On 6/3/09, Scott Silva wrote:
> on 6-2-2009 2:46 PM Rudi Ahlers spake the following:
>> On 6/2/09, Scott Silva wrote:
>>> on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
Hi all,
One of our CentOS 5.3 randomly reboots, at different times of the day,
and I can't see why it'
On Wed, 2009-06-03 at 01:57 -0400, JohnS wrote:
> On Wed, 2009-06-03 at 00:46 -0500, John R. Dennison wrote:
> > On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
> > >
> > > It would be prudent to review his web code to see
> > > if he did something in an insecure way. If his code
>
Greetings,
Wondering if anyone could assist with this. I have many SuperMicro 5015B-MTB
servers. These all have the X7SBi Motherboards. After upgrading to
CentOS 5.3 the Hard
Drive LED's on some of the servers started blinking red(drive fail) but
all is functioning
normally. All servers are runn
On Wed, 2009-06-03 at 00:46 -0500, John R. Dennison wrote:
> On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
> >
> > It would be prudent to review his web code to see
> > if he did something in an insecure way. If his code
> > is open to attack, it will be so even if he puts it
>
On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
>
> It would be prudent to review his web code to see
> if he did something in an insecure way. If his code
> is open to attack, it will be so even if he puts it
> on a new machine.
Hence my statements to evaluate the web-app
Bruce:
> you state that "..An unauthorized user currently has the
> ability to run
> processed on the machine"
>
> how do we know that..
The original poster stated he did know how what
the process was. He stated he believed the machine
was being attacked. He asked for advice from the
co
Bruce:
> my only point, was that reinstalling wotjout understanding
> what was/is going
> on is a draconian step.. does it resolve the issue.. sire..
> does it get to
> what might have been the cause.. not in my opinion...
This point seems valid.
If you do not understand why and how the mach
neil...
you state that "..An unauthorized user currently has the ability to run
processed on the machine"
how do we know that.. did i miss something in an earlier thread.. don't get
me wrong, you might know more on this thread than the few msgs i saw... al i
saw was that there was the 'atack'
Bruce:
> i'm inclined to think the processs is something on his server...
>
> now, how it got there is a curious issue that he's going to have to
> address..
This is precisely the point. An unauthorized user currently
has the ability to run processed on the machine. We do
not know what they h
you and i agreee on him figuring out what web apps are causing the issues..
or in fact, exactly what the 'atack' process is? i didn't see the initial
threads.. was this simething that he discussed? did he say what the arack
process was doing?
my only point, was that reinstalling wotjout understan
neil...
the ps he showed, showed the 'atack' processes being run by the apache
user...
i'm incined to agree that he should take the machine offline, but i don't
know what the 'atack' processes are, and unless his system is really f*ed
up.. i'm inclined to think the processs is something on his se
On Tue, Jun 02, 2009 at 09:48:41PM -0700, bruce wrote:
>
> not kidding... the majority of windows based attacks on an apache system
> running on linux systems are obnoxiousm but not harmful... the kinds of
> attacks that are looking to exploit windows buffer overflows are harmless to
> linux syste
Bruce:
I think you are misunderstanding something.
He showed a process listing of processes running
on his server. Those were not apache processes
being attacked from the outside. They were rogue
processes running on his machine.
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting
htebruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the apche server? are these apps home grown
nope...
not kidding... the majority of windows based attacks on an apache system
running on linux systems are obnoxiousm but not harmful... the kinds of
attacks that are looking to exploit windows buffer overflows are harmless to
linux systems..
this isn't to say that all windows attacks are harm
On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the
it's possible your box is attacked, has been compromised.. of it's possible
that it's also being slammed by some sort of potential attack/hack.
regarding the apache app, what do the log files say... what apps do you have
running on the apche server? are these apps home grown, or installed from
some
On Tue, Jun 02, 2009 at 09:01:35PM -0700, Linux Advocate wrote:
>
> o godd.
>
> i have a quite a few linux boxes and not even one has been hacked. oh man
> !!
That you have noticed.
> really??? i have to format the box.
On Tue, Jun 02, 2009 at 11:48:11PM -0400, William Warren wrote:
>
> some google foo shows this is a WINDOWS exploit not a linux one.
>
> http://www.linuxquestions.org/questions/slackware-14/analyzing-apache-logs-174552/
Um, perhaps I am just missing something but I don't see any
r
> i have a quite a few linux boxes and not even one has been
> hacked. oh man !!
Consider yourself lucky that you have not had it
happen in the past. Nothing is 100% secure.
> really??? i have to format the box.
Yes, you do.
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMM
Hello:
If there are processes running on your machine
which you do not recognize, assume the machine has
been compromised. Take it offline and wipe it
immediately.
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www
reply below
- Original Message
> From: John R. Dennison
> To: CentOS mailing list
> Sent: Wednesday, June 3, 2009 11:43:46 AM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
>
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
> >
> > Hell,
> >
> some google foo shows this is a WINDOWS exploit not a linux one.
>
> http://www.linuxquestions.org/questions/slackware-14/analyzing-apache-logs-174552/
> ___
yes, william, i saw those links when i googledi too did no think it related
to
John R. Dennison wrote:
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
>
>> Hell, has my centos 5.3 box been hacked??? Help !!
>>
>
> Yes. Reinstall; fully update components; restore *data*
> from backups (you have backups, right?) and review what
>
John R. Dennison wrote:
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
>
>> Hell, has my centos 5.3 box been hacked??? Help !!
>>
>
> Yes. Reinstall; fully update components; restore *data*
> from backups (you have backups, right?) and review what
>
On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
>
> Hell, has my centos 5.3 box been hacked??? Help !!
Yes. Reinstall; fully update components; restore *data*
from backups (you have backups, right?) and review what
web packages you have installed
sorry typos amended
Guys, apache's cpu usage is hitting
100% sometimes ( to such an extent that its
very noticeable)
on a box ( 2gb ram) with just 8 users or so. This newver happended before.
i m getting this when i
run 'top'. The worrying thing is seeing the word 'atack'
under
c
Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that its
very noticeable) on a box with just 8 users or so.
i m getting this when i run 'top'. The worrying thing is seeing the work
'atack' under command
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
Yahoo has been having internal problems with a recent change to their
spam filter. It's randomly [*] reporting IP addresses as being listed
on the Spamhaus blocklist (when those IPs are not listed), and
therefore incorrectly rejecting mail in unpredictable ways. This has
been going on for almost
John R Pierce wrote:
> Chan Chung Hang Christopher wrote:
>
>>> I've read a lot of different reports that suggest at this point in time,
>>> kernel software raid is in most cases better than controller raid.
>>>
>>>
>>>
>> Let me define 'most cases' for you. Linux software raid c
nate wrote:
> Chan Chung Hang Christopher wrote:
>
>> Complete bollocks. The bottleneck is not the drives themselves as
>> whether it is SATA/PATA disk drive performance has not changed much
>> which is why 15k RPM disks are still king. The bottleneck is the bus be
>> it PCI-X or PCIe 16x/8x/4x
Chan Chung Hang Christopher wrote:
> Complete bollocks. The bottleneck is not the drives themselves as
> whether it is SATA/PATA disk drive performance has not changed much
> which is why 15k RPM disks are still king. The bottleneck is the bus be
> it PCI-X or PCIe 16x/8x/4x or at least the latenci
On Tue, 2 Jun 2009, Ralph Angenendt wrote:
> Radu-Cristian FOTESCU wrote:
>> AFAIK, this never happened. Is the 5.x.z tree concept dead-before-birth?!
>
> For CentOS: Yes.
>
> For Upstream: Ask Red Hat.
>
> Ralph
>
I have asked RHT repeatedly to walk me through the life of a package
version. Not
On Tue, Jun 02, 2009 at 04:31:11PM -0700, Al Sparks wrote:
> $ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> 10.7.13.0 0.0.0.0 255.255.255.0 U 0 00 eth0
> 10.254.214.00.0.0.0
I have, a machine running RHEL ES 4.7 with 2 physical interfaces.
eth0 Link encap:Ethernet HWaddr 00:14:22:1C:B4:EA
inet addr:10.7.13.61 Bcast:10.7.13.255 Mask:255.255.255.0
inet6 addr: fe80::214:22ff:fe1c:b4ea/64 Scope:Link
UP BROADCAST RUNNING MUL
Frank Cox wrote:
>
>> So, I'm trying todo everything I can, from my side, via SSH to see if
>> I can figure it out.
>
> If it's a hardware-related issue, as Scott suggested, you can spend all the
> time you want fiddling around with the software and you'll never solve the
> problem.
Yes, you'll
Chan Chung Hang Christopher wrote:
>> I've read a lot of different reports that suggest at this point in time,
>> kernel software raid is in most cases better than controller raid.
>>
>>
> Let me define 'most cases' for you. Linux software raid can perform
> better or the same if you are
on 6-2-2009 2:46 PM Rudi Ahlers spake the following:
> On 6/2/09, Scott Silva wrote:
>> on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
>>> Hi all,
>>>
>>> One of our CentOS 5.3 randomly reboots, at different times of the day,
>>> and I can't see why it's doing it.
>>>
>>> I have looked throu
> I've read a lot of different reports that suggest at this point in time,
> kernel software raid is in most cases better than controller raid.
>
Let me define 'most cases' for you. Linux software raid can perform
better or the same if you are using raid0/raid1/raid1+0 arrays. If you
are usi
On Tue, 02 Jun 2009 23:46:39 +0200
Rudi Ahlers wrote:
> So, I'm trying todo everything I can, from my side, via SSH to see if
> I can figure it out.
If it's a hardware-related issue, as Scott suggested, you can spend all the
time you want fiddling around with the software and you'll never solve t
On 6/2/09, Scott Silva wrote:
> on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
>> Hi all,
>>
>> One of our CentOS 5.3 randomly reboots, at different times of the day,
>> and I can't see why it's doing it.
>>
>> I have looked through the logs, but don't see any thing in there that
>> shows me
on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
> Hi all,
>
> One of our CentOS 5.3 randomly reboots, at different times of the day,
> and I can't see why it's doing it.
>
> I have looked through the logs, but don't see any thing in there that
> shows me why it has rebooted. How can I debug
Hi all,
One of our CentOS 5.3 randomly reboots, at different times of the day,
and I can't see why it's doing it.
I have looked through the logs, but don't see any thing in there that
shows me why it has rebooted. How can I debug this?
Here's a snipped from the log, around the time of the reboot
on 6-2-2009 5:51 AM henry ritzlmayr spake the following:
> Hi List,
>
> optimizing the configuration on one of our servers (which was
> hit by a brute force attack on dovecot) showed an odd behavior.
>
> The short story:
> On one of our servers an attacker did a brute force
> attack on dovecot
At Tue, 2 Jun 2009 17:21:15 +0200 CentOS mailing list wrote:
>
> Hi :)
>
> Sorry for my bad english i'm a frenchi...
>
> I have a little question about mysql.
>
> What is the difference between mysql-server in centos vs the rpm build
> by Sun ( Mysql community edition)
>
> RedHat apply homem
on 6-2-2009 1:53 PM Radu-Cristian FOTESCU spake the following:
> --- On Tue, 6/2/09, Dag Wieers
> wrote:
>
>> Communication problems are usually caused by both sides.
>
> Agreed.
>
>> Besides the EUS source RPM packages are not released
>> to the public, so you need those expensive entitleme
On Tue, Jun 2, 2009 at 12:59 PM, Gordon Messmer wrote:
> On 06/01/2009 07:52 PM, Michael A. Peters wrote:
>>
>> I've read a lot of different reports that suggest at this point in time,
>> kernel software raid is in most cases better than controller raid.
>
> There are certainly a lot of people who
--- On Tue, 6/2/09, Dag Wieers wrote:
> Communication problems are usually caused by both sides.
Agreed.
> Besides the EUS source RPM packages are not released
> to the public, so you need those expensive entitlements
> to be able to rebuild them.
Eek. Never knew that. This looks more like
On Tue, 2 Jun 2009, Lanny Marcus wrote:
> On Tue, Jun 2, 2009 at 8:41 AM, Dag Wieers wrote:
>
>> I am pleased to announce the first edition of the bi-weekly CentOS
>> newsletter which we dubbed "CentOS Pulse".
>
>
> Dag: I read the first issue. Great idea! Please post here, each time
> you post
mcclnx mcc wrote:
>
>
> I have been a while did NOT received E-MAIL from "centos" listserv.
> Any problem on CENTOS listserv?
No. I would be interested if you get this mail, though :)
Ralph
pgpw5vXmC7FDR.pgp
Description: PGP signature
___
CentOS mailin
On Tue, June 2, 2009 1:48 pm, mcclnx mcc wrote:
>
>
> I have been a while did NOT received E-MAIL from "centos" listserv. Any
> problem on CENTOS listserv?
>
>
>
No Prob here. Been recieving mail. Might want to check spam filter.
Bo Lynch
___
Cen
On Tue, Jun 2, 2009 at 8:41 AM, Dag Wieers wrote:
> I am pleased to announce the first edition of the bi-weekly CentOS
> newsletter which we dubbed "CentOS Pulse".
Dag: I read the first issue. Great idea! Please post here, each time
you post a new edition. Lanny
__
On 06/01/2009 07:52 PM, Michael A. Peters wrote:
>
> I've read a lot of different reports that suggest at this point in time,
> kernel software raid is in most cases better than controller raid.
There are certainly a lot of people who feel that way. It depends on
what your priorities are. Hardw
lable
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20090602/13dc3c5b/attachment-0001.bin
--
___
CentOS-announce mailing list
cento
On Mon, Jun 1, 2009 at 10:52 PM, Michael A. Peters wrote:
> -=- starting as new thread as it is off topic from controller thread -=-
>
> Ross Walker wrote:
>
> >
> > The real key is the controller though. Get one that can do hardware
> > RAID1/10, 5/50, 6/60, if it can do both SATA and SAS even
On Jun 1, 2009, at 9:52 PM, Michael A. Peters wrote:
> I've read a lot of different reports that suggest at this point in
> time,
> kernel software raid is in most cases better than controller raid.
I manage systems with both.
I like hardware RAID controllers. Yes, they do cost money up fron
Henry ritzlmayr wrote on Tue, 02 Jun 2009 14:51:23 +0200:
> ->Only the last try gets logged.
can't reproduce this. The following was done in one connection to
localhost.
Jun 2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user
unknown
Jun 2 17:09:10 d01 dovecot-auth: pam_uni
Hi :)
Sorry for my bad english i'm a frenchi...
I have a little question about mysql.
What is the difference between mysql-server in centos vs the rpm build
by Sun ( Mysql community edition)
RedHat apply homemade patch or they only backport Sun patch?
Cordialement,
Beugin Thomas
___
On Tue, 2 Jun 2009, Radu-Cristian FOTESCU wrote:
>> For CentOS: Yes.
>
> But Karanbir says I seem "quite confused about what should and should not
> exist." How can you answer correctly to an incorrect question raised by an
> confused ignorant?
>
>> For Upstream: Ask Red Hat.
>
> I was hoping *y
--- On Tue, 6/2/09, Ralph Angenendt wrote:
>
> For CentOS: Yes.
But Karanbir says I seem "quite confused about what should and should not
exist." How can you answer correctly to an incorrect question raised by an
confused ignorant?
> For Upstream: Ask Red Hat.
I was hoping *you* (some of y
--- On Tue, 6/2/09, Karanbir Singh wrote:
> >
> > So there *should* have existed:
> > * 5.1-only updates issued post-5.2;
> > * 5.1-only and 5.2-only updates issued post-5.3;
> > etc.
>
> go back and reread the entire list of comments.
> You seem quite confused
> about what should and should
On 06/02/2009 02:27 PM, Radu-Cristian FOTESCU wrote:
> So there *should* have existed:
> * 5.1-only updates issued post-5.2;
> * 5.1-only and 5.2-only updates issued post-5.3;
> etc.
go back and reread the entire list of comments. You seem quite confused
about what should and should not exist.
-
Hi,
I am pleased to announce the first edition of the bi-weekly CentOS
newsletter which we dubbed "CentOS Pulse".
This first issue centers around improving communication within the CentOS
community and how that relates to the CentOS Promo SIG. We also look at
the recent announcements regardin
Radu-Cristian FOTESCU wrote:
> AFAIK, this never happened. Is the 5.x.z tree concept dead-before-birth?!
For CentOS: Yes.
For Upstream: Ask Red Hat.
Ralph
pgpvVtxZUcKsC.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://l
--- On Tue, 6/2/09, Kai Schaetzl wrote:
> Point releases are just freezes in time. There are no
> "special" updates for point releases, only for the
> "current" release.
This is what we all *believe* we know (e.g. "5"-current is now "5.3"+updates).
However, TUV seems to have had a different o
Hi List,
optimizing the configuration on one of our servers (which was
hit by a brute force attack on dovecot) showed an odd behavior.
The short story:
On one of our servers an attacker did a brute force
attack on dovecot (pop3).
Since the attacker closed and reopened the connection
after ev
MontyRee wrote:
> hello all.
>
> My system is centos 5.x and there is no module related auditd
> there is no process(daemon) related auditd and selinux definately disabled.
>
> But I can see lots of auditd messages like below.
>
> Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064
Matthias Leopold wrote on Tue, 02 Jun 2009 13:56:47 +0200:
> is it normal behavior that through the use of "yum update" systems are
> forced to follow the point releases of a major release (5.0 -> 5.1 ->
> 5.2, etc)? is there a way and would it make sense to stay within one
> particular release an
Hi
The major release of CentOS/RHEL is from 5.x -> 6.x.
The 5.0 -> 5.1 -> 5.2 ... is a update security, and all shared the
same repository, and the line of version the packages is to update.
In some package case is major update because of security update, eg.
firefox 1.5 to 3.0. Mozilla a long tim
Hi;
I have Centos 5.3 on my labtop and have to vpn a cisco vpn server. So i
installed vpnc on my box. Then i want to integrate with NetworkManager and
vpnc so i also installed NetworkManager-vpnc 7.0. I configured vpn
connection and tried to connect. It looks like it connected but when i try
to log
hi,
since i don't use centos very heavily i'm not too familiar with the
centos/rhel release/update process (and i didn't do much research on this):
is it normal behavior that through the use of "yum update" systems are
forced to follow the point releases of a major release (5.0 -> 5.1 ->
5.2, etc
hello all.
My system is centos 5.x and there is no module related auditd
there is no process(daemon) related auditd and selinux definately disabled.
But I can see lots of auditd messages like below.
Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064:65210): user
pid=25860 uid=0 a
Matt Harrington wrote:
> Should unprivileged users be able to change their shell with lchsh on
> 5.3 and, if it matters, CentOS Directory Server? lchsh seems to
> require more open permissions than those which come with a default
> installation:
>
> Error initializing libuser: could not open
2009/6/2 Michael A. Peters
> MontyRee wrote:
> > Hello, all.
> >
> >
> > I have operated centos 4.x and 5.x system.
> >
> > for 4.x system, I auto update using yum and for 5.x system, using
> > yum-cron.
> >
> > but I can't find any yum-cron package (i386) like below.
> >
> > # yum search yum-cro
On 06/02/2009 09:19 AM, MontyRee wrote:
> # yum search yum-cron(at i686, centox 5.3)
>
> Warning: No matches found for: yum-cron
> No Matches found
yum-cron has a bit of history really.
But in a nutshell, do you need yumcron to do something that cant be done
with yum-updatesd itself ? Make sure
MontyRee wrote:
> Hello, all.
>
>
> I have operated centos 4.x and 5.x system.
>
> for 4.x system, I auto update using yum and for 5.x system, using
> yum-cron.
>
> but I can't find any yum-cron package (i386) like below.
>
> # yum search yum-cron(at i686, centox 5.3)
>
> Warning: No matches
Hello, all.
I have operated centos 4.x and 5.x system.
for 4.x system, I auto update using yum
and for 5.x system, using yum-cron.
but I can't find any yum-cron package (i386) like below.
# yum search yum-cron(at i686, centox 5.3)
Warning: No matches found for: yum-cron
No Matches f
77 matches
Mail list logo
