xfs vs jfs performance
I am moving away from using ext3 on my servers due to its high overhead and lower performance. I am considering either XFS or JFS. Does anybody know how XFS compares to JFS or if they can be compared together. I want to use a journaled file-system on a IMAP server that holds 4000+ users mail. The IMAP volume is using RAID 5 ARRAY, but we do not have a generator. When the power goes out for over an hour, the server goes down hard. A journaled file-system, helps speed recovery from the power outages. Although this has not happened yet, I want to be prepared for it. Currently, the ext3 file-system seems to be slowing down mail accessibility under heavy loads. Additionally, I am using kernel quota on the file-system, which I hope to phase out with Courier IMAP maildrop in the near future. I am aware that XFS is one of the best performing journaled file-systems out there, but how does JFS compare to it. Has anyone seen any tests ran side by side The only reason I ask is that the JFS file-system seems to have made it in the standard Debian Kernel (2.4.20). -Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: xfs vs jfs performance
I am not talking about huge delays but rather occasional 2-5 second delays. I am using Courier IMAP with the Ext3 file-system and kernel quotas. Postfix is delivering the Maildir file to the users' space. The way Courier IMAP works is each mail becomes a separate '.imap' file. Depending on the file's state, it goes into a different directory. For example, when a new mail comes in it goes to, Maildir/.new When it has been viewed it moves from Maildir/.new to Maildir/.cur. If I put files in my personal directory they end up in Maildir/.Personal/.cur. Since I have about 200 - 250 people logged in during peak periods on a dual 700Mhz machine that is mostly idle 95% of the time (except for the off peak hour backups and quota indexing), it appears that the file-system must be the bottleneck. I calculate that Courier IMAP is moving about 200-500 files every minute during the delays. Additionally, mail is coming in at the rate of 100-300 messages per minute. Since ext3 is built on top of ext2, it adds a lot of overhead. The kernel quotas add more overhead. Although it is easy to move from ext2 to ext3, it does not offer any greater read or write performance. In this month's Linux Journal, for example, there is an article about the new SGI 64 bit machine. One thing that they used for metrics was the file-system. According the article both ext2 and xfs performed about the same on the 'super server'. Reiser and ext3 both performed about 1/4 that of ext2. Since the system is not being taxed in any other noticeable way according to sar, I feel that the file-system must be the bottleneck. More specifically, it has to be ext3 or the quotas with ext3. On Wed, Feb 12, 2003 at 08:16:47AM +1100, Jean-Francois Dive wrote: Hi, not that i ever tested any of those 2 new file-system, but i have some troubles to believe that the FS'd be the bottleneck in your scenario; maybe i'm wrong, and 'd be interested to read some tests too though. JeF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
After reading more on this issue, I have decided that I have 2 choices. Use FreeBSD for a Bridging Bandwidth Shaper/ Firewall or use Linux as a Routing/ Bandwidth Shaping firewall. The later seems to be the best idea since I know more about Linux. I found that Linux does provide Bridging support, but the bridging support in 2.4.x Kernels is not tied into any firewall support. FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if people want to use Linux as a bandwidth shaping/ firewall bridge they will have to wait for the 2.6.x kernel. Linux seems fairly simple to setup as a router. From there the firewall, and Bandwidth shaping parts can be built on the fly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
After reading more on this issue, I have decided that I have 2 choices. Use FreeBSD for a Bridging Bandwidth Shaper/ Firewall or use Linux as a Routing/ Bandwidth Shaping firewall. The later seems to be the best idea since I know more about Linux. I found that Linux does provide Bridging support, but the bridging support in 2.4.x Kernels is not tied into any firewall support. FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if people want to use Linux as a bandwidth shaping/ firewall bridge they will have to wait for the 2.6.x kernel. Linux seems fairly simple to setup as a router. From there the firewall, and Bandwidth shaping parts can be built on the fly.
Re: understanding Routing Cisco vs. Linux
what exactly is that you are trying to do... I am trying to reduce latency, reduce peer to peer bandwidth hogs, and do some stateful firewalling while I am at it. I want to drop in one Debian Linux box running the 2.4.19 Kernel between the router and the switch. The Linux box has 2 interfaces. It will be routing and inspecting packets. I understand the first thing I need to do is get packets to route. This is the hard part for me. I have used IP-tables with one network and nat, but I have never routed multiple networks. We have 6 T-1 with 16 class C networks coming into a Cisco 7200 VXR. The router is managed by Fast-net, our upstream provider. They were kind enough to give the router config file. ;-) Here is the part I am need to worry about. ip classless ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 ip route 209.243.36.0 255.255.255.0 FastEthernet0/0 ip route 209.243.37.0 255.255.255.0 FastEthernet0/0 ip route 209.243.38.0 255.255.255.0 FastEthernet0/0 ip route 209.243.39.0 255.255.255.0 FastEthernet0/0 ip route 209.243.40.0 255.255.255.0 FastEthernet0/0 ip route 209.243.41.0 255.255.255.0 FastEthernet0/0 ip route 209.243.42.0 255.255.255.0 FastEthernet0/0 ip route 209.243.43.0 255.255.255.0 FastEthernet0/0 ip route 209.243.44.0 255.255.255.0 FastEthernet0/0 ip route 209.243.45.0 255.255.255.0 FastEthernet0/0 ip route 209.243.46.0 255.255.255.0 FastEthernet0/0 ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 We manage the Catalyst 5500 switch. I am not sure how the Linux box functioning as a Router/firewall/shaper will fit in the network. Should I ask Fast-net to reconfigure their router so that their router passes all packets to the new Linux router ? Or, do I need simply to connect 2 cross over cables and drop in the Linux router and reconfigure the switch to point to the new router ? Things I am looking at: http://linux.oreillynet.com/pub/a/linux/2000/08/24/LinuxAdmin.html http://www.linuxpowered.com/archive/howto/Adv-Routing-HOWTO-12.html http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.ultimate-tc.html Don't think I will be making it a bridge http://mailman.ds9a.nl/pipermail/lartc/2001q3/001424.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
Forwarded email. ---BeginMessage--- Hi Thedore On Thu, Sep 26, 2002 at 09:08:26AM -0400, Thedore Knab wrote: I am trying to reduce latency, reduce peer to peer bandwidth hogs, and do some stateful firewalling while I am at it. Here is the part I am need to worry about. ip classless ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ... ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 Your provider probably should have done some supernetting rather than listing all these /24s.. but that is a nicety (I hope he ISNT annoucing them as /24s! into the BGP). By the looks of it you aren't using ANY vlans.. as the router is dumping all the packets onto the local fast ethernet. (the config on the 5500 would interest me). What you might want to try and do is setup 802.1Q between the Cat 5500 and your linux box. You will then need a transfer network between the linux box and the cisco. The Linux box interface connected to the Cat 5500 should look like multiple 'sub interfaces' (havent used the 802.1q on linux so dont know exactly how its implemented). This will effectively turn your box into a router with 'X' interfaces (one into each vlan on the switch), and all traffic between ports will go over the linux box. (to be honest, it would probably be easier taking control of the 7200 and not botherring with the linux box). A sample config with a linux box Internet | | C7200 192.168.0.1/28 (you should probably use NON RFC addresses here) | | 192.168.0.2/28 Linux Vlan 1 x.x.x.1/24 Vlan 2 x.x.y.1/24 Vlan 3 x.x.z.1/24 | | Trunk C5500 | |---Server in Vlan1 | |---Server in VLan2 and on the cisco 7200 route your networks to 192.168.0.2... and the servers in Vlan one use the default route of x.x.x.1, vlan 2x.x.y.1, etc but as I said, consider using the 7200 to do this. Andrew ---End Message---
Re: understanding Routing Cisco vs. Linux
I put both the router config file and catalyst config file here. I did not create either of them. The only Cisco devices I have setup where Cisco Local Directors. http://albert.washcoll.edu/~tknab2/debian_isp/ If you want to look at it. user: debian pass: debian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
what exactly is that you are trying to do... I am trying to reduce latency, reduce peer to peer bandwidth hogs, and do some stateful firewalling while I am at it. I want to drop in one Debian Linux box running the 2.4.19 Kernel between the router and the switch. The Linux box has 2 interfaces. It will be routing and inspecting packets. I understand the first thing I need to do is get packets to route. This is the hard part for me. I have used IP-tables with one network and nat, but I have never routed multiple networks. We have 6 T-1 with 16 class C networks coming into a Cisco 7200 VXR. The router is managed by Fast-net, our upstream provider. They were kind enough to give the router config file. ;-) Here is the part I am need to worry about. ip classless ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 ip route 209.243.36.0 255.255.255.0 FastEthernet0/0 ip route 209.243.37.0 255.255.255.0 FastEthernet0/0 ip route 209.243.38.0 255.255.255.0 FastEthernet0/0 ip route 209.243.39.0 255.255.255.0 FastEthernet0/0 ip route 209.243.40.0 255.255.255.0 FastEthernet0/0 ip route 209.243.41.0 255.255.255.0 FastEthernet0/0 ip route 209.243.42.0 255.255.255.0 FastEthernet0/0 ip route 209.243.43.0 255.255.255.0 FastEthernet0/0 ip route 209.243.44.0 255.255.255.0 FastEthernet0/0 ip route 209.243.45.0 255.255.255.0 FastEthernet0/0 ip route 209.243.46.0 255.255.255.0 FastEthernet0/0 ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 We manage the Catalyst 5500 switch. I am not sure how the Linux box functioning as a Router/firewall/shaper will fit in the network. Should I ask Fast-net to reconfigure their router so that their router passes all packets to the new Linux router ? Or, do I need simply to connect 2 cross over cables and drop in the Linux router and reconfigure the switch to point to the new router ? Things I am looking at: http://linux.oreillynet.com/pub/a/linux/2000/08/24/LinuxAdmin.html http://www.linuxpowered.com/archive/howto/Adv-Routing-HOWTO-12.html http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.ultimate-tc.html Don't think I will be making it a bridge http://mailman.ds9a.nl/pipermail/lartc/2001q3/001424.html
Re: understanding Routing Cisco vs. Linux
Forwarded email. ---BeginMessage--- Hi Thedore On Thu, Sep 26, 2002 at 09:08:26AM -0400, Thedore Knab wrote: I am trying to reduce latency, reduce peer to peer bandwidth hogs, and do some stateful firewalling while I am at it. Here is the part I am need to worry about. ip classless ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ... ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 Your provider probably should have done some supernetting rather than listing all these /24s.. but that is a nicety (I hope he ISNT annoucing them as /24s! into the BGP). By the looks of it you aren't using ANY vlans.. as the router is dumping all the packets onto the local fast ethernet. (the config on the 5500 would interest me). What you might want to try and do is setup 802.1Q between the Cat 5500 and your linux box. You will then need a transfer network between the linux box and the cisco. The Linux box interface connected to the Cat 5500 should look like multiple 'sub interfaces' (havent used the 802.1q on linux so dont know exactly how its implemented). This will effectively turn your box into a router with 'X' interfaces (one into each vlan on the switch), and all traffic between ports will go over the linux box. (to be honest, it would probably be easier taking control of the 7200 and not botherring with the linux box). A sample config with a linux box Internet | | C7200 192.168.0.1/28 (you should probably use NON RFC addresses here) | | 192.168.0.2/28 Linux Vlan 1 x.x.x.1/24 Vlan 2 x.x.y.1/24 Vlan 3 x.x.z.1/24 | | Trunk C5500 | |---Server in Vlan1 | |---Server in VLan2 and on the cisco 7200 route your networks to 192.168.0.2... and the servers in Vlan one use the default route of x.x.x.1, vlan 2x.x.y.1, etc but as I said, consider using the 7200 to do this. Andrew ---End Message---
Re: understanding Routing Cisco vs. Linux
I put both the router config file and catalyst config file here. I did not create either of them. The only Cisco devices I have setup where Cisco Local Directors. http://albert.washcoll.edu/~tknab2/debian_isp/ If you want to look at it. user: debian pass: debian
understanding Routing Cisco vs. Linux
Currently, I am creating a simple Linux Router with CQB and Iptables. The machine I have only has 2 interfaces. We have the following devices on our network: 1 Cisco Catalyst connecting 16 Class C Networks 1 Cisco Router Routing packets to the inside The Catalyst uses VLans for our entire network. It appears that the Catalyst is doing routing for the virtual networks as it should. But, I am scratching my head over how the Catalyst handles incoming and outgoing connections. Traffic seems to flow differently depending on its direction. Do I need to worry about how the VLAN handles packets when I install the Linux Router ? Also does the following diagram look like it will work ? Currently the route is - Trunk | 209.243.32.65 | | | 192.146.226.1 (Catalyst Routing of Vlans) [Catalyst] ---209.243.32.0/20 ---192.146.226.0/24 I figure that this may work it is my first attempt at using iproute: Trunk | 209.243.32.65 | [Linux Router] 209.243.32.66 eth0 209.243.32.67 eth1 ip route add 209.243.32.65 dev eth0 ip route add 192.146.226.1 dev eth1 ip route add 192.146.226.0/24 dev eth1 ip route add 209.243.33.0/24 dev eth1 ip route add 209.243.34.0/24 dev eth1 ... | | 192.146.226.1 (Catalyst Internal Routing) [Catalyst] ---209.243.32.0/20 ---192.146.226.0/24 http://www.shorewall.net/traffic_shaping.htm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
understanding Routing Cisco vs. Linux
Currently, I am creating a simple Linux Router with CQB and Iptables. The machine I have only has 2 interfaces. We have the following devices on our network: 1 Cisco Catalyst connecting 16 Class C Networks 1 Cisco Router Routing packets to the inside The Catalyst uses VLans for our entire network. It appears that the Catalyst is doing routing for the virtual networks as it should. But, I am scratching my head over how the Catalyst handles incoming and outgoing connections. Traffic seems to flow differently depending on its direction. Do I need to worry about how the VLAN handles packets when I install the Linux Router ? Also does the following diagram look like it will work ? Currently the route is - Trunk | 209.243.32.65 | | | 192.146.226.1 (Catalyst Routing of Vlans) [Catalyst] ---209.243.32.0/20 ---192.146.226.0/24 I figure that this may work it is my first attempt at using iproute: Trunk | 209.243.32.65 | [Linux Router] 209.243.32.66 eth0 209.243.32.67 eth1 ip route add 209.243.32.65 dev eth0 ip route add 192.146.226.1 dev eth1 ip route add 192.146.226.0/24 dev eth1 ip route add 209.243.33.0/24 dev eth1 ip route add 209.243.34.0/24 dev eth1 ... | | 192.146.226.1 (Catalyst Internal Routing) [Catalyst] ---209.243.32.0/20 ---192.146.226.0/24 http://www.shorewall.net/traffic_shaping.htm
traffic shapper.deb
I was wondering if anyone is using shaper.deb to manage bandwidth. http://packages.debian.org/testing/net/shaper.html The kernel modules that this package depends on are experimental in the 2.4.19 kernel. I would like to implement it, but I experimental kernel modules scare me on servers. -Ted
kernel quota control with LDAP
I want to use kernel level quotas with LDAP to simplify adminstration of my mailserver. Can this be done ? Currently, I am keeping track of uids in both an /etc/passwd on the filesystem and an LDAP database. What would allow me to simplify this ? I have 2021 users on a new mail system with Courier IMAP server, with Postfix, Squirrel Mail, and LDAP. My account looks like this in LDAP: dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu uid: tknab2 cn: Theodore Knab mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] uidNumber: 1100 gidNumber: 1001 mailHost: imap.mycoll.edu homeDirectory: /var/imap/mycoll/tknab2 mailMessageStore: /var/imap/mycoll/tknab2/Maildir mailQuota: 2S, 2C mailbox: tknab2/Maildir/ objectClass: qmailuser objectClass: couriermailaccount userPassword: {cyrpt} notreal accountStatus: active mailForwardingAddress: [EMAIL PROTECTED] On the IMAP server my account looks like this: imap:/var/imap# cat /etc/passwd | grep -i knab tknab2:x:1100:1001::/var/imap/mycoll/tknab2:/bin/false imap:/var/imap# repquota -a | grep -i tknab tknab2-- 60692 8 9 11699 0 0 I think that the schema I choose allows for: loginshell: /bin/false -- - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Xeon on Linux
Seem to work fine here. I am running three Xeon Netfinity Servers X250 series. 2 have the 2.4.18 kernel running with ext3 while one is just an almost default install of Redhat. None of them had any problems so far. But, for the price/performance the dual P-III 1G would be better. How does Linux support Xeon CPU currently? I am considering to use dual P-III 1G or single Xeon 2.2G architecture. Any suggestions appreciated. - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
kernel quota control with LDAP
I want to use kernel level quotas with LDAP to simplify adminstration of my mailserver. Can this be done ? Currently, I am keeping track of uids in both an /etc/passwd on the filesystem and an LDAP database. What would allow me to simplify this ? I have 2021 users on a new mail system with Courier IMAP server, with Postfix, Squirrel Mail, and LDAP. My account looks like this in LDAP: dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu uid: tknab2 cn: Theodore Knab mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] uidNumber: 1100 gidNumber: 1001 mailHost: imap.mycoll.edu homeDirectory: /var/imap/mycoll/tknab2 mailMessageStore: /var/imap/mycoll/tknab2/Maildir mailQuota: 2S, 2C mailbox: tknab2/Maildir/ objectClass: qmailuser objectClass: couriermailaccount userPassword: {cyrpt} notreal accountStatus: active mailForwardingAddress: [EMAIL PROTECTED] On the IMAP server my account looks like this: imap:/var/imap# cat /etc/passwd | grep -i knab tknab2:x:1100:1001::/var/imap/mycoll/tknab2:/bin/false imap:/var/imap# repquota -a | grep -i tknab tknab2-- 60692 8 9 11699 0 0 I think that the schema I choose allows for: loginshell: /bin/false -- - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Xeon on Linux
Seem to work fine here. I am running three Xeon Netfinity Servers X250 series. 2 have the 2.4.18 kernel running with ext3 while one is just an almost default install of Redhat. None of them had any problems so far. But, for the price/performance the dual P-III 1G would be better. How does Linux support Xeon CPU currently? I am considering to use dual P-III 1G or single Xeon 2.2G architecture. Any suggestions appreciated. - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: maildir with vacation
I am attempting to get the vacation notice working with Postfix with virtual users on a Maildir. I am not sure if I can use the vacation (Debian package) with virtual users. Is anyone using it ? Any suggestions ? Currently all my users are stored in an LDAP database where I use both the qmail and the courier schema like this: dn: uid=jerky-user4,ou=mailaccounts,dc=mycoll,dc=edu uid: jerky-user4 cn: jerky-user4 mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] uidNumber: 99331 gidNumber: 3332 mailHost: imap.mycoll.edu homeDirectory: /var/imap/mycoll/jerky-user4 mailMessageStore: /var/imap/mycoll/jerky-user4/Maildir mailForwardingAddress: [EMAIL PROTECTED] mailbox: jerky-user4/Maildir/ deliveryMode: normal mailReplyText: I am on vacation. objectClass: qmailuser objectClass: couriermailaccount creatorsName: cn=admin, dc=mycoll, dc=edu accountStatus: active On the file-system all the users are owned by vmail: drwx--S--- 2024 vmailvmail 40960 May 22 14:09 /var/imap/mycoll My postconf for the IMAP server is pretty straight forward. imap:/var/imap# postconf -n biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 delay_warning_time = 4 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailbox_size_limit = 2048 message_size_limit = 1028 mydestination = $myhostname, $mydomain, localhost.$mydomain mydomain = mycoll.edu myhostname = imap.mycoll.edu mynetworks = 127.0.0.0/8 myorigin = $mydomain program_directory = /usr/lib/postfix smtpd_banner = $myhostname NO UCE ESMTP (NO SPAM PLEASE) virtual_gid_maps = static:1001 virtual_mailbox_base = /var/imap/mycoll/ virtual_mailbox_maps = ldap:ldapsource virtual_minimum_uid = 500 virtual_uid_maps = static:1001 I ran vacation -i. I also put the following files in my users Maildir. -rw-r--r--1 vmailvmail 43 May 31 10:09 .forward -rw-r--r--1 vmailvmail 139 May 31 09:46 .vacation.msg imap:/var/imap/mycoll/jerky-user4/Maildir# cat .forward \jerky-user4, |/usr/bin/vacation jerky-user4 imap:/var/imap/mycoll/jerky-user4/Maildir# cat .vacation.msg From: [EMAIL PROTECTED] Subject: Far Away from my mail. Hi!. I am not on vacation, but this is a test of the vacation mail thing. -- - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: maildir with vacation
I am attempting to get the vacation notice working with Postfix with virtual users on a Maildir. I am not sure if I can use the vacation (Debian package) with virtual users. Is anyone using it ? Any suggestions ? Currently all my users are stored in an LDAP database where I use both the qmail and the courier schema like this: dn: uid=jerky-user4,ou=mailaccounts,dc=mycoll,dc=edu uid: jerky-user4 cn: jerky-user4 mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] uidNumber: 99331 gidNumber: 3332 mailHost: imap.mycoll.edu homeDirectory: /var/imap/mycoll/jerky-user4 mailMessageStore: /var/imap/mycoll/jerky-user4/Maildir mailForwardingAddress: [EMAIL PROTECTED] mailbox: jerky-user4/Maildir/ deliveryMode: normal mailReplyText: I am on vacation. objectClass: qmailuser objectClass: couriermailaccount creatorsName: cn=admin, dc=mycoll, dc=edu accountStatus: active On the file-system all the users are owned by vmail: drwx--S--- 2024 vmailvmail 40960 May 22 14:09 /var/imap/mycoll My postconf for the IMAP server is pretty straight forward. imap:/var/imap# postconf -n biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 delay_warning_time = 4 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailbox_size_limit = 2048 message_size_limit = 1028 mydestination = $myhostname, $mydomain, localhost.$mydomain mydomain = mycoll.edu myhostname = imap.mycoll.edu mynetworks = 127.0.0.0/8 myorigin = $mydomain program_directory = /usr/lib/postfix smtpd_banner = $myhostname NO UCE ESMTP (NO SPAM PLEASE) virtual_gid_maps = static:1001 virtual_mailbox_base = /var/imap/mycoll/ virtual_mailbox_maps = ldap:ldapsource virtual_minimum_uid = 500 virtual_uid_maps = static:1001 I ran vacation -i. I also put the following files in my users Maildir. -rw-r--r--1 vmailvmail 43 May 31 10:09 .forward -rw-r--r--1 vmailvmail 139 May 31 09:46 .vacation.msg imap:/var/imap/mycoll/jerky-user4/Maildir# cat .forward \jerky-user4, |/usr/bin/vacation jerky-user4 imap:/var/imap/mycoll/jerky-user4/Maildir# cat .vacation.msg From: [EMAIL PROTECTED] Subject: Far Away from my mail. Hi!. I am not on vacation, but this is a test of the vacation mail thing. -- - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Postfix / Courier IMAP maildir quotas
Here's my setup: - a Woody box - Postfix delivers mail to /var/imap/mydomain/user - Courier IMAP is my generic IMAP server - There is a group quota for /var/imap partition Disk quotas for group vmail (gid 1001): Filesystem blocks soft hard inodes soft hard dev/sda5 122084 20 20 8518 00 ~ - all users are assigned userid and group id of vmail - all users use an IMAP client to fetch their mail - I am using LDAP with Courier and Postfix so none of the users have a shell account. The problem is that quotas are not working. I was trying to setup up 20M limits for everyone at the kernel level. I was also trying to setup 20M limits at the application (courier) level. This is a live system with 50 users. In a few weeks, 1992 users will be on it. How could I redesign this system with the minium amount of work to ensure mail quotas would function properly ? My sample LDAP entry for a generic 20M quota user: dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu uid: tknab2 cn: Ted [ Theodore ] Knab mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] uidNumber: 1005 gidNumber: 1001 mailhost: imap.mycoll.edu accountstatus: active homedirectory: /var/imap/mycoll/tknab2 mailmessagestore: /var/imap/mycoll/tknab2/Maildir mailForwardingAddress: [EMAIL PROTECTED] mailquota: 2S, 2C mailbox: tknab2/Maildir/ clearpassword: not-real objectClass: qmailuser objectClass: couriermailaccount imap:/var/imap/mycoll# grep -v ^# /etc/courier/authldaprc LDAP_SERVER myldapserver LDAP_PORT 389 LDAP_BASEDN ou=mailaccounts,dc=mycoll,dc=edu LDAP_BINDDN cn=courier,dc=mycoll,dc=edu LDAP_BINDPW notreal LDAP_TIMEOUT10 LDAP_MAIL mail LDAP_DOMAIN mycoll.edu LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_HOMEDIRhomeDirectory LDAP_MAILDIRQUOTA mailquota LDAP_FULLNAME cn LDAP_CLEARPWclearPassword LDAP_CRYPTPWuserPassword imap:/var/imap/mycoll# postconf -n biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 delay_warning_time = 4 local_recipient_maps = $virtual_mailbox_maps local_transport = virtual mail_owner = postfix mailbox_size_limit = 2048 #20M mydestination = $myhostname, $mydomain, localhost.$mydomain mydomain = mycoll.edu myhostname = imap.mycoll.edu mynetworks = 127.0.0.0/8 myorigin = $mydomain program_directory = /usr/lib/postfix smtpd_banner = $myhostname NO UCE ESMTP (NO SPAM PLEASE) virtual_gid_maps = static:1001 virtual_mailbox_base = /var/imap/mycoll/ virtual_mailbox_maps = ldap:ldapsource virtual_minimum_uid = 500 virtual_uid_maps = static:1001 - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Courier IMAP authldap with OpenLDAP
Thanks for your reply. :-) It appears that courier needs to have 2 enteries for Maldir. LDAP_MAILDIR homeDirectory LDAP_HOMEDIR homeDirectory Why are you using uidNumber/gidNumber attributes? In that case you should use LDAP_UID and LDAP_GID instead of the globals I thought I needed them. I will try and take them out. - I feel naked outside of Vim. - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Courier IMAP authldap with OpenLDAP
I was wondering if anyone is success fully running openldap from the debian packages with Courier IMAP's LDAP module for authentication. I am getting strange timeouts on a remote client which is preventing successful authentication. I have tested logins with both Netscape and Mulberry. Mulberry gives me a timeout on successful authentication. It gives me an authentication error with the wrong password. Same with Netscape. I don't know how to get around this. remote client | [IMAP server]---auth[LDAP Server] I am using the woody packages for Courier IMAP and Open-LDAP. ii courier-authda 0.37.3-1 Courier Mail Server authentication ii courier-base 0.37.3-1 Courier Mail Server Base System ii courier-debug 0.37.3-1 Debugging Tools for Courier Mail ii courier-doc0.37.3-1 Documentation for the Courier Mail ii courier-imap 1.4.3-1IMAP daemon with PAM and Maildir ii courier-ldap 0.37.3-1 LDAP support for Courier Mail Server ii maildrop 1.3.7-2mail delivery agent with filtering The courier debugger on the server tells me that everything is working fine. It gets all the data it should. imap-mail:/home/ted# courierauthtest tester1 tester1 Authenticated: module authdaemon Home directory: /home/staff/tester1 UID/GID: 1001/1001 AUTHADDR=tester1 AUTHFULLNAME=test t. tinker I noticed something in the authldaprc file about openldap having memory leaks. Does anyone have any info on this ? ##VERSION: $Id: authldaprc,v 1.12 2001/11/19 01:04:17 mrsam Exp $ # # Copyright 2000-2001 Double Precision, Inc. See COPYING for # distribution information. # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # authldaprc created from authldaprc.dist by sysconftool # # DO NOT INSTALL THIS FILE with world read permissions. This file # might contain the LDAP admin password! # # This configuration file specifies LDAP authentication parameters # # The format of this file must be as follows: # # field[spaces|tabs]value # # That is, the name of the field, followed by spaces or tabs, followed # by # field value. No trailing spaces. # # Here are the fields: ##NAME: LOCATION:0 # # Location of your LDAP server: #LDAP_SERVERldap.example.com LDAP_SERVER 209.243.37.9 LDAP_PORT 389 ##NAME: LDAP_BASEDN:0 # # Look for authentication here: #LDAP_BASEDNo=example, c=com LDAP_BASEDN ou=mailaccounts,dc=washcoll,dc=edu ##NAME: LDAP_BINDDN:0 # You may or may not need to specify the following. Because you've got # a password here, authldaprc should not be world-readable!!! #LDAP_BINDDNcn=administrator, o=example, c=com LDAP_BINDDN cn=courier,dc=washcoll,dc=edu LDAP_BINDPW couriersecret #LDAP_BINDDNcn=admin,dc=washcoll,dc=edu #LDAP_BINDPWsecret ##NAME: LDAP_TIMEOUT:0 # # Timeout for LDAP search LDAP_TIMEOUT10 LDAP_AUTHBIND 0 ##NAME: LDAP_AUTHBIND:0 # # Define this to have the ldap server authenticate passwords. If # LDAP_AUTHBIND # the password is validated by rebinding with the supplied userid and # password. # If rebind succeeds, this is considered to be an authenticated request. # This # does not support CRAM-MD5 authentication, which requires userPassword. # # WARNING - as of the time this note is written, there are memory leaks # in # OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug # tracker. Avoid using this option until these leaks are plugged. # # LDAP_AUTHBIND 1 ##NAME: LDAP_MAIL:0 # # Here's the field on which we query LDAP_MAIL mail ##NAME: LDAP_DOMAIN:0 # # The following default domain will be appended, if not explicitly # specified. # # LDAP_DOMAIN example.com LDAP_DOMAIN washcoll.edu ##NAME: LDAP_GLOB_IDS:0 # # The following two variables can be used to set everybody's uid and # gid. # This is convenient if your LDAP specifies a bunch of virtual mail # accounts # The values can be usernames or userids: # LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail ##NAME: LDAP_HOMEDIR:0 # # We will retrieve the following attributes # # The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it LDAP_HOMEDIRhomeDirectory ##NAME: LDAP_MAILDIR:0 # # The MAILDIR attribute is OPTIONAL, and specifies the location of the # mail directory. If not specified, ./Maildir will be used #LDAP_MAILDIR mailDir ##NAME: LDAP_MAILDIRQUOTA:0 # # The following variable, if defined, specifies the field containing the # maildir quota, see README.maildirquota for more information # LDAP_MAILDIRQUOTA Quota #LDAP_MAILDIRQUOTA maildirQuota ##NAME: LDAP_FULLNAME:0 # # FULLNAME is optional, specifies the user's full name LDAP_FULLNAME cn ##NAME: LDAP_PW:0 # # CLEARPW is the clear text password. CRYPT is the crypted password. # ONE OF THESE TWO ATTRIBUTES IS
Open LDAP for Peer Review
Yippie, I have 29 days to get an IMAP server up with LDAP. I really am enjoying this task. :-) LDAP will provide + a general address lookup facility + account authentication This is the first time I have setup LDAP, so I am sending this for peer review. Help, I have no one here to look up to ;-) Question 1: How would I go about setting email aliases ? I could do it through canonical maps in postfix but that seems messy. Question 2: I decided to breakup the people and accounts in two separate containers in attempt to make the directory hardier and more secure. Am I wasting my time with this structure or does it make sense ? The Structure: washcoll.edu + People + Accounts The ou=People will hold the address info. The ou=Accounts will do the authentication/account info. Question 3: I do not understand what I am doing under the access control info. Besides for the default-access read for testing, does this look secure ? /etc/ldap/slapd.conf ... #Access Control Info defaultaccess read index mail,mailAlternateAddress eq index cn,sn,uid,mail index objectClass eq #access Control list access to attr=userpassword by dn=cn=admin, dc=washcoll, dc=edu write by dn=cn=cyrus, dc=washcoll, dc=edu read by dn=cn=postfix, dc=washcoll, dc=edu read by self write by self read access to * by self write by dn=.+ read by * read ... #top.ldif dn: dc=washcoll, dc=edu objectClass: top objectClass: organization o: Washington College description: Top level of Directory creatorsName: cn=admin, dc=washcoll, dc=edu dn: ou=People, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: People description: People within Washington College. dn: ou=accounts, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: Accounts description: People with accounts at Washington College. #accounts.ldif dn: uid=bmarshal,ou=accounts, dc=washcoll, dc=edu uid: bmarshal cn: Brad Alan Marshall sn: Marshall ou: staff objectClass: top objectClass: person objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: qmailUser objectClass: organizationalPerson objectClass: inetOrgPerson accountStatus: active deliveryMode: normal mail: [EMAIL PROTECTED] mailHost: imap.washcoll.edu mailAlternateAddress: [EMAIL PROTECTED] loginShell: /bin/false uidNumber: 500 gidNumber: 100 homeDirectory: /mnt/home/bmarshal userPassword:: e2NyeXB0fWxuYkRhejRuYjlhUXA= #listing.ldif dn: uid=bmarshal,ou=People, dc=washcoll, dc=edu uid: bmarshal givenName: Brad initials: BAM cn: Brad Alan Marshall sn: Marshall o: Washington College ou: staff objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: [EMAIL PROTECTED] title: programmer homePostalAddress: 110 Clove St Chestertown, MD 21401 homePhone: 410-555-1212 telephoneNumber: 410-555-1212 mobile: 443-770-5658 facsimileTelephoneNumber: 1-800-111- pager: 1-800-555-1212 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
cold fusion 4.5 on Debian
Is anyone running Cold Fusion 4.5 on Debian ? People in my organization are looking at Cold Fusion for it's advertised simplicity. I prefer sticking with Debian. Are there any other simple packages that I might recommend as a dummy proof alternative ? -Ted References: Cold-Fusion Server 4.5.1 Installation and configuration on Debian GNU/Linux 2.2 http://www.macromedia.com/v1/Handlers/index.cfm?ID=17481Method=Full -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RAID 0 risky ?
Is RAID 0 that risky anymore for data storage (IMAP mail files) ? I figure that under normal wear and tear a drive should last about 5 years. Does this sound right ? I have 3 IBM SCSI 18GB drives. With RAID 0, I get 51.5GB of storage space. With RAID 5, I only get 37 GB of space with 20% wasted overhead. RAID 0 and RAID 1 are less work for the disk volume than RAID 5. So in an ideal world, volumes with RAID 0 or RAID 1 will last longer than volumes in RAID 5. Thus, it would be less risk to use RAID 0 or better RAID 1 than RAID 5. - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
TCP wrappers (syntax check)
What is wrong here ? Is this a reverse lookup error ? Feb 21 11:30:01 albert sshd[21141]: warning: /etc/hosts.allow, line 18: can't verify hostname: gethostbyname(WC-44-75.washcoll.edu) failed Feb 21 11:35:29 albert sshd[21163]: warning: /etc/hosts.allow, line 18: can't verify hostname: gethostbyname(WC-44-92.washcoll.edu) failed #line 18,19,20 sshd: .edu, .com, .net, .md.us, .de.us sshd: 209.243. sshd: ALL EXCEPT 192.168.1.3, 192.168.1.4, 192.146.226., .ru .it .cz \ .microsoft.com : ALLOW - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
TCP wrappers (syntax check)
What is wrong here ? Is this a reverse lookup error ? Feb 21 11:30:01 albert sshd[21141]: warning: /etc/hosts.allow, line 18: can't verify hostname: gethostbyname(WC-44-75.washcoll.edu) failed Feb 21 11:35:29 albert sshd[21163]: warning: /etc/hosts.allow, line 18: can't verify hostname: gethostbyname(WC-44-92.washcoll.edu) failed #line 18,19,20 sshd: .edu, .com, .net, .md.us, .de.us sshd: 209.243. sshd: ALL EXCEPT 192.168.1.3, 192.168.1.4, 192.146.226., .ru .it .cz \ .microsoft.com : ALLOW - Ted Knab
dns to ldap
I was wondering if anyone has their DNS in an LDAP directory. For the people that have, does this cut down on adminstration time ? Are there any books, how-tos, or projects that you could recommend for this ? -Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
dns to ldap
I was wondering if anyone has their DNS in an LDAP directory. For the people that have, does this cut down on adminstration time ? Are there any books, how-tos, or projects that you could recommend for this ? -Ted
fork bomb protection
I am an admin of a Debian woody Linux box for computer science majors. The machine is running the 2.4.17 kernel with iptables and quotas. Although I have spent a lot of time securing things, I still fear that fork bombs may kill the box. Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? I fear the students from the Operating Systems class. Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fork bomb protection - thanks
Thanks for the tip. ted@albert:~$ ulimit -a core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes(-u) 50 virtual memory(kbytes, -v) unlimited Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Eudora (Windows/ Mac) IMAP client with Cyrus IMAP Server
I was wondering if anyone has sucessfully intergrated the 5.1 version of the Eudora client with CMU's Cyrus Server. Has anyone had any problems with Eudora 5.1 and Cyrus recently ? From the release notes, it appears that Eudora has had a long history of bugs related to the IMAP protocol. More specifically, it appears that IMAP was not working for the MAC client until recently. Many people on the Cyrus list complained about Eudora. Despite this negative information about Eudora, we may be implementing the Eudora client with the Cyrus IMAP server. The current Eudora client release notes state that all these bugs are resolved. I worry that the release notes may not tell the full story. References: Cyrus recommends Mulberry as an IMAP client: http://www.cmu.edu/computing/cyrus/cyrusstatus.html Eudora Release Notes: MAC: http://a1392.g.akamaitech.net/7/1392/939/0001/www.eudora.com/download/eudora/mac/5.1/final/ReleaseNotes.txt Windows -- http://www.eudora.com/download/eudora/windows/5.1/full_elec/RelNotes.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
scsi error ?
I am having backup troubles. I ran a e2fsck on my /dev/sda1. I then ran dump /sbin/dump 0uaf /dev/ht0 /dev/sda1 I got the following error: DUMP: short read error from /dev/sda1: [sector -1693761273]: count=512, got=0 DUMP: bread: lseek fails DUMP: short read error from /dev/sda1: [block -1448509008]: count=1024, got=0 DUMP: bread: lseek2 fails! DUMP: More than 32 block read errors from 134569424 DUMP: This is an unrecoverable error. What does this mean ? Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
firewall / router devices (Topic: Network Security)
2 Questions: I want do some major subnetting on our network to help secure it better. Currently, everything is routed by a Catalyst 5500 series with 3 trays of Fiber for our internal network. I also want to put some machines on with a Free IDS like snort to monitor packets. Q1: Any recommedations for a good commerical router that is easy to manage, does stateful packet filtering, and is not over $3000 ? ( If funding is regected, I think I will be looking at the Linux router project. I just would rather get a simplier to setup/manage commerical box. ) Q2: What type of machine would I need to run Snort to monitor all incoming and outgoing packets (RAM, CPU, HardDrive Size, Network Card ?) Currently, we have 6 T1 coming into 1 Cisco 7500 Series VXR. Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
firewall / router devices (Topic: Network Security)
2 Questions: I want do some major subnetting on our network to help secure it better. Currently, everything is routed by a Catalyst 5500 series with 3 trays of Fiber for our internal network. I also want to put some machines on with a Free IDS like snort to monitor packets. Q1: Any recommedations for a good commerical router that is easy to manage, does stateful packet filtering, and is not over $3000 ? ( If funding is regected, I think I will be looking at the Linux router project. I just would rather get a simplier to setup/manage commerical box. ) Q2: What type of machine would I need to run Snort to monitor all incoming and outgoing packets (RAM, CPU, HardDrive Size, Network Card ?) Currently, we have 6 T1 coming into 1 Cisco 7500 Series VXR. Ted
Re: user traffic accounting
How would ipfm work for this? http://freshmeat.net/projects/ipfm/ please direct me to some documentation on ways to account for user traffic on a single machine, acting as BIND9, apache, postfix, and sshd server for a number of users. i need to get as close as possible to exact traffic volume measurements to do proper billing, and (unfortunately), i can't use an upstream router for that. -- -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab
Re: BIND exploited ? -UPDATE #2
How does this sound ? The system has been rebuilt. It is running Bind 9.2 chroot version on RH 7.2. Someone else built it. I prefer Debian or OpenBSD. I will add tripwire and chkroot kit to run as a cron job. The harddrives will be saved for further investigation at a later date. Since the harddrives have been modified in a hack effort to patch the problem, I don't think it can be used as evidence. Snort will also be installed on an OPENBSD box at the edge of the nework to monitor the administrave network, and on the administrative network. -Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BIND exploited ? -UPDATE #2
How does this sound ? The system has been rebuilt. It is running Bind 9.2 chroot version on RH 7.2. Someone else built it. I prefer Debian or OpenBSD. I will add tripwire and chkroot kit to run as a cron job. The harddrives will be saved for further investigation at a later date. Since the harddrives have been modified in a hack effort to patch the problem, I don't think it can be used as evidence. Snort will also be installed on an OPENBSD box at the edge of the nework to monitor the administrave network, and on the administrative network. -Ted
Re: BIND exploited ? -UPDATE
Searching for t0rn's v8 defaults... nothing found Searching for Lion Worm default files and dirs... nothing found Searching for RSHA's default files and dir... nothing found Searching for RH-Sharpe's default files... nothing found Searching for Ambient's rootkit (ark) default files and dirs... nothing found Searching for suspicious files and dirs, it may take a while... /usr/lib/linuxconf/install/gnome/.directory /usr/lib/linuxconf/install/gnome/.order /usr/lib/perl5/5.00503/i386-linux/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist /usr/lib/gopher-data/.Xdefaults /usr/lib/gopher-data/.bash_logout /usr/lib/gopher-data/.bash_profile /usr/lib/gopher-data/.bashrc /usr/lib/gopher-data/.kde /usr/lib/gopher-data/.kderc /usr/lib/gopher-data/Desktop/.directory /usr/lib/gopher-data/.screenrc /lib/modules/2.2.14-5.0/.rhkmvtag /usr/lib/gopher-data/.kde Searching for LPD Worm files and dirs... nothing found Searching for Ramen Worm files and dirs... nothing found Searching for Maniac files and dirs... nothing found Searching for RK17 files and dirs... nothing found Searching for Ducoci rootkit... nothing found Searching for Adore Worm... nothing found Searching for ShitC Worm... nothing found Searching for Omega Worm... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth0 is PROMISC Checking `wted'... nothing deleted Checking `z2'... nothing deleted I will keep you all up to date if I find any more new hacked machines. -Ted On Fri, Jan 04, 2002 at 01:43:16PM -0500, Andy Bastien wrote: On Fri Jan 04, a day that will live in infamy, Russell Coker wrote: On Fri, 4 Jan 2002 17:54, Andy Bastien wrote: On Fri Jan 04, a day that will live in infamy, Russell Coker wrote: On Fri, 4 Jan 2002 03:16, Thedore Knab wrote: ?Where do I go from here ? Buy new hard drives, install them and install the latest version of your favourite distribution and configure it in a secure fashion. Make sure that all passwords are different. Is it really necessary to buy new hard drives? Is there a reason why he can't just reformat his current drives before reinstalling? Sure he can, if he wants to lose the evidence of what happened and lose the possibility to hand the drives over to law enforcement officials (which may be demanded of him even if he doesn't want it in the case that his machine was used to attack others). Good point! Having never dealt with the fuzz after being compromised, I have to ask what you would do if your server is a file server with lots of big, expensive drives where a company might not be able to afford replacing them all? Would they be happy with backups (keeping in mind that any tools used to backup the server might no longer be trustworthy)? How about disk images (made with dd, or something similar) of the drives that contain the system stuff? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BIND exploited ? -UPDATE
files and dirs... nothing found Searching for t0rn's v8 defaults... nothing found Searching for Lion Worm default files and dirs... nothing found Searching for RSHA's default files and dir... nothing found Searching for RH-Sharpe's default files... nothing found Searching for Ambient's rootkit (ark) default files and dirs... nothing found Searching for suspicious files and dirs, it may take a while... /usr/lib/linuxconf/install/gnome/.directory /usr/lib/linuxconf/install/gnome/.order /usr/lib/perl5/5.00503/i386-linux/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist /usr/lib/gopher-data/.Xdefaults /usr/lib/gopher-data/.bash_logout /usr/lib/gopher-data/.bash_profile /usr/lib/gopher-data/.bashrc /usr/lib/gopher-data/.kde /usr/lib/gopher-data/.kderc /usr/lib/gopher-data/Desktop/.directory /usr/lib/gopher-data/.screenrc /lib/modules/2.2.14-5.0/.rhkmvtag /usr/lib/gopher-data/.kde Searching for LPD Worm files and dirs... nothing found Searching for Ramen Worm files and dirs... nothing found Searching for Maniac files and dirs... nothing found Searching for RK17 files and dirs... nothing found Searching for Ducoci rootkit... nothing found Searching for Adore Worm... nothing found Searching for ShitC Worm... nothing found Searching for Omega Worm... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth0 is PROMISC Checking `wted'... nothing deleted Checking `z2'... nothing deleted I will keep you all up to date if I find any more new hacked machines. -Ted On Fri, Jan 04, 2002 at 01:43:16PM -0500, Andy Bastien wrote: On Fri Jan 04, a day that will live in infamy, Russell Coker wrote: On Fri, 4 Jan 2002 17:54, Andy Bastien wrote: On Fri Jan 04, a day that will live in infamy, Russell Coker wrote: On Fri, 4 Jan 2002 03:16, Thedore Knab wrote: ?Where do I go from here ? Buy new hard drives, install them and install the latest version of your favourite distribution and configure it in a secure fashion. Make sure that all passwords are different. Is it really necessary to buy new hard drives? Is there a reason why he can't just reformat his current drives before reinstalling? Sure he can, if he wants to lose the evidence of what happened and lose the possibility to hand the drives over to law enforcement officials (which may be demanded of him even if he doesn't want it in the case that his machine was used to attack others). Good point! Having never dealt with the fuzz after being compromised, I have to ask what you would do if your server is a file server with lots of big, expensive drives where a company might not be able to afford replacing them all? Would they be happy with backups (keeping in mind that any tools used to backup the server might no longer be trustworthy)? How about disk images (made with dd, or something similar) of the drives that contain the system stuff? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
BIND exploited ?
I recently inherited a machine that I think has been exploited. It seems to have a stupid root kit installed unless this is a decoy. What does it look like to you professionals? [root@moe ...]# uname -a Linux moe. 2.2.14-5.0 #1 Tue Mar 7 21:07:39 EST 2000 i686 unknown [root@moe ...]# ps auxww USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 1120 476 ?S 2001 0:06 init [3] root 2 0.0 0.0 00 ?SW2001 0:00 [kflushd] root 3 0.0 0.0 00 ?SW2001 0:27 [kupdate] root 4 0.0 0.0 00 ?SW2001 0:00 [kpiod] root 5 0.0 0.0 00 ?SW2001 0:01 [kswapd] root 6 0.0 0.0 00 ?SW 2001 0:00 [mdrecoveryd] root 154 0.0 0.3 1104 392 ?S 2001 0:00 /usr/sbin/apmd -p 10 -w 5 -W -s /etc/sysconfig/apm-scripts/suspend -r /etc/sysconfig/apm-scripts/resume bin315 0.0 0.3 1216 404 ?S 2001 0:00 portmap root 330 0.0 0.0 00 ?SW2001 0:00 [lockd] root 331 0.0 0.0 00 ?SW2001 0:00 [rpciod] root 340 0.0 0.4 1164 516 ?S 2001 0:00 rpc.statd nobody 414 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 415 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 416 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 420 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 421 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o daemon 432 0.0 0.2 1144 296 ?S 2001 0:00 /usr/sbin/atd root 446 0.0 0.4 1328 572 ?S 2001 0:00 crond root 464 0.0 0.3 1168 468 ?S 2001 0:00 inetd root 478 0.0 1.6 3160 2120 ?S 2001 14:00 /usr/sbin/snmpd root 543 0.0 0.3 1156 400 ?S 2001 0:00 gpm -t imps2 xfs604 0.0 0.6 1920 876 ?S 2001 0:00 xfs -droppriv -daemon -port -1 root 645 0.0 0.0 852 100 ?S 2001 0:00 /etc/.../bindshell root 646 0.0 0.0 864 124 ?S 2001 0:00 /etc/.../bnc root 650 0.0 0.3 1092 408 tty2 S 2001 0:00 /sbin/mingetty tty2 root 651 0.0 0.3 1092 408 tty3 S 2001 0:00 /sbin/mingetty tty3 root 652 0.0 0.3 1092 408 tty4 S 2001 0:00 /sbin/mingetty tty4 root 653 0.0 0.3 1092 408 tty5 S 2001 0:00 /sbin/mingetty tty5 root 654 0.0 0.3 1092 408 tty6 S 2001 0:00 /sbin/mingetty tty6 root 655 0.0 0.0 856 104 ?S 2001 0:00 /etc/.../lsh 31333 v0idzz named 9928 0.0 4.9 7268 6356 ?S 2001 6:48 named -u named root 11369 0.0 0.3 1092 408 tty1 S 2001 0:00 /sbin/mingetty tty1 root 3574 0.0 0.5 1464 760 ?S20:28 0:00 in.telnetd: calendar-spaces. root 3575 0.0 0.9 2312 1196 pts/0S20:28 0:00 login -- ted ted 3576 0.0 0.7 1696 940 pts/0S20:28 0:00 -bash root 3599 0.0 0.7 2008 900 pts/0S20:28 0:00 su - root 3600 0.0 0.7 1748 996 pts/0S20:29 0:00 -bash root 3719 0.0 0.4 1172 540 ?S20:38 0:00 syslogd -m 0 root 3728 0.0 0.6 1440 768 ?S20:38 0:00 klogd root 3817 0.0 0.5 2332 704 pts/0R20:43 0:00 ps auxww [root@moe ...]# cd /etc/... [root@moe ...]# ls -la [root@moe ...]# chmod 0 /etc/rc.d/init.d/apmd [root@moe ...]# chmod 0 /etc/rc.d/init.d/atd Processess running after making a few kills: [root@moe /root]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 1120 476 ?S 2001 0:06 init [3] root 2 0.0 0.0 00 ?SW2001 0:00 [kflushd] root 3 0.0 0.0 00 ?SW2001 0:28 [kupdate] root 4 0.0 0.0 00 ?SW2001 0:00 [kpiod] root 5 0.0 0.0 00 ?SW2001 0:01 [kswapd] root 6 0.0 0.0 00 ?SW 2001 0:00 [mdrecoveryd] bin315 0.0 0.3 1216 404 ?S 2001 0:00 portmap root 330 0.0 0.0 00 ?SW2001 0:00 [lockd] root 331 0.0 0.0 00 ?SW2001 0:00 [rpciod] root 340 0.0 0.4 1164 516 ?S 2001 0:00 rpc.statd nobody 414 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 415 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 416 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 420 0.0 0.4 1308 544 ?S 2001 0:00 identd -e
BIND exploited ?
I recently inherited a machine that I think has been exploited. It seems to have a stupid root kit installed unless this is a decoy. What does it look like to you professionals? [EMAIL PROTECTED] ...]# uname -a Linux moe. 2.2.14-5.0 #1 Tue Mar 7 21:07:39 EST 2000 i686 unknown [EMAIL PROTECTED] ...]# ps auxww USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 1120 476 ?S 2001 0:06 init [3] root 2 0.0 0.0 00 ?SW2001 0:00 [kflushd] root 3 0.0 0.0 00 ?SW2001 0:27 [kupdate] root 4 0.0 0.0 00 ?SW2001 0:00 [kpiod] root 5 0.0 0.0 00 ?SW2001 0:01 [kswapd] root 6 0.0 0.0 00 ?SW 2001 0:00 [mdrecoveryd] root 154 0.0 0.3 1104 392 ?S 2001 0:00 /usr/sbin/apmd -p 10 -w 5 -W -s /etc/sysconfig/apm-scripts/suspend -r /etc/sysconfig/apm-scripts/resume bin315 0.0 0.3 1216 404 ?S 2001 0:00 portmap root 330 0.0 0.0 00 ?SW2001 0:00 [lockd] root 331 0.0 0.0 00 ?SW2001 0:00 [rpciod] root 340 0.0 0.4 1164 516 ?S 2001 0:00 rpc.statd nobody 414 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 415 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 416 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 420 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 421 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o daemon 432 0.0 0.2 1144 296 ?S 2001 0:00 /usr/sbin/atd root 446 0.0 0.4 1328 572 ?S 2001 0:00 crond root 464 0.0 0.3 1168 468 ?S 2001 0:00 inetd root 478 0.0 1.6 3160 2120 ?S 2001 14:00 /usr/sbin/snmpd root 543 0.0 0.3 1156 400 ?S 2001 0:00 gpm -t imps2 xfs604 0.0 0.6 1920 876 ?S 2001 0:00 xfs -droppriv -daemon -port -1 root 645 0.0 0.0 852 100 ?S 2001 0:00 /etc/.../bindshell root 646 0.0 0.0 864 124 ?S 2001 0:00 /etc/.../bnc root 650 0.0 0.3 1092 408 tty2 S 2001 0:00 /sbin/mingetty tty2 root 651 0.0 0.3 1092 408 tty3 S 2001 0:00 /sbin/mingetty tty3 root 652 0.0 0.3 1092 408 tty4 S 2001 0:00 /sbin/mingetty tty4 root 653 0.0 0.3 1092 408 tty5 S 2001 0:00 /sbin/mingetty tty5 root 654 0.0 0.3 1092 408 tty6 S 2001 0:00 /sbin/mingetty tty6 root 655 0.0 0.0 856 104 ?S 2001 0:00 /etc/.../lsh 31333 v0idzz named 9928 0.0 4.9 7268 6356 ?S 2001 6:48 named -u named root 11369 0.0 0.3 1092 408 tty1 S 2001 0:00 /sbin/mingetty tty1 root 3574 0.0 0.5 1464 760 ?S20:28 0:00 in.telnetd: calendar-spaces. root 3575 0.0 0.9 2312 1196 pts/0S20:28 0:00 login -- ted ted 3576 0.0 0.7 1696 940 pts/0S20:28 0:00 -bash root 3599 0.0 0.7 2008 900 pts/0S20:28 0:00 su - root 3600 0.0 0.7 1748 996 pts/0S20:29 0:00 -bash root 3719 0.0 0.4 1172 540 ?S20:38 0:00 syslogd -m 0 root 3728 0.0 0.6 1440 768 ?S20:38 0:00 klogd root 3817 0.0 0.5 2332 704 pts/0R20:43 0:00 ps auxww [EMAIL PROTECTED] ...]# cd /etc/... [EMAIL PROTECTED] ...]# ls -la [EMAIL PROTECTED] ...]# chmod 0 /etc/rc.d/init.d/apmd [EMAIL PROTECTED] ...]# chmod 0 /etc/rc.d/init.d/atd Processess running after making a few kills: [EMAIL PROTECTED] /root]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 1120 476 ?S 2001 0:06 init [3] root 2 0.0 0.0 00 ?SW2001 0:00 [kflushd] root 3 0.0 0.0 00 ?SW2001 0:28 [kupdate] root 4 0.0 0.0 00 ?SW2001 0:00 [kpiod] root 5 0.0 0.0 00 ?SW2001 0:01 [kswapd] root 6 0.0 0.0 00 ?SW 2001 0:00 [mdrecoveryd] bin315 0.0 0.3 1216 404 ?S 2001 0:00 portmap root 330 0.0 0.0 00 ?SW2001 0:00 [lockd] root 331 0.0 0.0 00 ?SW2001 0:00 [rpciod] root 340 0.0 0.4 1164 516 ?S 2001 0:00 rpc.statd nobody 414 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 415 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 416 0.0 0.4 1308 544 ?S 2001 0:00 identd -e -o nobody 420
Blackboard
I was wondering if anyone is running Blackboard on Debian ? The specs say designed for Redhat 6.2, but I would rather use Debian if possible. It appears that all the packages are availble in source, so I am assuming this wouldn't be a problem. -Ted
Strange Read error on Network
I ran a nmap -p 515 192.168.10.* our_printers to find the printers. This error was displayed anyone know what it means ? And where I should look to resolve it ? Strange read error from: 192.168.10.75: Protocol not available Strange read error from: 192.168.10.200: Protocol not available -- -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Strange Read error on Network
I ran a nmap -p 515 192.168.10.* our_printers to find the printers. This error was displayed anyone know what it means ? And where I should look to resolve it ? Strange read error from: 192.168.10.75: Protocol not available Strange read error from: 192.168.10.200: Protocol not available -- -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab
nameservers open to world - with test output
It has recently came to my attention that anyone can use our company's nameservers. I recently setup my home machine to use the company's nameserver to confirm this. I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ? Would the extra traffic generated cause any problems on our network that I may not be aware of ? Test Confirmation that our NS is open to world: | --- Step one: lookup name | --- mylinux machine$ whois ourdomain.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ournameserver.com Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ournameserver.net Name Server: NS2.ournameserver.net Updated Date: 27-oct-2001 Step two: change /etc/resolv.conf to the following | search ournameserver.com nameserver 123.123.123.123 # nameserver1 nameserver 123.123.123.134 # nameserver2 - Step three: sample run | - mylinux machine$ nslookup www.debian.org Server: ournameserver.com Address: 123.123.123.123 Non-authoritative answer: Name: www.debian.org Address: 198.186.203.20 mylinux machine$ -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
nameservers open to world - with test output
It has recently came to my attention that anyone can use our company's nameservers. I recently setup my home machine to use the company's nameserver to confirm this. I was wondering if there was anyway to prevent people from using our company's NS for their personal servers ? Would the extra traffic generated cause any problems on our network that I may not be aware of ? Test Confirmation that our NS is open to world: | --- Step one: lookup name | --- mylinux machine$ whois ourdomain.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ournameserver.com Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ournameserver.net Name Server: NS2.ournameserver.net Updated Date: 27-oct-2001 Step two: change /etc/resolv.conf to the following | search ournameserver.com nameserver 123.123.123.123 # nameserver1 nameserver 123.123.123.134 # nameserver2 - Step three: sample run | - mylinux machine$ nslookup www.debian.org Server: ournameserver.com Address: 123.123.123.123 Non-authoritative answer: Name: www.debian.org Address: 198.186.203.20 mylinux machine$ -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab
Project 2000 on Debian (under Wine) ?
I am looking for a Linux based tool that is designed to help manage a variety of projects. This tool needs to be able to schedule and track tasks, and interface with Outlook clients. Anybody know one? -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Project 2000 on Debian (under Wine) ?
I am looking for a Linux based tool that is designed to help manage a variety of projects. This tool needs to be able to schedule and track tasks, and interface with Outlook clients. Anybody know one? -- GNU PGP public key http://www.annapolislinux.org/docs/public_key/GnuPG.txt - Ted Knab