Re: Web-page based proxy service
On Monday 17 January 2005 12:08, Wouter Verhelst wrote: Are the things you want to send through the proxy delimited by the network they appear on? e.g., you want traffic for the 'Net to go through the proxy, but want to keep traffic for your local LAN as direct traffic? If so, then transparent proxying should work perfectly for you. No, actually what I want to do is provide a bit of security in a hostile network environment. Let's say we have a user who wants to check his web-based email (Yahoo, Hotmail, etc.) that doesn't offer SSL, and there's a high possibility that the network is being monitored by Unfriendlies. The second problem is that said user could potential desire to visit any website where he would be handing over passwords, credit card numbers, etc., so building a whitelist of servers, as some have suggested. My attempt at a solution is to provide a secure https server that acts as a proxy; all traffic from, say, Hotmail, would be encrypted by the server before being passed on to the user, but at the user's discretion, rather than my direct intervention. However, since my bandwidth is not unlimited, and since there's no point in encrypting _everything_, I don't want everything to go through the server. Several people have mentioned CGIProxy, which almost fits the bill, except that sites that require JavaScript can be problematic. Plus, it's horribly slow. However, in the absence of any other alternative, it's all that I've got. :Peter
Re: Web-page based proxy service
On Saturday 15 January 2005 16:39, Fraser Campbell wrote: If you put squid as people's default gateway then you can transparently redirect all web requests through squid, if they hadn't authenticated then you could have an authentication box pop up or redirect them to an authentication webpage if you prefer. But this would require changing the user's browser settings, right? The thing is, I don't want _everything_ to go through the proxy, which is what would usually happen if it was set via the browser. Unless I misunderstood and am mistaken about Squid's capabilities... :Peter
Web-page based proxy service
I would like to provide a proxy service that can be used only by accessing a web page. In other words, I don't want users to enter proxy details in their browser settings, but rather, if they want to go through a proxy, they can visit a webpage, enter a URL in a form, and the page (and all subsequent pages) will be funneled through the proxy to the user. I believe that anonymizer.com does something similar. But hopefully you get the idea. :Peter
Re: Web-page based proxy service [signed]
On Friday 14 January 2005 19:59, MB [c] wrote: You should be able to do this with a JSP. You should also be able to get SSL pages as well. I don't have an example handy, but this is not a trivial task. If there has not been answer from someone else, I'll try to get you an example soon. Do you have the ability to run JSP's? I have the capability, but would prefer to use something less complex and heavyweight. No one else has mentioned an alternate solution, however. I was investigating Apache's mod_proxy, but there doesn't seem to be anything that does what I'm thinking. :Peter
Re: Auth SMTP with sendmail
Thanks for that Matt Couldn't be simpler, it worked a treat. Is it possible to have a list of user that are allowed to send through the server with the default being no. Thanks for your help Pete King Matt Collier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Tuesday 21 December 2004 13:50, Peter King wrote: Is it possible to set-up auth smtp using sendmail in debian? I have a mail server with sendmail installed (and openprotect). I would like to set-up authenticated smtp so that users can send email through this server by authenticating first. All the users have pop3 accounts on the server. How do I go about this. The server is Debian stable. Yes. Assuming that the pop3 accounts are system accounts, it's very easy. Install sasl-bin and some sasl modules: apt-get install sasl-bin libsasl-modules-plain and run sendmailconfig, which should detect the presense of sasl-bin and enable smtp auth. After sendmail reconfigures and reloads, connect to port 25 (presumably) and issue a 'ehlo' and you should see what auth mechs are supported. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Auth SMTP with sendmail
Is it possible to set-up auth smtp using sendmail in debian? I have a mail server with sendmail installed (and openprotect). I would like to set-up authenticated smtp so that users can send email through this server by authenticating first. All the users have pop3 accounts on the server. How do I go about this. The server is Debian stable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Netgear GA311 realtek 81695 driver
Does anyone have an installation module driver for the Netgear GA311 (gigabit) NIC using the Realtek 81695 chipset. I was hoping to put the module on a floppy to use during install if possible. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: network monitoring
On Sat, Oct 30, 2004 at 02:25:02PM +0200, martin f krafft wrote: I would like to monitor all the nodes of a cluster, but I am rather pressed for time so that I cannot investigate all the options. I tried spong, but it's pretty bad especially because it requires changes to the client to specify which tests to run. Ideally, a network monitoring system should consist of a client (running on the master), and servers on all nodes, which can then do as the client instructs. Obviously, this should be within limits, and strongly authenticated. Maybe SSH would work for this. So my question is: which network monitoring system would you recommend, given my requirements? Another good tool that has not been mentioned yet is ganglia-monitor package. It is designed for use on clusters, and makes use of rrd to graph data over time. I use this tool along with nagios for alerts. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: status of VLAN support in Debian/Linux in general
On Wed, Sep 08, 2004 at 03:44:50PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: Hi, I've some questions regarding VLAN support in Debian and in Linux. First: is http://www.candelatech.com/~greear/vlan.html still the main page? Google makes me think so, but there are some references to 2.2 kernels and none to 2.6 kernels, so I'm a bit unsure. 2.6 kernels: are they ready in general? The kernel.org and/or the debian kernels? kernel-patch-vlan is only in woody, so I guess recent 2.4 kernels don't need patches. In my understanding the latest 2.4 and 2.6 kernels don't need any patches for VLAN functionality. Which ethernet cards are working? I'm interested in both fast ethernet and gigabit ethernet. In my test I had no problems with Intel and RTL8139 based cards. On the other end there were a 3com and a SiS900 based cards, which did not work. Most of the problems are with MTU settings in the driver. (oh, and tulip was OK, too.) VLAN is an IEEE standard - is it a real standard, or is it a 'it may work with some switches and not work with others'? (The simple format of the VLAN tag in the ethernet header makes me hope for the former...) I think if it supports 802.1q standard, then it should work for all vendors. Debian: Ok, I see there's the package 'vlan', so I guess it contains all I need. (Yes, some of the questions could be solved by experimenting - however, I don't have a VLAN capable switch yet. In fact, all I have is a 5 port 10M hub, an a couple of Realtek 10M network cards. Go figure...) Peter -- Peter Samek [EMAIL PROTECTED] jabber: [EMAIL PROTECTED] / icq: 81758305 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Outlook and Qmail
FWIW, Outlook fails the POP connection to my ISP, without proceeding to other messages, on all messages that are header-only with no payload, i.e., finish with a single blank line only. I don't know if these are 'valid' messages according to SMTP, but in any case I can see them through the web interface, and after I delete them through the web interface, Outlook is unblocked and able to download other messages. I have always imagined them to be spam attempts gone bad, shrugged my shoulders, and accepted their existence. They occur rarely, roughly one in 5000 messages. Peter K. Peter Klavins [EMAIL PROTECTED] -Original Message- From: John Gonzalez/netMDC admin [mailto:[EMAIL PROTECTED] Sent: Friday, 23 July 2004 7:32 AM To: [EMAIL PROTECTED] Subject: Re: Outlook and Qmail Do me a quick favor and when it happens, grep the message for three +++ signs together... if he's on a dialup modem, I have seen 3 plusses cause the modem to go into the 'guard' and 'hang' the email program. A long shot, but something worth looking into. On Thu, Jul 22, 2004 at 09:26:22PM -0400, Brian Franco wrote: I have the same problem with redhat sendmail and qpopper did you ever find a solution? Any help would be greatly appreciated I am having a problem with one of my customers who is using Outlook 2000 SP-3 to connect to our Qmail server. When downloading messages from his POP account, Outlook will hang. It is most likely a corrupted message, since he can delete the messages using a webmail interface, and then continue to download messages. He has been using McAfee's SpamKiller, but now, even when he turns it off he has the same problem. He has even deleted his account and recreated it (this is a virtual domain, so he can login as Postmaster and do that). Has anyone run into this problem? I know at least one other ISP having the same problem with some of his customers, but we have not found a solution yet. Any pointers will be appreciated. Thanx, Anil Gupte -- John Gonzalez, Tularosa Communications | (505) 439-0200 work JG6416, ASN 11711, [EMAIL PROTECTED] | (505) 443-1228 fax http://www.tularosa.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Urgent! Need help with abuse-detection and prevention
Hi guys, I've lately experienced excessive Apache-usage (to be clear: several hundered open connections in a very short time) to one of my servers. And I believe that FTP etc. are also subject to similar attacks. For Apache it resulted in problems that all processes were in state reading without actually doing anything ... a simple but efficient DOS for the httpd-process, that also caused it to die immediately. Can you give me any suggestions how to set up basic iptables-filtering-rules easily and how to prevent such abusive connections? Your urgent help would be really much appreciated. Kind regards, Paul Bergdörfer _ Die ultimative Fan-Seite für den MSN Messenger http://www.ilovemessenger.de Emoticons und Hintergründe kostenlos downloaden! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Urgent! Need help with abuse-detection and prevention
Hi guys, I've lately experienced excessive Apache-usage (to be clear: several hundered open connections in a very short time) to one of my servers. And I believe that FTP etc. are also subject to similar attacks. For Apache it resulted in problems that all processes were in state reading without actually doing anything ... a simple but efficient DOS for the httpd-process, that also caused it to die immediately. Can you give me any suggestions how to set up basic iptables-filtering-rules easily and how to prevent such abusive connections? Your urgent help would be really much appreciated. Kind regards, Paul Bergdörfer _ Die ultimative Fan-Seite für den MSN Messenger http://www.ilovemessenger.de Emoticons und Hintergründe kostenlos downloaden!
IE bug
Hi, Afert last fixes of SSL issues in IE new problems arised. Microsoft realesed fix fro the fixes :-) http://www.microsoft.com/downloads/details.aspx?amp;amp;displaylang=enfamilyid=254EB128-5053-48A7-8526-BD38215C74B2displaylang=en -- Overview This is an update to Internet Explorer for computers which are running Security Patch q832894 and are receiving a 500 Server Internal Error message after submitting data to a Web site. Security Patch q832894 included a fix to make Internet Explorer work better with Web servers that reset http connections when requesting authentication credentials from the client computer during a POST request. However, Web servers that reset an http connection with Internet Explorer for other reasons may experience errors when Internet Explorer attempts to reset the connection to the server. This update resolves the issue with Security Patch q832894. In order for this update to take effect, you may need to restart your computer after you install the patch. --- Howver is it posisble to tune up apache so it will alolow user that has NOT put that patch to work ? Thanks in advance, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
IE bug
Hi, Afert last fixes of SSL issues in IE new problems arised. Microsoft realesed fix fro the fixes :-) http://www.microsoft.com/downloads/details.aspx?amp;amp;displaylang=enfamilyid=254EB128-5053-48A7-8526-BD38215C74B2displaylang=en -- Overview This is an update to Internet Explorer for computers which are running Security Patch q832894 and are receiving a 500 Server Internal Error message after submitting data to a Web site. Security Patch q832894 included a fix to make Internet Explorer work better with Web servers that reset http connections when requesting authentication credentials from the client computer during a POST request. However, Web servers that reset an http connection with Internet Explorer for other reasons may experience errors when Internet Explorer attempts to reset the connection to the server. This update resolves the issue with Security Patch q832894. In order for this update to take effect, you may need to restart your computer after you install the patch. --- Howver is it posisble to tune up apache so it will alolow user that has NOT put that patch to work ? Thanks in advance, Peter
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thu, 2004-02-12 at 10:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. As of kernel 2.4.23/4 i have been getting some problems with the bcm5700 driver (card's not detected and other things) so i would recommend using the tg3 drivers. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - Please note that with the standard Debian 3.0 cd the SmartArray only works in single channel mode. If you use a dual channel config you will get a error like 'can't get controller into duplex mode'. I don't know if this if also true for the 641, but since it uses the same driver i think it is. Another thing with the DL380G3 (and maybe also the ML350) is that the (raid) performance is very disappointing. This might have something todo with hyperthreading / SMP. But i am not sure. I have tested with a single CPU and in some cases the performance was (much) better. but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody on Proliant ML350 G3 (smartarray 641)
On Thu, 2004-02-12 at 10:00, Markus Oswald wrote: Am Mi, den 11.02.2004 schrieb Emmanuel Halbwachs um 20:12: Hello everybody, I've just suscribed to the list after discovering it recently. I'm not strictly an ISP, but I provide various services for 150-200 users. I would like to run woody on HP Compaq Proliant ML350 G3 (no choice of the model because of public market reasons). Before buying some machines, I would like to check if woody can be installed on. Actually, colleagues of mine own some (running FreeBSD) and proposed me to try to install woody on one box. The hardware is : raid controller : smartarray 641 ethernet NIC : BCM5702 (subsystem : NC7760) This will be my first woody install on raid hardware, so I'm inexperienced. Colleagues told me that woody install fails due to old kernel 2.4.18-bf24 which doesn't include recent modules for the raid (cciss) and the NIC (tg3 seems better than bcm5700). I've searched the list archive but I didn't really find an answer. As of kernel 2.4.23/4 i have been getting some problems with the bcm5700 driver (card's not detected and other things) so i would recommend using the tg3 drivers. I don't know for sure about the RAID controller [1] but to get the NIC in a ProLiant DL380G3 (a BMC57xx too) working I compiled the driver from Broadcom against a 2.4.18-bf24 source. This way I get modules which can be used with the woody bf24 kernel so I can setup the system and download a newer kernel to the system. Beginning with 2.4.19 you can use the tg3.o module supplied by the kernel... You can grab the compiled modules from my repository (http://people.iirc.at/moswald/linux/bf24_modules/bcm5700/) or the source directly from Broadcom (http://www.broadcom.com/drivers/) [1] It may work with the cciss module just as the SmartArray 5i does - Please note that with the standard Debian 3.0 cd the SmartArray only works in single channel mode. If you use a dual channel config you will get a error like 'can't get controller into duplex mode'. I don't know if this if also true for the 641, but since it uses the same driver i think it is. Another thing with the DL380G3 (and maybe also the ML350) is that the (raid) performance is very disappointing. This might have something todo with hyperthreading / SMP. But i am not sure. I have tested with a single CPU and in some cases the performance was (much) better. but I read somewhere about a bug in the driver which wasn't fixed until 2.4.21. best regards, Markus -- Markus Oswald [EMAIL PROTECTED] \ Unix and Network Administration Graz, AUSTRIA \ High Availability / Cluster Mobile: +43 676 6485415\ System Consulting Fax:+43 316 428896 \ Web Development Peter
Re: Still Considering Debian - But Stuck!
Just to follow up: If you do want to install Debian with the 2.4 kernel just use the BF24 boot option when installing from CD. A complete list of boot options is available when installing from CD. You then will have 2.4 options (i.e. drivers, ext3, etc.) available during the install process. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Still Considering Debian - But Stuck!
Just to follow up: If you do want to install Debian with the 2.4 kernel just use the BF24 boot option when installing from CD. A complete list of boot options is available when installing from CD. You then will have 2.4 options (i.e. drivers, ext3, etc.) available during the install process. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Re: 2.6 kernel network interface assignment order
Take a look at: http://www.xenotime.net/linux/doc/network-interface-names.txt This seems to be what you want. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Tommy Moore wrote: You won't be able to do this I don't think if the cards you are using operate off the same module. Tommy On Thu, Jan 29, 2004 at 10:15:09PM +0100, Franz Georg K??hler wrote: On Do, Jan 29, 2004 at 03:47:26 -0500, Eric Sproul [EMAIL PROTECTED] wrote: On Thu, 2004-01-29 at 14:55, Franz Georg K??hler wrote: This occasionally happens with new kernel releases. I'd like to know why. I think this is related to the pci-bus initialization-, ACPI-code, etc. Upgrading to a new major release also means experiencing major changes. I noticed this when I upgraded from 2.2 to 2.4 . If you're using a modular kernel you should be able to influence the device names by loading the modules in a specific order. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: 2.6 kernel network interface assignment order
Take a look at: http://www.xenotime.net/linux/doc/network-interface-names.txt This seems to be what you want. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Tommy Moore wrote: You won't be able to do this I don't think if the cards you are using operate off the same module. Tommy On Thu, Jan 29, 2004 at 10:15:09PM +0100, Franz Georg K??hler wrote: On Do, Jan 29, 2004 at 03:47:26 -0500, Eric Sproul [EMAIL PROTECTED] wrote: On Thu, 2004-01-29 at 14:55, Franz Georg K??hler wrote: This occasionally happens with new kernel releases. I'd like to know why. I think this is related to the pci-bus initialization-, ACPI-code, etc. Upgrading to a new major release also means experiencing major changes. I noticed this when I upgraded from 2.2 to 2.4 . If you're using a modular kernel you should be able to influence the device names by loading the modules in a specific order. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are hardened out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better jail solution, especially interesting for webhosting. Better accounting, better filesystem. that´s how it appears to me. i have average admin knowledge and judge only on one thing: how much time does it cost to keep the system running. Linux was to expensive last year. Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SOP for debian isp/corporate server...
Prasad,
1) There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto
2) There really is no SOP on bloat because one man's bloat is another's needed
service.
You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your perfect set of packages do a:
dpkg --get-selections '*' {some-file-name}
You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.
Next time you do an install do a:
dpkg --set-selections {some-file-name}
then run apt-get dselect-upgrade
This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.
Pete
--
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho
Quoting prasad [EMAIL PROTECTED]:
hi,
As many of you must have experienced, there are usual SOPs for setting
up
non-bloated, secure bare-bones Servers with respective OSs eg for
solaris.
Is there SOP for debian, if not, I guess this list is better poised to
produce one. Any links, pointers... I have googled, but didn't find any
old
message,
What applies for isp-servers also applies for corporate servers which
are
24/7 connected to net for things like mail etc, which need to take
similar
precautions. One of the reasons I have found, one company took a policy
decision to not deploy to linux servers some time back, is becuse these
rapidly moving distros like RH with insecure preinstalled bloat, was
causing
major maintainance security hasle. Now that RH is out of picture, and
debian just the kind of thing made for such a configuration, SOP will
help.
regards,
prasad
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
sting
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
On Mon, 19 Jan 2004 21:00:18 +0100, in linux.debian.isp you wrote: I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . well, three really bad kernel bugs and now on 2.6 kernel so many new things - in 2004 linux administrators will have to follow security mailing lists very closely. it will be a time consuming job to update kernels every x weeks. Also you will have to be a security expert to get a secured system, as neither debian nor redhat kernels are hardened out of the box. maybe it´s better to take a look at adamantix.org, that is based on debian. if freebsd is in your choice, take a deeper look into it. seems to be much more developed. better jail solution, especially interesting for webhosting. Better accounting, better filesystem. that´s how it appears to me. i have average admin knowledge and judge only on one thing: how much time does it cost to keep the system running. Linux was to expensive last year. Peter
Re: SOP for debian isp/corporate server...
Prasad,
1) There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto
2) There really is no SOP on bloat because one man's bloat is another's needed
service.
You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your perfect set of packages do a:
dpkg --get-selections '*' {some-file-name}
You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.
Next time you do an install do a:
dpkg --set-selections {some-file-name}
then run apt-get dselect-upgrade
This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.
Pete
--
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho
Quoting prasad [EMAIL PROTECTED]:
hi,
As many of you must have experienced, there are usual SOPs for setting
up
non-bloated, secure bare-bones Servers with respective OSs eg for
solaris.
Is there SOP for debian, if not, I guess this list is better poised to
produce one. Any links, pointers... I have googled, but didn't find any
old
message,
What applies for isp-servers also applies for corporate servers which
are
24/7 connected to net for things like mail etc, which need to take
similar
precautions. One of the reasons I have found, one company took a policy
decision to not deploy to linux servers some time back, is becuse these
rapidly moving distros like RH with insecure preinstalled bloat, was
causing
major maintainance security hasle. Now that RH is out of picture, and
debian just the kind of thing made for such a configuration, SOP will
help.
regards,
prasad
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
sting
Woody packages for nagios?
Hi, are there any woody packages for nagios? Thanks! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Searching for a simple chroot-solution
On Thu, 08 Jan 2004 16:50:22 +0100, in linux.debian.isp you wrote: jailer - Builds and maintains chrooted environments jailtool - Tool to build chroot-jails for daemons. makejail - Automatically create chroot jails for programs. I did not find these ones in woody. Where are they? I just want woody packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: Chrooted apache package for Debian?
On Fri, 09 Jan 2004 16:10:13 +0100, in linux.debian.security you wrote: use makejail or jailer i guess these packages are not in woody, because i did not find them in there. Are there any backports? I just don´t want to use anything else than woody. Thanks! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody packages for nagios?
On Mon, 12 Jan 2004 16:56:06 +0100, you wrote: http://www.apt-get.org/search.php?query=nagiossubmit=arch%5B%5D=i386arch%5B%5D=all thank you very much! Fortunately I found nagios on backports.org, that enables me to only use that package from backports! GREAT! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody packages for nagios?
On Mon, 12 Jan 2004 16:56:06 +0100, you wrote: http://www.apt-get.org/search.php?query=nagiossubmit=arch%5B%5D=i386arch%5B%5D=all thank you very much! Fortunately I found nagios on backports.org, that enables me to only use that package from backports! GREAT!
Woody packages for nagios?
Hi, are there any woody packages for nagios? Thanks!
Re: Searching for a simple chroot-solution
On Thu, 08 Jan 2004 16:50:22 +0100, in linux.debian.isp you wrote: jailer - Builds and maintains chrooted environments jailtool - Tool to build chroot-jails for daemons. makejail - Automatically create chroot jails for programs. I did not find these ones in woody. Where are they? I just want woody packages.
Re: Re: Chrooted apache package for Debian?
On Fri, 09 Jan 2004 16:10:13 +0100, in linux.debian.security you wrote: use makejail or jailer i guess these packages are not in woody, because i did not find them in there. Are there any backports? I just don´t want to use anything else than woody. Thanks!
Searching for a simple chroot-solution
Hi, can anybody recommend a simple chroot solution? At the moment I am using http://jail.sourceforge.net/ that´s not bad at all, but something that would integrate more into debian and possible to install with an apt-get jail or similar would be also nice. Is there a debianized standard solution? Thanks for your attention! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Root Hints Problem after Security Update
Hello All, After applying the latest Debian Woody security update to BIND I am getting sysquery errors logged to the daemon log complaining that bind can't get an address for any of the root servers. Everything I can find says that the problem is an out-of-date root hints file but I have downloaded the latest one from Internic and also used dig to create one, but both produce the same errors. I should also note that bind was happy with the old root hints file before the security update. Anyone else having this problem? Any suggestions? Pete Billson -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache php zend? errors!?!?
I am not sure (cause I do not have ssh to your machine) but I think you are using wrong php.ini file Accroding to this one there is NO zend optimizer. Look for correct php.ini in /usr/local/Zend/etc/php.ini Peter - Original Message - From: Daniel Holze [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 08, 2004 6:52 AM Subject: apache php zend? errors!?!? Hi all, i have installed php4.3.4 with Zend Optimizer and Zend Engine. So when i visit a Zend encoded site i get an apache error. [notice] child pid 19024 exit signal Segmentation fault (11) Normaly php sites are working. Configuration and infos about php apache and Zend can u get here: http://test.dwl-vserver.de/lizenzinfo.php the index.php is encoded and doesn`t work :-( Anyone any idea?!?! -- Best wishes, DWL-Deutsche Webleasing oHG Daniel Holze Technical Director Offenbacher Landstrasse 387 D-60599 Frankfurt Telefon: +49 (0)69 403 57 990 Telefax: +49 (0)69 403 57 991 http://www.dwleasing.de mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Searching for a simple chroot-solution
Hi, can anybody recommend a simple chroot solution? At the moment I am using http://jail.sourceforge.net/ that´s not bad at all, but something that would integrate more into debian and possible to install with an apt-get jail or similar would be also nice. Is there a debianized standard solution? Thanks for your attention!
Root Hints Problem after Security Update
Hello All, After applying the latest Debian Woody security update to BIND I am getting sysquery errors logged to the daemon log complaining that bind can't get an address for any of the root servers. Everything I can find says that the problem is an out-of-date root hints file but I have downloaded the latest one from Internic and also used dig to create one, but both produce the same errors. I should also note that bind was happy with the old root hints file before the security update. Anyone else having this problem? Any suggestions? Pete Billson -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting
Re: apache php zend? errors!?!?
I am not sure (cause I do not have ssh to your machine) but I think you are using wrong php.ini file Accroding to this one there is NO zend optimizer. Look for correct php.ini in /usr/local/Zend/etc/php.ini Peter - Original Message - From: Daniel Holze [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Thursday, January 08, 2004 6:52 AM Subject: apache php zend? errors!?!? Hi all, i have installed php4.3.4 with Zend Optimizer and Zend Engine. So when i visit a Zend encoded site i get an apache error. [notice] child pid 19024 exit signal Segmentation fault (11) Normaly php sites are working. Configuration and infos about php apache and Zend can u get here: http://test.dwl-vserver.de/lizenzinfo.php the index.php is encoded and doesn`t work :-( Anyone any idea?!?! -- Best wishes, DWL-Deutsche Webleasing oHG Daniel Holze Technical Director Offenbacher Landstrasse 387 D-60599 Frankfurt Telefon: +49 (0)69 403 57 990 Telefax: +49 (0)69 403 57 991 http://www.dwleasing.de mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian on a Dell-Server???
Daniel, Debain works fine on Dells. A couple tips assuming you are installing from the Woody CD: 1) Use the BF24 boot option so that you are installing a 2.4 kernel and not the default 2.2 kernel 2) You may run into problems with your RAID array due to a chicken/egg problem with the driver. There is a perfect how-to at http://lists.us.dell.com/pipermail/linux-poweredge/2002-September/003971.html to work around the problem. The how-to says you can do it on the system during install but I have found it is *much* easier to make the driver floppy on another system first. 3) There is more info on Matt Domsch's page at http://domsch.com/linux Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Daniel Holze wrote: Hello debian-isp, Anyone know, if i can Debian on an Dell-Server? Dell says olny RedHat9 :-/ -- Best wishes, DWL-Deutsche Webleasing oHG Daniel Holze Technical Director Hanauer Landstrasse 320 D-60314 Frankfurt Telefon: +49 (0)69 403 57 990 Telefax: +49 (0)69 403 57 991 http://www.dwleasing.de mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian on a Dell-Server???
Daniel, Debain works fine on Dells. A couple tips assuming you are installing from the Woody CD: 1) Use the BF24 boot option so that you are installing a 2.4 kernel and not the default 2.2 kernel 2) You may run into problems with your RAID array due to a chicken/egg problem with the driver. There is a perfect how-to at http://lists.us.dell.com/pipermail/linux-poweredge/2002-September/003971.html to work around the problem. The how-to says you can do it on the system during install but I have found it is *much* easier to make the driver floppy on another system first. 3) There is more info on Matt Domsch's page at http://domsch.com/linux Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Daniel Holze wrote: Hello debian-isp, Anyone know, if i can Debian on an Dell-Server? Dell says olny RedHat9 :-/ -- Best wishes, DWL-Deutsche Webleasing oHG Daniel Holze Technical Director Hanauer Landstrasse 320 D-60314 Frankfurt Telefon: +49 (0)69 403 57 990 Telefax: +49 (0)69 403 57 991 http://www.dwleasing.de mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: SSHD trouble
Title: Message whers all the funny stuff??? I loved that place.!! jag elske det --- Regards Peter Blumen
Re: Re: SSHD trouble
Title: Message whers all the funny stuff??? I loved that place.!! jag elske det --- Regards Peter Blumen
Re: Monitoring?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Or have a look at jfnnms (jffnms.sourceforge.net) - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/QXBQACgkQezyUhHKdNXRM+ACfa917uia+dDigvwfvOXIuCgXg vxUAnj9VfASr68Mo85wuGO1LM6ggvzt3 =78IB -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Or have a look at jfnnms (jffnms.sourceforge.net) - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/QXBQACgkQezyUhHKdNXRM+ACfa917uia+dDigvwfvOXIuCgXg vxUAnj9VfASr68Mo85wuGO1LM6ggvzt3 =78IB -END PGP SIGNATURE-
Re: System Hardware Tracking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cool, I know the answer to that one. You can use DMO (http://sourceforge.net/projects/dmo) The sourceforge link is the frontend to the database. Its still lacking some scripts but in general, it uses nmap, nessus etc. to discover as much as possible form a particular machine. If you want to get even more into detail .. you could use snmpd to read out the /var/log/dmesg file and do a remote lspci. Then you should know about everything you need to know from one particular machine. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/PEu8ACgkQezyUhHKdNXQoOACfUu5DCZtazRE2NrlR36CMnL5r 1acAmwRWhylkL5slmhhJjp/lSzhB2Hkw =t8yN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: System Hardware Tracking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cool, I know the answer to that one. You can use DMO (http://sourceforge.net/projects/dmo) The sourceforge link is the frontend to the database. Its still lacking some scripts but in general, it uses nmap, nessus etc. to discover as much as possible form a particular machine. If you want to get even more into detail .. you could use snmpd to read out the /var/log/dmesg file and do a remote lspci. Then you should know about everything you need to know from one particular machine. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iEYEARECAAYFAj/PEu8ACgkQezyUhHKdNXQoOACfUu5DCZtazRE2NrlR36CMnL5r 1acAmwRWhylkL5slmhhJjp/lSzhB2Hkw =t8yN -END PGP SIGNATURE-
Re: Strange problem with NIC
Hello, On Sun, Nov 23, 2003 at 10:49:35AM +0100, Roman Medina wrote: I'm experimenting the following problem: one Debian machine with 1 10/100 Ethernet NIC where its upstream speed is reasonable (2 or 3 Mbytes per second) but its downstream speed is awful (35 kbytes per second ). All experiments are made in a LAN, so I cannot explain the 35 kbytes/s extremely low speed. Any idea? TIA we had this problem with wrong half-duplex/full-duplex settings. They appeared when both of switch and nic were configured for autonegotiation. Disabling autonegotiation for the switch port solved the problem. HTH, Hans Peter -- /Quelltext AG -- Professional Software Services // // Hans Peter Wiedau [EMAIL PROTECTED], CEO // // Ostenhellweg 31, 44135 Dortmund, Germany // \\/ fon +49 231 9503750, fax +49 231 9503751 \\ Web http://www.quelltext.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Strange problem with NIC
Hello, On Sun, Nov 23, 2003 at 10:49:35AM +0100, Roman Medina wrote: I'm experimenting the following problem: one Debian machine with 1 10/100 Ethernet NIC where its upstream speed is reasonable (2 or 3 Mbytes per second) but its downstream speed is awful (35 kbytes per second ). All experiments are made in a LAN, so I cannot explain the 35 kbytes/s extremely low speed. Any idea? TIA we had this problem with wrong half-duplex/full-duplex settings. They appeared when both of switch and nic were configured for autonegotiation. Disabling autonegotiation for the switch port solved the problem. HTH, Hans Peter -- /Quelltext AG -- Professional Software Services // // Hans Peter Wiedau [EMAIL PROTECTED], CEO // // Ostenhellweg 31, 44135 Dortmund, Germany // \\/ fon +49 231 9503750, fax +49 231 9503751 \\ Web http://www.quelltext.com
Re: Duplicating machines
On Wed, 15 Oct 2003 17:50:18 +0200, in linux.debian.isp you wrote: fai, sysimager, mondo/mindi? What's your favourite approach? Why not rsync ??? Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: two ethernet ports on one PCI NIC?
Steven, Intel makes duel and quad port NIC cards that are fully supported and have worked great for me. http://www.intel.com/network/connectivity/products/server_adapters.htm BTW - if you only need one Intel will sell you one evaluation card for a great price! Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Jones, Steven wrote: Think you will have to go to a 4 port NIC, Im not aware of a 2 port one, I know of 2 made but I have not tried either, one is a dlink unit (the other intel or 3com?)and Ive used the single port version so the chipset works, but not if 4 are seen by Debian (you can send me one to try if you want grin). regards Steven -Original Message- From: Chris Evans [mailto:[EMAIL PROTECTED] Sent: Friday, 10 October 2003 8:58 AM To: [EMAIL PROTECTED] Subject: two ethernet ports on one PCI NIC? I run a small postfix/ecartis Email list service (double opt in) for some charities. My firewall is due to be replaced and I'd like to go for one of these new tiny, very quiet boxes since the old things I've got do create a great racket in my study and take up space. All the tiny boxes I'm considering have one ethernet port on the motherboard but only one PCI slot. Anyone know of a reliable dual ethernet NIC for PCI that has linux drivers (Debian tested ideally)? TIA, Chris PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling and Therapeutic Communities; practice, research, teaching and consultancy. Chris Evans Jo-anne Carlyle http://psyctc.org/ Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: multi-terabyte disks
Noah, The 2.4.x kernels do have a 2Tb limit but that is fixed in = 2.5.40 / 2.6 kernels. You could, of course, partition your 10Tb array into 5 logical drives to solve the problem with the 2.4.x kernel. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Noah L. Meyerhans wrote: Am I correctly interpreting pages such as http://www.gelato.unsw.edu.au/IA64wiki/LargeBlockDevices in my understanding that Linux 2.4 can not address the entire capacity of a 3 terabyte disk? I find this very surprising if it's true. I would have expected there to be some demand for such a feature, especially since multiple-terabyte disk arrays can be found $10k or less these days. noah Part 1.2Type: application/pgp-signature -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: amavisd-new and clamav for woody???
On Thu, 02 Oct 2003 07:40:11 +0200, in linux.debian.isp you wrote: I'm using these apt-sources on my production filterboxes: deb http://people.debian.org/~aurel32/BACKPORTS woody main deb http://people.debian.org/~hmh/woody/ hmh/amavisd-new/ BTW, how can I pin a package to a specified source? In other words: how to tell apt to get package x only from source X and a package Y only from source Y? As I can see the maintainer of the BACKPORTS above allows this to be done with an extra dists subdir, so a line like this deb http://people.debian.org/~aurel32/BACKPORTS woody-amavisd-new main will get only amavisd-new. Is there no way to do this with apt? Thanks for your attention! Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Hot-backup a complete Debian install
Hi, we're using a similar setup for some hosts and I have the best results so far with dump/restore on ext2/ext3 partitions. I've even successfully recreated a database server with mysql and postgresql servers running and using dump as a backup tool. No problems so far. - Cheers, Peter -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Hot-backup a complete Debian install
On Wednesday, October 1, 2003, at 3:43 PM, Roman Medina wrote: On Wed, 1 Oct 2003 11:42:25 -, you wrote: which is the backup target media? Hard-disk. The idea is to have another logical partition for backups and then some scripts to upload/download to any secure site (I could use rsync over ssh or simply scp). But the uploading is a second step. Now I'd like to deal with the first stage: the dump process. Another question: for restoring a backup, do I need to create (fdisk) a destination partition with the exact same size of the original? Could I use a greater one? (in this case, would I lose disk-space or the filesystem is expanded accordingly?). That is exactly the beauty of dump. I would have suggested dd for backup/restore but there you have the problem of identical fdisk settings. Dump/restore can deal well with bigger partitions. Finally, the 3rd stage: if you're going to save the backup files in an non-trusty machine, which kind of container / encryption software would you use? This would need to be easily scriptable, for automatize the backup task. Hmm .. tricky .. anything that is run by a script .. has the problem that if the script can be read .. anybody can do what the script does. Another option to consider is that those dump files will be big (depending on your system) Running them through a gpg -e will a) make the machine slow and b) take a LONG time. I'd be very interested on how to solve this one .. - Cheers, Peter -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
amavisd-new and clamav for woody???
Hi, where can I get recent versions of amavisd-new and clamav for woody? Ot would be very helpful, if there where some packages for woody out there, because I do not want to change my sources.list... Thank you very much for your attention! Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RFC2228-only FTP ?
Maybe I'm not getting this thread but why don't you use WebDAV over HTTPS? It seems to be supported in all the tools you mentioned. - Just my 2 cents. - Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: splitting a subnet in an odd way
Leonardo, I may not exactly understand what you are trying to do but if the only thing you are trying to accomplish is firewalling the machines differently, couldn't you just: 1) assign them different gateways. The open machines would use the real gateway. The other two groups would use the trusted side of the two firewalls as gateways. The firewalls would use your real gateway to forward the packets to/from the world. The two firewalls could be one Linux box with a couple interfaces and appropriate firewall rules. 2) just write the firewall rules to do what you want. Why not just write your firewall rules to do what you want? Pass IPs x to y without filtering, etc., etc. This seems most straight forward. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting On Wednesday 24 September 2003 10:47, Leonardo Boselli wrote: I have a /24 subnet. .1 is the gateway and almost all IP from 2 to 254 are occupied. I would like to split the host in three groups: 12 that can have full access, 12 thought one firewall and the other 205 throught a second firewall. I cannot chanmge the number of some machines, so the only option is that the first 12 and the two firewalls are .2 to .14 the second group is .18 to .29 and the third vould keep is present numbers between .36 and .254. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Postfix: Multiple recipients alias?
Hi there, one way that comes to mind is to run incoming mail for this account through a filter of some sort (mailfilter, procmail etc.) that would check for the sender address. This, of course, would also let spam emails through that pose as local senders but are, in fact, fake. Just my 2 cents... - Cheers, Peter On Friday, September 26, 2003, at 1:40 PM, R.M. Evers wrote: Hi, This could be a stupid question, but I'm trying to accomplish the following: In our company, we run a Debian mailserver with Postfix. The server runs a lot of accounts and virtual domains for our customers, but also for our own employees. Now, what i want to do, is make some sort of alias for our employees, so that they can send an e-mail to, for example [EMAIL PROTECTED], which would deliver to all of our mailboxes. But, I only want this alias to be available for our own employees. Not for the outside world, of course.. Would this be possible? Regards, -- R.M. Evers [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ip aliasing and second default gw in /etc/network/interfaces
Greetings ! I'm hoping some smart soul can help me with this. After experimenting a bit, I discovered that I could add a second ip address by issuing ifconfig eth0:1 192.168.1.92 up Once that's in pace, I found I could add a second default gatway by issuing route add default gw 192.168.1.1 My situation is that I have two subnets, each of which have their own DSL gateway, and I'd like the subnet machines (selectively) to be able to talk to each other and to have the other DSL router as a fallback when it turns out that one of the ISPs is running Windows and gets taken out by viruses. QUESTION: how do I enter this information in /etc/network/interfaces? I've tried the obvious and it fails. I've installed iproute now and could use that. These things have to be added in a definite order -- -- first the primary ip address -- then the primary gateway -- then the secondary ip address -- finally the secondary gateway If I try to put this into /etc/network/interfaces, it just locks up. Could I put the secondary ip and gw in /etc/init.d/bootmisc? Is there some other logical place to put it? Do I need iproute? I realize this question sounds silly, since I should just put it in interfaces in the same way I put the primary address and gateway, like this: iface eth0:1 inet static address 192.168.1.71 gateway 192.168.1.1 But it doesn't do the trick -- this is disregarded. If I enter it as above from bash, it always works. I've also tried things like ip route add 192.168.1.0/24 dev eth0 via 192.168.1.1 from bash, but it gives the wrong mask (for default gw I want 0.0.0.0). I can put ip commands in /etc/network/interfaces like this (but it's not what I need): up ip route add 192.168.1.0/24 dev eth0 via 192.168.1.1 How do I put route add default gw 192.168.1.1 into interfaces? If I just add that line, it freezes for a while and then returns unchanged. I'd really appreciate advice on this -- I've spent a lot of time trying to make it work. Please cc: me. Cheers, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
mailman
Hi, I am new to mailman and after apt-get install mailman following the INSTALL doc I tried a check_perms, that gave me lots of errors. Trying to fix these with -f gave even more errors. Is this normal? Did I something wrong? Are there any special things I have to do to get it running? Thanks for your attention! debian:/usr/lib/mailman/bin$ ./check_perms /var/lib/mailman/archives bad gid (has: list, expected anon gid 38) /var/lib/mailman/lists bad gid (has: list, expected anon gid 38) /var/lib/mailman/qfiles bad gid (has: list, expected anon gid 38) /var/lib/mailman/data bad gid (has: list, expected anon gid 38) /var/lib/mailman/spam bad gid (has: list, expected anon gid 38) /var/lib/mailman/icons bad gid (has: list, expected anon gid 38) /var/lib/mailman/templates bad gid (has: list, expected anon gid 38) /var/lib/mailman/logs bad gid (has: list, expected anon gid 38) /var/lib/mailman/locks bad gid (has: list, expected anon gid 38) /var/lib/mailman/Mailman bad gid (has: list, expected anon gid 38) /var/lib/mailman/bin bad gid (has: list, expected anon gid 38) /var/lib/mailman/cron bad gid (has: list, expected anon gid 38) /var/lib/mailman/filters bad gid (has: list, expected anon gid 38) /var/lib/mailman/mail bad gid (has: list, expected anon gid 38) /var/lib/mailman/scripts bad gid (has: list, expected anon gid 38) /var/lib/mailman/mailman bad gid (has: list, expected anon gid 38) /var/lib/mailman/archives/private bad gid (has: list, expected anon gid 38) /var/lib/mailman/archives/public bad gid (has: list, expected anon gid 38) /var/lib/mailman/data/pending_subscriptions.db bad gid (has: list, expected anon gid 38) /var/lib/mailman/data/last_mailman_version bad gid (has: list, expected anon gid 38) Problems found: 20 Re-run as uid 38 (or root) with -f flag to fix debian:/usr/lib/mailman/bin$ ./check_perms -f /var/lib/mailman/archives bad gid (has: list, expected anon gid 38) (fixing) Traceback (most recent call last): File ./check_perms, line 277, in ? checkall() File ./check_perms, line 137, in checkall os.path.walk(d, checkwalk, STATE) File /usr/lib/python2.1/posixpath.py, line 269, in walk func(arg, top, names) File ./check_perms, line 100, in checkwalk os.chown(path, -1, MAILMAN_GID) OSError: [Errno 1] Operation not permitted: '/var/lib/mailman/archives' Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Apache rotatelogs vs. logrotate questions
Hi, I am just searching the perfect solution for logfile-rotation. The goal is to get a 24-hour rotation exactly at midnight and the logfiles named %y-%m-%d-access.log logrotate and rotatelogs seem to be candidates for the task, but manpages leave some questions open. A) rotatelogs: There is no documentation about which time exactly the rotationtime starts. My tests showed, that restarting apache seems to trigger the countdown of the rotationtime. This seems to be a source for trouble in my eyes, as it will make it impossible to guarantee a logfile rotation e.g. exactly at 23.59, because the rotationtime is always triggered new, if the server is restarted. So if for some maintanance task the server is restarted at 4pm, the logrotation will always take place at 4pm (value 86000 for rotationtime). Is this right? If yes, this tool doesn´t seem to be very useful, because manual restarts will interfere with periodically logrotation. B) rotatelogs: What exactly does offset define? I read the ucf-thing, but what does this mean? C) I really like the strftime-feature of rotatelogs. As I can not find anything about this in the CustomLog directive, this does not seem to be available for definitions of logfile-names in httpd.conf. is it possible any other way to get this done with logrotate? D) logrotate: Does apache NEED the create feature of logrotate or will it interfere with apache? E) logrotate: Is an apache reload as postscript needed or is apache restart recommended? This seems to be needed to release apache-filedescriptors from the old logfile, right? Does this interfere with the create feature (see D)? F) I read about problems with logrotate and ssl. What exactly do I have to think about, if I want to use logrotate for mod-ssl-enabled servers? Thank you very much for your attention, any answers to this questions will hopefully also help others that want to get a grip on logfile rotation. Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
On Wed, 13 Aug 2003 11:20:07 +0200, Domainbox, Tim Abenath [EMAIL PROTECTED] wrote: There are Solutions to Account virtual Hosts, but the are not free. could you name these, please? would be interested in taking a closer look at this... Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
On Wed, 13 Aug 2003 11:20:07 +0200, Domainbox, Tim Abenath [EMAIL PROTECTED] wrote: patched iptables to get an promisc chains on which i account the traffic ip-based. http://idea.hosting.lv/a/iptables-promisc/ what exactly does this patch and how is it to be used? not much documentation on that site... Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Apache rotatelogs vs. logrotate questions
Hi, I am just searching the perfect solution for logfile-rotation. The goal is to get a 24-hour rotation exactly at midnight and the logfiles named %y-%m-%d-access.log logrotate and rotatelogs seem to be candidates for the task, but manpages leave some questions open. A) rotatelogs: There is no documentation about which time exactly the rotationtime starts. My tests showed, that restarting apache seems to trigger the countdown of the rotationtime. This seems to be a source for trouble in my eyes, as it will make it impossible to guarantee a logfile rotation e.g. exactly at 23.59, because the rotationtime is always triggered new, if the server is restarted. So if for some maintanance task the server is restarted at 4pm, the logrotation will always take place at 4pm (value 86000 for rotationtime). Is this right? If yes, this tool doesn´t seem to be very useful, because manual restarts will interfere with periodically logrotation. B) rotatelogs: What exactly does offset define? I read the ucf-thing, but what does this mean? C) I really like the strftime-feature of rotatelogs. As I can not find anything about this in the CustomLog directive, this does not seem to be available for definitions of logfile-names in httpd.conf. is it possible any other way to get this done with logrotate? D) logrotate: Does apache NEED the create feature of logrotate or will it interfere with apache? E) logrotate: Is an apache reload as postscript needed or is apache restart recommended? This seems to be needed to release apache-filedescriptors from the old logfile, right? Does this interfere with the create feature (see D)? F) I read about problems with logrotate and ssl. What exactly do I have to think about, if I want to use logrotate for mod-ssl-enabled servers? Thank you very much for your attention, any answers to this questions will hopefully also help others that want to get a grip on logfile rotation. Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Large Hard Disks and Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just to have a little more to choose from, I've also used the CERC controllers which Dell puts into their servers successfully. Performance and debian support is good but I haven't had to recover a failed drive yet. - - Just my 2 cents. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj75jUcACgkQezyUhHKdNXR0egCfYxNbzPilambFZokPHalbNJuL aEwAn2dlJMxtIvhMB2J43RGh0KpT7BzM =X5Dj -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Large Hard Disks and Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just to have a little more to choose from, I've also used the CERC controllers which Dell puts into their servers successfully. Performance and debian support is good but I haven't had to recover a failed drive yet. - - Just my 2 cents. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj75jUcACgkQezyUhHKdNXR0egCfYxNbzPilambFZokPHalbNJuL aEwAn2dlJMxtIvhMB2J43RGh0KpT7BzM =X5Dj -END PGP SIGNATURE-
UNSUBSCRIBE
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
UNSUBSCRIBE
RE: Router appears in tracert but can't ping?
hi just a small draft to start if you have web server installed :)
#!/usr/bin/perl
#
my $host=http://www.myhost.net;;
my $gsm='12343';
my $emaildomain='partner-site.com';
my $emailbox='emergency';
my $gsm_carrier='your_mobile_suffix.com';
#
use LWP::Simple;
if(!head($host)){
$gsm_email = $gsm.'@'.$gsm_carrier;
$to_email=$emailbox.'@'.$emaildomain;
$from_email='guard@'.$emaildomain;
open MAIL, | /usr/sbin/sendmail -t -i or die Can't init sendmail : $!;
print MAIL To: $gsm_email\n;
print MAIL From: $from_email\n;
print MAIL Subject: Website Failure. Host: $host!\n;
print MAIL Could NOT connect to $host\n;
close MAIL;
open MAIL, | /usr/sbin/sendmail -t -i or die Can't init sendmail : $!;
print MAIL To: $to_email\n;
print MAIL From: $from_email\n;
print MAIL Subject: Website Failure. Host: $host!\n;
print MAIL Could NOT connect to $host\n;
close MAIL;
}
Kind regards,
Peter Zyumbilev
Web Developer Administrator
BIVOL BULGARIA
email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
web: http://www.bivol.net http://www.bivol.net
tel.: +359 88 966940
-Original Message-
From: Rico -mc- Gloeckner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 4:01 PM
To: Stefan Neufeind
Cc: [EMAIL PROTECTED]; Russell Coker
Subject: Re: Router appears in tracert but can't ping?
On Tue, Jun 17, 2003 at 01:27:16PM +0200, Stefan Neufeind wrote:
hosts via ping. So I need a replacement that would tell me if
this router on
the way to a server is reachable. I want to test the whole path
to see where an
error occured. Well, is it possible to simulate
traceroute-like packets? What
would you do to achive this?
write a small perl script which execs traceroute and parses traceroute
data.
shouldnt be too hard.
--
| Rico -mc- Gloeckner | mv ~/.signature `finger [EMAIL PROTECTED] |
| Encrypted Mails preferred: 1024D/61F05B8C |
| 3D67 D42F 2D50 4B68 1D62 E999 EFCB CDFF 61F0 5B8C |
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Router appears in tracert but can't ping?
hi just a small draft to start if you have web server installed :)
#!/usr/bin/perl
#
my $host=http://www.myhost.net;;
my $gsm='12343';
my $emaildomain='partner-site.com';
my $emailbox='emergency';
my $gsm_carrier='your_mobile_suffix.com';
#
use LWP::Simple;
if(!head($host)){
$gsm_email = $gsm.'@'.$gsm_carrier;
$to_email=$emailbox.'@'.$emaildomain;
$from_email='guard@'.$emaildomain;
open MAIL, | /usr/sbin/sendmail -t -i or die Can't init sendmail : $!;
print MAIL To: $gsm_email\n;
print MAIL From: $from_email\n;
print MAIL Subject: Website Failure. Host: $host!\n;
print MAIL Could NOT connect to $host\n;
close MAIL;
open MAIL, | /usr/sbin/sendmail -t -i or die Can't init sendmail : $!;
print MAIL To: $to_email\n;
print MAIL From: $from_email\n;
print MAIL Subject: Website Failure. Host: $host!\n;
print MAIL Could NOT connect to $host\n;
close MAIL;
}
Kind regards,
Peter Zyumbilev
Web Developer Administrator
BIVOL BULGARIA
email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
web: http://www.bivol.net http://www.bivol.net
tel.: +359 88 966940
-Original Message-
From: Rico -mc- Gloeckner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 4:01 PM
To: Stefan Neufeind
Cc: debian-isp@lists.debian.org; Russell Coker
Subject: Re: Router appears in tracert but can't ping?
On Tue, Jun 17, 2003 at 01:27:16PM +0200, Stefan Neufeind wrote:
hosts via ping. So I need a replacement that would tell me if
this router on
the way to a server is reachable. I want to test the whole path
to see where an
error occured. Well, is it possible to simulate
traceroute-like packets? What
would you do to achive this?
write a small perl script which execs traceroute and parses traceroute
data.
shouldnt be too hard.
--
| Rico -mc- Gloeckner | mv ~/.signature `finger [EMAIL PROTECTED] |
| Encrypted Mails preferred: 1024D/61F05B8C |
| 3D67 D42F 2D50 4B68 1D62 E999 EFCB CDFF 61F0 5B8C |
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
Re: XEON SMP KERNEL 2.4.20 tree
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi again, How long have those machines been online? $ uptime 11:14:51 up 8 days, 21:46, 1 user, load average: 0.00, 0.03, 0.00 $ uname -a Linux data 2.4.21-rc6 #1 SMP Tue Jun 3 12:46:45 CEST 2003 i686 unknown There is a discussion about the 2.4.21rc kernels on the SE Linux mailing list. Machines running 2.4.21rc kernels seem to have a kernel memory leak which makes them unusably slow. Opinion is divided on whether this is a kernel issue or a SE Linux issue. I don't believe that it is SE Linux at fault as the SE code we are using is a straight port from 2.4.20 (and should run equally well as on 2.4.20). However other people have seen some evidence to suggest that the problem may only occur on SE Linux machines (I don't run any non-SE machines at the moment for testing). With the 2.4.20 kernel, this machine froze up to 2 times per day. As you can see, its now operational for more than a week and doesn't have any problems. About the performance, I cannot make an informed comment, since this is our NFS-Server and the machine performs as well as it did before. So .. for me, it does do as well as before. Ok .. just for a quick comparison I compiled a stock 2.4.20 kernel on 2 machines (one with 2.4.19, one with 2.4.21rc6 kernels running). The machines are xSeries 340 DP with 1 GHz CPUs, 1 GIG of RAM and 36 GIG SCSI HDs, onboard AIC controller. $ time make -j3 bzImage Machine running 2.4.19 real2m18.895s user4m2.760s sys 0m16.810s Machine running 2.4.21rc6 real2m18.842s user4m12.920s sys 0m16.370s So .. again .. I cannot say that the performance has changed in any way. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7oW64ACgkQezyUhHKdNXRCRACeKTgWhHV8fp66BAyYjzGAjuGL ZyIAnA/ENUIgCZ73eT1V2iXMDKtN0H03 =dQML -END PGP SIGNATURE-
Re: XEON SMP KERNEL 2.4.20 tree
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, June 11, 2003, at 03:21 PM, Theodore Knab wrote: I have 3 dual processor IBM Netfinity Servers with the XEON P3 (1Mb Cache). The machine type is IBM Type 8665-6RY. I recently updated from the 2.4.19 to the 2.4.20 kernel using Debian Sarge source tree. Both machines gave me a hard crash after a few hours of running. Since both machines locked solid, logging is limited. One of the machines which was under a heavy load crashed within 1/2 hour of running. I compiled both kernels with the old 2.4.19 .config file. Does anyone know of any SMP problems with the 2.4.20 kernel ? Hi, same happened to us when we upgraded our xSeries 340 DP to 2.4.20. After replacing every conceivable part of the machine, we tried a 2.4.21rc6 which now seems to work fine on our test system. The production machines have been downgraded to 2.4.19 until all tests have been completed successfully. Hope this helps. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7nOS8ACgkQezyUhHKdNXQj5QCePWIBsWZqoSf/q76GTFxegaIv REcAoIW1MFvjrtJPZPtvDVb54Jd/2QDe =b70D -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: XEON SMP KERNEL 2.4.20 tree
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, June 11, 2003, at 03:21 PM, Theodore Knab wrote: I have 3 dual processor IBM Netfinity Servers with the XEON P3 (1Mb Cache). The machine type is IBM Type 8665-6RY. I recently updated from the 2.4.19 to the 2.4.20 kernel using Debian Sarge source tree. Both machines gave me a hard crash after a few hours of running. Since both machines locked solid, logging is limited. One of the machines which was under a heavy load crashed within 1/2 hour of running. I compiled both kernels with the old 2.4.19 .config file. Does anyone know of any SMP problems with the 2.4.20 kernel ? Hi, same happened to us when we upgraded our xSeries 340 DP to 2.4.20. After replacing every conceivable part of the machine, we tried a 2.4.21rc6 which now seems to work fine on our test system. The production machines have been downgraded to 2.4.19 until all tests have been completed successfully. Hope this helps. - - Cheers, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7nOS8ACgkQezyUhHKdNXQj5QCePWIBsWZqoSf/q76GTFxegaIv REcAoIW1MFvjrtJPZPtvDVb54Jd/2QDe =b70D -END PGP SIGNATURE-
Re: Routingtable vulnerability
Thomas, My brother tells me that there has been some discussion about this on the kernel list. RedHat's patch was applied to 2.4.21 (plus 2.5.69) but people are reporting that the patch breaks other things so it is not yet ready for prime time. At this point this remains only a theoretical flaw which someone noticed while hacking on the kernel. No one has shown an actual exploit. Until the kernel hackers can do their thing, there isn't much the Debian project can do. You may want to monitor the kernel list for more up-to-date information. Pete -- http://www.elbnet.com ELB Internet Service, Inc. Web Design, Computer Consulting, Internet Hosting Thomas Hebinck wrote: Hi, is there really nobody who knows anything about this vulnerability? We use Debian Woody as firewall ... Sincerely, Thomas -Original Message- From: www-data [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 21, 2003 11:50 AM To: debian-isp@lists.debian.org Subject: Routingtable vulnerability Due to the fact that I'm only subscribed to two Debian related Mailinglists (debian-isp and security-announce) I haven't heard of any discussions about the newly discoverd Kernel vulnerability (Routingtables, http://rhn.redhat.com/errata/RHSA-2003-172.html). Has this been discussed on Debian-Lists and are there any countermesasures recommended? Best Regards, Dominik Schulz - This mail sent through IMP: http://horde.org/imp/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Some advice setting up a server with for multiple virtual domainswith email
On Mon, 05 May 2003 00:10:04 +0200, in linux.debian.isp you wrote: qmail + vpopmail works excellent. did you see this: http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html I would recommend using courier-mta.org for all mail-related tasks. It´s fast and reliable and comes with native support for virtual users and mysql. You can get packages here: deb[-src] http://debian.cobolt.net/ woody main note: if you do not need mail-to-fax and don´t want to install the courier-faxmail package, you have to create an empty /etc/module.fax file. Have a nice thread, Peter
scponly, rssh
Hi, looking for a solution to allow users ONLY scp without a shell, I found http://www.pizzashack.org/rssh/ and http://www.sublimation.org/scponly/ I was wondering, if there are any debs somewhere, but could not find any. Are you using these tools? is there a better alternative fopr debian? Have a nice thread, Peter
Procmail weirdness
Hello *,
I'm having some procmail weirdness that I can't get my brain around.
I have a box running exim with two domains that sort to various system users.
Every user has a procmailrc file in their home directory like this:
LINEBUF=4096
MAILDIR=$HOME/Maildir/
:0 c
*
$HOME/MailBU/Inbound/
:0
$MAILDIR
This works perfectly for the primary domain but not the virtual domain. For
the broken domain, if I put this procmailrc file in a user's home directory
their mail gets delivered in mbox format to /var/spool/mail/{username}. If I
remove it it gets
delivered in maildir format to /home/{username}/Maildir/new as it should.
Any suggestions as to where to look for the problem?
Pete
--
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting
Re: Apache chroot
On Wed, 23 Apr 2003 00:10:10 +0200, in linux.debian.isp you wrote: resolved, all the pages looks to be forbiden. It's not a problem of permision, any idea? could we see some logs? maybe do you have document_root set outsite the jail? Have a nice thread, Peter
Re: What is a best choice for a mail program?
No question about that, courier is the best mail-server suite one can get. ALL features you will ever need. www.courier-mta.org new debs are now in unstable, I think, but for woody you can get courier here: deb http://debian.cobolt.net/ woody main Have a nice thread, Peter
RE: phpwebsite - php4 version issue
apt-get -t unstable install php4 php4-module_name Best regards, Peter Zyumbilev Web Developer Administrator BIVOL BULGARIA -Original Message- From: Gregory Wood [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 6:51 PM To: [EMAIL PROTECTED] Subject: phpwebsite - php4 version issue Greetings - Sometime back (about a week or so ago), there was a thread on enduser controlled web sites. It seemed the preference was phpwebsite. I've loaded phpwebsite and everything works except it wants php 4.2.2 and woody support 4.1.2. I've not 'played' in this area before. What is the easiest way to upgrade to 4.2.2 with the least impact on my Debian box? Thanks. Greg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: phpwebsite - php4 version issue
apt-get -t unstable install php4 php4-module_name Best regards, Peter Zyumbilev Web Developer Administrator BIVOL BULGARIA -Original Message- From: Gregory Wood [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 6:51 PM To: debian-isp@lists.debian.org Subject: phpwebsite - php4 version issue Greetings - Sometime back (about a week or so ago), there was a thread on enduser controlled web sites. It seemed the preference was phpwebsite. I've loaded phpwebsite and everything works except it wants php 4.2.2 and woody support 4.1.2. I've not 'played' in this area before. What is the easiest way to upgrade to 4.2.2 with the least impact on my Debian box? Thanks. Greg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mod_log_sql? also missing: mod_throttle
On Fri, 28 Mar 2003 02:40:10 +0100, in linux.debian.isp you wrote: Really? I tried apt-cache search thorttle and got nothing. right, you will not find it with apt-cache, maybe there is something wrong. But it´s already there: woody:/usr/lib/apache/1.3# dpkg -S mod_throttle.so apache-common: /usr/lib/apache/1.3/mod_throttle.so Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mod_log_sql? also missing: mod_throttle
On Fri, 28 Mar 2003 02:40:10 +0100, in linux.debian.isp you wrote: Really? I tried apt-cache search thorttle and got nothing. right, you will not find it with apt-cache, maybe there is something wrong. But it´s already there: woody:/usr/lib/apache/1.3# dpkg -S mod_throttle.so apache-common: /usr/lib/apache/1.3/mod_throttle.so Have a nice thread, Peter
Re: mod_log_sql: can NOT compile, Jesus, can anybody help me?
Hi, /usr/bin/ld: cannot find -lz you probably need the zlib1g-dev package OK that was right! Thank you very much! What a confusing name for a library. I thought of z in -lz as an ld option, and understanding of this is not possible without deeper studies... Have a nice day! Have a nice thread, Peter
Low Energy Input Servers?
Hi, could anybody recommend some any low energy servers. we would like to offer low energy hosting, as these day we learn, that saving energy could be a key to a peaceful future. Crusoe comes to mind and from DebianWeekly I got http://www.netwinder.net/3400/ Are there any more devices like this? Any websites dedicated to energy saving hardware? Thanks for your attention! Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Advice on remote kernel changes?
Hi, are there any tutorials / packages out there that address the situation of patching / upgrading / changing the installed kernel remotely? three main problems come to my mind that could bring a fatal situation of not being able to access the machine after a reboot: A kernel does not work with hardware for any reason and machine hangs B kernel / modules do not work with network device for any reason. C kernel does not start sshd for any reason How would one prevent this? is it possible to reboot old kernel automatically A if system boot does not finish properly B if modules for net-devices are missing / not working C if the new one does not start all services (esp. sshd) Are there any solutions to this out there? B + C could be resolved with some kind of script, I guess, but A seems to be impossible to be done remotely? How do i change back lilo.conf, if I have no ssh.login to the machine? I was looking for a boot kernel-new only once, next time boot old kernel, that could help, but I did not found this? Any ideas? Thank you very much for your attention! Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
mod_log_sql?
Hi, are there anywhere debs with mod_log_sql ??? Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mod_log_sql? also missing: mod_throttle
Hi, ... also missing: mod_throttle... don´t you isp-guys use these essential modules? not, that I wouldn´t be able to compile these myself, but it appears to me like fallback into my redhat-times... also I do not install gcc on servers what adds some overhead... Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
mod_log_sql: can NOT compile, Jesus, can anybody help me?
Hi, did i say, i can compile it myself? Well, that was a mistake... first time after months of using debian I come to a point where I don´t know, what to do because a leck of indepth-compiler-knowledge... I am trying to compile mod_log_slq, because I did not find any deb-package for this (what confused me really, as this is a very useful tool imho). I follow the install docs but I get /usr/bin/ld: cannot find -lz It would be sooo nice, if one enlightened guru could take a look at this, it would be really nice having mod_log_sql running with debian... http://www.grubbybaby.com/mod_log_sql/ I also mailed to the author, I hope he likes debian... Thank you very much for your attention and help would be really appreciated. Think it will take me some years until I get more familiar with gcc and ld... Have a nice thread, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Low Energy Input Servers?
Hi, could anybody recommend some any low energy servers. we would like to offer low energy hosting, as these day we learn, that saving energy could be a key to a peaceful future. Crusoe comes to mind and from DebianWeekly I got http://www.netwinder.net/3400/ Are there any more devices like this? Any websites dedicated to energy saving hardware? Thanks for your attention! Have a nice thread, Peter
Advice on remote kernel changes?
Hi, are there any tutorials / packages out there that address the situation of patching / upgrading / changing the installed kernel remotely? three main problems come to my mind that could bring a fatal situation of not being able to access the machine after a reboot: A kernel does not work with hardware for any reason and machine hangs B kernel / modules do not work with network device for any reason. C kernel does not start sshd for any reason How would one prevent this? is it possible to reboot old kernel automatically A if system boot does not finish properly B if modules for net-devices are missing / not working C if the new one does not start all services (esp. sshd) Are there any solutions to this out there? B + C could be resolved with some kind of script, I guess, but A seems to be impossible to be done remotely? How do i change back lilo.conf, if I have no ssh.login to the machine? I was looking for a boot kernel-new only once, next time boot old kernel, that could help, but I did not found this? Any ideas? Thank you very much for your attention! Have a nice thread, Peter
mod_log_sql?
Hi, are there anywhere debs with mod_log_sql ??? Have a nice thread, Peter
Re: mod_log_sql? also missing: mod_throttle
Hi, ... also missing: mod_throttle... don´t you isp-guys use these essential modules? not, that I wouldn´t be able to compile these myself, but it appears to me like fallback into my redhat-times... also I do not install gcc on servers what adds some overhead... Have a nice thread, Peter
mod_log_sql: can NOT compile, Jesus, can anybody help me?
Hi, did i say, i can compile it myself? Well, that was a mistake... first time after months of using debian I come to a point where I don´t know, what to do because a leck of indepth-compiler-knowledge... I am trying to compile mod_log_slq, because I did not find any deb-package for this (what confused me really, as this is a very useful tool imho). I follow the install docs but I get /usr/bin/ld: cannot find -lz It would be sooo nice, if one enlightened guru could take a look at this, it would be really nice having mod_log_sql running with debian... http://www.grubbybaby.com/mod_log_sql/ I also mailed to the author, I hope he likes debian... Thank you very much for your attention and help would be really appreciated. Think it will take me some years until I get more familiar with gcc and ld... Have a nice thread, Peter
Re: mod_log_sql? also missing: mod_throttle
... also missing: mod_throttle... don´t you isp-guys use these essential modules? ok, mod_throttle found, but major problems with mod_log_sql... please see my other mail. Have a nice thread, Peter
Re: NON-US can anyone reach aljazeera.net?
From New York area of US I can resolve www.aljazeera.net, but not english.aljazeera.net. My traceroute dies on a nice.francetelecom hop. Pete Martin Wheeler wrote: On Tue, 25 Mar 2003 [EMAIL PROTECTED] wrote: Can anyone reach aljazeera.net or english.aljazeera.net from outside of US? Or any nameservers for it? 2003-03-26 01:15 GMT OK -- looks like we in the UK are going to be allowed to read it in Arabic.
Php4 broken package ?
Hi! I have the following problem: During the install of dnsutils i saw php4 getting deinstalled, i have no idea why. Doing apt-get install php4 delivers following output: START # apt-get install php4 Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: Sorry, but the following packages have unmet dependencies: php4: Depends: libbz2-1.0 but it is not going to be installed Depends: libc6 (= 2.2.4-4) but it is not going to be installed Depends: libdb2 (= 2:2.7.7.0-7) but it is not going to be installed Depends: libexpat1 (= 1.95.2-6) but it is not going to be installed Depends: libmm11 but it is not going to be installed Depends: libpam0g (= 0.72-1) but it is not going to be installed Depends: libpcre3 but it is not going to be installed Depends: zlib1g (= 1:1.1.4) but it is not going to be installed Depends: apache-common (= 1.3.26) but it is not going to be installed Depends: fileutils (= 4.0-5) E: Sorry, broken packages END Should i file a bug report like the message says ? Peter De Schrijver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Php4 broken package ?
Hi! I have the following problem: During the install of dnsutils i saw php4 getting deinstalled, i have no idea why. Doing apt-get install php4 delivers following output: START # apt-get install php4 Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: Sorry, but the following packages have unmet dependencies: php4: Depends: libbz2-1.0 but it is not going to be installed Depends: libc6 (= 2.2.4-4) but it is not going to be installed Depends: libdb2 (= 2:2.7.7.0-7) but it is not going to be installed Depends: libexpat1 (= 1.95.2-6) but it is not going to be installed Depends: libmm11 but it is not going to be installed Depends: libpam0g (= 0.72-1) but it is not going to be installed Depends: libpcre3 but it is not going to be installed Depends: zlib1g (= 1:1.1.4) but it is not going to be installed Depends: apache-common (= 1.3.26) but it is not going to be installed Depends: fileutils (= 4.0-5) E: Sorry, broken packages END Should i file a bug report like the message says ? Peter De Schrijver
Re: Routing with Linux
On Wed, Mar 05, 2003 at 08:42:57PM +0100, Russell Coker wrote: On Wed, 5 Mar 2003 18:14, Gregory Wood wrote: You didn't mention volume. Also, public address and firewall seems to be a contridiction. If the volume is small, many of the $100 USD firewall boxes will work. There will be some work redirecting IP through the firewall. If the volume is higher or you just want a linux box then: www.linuxrouter.org -- linux router project. LRP is dead and has been for a long time. I think there is a project offshoot called LEAF http://leaf-project.org/ But I agree that installing a small Debian system is an easy way to go.
RE: PHP4 and mail()
hi, Use smtp sockets. Ther a lot free php mail classes which use smtp sockets. Bets regards, BIVOL -Original Message- From: Vince Hillier [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 11:42 PM To: [EMAIL PROTECTED] Subject: PHP4 and mail() Hi, There is a known problem with the current stable php4 package when using mail() with an external mail server (mail server is not on the same machine as the webserver). Nothing happens, no errors, no mail sent, nothing. I saw a bug posted to b.d.o, but something tells me this is going to take a long time to fix (couple bugs above it are outstanding in excess of 3 years). Is there any hope for fixing this besides a complete compile from source? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
