[SLUG] Multiple server roles on one box
Hi all, just a question... I'm looking at the possibility of consolidating some servers for a client. If an internal box with DNS and squid were combined, would this be a security risk... as in risky way above normal? How about a DNS, squid and web server with multiple name based virtual domains on the same box? Is doing the above really dangerous on a fully patched and up to date system? Any advice please? Thanks Ben -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Multiple server roles on one box
Sorry should also have said that they are seen by the outside world. On 27/07/2010 4:04 PM, Ben Donohue wrote: Hi all, just a question... I'm looking at the possibility of consolidating some servers for a client. If an internal box with DNS and squid were combined, would this be a security risk... as in risky way above normal? How about a DNS, squid and web server with multiple name based virtual domains on the same box? Is doing the above really dangerous on a fully patched and up to date system? Any advice please? Thanks Ben -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reply-to address on SLUG posts
Michael Chesterton wrote: I hear you. I think it's possible, though, to filter direct mails into the list folder. Obviously not with the List-Id, but some other method (like your +slug address, for one example). Well my +slug address is used for a couple of slug related lists which I like to keep separate. I could check to see if the list address was in the To or CC fields, but that would triple the size of the procmail filter (which already has 150 entries) and will become a maintenance issue (ie three procmail entries per mailing list). The thing that appals me most, is that if reply-to munging was used this wouldn't be a constant problem. You set the reply-to and still got a direct mail. Yes, but if reply-to munging was in place, noone would be tempted to reply-to-all because the default behaviour would be correct. Instead, there would be the ocassional problem of a mail sent to the list when it was meant as a private response. Yes, i have read the repy-to-munging-is-evil thing but I choose to disagree. And if Mail-Followup-To was used by everyone... And if ponies farted rainbows . I won't hold my breath :-) Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] OSDC 2010 Call for Presentations!
In 2010, the Open Source Developers' Conference (OSDC) is back in Melbourne! Running Wednesday 24th - Friday 26th November 2010, OSDC is a great way to meet your peers, share your knowledge, and improve your skills. Be part of our 7th year of this fantastic conference, run by open source developers for open source developers. Submit a proposal on open source languages, technologies, tools and projects. http://2010.osdc.com.au/call-for-proposals Key dates: Call for Proposals Closes 23 August 2010 Proposal Acceptance 6 September 2010 OSDC 2010 Conference24th to 26th November 2010 Please feel free to pass this on to any other people or groups you think might be interested in submitting a paper! Hope to see you there! OSDC 2010 committee -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Multiple server roles on one box
On 27 July 2010 16:05, Ben Donohue donoh...@icafe.com.au wrote: Sorry should also have said that they are seen by the outside world. On 27/07/2010 4:04 PM, Ben Donohue wrote: Hi all, just a question... I'm looking at the possibility of consolidating some servers for a client. If an internal box with DNS and squid were combined, would this be a security risk... as in risky way above normal? How about a DNS, squid and web server with multiple name based virtual domains on the same box? Is doing the above really dangerous on a fully patched and up to date system? Any advice please? You can use xen or kvm if you want too. So long as you don't run anything insecure in the dom-0 that should be ok. To also consider the network 'security' as well. You probably want to use varnish[1] over squid - it is a lot nicer :) [1] http://varnish-cache.org/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Simple web authoring tools?
Amaya http://www.w3.org/Amaya/ or Mozilla's Sea Monkeyhttp://www.seamonkey-project.org/composer may be of use... On Debian Sea Monkey available as *iceape*. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Multiple server roles on one box
On Tue, Jul 27, 2010 at 04:04:05PM +1000, Ben Donohue wrote: I'm looking at the possibility of consolidating some servers for a client. If an internal box with DNS and squid were combined, would this be a security risk... as in risky way above normal? Try OpenVZ and run your applications in separate containers. How about a DNS, squid and web server with multiple name based virtual domains on the same box? I certainly wouldn't put virtual web servers on the same logical box as DNS and Squid. Is doing the above really dangerous on a fully patched and up to date system? What's the worst that can happen? Nick. -- PGP Key ID = 0x418487E7 http://www.nick-andrew.net/ PGP Key fingerprint = B3ED 6894 8E49 1770 C24A 67E3 6266 6EB9 4184 87E7 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reply-to address on SLUG posts
On Tue, Jul 27, 2010 at 03:13:38PM +1000, Erik de Castro Lopo wrote: I am on a well over 50 mailing lists, some of which can have high volumes (the kernel mailing list can peak at over 50 emails an hour). Having that torrent end up in my inbox is completely out of the question as I also receive emails directly to me that need to be acted on at relatively short notice. Contrarily, I filter my kernel mailing list messages into their own mailbox and I welcome being CCed on the rare occasion where lkml messages involve me, cause otherwise I'd miss them or at least not see them in a timely manner. Nick. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Perl Regular expression help
Sorry to bring up an old thread but I just had to comment on this... $quoted_author = Jamie Wilkinson ; Try: /pg=[^]*/ match zero or more of the character class that is not an ampersand. Except there is nothing stopping the variables being reordered, no? So you may need to match a leading ? instead of . You could get crazy and try to do this in a single regex but two stage is clearer. e.g. sed -e 's/pg=[^]*//g' -e 's/?pg=[^]*/?/' cheers Marty -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Perl Regular expression help
Call me crazy! s/(|?)pg=[^]*/\1/ (correct escaping of and ? left as an exercise for someone actually using this :) On 27 July 2010 08:03, Martin Barry ma...@supine.com wrote: Sorry to bring up an old thread but I just had to comment on this... $quoted_author = Jamie Wilkinson ; Try: /pg=[^]*/ match zero or more of the character class that is not an ampersand. Except there is nothing stopping the variables being reordered, no? So you may need to match a leading ? instead of . You could get crazy and try to do this in a single regex but two stage is clearer. e.g. sed -e 's/pg=[^]*//g' -e 's/?pg=[^]*/?/' cheers Marty -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Perl Regular expression help
On 28/07/2010, at 1:03, Martin Barry ma...@supine.com wrote: You could get crazy and try to do this in a single regex but two stage is clearer. e.g. sed -e 's/pg=[^]*//g' -e 's/?pg=[^]*/?/' Now you have 2 problems. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: slug Digest, Vol 54, Issue 22
Hello, All I was using a D-Link wireless device . I had to go back to the Telstra Modem. Now I am okay! Thanks, Jose On 27 July 2010 12:00, slug-requ...@slug.org.au wrote: Send slug mailing list submissions to slug@slug.org.au To subscribe or unsubscribe via the World Wide Web, visit http://lists.slug.org.au/listinfo/slug or, via email, send a message with subject or body 'help' to slug-requ...@slug.org.au You can reach the person managing the list at slug-ow...@slug.org.au When replying, please edit your Subject line so it is more specific than Re: Contents of slug digest... Today's Topics: 1. Accessing the web with Ubuntu (Jose De Almada) 2. Re: Accessing the web with Ubuntu (Ben Donohue) 3. Re: Accessing the web with Ubuntu (Heracles) -- Forwarded message -- From: Jose De Almada josedealm...@gmail.com To: slug@slug.org.au slug@slug.org.au Date: Mon, 26 Jul 2010 14:12:00 +1000 Subject: [SLUG] Accessing the web with Ubuntu Hello Having installed Linux, I am unable to access the web. I've Telstra broadband. Please, help!? Thanks, José De Almada -- Forwarded message -- From: Ben Donohue donoh...@icafe.com.au To: slug@slug.org.au Date: Mon, 26 Jul 2010 14:58:01 +1000 Subject: Re: [SLUG] Accessing the web with Ubuntu check your network card is turned on or activated. Sometimes on install it is disabled. Make it enabled. Get the settings that you should have from Telstra of anything that you have to configure on your computer. Usually it will be DHCP from the modem and you should not have to worry. You should be able to ring up Telstra and get someone to guide you through the setup... (just pretend you have windows...) Ben On 26/07/2010 2:12 PM, Jose De Almada wrote: Hello Having installed Linux, I am unable to access the web. I've Telstra broadband. Please, help!? Thanks, José De Almada -- Forwarded message -- From: Heracles herac...@iprimus.com.au To: slug@slug.org.au Date: Mon, 26 Jul 2010 14:51:36 +1000 Subject: Re: [SLUG] Accessing the web with Ubuntu -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What exactly do you mean? To access the net an OS has to recognise the equipment you use. Are you on a machine using an ethernet card or a wireless card or are you using a USB stick modem? Does the OS recognise them? Heracles On 26/07/10 14:12, Jose De Almada wrote: Hello Having installed Linux, I am unable to access the web. I've Telstra broadband. Please, help!? Thanks, José De Almada -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxNFFYACgkQybPcBAs9CE9zfQCfUmmdln/LT87N9ZjwH2qn+PpT 2WkAmgLL/hxn7b87heP27Y58TklJakLe =cqM3 -END PGP SIGNATURE- -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Multiple server roles on one box
Ben Donohue donoh...@icafe.com.au writes: just a question... I'm looking at the possibility of consolidating some servers for a client. If an internal box with DNS and squid were combined, would this be a security risk... as in risky way above normal? No. How about a DNS, squid and web server with multiple name based virtual domains on the same box? No. Is doing the above really dangerous on a fully patched and up to date system? Yes, because you have world-facing services, which is really dangerous. However, it is kind of unavoidable; in this case your biggest risk is going to be the web server, which if it hosts any sort of dynamic content is going to run the risk of compromise. The DNS and Squid servers are basically irrelevant here, and putting them on the same systems is unlikely to increase your practical risk. Any advice please? Do a proper risk assessment, and then work out if putting those on the same system meets your acceptable risk/value trade-off or not, as a business. Regards, Daniel No, seriously, even if it was more risky running them on the same machine, it might be worth $4,000 a month to the business in rack space and power to consolidate them, and so worth doing anyway. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Wireless connection (was Re: slug Digest, Vol 54, Issue 22)
Hi Jose, If you've installed a recent distro, it should recognise the D-Link adapter and at least show you that it exists. I've used (and use them now) quite a bit and not had any problems with the adapter being recognised. 1. Was this on a desktop or laptop? 2. What model name is the adapter? I'm sure we can help you out with this :)) If it's a laptop, you could bring it with you if you are coming to the SLUG meeting this Friday. Regards, Patrick Jose De Almada josedealm...@gmail.com Wed, 28 Jul 2010 11:47:39 +1000 SNIP I was using a D-Link wireless device . I had to go back to the Telstra Modem. Now I am okay! Thanks, Jose -- www.techfriend.com.au Home computer software training and hardware assistance www.mercuryvideos.com.au Stylishly edited DVDs of your photos and videos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Multiple server roles on one box
On Tue, Jul 27, 2010 at 04:04:05PM +1000, Ben Donohue wrote: [ ] How about a DNS, squid and web server with multiple name based virtual domains on the same box? Is doing the above really dangerous on a fully patched and up to date system? As others have said it's inadvisable. Even fully patched servers can be are susceptible (so called zero day vulns might actually be months old) and the reality is you don't often have the time to fully patch every day anyway. *IF* you wanted to pursue this you can mitigate it with some sort of isolation be it chrooting, selinux, containers, vms. Or all of the above. The level of risk also depends on the webapp. I'd be more comfortable with java (especially with security manager on) which is after all another form of vm. With php (wordpress, drupal, moodle, or home grown) definitely not confortable. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html