RE: [expert] Bastille killed nfs! :-(
-Original Message- From: Ronald J. Hall [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 12:33 PM To: [EMAIL PROTECTED] Subject: Re: [expert] Bastille killed nfs! :-( On Wednesday 14 August 2002 10:25 am, you wrote: LOL Sorry.. Been there, done that. I cut a server off at the knees doing things like that. The toughest lesson I had to learn when I first got into Unix many years ago: Screw the GUI, do it by hand. Then when something breaks, you know what it was, and how to fix it. vi/iptables is your friend. Don't trust your site security to a GUI, it's like trusting your 5 year old with a loaded 357. JMHO-YMMV -- Ric Tibbetts Unix Systems Admin. Hi Ric. Yep...I'm catching on. :-) -- An old saying: Computing experience is measured in the amount of data lost. So true... So true! In a shop I worked in a while back, they were really strict about the tools. Any new admin coming in had to prove themselves before they could use the canned tools. So you did everything by hand, until they (the Sr. Admins) were convinced that you actually knew what you were doing. Then you could use the tools. Actually, not a bad thing. At least you knew that the people you were working with could actually handle an extreme situation if one came up. For example: It's 2:00am, and the server is down. You get woke up by the pager (damn, why does it always go off when I'm on call?!?). You scurry into the data center to find the server a smoking hulk. (For this example, let's pretend it's a Linux server). You manage to get it running by booting it from a CD, but you can forget X. You're on an ASCII terminal. At this point, you're looking at a text screen, and the only thing mounted are temporary filesystems that the boot process created when you booted it from the CD. You need to find your drives, get them mounted, and make a working environment. All that before you can even try to figure out why it crashed in the first place. And that slick GUI is hours away... --- GUI's are nice. But they're no substitute for knowing what's happening under the covers. It can mean the difference between reloading a box over something minor, or being able to get through the trial by fire above, and save the box. Ric Tibbetts Unix Systems Administration The early bird may get the worm, But the second mouse gets the cheese. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille killed nfs! :-(
On Thursday 15 August 2002 07:35 am, you wrote: An old saying: Computing experience is measured in the amount of data lost. Thats a great example. I'm not a sysadmin or anything remotely approaching that (or does home sysadmin count? smile) but its interesting for me to hear the stories from everyone on this list. PS I'm a respiratory therapist by profession, Linux user by choice! :-) -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Bastille killed nfs! :-(
On Thursday 15 August 2002 07:35 am, you wrote: An old saying: Computing experience is measured in the amount of data lost. Thats a great example. I'm not a sysadmin or anything remotely approaching that (or does home sysadmin count? smile) but its interesting for me to hear the stories from everyone on this list. PS I'm a respiratory therapist by profession, Linux user by choice! :-) You're administrating the home box. That makes you an admin. ;^) Ric Tibbetts Unix Systems Administration The early bird may get the worm, But the second mouse gets the cheese Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Bastille killed nfs! :-(
On Thu, 15 Aug 2002, Tibbetts, Ric wrote: On Thursday 15 August 2002 07:35 am, you wrote: An old saying: Computing experience is measured in the amount of data lost. Thats a great example. I'm not a sysadmin or anything remotely approaching that (or does home sysadmin count? smile) but its interesting for me to hear the stories from everyone on this list. PS I'm a respiratory therapist by profession, Linux user by choice! :-) You're administrating the home box. That makes you an admin. ;^) for real! my users at home put me through far more strenuous activities sometimes then do the users at work. ;) -- daRmaTTeR Reg. Linux User #186492 Stupidity has no moral high ground...it can't see that high! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille killed nfs! :-(
On Thu, 15 Aug 2002, Ronald J. Hall wrote: On Thursday 15 August 2002 07:35 am, you wrote: An old saying: Computing experience is measured in the amount of data lost. Thats a great example. I'm not a sysadmin or anything remotely approaching that (or does home sysadmin count? smile) but its interesting for me to hear the stories from everyone on this list. PS I'm a respiratory therapist by profession, Linux user by choice! :-) I'd be really interested to know how successful he was in bringing that beast back to life after such an ordeal. -- daRmaTTeR Reg. Linux User #186492 Stupidity has no moral high ground...it can't see that high! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Bastille killed nfs! :-(
-Original Message- From: daRcmaTTeR [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 10:38 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Bastille killed nfs! :-( On Thu, 15 Aug 2002, Ronald J. Hall wrote: On Thursday 15 August 2002 07:35 am, you wrote: An old saying: Computing experience is measured in the amount of data lost. Thats a great example. I'm not a sysadmin or anything remotely approaching that (or does home sysadmin count? smile) but its interesting for me to hear the stories from everyone on this list. PS I'm a respiratory therapist by profession, Linux user by choice! :-) I'd be really interested to know how successful he was in bringing that beast back to life after such an ordeal. That was actually not such an extreme example. Just one that tends to intimidate new admins because the system as you know it, isn't there. You're working from a bunch of temporary mounts. It's actually not that big a deal to fix. Just a royal pain in the ass because it always seems to happen at 2:00am, when I'm the one on call.. LOL I just finished doing a similar one on an IBM. The box wouldn't finish booting. So I couldn't get to the console. We had to string a serial cable to it, and get an ascii terminal running. It turned out that the system had crashed, and true to AIX, it was trying to write a report out to tape to send off to IBM (they're so helpful!). But since there was no tape in the drive, it couldn't, so it hung. Trouble was, it wasn't booted far enough to reach the console, so the only way to cancel the hung job was via an ascii teminal. Once the job was killed, the box very happily finished booting, and all is well. grief. But without knowing how to set up a quick ascii term, and run without a GUI, I'd have lost the server over a trivial thing. It just pays to spend the time to learn to do things without the GUI. GUIs are nice. I agree. There are times that I still use them. But in *nix, there are times when it just isn't there. Personally, I'm not that fond of rebuilding systems. It's one thing with a desktop, it's another entirely to loose an enterprise server. ;) Anyway, I'll get off my soap box. Ric Tibbetts Unix Systems Administration The early bird may get the worm, But the second mouse gets the cheese. -- daRmaTTeR Reg. Linux User #186492 Stupidity has no moral high ground...it can't see that high! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Bastille killed nfs! :-(
LOL Sorry.. Been there, done that. I cut a server off at the knees doing things like that. The toughest lesson I had to learn when I first got into Unix many years ago: Screw the GUI, do it by hand. Then when something breaks, you know what it was, and how to fix it. vi/iptables is your friend. Don't trust your site security to a GUI, it's like trusting your 5 year old with a loaded 357. JMHO-YMMV -- Ric Tibbetts Unix Systems Admin. f u cn rd ths u cn gt a gd jb n nx dmnstrtn -Original Message- From: Ronald J. Hall [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 2:32 PM To: Mandrake Expert List Subject: [expert] Bastille killed nfs! :-( Well, I had nfs running perfectly, and then (sadly) I ran BastilleChooser. I picked lax and workstation. Now, I've no longer got nfs. I finally removed all Bastille RPMs thru the software manager, but I still have no nfs. Its installed, its checked under services. If I do a rpcinfo -p, I get this: [root@darkforce darklord]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 6001000691 udp797 fypxfrd 6001000691 tcp799 fypxfrd 3910022 tcp 32769 sgi_fam I can do a service nfs restart and directly run rpc.nfsd and then I get: [root@darkforce darklord]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 6001000691 udp797 fypxfrd 6001000691 tcp799 fypxfrd 3910022 tcp 32769 sgi_fam 151 udp 32770 mountd 151 tcp 32770 mountd 152 udp 32770 mountd 152 tcp 32770 mountd 153 udp 32770 mountd 153 tcp 32770 mountd 132 udp 2049 nfs 133 udp 2049 nfs 1000211 udp 32771 nlockmgr 1000213 udp 32771 nlockmgr 1000214 udp 32771 nlockmgr Now, nfs is up and running. Until I reboot. Then I have to go thru the same thing again. So my questions are: How to get nfs auto running at boot up again? How can a person use Bastille so that it doesn't kill nfs and your LAN? Thanks everyone... -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille killed nfs! :-(
On Wednesday 14 August 2002 10:25 am, you wrote: LOL Sorry.. Been there, done that. I cut a server off at the knees doing things like that. The toughest lesson I had to learn when I first got into Unix many years ago: Screw the GUI, do it by hand. Then when something breaks, you know what it was, and how to fix it. vi/iptables is your friend. Don't trust your site security to a GUI, it's like trusting your 5 year old with a loaded 357. JMHO-YMMV -- Ric Tibbetts Unix Systems Admin. Hi Ric. Yep...I'm catching on. :-) -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille killed nfs! :-(
Tibbetts, Ric wrote: LOL Sorry.. Been there, done that. I cut a server off at the knees doing things like that. The toughest lesson I had to learn when I first got into Unix many years ago: Screw the GUI, do it by hand. Then when something breaks, you know what it was, and how to fix it. vi/iptables is your friend. Don't trust your site security to a GUI, it's like trusting your 5 year old with a loaded 357. JMHO-YMMV -- Ric Tibbetts Unix Systems Admin. f u cn rd ths u cn gt a gd jb n nx dmnstrtn -Original Message- From: Ronald J. Hall [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 2:32 PM To: Mandrake Expert List Subject: [expert] Bastille killed nfs! :-( Well, I had nfs running perfectly, and then (sadly) I ran BastilleChooser. I picked lax and workstation. Now, I've no longer got nfs. I finally removed all Bastille RPMs thru the software manager, but I still have no nfs. Its installed, its checked under services. If I do a rpcinfo -p, I get this: [root@darkforce darklord]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 6001000691 udp797 fypxfrd 6001000691 tcp799 fypxfrd 3910022 tcp 32769 sgi_fam I can do a service nfs restart and directly run rpc.nfsd and then I get: [root@darkforce darklord]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 6001000691 udp797 fypxfrd 6001000691 tcp799 fypxfrd 3910022 tcp 32769 sgi_fam 151 udp 32770 mountd 151 tcp 32770 mountd 152 udp 32770 mountd 152 tcp 32770 mountd 153 udp 32770 mountd 153 tcp 32770 mountd 132 udp 2049 nfs 133 udp 2049 nfs 1000211 udp 32771 nlockmgr 1000213 udp 32771 nlockmgr 1000214 udp 32771 nlockmgr Now, nfs is up and running. Until I reboot. Then I have to go thru the same thing again. So my questions are: How to get nfs auto running at boot up again? How can a person use Bastille so that it doesn't kill nfs and your LAN? Thanks everyone... -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Well in /etc/Bastille/bastille-firewall.cfg examine these lines TCP_LOCAL_SERVICES= You need to put in the ports you want to use locally there, separated by blanks with a colon between low and high for a range Also there is a trusted interface line for LOCAL which will be just lo or loopback change it to include the interface for the local net for portmap/nfs you need 109:111 but I usually trust the whole local net unless it is a workplace environment and use 15:65535 Bastille-Chooser of course makes very very conservative choices. But these guys are right--there is no substitute for knowledge when firewalling. And if you hand edit with one thing at a time (and no need to use vi--there are other editors, use what you are comfortable with but run it out of a su terminal) then the backup file left by the text editor is a traceback to what you had before you made a mistake--so each mistake becomes a learning experience. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Bastille killed nfs! :-(
Well, I had nfs running perfectly, and then (sadly) I ran BastilleChooser. I picked lax and workstation. Now, I've no longer got nfs. I finally removed all Bastille RPMs thru the software manager, but I still have no nfs. Its installed, its checked under services. If I do a rpcinfo -p, I get this: [root@darkforce darklord]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 6001000691 udp797 fypxfrd 6001000691 tcp799 fypxfrd 3910022 tcp 32769 sgi_fam I can do a service nfs restart and directly run rpc.nfsd and then I get: [root@darkforce darklord]# rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 32768 status 1000241 tcp 32768 status 6001000691 udp797 fypxfrd 6001000691 tcp799 fypxfrd 3910022 tcp 32769 sgi_fam 151 udp 32770 mountd 151 tcp 32770 mountd 152 udp 32770 mountd 152 tcp 32770 mountd 153 udp 32770 mountd 153 tcp 32770 mountd 132 udp 2049 nfs 133 udp 2049 nfs 1000211 udp 32771 nlockmgr 1000213 udp 32771 nlockmgr 1000214 udp 32771 nlockmgr Now, nfs is up and running. Until I reboot. Then I have to go thru the same thing again. So my questions are: How to get nfs auto running at boot up again? How can a person use Bastille so that it doesn't kill nfs and your LAN? Thanks everyone... -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille killed nfs! :-(
On Tuesday 13 August 2002 03:04 pm, you wrote: Ron, you've really gotta get away from BastilleChooser. cut the apron strings and let it go. If you absolutely must use something other then VI in a console to setup your filewall then use InteractiveBastille and use Only the firewall setup part of it. laughing yeah, I can see your point. BTW, when you say vi/firewall you do mean iptables, right? I was looking at Interactive Bastille in the Mandrake 8.2 manual, and well, I figured I wasn't ready for it. Guess I'll give it a shot. Thanks for the input! :-) -- /\ DarkLord \/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille killed nfs! :-(
On Tue, 13 Aug 2002, Ronald J. Hall wrote: Well, I had nfs running perfectly, and then (sadly) I ran BastilleChooser. I picked lax and workstation. Now, I've no longer got nfs. I finally removed all Bastille RPMs thru the software manager, but I still have no nfs. Its installed, its checked under services. If I do a rpcinfo -p, I get this: Ron, you've really gotta get away from BastilleChooser. cut the apron strings and let it go. If you absolutely must use something other then VI in a console to setup your filewall then use InteractiveBastille and use Only the firewall setup part of it. -- daRmaTTeR Reg. Linux User #186492 Stupidity has no moral high ground...it can't see that high! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com