Re: [CentOS-es] Apache 2 con Centos 5
te recomiendo que te instales fiddler y debugues a donde te queres conectar y pegame el log que te genera las maquinas que no pueden acceder y te puedo dar una mano. http://www.fiddlertool.com/fiddler/ 2008/3/25 Alexander López Lapo [EMAIL PROTECTED]: Estimados Todos, tengo una pequeña inquietud. Tengo instalado Centos 5 y sobre el funcionando el servidor apache que viene por defecto en esta distribución. Lo configure como servidor, y les comento que algunas máquinas pueden acceder a este servicio; y hay otras que no pueden acceder. Monte un sniffer para ver que esta pasando en estas máquinas que no pueden acceder y para sorpresa mia me sale que el servidor les devuelve un paquete rst ack; que interpretaria que el servidor tiene el puerto cerrado. Lo más raro, es que las máquinas que no pueden acceder tienen todos los permisos. Será que alguien me puede dar alguna sugerencia. Espero sus comentarios. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- -- Juan Andres Mercado Estudiante UAI - Ing. Informática -- By a free world and without windows Por um mundo livre e sem janelas Por un mundo Libre y sin ventanas ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Apache 2 con Centos 5
El 25/03/08, Alexander López Lapo [EMAIL PROTECTED] escribió: Lo más raro, es que las máquinas que no pueden acceder tienen todos los permisos. Será que alguien me puede dar alguna sugerencia. Espero sus comentarios. Si hablas de permisos, supongo que tienes ya sea el firewall arriba o que tienes configurado el acceso al servidor web mediante permisos de IP, te sugiero que bajes tanto el firewall como las restricciones por IP y pruebes si se pueden acceder, posteriormente sube el firewall y prueba nuevamente, y por ultimo sube las restricciones por Ip y a probar; de esta forma cierras el espacio de posibilidades de error salu2 Esteban -- M.Sc. Ing. Esteban Saavedra Lopez CEO Opentelematics.Bolivia Telefono:(+591.2) 5245959 Celular: +591 72450061 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Oruro - Bolivia _ Te Invito a Visitarme y conocer mis Areas de Investigacion http://jesaavedra.opentelematics.org http://esteban.profesionales.org Si quieres chatear ICQ: 16270256 _ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Apache 2 con Centos 5
Es realidad tambien lo que nos dice Esteban, pero eso seria posible tambien si tenes esas maquinas en otro rango de ips y estan bloqueadas por el firewall. On Tue, Mar 25, 2008 at 3:02 PM, Esteban Saavedra L. [EMAIL PROTECTED] wrote: El 25/03/08, Alexander López Lapo [EMAIL PROTECTED] escribió: Lo más raro, es que las máquinas que no pueden acceder tienen todos los permisos. Será que alguien me puede dar alguna sugerencia. Espero sus comentarios. Si hablas de permisos, supongo que tienes ya sea el firewall arriba o que tienes configurado el acceso al servidor web mediante permisos de IP, te sugiero que bajes tanto el firewall como las restricciones por IP y pruebes si se pueden acceder, posteriormente sube el firewall y prueba nuevamente, y por ultimo sube las restricciones por Ip y a probar; de esta forma cierras el espacio de posibilidades de error salu2 Esteban -- M.Sc. Ing. Esteban Saavedra Lopez CEO Opentelematics.Bolivia Telefono:(+591.2) 5245959 Celular: +591 72450061 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Oruro - Bolivia _ Te Invito a Visitarme y conocer mis Areas de Investigacion http://jesaavedra.opentelematics.org http://esteban.profesionales.org Si quieres chatear ICQ: 16270256 _ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- -- Juan Andres Mercado Estudiante UAI - Ing. Informática -- By a free world and without windows Por um mundo livre e sem janelas Por un mundo Libre y sin ventanas ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Apache 2 con Centos 5
Ya intente en varias ocasiones lo que dice Esteban. Les comente así tenga arriba o abajo las acl en los swith y el firewall en mi servidor; las máquinas no pueden acceder a ese servicio. Lo que voy hacer es a hacer un debung con la herramienta que me recomiendas. Espero subir los resultados hoy mismo si todo va bien. Juan Andres Mercado wrote: Es realidad tambien lo que nos dice Esteban, pero eso seria posible tambien si tenes esas maquinas en otro rango de ips y estan bloqueadas por el firewall. On Tue, Mar 25, 2008 at 3:02 PM, Esteban Saavedra L. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: El 25/03/08, Alexander López Lapo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] escribió: Lo más raro, es que las máquinas que no pueden acceder tienen todos los permisos. Será que alguien me puede dar alguna sugerencia. Espero sus comentarios. Si hablas de permisos, supongo que tienes ya sea el firewall arriba o que tienes configurado el acceso al servidor web mediante permisos de IP, te sugiero que bajes tanto el firewall como las restricciones por IP y pruebes si se pueden acceder, posteriormente sube el firewall y prueba nuevamente, y por ultimo sube las restricciones por Ip y a probar; de esta forma cierras el espacio de posibilidades de error salu2 Esteban -- M.Sc. Ing. Esteban Saavedra Lopez CEO Opentelematics.Bolivia Telefono:(+591.2) 5245959 Celular: +591 72450061 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Oruro - Bolivia _ Te Invito a Visitarme y conocer mis Areas de Investigacion http://jesaavedra.opentelematics.org http://esteban.profesionales.org Si quieres chatear ICQ: 16270256 _ ___ CentOS-es mailing list CentOS-es@centos.org mailto:CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- -- Juan Andres Mercado Estudiante UAI - Ing. Informática -- By a free world and without windows Por um mundo livre e sem janelas Por un mundo Libre y sin ventanas ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] sendmail.cf, como, help principiante
es obligatorio usar sendmail por eso necesito ayuda!!! ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] CentOS 5.1 Live USB NTFS Support
On Mon, 24 Mar 2008, Mark Rose wrote: First of all, I was able to use the 5.1 LiveCD to create a bootable USB (8G Lexar FireFly) - thanks to all for your assistance. Question - has anyone been able to add NTFS support to an USB install? It would be a nice to have the ability to access NTFS (and Vista for that matter) disks for troubleshooting and general access. Any and all comments will be appreciated. Thanks! Don't forget that the default CentOS kernel can't read NTFS partitions. If you want to create a custom LiveCD/USB, you need to include either the centosplus repo (and the centosplus kernel that has NTFS read functionnality) or RPMforge ... Read http://wiki.centos.org/TipsAndTricks/NTFSPartitions for further informations -- Fabian Arrotin [EMAIL PROTECTED] Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ...___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL on The Pirate Bay, Mininova, etc
Let's not forget one fundamental fact - can you easily download RHEL from Redhat's site? If yes, then it was meant to be publicly distributed. If no, it was not, and such copies should not be trusted. My philosophy - if you cannot obtain a copy of what you want from the original vendor/provider, or authorized redistributor, then the copy obtained simply cannot be trusted. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sendmail novrfy filter by ip address?
I have a virus and spam filter device that can do VRFY commands to reject invalid email before it gets to the next mail hop. How can I configure the SMTP server to only allow VRFY commands from one particular IP address, and nowhere else? I don't want spammers to be able to hammer on the gateway looking for valid addresses to send to. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] some help on mrepo please
Gents, I figured this would be a nice thread to add my question to. Mrepo is installed, and functioning... somewhat. The problem is that repodata/ directories are not being pulled from the mirrors. Here is my mrepo configuration. [main] hardlink = yes srcdir = /mnt/kickstart wwwdir = /mnt/kickstart confdir = /etc/mrepo.conf.d arch = x86_64 mailto = [EMAIL PROTECTED] smtp-server = localhost [centos5] name = CentOS $release ($arch) release = 5.1 arch = x86_64 metadata = repomd yum repoview ### Additional repositories updates = http://mirror.centos.org/centos/5.1/updates/$arch/ fasttrack = http://mirror.centos.org/centos/5.1/fasttrack/$arch/ centosplus = http://mirror.centos.org/centos/5.1/centosplus/$arch/ extras = http://mirror.centos.org/centos/5.1/extras/$arch/ addons = http://mirror.centos.org/centos/5.1/addons/$arch/ ### RPMforge repository rpmforge = http://rh-mirror.linux.iastate.edu/pub/dag/redhat/el5/en/$arch/dag/ Thanks, Vasiliy On Tue, Mar 4, 2008 at 2:46 PM, Rudi Ahlers [EMAIL PROTECTED] wrote: Dag Wieers wrote: On Tue, 4 Mar 2008, Rudi Ahlers wrote: I have got CentOS 5.0 i386 x86_64 DVD's, and CentOS 5.1 i386 x86_64 CD1, where do I copy these? I have setup /etc/mrepo.conf.d/centos5.conf with both i386 x86_64 arch, but how will mrepo know that CentOS 5.0 CentOS 5.1 are different? Wrong mailinglist, please move this to [EMAIL PROTECTED] Answer: If you want support for both CentOS 5.0 and CentOS 5.1, you need to create 2 config files, one for each. (You could also put them in the same) centos-5.0.conf and centos-5.1.conf If you also want the extra repositories on both, you can work with internal links, or download it twice. Thanx, I figured as much, seeing that each version has it's own repo on the mirrors. I have run mrepo -vv -u to see what it does, but it seems like it's going to download every file from the CentOS repositories. Where do I copy the rpm's that I have already downloaded to? For example, all the rpm's in /var/cache/*/packages folders? The location is in /etc/mrepo.conf defined as srcdir = /var/mrepo. You can opt to change this to wherever you want, or make a symlink from /var/mrepo to wherever you want. There is a strict structure underneath that directory. I have already changed that to my network shared folders, and I'm busy downloading the scripts now. Am I on the right track if I copy files from existing servers / machines' /var/cache/yum/*/packages to the corresponding folders on in the mrepo source folders? Another way to find the answer to this question is to run mrepo with more -v's like mrepo -v, so that you can exactly see what it is doing. Or you could opt to read the documentation that ships with mrepo that explains all of this as well. -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stugg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] test
hello everyone, i just signed up onto the mailing list, testing. nice to meet you all! JC ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] test
J C wrote: hello everyone, i just signed up onto the mailing list, testing. nice to meet you all! JC ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos got it :) -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stugg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Sendmail novrfy filter by ip address?
on 3-25-2008 7:18 AM Sean Carolan spake the following: I have a virus and spam filter device that can do VRFY commands to reject invalid email before it gets to the next mail hop. How can I configure the SMTP server to only allow VRFY commands from one particular IP address, and nowhere else? I don't want spammers to be able to hammer on the gateway looking for valid addresses to send to. Block the outside world from reaching anything but the filter by firewall or other means. Otherwise the spammers will find it and go around your filter. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Securing SSH
So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
iptables, disallow root login via ssh, no valid shell for users that don't need one, strong passwords, keys would be a good start. Mike On Tue, Mar 25, 2008 at 11:48 AM, Tim Alberts [EMAIL PROTECTED] wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos 1. Change the default port 2. use only SSH protocol 2 3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts 4. ONLY allow SSH access from your IP, if it's static. Or signup for a DynDNS account, and then only allow SSH access from your DynDNS domain -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stugg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Rudi Ahlers wrote: Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos 1. Change the default port 2. use only SSH protocol 2 3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts 4. ONLY allow SSH access from your IP, if it's static. Or signup for a DynDNS account, and then only allow SSH access from your DynDNS domain Fail2Ban is a good brute force protector. It works in conjunction with IPTables to block IPs that are attacking for a said duration of time. :) -- James A. Peltier Technical Director, RHCE SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus Phone : 778-782-3610 Fax : 778-782-3045 Mobile : 778-840-6434 E-Mail : [EMAIL PROTECTED] Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca MSN : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. actually, those 'attempts' are coming from virus infected systems which randomly probe for SSH servers.they try the same sorry 10 or 15 accounts with the same lame 10 or 15 passwords, so its really just an annoyance if you're anal about logwatch output. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. FYI, here's a list of the losers (so far). I suggest everyone wish horrible things happen to these people. *201.70.39.3 **201.6.116.177 **200.161.198.16 **164.164.33.73 **66.114.252.200 **24.202.149.253 **218.201.147.80 **200.42.174.109 **128.135.195.122 **67.19.188.210 **24.202.149.253 **203.82.65.252 **124.1.204.61 **210.206.124.211 **61.128.122.13 **202.106.62.197 * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
On Tue, Mar 25, 2008 at 12:48 PM, Tim Alberts [EMAIL PROTECTED] wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? DenyHosts - http://denyhosts.sourceforge.net/ Also, when you set it up, set it to download the lists from their website. These lists are IPs that other users have found scanning their network. -- -matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Mike Kercher wrote: iptables, disallow root login via ssh, no valid shell for users that don't need one, strong passwords, keys would be a good start. Mike iptables..add the ip of the attack source to reject? They keep moving IP, this is very time consuming (but I am doing it). I don't allow root login. I think I got a good password, and I got keys setup so I know I'm talking to my server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Rudi Ahlers wrote: Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos 1. Change the default port I could do that, but if they already know about it, a simple port scan and they'll probably find it again. Plus I gotta go tell all my client programs the new port and I don't know how to do that on most of them (what a hassle). 2. use only SSH protocol 2 got it. 3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts The only software I know that could do this isn't supported anymore (trisentry) or is too confusing and I don't know it yet (snort). Suggestions? 4. ONLY allow SSH access from your IP, if it's static. Or signup for a DynDNS account, and then only allow SSH access from your DynDNS domain Yeah my home account is on dynamic IP. I'd love to setup the firewall to only allow my home computer. You're talking about these guys? http://www.dyndns.com/ never used them before, but it looks like a good idea. Especially since it's free (for 5 hosts) if I read correctly. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
1. Change the default port I could do that, but if they already know about it, a simple port scan and they'll probably find it again. Plus I gotta go tell all my client programs the new port and I don't know how to do that on most of them (what a hassle). If you're talking about people who are just scanning your machine and then doing brute force on the port, changing the port likely will solve that since these are just automated robots. A human might actually do a portscan, but just a port change will probably stop your security logs from going crazy. Of course the hassle part may be a show-stopper here. :) 2. use only SSH protocol 2 got it. 3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts The only software I know that could do this isn't supported anymore (trisentry) or is too confusing and I don't know it yet (snort). Suggestions? denyhosts is pretty widely used. You could probably also make use of iptables. 4. ONLY allow SSH access from your IP, if it's static. Or signup for a DynDNS account, and then only allow SSH access from your DynDNS domain Yeah my home account is on dynamic IP. I'd love to setup the firewall to only allow my home computer. You're talking about these guys? http://www.dyndns.com/ never used them before, but it looks like a good idea. Especially since it's free (for 5 hosts) if I read correctly. Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You could consider to disallow password access. Use only public key authentication. The attacks will remain, but can never succeed. (The scripts are not smart so they keep trying for hours sometimes) sshd_config: PasswordAuthentication no Now create a public/private ssh keypair and put the public key in ~/.ssh/authorized_keys on the remote machine. # local machine* ssh-keygen -t dsa* *scp** ~/.ssh/id_dsa.pub remote_host:.ssh/authorized_keys *# remote host* **chmod 600 ~/.ssh/authorized_keys chmod 700 ~/.ssh * To be really save, only allow access from a limited number of IP addresses: ** cat ~/.ssh/authorized_keys from=123.345.133.123,home.com,work.com ssh-dss B3NzaC1kc3MAsnipAqNY= [EMAIL PROTECTED] Theo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: I got keys setup so I know I'm talking to my server. This is probably not what he meant. You can use a key pair to authenticate with the SSH server and turn off password authentication entirely. That makes password guessing attacks utterly impossible, because the server will only accept a response signed with your private key. ssh-keygen -t rsa or ssh-keygen -t dsa generates a key pair. Do this on your local machine, and append the contents of your $HOME/.ssh/id_rsa.pub (or id_dsa if you chose DSA instead of RSA) to your $HOME/.ssh/authorized_keys file on the remote system. This method is somewhat more complicated to setup, since all users must have public keys in their $HOME/.ssh/authorized_keys file, or they can't login. Regards Ingemar ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
AW: [CentOS] Securing SSH
So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos # - Try to get a static ip from your isp and configure your Firewall only to allow Ssh-Traffic from your static IP-Adress - Take a closer look at FailBan to prevent Dictionary Attacks on well known Usernames - Ignore these poor souls (if they have one) Regards Marc Rebischke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
On Tue, Mar 25, 2008 at 09:48:17AM -0700, Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? This is what I do. http://wiki.xdroop.com/space/Linux/Limited+SSH+Access -- /\oo/\ / /()\ \ David Mackintosh | [EMAIL PROTECTED] | http://www.xdroop.com pgpDF8dtEQcUQ.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Commands failing silently?
William L. Maltby wrote: On Mon, 2008-03-24 at 16:19 -0500, Dan Bongert wrote: mouss wrote: Dan Bongert wrote: Hello all: snip Though 'ls' was just an example -- just about any program will fail. The 'w' command will fail too: thoth(118) /tmp w 16:06:51 up 5:34, 1 user, load average: 0.94, 1.46, 2.04 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT dbongert pts/0copland.ssc.wisc 14:160.00s 0.22s 0.05s w thoth(119) /tmp w 16:06:52 up 5:34, 1 user, load average: 0.94, 1.46, 2.04 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT dbongert pts/0copland.ssc.wisc 14:160.00s 0.22s 0.05s w thoth(120) /tmp w thoth(121) /tmp w Hmmm... Sure it's failing? Maybe just the output is going somewhere else? After the command runs, what does echo $? show? Does it even work? Echo is a bash internal command, so I would expect it to never fail. Ok, it's definitely getting an error from somewhere: thoth(3) /tmp ls thoth(4) /tmp echo $? 141 Although: thoth(31) ~ top thoth(32) ~ echo $? 0 What is your output device? A serial terminal? If so, could be simple flow control issues. In fact, any serial connection (even a PC emulating a terminal) could suffer from flow control problems. And they would tend to be erratic in nature. I'm usually sshing into the machine, but I've also experienced the problem on the console. If you are on a normal console, try running the commands similart to this (trying to determine if *something* else is receiving output or not) your command /dev/tty if this works reliably, maybe that's a starting point. Nope, that fails intermittently as well. There's a couple kernel guys who frequent this list. Maybe one of them will have a clue as to what could go wrong. Corrupted libraries and whatnot. You might try that rpm -V command earlier against all packages (add a a IIRC). Maybe some library accessed by the coreutils, but which is not itself part of coreutils, is corrupt. Hmmwhen I do a 'rpm -Va', I get lots of at least one of file's dependencies has changed since prelinking errors. Even if I run prelink manually, and then do a 'rpm -Va' immediately afterwards. -- Dan Bongert [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: iptables..add the ip of the attack source to reject? They keep moving IP, this is very time consuming (but I am doing it). ... stop thinking 'they', that implies theres someone intentionally targetting you. its just viruses randomly squirting out connection requests from 1000s of infected hosts around the world. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
David Mackintosh wrote: On Tue, Mar 25, 2008 at 09:48:17AM -0700, Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? This is what I do. http://wiki.xdroop.com/space/Linux/Limited+SSH+Access That sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
John R Pierce wrote: Tim Alberts wrote: iptables..add the ip of the attack source to reject? They keep moving IP, this is very time consuming (but I am doing it). ... stop thinking 'they', that implies theres someone intentionally targetting you. its just viruses randomly squirting out connection requests from 1000s of infected hosts around the world. Oh no..they're out there. They're watching us now. They know we're talking about them. :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim Alberts wrote: David Mackintosh wrote: On Tue, Mar 25, 2008 at 09:48:17AM -0700, Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? This is what I do. http://wiki.xdroop.com/space/Linux/Limited+SSH+Access That sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? ___ Why? What is on that site which is very specific to the setup? -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stugg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tony Placilla [EMAIL PROTECTED] Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University On Tue, Mar 25, 2008 at 12:48 PM, in message [EMAIL PROTECTED], Tim Alberts [EMAIL PROTECTED] wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? I am subject to this on an all too frequent basis. Here's what we've put in place that seems to work. DenyHosts. It's available through the rpmforge (or Dag's) repo. Just be sure you edit the config to allow SNYC_DOWNLOAD create an appropriate allowed.hosts file based upon your needs. sshd in protocol 2 privilege separation no root logins and a nifty little PAM trick is to create a group called ssh_users and those that should be able to access the server are put into that as their supplementary group. Edit sshd_config add AllowGroups ssh_users it's part parcel of the whole layered security idea it's cut the noise in my logs down by 99.9% plus I sleep better :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Rudi Ahlers wrote: Tim Alberts wrote: ... sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? ___ Why? What is on that site which is very specific to the setup? he's referring to YOUR controlling webpage, which they refer to as my-sshd-access.php there. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
John R Pierce wrote: Rudi Ahlers wrote: Tim Alberts wrote: ... sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? ___ Why? What is on that site which is very specific to the setup? he's referring to YOUR controlling webpage, which they refer to as my-sshd-access.php there. ___ aah ok. But that's something he should either not use if necessary, or rather secure with a .htaccess password. -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stugg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Tape Drive and Bacula issue
I posted this in the Bacula list without success so I hope I might have some luck here. Btape and mt can access my DDS-3 Seagate Archive Python 06480-xxx tape drive but Bacula tray-mon ends up finally stating that it cannot open device /dev/nst0? That is the device string that I use to access the drive, oddly enough it also suggest the SD could not open the one file based storage location I have either, yet I can Label new media and I see it appears in the directory? I installed from RPM's. Anyone got any ideas or pointers they could suggest? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Securing SSH
on 3-25-2008 11:28 AM Tim Alberts spake the following: David Mackintosh wrote: On Tue, Mar 25, 2008 at 09:48:17AM -0700, Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? This is what I do. http://wiki.xdroop.com/space/Linux/Limited+SSH+Access That sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? Not really. Anyone who finds that page is only allowed to try and access ssh port. You still need valid key/password and proper knowledge of the port. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
On Tue, Mar 25, 2008 at 11:28:45AM -0700, Tim Alberts wrote: http://wiki.xdroop.com/space/Linux/Limited+SSH+Access That sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? Strictly speaking, yes; however in practice, the number of bots (or, indeed, external users who are not me) who the magic web page to hit (my actual page is not named as the example on the web page is!) before attacking the ssh connection is zero; therefore since the goal was to prevent stupid robots from brute-forcing my ssh and filling my logs, it isn't necessary. I mean, strictly speaking you'd next have to insist on a proper SSL connection to the web server, otherwise you are at risk of someone sniffing the username and password used in the .htaccess process. And then after that, you'd have to insist on some kind of security on the remote system to ensure that your passwords are not being captured. Etc, etc. -- /\oo/\ / /()\ \ David Mackintosh | [EMAIL PROTECTED] | http://www.xdroop.com pgpheBd6M3mv6.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Securing SSH
on 3-25-2008 11:46 AM Rudi Ahlers spake the following: John R Pierce wrote: Rudi Ahlers wrote: Tim Alberts wrote: ... sounds great for getting around a remote dynamic IP address, but some more authentication/security on that web page is necessary, otherwise, anyone who finds that web page is given access? ___ Why? What is on that site which is very specific to the setup? he's referring to YOUR controlling webpage, which they refer to as my-sshd-access.php there. ___ aah ok. But that's something he should either not use if necessary, or rather secure with a .htaccess password. Or just hide it and not name it my-sshd-access.php. It is difficult to find a web page you don't know exists if directory listing is off. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
On Tuesday 25 March 2008 17:00:18 James A. Peltier wrote: Fail2Ban is a good brute force protector. It works in conjunction with IPTables to block IPs that are attacking for a said duration of time. And I can confirm that it's a doddle to set up. The defaults were fine for me - nothing needed changing at all. Anne signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Commands failing silently?
On Tue, 2008-03-25 at 13:21 -0500, Dan Bongert wrote: William L. Maltby wrote: On Mon, 2008-03-24 at 16:19 -0500, Dan Bongert wrote: mouss wrote: Dan Bongert wrote: Hello all: snip Though 'ls' was just an example -- just about any program will fail. The 'w' command will fail too: snip Hmmm... Sure it's failing? Maybe just the output is going somewhere else? After the command runs, what does echo $? show? Does it even work? Echo is a bash internal command, so I would expect it to never fail. Ok, it's definitely getting an error from somewhere: thoth(3) /tmp ls thoth(4) /tmp echo $? 141 Although: thoth(31) ~ top ~ ? Got me on that one. thoth(32) ~ echo $? 0 Ditto. Although I should mention that unless you man bash and find the magic incantation I can't remember that gets return codes from a pipeline (if that's what ~ is supposed to be), the return from the last command in the pipeline is what's returned. If echo is from bash, as I expected, it should not fail and should return a 0 code regardless of what happened ahead of it. Your best tack is simplicity: one command, no pipes, just redirect output with like so cat your file /tmp/test.out Then you can see if the output file has greater than zero length, use vim on in (if that works), etc. snip possibility of serial connection I'm usually sshing into the machine, but I've also experienced the problem on the console. Ssh via e'net or serial? On the console, is the failure as reliable or less frequent? If you are on a normal console, try running the commands similart to this (trying to determine if *something* else is receiving output or not) your command /dev/tty if this works reliably, maybe that's a starting point. Nope, that fails intermittently as well. I would surmise that means that basic kernel operations are good and there is some common library routine involved. There's a couple kernel guys who frequent this list. Maybe one of them will have a clue as to what could go wrong. Corrupted libraries and whatnot. You might try that rpm -V command earlier against all packages (add a a IIRC). Maybe some library accessed by the coreutils, but which is not itself part of coreutils, is corrupt. Hmmwhen I do a 'rpm -Va', I get lots of at least one of file's dependencies has changed since prelinking errors. Even if I run prelink manually, and then do a 'rpm -Va' immediately afterwards. Well, I'd man rpm (no, I don't hate you, but I don't do rpm stuff enough to remember it all and *I* am not going to man rpm unless I suddenly become quite masochistic :-), select some promising looking options and run it again, redirecting output to a file you can examine (possibly have to get it to a machine that works reliably - man nc someone mentioned in another thread looks like a useful tool). You want to get the diagnostic output from rpm and see what files it complains about. The ones tagged with a c are config files and will often show up there. If your system hasn't been compromised, it's safe to ignore these. Examine all the ones that were unexpectedly tagged and see if there is a pattern. If your HDs are smart, maybe a smartctl -l more params will identify some sectors gone bad in a critical area of your HD. I don't have a clue why right after prelink is run the rpm would claim they had been changed, unless it's a matter of the rpm data base has not yet been updated. I don't know how it all works together. Maybe the rpm update runs at night or something? WHERE'S THE KNOWLEDGEABLE FOLKS WHEN NEEDED? It's the blind leading the blind ATM. 8-O HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Securing SSH
Scott Silva wrote: Or just hide it and not name it my-sshd-access.php. It is difficult to find a web page you don't know exists if directory listing is off. if you post your weblogs online, perhaps via an analysis package such as Analog, DO be sure to exclude this file :) I often create a hidden folder on my websites, named .secret or something, and have any logging of activity in that folder directed to a different private and secure log ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
Tim, The important ones, imho -- 1. disallow root login 2. disallow password authentication (use keys, as someone else has described) 3. prevent multiple failed attempts using iptables: # Log and block repeated attempts to access SSH # See /proc/net/ipt_recent file for low-level data # Block attempts to access SSH if 4 or more attempts made in the last 60 secs -A RH-Firewall-1-INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set -A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m recent --name sshattack --rcheck --seconds 60 --hitcount 4 -j LOG --log-prefix SSH REJECT: -A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m recent --name sshattack --rcheck --seconds 60 --hitcount 4 -j REJECT 4. if possible, limit ssh access to your static ip. That all seems reasonably secure to me! Liam Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Liam Kirsher PGP: http://liam.numenet.com/pgp/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rejecting valid mail (including this mailing list)
Recently, I added the below line to my sendmail.mc and rebuilt. Everything was working just fine until sometime today. In looking over the maillog, it seems if almost every piece of mail was rejected because of this configuration - mail that I know is OK, valid, and not a source of spam, like tamu.edu. Not only that, but the mailing list from centos was being rejected as well. Anyone know what might be happening? One link I ran across said that ordb.org went out of business or stopped their service in Dec of '06. If that's the case, why is their info still being listed in some of the sendmail configs, and others still advertising it's use. dnl # FEATURE(`dnsbl', `relays.ordb.org', `550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected;')dnl Sam ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rejecting valid mail (including this mailing list)
Sam Drinkard wrote: One link I ran across said that ordb.org went out of business or stopped their service in Dec of '06. If that's the case, why is their info still being listed in some of the sendmail configs, and others still advertising it's use. dnl # FEATURE(`dnsbl', `relays.ordb.org', `550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected;')dnl host relays.ordb.org comes back with Host relays.ordb.org not found: 3(NXDOMAIN) So yes, that blacklist isn't there anymore. Why sendmail choses to block mails when the dnsbl isn't reachable should be asked on some sendmail related list. But: If you plan to use blacklists, you *really* should know *why* the blacklist blocks *what* *when*, as you are letting *others* decide on what to do with your mails. Which - IMNSHO - is plain stupid. So if you don't know what the blacklist is doing: DO NOT USE IT. And if you're not really really really sure what you are doing regarding that: Don't do it. Cheers, Ralph pgpyJXtGlnPx3.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: News Groups (local) mirrored with mailinglists
Hi, i want to know - how synchronization mailinglist news works . I can set a name of a news group for mailinglist in mailman. Is it all that is necessary to do? I do understand one way - from mailman to news server, but what about the other side? How can i achieve it? Hope it is understable ... Mailman + INN My next question talks about INN f and pam authentification (pam ldap). Am i able to configure access to particular groups for particular users? (like user joe will have acces to com.disc and com.dad , and user ivan will have access only to com.disc ) ? Thanks in advance! Davic On Mon, Feb 4, 2008 at 4:36 PM, David Hláčik [EMAIL PROTECTED] wrote: Hi to all , i am looking for a solution to provide : News Groups (local) mirrored with mailinglistsn a Best solution i see is INN + mailman. What i am looking for is some script which will make my life easier. I want to be able to automatically create News Group with same Mailinglist name . I want to be able to have a user -based access to a particular news groups. Thanks in advance! David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rejecting valid mail (including this mailing list)
On Tue, 2008-03-25 at 18:03 -0400, Sam Drinkard wrote: Recently, I added the below line to my sendmail.mc and rebuilt. Everything was working just fine until sometime today. In looking over the maillog, it seems if almost every piece of mail was rejected because of this configuration - mail that I know is OK, valid, and not a source of spam, like tamu.edu. Not only that, but the mailing list from centos was being rejected as well. Anyone know what might be happening? One link I ran across said that ordb.org went out of business or stopped their service in Dec of '06. If that's the case, why is their info still being listed in some of the sendmail configs, and others still advertising it's use. dnl # FEATURE(`dnsbl', `relays.ordb.org', `550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected;')dnl http://it.slashdot.org/article.pl?sid=08/03/25/2124224 -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] PLEASE don't CC me; I'm already subscribed signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] AltGr over vnc not working
I notice that when I connect from a Windows VNC client (any VNC distribution it seems) to the Centos desktop (Gnome) I cannot send AltGr key combinations. The vncserver on the CentOS side is vino from Gnome. I cannot check if the same happens when connecting from a CentOS machine to a CentOS machine, but it looks more like Gnome simply ignores AltGr when sent over VNC. Why would it do this? Where might I be able to change this? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum: removing Java group fails
I did a yum groupremove Java and that failed somehow. Yum listed all group members as erased, but some rpm packages failed because of missing config files or so. As a result none of the 50 packages were removed from the rpm database, but all of their files seem to have been removed. How can I clean them out from the rpm db? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum: removing Java group fails
On Wed, 2008-03-26 at 01:09 +0100, Kai Schaetzl wrote: I did a yum groupremove Java and that failed somehow. Yum listed all group members as erased, but some rpm packages failed because of missing config files or so. As a result none of the 50 packages were removed from the rpm database, but all of their files seem to have been removed. How can I clean them out from the rpm db? rpm -e --justdb some_package rpm --help Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Automount CIFS share in CentOS 5.1
I am looking online trying to find a procedure to automount a CIFS share but need to use username/domain/pass in the credential file thats referenced in fstab. Its not working, anyone know of a resource that works in CentOS5.1? If it matters, the unc has a dash and a $ in it, and the password has special characters in it. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing SSH
On Tuesday 25 March 2008 12:55, Rudi Ahlers wrote: Tim Alberts wrote: So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos 1. Change the default port Is an option but a waste of time as a scanner will find the port it was moved to. 2. use only SSH protocol 2 Agree 3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts Fail2ban comes to mind. 4. ONLY allow SSH access from your IP, if it's static. Or signup for a DynDNS account, and then only allow SSH access from your DynDNS domain I would suggest using keys for logins. No password needed and if the connecting machine doesn't have the key they don't get a chance to guess at the password. The idea of only allowing for strict ip address is good but what if you are on the move? Now you cannot log in either, but if you are using a key no matter where you are you have access. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RE: Tape Drive and Bacula issue
I posted this in the Bacula list without success so I hope I might have some luck here. Btape and mt can access my DDS-3 Seagate Archive Python 06480-xxx tape drive but Bacula tray-mon ends up finally stating that it cannot open device /dev/nst0? That is the device string that I use to access the drive, oddly enough it also suggest the SD could not open the one file based storage location I have either, yet I can Label new media and I see it appears in the directory? I installed from RPM's. Anyone got any ideas or pointers they could suggest? Thanks! jlc Based on an off list pointer, I am pointing out that it is CentOS 5.1 I am using. Also confusing the Hardware applet shows the device (A single tape drive) as device name /dev/sg0? Thanks, jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Commands failing silently?
Dan Bongert wrote: mouss wrote: Dan Bongert wrote: Hello all: I have a couple CentOS 4 servers (all up-to-date) that are having strange command failures. I first noticed this with a perl script that uses lots of system calls. thoth(66) /tmp uname -a Linux thoth.ssc.wisc.edu 2.6.9-67.0.7.ELsmp #1 SMP Sat Mar 15 06:54:55 EDT 2008 i686 i686 i386 GNU/Linux Nothing in either dmesg or /var/log/messages seems to indicate any problems. It also doesn't seem to matter what the command is -- ls is the quickest test, but sshd will sometimes to fail to spawn children, etc. There aren't a large amount of processes on the machine either -- only 122 at the moment. Has anyone seen this behavior before? Have I been hit with some sort of cunning rootkit? This machine shouldn't be publicly accessible; it's behind our firewall. where is /tmp mounted? is this an external disk (usb, ...)? is it an nfs mount? It's a local disk: thoth(97) /tmp df -h . FilesystemSize Used Avail Use% Mounted on /dev/md4 16G 77M 15G 1% /tmp Though 'ls' was just an example -- just about any program will fail. The 'w' command will fail too: maybe check your PATH. try $ /bin/ls thoth(118) /tmp w 16:06:51 up 5:34, 1 user, load average: 0.94, 1.46, 2.04 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT dbongert pts/0copland.ssc.wisc 14:160.00s 0.22s 0.05s w thoth(119) /tmp w 16:06:52 up 5:34, 1 user, load average: 0.94, 1.46, 2.04 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT dbongert pts/0copland.ssc.wisc 14:160.00s 0.22s 0.05s w thoth(120) /tmp w thoth(121) /tmp w ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NTFS-3G Support for CentOS 5.1 Live
I have been trying to mount my NTFS hard disk using the CentOS 5.1 Live USB pendrive I created from the LiveCD. I did an fdisk-l and see the partition as /dev/sdb1, but when I try to mount it, I get an error stating that NTFS is an unknown filesystem type. I attempted to install the ntfs-3g and fuse rpms, without any success (there were numerous dependancies and could not get libc to install).. Has anyone been able to successfully RW mount an NTFS filesystem using an USB install, if its even possible, that is? If not, are there any plans to include NTFS-3G support in the next release of the Live CD? Thanks! Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] swat is now broken
seems to mess up the pam for swat. [EMAIL PROTECTED] security]# rpm -qf /etc/pam.d/samba samba-3.0.25b-1.el4_6.4 [EMAIL PROTECTED] security]# cat /etc/pam.d/samba #auth required/lib/security/pam_stack.so service=system-auth #accountrequired/lib/security/pam_stack.so service=system-auth authrequiredpam_stack.so service=system-auth account requiredpam_stack.so service=system-auth and now it works See below for debug/effort == /var/log/messages == Mar 24 09:50:58 host67 swat[26626]: PAM unable to dlopen(/lib/security/pam_stack.so) Mar 24 09:50:58 host67 swat[26626]: PAM [dlerror: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory] Mar 24 09:50:58 host67 swat[26626]: PAM adding faulty module: /lib/security/pam_stack.so Mar 24 09:50:58 host67 swat[26626]: [2008/03/24 09:50:58, 0] auth/pampass.c:smb_pam_auth(534) Mar 24 09:50:58 host67 swat[26626]: smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user root Mar 24 09:50:58 host67 swat[26626]: [2008/03/24 09:50:58, 0] auth/pampass.c:smb_pam_passcheck(809) Mar 24 09:50:58 host67 swat[26626]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root ! [EMAIL PROTECTED] ~]# rpm -ql pam | grep stack /lib64/security/pam_stack.so /usr/share/doc/pam-0.77/txts/README.pam_stack /usr/share/man/man8/pam_stack.8.gz [EMAIL PROTECTED] ~]# up2date --whatprovides /lib/security/pam_stack.so pam-0.77-66.23.i386 [EMAIL PROTECTED] ~]# rpm -q pam pam-0.77-66.23 [EMAIL PROTECTED] ~]# uname -a Linux host67.1.internal.pdinc.us 2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 26 14:14:47 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux [EMAIL PROTECTED] ~]# up2date -u pam Fetching Obsoletes list for channel: centos4-Base... Fetching Obsoletes list for channel: centos4-Updates... Fetching Obsoletes list for channel: centos4-extras... Fetching Obsoletes list for channel: centos4-addons... Fetching rpm headers... NameVersionRel -- All packages are currently up to date [EMAIL PROTECTED] ~]# up2date -u pam --arch=i386 Fetching Obsoletes list for channel: centos4-Base... Fetching Obsoletes list for channel: centos4-Updates... Fetching Obsoletes list for channel: centos4-extras... Fetching Obsoletes list for channel: centos4-addons... Fetching rpm headers... NameVersionRel -- pam 0.77 66.23 i386 Testing package set / solving RPM inter-dependencies... Downloading headers to solve dependencies... ### Downloading headers to solve dependencies... audit-libs-1.0.15-3.el4_6.1 ## Done. audit-libs-1.0.15-3.el4_6.1 ## Done. cracklib-2.8.9-1.3.i386.rpm ## Done. cracklib-2.8.9-1.3.i386.rpm ## Done. glib2-2.4.7-1.i386.rpm: ## Done. glib2-2.4.7-1.i386.rpm: ## Done. pam-0.77-66.23.i386.rpm:## Done. pam-0.77-66.23.i386.rpm:## Done. cracklib-dicts-2.8.9-1.3.i3 ## Done. cracklib-dicts-2.8.9-1.3.i3 ## Done. Preparing ### [100%] Installing... 1:glib2 ### [100%] 2:audit-libs ### [100%] 3:cracklib ### [100%] 4:cracklib-dicts ### [100%] 5:pam### [100%] The following packages were added to your selection to satisfy dependencies: NameVersionRelease -- audit-libs 1.0.15 3.el4_6.1 cracklib2.8.9 1.3 glib2 2.4.7 1 cracklib-dicts 2.8.9 1.3 [EMAIL PROTECTED] ~]# tail -f /var/log/messages Mar 25 19:26:17 host67 swat[5003]: PAM unable to dlopen(/lib/security/pam_stack.so) Mar 25 19:26:17 host67 swat[5003]: PAM [dlerror: /lib/security/pam_stack.so: cannot open shared object file: No such file or directory] Mar 25 19:26:17 host67 swat[5003]: PAM adding faulty module: /lib/security/pam_stack.so Mar 25 19:26:17 host67 swat[5003]: [2008/03/25 19:26:17, 0]
Re: [CentOS] Commands failing silently?
Hi, On Tue, Mar 25, 2008 at 2:21 PM, Dan Bongert [EMAIL PROTECTED] wrote: thoth(3) /tmp ls thoth(4) /tmp echo $? 141 141 is SIGPIPE. If the process is killed by a signal, the return code will be 128+signal number. 141-128=13, and kill -l says: 13) SIGPIPE. SIGPIPE means that something that ls is writing to is being closed. That's really strange, and I couldn't find why. I still think strace would be the best way to trace it. Please try: # rm -f /tmp/ls-strace.txt; strace -o /tmp/ls-strace.txt -tt -s 1024 -f ls --color=tty Repeat it until ls doesn't print anything. Then less your /tmp/ls-strace.txt file, you'll probably have something like +++ killed by SIGPIPE +++ as the last line of it. Then try to figure out what happened before it got the SIGPIPE. Probably a write to something, try to figure out to which file descriptor. If you can't do it, try to post the last few lines of the file here. Also, can you post the output of this command? # ls -la /proc/$$/fd/ Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTFS-3G Support for CentOS 5.1 Live
Hi, On Tue, Mar 25, 2008 at 10:19 PM, Mark Rose [EMAIL PROTECTED] wrote: I attempted to install the ntfs-3g and fuse rpms, without any success (there were numerous dependancies and could not get libc to install).. You shouldn't try to compile it, just get the RPM for fuse-ntfs-3g from Rpmforge. It works like a charm. If you need help to setup Rpmforge, look here: http://wiki.centos.org/Repositories/RPMForge Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos