spoofing
Here's a thought I just thunk, folks: some scum, apparently in eastern Europe, has harvested my email, and is using it in the Reply-To: in its spamming efforts. Now, I realize that some mails go out from noreply, but other than that, is there a good reason why a mailserver would not be configured to send delivery failure to *both* Reply-To and From? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, KDE 4: bad DNS traffic
On Wed, 31 Aug 2011 20:02:09 +0100, John Hodrien wrote: > On Wed, 31 Aug 2011, Michael D. Berger wrote: > >> On my new CentOS 6, KDE 4, running WireShark I see what appears to be >> frequent nonsensical DNS queries, for example: >> "settings-personal.desktop" and "settings-system.desktop". >> The DNS response is always:"No such name". Do tell! These appear >> especially when I click on things on the KDE menus. On my old CentOS 5 >> box, on the same LAN, I see no such thing. I note that I have replaced >> the original /etc/hosts with my own. Might these have been resolved in >> the original? > > Random stab in the dark... > > Are you running the autofs with /net or similar configured? > > jh How would I know? I get nothing from: ps -ef | grep -i autofs yum -y list installed | grep -i autofs Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 19:00 +0100, Always Learning wrote: > On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote: > > > On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote: > > > Rather than being a willing or passive victim to 100% of the attacks, I > > > aim to reduce the penetrability of most of them. > Still useless: it is not the attacks that you know about and that show themselves as errors in your logs (and filter from the log, that is the only gain), but those where you have a real security hole that you have to worry about. And those will be exploited from one of the many other bots in the hackers botnet. An empty log may give you a nice feeling of security, but it is false... A lot of work, but very little if any gain. Louis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6, KDE 4: bad DNS traffic
On Wed, 31 Aug 2011, Michael D. Berger wrote: > On my new CentOS 6, KDE 4, running WireShark I see what appears > to be frequent nonsensical DNS queries, for example: > "settings-personal.desktop" and "settings-system.desktop". > The DNS response is always:"No such name". Do tell! > These appear especially when I click on things on the KDE > menus. On my old CentOS 5 box, on the same LAN, I see no > such thing. I note that I have replaced the original > /etc/hosts with my own. Might these have been resolved > in the original? Random stab in the dark... Are you running the autofs with /net or similar configured? jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new memory not getting regonized
On 08/31/2011 05:38 PM, Pasi Kärkkäinen wrote: > On Tue, Aug 30, 2011 at 03:30:46PM +0200, Dennis Jacobfeuerborn wrote: >> On 08/27/2011 09:12 PM, sylvan.dcu...@gmail.com wrote: >>> Dear Dennis, >>> >>> Thanks a lot for the wise reply.. really did boost my knowledge.. >>> honestly was unware of the fact that dom0 is just like another VM ... >>> Anyway I had never restricted dom0 mem and since my 4 vms were working fine >>> with no issues >>> i never bothered much. >> >> Yes, this is different from KVM where the VMs really are just normal >> processes on the host system and the host system itself isn't a VM. >> >> On a Xen system if you look at /etc/grub.conf you'll notice that it looks >> slightly different than on a non-virtualized system. Specifically you'll >> find the following line: >> kernel /xen.gz-2.6.18-164.el5 >> >> That's the actual hypervisor and really the host system and once started it >> will basically start dom0 and give it special privileges. So Dom0 and the >> DomU's all run on top of the actual hypervisor. >> >>> It was only after I added more 32 gb to existing 32 gb i did realise the >>> above issue.. >> >> Apparently dom0 has a 32G limit but that shouldn't be an issue unless you >> actually really require more than 32G specifically for dom0 and not the VMs. >> >>> anyway I will try to restrict my dom0 to 1 GB ... and check it out. >> >> Remember that the problems with the dynamic memory management are most >> likely fixed nowadays so the limitation is not strictly necessary. But then >> 1G will probably be more than enough for dom0 so it doesn't really hurt >> either. >> > > Still today you should dedicate a fixed amount of memory for dom0! > say, 1GB, or so. > > It's because of how Linux kernel allocates (and wastes) page struct memory: > http://wiki.xen.org/xenwiki/XenBestPractices Very good to know. Thanks for the information! Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Error installing latest CentOS kernel from %post section of kickstart
On 31/08/11 17:12, Alfred von Campe wrote: > I'm running the command "yum -y update" from a script called from the the > post section of my kickstart config file, and I get the following error: > > Installing : kernel-2.6.32-71.29.1.el6.i686 > 185/378 > grubby fatal error: unable to find a suitable template > > After the install, if I log in to the system and remove that RPM and then > re-install it with "yum install kernel", the grub.conf file is updated > correctly. Any ideas why this might be failing from kickstart? Anyone else > seen this? > > Alfred > Yes, it's a known issue: https://www.redhat.com/archives/rhelv6-list/2011-January/msg6.html https://bugzilla.redhat.com/show_bug.cgi?id=625216 https://bugzilla.redhat.com/show_bug.cgi?id=657257 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6, KDE 4: bad DNS traffic
On my new CentOS 6, KDE 4, running WireShark I see what appears to be frequent nonsensical DNS queries, for example: "settings-personal.desktop" and "settings-system.desktop". The DNS response is always:"No such name". Do tell! These appear especially when I click on things on the KDE menus. On my old CentOS 5 box, on the same LAN, I see no such thing. I note that I have replaced the original /etc/hosts with my own. Might these have been resolved in the original? Thanks for your comments. Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote: > On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote: > > Rather than being a willing or passive victim to 100% of the attacks, I > > aim to reduce the penetrability of most of them. > Getting the last 10% will cost you 90% of your time. I'll be satisfied with 99% and that time and effort investment can be introduced on multiple servers and VPS and, when suitable, on laptops etc. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote: > Rather than being a willing or passive victim to 100% of the attacks, I > aim to reduce the penetrability of most of them. Getting the last 10% will cost you 90% of your time. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question re: CentOS-6.0, KVM, and /dev/sr0
On Tue, August 30, 2011 18:57, psprojectplann...@gmail.com wrote: > On 29/08/2011 15:46, James B. Byrne wrote: >> I am experimenting with KVM and I wish to create a >> virtual machine image in a logical volume. I can >> create the new lv without problem but when I go to >> format its file system then I get these >> warnings: >> >> Warning: WARNING: the kernel failed to re-read the >> partition table on /dev/sda (Device or resource busy). >> As a result, it may not reflect all of your changes >> until after reboot. . . . >> The favour of a direct copy of any reply to the mailing >> list is requested as I am a digest subscriber. >> > You do not need to reboot every time you adjust a Logical > Volume. Do you also need to format the file system for a > KVM guest's Logical Volume? I formatted the new lv as ext4. > > I'm currently juggling servers to try and get a free > machine to test KVM on Centos 6, but i have recently > found, with another RHEL clone I'm testing, that if > you do not set up the LogVol with virsh or i suppose > virt-manager you will have issues getting the guest > machines to run. I am using virt-manager to set up the vms > > If you look at chapter 26.1.4.1 & 26.1.4.2 of the Red > Hat Visualization Guide, for RHEL6, it explains how to > use fdisk to create an partition for the Logical Volume, > set it to a Linux LVM type and create the > storage pool for the KVM guests (page 217 & 218). I am using that guide and I thank you for the specific reference. Nonetheless, I had the same problems when I used fdisk. > > On my current RHEL clone test system, to create the > VolGroup / Storage pool i used the virsh commands on > pages 222 & 223 of the Red Hat > Visualization Guide (which were similar to the following): > > # virsh pool-define-as guest_images_lvm logical - - > /dev/cciss/c0d0p3 > libvirt_lvm /dev/libvirt_lvm > # virsh pool-build VolGroupGuests > # virsh pool-start guest_images_lvm > # virsh pool-autostart guest_images_lvm > # virsh pool-list --all > > Name State Autostart > - > guest_images_lvm active yes > > To create the actual logical volume for the virtual > machine I used the > following command: > # virsh --connect qemu:///system vol-create-as > guest_images_lvm volume1 20G > > I don't remember formatting a file system prior to > installing the KVM guest, but new i am new to KVM > and I'm experimenting as well. > > jk I believe that the main problem I experienced was due to a change in the behaviour of virt-manager from 5.6 to 6.0. A change that I consider a defect and have reported as Bug 734529. Essentially, the parted error messages are meaningless insofar as the new lv is indeed properly formatted and found and mounted as is shown in the output of parted -l > Model: Linux device-mapper (linear) (dm) > Disk /dev/mapper/vg_inet02-lv_guest01: 129GB > Sector size (logical/physical): 512B/512B > Partition Table: loop > > Number Start EndSize File system Flags > 1 0.00B 129GB 129GB ext4 > I have no idea what is causing the errors to be reported by parted but it evidently has no impact on the result. However, the behaviour of virtual machine manager has changed so that it no longer permits the operator to specific an alternate location and image file name, unless that file already exists. What happens is that if one chooses to navigate to an alternate location, say /var/vms/lv_guest_01, in the file browser; and if that location has no content, then the file browser enters an indefinite wait state which can only be ended by navigating to somewhere else in the file system that has content. In 5.6, one could navigate to an empty directory and then supply a new file name which would be used to hold the new image. In 6.0 one must first create that file name in the desired location and only then can the virtual machine manager use it to save the new image because only then can it be selected in the file browser. Otherwise, one has to enter the host's storage options and add storage volumes there. This appears at first blush to give equivalent functionality to the old behaviour but it is far from being obvious to the user. It was the combination of the parted errors and encountering the unexpected behaviour of the virtual machine manager that had me confused. I inferred that the second issue was consequential to the first when in fact the first had no effect and neither had anything to do with the other. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 10:38 -0700, John R Pierce wrote: > On 08/31/11 10:33 AM, Always Learning wrote: > > Rather than being a willing or passive victim to 100% of the attacks, I > > aim to reduce the penetrability of most of them. > > an attempted access of a non-vunerability won't be any more effective > the millionth time its run than the first time. It can be effective especially if the IP address is blocked (indefinitely or temporarily). > its the unknown vunerabilities that get you, and your approach will > do nothing for these. Wrong because the IP address used for the unknown attack may have been blocked previously by the procedures already described. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 08/31/11 10:33 AM, Always Learning wrote: > Rather than being a willing or passive victim to 100% of the attacks, I > aim to reduce the penetrability of most of them. an attempted access of a non-vunerability won't be any more effective the millionth time its run than the first time. its the unknown vunerabilities that get you, and your approach will do nothing for these. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 13:01 -0400, Lamar Owen wrote: > On today's Internet you are simply not going to catch 100% of the > attacks, full stop. Rather than being a willing or passive victim to 100% of the attacks, I aim to reduce the penetrability of most of them. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, Aug 31, 2011 at 12:17 PM, John R Pierce wrote: >> Wrong. Some can be determined by machine searching for 'known' invalid >> URL strings which are not remotely similar to valid web page names. > > there's an infinite number of invalid strings, and only a finite number > of valid ones. > > anyways, your webserver already filters these out, its not going to > respond to an invalid URL with anything other than '404'. thats its job. The idea isn't as crazy as it sounds - expensive firewalls offer the option to block URLs including known exploits and it is a much faster way to protect a farm of servers behind it than waiting for the OS vendor to come up with a service pack to make the servers less vulnerable. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 10:17 -0700, John R Pierce wrote: > anyways, your webserver already filters these out, its not going to > respond to an invalid URL with anything other than '404'. thats its > job. The 'error' is trapped; a PHP routine examines the URL for known (in a list) hacker strings; if an established 'hacker' string is detected the site's .htaccess file is updated with a 'deny from' statement; in all instances an email is sent to the systems' monitor. Oh, and a suitable customised web page is displayed in response. An improvement is the real-time adding of block IP commands to IP Tables. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 08/31/11 9:32 AM, Always Learning wrote: > Wrong. Some can be determined by machine searching for 'known' invalid > URL strings which are not remotely similar to valid web page names. there's an infinite number of invalid strings, and only a finite number of valid ones. anyways, your webserver already filters these out, its not going to respond to an invalid URL with anything other than '404'. thats its job. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wednesday, August 31, 2011 11:15:20 AM Always Learning wrote: > Dangerous to ignore any background noise - far better to > firmly shut the door and fill-in all known holes. The unknown holes are the ones that will get you. You are also setting yourself up for a denial-of-service vector. Refresh yourself on the three-way TCP handshake and how HTTP is embedded in that and be enlightened (IOW, there is a connection allready set up and a listener thread connected by the time the GET HTTP directive is issued). Also understand that IP address spoofing is fairly common... and within the reach of the most green script kiddie. The fail2ban solution, while it is somewhat of a 'shut the barn door after the horses are out' thing, is less likely to cause a DoS. And it will likely prevent escalation, which is what you're really after. Plus, you'll want to see how much of a load the string matching at the IPtables level puts on your VPS; it may be enough to create a DoS vector there, too. On today's Internet you are simply not going to catch 100% of the attacks, full stop. You can mitigate them (SELinux is one tool in the mitigation arsenal, as is fail2ban and IPtables). But that is all. You will be attacked; that is axiomatic on today's Internet. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 09:11 -0700, John R Pierce wrote: > iptables will filter on packet headers and such at layer 3, it can't > and won't analyze the content of packets, regardless of your emotional > attachments. I believe IP Tables '-m string' will. If you think the custodians and maintainers of IP Tables are making untrue claims, you may wish to acquaint them with your disbelieve. However it might be prudent for you to read the following before telling the IP Tables folks they are wrong. http://www.netfilter.org/ Net Filter : The Home of IP Tables http://ipset.netfilter.org/iptables.man.html The IP Tables Manual http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html Frozentux : Detailed Technical Explanation of TCP/UCP and IP Tables (2006) http://wiki.archlinux.org/index.php/Simple_stateful_firewall_HOWTO Arch Linux : How To http://wiki.centos.org/HowTos/Network/IPTables Centos How-To : IP Tables http://www.centos.org/docs/5/html/5.2/Deployment_Guide/ch-iptables.html Centos Deployment Guide : Section 43.9 > I said precisely. computers don't understand 'deliberate' vs 'typing > error', those are subjective measures. Wrong. Some can be determined by machine searching for 'known' invalid URL strings which are not remotely similar to valid web page names. Obviously this is site dependant. For example which accidentally typed URL contains login.php or password.php when nothing like those names are used in valid web page names ? -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc
On Wed, Aug 31, 2011 at 10:48 AM, R - elists wrote: > >> But filters tend to be stupid as well. And once you are involved in >> a conversation you should have a certain responsibility to >> follow it to the bitter end. Filters mostly don't understand >> that (but gmail will push a reply to your own message into >> the 'important' view). >> > > i hear ya Les > > thing is, the term plonk from a most recent post reminded me what i am > looking for, ie killfile > > ...i just have to figure out how to best implement. > > now, please dont get me wrong, ive made a mistake or three on lists, yet > gave apology. > > i am suprised that more folks havent spoken up about favorite "threaded > email readers" or has everyone just gone to Thunderbird or other similar? > > reason: some say changing subject or hijacking messes things up... Threads really only matter when responses are slow enough that you forget the context - in which case you probably aren't all that interested anyway. With thunderbird I normally don't use a threaded view but sometimes flip to it (which is sort of awkward except on a Mac where you can use OS facilities to map a key to a multi-step operation). But in gmail I do like their normal 'conversation' presentation where the previously read messages are mostly hidden but accessible with a click and the unread messages are all opened together with large blocks of quoted text mostly hidden. I'm used to reading 'backwards' in time order so I know what has already been answered, but the gmail view is a little nicer to see the new portion in order and in context. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
UPDATE: I started with kernel 2.6.35.4 #2 and lsmod | grep ipt = ipt_LOG 5419 2. My service provider produced a replacement kernel 2.6.24-28-xen #1. Now lsmod | grep ipt reveals .. ipt_LOG 8192 2 iptable_filter 4608 1 ip_tables 24232 1 iptable_filter x_tables 23432 5 xt_string,ipt_LOG,xt_state,xt_tcpudp,ip_tables and, to my personal joy and pleasure, iptables -A -p tcp -m string --algo bm --string 'login' -j DROP is accepted by IP Tables. Thank you to everyone who contributed to this thread. With best regards, Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Error installing latest CentOS kernel from %post section of kickstart
I'm running the command "yum -y update" from a script called from the the post section of my kickstart config file, and I get the following error: Installing : kernel-2.6.32-71.29.1.el6.i686 185/378 grubby fatal error: unable to find a suitable template After the install, if I log in to the system and remove that RPM and then re-install it with "yum install kernel", the grub.conf file is updated correctly. Any ideas why this might be failing from kickstart? Anyone else seen this? Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 08/31/11 9:00 AM, Always Learning wrote: > No I do not want "another piece of software to parse the http protocol > and analyze the traffic". > > IT Tables, in which I have great confidence and trust, can do it. iptables will filter on packet headers and such at layer 3, it can't and won't analyze the content of packets, regardless of your emotional attachments. >> > of course, to even consider doing such you would have to, in very >> > precise terms, define exactly what comprises a 'hacking attempt'. do >> > you give this filter a list of all valid URLs and trigger your block on >> > any that aren't on that list? > My definition: a hacking attempt is deliberately, meaning not a typing > error, sending an invalid web page request. Obviously one should exclude > the 'standard' wrong URLs issued by some software like the M$ Office > responses and crossdomain requests. I said precisely. computers don't understand 'deliberate' vs 'typing error', those are subjective measures. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 11:51 -0400, Bowie Bailey wrote: > On 8/31/2011 11:32 AM, Always Learning wrote: > > On Wed, 2011-08-31 at 11:29 -0400, Bowie Bailey wrote: > > > >> I assume this is an Apache server. Have you looked at mod_security > >> (http://www.modsecurity.org/)? It is available from the epel > >> repository. There is a bit of a learning curve to get it running, but > >> it protects against a ton of hacking attempts. > > Thank you very much for that helpful suggestion. I'll look now. > > Just keep a close eye on it at first. The current version tends to be > *very* aggressive. I had to modify or disable several rules to get it > to play nice with my websites. Thank you. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 08:41 -0700, John R Pierce wrote: > On 08/31/11 8:22 AM, Always Learning wrote: > > Looking at your example seems to suggest Fail2Ban is an 'after the > > event' response. I would like to implement 'before the event' filtering > > which prevents, even on the first detected hacking attempt, anything > > reaching HTTPD. > so you want another piece of software to parse the http protocol and > analyze the traffic, before passing it on to your web server, which is > going to parse the http protocol and deliver content? good luck with that. No I do not want "another piece of software to parse the http protocol and analyze the traffic". IT Tables, in which I have great confidence and trust, can do it. Thank you for your 'good luck' wishes. > of course, to even consider doing such you would have to, in very > precise terms, define exactly what comprises a 'hacking attempt'. do > you give this filter a list of all valid URLs and trigger your block on > any that aren't on that list? My definition: a hacking attempt is deliberately, meaning not a typing error, sending an invalid web page request. Obviously one should exclude the 'standard' wrong URLs issued by some software like the M$ Office responses and crossdomain requests. Inspection in IP Tables is performed before the data is passed to HTTPD. Therefore it is impossible to determine, at that point in the transmission process, the validity of incoming HTTP requests. Only HTTPD can decide that issue. > anyways, the design of such would better be discussed on a security > tools mail list as its a very general topic, there's nothing here even > remotely centos specific. IP Tables is and Centos Ops or Sys Admins or others may wish to deploy the IP Tables blocking suggestion. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 8/31/2011 11:32 AM, Always Learning wrote: > On Wed, 2011-08-31 at 11:29 -0400, Bowie Bailey wrote: > >> I assume this is an Apache server. Have you looked at mod_security >> (http://www.modsecurity.org/)? It is available from the epel >> repository. There is a bit of a learning curve to get it running, but >> it protects against a ton of hacking attempts. > Thank you very much for that helpful suggestion. I'll look now. Just keep a close eye on it at first. The current version tends to be *very* aggressive. I had to modify or disable several rules to get it to play nice with my websites. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc
> > But filters tend to be stupid as well. And once you are involved in > a conversation you should have a certain responsibility to > follow it to the bitter end. Filters mostly don't understand > that (but gmail will push a reply to your own message into > the 'important' view). > i hear ya Les thing is, the term plonk from a most recent post reminded me what i am looking for, ie killfile ...i just have to figure out how to best implement. now, please dont get me wrong, ive made a mistake or three on lists, yet gave apology. i am suprised that more folks havent spoken up about favorite "threaded email readers" or has everyone just gone to Thunderbird or other similar? reason: some say changing subject or hijacking messes things up... - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 08/31/11 8:22 AM, Always Learning wrote: > Looking at your example seems to suggest Fail2Ban is an 'after the > event' response. I would like to implement 'before the event' filtering > which prevents, even on the first detected hacking attempt, anything > reaching HTTPD. so you want another piece of software to parse the http protocol and analyze the traffic, before passing it on to your web server, which is going to parse the http protocol and deliver content? good luck with that. of course, to even consider doing such you would have to, in very precise terms, define exactly what comprises a 'hacking attempt'. do you give this filter a list of all valid URLs and trigger your block on any that aren't on that list? anyways, the design of such would better be discussed on a security tools mail list as its a very general topic, there's nothing here even remotely centos specific. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new memory not getting regonized
On Tue, Aug 30, 2011 at 03:30:46PM +0200, Dennis Jacobfeuerborn wrote: > On 08/27/2011 09:12 PM, sylvan.dcu...@gmail.com wrote: > > Dear Dennis, > > > > Thanks a lot for the wise reply.. really did boost my knowledge.. > > honestly was unware of the fact that dom0 is just like another VM ... > > Anyway I had never restricted dom0 mem and since my 4 vms were working fine > > with no issues > > i never bothered much. > > Yes, this is different from KVM where the VMs really are just normal > processes on the host system and the host system itself isn't a VM. > > On a Xen system if you look at /etc/grub.conf you'll notice that it looks > slightly different than on a non-virtualized system. Specifically you'll > find the following line: > kernel /xen.gz-2.6.18-164.el5 > > That's the actual hypervisor and really the host system and once started it > will basically start dom0 and give it special privileges. So Dom0 and the > DomU's all run on top of the actual hypervisor. > > > It was only after I added more 32 gb to existing 32 gb i did realise the > > above issue.. > > Apparently dom0 has a 32G limit but that shouldn't be an issue unless you > actually really require more than 32G specifically for dom0 and not the VMs. > > > anyway I will try to restrict my dom0 to 1 GB ... and check it out. > > Remember that the problems with the dynamic memory management are most > likely fixed nowadays so the limitation is not strictly necessary. But then > 1G will probably be more than enough for dom0 so it doesn't really hurt > either. > Still today you should dedicate a fixed amount of memory for dom0! say, 1GB, or so. It's because of how Linux kernel allocates (and wastes) page struct memory: http://wiki.xen.org/xenwiki/XenBestPractices -- Pasi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc
On Wed, Aug 31, 2011 at 10:15 AM, R - elists wrote: > > sometimes people on the list just get beligerant, drunk, and/or stupid and > need to be filtered. But filters tend to be stupid as well. And once you are involved in a conversation you should have a certain responsibility to follow it to the bitter end. Filters mostly don't understand that (but gmail will push a reply to your own message into the 'important' view). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Always Learning wrote: > > On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote: > >> Maybe not, for a small website. However, let me re-suggest fail2ban, >> with >> three lines from one of our config files: >> failregex = -.*"GET >> .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c >> onfig\.inc|main)\.php.*".*404.* >> ^ -.*"GET .*(phpmyadmin).*\.php.*".*404.* >> ^ -.*"GET /w00tw00t\.at > > Looking at your example seems to suggest Fail2Ban is an 'after the > event' response. I would like to implement 'before the event' filtering > which prevents, even on the first detected hacking attempt, anything > reaching HTTPD. It is an after the event: after 3? 5? (I forget the default, but that can be configured), it adds a rule to iptables to ban that IP for a limited time. That, too, can be changed; I haven't done it, but I'd be surprised if you can't configure it to ban that IP permanently. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 11:29 -0400, Bowie Bailey wrote: > I assume this is an Apache server. Have you looked at mod_security > (http://www.modsecurity.org/)? It is available from the epel > repository. There is a bit of a learning curve to get it running, but > it protects against a ton of hacking attempts. Thank you very much for that helpful suggestion. I'll look now. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 8/31/2011 11:22 AM, Always Learning wrote: > On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote: > >> Maybe not, for a small website. However, let me re-suggest fail2ban, with >> three lines from one of our config files: >> failregex = -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c >> onfig\.inc|main)\.php.*".*404.* >> ^ -.*"GET .*(phpmyadmin).*\.php.*".*404.* >> ^ -.*"GET /w00tw00t\.at > Mark, > > Looking at your example seems to suggest Fail2Ban is an 'after the > event' response. I would like to implement 'before the event' filtering > which prevents, even on the first detected hacking attempt, anything > reaching HTTPD. I assume this is an Apache server. Have you looked at mod_security (http://www.modsecurity.org/)? It is available from the epel repository. There is a bit of a learning curve to get it running, but it protects against a ton of hacking attempts. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote: > Maybe not, for a small website. However, let me re-suggest fail2ban, with > three lines from one of our config files: > failregex = -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c > onfig\.inc|main)\.php.*".*404.* > ^ -.*"GET .*(phpmyadmin).*\.php.*".*404.* > ^ -.*"GET /w00tw00t\.at Mark, Looking at your example seems to suggest Fail2Ban is an 'after the event' response. I would like to implement 'before the event' filtering which prevents, even on the first detected hacking attempt, anything reaching HTTPD. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache warns Web server admins of DoS attack tool
On Wed, Aug 31, 2011 at 4:32 AM, Karanbir Singh wrote: > On 08/30/2011 11:33 PM, Thomas Harold wrote: >> Someday, perhaps we'll end up back on an authenticated version of NNTP, >> with support for bbcode, images, and the front end reader of your choice... > > Thats quite a good idea - and something that we explored at length when > looking for a replacement software for the existing forums. And while > that would be nice to have, reduce content duplication and assert some > level of authority across venues etc, its still not really the > master-solution. Unless there are hub sites that aggregate all the feeds this sounds like it would require per-target, per-client, per-platform configuration to set up authenticated access, which would be fairly horrible for anyone who likes to use multiple programs on multiple devices to access a large number of sites. And inventing a new protocol for programs that don't exist to do something that many of us think is already handled correctly by email probably isn't a great idea. > The bridge would be good to have, but there are lots of > people who chose a venue to work with based on their own expectations, > comfort level and media they prefer working with. In some cases, like > the people here on the list - mailing lists are the way to go. Others > prefer to use the forums. While plenty hang out on IRC. Lets not take > the choice away from people. I still think rss could work with existing aggregators like google reader to make forum reading tolerable and clicking through to reply not too annoying, but the feed needs to include the whole posting or enough to catch most of them without having to click through. Is that something that can be configured? I tried to look on the xoops newbb site but their rss feed actually just gives an error which doesn't look promising. Also, it would be nice if the web side had a mobile view so you didn't have to zoom in to be able to read each article when you click through on a phone. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
John R Pierce wrote:
> On 08/31/11 7:22 AM, Always Learning wrote:
>> In the current 4,000 to 6,000 daily hits, the lunatic uses
>>
>> login.php
>> contact.php
>> forgotten_password.php
>
> your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
> running on distributed previously hacked hosts, and probing a long long
> list of targets of which your hosts only a tiny part of. 4000 hits a
> day to 404 pages is background noise.
>
Maybe not, for a small website. However, let me re-suggest fail2ban, with
three lines from one of our config files:
failregex = -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
onfig\.inc|main)\.php.*".*404.*
^ -.*"GET .*(phpmyadmin).*\.php.*".*404.*
^ -.*"GET /w00tw00t\.at
mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc
Christopher, > > It's not an email program but I think it has the best > filtering capabilities of all - the brain. > umm, yeah, exactly, i want to use my brain to program certain peoples posts from never reaching my eyeballs arent they called threaded email readers? i really didnt find much on the www yet maybe i should have been looking for old style nntp type readers? maybe that is what i need to check into > > Huh? What signal/noise ratio? I don't see any of the usual > "can't be bother to read manuals/to use google" > suspects...unless you're complaining about our most recent > top poster... > obviously signal/noise is always relevant and your tolerance is different than ours. sometimes people on the list just get beligerant, drunk, and/or stupid and need to be filtered. - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 08:07 -0700, John R Pierce wrote:
> On 08/31/11 7:22 AM, Always Learning wrote:
> > In the current 4,000 to 6,000 daily hits, the lunatic uses
> >
> > login.php
> > contact.php
> > forgotten_password.php
>
> your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
> running on distributed previously hacked hosts, and probing a long long
> list of targets of which your hosts only a tiny part of. 4000 hits a
> day to 404 pages is background noise.
I would like to use the facilities in the excellent Centos operating
system to reduce hacking attacks. Implementing an IP Tables string
facility is a useful learning experience. When that works, I'll try
'recent'. Dangerous to ignore any background noise - far better to
firmly shut the door and fill-in all known holes.
Paul.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On 08/31/11 7:22 AM, Always Learning wrote:
> In the current 4,000 to 6,000 daily hits, the lunatic uses
>
> login.php
> contact.php
> forgotten_password.php
your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
running on distributed previously hacked hosts, and probing a long long
list of targets of which your hosts only a tiny part of. 4000 hits a
day to 404 pages is background noise.
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc
On Tue, Aug 30, 2011 at 11:46 PM, R - elists wrote: > > we need to filter out various peoples posts on this list > > would some kind soul(s) please direct us in locating the best email list > reading programs w/ the best features to read the centos and other lists. > > the CentOS list signal/noise ratio is so bad that we need something better > than just outlook like clients or whatever > > appropriate windows and linux recommendations would be most appreciated > I didn't expect this, but I am beginning to like gmail's web interface better than dedicated mail programs. I used to use fetchmail to pull it to an imap server that I managed and accessed from various clients and my phone via imap, but for an assortment of reasons I want to retire that server and recently have been accessing gmail directly through imap, the gmail phone app, and the web interface, and after configuring the options a bit the web interface seems to be winning. It now has a fuzzy concept of 'important' mail that it can display first, and its folder operations are conceptually more like tagging where 'inbox' is just another tag, although from imap they appear as typical folders.The normal thing to do with disposed mail is to 'archive' it which puts it out of sight, but it still appears in searches and threaded conversation view - and being google, they obviously have better search capability than you are going to find in your own mail client. For me, the conceptual differences are more than making up for what you lose in a web-based interface - and when you want you can always use a real client via imap as long as you don't subscribe to the massive 'all mail' folder that holds the archive. I don't do any pre-filtering or sorting since you can just archive everything and still be able to find it in a search, but the facility is there if you want it and the results appear the same via multiple imap clients, the phone app, or the web interface. And yes, I know it is all just a ploy to get you to stay logged in all the time in the browser so your google search queries are tied to your login as well as your IP, but they are really, really good at it... -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Hi Mike, > Perhaps the most important point here is that the script kiddies and/or > bots usually make sure the target string, 'login' in your example is *not* > contained within a single packet. You can verify this with wireshark. In > any case just be aware that your solution will likely not have the desired > effect. > > This a decent read: http://spamcleaner.org/en/misc/w00tw00t.html > Specifically the Conclusion section near the bottom. I'm definitely going to try '-m string' providing the service provider can fix the problem. I am not, as the article suggested, going to filter on a "28-byte string". If I was going to trap the http error 400 event 'w00tw00t.at.ISC.SANS', I would filter on port 80 for 'w00t' or '.at' or 'ISC' or 'SAN' because no web page name contains those strings. Having control over web pages names brings some benefits :-) In the current 4,000 to 6,000 daily hits, the lunatic uses login.php contact.php forgotten_password.php so I will filter port 80 traffic for that web site, now on its own IP, for log con pas because no web page name contains any of those 3 byte strings. The second defence is its own IP Table with 110 IP addresses. The lunatic has not added any new ones in the last 24 hours. The longest packet recently rejected was 496 bytes (from another hacker) and the current lunatic's packets are 60 bytes. Optimistically I have a reasonable prospect of trapping the above 3 byte strings. Thank you. Paul. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wed, 2011-08-31 at 09:54 -0400, Lamar Owen wrote: > It's less than ideal to install anything from source, as Karanbir > has so correctly pointed out downthread. > > Sometimes it is necessary; but it is never ideal, for the reasons KB > stated The service provider has suggested it needs the xt_tcpudp module which involves a kernel change. I'll try that. All I want to do is to stop the hacker, who is now targeting a different web site with the well-known phpmyadmin variations. Paul. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Perhaps the most important point here is that the script kiddies and/or bots usually make sure the target string, 'login' in your example is *not* contained within a single packet. You can verify this with wireshark. In any case just be aware that your solution will likely not have the desired effect. This a decent read: http://spamcleaner.org/en/misc/w00tw00t.html Specifically the Conclusion section near the bottom. On Wed, 31 Aug 2011, Always Learning wrote: > > On a VPS I wanted to add to IP tables:- > > iptables -A -p tcp -m string --algo bm --string 'login' -j DROP > > I got: > > iptables: Unknown error 18446744073709551615 > > uname -a = 2.6.35.4 #2 (don't know how this got installed) > > lsmod | grep ipt = ipt_LOG 5419 2 > > yum upgrade iptables* = nothing to install. > > --- > > On a standalone server (C 5.6) > > iptables -A -p tcp -m string --algo bm --string 'login' -j DROP > > is accepted. > > uname -a = 2.6.18-274.el5 #1 > > lsmod | grep ipt = > ipt_LOG39617 1 > iptable_filter 36161 1 > ip_tables 55457 1 iptable_filter > x_tables 50505 6 > xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6_tables > > > > Appreciate suggestions on how to get kernel 2.6.35.4 to install the > whole IP tables package, especially the STRING and RECENT options (in > -m). > > Thank you. > > Paul. > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
On Wednesday, August 31, 2011 09:18:26 AM Always Learning wrote: > A very helpful and knowledgeable poster, Walter Haidinger, in his email > dated Wed, 31 Aug 2011 13:10:16 +0200 (12:10 BST), gave what appears to > be an ideal solution. > * get a more recent iptables from netfilter.org It's less than ideal to install anything from source, as Karanbir has so correctly pointed out downthread. Sometimes it is necessary; but it is never ideal, for the reasons KB stated. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: help with email list reading programs w/ best features to read the centos and other lists that can filter people etc
On Wednesday, August 31, 2011 09:34:48 AM Always Learning wrote: > Why not store them in a correspondence database ? Kmail is working towards full Akonadi integration, and the full 'semantic desktop' paradigm is (or will be) available. So it's already being done, to a degree, and in a very flexible manner. Currently it is a tad slow with my >1 million e-mails in my archive, but it has been slower. Much slower. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
