Re: How do you speed up rsync?

2014-07-11 Thread Steven Miano 
you can turn it down:

-e "ssh -T -c arcfour -o Compression=no -x"

Use -e to specify the remote shell to be ssh, and use -c arcfour to ensure
the compression type is arcfour if you wan to strip it down further.

It will still be encrypted/secure - but just weakly (think WEP).




On Fri, Jul 11, 2014 at 4:26 PM, ToddAndMargo  wrote:

>
>>  I'd imagine your local disk is unencrypted while you are reading/writing
>>> to it
>>>
>>>
>>> On Fri, Jul 11, 2014 at 4:09 PM, ToddAndMargo >> <mailto:toddandma...@zoho.com>> wrote:
>>>
>>> On Fri, Jul 11, 2014 at 3:58 PM, ToddAndMargo
>>> mailto:toddandma...@zoho.com>
>>> <mailto:toddandma...@zoho.com
>>>
>>> <mailto:toddandma...@zoho.com>>__> wrote:
>>>
>>>  Hi All,
>>>
>>>  I have a bash script for synchronizing a flashing drive
>>> (target)
>>>  with my hard drive (source) I take to customer sites
>>> (with a read
>>>  only switch so I don't spread viruses).
>>>
>>>  I currently "rsync" 11 different directories.  Each
>>> sync line
>>>  looks like this:
>>>
>>>  rsync -rv --delete $MyCDsSource/Linux $MyCDsTarget/.;
>>> sync; sync
>>>
>>>  Problem: it is slow -- takes three hours.  To help the
>>>  speed issue, I upgraded from USB 2 to USB 3.  Backup
>>> went
>>>  from 3 hr-15 min to 3 hr-5 min.  It is almost faster
>>>  to wipe the stick and rewrite it.
>>>
>>>  Anyone  know of a way to speed up rsync?
>>>
>>>  Many thanks,
>>>  -T
>>>
>>>
>>>
>>>
>>> On 07/11/2014 01:01 PM, Steven Miano wrote:> The likely culprit is
>>> encryption.
>>>
>>>
>>> If this is all on a local network segment and you can forgo the
>>> security
>>> aspect:
>>>
>>> -e "ssh -T -c arcfour -o Compression=no -x"
>>>
>>> ~Steven
>>>
>>>
>>>
>>> Hi Steven,
>>>
>>> The USB 3 flash drives and plugged directly into my
>>> USB 3 Front panel hub.
>>>
>>> My local hard drive is LUKS encrypted.  Is that an issue?
>>> Doesn't seem to slow anything else down.
>>>
>>> Many thanks,
>>> -T
>>>
>>>
>>>
>>>
>>> --
>>> <http://stevenmiano.com/> Miano, Steven M.
>>> http://stevenmiano.com
>>>
>>
>
>
> On 07/11/2014 01:11 PM, Steven Miano wrote:
> > rsync be default is using an encryption method most likely more taxing
> > than arcfour.
> >
>
> Just dug through "man rsync".  Not finding a way to turn it off.
>
>
>
> --
> ~~
> Computers are like air conditioners.
> They malfunction when you open windows
> ~~
>



-- 
<http://stevenmiano.com/> Miano, Steven M.
http://stevenmiano.com

Re: How do you speed up rsync?

2014-07-11 Thread Steven Miano 
rsync be default is using an encryption method most likely more taxing than
arcfour.

I'd imagine your local disk is unencrypted while you are reading/writing to
it


On Fri, Jul 11, 2014 at 4:09 PM, ToddAndMargo  wrote:

>  On Fri, Jul 11, 2014 at 3:58 PM, ToddAndMargo >> <mailto:toddandma...@zoho.com>> wrote:
>>>
>>> Hi All,
>>>
>>> I have a bash script for synchronizing a flashing drive (target)
>>> with my hard drive (source) I take to customer sites (with a read
>>> only switch so I don't spread viruses).
>>>
>>> I currently "rsync" 11 different directories.  Each sync line
>>> looks like this:
>>>
>>> rsync -rv --delete $MyCDsSource/Linux $MyCDsTarget/.; sync; sync
>>>
>>> Problem: it is slow -- takes three hours.  To help the
>>> speed issue, I upgraded from USB 2 to USB 3.  Backup went
>>> from 3 hr-15 min to 3 hr-5 min.  It is almost faster
>>> to wipe the stick and rewrite it.
>>>
>>> Anyone  know of a way to speed up rsync?
>>>
>>> Many thanks,
>>> -T
>>>
>>>
>
>
> On 07/11/2014 01:01 PM, Steven Miano wrote:> The likely culprit is
> encryption.
>
>
>> If this is all on a local network segment and you can forgo the security
>> aspect:
>>
>> -e "ssh -T -c arcfour -o Compression=no -x"
>>
>> ~Steven
>>
>
>
> Hi Steven,
>
> The USB 3 flash drives and plugged directly into my
> USB 3 Front panel hub.
>
> My local hard drive is LUKS encrypted.  Is that an issue?
> Doesn't seem to slow anything else down.
>
> Many thanks,
> -T
>



-- 
<http://stevenmiano.com/> Miano, Steven M.
http://stevenmiano.com

Re: How do you speed up rsync?

2014-07-11 Thread Steven Miano 
The likely culprit is encryption.

If this is all on a local network segment and you can forgo the security
aspect:

-e "ssh -T -c arcfour -o Compression=no -x"

~Steven


On Fri, Jul 11, 2014 at 3:58 PM, ToddAndMargo  wrote:

> Hi All,
>
> I have a bash script for synchronizing a flashing drive (target)
> with my hard drive (source) I take to customer sites (with a read
> only switch so I don't spread viruses).
>
> I currently "rsync" 11 different directories.  Each sync line
> looks like this:
>
> rsync -rv --delete $MyCDsSource/Linux $MyCDsTarget/.; sync; sync
>
> Problem: it is slow -- takes three hours.  To help the
> speed issue, I upgraded from USB 2 to USB 3.  Backup went
> from 3 hr-15 min to 3 hr-5 min.  It is almost faster
> to wipe the stick and rewrite it.
>
> Anyone  know of a way to speed up rsync?
>
> Many thanks,
> -T
>



-- 
 Miano, Steven M.
http://stevenmiano.com

Re: Reading luks flash drives from Windows

2014-05-06 Thread Steven Miano 
You may want to start researching truecrypt in place of LUKS (Linux Unified
Key Setup).

As it spans the Operating Systems much better and seems like a better tool
for your situation/use case.


On Tue, May 6, 2014 at 3:56 PM, ToddAndMargo  wrote:

> On 05/06/2014 12:38 PM, Serguei Mokhov wrote:
>
>> On Tue, May 6, 2014 at 3:07 PM, ToddAndMargo 
>> wrote:
>>
>>> Hi All,
>>>
>>> I do love my LUKS sticks.
>>>
>>> Any of you guys have a favorite way of reading
>>> Linux LUKS encrypted flash drives over on the
>>> Windows side?
>>>
>>
>> 1. Install VirtualBox on Windows
>> 2. Install your favorite Linux distro with VB extensions in VB VM
>> 3. Mount your stick in the Linux VM and use luks from there
>>
>> If needed to share the files between the Linux guest and Windows host
>> off the luks partition, use the VB extensions to mount a Linux
>> directory as shared directory in Windows.
>>
>>
> Hi Serguei,
>
> I am a Linux office.  I have 12 VM's at last count.
> I use Red Hat's KVM (kernel virtual machine).
> With KVM, I can bugzilla the developers and get
> bugs fixed.  With Oracle, they ignore you until
> your customer fires you, which have happened to me.
> Then they ignore you some more.  Then four or more
> years later, they ask you if you are still having
> the problem.
>
> My entire hard drive and all my backup drives are
> encrypted, so my customer's and my sensitive data
> is properly protected.
>
> I use these LUKS flash drives at customer sites,
> which in 95% Windows.  I am stuck with the
> unsigned drivers hassles with Free OTFE, which
> drives me a bit nutty.
>
> So, I really do need a Windows native solution.
>
> I was hoping that if any of your guys carry
> around LUKS flash drive, that you had come
> up with a good method of sharing with Windows.
>
>
> -T
>
> --
> ~~
> Computers are like air conditioners.
> They malfunction when you open windows
> ~~
>



-- 
 Miano, Steven M.
http://stevenmiano.com

Re: [SCIENTIFIC-LINUX-USERS] OpenSSL Vulnerability

2014-04-08 Thread Steven Miano 
The advise so far is to not only patch up, and restart services/hosts; but
to also revoke the certs and create new ones.

As the vulnerability left no trace of its happenings in any logs - and
someone who was actively exploiting it could still use the private key or
other ill begot materials.

Just a heads up.

RHEL/SL/Ubuntu/etc really aren't the big cause for concern (in many cases),
but more so the appliances that many enterprises use/buy/deploy..


On Tue, Apr 8, 2014 at 10:47 AM, Adam Bishop  wrote:

> On 8 Apr 2014, at 15:10, Pat Riehecky  wrote:
> >
> > The updated package should be available now.
>
> Brilliant, thanks for update.
>
> Regards,
>
> Adam Bishop
>
>   gpg: 0x6609D460
>
> Janet, the UK's research and education network.
>
>
>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
> not-for-profit company which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>



-- 
 Miano, Steven M.
http://stevenmiano.com

Re: fc20 changed system logging

2014-01-31 Thread Steven Miano 
I'm currently on Fedora 20 (Heisenbug), and still have a /var/log/messages.

I would add that the old messages are still there - and journalctl simply
brings another method of finding the information you're looking for.

journalctl -b is equivalent to dmesg.

~Steven


On Fri, Jan 31, 2014 at 2:10 AM, Andrew Z  wrote:

> And how is this better?
>  On Jan 31, 2014 1:26 AM, "ToddAndMargo"  wrote:
>
>> Hi All,
>>
>> Reference: http://docs.fedoraproject.org/en-US/Fedora/20/html/Release_
>> Notes/sect-Release_Notes-Changes_for_Sysadmin.html
>>
>> I just noticed FC20 changed system logging.  That is going to
>> take some getting use to.  RHEL 7 perhaps?
>>
>> -T
>>
>>
>> 2.8.1. Syslog removed from default installation
>> syslog is no longer included in default installations. journald
>> logging serves most use cases as well as, or better than, syslogd.
>>
>> Users accustomed to checking /var/log/messages for system logs should
>> instead use journalctl.
>>
>> journalctl command examples:
>>
>> newjournalctl   |  old messages
>> +-
>> journalctl  |  less /var/log/messages
>> journalctl -f   |  tail -f /var/log/messages
>> journalctl --unit named.service |  grep named /var/log/messages
>> journalctl -b   |  Shows logs from current boot,
>> |  no simple equivalent.
>>
>>
>> --
>> ~~
>> Computers are like air conditioners.
>> They malfunction when you open windows
>> ~~
>>
>


-- 
 Miano, Steven M.
http://stevenmiano.com

Re: Anyone know of a best ISO VM for security testing?

2013-09-11 Thread Steven Miano 
I believe most of the backtrack development has moved here:

http://www.kali.org/


On Wed, Sep 11, 2013 at 2:37 PM, Todd And Margo Chester <
toddandma...@gmail.com> wrote:

> On 09/11/2013 10:44 AM, Taylor Woods wrote:
>
>> I have tried SBEr1 it wasnt a walk in the park, it made me second think
>> abiut doing it.
>>
>
> Hi Taylor,
>
> Thank you,
>
> Do you have a reference to this?  Google gives me a bunch
> of unrelated clutter.
>
> -T
>
>
>  Taylor
>> Sent from the Samsung Galaxy S4 of Taylor Woods
>>
>> On Sep 11, 2013 1:03 PM, "Todd And Margo Chester"
>> mailto:toddandma...@gmail.com**>> wrote:
>>
>> Hi All,
>>
>> I am getting tooled up to do some Penitration Testing
>> for PCI compliance (Ethical Hacking).
>>
>> Refernce:
>> https://www.__pcisecuritystand**ards.org/pdfs/__infosupp_11_3_**
>> penetration___testing.pdf
>>
>> > infosupp_11_3_penetration_**testing.pdf
>> >
>>
>> There is a VM Ware virtual machine out there that is
>> a deliberte security nightmare to practice with.
>> Problem: I use KVM and Spice, not VM Ware.  And I
>> run Live CD through KVM.
>>
>> Anyone know of a similar Live CD or KVM machine that is
>> deliberately a security nightmare to practice with?
>>
>> Many thanks,
>> -T
>>
>>
>> --
>> ~~**__
>>
>> Computers are like air conditioners.
>> They malfunction when you open windows
>> ~~**__
>>
>>


-- 
 Miano, Steven M.
http://stevenmiano.com

Re: kerberos/kinit problem?

2013-01-23 Thread Steven Miano 
Hopefully not noise, but have you checked selinux?

On Wed, Jan 23, 2013 at 8:56 AM, Nathan Moore  wrote:

>
>
> -- Forwarded message --
> From: Nathan Moore 
> Date: Wed, Jan 23, 2013 at 7:55 AM
> Subject: Re: kerberos/kinit problem?
> To: Steven C Timm 
>
>
> Any other possibilities?  I tried turning off the system-config-security
> firewall on the machine and the problem persists.  Are there specific ports
> I should check?
>
>
> On Tue, Jan 22, 2013 at 9:41 PM, Steven C Timm  wrote:
>
>>  Check that the right ports are open in the firewall.  (iptables) Could
>> be a firewall issue.
>>
>> ** **
>>
>> Steve
>>
>> ** **
>>
>> ** **
>>
>> *From:* owner-scientific-linux-us...@listserv.fnal.gov [mailto:
>> owner-scientific-linux-us...@listserv.fnal.gov] *On Behalf Of *Nathan
>> Moore
>> *Sent:* Tuesday, January 22, 2013 9:01 PM
>> *To:* scientific-linux-users
>> *Subject:* kerberos/kinit problem?
>>
>> ** **
>>
>> Hi,
>>
>> ** **
>>
>> I'm configuring a cluster of SL5 boxes to run kinit, so that
>> a colleague can connect to Fermilab from our university.  At present, I've
>> followed the directions here,
>> https://fermilinux.fnal.gov/documentation/security/kerberos-newer-linux/,
>> along with modifying the /etc/ssh/ssh_config file as directed.
>>
>> ** **
>>
>> When she or I run kinit, the program hangs indefinitely.  Is there a
>> well-understood way to find the source of this error?
>> 
>>
>> ** **
>>
>> best regards,
>>
>> ** **
>>
>> Nathan
>>
>> ** **
>>
>> --
>> - - - - - - -   - - - - - - -   - - - - - - -
>> Nathan Moore
>> Winona, MN
>>
>> - - - - - - -   - - - - - - -   - - - - - - -
>>
>> - - - - - - -   - - - - - - -   - - - - - - -
>>
>
>
>
> --
> - - - - - - -   - - - - - - -   - - - - - - -
> Nathan Moore
> Winona, MN
> - - - - - - -   - - - - - - -   - - - - - - -
> - - - - - - -   - - - - - - -   - - - - - - -
>
>
>
> --
> - - - - - - -   - - - - - - -   - - - - - - -
> Nathan Moore
> Winona, MN
> - - - - - - -   - - - - - - -   - - - - - - -
> - - - - - - -   - - - - - - -   - - - - - - -
>

Re: Bridged Networking & KVM

2012-12-24 Thread Steven Miano 
1) There isn't a paid support channel so far as I know of, so some people
tend to look down on it. RHEL/RHEV, and Red Hat Storage Server while
costing more, might make people feel more comfortable in the fact that they
are going to have a number to call on if things are out of skew (or if you
leave the business, and others need to support/maintain the project).

2) What I believe to be the normal route, and how I have configured our
networking with KVM: you have N interfaces (usually N=8 for us), and you
bond together N-1 (7 bonded together, and then connected to br0), then
bridge that bond of interfaces. The last one you leave alone for
management/physical host access.

The red hat documentation online is a huge help in setting all of that up:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html

and

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s2-networkscripts-interfaces-chan.html

Hope that helps!


On Mon, Dec 24, 2012 at 4:24 AM, Jamie Duncan wrote:

> https://access.redhat.com/knowledge/solutions/18734
>  On Dec 23, 2012 10:01 PM, "CS DBA"  wrote:
>
>> Hi All;
>>
>> 2 questions:
>>
>> 1) I'm considering using KVM for Virtual Machines in a production
>> environment.
>>Good plan?  Any drawbacks? better choices?
>>
>>
>> 2) I've found many guides on the web for setting up the bridged networks
>> but most seem incomplete or they do not work
>> can someone help me understand end 2 end what I should do to create a
>> new bridge interface and make it available for KVM's?
>>
>>
>> Thanks in advance
>>
>

Re: howto integrate google drive

2012-12-06 Thread Steven Miano 
There are a couple of open sourced gDrive alternatives out right now
(neither by Google yet unfortunately):

https://code.google.com/p/gdrive-linux/

http://tomdignan.com/projects/gdrive-cli/

Google has really let a lot of folks down with the lack of an rpm/dpkg yet
for Drive. So many other products do have support/packages. Hopefully
someday soon the announcement comes out and we can have something from them.

Take care,

Steve


On Thu, Dec 6, 2012 at 2:05 AM, Andrew Z  wrote:

> Short answer - switch to drop box.
> I gave up on gdrive.
> On Dec 6, 2012 1:52 AM, "Ibrahim Yurtseven"  wrote:
>
>> Hi all,
>>
>> I'm using the google drive service to share documents etc.
>> google provides a tool for windows and mobiles as well to integrate the
>> google drive as a virtual drive that you can handle with your file manager.
>> But google doesn't offer any solution for linux outside the android mobile
>> os.
>> can I integrate a remote access to my google drive in my el6 gnome
>> system, to handle files in nautilus as a normal remote access folder like
>> ssh and ftp and webdav etc. pp.?
>>
>> --
>> Ibrahim "Arastirmacilar" Yurtseven
>>
>


-- 
 Miano, Steven M.
http://stevenmiano.com

Re: Distribution and Web server were down earlier today

2012-10-22 Thread Steven Miano 
Thanks for the update Connie! We were wondering what was going on during a
few installs that weren't going through for us (yum couldn't reach the
mirrors at all).

Is there a future plan to become more geo-redundant at all?

On Mon, Oct 22, 2012 at 4:15 PM, Connie Sieh  wrote:

> Earlier today starting at 7:30 am CDT we had a scheduled power outage.
>
> The computer center room hosting the following Scientific Linux systems
> went down and is in the process of service restoration.
>
>   www.scientificlinux.org
>   ftp.scientificlinux.org
>   ftp1.scientificlinux.org
>   rsync.scientificlinux.org
>   listserv that serves the Scientific Linux mailing lists
>
> The whole building is on UPS/Generator.  There was a "fire sensor" which
> tripped the "Emergency Power OFF" of the computer room that houses these
> systems.  The computer room is slowing getting back online.  Since the
> listserv system is in this computer room I have not been able to send out a
> notice of this outage until now.
>
> -Connie Sieh
>



-- 
 Miano, Steven M.
http://stevenmiano.com

Re: Iptable rule required to block youtube

2012-10-04 Thread Steven Miano 
Disregard this. You can not stop youtube at Layer 3. Or you will lose
Google pretty much.

Sorry.

On Thu, Oct 4, 2012 at 1:12 PM, Steven Miano  wrote:

> I'm confused as to why it would block the Google DNS servers (which I
> believe are 8.8.8.8 and 8.8.4.4 unless they have more? resolve to):
>
> 8.8.8.8.in-addr.arpa.   43194   IN  PTR
> google-public-dns-a.google.com.
>
> My results to both of our suggestions seem to be identical. Very
> interesting that we get completely different results though. :-)
>
> [mianosm@dev ~]$ host youtube.com | awk '/has address/ {print $NF}'
> 173.194.37.100
> 173.194.37.105
> 173.194.37.96
> 173.194.37.104
> 173.194.37.102
> 173.194.37.101
> 173.194.37.99
> 173.194.37.110
> 173.194.37.98
> 173.194.37.103
> 173.194.37.97
> [mianosm@dev ~]$ dig youtube.com | egrep youtube.com | awk '{ print $5 }'
> | grep -v '<<' | grep .
> 173.194.37.100
> 173.194.37.105
> 173.194.37.96
> 173.194.37.104
> 173.194.37.102
> 173.194.37.101
> 173.194.37.99
> 173.194.37.110
> 173.194.37.98
> 173.194.37.103
> 173.194.37.97
>
>
> On Thu, Oct 4, 2012 at 11:27 AM, Chris Schanzle  wrote:
>
>> On 10/04/2012 09:58 AM, Steven Miano wrote:
>>
>>>   dig youtube.com <http://youtube.com> | egrep youtube.com <
>>> http://youtube.com> | awk '{ print $5 }' | grep . | grep -v '<<' >
>>> yt.dig
>>>
>>
>> You'd block google's DNS servers with that, which might not be a problem
>> on the client, but may I suggest a "new and improved" method:
>>
>> host youtube.com | awk '/has address/ {print $NF}'
>> 74.125.228.5
>> 74.125.228.3
>> 74.125.228.1
>> 74.125.228.14
>> 74.125.228.0
>> 74.125.228.8
>> 74.125.228.2
>> 74.125.228.6
>> 74.125.228.4
>> 74.125.228.9
>> 74.125.228.7
>>
>>
>> Remove the awk filter and you'll also see the IPv6:
>>
>> youtube.com has IPv6 address 2607:f8b0:400d:c00::5d
>>
>
>
>
> --
> <http://stevenmiano.com/> Miano, Steven M.
> http://stevenmiano.com
>
>


-- 
<http://stevenmiano.com/> Miano, Steven M.
http://stevenmiano.com

Re: Iptable rule required to block youtube

2012-10-04 Thread Steven Miano 
I'm confused as to why it would block the Google DNS servers (which I
believe are 8.8.8.8 and 8.8.4.4 unless they have more? resolve to):

8.8.8.8.in-addr.arpa.   43194   IN  PTR
google-public-dns-a.google.com.

My results to both of our suggestions seem to be identical. Very
interesting that we get completely different results though. :-)

[mianosm@dev ~]$ host youtube.com | awk '/has address/ {print $NF}'
173.194.37.100
173.194.37.105
173.194.37.96
173.194.37.104
173.194.37.102
173.194.37.101
173.194.37.99
173.194.37.110
173.194.37.98
173.194.37.103
173.194.37.97
[mianosm@dev ~]$ dig youtube.com | egrep youtube.com | awk '{ print $5 }' |
grep -v '<<' | grep .
173.194.37.100
173.194.37.105
173.194.37.96
173.194.37.104
173.194.37.102
173.194.37.101
173.194.37.99
173.194.37.110
173.194.37.98
173.194.37.103
173.194.37.97


On Thu, Oct 4, 2012 at 11:27 AM, Chris Schanzle  wrote:

> On 10/04/2012 09:58 AM, Steven Miano wrote:
>
>>   dig youtube.com <http://youtube.com> | egrep youtube.com <
>> http://youtube.com> | awk '{ print $5 }' | grep . | grep -v '<<' > yt.dig
>>
>
> You'd block google's DNS servers with that, which might not be a problem
> on the client, but may I suggest a "new and improved" method:
>
> host youtube.com | awk '/has address/ {print $NF}'
> 74.125.228.5
> 74.125.228.3
> 74.125.228.1
> 74.125.228.14
> 74.125.228.0
> 74.125.228.8
> 74.125.228.2
> 74.125.228.6
> 74.125.228.4
> 74.125.228.9
> 74.125.228.7
>
>
> Remove the awk filter and you'll also see the IPv6:
>
> youtube.com has IPv6 address 2607:f8b0:400d:c00::5d
>



-- 
<http://stevenmiano.com/> Miano, Steven M.
http://stevenmiano.com

Re: Iptable rule required to block youtube

2012-10-04 Thread Steven Miano 
To start a little bash-fu:

 dig youtube.com | egrep youtube.com | awk '{ print $5 }' | grep . | grep
-v '<<' > yt.dig

>From here it isn't hard to append your blocking rules.

If you need more help I'm sure myself or others on the list can further
script this and you can choose how often you'd want to rewrite your
iptables rules kept here:

/etc/sysconfig/iptables

Best of luck!

On Thu, Oct 4, 2012 at 9:40 AM, Novick, Jeffrey L CTR (US) <
jeffrey.l.novick@mail.mil> wrote:

> Content filtering would be the way to go.
> For an interim solution, if you control your DNS servers, block it at the
> DNS level.
>
> From: owner-scientific-linux-us...@listserv.fnal.gov [mailto:
> owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Trenton Ray
> Sent: Thursday, October 04, 2012 4:29 AM
> To: vivekat...@gmail.com
> Cc: scientific-linux-us...@fnal.gov
> Subject: Re: Iptable rule required to block youtube
>
> Have you looked into setting up a Squid proxy/filter? Much less of a
> headache than doing it at the iptables level.
>
> On 10/04/2012 08:26 AM, Michael Tiernan wrote:
> On 10/4/12 3:27 AM, vivek chalotra wrote:
> And now i want to block youtube on my network.
>
> It can be done with iptables however it's not for the faint of heart. I
> did some reading about it on a dd-wrt website and it wasn't something I
> found as an easy solution to a single problem such as this.
>
> However, blocking by name string leaves open the ipaddress approach so you
> have to do both things and this isn't something easily maintained.
>
> May I respectfully suggest that the problem isn't at the iptables level
> but at the user level?
> A simple "You do it, you're cut off." rule is more effective and would
> move the responsibility from you and the system software to those managing
> the users.
>
> --
>   << MCT >>   Michael C Tiernan xmpp:mtier...@mit.edu +1 (617) 324-9173
>   MIT - Laboratory for Nuclear Science - http://www.lns.mit.edu
>   High Perf Research Computing Facility at The Bates Linear Accelerator
> Please avoid sending me MS-Word or MS-PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
>



-- 
 Miano, Steven M.
http://stevenmiano.com