Re: [Vserver] Utility Programs in Vservers

2005-02-16 Thread Roderick A. Anderson 
Thanks Herbert.  Your insights are always useful and fun.


Rod

On Wed, 16 Feb 2005, Herbert Poetzl wrote:

> On Tue, Feb 15, 2005 at 09:15:32AM -0800, Roderick A. Anderson wrote:
> > Well that's a pretty sorry excuse for a Subject but the only thing I could 
> > think of.  :-)
> > 
> > Short story.  A client got their Vserver broken into and though it appears
> > I got them cleaned out but I'm still doing some forensics.  There were
> > some files changed ( I don't think they knew it was a Vserver ) and fcheck
> > caught the problem files but I'm not sure if they are even needed.
> 
> hehe ... good that they didn't knew then ...
> 
> > Is there any reason for ifdown, ifup, installkernel, ldconfig, sln, 
> > vhalt, vreboot are needed or should be in a Vserver?  
> 
> the is no use, but also no harm in ifdown/ifup if the 
> vserver does not have the NET_ADMIN capability ...
> ldconfig and sln might be useful inside .. who knows
> but vhalt and vreboot are not used anymore ...
> 
> > This is pretty old kernel ( CTX ) and I think I made a mistake and 
> > created the Vserver from the main server.  
> > I'm also seeing some $VSERVER/dev/hdx?, $VSERVER/dev/log, 
> > $VSERVER/dev/stdout, $VSERVER/dev/ttyo?, and $VSERVER/dev/tty.
> 
> anything more than the following is not needed and might
> (or will) be dangerous if supplied ...
> 
> crw-rw-rw-1 root root   1,   7 Apr  6  2003 full
> srw-rw-rw-1 root root0 Feb 16 01:42 log=
> crw-rw-rw-1 root root   1,   3 Apr  6  2003 null
> crw-rw-rw-1 root root   5,   2 Feb 16 03:07 ptmx
> drwxr-xr-x2 root root0 Feb 16 01:37 pts/
> crw-r--r--1 root root   1,   8 Apr  6  2003 random
> crw-rw-rw-1 root root   5,   0 Apr  6  2003 tty
> crw-r--r--1 root root   1,   9 Apr  6  2003 urandom
> crw-rw-rw-1 root root   1,   5 Apr  6  2003 zero
> 
> std* are usually symlinks into /proc so they should be
> fine ...
> 
> > Any pointers or thoughts?
> 
> HTH,
> Herbert
> 
> > TIA,
> > Rod
> > -- 
> > "Open Source Software - You usually get more than you pay for..."
> >  "Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL"
> > 
> > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> 

-- 
"Open Source Software - You usually get more than you pay for..."
 "Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL"


___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Utility Programs in Vservers

2005-02-15 Thread Herbert Poetzl 
On Tue, Feb 15, 2005 at 09:15:32AM -0800, Roderick A. Anderson wrote:
> Well that's a pretty sorry excuse for a Subject but the only thing I could 
> think of.  :-)
> 
> Short story.  A client got their Vserver broken into and though it appears
> I got them cleaned out but I'm still doing some forensics.  There were
> some files changed ( I don't think they knew it was a Vserver ) and fcheck
> caught the problem files but I'm not sure if they are even needed.

hehe ... good that they didn't knew then ...

> Is there any reason for ifdown, ifup, installkernel, ldconfig, sln, 
> vhalt, vreboot are needed or should be in a Vserver?  

the is no use, but also no harm in ifdown/ifup if the 
vserver does not have the NET_ADMIN capability ...
ldconfig and sln might be useful inside .. who knows
but vhalt and vreboot are not used anymore ...

> This is pretty old kernel ( CTX ) and I think I made a mistake and 
> created the Vserver from the main server.  
> I'm also seeing some $VSERVER/dev/hdx?, $VSERVER/dev/log, 
> $VSERVER/dev/stdout, $VSERVER/dev/ttyo?, and $VSERVER/dev/tty.

anything more than the following is not needed and might
(or will) be dangerous if supplied ...

crw-rw-rw-1 root root   1,   7 Apr  6  2003 full
srw-rw-rw-1 root root0 Feb 16 01:42 log=
crw-rw-rw-1 root root   1,   3 Apr  6  2003 null
crw-rw-rw-1 root root   5,   2 Feb 16 03:07 ptmx
drwxr-xr-x2 root root0 Feb 16 01:37 pts/
crw-r--r--1 root root   1,   8 Apr  6  2003 random
crw-rw-rw-1 root root   5,   0 Apr  6  2003 tty
crw-r--r--1 root root   1,   9 Apr  6  2003 urandom
crw-rw-rw-1 root root   1,   5 Apr  6  2003 zero

std* are usually symlinks into /proc so they should be
fine ...

> Any pointers or thoughts?

HTH,
Herbert

> TIA,
> Rod
> -- 
> "Open Source Software - You usually get more than you pay for..."
>  "Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL"
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Utility Programs in Vservers

2005-02-15 Thread Roderick A. Anderson 
Well that's a pretty sorry excuse for a Subject but the only thing I could 
think of.  :-)

Short story.  A client got their Vserver broken into and though it appears
I got them cleaned out but I'm still doing some forensics.  There were
some files changed ( I don't think they knew it was a Vserver ) and fcheck
caught the problem files but I'm not sure if they are even needed.

Is there any reason for ifdown, ifup, installkernel, ldconfig, sln, vhalt, 
vreboot are needed or should be in a Vserver?  This is pretty old kernel 
( CTX ) and I think I made a mistake and created the Vserver from the main 
server.  I'm also seeing some $VSERVER/dev/hdx?, $VSERVER/dev/log, 
$VSERVER/dev/stdout, $VSERVER/dev/ttyo?, and $VSERVER/dev/tty.

Any pointers or thoughts?


TIA,
Rod
-- 
"Open Source Software - You usually get more than you pay for..."
 "Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL"


___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver