On 2010-02-09 18:15, Fernando Gleiser wrote:
> Every time we try to copy some large file to the storage-based file system,
> the disk utilization see-saws up to 100% to several seconds of inactivity, to
> climb up again to 100% and so forth.
> Here are a snip from the iostat -kx 1:
>
> Device:
On Wed, 2010-02-10 at 15:08 -0500, John Hinton wrote:
> I'm seeing a lot of activity over the last two days with what looks to
> be a kiddie script. Mostly trying to access several of our servers with
> the username anna. All failed... in fact I don't think we have a user
> anna on any of our s
I am running IPTraf and have one offender... not a problem to find the
address by hand, but I know these things grow. Years ago it was ssh...
they are still trying. Then FTP... then smtp... but I have not before
seen one like this where I can't find it logged... and I want to put
into place som
John Hinton wrote:
>>
Yes... most of them. Just the new PITA. Anyway... I still can't seem to
figure out how to log the IP addresses for this attack.
<<
I'd use iptables to log connections on that port and then time-correlate
with the log entries from saslauthd.
Best,
--- Les Bell
[http://www.
Perhaps you can use netstat to identify who is currently connected to
the machine. Then run it several times over a short period and block
the most likely culprits ?
John Hinton wrote:
> Yes... most of them. Just the new PITA. Anyway... I still can't seem to
> figure out how to log the IP add
Yes... most of them. Just the new PITA. Anyway... I still can't seem to
figure out how to log the IP addresses for this attack.
The system is saslauthd running as a service... sendmail and dovecot
setup. I have log levels in sendmail set to 14. Something has to be able
to log the offender(s).
There is a kernel option you can give to solve
this problem, in /boot/grub/grub.con add to the end
of the kernel line:
rootdelay Xs
where x is the amounty of time to wait before
/root is mounted, however this is valid for
everything else as well.
play with X until you get it right.
Jobst
O
Sean Carolan wrote:
> In our environment the chroot jail is /home/username. Does this mean
> we need a /home/username/dev/log for each and every user? If the
> daemon is chroot'd to /home/username wouldn't this be the case?
Yes..
nate
___
CentOS ma
If you have:
/home/username01/[etc,dev,tmp,bin,lib]
/home/username02/[etc,dev,tmp,bin,lib]
/home/username03/[etc,dev,tmp,bin,lib]
/home/username04/[etc,dev,tmp,bin,lib]
I believe you will need:
syslogd -a "/home/username01/dev/log" -a "/home/username02/dev/log"
-a "/home/username03/dev/log" -a "
> I solved a similar issue with jail and syslog adding a "-a
> /home/jail/dev/log" parameter to syslog startup.
In our environment the chroot jail is /home/username. Does this mean
we need a /home/username/dev/log for each and every user? If the
daemon is chroot'd to /home/username wouldn't thi
I supose that you are using SMTP authentication with SASL.
>From the log "service=smtp"...so, in fact, the attack is coming from
the SMTP server and not directly to the SASL.
I guess that someone is trying to do a brute force attack on the SMTP server.
Regards
Lincoln
On Wed, Feb 10, 2010 at 6:
On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher
> > wrote:
>
> >
> >> If you have hundreds or thousands of users and hundreds of groups,
> >> well good luck. It is extremely hard to automate assigning these
> >> uids/
> >> gids
Each user has their own jail?
I solved a similar issue with jail and syslog adding a "-a
/home/jail/dev/log" parameter to syslog startup.
>From the syslogd man page:
-a socket
Using this argument you can specify additional sockets from that
syslogd has to listen
Maybe one of you can help. We have set up a CentOS server so that
each user who logs in via sftp will be jailed in their home directory.
Here's the relevant sshd_config:
# override default of no subsystems
Subsystem sftpinternal-sftp -f LOCAL2 -l INFO
Match Group sftponly
Chro
I'm seeing a lot of activity over the last two days with what looks to
be a kiddie script. Mostly trying to access several of our servers with
the username anna. All failed... in fact I don't think we have a user
anna on any of our servers. Meanwhile...
I'm running Sendmail. This pertains to Ce
On Feb 10, 2010, at 2:29 PM, Dave wrote:
Would it (should it) eventually notice that the server is back and
re-enable itself just as automatically as it disabled itself?
not according to the default CUPS configuration under RHEL/CentOS.
http://www.cups.org/documentation.php/ref-cupsd-conf.
On Tue, Feb 9, 2010 at 8:32 PM, Rajagopal Swaminathan <
raju.rajs...@gmail.com> wrote:
> I would strongly suggest using the web interface localhost:631 instead
> of system-config-printer.
>
In what way is this superior?
Dave
--
———-
Q: Why should this email be 5 sentences
On Tue, Feb 9, 2010 at 6:37 PM, Paul Johnson wrote:
>
> After I manually (use lprm) remove the print jobs, and set the printer
> to Enabled, then the print queue will start working again.
>
Me too, but even stranger, I do not remove the print jobs and they print
fine as soon as I enable the prin
Hi Chris,
Thanks,
you mind, replace ldap auth with winbind auth ?
my scene:
on one side 1 smb server pdc with ldap,
on the another side, 1 Xorg-Server with auth over ldap , the same from the
first one (smb).
i need to permit only users "membership_of" "Domain Users" to login on the
Xorg-Server
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ..
Dear Les et al,
Thanks for your assistance with this thorny issue. I have finally resolved
the problem by utilising the following:
1) I have added to the access map of sendmail all the domains that accept
mail for any user, u...@domain for those email accounts that exist and hosts
that are intern
On 2/10/2010 9:15 AM, Robert Heller wrote:
> At Tue, 9 Feb 2010 22:37:28 -0600 CentOS mailing list
> wrote:
>
>
>> In our computer lab, there are 6 Centos 5.4 workstations. There is an
>> HP printer with jet direct card. It often works.
>>
>> But sometimes users come and get me saying the pri
On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher
wrote:
>
>> If you have hundreds or thousands of users and hundreds of groups,
>> well good luck. It is extremely hard to automate assigning these
>> uids/
>> gids and making sure they don't collide with each other or other unix
>> syste
At Tue, 9 Feb 2010 22:37:28 -0600 CentOS mailing list wrote:
>
> In our computer lab, there are 6 Centos 5.4 workstations. There is an
> HP printer with jet direct card. It often works.
>
> But sometimes users come and get me saying the printer is broken, but
> it is actually working fine for *
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of JohnS
> Sent: Wednesday, February 10, 2010 1:31 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Anyone using Active Driectory auth with Centos
> 5.4.?
>
>
> On Tue, 2010-02-0
> If you have hundreds or thousands of users and hundreds of groups,
> well good luck. It is extremely hard to automate assigning these uids/
> gids and making sure they don't collide with each other or other unix
> systems and doing it by hand is a torture reserved for the ninth
> circle o
26 matches
Mail list logo
