apache broke
Hi, Since I upgrade my SID box yesterday, I've been having major problems with my Apache. The problems started when cron.d ran this morning. The config has been like this for over a month, so I doubt it that that is the problem. When I do a 'strace -f apachectl start', the last lines are: old_mmap(0x40383000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0xae000) = 0x40383000 close(9)= 0 munmap(0x4024e000, 15836) = 0 stat64(/etc/cram-md5.pwd, 0xbfff7260) = -1 ENOENT (No such file or directory) stat64(/dev/urandom, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0 --- SIGSEGV (Segmentation fault) --- Switching the Apache LogLevel to 'debug' doesn't help at all. My error logs only show which config files are processed, no more. Can anyone give me a hint (or solution ;-) for this problem? If you need any additional info, please do not hesitate to contact me. TIA, Teun -- If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink [EMAIL PROTECTED] wrote a message of 39 lines which said: Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. my Apache. Probably the Glibc problem mentioned in the last issue of Debian Weekly News. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: blocking trough MAC Address
one note to this topic: anyone, who has root access to machine atteched to LAN, can setup any arbitrary MAC address to ethernet interface by using ifconfig command. so building access/accounting rules upon MAC addresses does not guarantee enhanced security/reliability, as some people would expect. sasha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink [EMAIL PROTECTED] wrote a message of 39 lines which said: Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. my Apache. Probably the Glibc problem mentioned in the last issue of Debian Weekly News. Thanks, I'll look into that. Teun -- If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink [EMAIL PROTECTED] wrote a message of 39 lines which said: Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. Both one point :-) Although I understand Stephane, I always thought this was the way of improving, building etc.etc.etc. Dev-work. And because it's sid in this case, maybe your better of in the debian's dev. department. I personaly wouldn't be at ease running a sid production box. :-) Cheers, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
On Tue, 29 Oct 2002, Mark Lijftogt wrote: On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink [EMAIL PROTECTED] wrote a message of 39 lines which said: Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. Both one point :-) Although I understand Stephane, I always thought this was the way of improving, building etc.etc.etc. Dev-work. And because it's sid in this case, maybe your better of in the debian's dev. department. I personaly wouldn't be at ease running a sid production box. :-) :) This isn't a real production box. On some of those we're still planning the migration from potato to woody. This is my personal box on which I host sites and mail for some friends... I'll check debian-devel mailinglists and IRC if i can find the time :) Thanx Teun -- If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
DNS zone file audit tool
Hello All I am looking for a means to audit our DNS zone files. Particularly I need something that checks that their are still upstream NS records pointing to our server for each domain that we host. Also I would like to check that our NS records point to valid name servers (particularly with secondary nameservers) and that our reverse DNS PTR records point to domains with valid A records. I am looking for a Debian friendly utility to help with this. I have had a look at nslint but it does not seem to do what we need it to do. Any other suggestions? Thanks Ian - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
At 03:31 PM 10/29/2002 +1100, you wrote: 1. (on BSDi), run pwunconv to convert to non-shadowed passwd file I don't have that utility on any of my BSDi machines, scanning Google for it now. i wouldn't (voluntarily) use anything else. actually, i still have a few solaris boxes, but they're considered legacy machines (i.e. they'll keep running as they are until they die or until we switch them over to debian). for the last few years, all our new servers have been debian. I hear you, these BSDi boxes have been wonderful and I was hoping for the same stability under Linux. BSDi went away because of lack of innovation, but there has to be a fine line between cutting edge and a reliable machine. I need to offer my clients good service, not the latest and greatest innovation that has not been tested. To me it appears Debian has reached this level, solid and innovative. -Scott -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
General DNS question?
I am migrating to Debian for my DNS servers, and am wondering if there is a way to setup something so that if anyone goes to .mycomany.com they get redirected to a host of my choice. We are trying to get rid of alot of old .mycomany.com records, but I'm afraid some of them are still in use. I would like anything that is not a valid entry to get send to the same place. Any idea's? Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
At 12:47 PM 10/28/2002 -0800, Jeremy C. Reed wrote: Here is my script I used a couple years ago. (I don't advocate Linux over BSD. I do advocate freedom of choice.) I think I will try this script, THANK YOU. The biggest problem, which I think we have all talked about is that BSDi starts at userid 100. I think I can modify the script to redo the userid count. I have used Debian for X workstations, X servers, DNS, mail, spam filtering, website hosting, radius, ldap, samba, printer servers, etc. I have BSDi for DNS, Radius, Sendmail, FTP and Web. I put up a Mandrake 8.2 box this summer on an IBM Netfinity Server and while the speed is impressive, the fact I have to kick it every few days is not. Cron jobs stop running with no mention in the log files, ftp shuts down, etc. I tried Red Hat 7.3 for a new mail server, but as mentioned here yesterday it failed. This is interesting. I can understand concerns with the commercial BSD/OS (especially over past 1.5 years). BSDi seemed to lack innovation after 1996. The product is solid, but expensive and when they started the license key with the 3.0 version I did not see any great innovation to compensate for that. It seemed they spent more time trying to get the license key to work. But what are the performance issues you have found? By performance I mean a couple of things. Time to deliver mail, time to query a database, time to dynamically create a web page, ftp transfer speed, etc. (By the way, if you are already a BSD administrator, it is easy to move from BSD/OS to NetBSD or FreeBSD). I had also considered that, but FreeBSD does not support my hardware (IBM ServerRAID2). -Scott -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Using testing (sarge) in production.
Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Also, do packages in testing get updated as security vulnerabilies occur? or only when the maintainers wish to upload a newer version? Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: General DNS question?
Hi, On Tue, Oct 29, 2002 at 09:16:49AM -0500, Jayson Johnson wrote: I am migrating to Debian for my DNS servers, and am wondering if there is a way to setup something so that if anyone goes to .mycomany.com they get redirected to a host of my choice. We are trying to get rid of alot of old .mycomany.com records, but I'm afraid some of them are still in use. I would like anything that is not a valid entry to get send to the same place. Any idea's? Use a wildcard DNS record in the zone for mycompany.com., like this: * IN A host.of.your.choice. If this is about webserving, then you also need to set up a properly configured virtual host in apache if you want to give each old host its own customized redirect page. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info msg07058/pgp0.pgp Description: PGP signature
Re: Using testing (sarge) in production.
Hi Fred, The first bit I can't say much about.. it's woody all the way here, but planning is made on bringen sarge in our env., but that's a long way from here. About the security updates. No, there is a security administration within Debian, but I read that they only work on the current stable version. When there is a update, the maintainer wil issue the new release, and not the security team, but they work together.. in any case. http://www.debian.org/security/faq Cheers, Mark Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Also, do packages in testing get updated as security vulnerabilies occur? or only when the maintainers wish to upload a newer version? Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
Hi, First, does anyone know of a way to export the user accounts on BSDi and import them into a Debian box? I have close to 5,000 accounts I need to bring over. From the password database conversion scripts I gather you are storing the user account information locally. Perhaps with this many users it would be advisable to use a directory like LDAP to store the user data. This would provide easier managability if you ever need to have the same accounts on multiple machines. Also you can ensure redundancy by having multiple servers. I am using LDAP for our user account authentication and it makes my job much easier, here is a URL for a document describing how it can be done : http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/ There are also conversion tools avialable to convert your current user database in one suitable for import into an LDAP directory, see www.padl.com. Hope this helps. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Using testing (sarge) in production.
On Tue, 29 Oct 2002, Fred Clausen wrote: Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Hi, We try to minimize the use of testing, but in some cases we had no real other option, since we really needed woody stuff when potato was still stable, and backporting would imply backporting way too many packages to keep the systems stable. Up 'till now, we haven't had many problems with running testing in production, although I must say that we started using testing (before woody was released), when it was pretty mature. For now, all we're still planning to migrate some of our more complicated machines to woody. We're not running testing on production machines yet, and I don't see many reasons for now to do so, but all will depend on how fast Debian will release their next release... Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
On Tue, 29 Oct 2002, Scott St. John wrote: At 03:31 PM 10/29/2002 +1100, you wrote: 1. (on BSDi), run pwunconv to convert to non-shadowed passwd file I don't have that utility on any of my BSDi machines, scanning Google for it now. pwunconv is the tool for converting a Linux passwd and Linux shadow file into one passwd (with hashed password) file. BSD doesn't have a shadow(5) file. And the master.passed(5) is a different format: master.passwd contains the passwd(5) info also. I hear you, these BSDi boxes have been wonderful and I was hoping for the same stability under Linux. BSDi went away because of lack of innovation, but there has to be a fine line between cutting edge and a reliable machine. I need to offer my clients good service, not the latest and greatest innovation that has not been tested. To me it appears Debian has reached this level, solid and innovative. I would also have to say that NetBSD and the other *BSDs are very innovative too, such as systrace (interactive policy generation for system calls). Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
On Tue, 29 Oct 2002, Scott St. John wrote: I think I will try this script, THANK YOU. The biggest problem, which I think we have all talked about is that BSDi starts at userid 100. I think I can modify the script to redo the userid count. Then you will also need to chown the files too. (When I did it, I just used the Linux system UIDs below 100 and the BSD regular users 100 and above.) Also, be sure to copy over your groups file and hand merge. I have BSDi for DNS, Radius, Sendmail, FTP and Web. I put up a Mandrake 8.2 box this summer on an IBM Netfinity Server and while the speed is impressive, the fact I have to kick it every few days is not. Cron jobs stop running with no mention in the log files, ftp shuts down, etc. I tried Red Hat 7.3 for a new mail server, but as mentioned here yesterday it failed. That is not good. Since you don't know what the problem is: it could be hardware related with kernel and the issues could continue under Debian. Or it could be that version of cron or ftpd, or ... But what are the performance issues you have found? By performance I mean a couple of things. Time to deliver mail, time to query a database, time to dynamically create a web page, ftp transfer speed, etc. I am not sure how that will change much with a simple OS change. (By the way, if you are already a BSD administrator, it is easy to move from BSD/OS to NetBSD or FreeBSD). I had also considered that, but FreeBSD does not support my hardware (IBM ServerRAID2). I do see that some *BSDs support its AIC-7880, but I don't know if that ServeRAID is supported. I do see that IBM has downloads for a few Linux distributions that may (should) work with Debian. Jeremy C. Reed http://www.isp-faq.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache broke
Teun Vink [EMAIL PROTECTED] schrieb: Hi, Hi, Can anyone give me a hint (or solution ;-) for this problem? If you need any additional info, please do not hesitate to contact me. Yes, I hope so. It is the imap.so. You can comment out the entry extension=imap.so in the php.ini file and start the apache. Got the same problem on my testbox :-) Found the solution in the german list.. Micha -- under construction.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Rare masq. problem
Solved fo the record TCP_ECN is a bad thing to have turned on by default i guess most of you already know that... just send newbies the link to this message El mar, 29-10-2002 a las 19:06, Jeremy C. Reed escribió: On 29 Oct 2002, Alex Borges (lex) wrote: connect to W can anyone help me?? Maybe. Please provide real information. Show us your IP masquerading rules. Show us your interfaces. Show us your routing table. Show us how you test. Show us when it works. Show us when it fails. Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
apache broke
Hi, Since I upgrade my SID box yesterday, I've been having major problems with my Apache. The problems started when cron.d ran this morning. The config has been like this for over a month, so I doubt it that that is the problem. When I do a 'strace -f apachectl start', the last lines are: old_mmap(0x40383000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9, 0xae000) = 0x40383000 close(9)= 0 munmap(0x4024e000, 15836) = 0 stat64(/etc/cram-md5.pwd, 0xbfff7260) = -1 ENOENT (No such file or directory) stat64(/dev/urandom, {st_mode=S_IFCHR|0444, st_rdev=makedev(1, 9), ...}) = 0 --- SIGSEGV (Segmentation fault) --- Switching the Apache LogLevel to 'debug' doesn't help at all. My error logs only show which config files are processed, no more. Can anyone give me a hint (or solution ;-) for this problem? If you need any additional info, please do not hesitate to contact me. TIA, Teun -- If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows.
Re: blocking trough MAC Address
one note to this topic: anyone, who has root access to machine atteched to LAN, can setup any arbitrary MAC address to ethernet interface by using ifconfig command. so building access/accounting rules upon MAC addresses does not guarantee enhanced security/reliability, as some people would expect. sasha
Re: apache broke
On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink [EMAIL PROTECTED] wrote a message of 39 lines which said: Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. my Apache. Probably the Glibc problem mentioned in the last issue of Debian Weekly News. Thanks, I'll look into that. Teun -- If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows.
Re: apache broke
On Tue, 29 Oct 2002, Mark Lijftogt wrote: On Tue, 29 Oct 2002, Stephane Bortzmeyer wrote: On Tue, Oct 29, 2002 at 10:45:44AM +0100, Teun Vink [EMAIL PROTECTED] wrote a message of 39 lines which said: Since I upgrade my SID box yesterday, I've been having major First, sid is named unstable (sid == System In Development) and for a reason. I know that that's why it's called unstable. But that doesn't mean that we shouldn't mention that and just wait until the package maintainer fixes it. Both one point :-) Although I understand Stephane, I always thought this was the way of improving, building etc.etc.etc. Dev-work. And because it's sid in this case, maybe your better of in the debian's dev. department. I personaly wouldn't be at ease running a sid production box. :-) :) This isn't a real production box. On some of those we're still planning the migration from potato to woody. This is my personal box on which I host sites and mail for some friends... I'll check debian-devel mailinglists and IRC if i can find the time :) Thanx Teun -- If an infinite number of monkeys sit at an infinite number of typewriters and randomly press keys, they will eventually produce the source code of MS-Windows.
DNS zone file audit tool
Hello All I am looking for a means to audit our DNS zone files. Particularly I need something that checks that their are still upstream NS records pointing to our server for each domain that we host. Also I would like to check that our NS records point to valid name servers (particularly with secondary nameservers) and that our reverse DNS PTR records point to domains with valid A records. I am looking for a Debian friendly utility to help with this. I have had a look at nslint but it does not seem to do what we need it to do. Any other suggestions? Thanks Ian - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa -
Re: Moving from BSDi
At 03:31 PM 10/29/2002 +1100, you wrote: 1. (on BSDi), run pwunconv to convert to non-shadowed passwd file I don't have that utility on any of my BSDi machines, scanning Google for it now. i wouldn't (voluntarily) use anything else. actually, i still have a few solaris boxes, but they're considered legacy machines (i.e. they'll keep running as they are until they die or until we switch them over to debian). for the last few years, all our new servers have been debian. I hear you, these BSDi boxes have been wonderful and I was hoping for the same stability under Linux. BSDi went away because of lack of innovation, but there has to be a fine line between cutting edge and a reliable machine. I need to offer my clients good service, not the latest and greatest innovation that has not been tested. To me it appears Debian has reached this level, solid and innovative. -Scott
General DNS question?
I am migrating to Debian for my DNS servers, and am wondering if there is a way to setup something so that if anyone goes to .mycomany.com they get redirected to a host of my choice. We are trying to get rid of alot of old .mycomany.com records, but I'm afraid some of them are still in use. I would like anything that is not a valid entry to get send to the same place. Any idea's? Thanks
Using testing (sarge) in production.
Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Also, do packages in testing get updated as security vulnerabilies occur? or only when the maintainers wish to upload a newer version? Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081
Re: General DNS question?
Hi, On Tue, Oct 29, 2002 at 09:16:49AM -0500, Jayson Johnson wrote: I am migrating to Debian for my DNS servers, and am wondering if there is a way to setup something so that if anyone goes to .mycomany.com they get redirected to a host of my choice. We are trying to get rid of alot of old .mycomany.com records, but I'm afraid some of them are still in use. I would like anything that is not a valid entry to get send to the same place. Any idea's? Use a wildcard DNS record in the zone for mycompany.com., like this: * IN A host.of.your.choice. If this is about webserving, then you also need to set up a properly configured virtual host in apache if you want to give each old host its own customized redirect page. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info pgpVhXgOESrUf.pgp Description: PGP signature
Re: Using testing (sarge) in production.
Hi Fred, The first bit I can't say much about.. it's woody all the way here, but planning is made on bringen sarge in our env., but that's a long way from here. About the security updates. No, there is a security administration within Debian, but I read that they only work on the current stable version. When there is a update, the maintainer wil issue the new release, and not the security team, but they work together.. in any case. http://www.debian.org/security/faq Cheers, Mark Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Also, do packages in testing get updated as security vulnerabilies occur? or only when the maintainers wish to upload a newer version? Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
Hi, First, does anyone know of a way to export the user accounts on BSDi and import them into a Debian box? I have close to 5,000 accounts I need to bring over. From the password database conversion scripts I gather you are storing the user account information locally. Perhaps with this many users it would be advisable to use a directory like LDAP to store the user data. This would provide easier managability if you ever need to have the same accounts on multiple machines. Also you can ensure redundancy by having multiple servers. I am using LDAP for our user account authentication and it makes my job much easier, here is a URL for a document describing how it can be done : http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/ There are also conversion tools avialable to convert your current user database in one suitable for import into an LDAP directory, see www.padl.com. Hope this helps. Cheers, Fred.
Re: Using testing (sarge) in production.
On Tue, 29 Oct 2002, Fred Clausen wrote: Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Hi, We try to minimize the use of testing, but in some cases we had no real other option, since we really needed woody stuff when potato was still stable, and backporting would imply backporting way too many packages to keep the systems stable. Up 'till now, we haven't had many problems with running testing in production, although I must say that we started using testing (before woody was released), when it was pretty mature. For now, all we're still planning to migrate some of our more complicated machines to woody. We're not running testing on production machines yet, and I don't see many reasons for now to do so, but all will depend on how fast Debian will release their next release... Teun
Re: Moving from BSDi
On Tue, 29 Oct 2002, Scott St. John wrote: At 03:31 PM 10/29/2002 +1100, you wrote: 1. (on BSDi), run pwunconv to convert to non-shadowed passwd file I don't have that utility on any of my BSDi machines, scanning Google for it now. pwunconv is the tool for converting a Linux passwd and Linux shadow file into one passwd (with hashed password) file. BSD doesn't have a shadow(5) file. And the master.passed(5) is a different format: master.passwd contains the passwd(5) info also. I hear you, these BSDi boxes have been wonderful and I was hoping for the same stability under Linux. BSDi went away because of lack of innovation, but there has to be a fine line between cutting edge and a reliable machine. I need to offer my clients good service, not the latest and greatest innovation that has not been tested. To me it appears Debian has reached this level, solid and innovative. I would also have to say that NetBSD and the other *BSDs are very innovative too, such as systrace (interactive policy generation for system calls). Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/
Re: Moving from BSDi
On Tue, 29 Oct 2002, Scott St. John wrote: I think I will try this script, THANK YOU. The biggest problem, which I think we have all talked about is that BSDi starts at userid 100. I think I can modify the script to redo the userid count. Then you will also need to chown the files too. (When I did it, I just used the Linux system UIDs below 100 and the BSD regular users 100 and above.) Also, be sure to copy over your groups file and hand merge. I have BSDi for DNS, Radius, Sendmail, FTP and Web. I put up a Mandrake 8.2 box this summer on an IBM Netfinity Server and while the speed is impressive, the fact I have to kick it every few days is not. Cron jobs stop running with no mention in the log files, ftp shuts down, etc. I tried Red Hat 7.3 for a new mail server, but as mentioned here yesterday it failed. That is not good. Since you don't know what the problem is: it could be hardware related with kernel and the issues could continue under Debian. Or it could be that version of cron or ftpd, or ... But what are the performance issues you have found? By performance I mean a couple of things. Time to deliver mail, time to query a database, time to dynamically create a web page, ftp transfer speed, etc. I am not sure how that will change much with a simple OS change. (By the way, if you are already a BSD administrator, it is easy to move from BSD/OS to NetBSD or FreeBSD). I had also considered that, but FreeBSD does not support my hardware (IBM ServerRAID2). I do see that some *BSDs support its AIC-7880, but I don't know if that ServeRAID is supported. I do see that IBM has downloads for a few Linux distributions that may (should) work with Debian. Jeremy C. Reed http://www.isp-faq.com/
Re: Moving from BSDi
On Tue, Oct 29, 2002 at 09:08:55AM -0500, Scott St. John wrote: At 03:31 PM 10/29/2002 +1100, you wrote: 1. (on BSDi), run pwunconv to convert to non-shadowed passwd file I don't have that utility on any of my BSDi machines, scanning Google for it now. that would be because BSDi has it's own version of shadow passwords. i saw that someone else posted an answer which described how to convert BSDi passwd files to a format compatible with linux. I hear you, these BSDi boxes have been wonderful and I was hoping for the same stability under Linux. BSDi went away because of lack of innovation, but there has to be a fine line between cutting edge and a reliable machine. if you use good hardware, linux is at least as stable as anything else. in my experience, the motherboard is the most important component to consider - buy the best you can afford for the job. trying to save money on the MB is going to cost you in downtime later on. a crap MB will result in a crap machine, no matter how good the other components are. this is why i prefer to buy clones from a reputable dealer rather than name-brandsthey will build me the exact machine i want using the motherboard and other components i specify, rather than just use whatever the current cheapie board on the market is, and usually for less than what the namebrand would cost for an equivalent machine. namebrand PCs also tend to have other annoying faults, like proprietary power supplies, limited upgradability, etc. I need to offer my clients good service, not the latest and greatest innovation that has not been tested. To me it appears Debian has reached this level, solid and innovative. yep. and for an ISP, it's perfect - everything you could possibly need in an ISP environment is packaged and generally works out-of-the-box with minimal configuration (i.e. the default config provided with the package is sane, you just need to tweak it for your needs) craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
Re: apache broke
Teun Vink [EMAIL PROTECTED] schrieb: Hi, Hi, Can anyone give me a hint (or solution ;-) for this problem? If you need any additional info, please do not hesitate to contact me. Yes, I hope so. It is the imap.so. You can comment out the entry extension=imap.so in the php.ini file and start the apache. Got the same problem on my testbox :-) Found the solution in the german list.. Micha -- under construction..
Ok, I'm sold!
Thanks to a friend very familiar with Debian I have my first Debian server up and running on a Dual Processor IBM Netfinity Server. One word: ROCKS! Just in playing around I see what I was hoping for with RH, speed, stability, performance! NICE :) Moving user accounts over tonight and will start the tests for it to become a replacement email server. Thank you to everyone on the list for your help. -Scott
Re: Ok, I'm sold!
:-) Always nice to see someone fall in love with Debian :-) Thanks to a friend very familiar with Debian I have my first Debian server up and running on a Dual Processor IBM Netfinity Server. One word: ROCKS! Just in playing around I see what I was hoping for with RH, speed, stability, performance! NICE :) Moving user accounts over tonight and will start the tests for it to become a replacement email server. Thank you to everyone on the list for your help. -Scott -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Ok, I'm sold!
I had this done to me about a year ago. I swore that I'd NEVER convert!! Shortly after the first one, I had him converting production servers on the fly - wow! scary!!! (he said it was kind of like changing the engine of a car going 100MPH down the highway...) 8) At 02:13 PM 10/29/02, you wrote: :-) Always nice to see someone fall in love with Debian :-) Thanks to a friend very familiar with Debian I have my first Debian server up and running on a Dual Processor IBM Netfinity Server. One word: ROCKS! Just in playing around I see what I was hoping for with RH, speed, stability, performance! NICE :) Moving user accounts over tonight and will start the tests for it to become a replacement email server. Thank you to everyone on the list for your help. -Scott _ This electronic message from may contain information which is privileged and confidential. It may not be disclosed to any third party without the sender's prior written consent. If you have received this electronic message in error, please contact the sender by return email and destroy the origin
Re: Ok, I'm sold!
On Tue, Oct 29, 2002 at 05:07:52PM -0500, Scott St. John wrote: Thanks to a friend very familiar with Debian I have my first Debian server up and running on a Dual Processor IBM Netfinity Server. One word: ROCKS! Just in playing around I see what I was hoping for with RH, speed, stability, performance! NICE :) Moving user accounts over tonight and will start the tests for it to become a replacement email server. btw, i strongly recommend switching from sendmail to postfix as part of the upgrade. postfix is mostly backwards-compatible with sendmail, but a lot faster and a lot better at resource management...i've seen sendmail boxes crash under less than 1/10th of the mail load that the exact same machine was capable of handling after we switched to postfix. a nice mail setup is: MTA: postfix-tls (supports RFC2847 TLS encryption and SMTP AUTH) MDA: courier-maildrop POP IMAP: courier-pop, courier-pop-ssl, courier-imap, courier-imap-ssl WEBMAIL: courier's sqwebmail ANTI-SPAM: amavis with spamassassin, and lots of entries in your postfix smtpd_*_restrictions access maps. ANTI-VIRUS: amavis with clamav all of these are, of course, packaged for debian. as always, the most important factor for performance of a busy mail server is the disks. mail is an I/O-bound application, your CPUs will be sitting idle most of the time waiting for data to/from the drives. a large hardware RAID-5 array with non-volatile write caching is ideal for mail. also, reiserfs or XFS filesystems are a better choice than ext2 (especially if you use Maildir/ which results in lots of little files in a directory, which is a real performance killer under traditional type *nix filesystems like ext2) this issue is discussed regularly on the postfix-users mailing list. check the archives for more info if you're interested. http://www.postfix.org/ and follow the links to the list archives. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
Rare masq. problem
Okay... i have a very extremely rare problem with iptables look here... ive an internal host I that connectos through gateway F... it attempot to contact website W and succeeds. when i attempt to do so from F, it fails to connect Now, the problem is that, if i set up a squid on F, obviously, connection to W from I fails since F cannot connect to W can anyone help me?? Of course... im masquerading all traffic from I network's in the most open way possible for now. Now, this happens with some sites (W's), not all im very worried... -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: Rare masq. problem
On 29 Oct 2002, Alex Borges (lex) wrote: connect to W can anyone help me?? Maybe. Please provide real information. Show us your IP masquerading rules. Show us your interfaces. Show us your routing table. Show us how you test. Show us when it works. Show us when it fails. Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/
Re: Rare masq. problem
Solved fo the record TCP_ECN is a bad thing to have turned on by default i guess most of you already know that... just send newbies the link to this message El mar, 29-10-2002 a las 19:06, Jeremy C. Reed escribió: On 29 Oct 2002, Alex Borges (lex) wrote: connect to W can anyone help me?? Maybe. Please provide real information. Show us your IP masquerading rules. Show us your interfaces. Show us your routing table. Show us how you test. Show us when it works. Show us when it fails. Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: Ok, I'm sold!
At 11:13 PM 10/29/2002 +0100, you wrote: Always nice to see someone fall in love with Debian :-) Oh, I am in love alright. I am just amazed, but sad at the same time. This is what Linux is capable of, but there are distributions out there that do not give this kind of performance. I guess it comes down to what you want the machine to do, mail is really I/O intensive. I have a Suse lap top that I develop web apps on and I have Xemacs and XMMS running for days at a time with no trouble. So, in the end I guess it comes down to your needs. -Scott
postfix-mysql problems ...help
Hi, I have been tearing my hair out trying to get postfix and a virtual mail solution setup and working here at our small isp. Not only is there a lack of docs but I was wondering if you could help me, im almost positive yesterday when I attempted to install postfix-mysql package , that when it did install it created a : main.cf file with support for transport.cf / uids.cf / gids.cf / aliases.cf and mysql-virt.cf and then when i viewed the directory the files were created also transport.cf / uids.cf / gids.cf / alisaes.cf / mysql-virt.cf and they were all confd to work the database 'maildb' was created and all.. but I was attempting to get vmail-sql working with a different setup so i moved all those files away, but now on a completely new debian box and i go apt-get install postfix-mysql it installs the base postfix with the mysql library file and no conf files is anyone able to explain this ? or am i crazy...ive searched for the file mysql-virt.cf through packages.debian.org and have been unable to find it hiding in any package in case it was something extra I installed and completely forgot about.. all help appreciate stared so long at it, i dont know if its something simple i missed or what... Please feel free to contact us with any further queries. Thank You Mario Zuppini Systems Administrator Total Cybersolutions www.cybersol.com.au PO BOX 2081 Windsor QLD 4030 Australia Phone : +617-3861-0882 Fax: +617-3861-0884 [EMAIL PROTECTED]