Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6

2011-09-23 Thread Spook ZA 
Hi Tom

On 22 September 2011 18:21, Tom Brown  wrote:
>
> Apologies if i missed this on the list but is there a fix for this
> available to 6.0?
>
> https://rhn.redhat.com/errata/RHSA-2011-1245.html
>
> thanks

Please see below the response from Karanbir.

Regards,
  Andy.

-- Forwarded message --
From: Karanbir Singh 
Date: 1 September 2011 12:39
Subject: Re: [CentOS] Apache warns Web server admins of DoS attack tool
To: CentOS mailing list 


Thanks Tom,

On 09/01/2011 02:05 AM, Tom Lanyon wrote:
> For EL 4, 5, 6:
> https://rhn.redhat.com/errata/RHSA-2011-1245.html

rpms for C5 are pushed into the 5.6/cr/ repo; the c6 build is running
now, we will have the cr stuff up for that today and get this into there
as well.

Unless Tru gets to it before me, I'll get the c4 builds out as well in a
bit.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using posfix on the local LAN, with internet FQDN

2011-08-18 Thread Spook ZA 
Hi Rudy

On 18 August 2011 14:49, Rudi Ahlers  wrote:
> Hi all,
>
> I hope someone can help me with this please.
>
>
> One of our clients has an in-house Postfix mailserver which basically
> downloads mail for the individual users from our mail server hosted on
> the web using fetchmail.
> They use our SMTP server to send mail. Their email clients are then
> setup to get & send mail from the server, on 192.168.2.254 (for POP3 &
> SMTP).  All mail between them on the local LAN gets send to each other
> via the server, and not the internet.
>
> This works quite well, but as soon as someone sends mail from the
> Linux server directly (it has webmin + usermin installed and has a
> basic webmail interface for when they're out of the office) it sends
> mail using the local machine name, instead of the domain name.
> for example, mail comes from esther@ser001.rewards.local.
>
> How do I tell Postfix to automaticlly send mail from
> @ instead?
>

This comes straight out of the main.cf file and may be of some assistance:

# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld

# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites.  If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
#myorigin = $myhostname



>
> Sorry for asking this, but I don't know Postfix very well and don't
> know what to call to, to search on google.
>
> --
> Kind Regards
> Rudi Ahlers
> SoftDux

Regards,
  Andy.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 CDs isos...

2011-07-11 Thread Spook ZA 
On 11 July 2011 13:22, John Doe  wrote:
>
> Hey,
>
> just wondering if CentOS 6 CDs isos are also planned, or if there will be 
> only the DVDs ones...?
>
Have a look here:
http://www.karan.org/blog/index.php/2011/07/10/release-for-centos-6-0-i386-and-x86-64
It gives details of all the disk sets.
>
> Thx,
> JD

Regards,
  Andy.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ~/.forward file?

2011-02-01 Thread Spook ZA 
On 2 February 2011 05:41, Joseph L. Casale  wrote:
>
> >Any idea what it might be for?
>
> Procmail...
>

If a mail message gets sent to the user with a .forward file, the
message will be forwarded to all email addresses in the .forward file.
Try Google for: unix mail .forward

Regards,
  Andy.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to open a tcp port?

2010-03-03 Thread Spook ZA 
On 3 March 2010 13:46, hadi motamedi  wrote:
>
>
>>
>>
>> All ports are open, but you really need some service to listen that port.
>>
>> --
>> Eero
>> ___
>
> Thank you . So why 'telnet 172.16.17.132 4965' cannot get through ?

As Eero said, you need to make sure something is listening on that port.

Try: netstat -ant and look for:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address
 State
tcp0  0 0.0.0.0:49650.0.0.0:*
 LISTEN

or pipe it to grep if the server is busy (netstat -ant | grep 4965)

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos convert to rhel?

2009-08-01 Thread Spook ZA 
2009/8/1 Timothy Murphy 

> Connie Sieh wrote:
>
> >> If centos falls I have no choice but to go to redhat. I am wondering if
> >> the conversion will be easy or a complete reinstall.
> >
> > There are other RHEL rebuild projects out there.
>
> I'm very grateful to CentOS, which is running my home server.
> I used to run it under Fedora, but that required a lot more thought.
> My thanks to the CentOS team, and best wishes.
>
> I too am greatful for CentOS.
Growing up with Redhat from the days of 4.3, I have grown accustomed to it
and it's way of doing things.
When the fork happened, Fedora was not an option due to the short life cycle
and bleeding edge technologies employed.
What I needed was stability and longevity.

I am confident that the dev team can be successful in their endeavours to
keep this project running smoothly.

Good luck chaps.

-Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix and mail origin checks

2009-07-29 Thread Spook ZA 
Hi

2009/7/29 Karanbir Singh 
>
> On 07/29/2009 01:58 PM, RedShift wrote:
> >> Emails to other destinations should remain unaffected.
> ^^
>
> > The easiest way is probably to edit master.cf and make smtpd only listen on 
> > localhost:25.
>
> well, no. The machine gets a few thousand other emails from all over the
> place. Would not want to stop that :)
>
>  > Otherwise us an access table.
>
> how ?

I personally have separated my interfaces using master.cf (one for
internal and one for external and one for anti-virus from localhost).

192.168.1.1:25   inetn   -   n   -   -   smtpd
  -o smtpd_client_restrictions=
222.22.22.333:25  inet  n   -   n   -   -   smtpd
#
# Anti-virus
#
amavisd-new unix  -  - n  -2   smtp
  -o smtp_data_done_timeout=1200s
  -o disable_dns_lookups=yes
127.0.0.1:10025 inet n   -   n   -   -   smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes

I override smtpd_client_restrictions from internal so that it doesnt
try look up RBLs and the last part is the anti-virus re-injection.

Other than that, I havent investigated further what other rules you can apply.

This is similar to what Andreas Rogge has suggested elsewhere in this thread.

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What's special about port 19842?

2009-04-06 Thread Spook ZA 
Hi Anne.

2009/4/6 Anne Wilson :
> I've had umpteen IPs knocking on this door yesterday.  The router blocked
> them, so it's not a problem, but why that port?
>
> Anne

I thought maybe it was a registered port so I checked my reference:
( http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers )

No luck there, sorry.
But the list might be of use to you or others in the future.

Regards,
  Andrew
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba and iptables - woes

2009-03-30 Thread Spook ZA 
Hi.

2009/3/31 Rob Kampen :
> Hi folk,
> I am trying to get iptables working on a samba server but find it is
> blocking something that prevents the windoze clients from being able to
> access the share.
> here are the bits from iptables:
>>
>> # nmb provided netbios-ns
>> -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport
>> 137 -j ACCEPT
>> # nmb provided netbios-dgm
>> -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport
>> 138 -j ACCEPT
>> # Samba
>> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
>> eth1 --dport 135 --state NEW -j ACCEPT
>> # smb provided netbios-ssn
>> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
>> eth1 --dport 139 --state NEW -j ACCEPT
>> # smb provided microsoft-ds
>> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
>> eth1 --dport 445 --state NEW -j ACCEPT
>
Your source address is invalid.
If you want access from the entire 192.168.230.x subnet, you have to
use a source of 192.168.230.0/24.
If you want access from only 100, then you need to specify the source
as 192.168.230.100/32 (a single address with a mask to match or just
leave the mask off).

HTH

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

2009-03-25 Thread Spook ZA 
Hi Rudy

2009/3/25 Rudi Ahlers :
> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for it.
>
> --
>
> Kind Regards
> Rudi Ahlers

If your firewall / border gateway is running linux, have a look at:

 http://www.networkuptime.com/tools/netflow/

You need an exporter that will export linux netflow records and
software that will collect and present the resultant data.

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] WAY OT: domain name registration .co.za

2009-03-06 Thread Spook ZA 
2009/3/6 Bill Campbell 
>
> On Fri, Mar 06, 2009, Glenn wrote:
> >Hello All,
> >
> >Very sorry about WAY off-topic query, but you folks really are one of
> >my most International subscribed groups.
> >
> >I am looking for a recommendation for a domain name registrar I can
> >register my .co.za domain name with that won't 'yank my chains'. I
> >tried a couple attempts at registering and found some hidden fees
> >along with the insistence that I had to host my DNS with them. Lots
> >of hosting bundles!
> >
> >I just want a registrar that can register the domain name and use MY
> >DNS servers. I'll do all the hosting, thank you very much!

Hi Bill.
Have you tried registering your domain directly with the registrar?

( http://co.za/coza_reg.txt )

Regards,
  Andrew
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables question

2009-02-19 Thread Spook ZA 
> > -Original Message-
> > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> > Behalf Of Barry Brimer
> > Sent: Thursday, February 19, 2009 5:38 PM
> > To: CentOS mailing list
> > Subject: Re: [CentOS] iptables question
> >
> >
> >
> > On Thu, 19 Feb 2009 ward.p.fonte...@wellsfargo.com wrote:
> >
> >> Hi,
> >>
> >> I have two servers in the same subnet, one has this arrangement:
> >>
> >> BOX A [3 ips, one real two vips]
> >>
> >> BOX B [1 ip]
> >>
> >> I need to redirect input from one of the vips (192.168.0.1:8080) on
> > BOX
> >> A to BOX B (192.168.0.2:8080) and I'm about to pull my hair out. Can
> >> anyone lend a hand? All my searching leads me to home firewall type
> >> arrangements using DNAT. I tried to bend one of those to fit my
> >> situation but it was a no go (most likely due to my lack of knowledge
> >> with iptables)
> >
> > iptables -t nat -I PREROUTING -d 192.168.0.1 -p tcp --dport 8080 -j
> DNAT
> > --to 192.168.0.2

Hi.

DNAT is what you would be wanting.  As can be seen, DNAT is processed
in the PREROUTING chain in the nat table, thus it happens before
packets hit the filter table and all you are doing is changing the
destination address.

You will still need rules in your forward chain of your filter table
(it is still forward even if the packets enter and exit the same
network card).

This rule will need to allow the original source to talk to the new destination.

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] unsuscribe

2008-10-15 Thread Spook ZA 
On Wed, Oct 15, 2008 at 9:23 PM, Miguel Varas A. <[EMAIL PROTECTED]> wrote:
> Please I want unsuscribe for this list
> thanks
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Please (and this goes for most if not all mailing lists) view all
headers associated with any mail to the list and you will find the
following.

X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: CentOS mailing list 
List-Id: CentOS mailing list 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]

HTH (you and others who are wondering)

Regards
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to enable bind to listen querys from all my network

2008-08-28 Thread Spook ZA 
Hi Guys.
I installed BIND 9.3.3rc2 straight off the CentOS 5.1 CDs.
By default the /var/named/chroot is empty, so all I did was copy the
cp -R /usr/share/doc/bind-9.3.3/sample/* /var/named/chroot/
and it inserts a working set of files.
Editing /var/named/chroot/etc/named.conf shows a sample setup that listens
on all interfaces
(which is why I set up the firewall first to block all interfaces) and has 3
views (localhost_resolver, internal and external)
Then it is a simple matter to set up forwarders in the options section for
caching and off you go.
Further tweaking should allow you to restrict the interfaces and adding
zones (master/slave/forward) into the appropriate views
will allow resolving of internal or domains hosted by the server.

By default there is no "listen-on port" option in the sample file, so it
listens on the default port (53) on all interfaces.

HTH
Regards,
  Andrew.

On Thu, Aug 28, 2008 at 11:23 AM, Miguel A. Velasco <
[EMAIL PROTECTED]> wrote:

> Hello all,
>
> I´ve installed a proxy Squid in my gateway and a Cache DNS Server with
> bind. The problem is the server is only resolving is own querys but not
> the client queries from my company.
> When I do:
> $service named start
> I see in /var/log/messages:
>
> starting BIND 9.3.4-P1 -u named -t /var/named/chroot
> found 1 CPU, using 1 worker thread
> loading configuration from '/etc/named.conf'
> listening on IPv6 interface lo, ::1#53
> listening on IPv4 interface lo, 127.0.0.1#53
> command channel listening on 127.0.0.1#953
> command channel listening on ::1#953
> zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
> zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> zone
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
>
> loaded serial 1997022700
> zone localdomain/IN/localhost_resolver: loaded serial 42
> zone localhost/IN/localhost_resolver: loaded serial 42
> running
>
> I don´t understand why is only "listening on IPv4 interface lo,
> 127.0.0.1#53"
> I have bind-chroot installed with the following options in /etc/named.conf:
>
> options {
>listen-on port 53 { 127.0.0.1; 10.10.80.0; };
>listen-on-v6 port 53 { ::1; };
>directory   "/var/named";
>dump-file   "/var/named/data/cache_dump.db";
>statistics-file "/var/named/data/named_stats.txt";
>memstatistics-file "/var/named/data/named_mem_stats.txt";
>
>// Those options should be used carefully because they disable port
>// randomization
>// query-sourceport 53;
>// query-source-v6 port 53;
>
>allow-query { localhost; };
> };
> logging {
>channel default_debug {
>file "data/named.run";
>severity dynamic;
>};
> };
> view localhost_resolver {
>match-clients  { localhost; };
>match-destinations { localhost; };
>recursion yes;
>include "/etc/named.rfc1912.zones";
> };
>
> Where 10.10.80.0 is my network range. What may I do my server really
> listen for all my network? Nowadays it´s listenning just itself 
>
> Thanks very much for your attention.
> Miguel A. Velasco
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos