hardware encryption accelerators or any other way to have disk partitions encrypted on the fly
Hello, We have a need to keep content of disk partitions in encrypted form (so in case of hard disk theft information won't be readable). Of course we perfectly know about cryptoloop and loopAES and similar software- only solutions for encryption of partition content on the fly. Unfortunately they are inacceptable due to the very slow speed and due to the way linux kernel caches block devices' content (linux kernel will cache *encrypted* blocks, so all operations that involve reading from in-memory cache will involve decryption!). So we are looking for a hardware-based encryption acceleration (OpenBSD supports some crypto accelerators for example), or fully harware-based encryption (e.g. scsi controllers that encrypt all data transparently using password entered into controller in some way - may be such things exist?). Could anybody please recommend anything? With rough prices, impressions on stability and speed and recommendations? Thank you in advance! -- Best regards, -Vlad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: daily apache-ssl reload is causing probs
On Wed, Apr 16, 2003 at 11:56:45AM -0600, David Wilk wrote: Hi, > Hello all, > > I think I have found that an /etc/init.d/apache-ssl restart is the only > way to properly restart apache-ssl after a logrotation. However, I've > had apache-ssl die two days in a row, and the culprit appears to be some > process that is sending apache-ssl a SIGUSR1 (what apache-ssl reload or > httpsdctl graceful issues). > > Here's the log: > > [Mon Apr 14 03:00:18 2003] [notice] SIGUSR1 received. Doing graceful > restart > [Mon Apr 14 03:00:18 2003] /usr/lib/apache-ssl/gcache started > [Mon Apr 14 03:00:19 2003] [error] (2)No such file or directory: > mod_mime_magic: ca > n't read magic file /etc/apache-ssl/share/magic > [Mon Apr 14 03:00:19 2003] [notice] Apache/1.3.26 Ben-SSL/1.48 (Unix) > Debian GNU/Li > nux PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations > [Mon Apr 14 03:00:19 2003] [notice] suEXEC mechanism enabled (wrapper: > /usr/lib/apa > che-ssl/suexec) > [Mon Apr 14 03:00:19 2003] [notice] Accept mutex: sysvsem (Default: > sysvsem) > > the problem is I don't know what could possibly be issueing this SIGUSR1 > signal to apache-ssl every morning at the exact same time that cron runs > /etc/cron.daily. I've checked all my cron jobs and can't seem to find > the culprit. > > if anyone has any ideas, I'd be grateful. It's logrotate that is invoked by cron - on RedHats it's configuration is in /etc/logrotate.d/apache for apache -- Best regards, -Vlad
Re: apache-ssl restart fails after monthly logrotate
On Fri, Apr 11, 2003 at 10:26:57AM -0600, David Wilk wrote: Hi, I seen similar problem on RedHats - logs are rotated daily there by default. Apache with ssl enabled was failing to restart after log rotation after 3 month of use, but in my case I had errors like "can't load certificate file" or something like that in my errorlog (though I didn't touch any file in the dir with certs on those boxen for half of a year). My investigntation shown that it's some kind of leak in apache. When log rotation is finished, SIGHUP is sent to parent apache, and parent seems to unload and then load all modules - and something leaks during this process. To simulate it I wrote a script that sent apache SIGHUPs in the loop with 2 seconds delay, and on 100th (3*33! - that's why 3 month) signal apache failed to restart.. Solution is to rewrite apache log rotation scripts to detect whether apache failed to restart, and start it if it did. -- Best regards, -Vlad > Howdy folks, > > I've been admining debian servers for a few years now and this problem > is a new one on me. I have the standard apache-ssl setup with logrotate > handling standard logrotation of about 115 virtual hosts in > /var/log/httpd/. for the first 3 months or so everything went fine at > the monthly log rotation, however for the last 2 months apache-ssl has > failed to restart after logrotation. > > The last time this happened, I found the apache parent gone, with > several children straggling around. I couldn't just issue an > /etc/init.d/apache-ssl start, but had to manually kill the children > first. There is simply nothing in the logs (well, nothing in > /var/log/apache-ssl logs and the most active virtual host, but I did not > check all virtual host logs) > > has anyone seen this before? > > oh, system is Debian/Woody on a PIII/1.2G 2G-RAM with plenty of disk > space. > > any ideas would be greatly appreciated! > > thanks, > Dave > -- > *** > David Wilk > System Administrator > Community Internet Access, Inc. > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: jail() for Linux ?
On Wed, Apr 09, 2003 at 07:12:04PM +0200, Marc Sch?chlin wrote: Hi, > Hi ! > > I developed a software (will be in 1-2 weeks available as opensource) > for managing virtual Systems which are using the jail-functionality of > FreeBSD - now I ask myself if the jail-functionality > is also available for linux systems. > > jail() is a combination of the chroot()-functionality and limited access > to syscalls. > > Further Information: > http://www.daemonnews.org/200109/jailint.html > > Does anybody know anything about a patch which implements the same > functionality on Linux ? There is a commercial high-quality solution (also they have somewhere a 300kb overview of disadvantages of FreeBSD jail over their solution) http://www.sw-soft.com/en/products/virtuozzo/ -- Best regards, -Vlad
i815-based MBs, PXE and linux
Hello, I need to purchase several diskless workstations for use with linux, and I'm in process of choosing hardware for them. The biggest problem is motherboards since this is the only thing (except NIC) that can cause a lot of linux compatibility troubles. I'm considering to purchase MBs based on i815 chipset. Did anybody have any problems with them? I'm also considering these motherboards with NIC on the board (AFAIK only Intel 82562ET can be found on MBs with i815)? How well do these onboard NICs behave and how well do they work under linux (and which kernel supports them - 2.2.x, 2.4.x)? How are they compared to realtek8139-based standalone NICs? Also, since the boxes will be diskless, either standalone NICs should have a boot prom socket or BIOS have to support PXE. I would like to have PXE-enabled BIOS (only few cheap 100Mbs NICs have boot prom socket, and boot prom chip costs as much as floppy disk drive). My research tells that only AMI bios or phoenix bios supports PXE (the most widely spread Award BIOS doesn't support PXE). Question is: does these bioses support PXE *with* realtek8139 cards? One with PXE-enabled BIOS and realtek8139-based NIC can answer this question by going to BIOS setup and checking whether 'boot sequence' setting has an option 'boot from network' among choises ("A,C", "C,A" etc). Thank you very much for the answers in advance. Best regards, -Vlad
Re: webalizer
On Wed, 10 Oct 2001, Marcel Hicking wrote: > Cameron Moore <[EMAIL PROTECTED]> 8 Oct 2001, at 15:52: > > > * [EMAIL PROTECTED] [2001.10.08 15:36]: > > > Cameron Moore wrote: > > > > > I am using Debian Stable with Webalizer V1.30-04 > > > > > (Linux 2.2.12) English. I have several websites > > > > > running on my server using Apache/1.3.9 (Unix), each > > > > > site with its own config file. I have a cron to run: > > > > > webalizer -c each half hour. On October > > > > > 4th one of my sites got about 20,000 hits and now from > > > > > the 5th on does not record any records. No daily > > > > > stats, nothing. Apache is still recording the > > > > > transfer logs, and I manually executed webalizer with > > > > > the config files, and it runs through the correctly, > > > > > but does not generate any NEW stats, nothing past the > > > > > 4th. > [...] > > > Well, to add to the confusion, I've also got a Sun 5.x box > > that has a broken webalizer. Exact same problem. > > Same problem here on a Sun Sparc Server. Just heard that it's a known bug in webalizer - it stops working on Oct 4. Patch for sources is available on their site (3 lines). After the patch it works fine. Best regards, -Vlad
Re: webalizer
On Wed, 10 Oct 2001, Marcel Hicking wrote: > Cameron Moore <[EMAIL PROTECTED]> 8 Oct 2001, at 15:52: > > > * [EMAIL PROTECTED] [2001.10.08 15:36]: > > > Cameron Moore wrote: > > > > > I am using Debian Stable with Webalizer V1.30-04 > > > > > (Linux 2.2.12) English. I have several websites > > > > > running on my server using Apache/1.3.9 (Unix), each > > > > > site with its own config file. I have a cron to run: > > > > > webalizer -c each half hour. On October > > > > > 4th one of my sites got about 20,000 hits and now from > > > > > the 5th on does not record any records. No daily > > > > > stats, nothing. Apache is still recording the > > > > > transfer logs, and I manually executed webalizer with > > > > > the config files, and it runs through the correctly, > > > > > but does not generate any NEW stats, nothing past the > > > > > 4th. > [...] > > > Well, to add to the confusion, I've also got a Sun 5.x box > > that has a broken webalizer. Exact same problem. > > Same problem here on a Sun Sparc Server. Just heard that it's a known bug in webalizer - it stops working on Oct 4. Patch for sources is available on their site (3 lines). After the patch it works fine. Best regards, -Vlad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: screen blanking
On Wed, 13 Dec 100, Allen Ahoffman wrote: > How do I stop the screen from blanking on non X systems so that when > problem arise the last items are left on screen? If you mean plain linux console, see man setterm (no docs on semantics is there, so you'll have trial and error approach). Best regards, -Vlad -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: where to find web browser statistics information?
On Thu, 18 May 2000, Chris Wagner wrote: > At 09:59 AM 5/19/00 +1000, Craig Sanders wrote: > >i don't know what your laws are like in russia, but here in australia > >you can get hit with a discrimination lawsuit(*) if you don't support > > Yeah, I've heard some scary things out of Australia lately. It's like > they're moving toward socialism/communism and away from true democracy. Not to socialism/communism anyway. The move that happens could be considered a move to totalitarism, but it isn't IMO (just the government regains the control it should have). Anyway, we will see results. > It's good to support the disabled, but it can get ludicrous real fast. As for disabled (blind people at the first place) - I doubt that more than 3000 of them are using computer just because they don't have money to buy it (population of Russia is 150M). So obviously the lawsuit probably doesn't exist. >[...] Best regards, -Vlad
Re: where to find web browser statistics information?
On Thu, 18 May 2000, Torsten Krueger wrote: > Hi, > > On Thu, 18 May 2000, Vlad Harchev wrote: > > > Hi! > > > > I need information about user agents used for surfing WWW (especially > > lynx). > > Where I can find it? I searched yahoo, and all pages with stats that are > > reachable from that search results page are either old or meaningless or are > > for very specific sites (like universities). Is there any integrated stats > > or > > stats for some general-purpose sites, that are not older than several > > monthes? > > > > Take a look at www.browserwatch.com Hi, Thanks for the URL. I visited this site before, but stats on this site are on browsers that visit that site, and this is not general-purpose site since it's visited by technically educated people like magazine article writers (but anyway the share of lynx will be lower on general-purpose sites). >[...] Thanks and best regards, -Vlad
Re: Transfer data between two comps without network
On Thu, 18 May 2000, Dariush Pietrzak wrote: > > > Assuming you are worried by people with promiscuous ethernet cards, > > packet-sniffing. Put in a second NIC, run a crossover UTP? I assume the > .. encrypting would solve that problem. or private network between two > comps. > And - if I could connect those two comps by some network daily data > transfer would rapidly go down - 100, 1000times less. > problem is - machine with source data contains security-sensitive > information, which my employee wants to be physically separated from > network. I think you can install NIC into machine with data (call it machine A), place another machine with large hdd with NIC in it near the source machine A (call it machine B), connect them using crosswired UTP, download data to machine B, disconnect UTP, carry machine B to destination machine (call it machine C) , and transfer the data to it using crosswired UTP too. For sure, you can format hdd on machine B before connecting it to machine A again and boot machine B from CD, so all trojans will be definitely killed:) Just think about machine B as a hot-swap HDD in a big cover :) Best regards, -Vlad
where to find web browser statistics information?
Hi! I need information about user agents used for surfing WWW (especially lynx). Where I can find it? I searched yahoo, and all pages with stats that are reachable from that search results page are either old or meaningless or are for very specific sites (like universities). Is there any integrated stats or stats for some general-purpose sites, that are not older than several monthes? TIA Best regards, -Vlad
Re: Virus Scanning on Mailserver
On Thu, 6 Apr 2000, Fraser Campbell wrote: > A recent incident with Pretty Park in our building caused me much amusement > and prompted our LAN administrator to ask if I can perform any virus > scanning on the mailserver. Do there exist any solutions to scan email for > viruses where the mailserver is a Linux box? > > Ideally I would like all locally delivered emails to be scanned before > delivery. Our current mailserver is running sendmail 8.9.3 but I plan to > upgrade to exim soon. One russian company (Kaspersky lab) that was famous as creator of high-quality antivirus software for DOS (when I tracked it) has a beta of antivirus suite for sendmail on Linux - try visiting www.avp.ru . As I heard, author(s) are DOS and probably Windows wizards, but they have a low experience with Unix and linux - so be warned and don't expect very much from linux version. It would be nice if you post your impression about their software. > Thanks, > > Fraser > Best regards, -Vlad