date:20110508

A bit OT, but I'm running CentOS-5.6 on this machine
(in fact on two of them)
and it seems to run perfectly -
I've had no problems at all.

Except that I'd like to add a second ethernet port,
and am not sure where one can find a card that will fit this machine.
As far as I can see, it requires a half-height PCIe card,
which seems to be rather a rare animal.
(There doesn't seem to be a standard for the backplate.)

So I'm wondering if anyone has tried this?
Incidentally, is there a forum anywhere 
for users of the MicroServer under Linux?

(The machine is unbelievably cheap at the moment,
due to a bizarre cashback offer from HP.)

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] EL 6 rollout strategies? (Scientific Linux)

2011-05-08 Thread R P Herrold

On Sat, 7 May 2011, Ljubomir Ljubojevic wrote:

 in-place upgrade of C5 to C6 will be most likely impossible. To many
 changes of how thing work.

In local testing built from the anaconda and related sources 
that will become CentOS 6, the offer to upgrade an existing 
install is made during a media based install.  As I was not 
interested in upgrading a random drive pulled from my 'scratch 
pool', I did a wipe and fresh partition and install ;)

Particularly difficult to me seems to be the 'ext4' conversion 
from lower numbered versions with an 'in place' upgrade

-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

On 05/08/11 6:53 AM, Timothy Murphy wrote:
 A bit OT, but I'm running CentOS-5.6 on this machine
 (in fact on two of them)
 and it seems to run perfectly -
 I've had no problems at all.

 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.)

low profile is the buzzword, and there's lots of them.   for example...
http://www.intel.com/products/server/adapters/pro1000pt/pro1000pt-overview.htm

or a dual port equivalent
http://www.intel.com/products/server/adapters/pro1000pt-dualport/pro1000pt-dualport-overview.htm


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

2011-05-08 Thread Ryan Wagoner

On Sun, May 8, 2011 at 9:53 AM, Timothy Murphy gayle...@eircom.net wrote:
 A bit OT, but I'm running CentOS-5.6 on this machine
 (in fact on two of them)
 and it seems to run perfectly -
 I've had no problems at all.

 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.

A number of cards come with a changeable plate to make them half
height. Below are links to Intel desktop and server cards.

http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
http://www.newegg.com/Product/Product.aspx?Item=N82E16833106011
http://www.newegg.com/Product/Product.aspx?Item=N82E16833106035

Ryan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to add a HD to a LVM

2011-05-08 Thread Todd Cary


On 5/8/2011 12:03 AM, Ken Smith wrote:

 Todd Cary wrote:
 I have connected a HD that was a prior system drive (Centos 4.8)
 and I am not sure of the command line procedures to find out if
 it is recognized (I believe it is since it present in the GUI),
 delete all data on it and finally add it to the LVM.

 I would like to use it as a backup data drive.

 Todd


 This is an excellent tutorial on LVM.

 http://tldp.org/HOWTO/LVM-HOWTO/

 Are you planning to join it to an existing Volume Group and then create
 a LV on it for backup? My preference would be to keep things simple and
 to aid recovery in the future, maybe just format the disk ext3 for
 backup. Then it is easy to plug into another box for recovery. But, I'm
 just guessing how you plan to use it.

 Ken

Ken -

Thank you for your response.  What you suggested is exactly what 
I would like to do: have an extra, stand alone, drive for 
backup.  However, when I do

fdisk -l

I get the output below which has me concerned.  As a Sunday 
afternoon user of Centos, I am not 100% sure of my 
interpretation - that is - the drive is already been joined as 
part of the LVM even though all I did was to plug it in as a slave.

My installation of Centos 5.5 is new and I do not remember 
specifying LVM (though that is what I had with my 4.8 system).  
The /dev/hdc (250 GB) is the new system drive.  The /dev/hdd is 
the old Centos 4.8 drive that I would like to have as an 
independent drive e.g. /dev/hda or whatever it needs to be.

What I DO NOT want to happen is for me to accidentally mess up my 
new Centos 5.5 system :-)!!

Questions:

* Is it possible to remove /dev/hdd from the LVM - at least it 
appears to be part of it
* Once removed, format it as EXT3 and mount it as /dev/hda (or 
/dev/hdd)

For this I am swimming in unknown waters.

Todd

Disk /dev/hdc: 251.0 GB, 251000193024 bytes
255 heads, 63 sectors/track, 30515 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot  Start End  Blocks   Id  System
/dev/hdc1   *   1  13  104391   83  Linux
/dev/hdc2  14   30515   245007315   8e  Linux LVM

Disk /dev/hdd: 163.9 GB, 163928604672 bytes
255 heads, 63 sectors/track, 19929 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot  Start End  Blocks   Id  System
/dev/hdd1   *   1  13  104391   83  Linux
/dev/hdd2  14   19929   159975270   8e  Linux LVM

Disk /dev/sda: 81.9 GB, 81964302336 bytes
255 heads, 63 sectors/track, 9964 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot  Start End  Blocks   Id  System
/dev/sda1   1996480035798+   7  HPFS/NTFS


-- 
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to add a HD to a LVM

2011-05-08 Thread Charlie Brune

On 05/08/2011 09:37 AM, Todd Cary wrote:
 On 5/8/2011 12:03 AM, Ken Smith wrote:
 Todd Cary wrote:
 I have connected a HD that was a prior system drive (Centos 4.8)
 and I am not sure of the command line procedures to find out if
 it is recognized (I believe it is since it present in the GUI),
 delete all data on it and finally add it to the LVM.

 I would like to use it as a backup data drive.

 Todd


 This is an excellent tutorial on LVM.

 http://tldp.org/HOWTO/LVM-HOWTO/

 Are you planning to join it to an existing Volume Group and then create
 a LV on it for backup? My preference would be to keep things simple and
 to aid recovery in the future, maybe just format the disk ext3 for
 backup. Then it is easy to plug into another box for recovery. But, I'm
 just guessing how you plan to use it.

 Ken

 Ken -

 Thank you for your response.  What you suggested is exactly what
 I would like to do: have an extra, stand alone, drive for
 backup.  However, when I do

 fdisk -l

 I get the output below which has me concerned.  As a Sunday
 afternoon user of Centos, I am not 100% sure of my
 interpretation - that is - the drive is already been joined as
 part of the LVM even though all I did was to plug it in as a slave.

 My installation of Centos 5.5 is new and I do not remember
 specifying LVM (though that is what I had with my 4.8 system).
 The /dev/hdc (250 GB) is the new system drive.  The /dev/hdd is
 the old Centos 4.8 drive that I would like to have as an
 independent drive e.g. /dev/hda or whatever it needs to be.

 What I DO NOT want to happen is for me to accidentally mess up my
 new Centos 5.5 system :-)!!

 Questions:

 * Is it possible to remove /dev/hdd from the LVM - at least it
 appears to be part of it
 * Once removed, format it as EXT3 and mount it as /dev/hda (or
 /dev/hdd)

 For this I am swimming in unknown waters.

 Todd

 Disk /dev/hdc: 251.0 GB, 251000193024 bytes
 255 heads, 63 sectors/track, 30515 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

  Device Boot  Start End  Blocks   Id  System
 /dev/hdc1   *   1  13  104391   83  Linux
 /dev/hdc2  14   30515   245007315   8e  Linux LVM

 Disk /dev/hdd: 163.9 GB, 163928604672 bytes
 255 heads, 63 sectors/track, 19929 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

  Device Boot  Start End  Blocks   Id  System
 /dev/hdd1   *   1  13  104391   83  Linux
 /dev/hdd2  14   19929   159975270   8e  Linux LVM

 Disk /dev/sda: 81.9 GB, 81964302336 bytes
 255 heads, 63 sectors/track, 9964 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

  Device Boot  Start End  Blocks   Id  System
 /dev/sda1   1996480035798+   7  HPFS/NTFS


For working with LVM's, I've found that the system-config-lvm GUI tool 
is excellent. It's really great for when I want to reduce a logical 
volume, since it handles resizing both the file system and the volume 
group for you).

It will display all of your drives/partitions and let you adjust them 
for what you describe.

Please take a look at it and feel free to post any questions.

Charlie

P.S. I'm a Unix Admin, so I love the command line ... this is one of the 
few times where I recommend a GUI tool over typing the commands.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to add a HD to a LVM

2011-05-08 Thread Todd Cary

On 5/8/2011 8:05 AM, Charlie Brune wrote:
 On 05/08/2011 09:37 AM, Todd Cary wrote:
 On 5/8/2011 12:03 AM, Ken Smith wrote:
 Todd Cary wrote:
 I have connected a HD that was a prior system drive (Centos 4.8)
 and I am not sure of the command line procedures to find out if
 it is recognized (I believe it is since it present in the GUI),
 delete all data on it and finally add it to the LVM.

 I would like to use it as a backup data drive.

 Todd


 This is an excellent tutorial on LVM.

 http://tldp.org/HOWTO/LVM-HOWTO/

 Are you planning to join it to an existing Volume Group and then create
 a LV on it for backup? My preference would be to keep things simple and
 to aid recovery in the future, maybe just format the disk ext3 for
 backup. Then it is easy to plug into another box for recovery. But, I'm
 just guessing how you plan to use it.

 Ken

 Ken -

 Thank you for your response.  What you suggested is exactly what
 I would like to do: have an extra, stand alone, drive for
 backup.  However, when I do

 fdisk -l

 I get the output below which has me concerned.  As a Sunday
 afternoon user of Centos, I am not 100% sure of my
 interpretation - that is - the drive is already been joined as
 part of the LVM even though all I did was to plug it in as a slave.

 My installation of Centos 5.5 is new and I do not remember
 specifying LVM (though that is what I had with my 4.8 system).
 The /dev/hdc (250 GB) is the new system drive.  The /dev/hdd is
 the old Centos 4.8 drive that I would like to have as an
 independent drive e.g. /dev/hda or whatever it needs to be.

 What I DO NOT want to happen is for me to accidentally mess up my
 new Centos 5.5 system :-)!!

 Questions:

 * Is it possible to remove /dev/hdd from the LVM - at least it
 appears to be part of it
 * Once removed, format it as EXT3 and mount it as /dev/hda (or
 /dev/hdd)

 For this I am swimming in unknown waters.

 Todd

 Disk /dev/hdc: 251.0 GB, 251000193024 bytes
 255 heads, 63 sectors/track, 30515 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot  Start End  Blocks   Id  System
 /dev/hdc1   *   1  13  104391   83  Linux
 /dev/hdc2  14   30515   245007315   8e  Linux LVM

 Disk /dev/hdd: 163.9 GB, 163928604672 bytes
 255 heads, 63 sectors/track, 19929 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot  Start End  Blocks   Id  System
 /dev/hdd1   *   1  13  104391   83  Linux
 /dev/hdd2  14   19929   159975270   8e  Linux LVM

 Disk /dev/sda: 81.9 GB, 81964302336 bytes
 255 heads, 63 sectors/track, 9964 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot  Start End  Blocks   Id  System
 /dev/sda1   1996480035798+   7  HPFS/NTFS


 For working with LVM's, I've found that the system-config-lvm GUI tool
 is excellent. It's really great for when I want to reduce a logical
 volume, since it handles resizing both the file system and the volume
 group for you).

 It will display all of your drives/partitions and let you adjust them
 for what you describe.

 Please take a look at it and feel free to post any questions.

 Charlie

 P.S. I'm a Unix Admin, so I love the command line ... this is one of the
 few times where I recommend a GUI tool over typing the commands.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


I am off for a ten day trip, but when I return I'll take a look 
at it.

Todd

-- 
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to add a HD to a LVM

2011-05-08 Thread Todd Cary

On 5/8/2011 7:37 AM, Todd Cary wrote:
 On 5/8/2011 12:03 AM, Ken Smith wrote:
 Todd Cary wrote:
 I have connected a HD that was a prior system drive (Centos 4.8)
 and I am not sure of the command line procedures to find out if
 it is recognized (I believe it is since it present in the GUI),
 delete all data on it and finally add it to the LVM.

 I would like to use it as a backup data drive.

 Todd


 This is an excellent tutorial on LVM.

 http://tldp.org/HOWTO/LVM-HOWTO/

 Are you planning to join it to an existing Volume Group and then create
 a LV on it for backup? My preference would be to keep things simple and
 to aid recovery in the future, maybe just format the disk ext3 for
 backup. Then it is easy to plug into another box for recovery. But, I'm
 just guessing how you plan to use it.

 Ken

 Ken -

 Thank you for your response.  What you suggested is exactly what
 I would like to do: have an extra, stand alone, drive for
 backup.  However, when I do

 fdisk -l

 I get the output below which has me concerned.  As a Sunday
 afternoon user of Centos, I am not 100% sure of my
 interpretation - that is - the drive is already been joined as
 part of the LVM even though all I did was to plug it in as a slave.

 My installation of Centos 5.5 is new and I do not remember
 specifying LVM (though that is what I had with my 4.8 system).
 The /dev/hdc (250 GB) is the new system drive.  The /dev/hdd is
 the old Centos 4.8 drive that I would like to have as an
 independent drive e.g. /dev/hda or whatever it needs to be.

 What I DO NOT want to happen is for me to accidentally mess up my
 new Centos 5.5 system :-)!!

 Questions:

 * Is it possible to remove /dev/hdd from the LVM - at least it
 appears to be part of it
 * Once removed, format it as EXT3 and mount it as /dev/hda (or
 /dev/hdd)

 For this I am swimming in unknown waters.

 Todd

 Disk /dev/hdc: 251.0 GB, 251000193024 bytes
 255 heads, 63 sectors/track, 30515 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

  Device Boot  Start End  Blocks   Id  System
 /dev/hdc1   *   1  13  104391   83  Linux
 /dev/hdc2  14   30515   245007315   8e  Linux LVM

 Disk /dev/hdd: 163.9 GB, 163928604672 bytes
 255 heads, 63 sectors/track, 19929 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

  Device Boot  Start End  Blocks   Id  System
 /dev/hdd1   *   1  13  104391   83  Linux
 /dev/hdd2  14   19929   159975270   8e  Linux LVM

 Disk /dev/sda: 81.9 GB, 81964302336 bytes
 255 heads, 63 sectors/track, 9964 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes

  Device Boot  Start End  Blocks   Id  System
 /dev/sda1   1996480035798+   7  HPFS/NTFS


Whether I use the lvm command line or the GUI, I am not sure if I 
am suppose to remove the logical first as in

lvm lvremove LogVol01

Using the GUI, I get

Logical volume LogVol01 contains swap filesystem. All data on it 
will be lost! Are you quite certain that you wish to remove 
logical volume LogVol01?

-- 
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to add a HD to a LVM

2011-05-08 Thread Scott Robbins

On Sun, May 08, 2011 at 09:21:56AM -0700, Todd Cary wrote:
 
 lvm lvremove LogVol01
 
 Using the GUI, I get
 
 Logical volume LogVol01 contains swap filesystem. All data on it 
 will be lost! Are you quite certain that you wish to remove 
 logical volume LogVol01?


If it's a swap partition, first turn off the swap

swapoff /dev/VGwhaever/LogVol01

Then lvremove.


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: What's going on here? People are going all Felicity with 
their hair. 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SSH using Keys, no password and SFTP?

HI All,

I have setup (and it was so easy) using SSH with keys instead of password 
authentication. I want to turn password authentication off completely.

What I dont understand is how SFTP would work them. I dont see any settings in 
my FTP clients to use SFTP without providing a password.

If that is the case, that is fine since the FTP users have no real privileges 
except to their own web folders.

That being said, is it possible to allow only Password authentication for a few 
users? and then require Key authorization for other users where password would 
not be accepted for them..perhaps, if they try to connect with password they 
get denied without being prompted for a password?

-- 
Jason

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

2011-05-08 Thread Devin Reade

Jason slackmoehrle.li...@gmail.com wrote:

 I have setup (and it was so easy) using SSH with keys instead of password 
 authentication. I want to turn password authentication off completely.
 
 What I dont understand is how SFTP would work them. I dont see any settings 
 in my FTP clients to use SFTP without providing a password.


Don't confuse sftp with ftp.  They're two different protcols, albiet with
similar purposes.

If your users can log in with ssh using key pairs, then they can sftp and
scp with them, too.

ftp, otoh, does not understand ssh key pairs so if you turn off password
auth there then regular users can't log in with that protocol at all.

IMO though, the only kind of cleartext ftp that should be offered is 
anonymous ftp anyway.  ssh/sftp/scp have been out there long enough
that even windows users can use them now as long as you provide them
(or poitn them to) a suitable client.

Devin

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

2011-05-08 Thread Devin Reade

Devin Reade g...@gno.org wrote:

 Jason slackmoehrle.li...@gmail.com wrote:
 
 What I dont understand is how SFTP would work them. I dont see any settings 
 in my FTP clients to use SFTP without providing a password.

'course, I may have jumped the gun on my comments.  I'm also assuming a
sane sftp client.  Certainly the (standard/portable) OpenSSH sftp 
implementation doesn't need it.  If your sftp client doesn't have any
way to identify the key store, then it might not be able to handle it.
(On UNIX/Mac, it may be implicit on where it finds the keys.  I don't
know about arbitrary Windows clients)

Devin

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Am I being to paranoid?

Hi All,

I want to know thoughts on if I am being to paranoid/security conscious. 

CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and 
obviously the built-in firewall on the box. I have ssh on a different port and 
starting to use Keys instead of password authentication. I host an intensive 
website and I am getting about 150 unique visitors per day. 

What I am seeing is LogWatch reporting a lot of 404's like:

404 Not Found
//PHPMA/: 1 Time(s)
//admin/myadmin/: 1 Time(s)
//admin/phpmyadmin/: 1 Time(s)
//adming/: 1 Time(s)
//ascils/phpmyadmin/: 1 Time(s)
//blog/wp-content/plugins/phpmyadmin/: 1 Time(s)
//database/: 2 Time(s)
//db/: 1 Time(s)
//dba/: 1 Time(s)
//dbadmin/: 2 Time(s)
//html/phpMyAdmin/: 1 Time(s)
//html/phpmyadmin/: 1 Time(s)
//lamp/phpmyadmin/: 1 Time(s)
//myadmin/: 1 Time(s)
//mydatabase/: 1 Time(s)
//mydb/: 1 Time(s)
//myphp/: 1 Time(s)
//mysql-admin/: 1 Time(s)
//mysql/: 1 Time(s)
//mysqladmin/: 2 Time(s)
//mysqlmanager/: 1 Time(s)
//phpMyAdmin-2.8.0.2/: 1 Time(s)
//phpMyAdmin-2.8.1-rc1/: 1 Time(s)
//phpMyAdmin-2.8.1/: 1 Time(s)
//phpMyAdmin-2.8.2/: 1 Time(s)
//phpMyAdmin/: 1 Time(s)
//phpadm/: 2 Time(s)
//phpma/: 1 Time(s)
//phpmanager/: 1 Time(s)
//phpmy/: 2 Time(s)
//phpmyadmin/: 1 Time(s)
//pma/: 1 Time(s)
//pmaadmin/: 1 Time(s)
//pmadmin/: 1 Time(s)
//sql/: 1 Time(s)
//sqladmin/: 2 Time(s)
//sqldatabase/: 2 Time(s)
//sqlmanager/: 1 Time(s)
//sqlweb/: 1 Time(s)
//typo3/phpmyadmin/: 1 Time(s)
//webadmin/: 1 Time(s)
//webdb/: 1 Time(s)
//websql/: 1 Time(s)
//wp-content/plugins/phpMyAdmin/: 1 Time(s)
//wp-content/plugins/wp-phpmyadmin/: 1 Time(s)
//xampp/phpmyadmin/: 1 Time(s)

So I turned on Apache ReWrite and I created a file and I put in rules like: 
(just a small subset)

RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmy(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpma [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpgadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phppgadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmyadmin(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/php\-my\-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/php\-myadmin [NC,OR] 
RewriteCond %{REQUEST_URI} ^/phpmy\-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmanager [NC,OR]
RewriteCond %{REQUEST_URI} ^/player(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/plugins [NC,OR]
RewriteCond %{REQUEST_URI} ^/pma [NC,OR]
RewriteCond %{REQUEST_URI} ^/p/m/a [NC,OR]
RewriteCond %{REQUEST_URI} ^/pmadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/pmaadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/scripts [NC,OR]
RewriteCond %{REQUEST_URI} ^/sd(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/sql [NC,OR]
RewriteCond %{REQUEST_URI} ^/sqladmin [NC,OR]

and if one of these is hit I use a Rule of:

RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA]

Everyday I look at the LogWatch E-Mail and I add one people are trying to hit 
and restart apache.

This yields a few questions.

1. Am I being to paranoid by doing this? My logic is they dont belong here and 
I could get mad if someone walked up to my apartment and tried jiggling the 
door handle to see if it was unlocked. 

2. I know I can simplify these rules. Wouldn't RewriteCond %{REQUEST_URI} 
^/php(.*) [NC,OR] get most of the attempts for thinks like /php, /php-myadmin, 
/phpmyadmin-2.0.8.8, etc?

3. Is there a better way to right these rules?

4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit and 
they are re-directed back to themselves? My rules seem to be working, if I try 
and hit /scripts right now, it does what I expect. 

Can anyone shed some light for me on my thoughts/questions?

-- 
Jason


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

Hi Devin,

My Fetch FTP software allows me to use SFTP, but it asks for a password. Maybe 
I need to leave it blank as a test and see if it uses my key against the server 
automatically. Maybe it does something behind the scenes I am not aware of.

-- 
Jason

On Sunday, May 8, 2011 at 10:41 AM, Devin Reade wrote: 
 Jason slackmoehrle.li...@gmail.com wrote:
 
  I have setup (and it was so easy) using SSH with keys instead of password 
  authentication. I want to turn password authentication off completely.
  
  What I dont understand is how SFTP would work them. I dont see any settings 
  in my FTP clients to use SFTP without providing a password.
 
 
 Don't confuse sftp with ftp. They're two different protcols, albiet with
 similar purposes.
 
 If your users can log in with ssh using key pairs, then they can sftp and
 scp with them, too.
 
 ftp, otoh, does not understand ssh key pairs so if you turn off password
 auth there then regular users can't log in with that protocol at all.
 
 IMO though, the only kind of cleartext ftp that should be offered is 
 anonymous ftp anyway. ssh/sftp/scp have been out there long enough
 that even windows users can use them now as long as you provide them
 (or poitn them to) a suitable client.
 
 Devin
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] fail2ban and secure permissions

2011-05-08 Thread David Mehler

Hello,
Has anyone got fail2ban working and blocking ssh spambot atempts? My
ssh is logging with a facility of authpriv which syslogd sends to
/var/log/secure. That file has 600 permissions owned and group of
root. I want to make it where fail2ban can access the needed file, yet
not make it insecure in the process. I was not wanting to change
permissions last time I did that on a log file a cron daily report
kept noting it. I'd appreciate any suggestions.
Thanks.
Dave.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

John R Pierce wrote:

 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.)
 
 low profile is the buzzword, and there's lots of them.   for example...
 http://www.intel.com/products/server/adapters/pro1000pt/pro1000pt-
overview.htm

Thanks for your response.
But I don't think low profile is enough -
the MicroServer needs half-height low profile,
and I don't think from the pictures the ones you pointed to are half-height.
(The backplate looks too high.)

 or a dual port equivalent
 http://www.intel.com/products/server/adapters/pro1000pt-
dualport/pro1000pt-dualport-overview.htm

For some reason the dual port NICs seem incredibly expensive -
more expensive than the computer, in fact.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Am I being to paranoid?

2011-05-08 Thread Eero Volotinen

2011/5/8 Jason slackmoehrle.li...@gmail.com:
 Hi All,

 I want to know thoughts on if I am being to paranoid/security conscious.

 CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and 
 obviously the built-in firewall on the box. I have ssh on a different port 
 and starting to use Keys instead of password authentication. I host an 
 intensive website and I am getting about 150 unique visitors per day.

 What I am seeing is LogWatch reporting a lot of 404's like:

 404 Not Found
 //PHPMA/: 1 Time(s)
 //admin/myadmin/: 1 Time(s)
 //admin/phpmyadmin/: 1 Time(s)
 //adming/: 1 Time(s)
 //ascils/phpmyadmin/: 1 Time(s)
 //blog/wp-content/plugins/phpmyadmin/: 1 Time(s)
 //database/: 2 Time(s)
 //db/: 1 Time(s)
 //dba/: 1 Time(s)
 //dbadmin/: 2 Time(s)
 //html/phpMyAdmin/: 1 Time(s)
 //html/phpmyadmin/: 1 Time(s)
 //lamp/phpmyadmin/: 1 Time(s)
 //myadmin/: 1 Time(s)
 //mydatabase/: 1 Time(s)
 //mydb/: 1 Time(s)
 //myphp/: 1 Time(s)
 //mysql-admin/: 1 Time(s)
 //mysql/: 1 Time(s)
 //mysqladmin/: 2 Time(s)
 //mysqlmanager/: 1 Time(s)
 //phpMyAdmin-2.8.0.2/: 1 Time(s)
 //phpMyAdmin-2.8.1-rc1/: 1 Time(s)
 //phpMyAdmin-2.8.1/: 1 Time(s)
 //phpMyAdmin-2.8.2/: 1 Time(s)
 //phpMyAdmin/: 1 Time(s)
 //phpadm/: 2 Time(s)
 //phpma/: 1 Time(s)
 //phpmanager/: 1 Time(s)
 //phpmy/: 2 Time(s)
 //phpmyadmin/: 1 Time(s)
 //pma/: 1 Time(s)
 //pmaadmin/: 1 Time(s)
 //pmadmin/: 1 Time(s)
 //sql/: 1 Time(s)
 //sqladmin/: 2 Time(s)
 //sqldatabase/: 2 Time(s)
 //sqlmanager/: 1 Time(s)
 //sqlweb/: 1 Time(s)
 //typo3/phpmyadmin/: 1 Time(s)
 //webadmin/: 1 Time(s)
 //webdb/: 1 Time(s)
 //websql/: 1 Time(s)
 //wp-content/plugins/phpMyAdmin/: 1 Time(s)
 //wp-content/plugins/wp-phpmyadmin/: 1 Time(s)
 //xampp/phpmyadmin/: 1 Time(s)

 So I turned on Apache ReWrite and I created a file and I put in rules like: 
 (just a small subset)

 RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmy(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpma [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpgadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phppgadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmyadmin(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/php\-my\-admin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/php\-myadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmy\-admin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmanager [NC,OR]
 RewriteCond %{REQUEST_URI} ^/player(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/plugins [NC,OR]
 RewriteCond %{REQUEST_URI} ^/pma [NC,OR]
 RewriteCond %{REQUEST_URI} ^/p/m/a [NC,OR]
 RewriteCond %{REQUEST_URI} ^/pmadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/pmaadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/scripts [NC,OR]
 RewriteCond %{REQUEST_URI} ^/sd(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/sql [NC,OR]
 RewriteCond %{REQUEST_URI} ^/sqladmin [NC,OR]

 and if one of these is hit I use a Rule of:

 RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA]

 Everyday I look at the LogWatch E-Mail and I add one people are trying to hit 
 and restart apache.

 This yields a few questions.

 1. Am I being to paranoid by doing this? My logic is they dont belong here 
 and I could get mad if someone walked up to my apartment and tried jiggling 
 the door handle to see if it was unlocked.

 2. I know I can simplify these rules. Wouldn't RewriteCond %{REQUEST_URI} 
 ^/php(.*) [NC,OR] get most of the attempts for thinks like /php, 
 /php-myadmin, /phpmyadmin-2.0.8.8, etc?

 3. Is there a better way to right these rules?

 4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit 
 and they are re-directed back to themselves? My rules seem to be working, if 
 I try and hit /scripts right now, it does what I expect.

 Can anyone shed some light for me on my thoughts/questions?

You should take a look at mod_security: http://www.modsecurity.org/ ,
if provides better ways to block hostile attacks and probes.

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

2011-05-08 Thread Ljubomir Ljubojevic

Devin Reade wrote:
 Devin Reade g...@gno.org wrote:
 
 Jason slackmoehrle.li...@gmail.com wrote:

 What I dont understand is how SFTP would work them. I dont see any settings 
 in my FTP clients to use SFTP without providing a password.
 
 'course, I may have jumped the gun on my comments.  I'm also assuming a
 sane sftp client.  Certainly the (standard/portable) OpenSSH sftp 
 implementation doesn't need it.  If your sftp client doesn't have any
 way to identify the key store, then it might not be able to handle it.
 (On UNIX/Mac, it may be implicit on where it finds the keys.  I don't
 know about arbitrary Windows clients)
 
 Devin
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 
 

Winscp supports key pair, but you must convert them to Putty format.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

2011-05-08 Thread Alexander Dalloz

Am 08.05.2011 19:52, schrieb Timothy Murphy:
 John R Pierce wrote:
 
 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.)

 low profile is the buzzword, and there's lots of them.   for example...
 http://www.intel.com/products/server/adapters/pro1000pt/pro1000pt-
 overview.htm
 
 Thanks for your response.
 But I don't think low profile is enough -
 the MicroServer needs half-height low profile,
 and I don't think from the pictures the ones you pointed to are half-height.
 (The backplate looks too high.)

The add-on card article by HP is

NC112T PCI-Express Gigabit-Serveradapter (503746-B21)

connector: 1x RJ-45
chipset: Intel i82574L
specials: Wake on LAN, low profile

 or a dual port equivalent
 http://www.intel.com/products/server/adapters/pro1000pt-
 dualport/pro1000pt-dualport-overview.htm
 
 For some reason the dual port NICs seem incredibly expensive -
 more expensive than the computer, in fact.

Dual port NICs working are i.e.

Intel Gigabit ET Server Adapter, 2x 1000Base-T, PCIe x4, low profile
(E1G42ET)

available for 120 Euro.

Alexander


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

Ryan Wagoner wrote:

 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.
 
 A number of cards come with a changeable plate to make them half
 height. Below are links to Intel desktop and server cards.
 
 http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033
 http://www.newegg.com/Product/Product.aspx?Item=N82E16833106011
 http://www.newegg.com/Product/Product.aspx?Item=N82E16833106035

Thanks very much.
I'll look at those (even though I am beyond the reach of newegg).
I know some cards come with two plates,
but I've yet to discover how one identifies them.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fail2ban and secure permissions

2011-05-08 Thread Ljubomir Ljubojevic

David Mehler wrote:
 Hello,
 Has anyone got fail2ban working and blocking ssh spambot atempts? My
 ssh is logging with a facility of authpriv which syslogd sends to
 /var/log/secure. That file has 600 permissions owned and group of
 root. I want to make it where fail2ban can access the needed file, yet
 not make it insecure in the process. I was not wanting to change
 permissions last time I did that on a log file a cron daily report
 kept noting it. I'd appreciate any suggestions.
 Thanks.
 Dave.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 
 
If you fail to setup fail2ban, use denyhosts instead. I use it for 3-4 
years.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Building a Back Blaze style POD

Hi All,

I am about to embark on a project that deals with allowing information
archival, over time and seeing change over time as well. I can explain it a lot
better, but I would certainly talk your ear off. I really don't have a lot of
money to throw at the initial concept, but I have some. This device will host
all of the operations for the first few months until I can afford to build a
duplicate device. I already had a few parts of the idea done and ready to get
live.

I am contemplating building a BackBlaze Style POD. The goal of the device is to
start acting as a place to have the crawls store information, massage it, get
it into db's and then notify the user the task is done so they can start
looking at the results.

For reference here are a few links:

http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/

and

http://cleanenergy.harvard.edu/index.php?ira=JabbatipoContenido=sidebarsidebar=science

There is room for 45 drives in the case (technically a few more).

45 x 1tb 7200rpm drives is really cheap, about $60 each.

45 x 1.5tb 7200rpm drives are about $70 each.

45 x 2tb 7200rpm drives are about $120 each

45 x 3tb 7200rpm drives are about $180-$230 each (or more, some are almost $400)

I have question before I commit to building one and I was hoping to get advice.

1. Can anyone recommend a mobo/processor setup that can hold lots of RAM? Like
24gb or 64gb or more?

2. Hardware RAID or Software RAID for this?

3. Would CentOS be a good choice? I have never used CentOS on a device so
massive. Just ordinary servers, so to speak. I assume that it could handle so
many drives, a large, expanding file system.

4. Someone recommended ZFS but I dont recall that being available on CentOS,
but it is on FreeBSD which I have little experience with.

5. How would someone realistically back something like this up?

Ultimately I know over time I need to distribute my architecture out and have a
number of web-servers, balancing, etc but to get started I think this device
with good backups might fit the bill.

I can be way more detailed if it helps, I just didn't want to clutter with
information that might not be relevant.
--
Jason

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fail2ban and secure permissions

2011-05-08 Thread Eero Volotinen

2011/5/8 David Mehler dave.meh...@gmail.com:
 Hello,
 Has anyone got fail2ban working and blocking ssh spambot atempts? My
 ssh is logging with a facility of authpriv which syslogd sends to
 /var/log/secure. That file has 600 permissions owned and group of
 root. I want to make it where fail2ban can access the needed file, yet
 not make it insecure in the process. I was not wanting to change
 permissions last time I did that on a log file a cron daily report
 kept noting it. I'd appreciate any suggestions.

Well. fail2ban runs as root as it modified iptables rules? So, no need
to modify file access?

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

Timothy Murphy wrote:

 John R Pierce wrote:
 
 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.)
 
 low profile is the buzzword, and there's lots of them.   for example...
 http://www.intel.com/products/server/adapters/pro1000pt/pro1000pt-
 overview.htm
 
 Thanks for your response.
 But I don't think low profile is enough -
 the MicroServer needs half-height low profile,
 and I don't think from the pictures the ones you pointed to are
 half-height. (The backplate looks too high.)

Sorry, I see now that the Intel Pro PT you point to does say:
Optional low-profile bracket included for high-density, 
rack-mounted servers

I'd been looking at the Pro CT, which may not have this.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

Alexander Dalloz wrote:

 Except that I'd like to add a second ethernet port,
 and am not sure where one can find a card that will fit this machine.
 As far as I can see, it requires a half-height PCIe card,
 which seems to be rather a rare animal.
 (There doesn't seem to be a standard for the backplate.)

 The add-on card article by HP is
 
 NC112T PCI-Express Gigabit-Serveradapter (503746-B21)
 
 connector: 1x RJ-45
 chipset: Intel i82574L
 specials: Wake on LAN, low profile

Thanks, I'll look for that.
I did see HP recommended a card, probably this one,
but again the picture seemed to show a full height backplate.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD

 -Original Message-
 From: Jason
 Sent: Sunday, May 08, 2011 14:04
 To: CentOS mailing list
 Subject: [CentOS] Building a Back Blaze style POD

 Hi All,

 I am about to embark on a project that deals with allowing 
 information archival, over time and seeing change over time 
 as well. I can explain it a lot better, but I would certainly 
 talk your ear off. I really don't have a lot of money to 
 throw at the initial concept, but I have some. This device 
 will host all of the operations for the first few months 
 until I can afford to build a duplicate device. I already had 
 a few parts of the idea done and ready to get live.

 I am contemplating building a BackBlaze Style POD. The goal 
 of the device is to start acting as a place to have the 
 crawls store information, massage it, get it into db's and 
 then notify the user the task is done so they can start 
 looking at the results.

 For reference here are a few links:

 http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how
-to-build-cheap-cloud-storage/

 and

 http://cleanenergy.harvard.edu/index.php?ira=JabbatipoConteni
do=sidebarsidebar=science

Distrubing, I was on the same pages a few hours ago.

 There is room for 45 drives in the case (technically a few more).

 45 x 1tb 7200rpm drives is really cheap, about $60 each.

 45 x 1.5tb 7200rpm drives are about $70 each.

 45 x 2tb 7200rpm drives are about $120 each

 45 x 3tb 7200rpm drives are about $180-$230 each (or more, 
 some are almost $400)

 I have question before I commit to building one and I was 
 hoping to get advice.

 1. Can anyone recommend a mobo/processor setup that can hold 
 lots of RAM? Like 24gb or 64gb or more? 

 2. Hardware RAID or Software RAID for this?

Hardware to costly in $
Software to costly in CPU.

Try for redundancy.

 3. Would CentOS be a good choice? I have never used CentOS on 
 a device so massive. Just ordinary servers, so to speak. I 
 assume that it could handle so many drives, a large, 
 expanding file system.

Multiple file systems of GFS?

 4. Someone recommended ZFS but I dont recall that being 
 available on CentOS, but it is on FreeBSD which I have little 
 experience with.

 5. How would someone realistically back something like this up?

You don't. You replicate it. We are looking at using it as an online cache of
our backup media.

 Ultimately I know over time I need to distribute my 
 architecture out and have a number of web-servers, balancing, 
 etc but to get started I think this device with good backups 
 might fit the bill.

 I can be way more detailed if it helps, I just didn't want to 
 clutter with information that might not be relevant.
 --
 Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Am I being to paranoid?

2011-05-08 Thread R P Herrold


quick answer:  even paranoids have enemies

On Sun, 8 May 2011, Jason wrote:

 So I turned on Apache ReWrite and I created a file and I put in rules like: 
 (just a small subset)

 RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmy(.*) [NC,OR]
 .snip

 2. I know I can simplify these rules. Wouldn't RewriteCond %{REQUEST_URI} 
 ^/php(.*) [NC,OR] get most of the attempts for thinks like /php, 
 /php-myadmin, /phpmyadmin-2.0.8.8, etc?

 3. Is there a better way to right these rules?

I wrote about my approch some time ago ...

http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-updates.html

Send them safely off your box, and back home

-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Am I being to paranoid?

2011-05-08 Thread Benjamin Franz

On 05/08/2011 10:46 AM, Jason wrote:
 4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit 
 and they are re-directed back to themselves? My rules seem to be working, if 
 I try and hit /scripts right now, it does what I expect.
[...]

Because the remote loader is a robot, not a web browser. It is throwing 
stuff at the wall and seeing what sticks. It flat out doesn't care if 
you send back a redirect - it is just looking for a response that 
indicates a vulnerability and anything else is ignored by it.

Redirects are largely ineffective in combating bots hunting for 
exploitable scripts and programs. You would be better off using 
something like Fail2Ban to dynamically update firewall rules against 
detected attackers.

-- 
Benjamin Franz
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD

2011-05-08 Thread Rudi Ahlers

On Sun, May 8, 2011 at 8:03 PM, Jason slackmoehrle.li...@gmail.com wrote:

Hi All,

I am about to embark on a project that deals with allowing information
archival, over time and seeing change over time as well. I can explain it a
lot better, but I would certainly talk your ear off. I really don't have a
lot of money to throw at the initial concept, but I have some. This device
will host all of the operations for the first few months until I can afford
to build a duplicate device. I already had a few parts of the idea done and
ready to get live.

I am contemplating building a BackBlaze Style POD. The goal of the device
is to start acting as a place to have the crawls store information, massage
it, get it into db's and then notify the user the task is done so they can
start looking at the results.

For reference here are a few links:

http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/

and

http://cleanenergy.harvard.edu/index.php?ira=JabbatipoContenido=sidebarsidebar=science

There is room for 45 drives in the case (technically a few more).

45 x 1tb 7200rpm drives is really cheap, about $60 each.

45 x 1.5tb 7200rpm drives are about $70 each.

45 x 2tb 7200rpm drives are about $120 each

45 x 3tb 7200rpm drives are about $180-$230 each (or more, some are almost
$400)

I have question before I commit to building one and I was hoping to get
advice.

1. Can anyone recommend a mobo/processor setup that can hold lots of RAM?
Like 24gb or 64gb or more?

Any brand server motherboard will do. I prefer supermicro, but you can use
Dell, HP, Intell, etc, etc.

2. Hardware RAID or Software RAID for this?

Hardware RAID will be expensive on 45 drives. IF you can, split the 45
drives into a few smaller RAID arrays. To rebuild 1x large 45TB RAID array,
with either hardware or software would probably take a week, or more,
depending on which RAID type you use - i.e. RAID 5, or 6, or 10. I prefer
RAID 10 since it's best for speed and the rebuilds are the quickest. But you
loose half the space, i.e. 45TB drives will give you about 22TB space. 45x
2TB HDD's would give you about 44TB space though.

3. Would CentOS be a good choice? I have never used CentOS on a device so
massive. Just ordinary servers, so to speak. I assume that it could handle
so many drives, a large, expanding file system.

Yes it would be fine.

4. Someone recommended ZFS but I dont recall that being available on
CentOS, but it is on FreeBSD which I have little experience with.

I would also prefer to use ZFS for this type of setup. use one 128GB SL type
SSD drive as a cache drive to speed up things and 2x log drives to help with
drive recovery. With ZFS you would be able to use one large RAID array if
you have the log drives since it was recover from driver failure much better
than other file systems. Although you can install ZFS as user-land tools,
which will be slower than running it via the kernel. But, it would be better
to use Solaris or FreeBSD for this - look @ Nexenta / FreeNAS / OpenIndia
for this.

5. How would someone realistically back something like this up?

To another one as large :)

OR, more realistically, if you already have some backup servers, and the
full 45TB isn't full of data yet, then simply backup what you have. By the
sounds of it your project is still new so your data won't be that much. I
would simply build a gluster / CLVM cluster of smaller cheaper servers -
which basically allows you to add say 4TB / 8TB (depending on what chassis
you use and how many drives it can take) at a time to the backup cluster,
which will be cheaper than buying another one identical to this right now.

Ultimately I know over time I need to distribute my architecture out and
have a number of web-servers, balancing, etc but to get started I think this
device with good backups might fit the bill.

If this device will be used for web + mail + SQL, then you may probably look
at using 4 quad core CPU's + 128GB RAM. With this many drives (or rather,
this much data) you'll probably run out of RAM / CPU / Network resources
before you run out of HDD space.

With a device this big (in terms of storage) I would rather have 2 separate
processing servers which just mounts LUN's from this POD (exported as NFS
/ iSCSI / FCoE / etc) and then have a few faster SAS / SSD drives for SQL
/ log processing.

I can be way more detailed if it helps, I just didn't want to clutter with
information that might not be relevant.
--
Jason

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

--
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP MicroServer

On 05/08/11 6:53 AM, Timothy Murphy wrote:
 (The machine is unbelievably cheap at the moment,
 due to a bizarre cashback offer from HP.)

where's this deal?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Am I being to paranoid?

Hi Russ,

  3. Is there a better way to right these rules?
 
 I wrote about my approch some time ago ...
 
 http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-updates.html
 
 Send them safely off your box, and back home

I read your article and It seems we are doing the same thing? Is there a 
benefit I dont understand to use your approach versus the one I am using 
already?

Is it true that you can to (.*) to handle easier matching?

Say phpmyadmin, phpadmin, php-myadmin

Could I do something like: RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR] and 
that would handle all of them? 

-Jason 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

So is it possible to require some users to use Password only and some to use 
Key only authentication?

-Jason

-- 
Jason

On Sunday, May 8, 2011 at 10:58 AM, off...@plnet.rs wrote: 
 Devin Reade wrote:
  Devin Reade g...@gno.org wrote:
  
   Jason slackmoehrle.li...@gmail.com wrote:
   
What I dont understand is how SFTP would work them. I dont see any 
settings in my FTP clients to use SFTP without providing a password.
  
  'course, I may have jumped the gun on my comments. I'm also assuming a
  sane sftp client. Certainly the (standard/portable) OpenSSH sftp 
  implementation doesn't need it. If your sftp client doesn't have any
  way to identify the key store, then it might not be able to handle it.
  (On UNIX/Mac, it may be implicit on where it finds the keys. I don't
  know about arbitrary Windows clients)
  
  Devin
  
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 
 Winscp supports key pair, but you must convert them to Putty format.
 
 Ljubomir
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6 Update?

2011-05-08 Thread Tom H

On Wed, Apr 20, 2011 at 5:19 PM, John R. Dennison j...@gerdesas.com wrote:
 On Wed, Apr 20, 2011 at 01:34:54PM -0400, Tom H wrote:

 If CentOS had a communication policy, it could spare itself these
 types of articles...

 No.  These types of articles will continue to appear whether there is a
 communications policy or not.  However having someone actually posting
 updates once in a while _would_ be a good thing.  And preferably someone
 that doesn't favor one avenue (forums) over another (this list).

I'm cleaning up my inbox and found this reply (that I somehow missed earlier).

I'm sorry about the lateness of the reply but felt that I should
clarify a misunderstanding.

By communication policy, I don't mean giving updates of the progress
of an upcoming release (especially given Karanbir's explanation of the
difficulty in estimating the completion point); I mean not telling
people if you're unhappy, use another distribution or making similar
types of comments and creating problems for themselves (like the
negative article posted in this thread) and those who promote their
distribution (I have two companies where I consult in which the IT
managers have asked me to switch to Debian).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD

Rudy,

Do you have a recommendation of a motherboard?

I am still reading the rest of your post. Thanks!

-Jason

--
Jason

On Sunday, May 8, 2011 at 11:26 AM, Rudi Ahlers wrote:

On Sun, May 8, 2011 at 8:03 PM, Jason slackmoehrle.li...@gmail.com wrote:
Hi All,

I am about to embark on a project that deals with allowing information
archival, over time and seeing change over time as well. I can explain it a
lot better, but I would certainly talk your ear off. I really don't have a
lot of money to throw at the initial concept, but I have some. This device
will host all of the operations for the first few months until I can afford
to build a duplicate device. I already had a few parts of the idea done and
ready to get live.

I am contemplating building a BackBlaze Style POD. The goal of the device
is to start acting as a place to have the crawls store information, massage
it, get it into db's and then notify the user the task is done so they can
start looking at the results.

For reference here are a few links:

http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/

and

http://cleanenergy.harvard.edu/index.php?ira=JabbatipoContenido=sidebarsidebar=science

There is room for 45 drives in the case (technically a few more).

45 x 1tb 7200rpm drives is really cheap, about $60 each.

45 x 1.5tb 7200rpm drives are about $70 each.

45 x 2tb 7200rpm drives are about $120 each

45 x 3tb 7200rpm drives are about $180-$230 each (or more, some are almost
$400)

I have question before I commit to building one and I was hoping to get
advice.

1. Can anyone recommend a mobo/processor setup that can hold lots of RAM?
Like 24gb or 64gb or more?

Any brand server motherboard will do. I prefer supermicro, but you can use
Dell, HP, Intell, etc, etc.

2. Hardware RAID or Software RAID for this?

Hardware RAID will be expensive on 45 drives. IF you can, split the 45 drives
into a few smaller RAID arrays. To rebuild 1x large 45TB RAID array, with
either hardware or software would probably take a week, or more, depending on
which RAID type you use - i.e. RAID 5, or 6, or 10. I prefer RAID 10 since
it's best for speed and the rebuilds are the quickest. But you loose half the
space, i.e. 45TB drives will give you about 22TB space. 45x 2TB HDD's would
give you about 44TB space though.

3. Would CentOS be a good choice? I have never used CentOS on a device so
massive. Just ordinary servers, so to speak. I assume that it could handle
so many drives, a large, expanding file system.

Yes it would be fine.

4. Someone recommended ZFS but I dont recall that being available on
CentOS, but it is on FreeBSD which I have little experience with.

I would also prefer to use ZFS for this type of setup. use one 128GB SL type
SSD drive as a cache drive to speed up things and 2x log drives to help with
drive recovery. With ZFS you would be able to use one large RAID array if you
have the log drives since it was recover from driver failure much better than
other file systems. Although you can install ZFS as user-land tools, which
will be slower than running it via the kernel. But, it would be better to use
Solaris or FreeBSD for this - look @ Nexenta / FreeNAS / OpenIndia for this.

5. How would someone realistically back something like this up?

To another one as large :)

OR, more realistically, if you already have some backup servers, and the full
45TB isn't full of data yet, then simply backup what you have. By the sounds
of it your project is still new so your data won't be that much. I would
simply build a gluster / CLVM cluster of smaller cheaper servers - which
basically allows you to add say 4TB / 8TB (depending on what chassis you use
and how many drives it can take) at a time to the backup cluster, which will
be cheaper than buying another one identical to this right now.

Ultimately I know over time I need to distribute my architecture out and
have a number of web-servers, balancing, etc but to get started I think
this device with good backups might fit the bill.

With a device this big (in terms of storage) I would rather have 2 separate
processing servers which just mounts LUN's from this POD (exported as NFS /
iSCSI / FCoE / etc) and then have a few faster SAS / SSD drives for SQL / log
processing.

I can be way more detailed if it helps, I just didn't want to clutter with
information that might not be relevant.
--
Jason

___
CentOS mailing list

Re: [CentOS] Am I being to paranoid?

2011-05-08 Thread Robert Heller

At Sun, 8 May 2011 10:46:17 -0700 CentOS mailing list centos@centos.org wrote:

 
 Hi All,
 
 I want to know thoughts on if I am being to paranoid/security conscious. 
 
 CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and 
 obviously the built-in firewall on the box. I have ssh on a different port 
 and starting to use Keys instead of password authentication. I host an 
 intensive website and I am getting about 150 unique visitors per day. 
 
 What I am seeing is LogWatch reporting a lot of 404's like:
 
 404 Not Found
 //PHPMA/: 1 Time(s)
 //admin/myadmin/: 1 Time(s)
 //admin/phpmyadmin/: 1 Time(s)
 //adming/: 1 Time(s)
 //ascils/phpmyadmin/: 1 Time(s)
 //blog/wp-content/plugins/phpmyadmin/: 1 Time(s)
 //database/: 2 Time(s)
 //db/: 1 Time(s)
 //dba/: 1 Time(s)
 //dbadmin/: 2 Time(s)
 //html/phpMyAdmin/: 1 Time(s)
 //html/phpmyadmin/: 1 Time(s)
 //lamp/phpmyadmin/: 1 Time(s)
 //myadmin/: 1 Time(s)
 //mydatabase/: 1 Time(s)
 //mydb/: 1 Time(s)
 //myphp/: 1 Time(s)
 //mysql-admin/: 1 Time(s)
 //mysql/: 1 Time(s)
 //mysqladmin/: 2 Time(s)
 //mysqlmanager/: 1 Time(s)
 //phpMyAdmin-2.8.0.2/: 1 Time(s)
 //phpMyAdmin-2.8.1-rc1/: 1 Time(s)
 //phpMyAdmin-2.8.1/: 1 Time(s)
 //phpMyAdmin-2.8.2/: 1 Time(s)
 //phpMyAdmin/: 1 Time(s)
 //phpadm/: 2 Time(s)
 //phpma/: 1 Time(s)
 //phpmanager/: 1 Time(s)
 //phpmy/: 2 Time(s)
 //phpmyadmin/: 1 Time(s)
 //pma/: 1 Time(s)
 //pmaadmin/: 1 Time(s)
 //pmadmin/: 1 Time(s)
 //sql/: 1 Time(s)
 //sqladmin/: 2 Time(s)
 //sqldatabase/: 2 Time(s)
 //sqlmanager/: 1 Time(s)
 //sqlweb/: 1 Time(s)
 //typo3/phpmyadmin/: 1 Time(s)
 //webadmin/: 1 Time(s)
 //webdb/: 1 Time(s)
 //websql/: 1 Time(s)
 //wp-content/plugins/phpMyAdmin/: 1 Time(s)
 //wp-content/plugins/wp-phpmyadmin/: 1 Time(s)
 //xampp/phpmyadmin/: 1 Time(s)
 
 So I turned on Apache ReWrite and I created a file and I put in rules like: 
 (just a small subset)
 
 RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmy(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpma [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpgadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phppgadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmyadmin(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/php\-my\-admin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/php\-myadmin [NC,OR] 
 RewriteCond %{REQUEST_URI} ^/phpmy\-admin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/phpmanager [NC,OR]
 RewriteCond %{REQUEST_URI} ^/player(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/plugins [NC,OR]
 RewriteCond %{REQUEST_URI} ^/pma [NC,OR]
 RewriteCond %{REQUEST_URI} ^/p/m/a [NC,OR]
 RewriteCond %{REQUEST_URI} ^/pmadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/pmaadmin [NC,OR]
 RewriteCond %{REQUEST_URI} ^/scripts [NC,OR]
 RewriteCond %{REQUEST_URI} ^/sd(.*) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/sql [NC,OR]
 RewriteCond %{REQUEST_URI} ^/sqladmin [NC,OR]
 
 and if one of these is hit I use a Rule of:
 
 RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA]
 
 Everyday I look at the LogWatch E-Mail and I add one people are trying to hit 
 and restart apache.
 
 This yields a few questions.
 
 1. Am I being to paranoid by doing this? My logic is they dont belong here 
 and I could get mad if someone walked up to my apartment and tried jiggling 
 the door handle to see if it was unlocked. 

Well, yes.  There is a simplier way -- Apache does have an 'error page'
handler, where you can customize your 404 page or how Apache responds
to a 'page not found' error.  Doing the redirect is not really going to
solve anything anyway.  Most (all?) of these accesses are from a
program -- a kind of 'bad' robot, which is probably going to ignore the
301 status and come to the conclusion that these URIs are actually
working and report success to its (human) master.  That will open you
up for more (automated) attacks and/or piss off the human hacker, who
will just come up with more and nastier attacks or maybe just launch a
dos attack for spite.  You are better off just letting Apache handle
these as 404.  Imagine you have a storefront and people come by after
hours and see the lights off and the closed sign -- people will go away
and come back later.  Imagine that the lights are on and there is no
closed sign, and instead you have some poor clerk there answering the
door telling people to go away.  That is likely to cause more trouble,
since people will just come back in 5-10 minutes and ask if the store
is open now.  Or worse, wait around until there is some indication that
the store is open.

 
 2. I know I can simplify these rules. Wouldn't RewriteCond %{REQUEST_URI} 
 ^/php(.*) [NC,OR] get most of the attempts for thinks like /php, 
 /php-myadmin, /phpmyadmin-2.0.8.8, etc?
 
 3. Is there a better way to right these rules?
 
 4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit 
 and they are re-directed back to themselves? My rules seem to be working, if 
 I

Re: [CentOS] Building a Back Blaze style POD

Hi Jason,

  http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how
 -to-build-cheap-cloud-storage/
  
  and
  
  http://cleanenergy.harvard.edu/index.php?ira=JabbatipoConteni
 do=sidebarsidebar=science
 
 Distrubing, I was on the same pages a few hours ago.
 
The Internet is a small place!

BackBlaze actually send me the Harvard link when I inquired. They also told me 
they are coming out with an updated article based upon new specs, etc. They are 
not sure when it will be available. 

  3. Would CentOS be a good choice? I have never used CentOS on 
  a device so massive. Just ordinary servers, so to speak. I 
  assume that it could handle so many drives, a large, 
  expanding file system.
 
 Multiple file systems of GFS?

I don't quite know if file systems like this are avail for CentOS? I dont see 
it when I install, at least IIRC. 

I will ned to research GFS more.

-Jason 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD

2011-05-08 Thread Rudi Ahlers

On Sun, May 8, 2011 at 9:06 PM, Jason slackmoehrle.li...@gmail.com wrote:

Rudy,

Do you have a recommendation of a motherboard?

Well, choose one here:
http://www.supermicro.com/products/motherboard/matrix/

I don't have specific recommendations but we've had great success with all
our SuperMicro servers, both with single dual CPU configurations, ranging
from 4GB - 128GB RAM

I am still reading the rest of your post. Thanks!

-Jason

--
Jason

On Sunday, May 8, 2011 at 11:26 AM, Rudi Ahlers wrote:

On Sun, May 8, 2011 at 8:03 PM, Jason slackmoehrle.li...@gmail.com
wrote:
Hi All,

I am about to embark on a project that deals with allowing information
archival, over time and seeing change over time as well. I can explain it a
lot better, but I would certainly talk your ear off. I really don't have a
lot of money to throw at the initial concept, but I have some. This device
will host all of the operations for the first few months until I can afford
to build a duplicate device. I already had a few parts of the idea done and
ready to get live.

I am contemplating building a BackBlaze Style POD. The goal of the
device is to start acting as a place to have the crawls store information,
massage it, get it into db's and then notify the user the task is done so
they can start looking at the results.

For reference here are a few links:

http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/

and

http://cleanenergy.harvard.edu/index.php?ira=JabbatipoContenido=sidebarsidebar=science

There is room for 45 drives in the case (technically a few more).

45 x 1tb 7200rpm drives is really cheap, about $60 each.

45 x 1.5tb 7200rpm drives are about $70 each.

45 x 2tb 7200rpm drives are about $120 each

45 x 3tb 7200rpm drives are about $180-$230 each (or more, some are
almost $400)

I have question before I commit to building one and I was hoping to
get advice.

1. Can anyone recommend a mobo/processor setup that can hold lots of
RAM? Like 24gb or 64gb or more?

Any brand server motherboard will do. I prefer supermicro, but you can
use Dell, HP, Intell, etc, etc.

2. Hardware RAID or Software RAID for this?

3. Would CentOS be a good choice? I have never used CentOS on a device
so massive. Just ordinary servers, so to speak. I assume that it could
handle so many drives, a large, expanding file system.

Yes it would be fine.

4. Someone recommended ZFS but I dont recall that being available on
CentOS, but it is on FreeBSD which I have little experience with.

I would also prefer to use ZFS for this type of setup. use one 128GB SL
type SSD drive as a cache drive to speed up things and 2x log drives to help
with drive recovery. With ZFS you would be able to use one large RAID array
if you have the log drives since it was recover from driver failure much
better than other file systems. Although you can install ZFS as user-land
tools, which will be slower than running it via the kernel. But, it would be
better to use Solaris or FreeBSD for this - look @ Nexenta / FreeNAS /
OpenIndia for this.

5. How would someone realistically back something like this up?

To another one as large :)

Ultimately I know over time I need to distribute my architecture out
and have a number of web-servers, balancing, etc but to get started I think
this device with good backups might fit the bill.

If this device will be used for web + mail + SQL, then you may probably
look at using 4 quad core CPU's + 128GB RAM. With this many drives (or
rather, this much data) you'll probably run out of RAM / CPU / Network
resources before you run out of HDD space.

With a device this big (in terms of storage) I would rather have 2
separate processing servers which just mounts LUN's from this POD
(exported as NFS / iSCSI /

Re: [CentOS] Am I being to paranoid?

Robert,

  1. Am I being to paranoid by doing this? My logic is they dont belong here 
  and I could get mad if someone walked up to my apartment and tried jiggling 
  the door handle to see if it was unlocked. 
 
 Well, yes. There is a simplier way -- Apache does have an 'error page'
 handler, where you can customize your 404 page or how Apache responds
 to a 'page not found' error. Doing the redirect is not really going to
 solve anything anyway. Most (all?) of these accesses are from a
 program -- a kind of 'bad' robot, which is probably going to ignore the
 301 status and come to the conclusion that these URIs are actually
 working and report success to its (human) master. That will open you
 up for more (automated) attacks and/or piss off the human hacker, who
 will just come up with more and nastier attacks or maybe just launch a
 dos attack for spite. You are better off just letting Apache handle
 these as 404. Imagine you have a storefront and people come by after
 hours and see the lights off and the closed sign -- people will go away
 and come back later. Imagine that the lights are on and there is no
 closed sign, and instead you have some poor clerk there answering the
 door telling people to go away. That is likely to cause more trouble,
 since people will just come back in 5-10 minutes and ask if the store
 is open now. Or worse, wait around until there is some indication that
 the store is open.
This is a good analogy. It does open up more to stating: Damn'd if you do, 
damn'd if you dont. 
  4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit 
  and they are re-directed back to themselves? My rules seem to be working, 
  if I try and hit /scripts right now, it does what I expect. 
 
 Question: are you using virtual hosts? If so, they the 'visitors' are
 either NOT sending HTTP 1.1 headers or not using the virtual host name.
Yes, I am and I have a few domains on this box. Each virtual has an include 
to a file that stores my rewrite rules so I just maintain them in a single 
place.

-Jason 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD

Thanks Rudi, that helps as you have good luck with all of them. I see they have
some boards that go up to 192gb (but not DDR3), but some do 144gb as well. I
just need to find out if the POD supports extended ATX and I see others have
just used regular ATX boards.

--
Jason

On Sunday, May 8, 2011 at 12:12 PM, Rudi Ahlers wrote:

On Sun, May 8, 2011 at 9:06 PM, Jason slackmoehrle.li...@gmail.com wrote:
Rudy,

Do you have a recommendation of a motherboard?

Well, choose one here: http://www.supermicro.com/products/motherboard/matrix/

I don't have specific recommendations but we've had great success with all
our SuperMicro servers, both with single dual CPU configurations, ranging
from 4GB - 128GB RAM

I am still reading the rest of your post. Thanks!

-Jason

--
Jason

On Sunday, May 8, 2011 at 11:26 AM, Rudi Ahlers wrote:

On Sun, May 8, 2011 at 8:03 PM, Jason slackmoehrle.li...@gmail.com
wrote:
Hi All,

I am about to embark on a project that deals with allowing information
archival, over time and seeing change over time as well. I can explain
it a lot better, but I would certainly talk your ear off. I really
don't have a lot of money to throw at the initial concept, but I have
some. This device will host all of the operations for the first few
months until I can afford to build a duplicate device. I already had a
few parts of the idea done and ready to get live.

I am contemplating building a BackBlaze Style POD. The goal of the
device is to start acting as a place to have the crawls store
information, massage it, get it into db's and then notify the user the
task is done so they can start looking at the results.

For reference here are a few links:

http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/

and

http://cleanenergy.harvard.edu/index.php?ira=JabbatipoContenido=sidebarsidebar=science

There is room for 45 drives in the case (technically a few more).

45 x 1tb 7200rpm drives is really cheap, about $60 each.

45 x 1.5tb 7200rpm drives are about $70 each.

45 x 2tb 7200rpm drives are about $120 each

45 x 3tb 7200rpm drives are about $180-$230 each (or more, some are
almost $400)

I have question before I commit to building one and I was hoping to get
advice.

1. Can anyone recommend a mobo/processor setup that can hold lots of
RAM? Like 24gb or 64gb or more?

Any brand server motherboard will do. I prefer supermicro, but you can
use Dell, HP, Intell, etc, etc.

2. Hardware RAID or Software RAID for this?

Hardware RAID will be expensive on 45 drives. IF you can, split the 45
drives into a few smaller RAID arrays. To rebuild 1x large 45TB RAID
array, with either hardware or software would probably take a week, or
more, depending on which RAID type you use - i.e. RAID 5, or 6, or 10. I
prefer RAID 10 since it's best for speed and the rebuilds are the
quickest. But you loose half the space, i.e. 45TB drives will give you
about 22TB space. 45x 2TB HDD's would give you about 44TB space though.

3. Would CentOS be a good choice? I have never used CentOS on a device
so massive. Just ordinary servers, so to speak. I assume that it could
handle so many drives, a large, expanding file system.

Yes it would be fine.

4. Someone recommended ZFS but I dont recall that being available on
CentOS, but it is on FreeBSD which I have little experience with.

I would also prefer to use ZFS for this type of setup. use one 128GB SL
type SSD drive as a cache drive to speed up things and 2x log drives to
help with drive recovery. With ZFS you would be able to use one large
RAID array if you have the log drives since it was recover from driver
failure much better than other file systems. Although you can install ZFS
as user-land tools, which will be slower than running it via the kernel.
But, it would be better to use Solaris or FreeBSD for this - look @
Nexenta / FreeNAS / OpenIndia for this.

5. How would someone realistically back something like this up?

To another one as large :)

OR, more realistically, if you already have some backup servers, and the
full 45TB isn't full of data yet, then simply backup what you have. By
the sounds of it your project is still new so your data won't be that
much. I would simply build a gluster / CLVM cluster of smaller cheaper
servers - which basically allows you to add say 4TB / 8TB (depending on
what chassis you use and how many drives it can take) at a time to the
backup cluster, which will be cheaper than buying another one identical
to this right now.

Ultimately I know over time I need to distribute my architecture out

Re: [CentOS] Building a Back Blaze style POD

On 05/08/11 12:06 PM, Jason wrote:
 Rudy,


 Do you have a recommendation of a motherboard?

 I am still reading the rest of your post. Thanks!

most any server board that supports dual intel xeon 5500/5600 will let 
you pretty easily add 24GB per CPU socket while using relatively 
affordable 4GB dimms.

http://www.supermicro.com/products/motherboard/QPI/5500/X8DA6.cfm?SAS=N  
or whatever

you might look at these chassis, which are, IMHO, better engineered than 
that backblaze thing
http://www.supermicro.com/products/chassis/4U/847/SC847E16-R1400U.cfm

this supports 36 SAS/SATA drives in a 4U (24 in front, 12 in back) and 
has SAS2 backplane multiplexers so you don't need nearly as many 
SAS/SATA cards


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

2011-05-08 Thread Ljubomir Ljubojevic

Jason wrote:
 So is it possible to require some users to use Password only and some to use 
 Key only authentication?
 
 -Jason
 
I am not sure.

First auth ssh will try is key pair. if that does not work, it will ask 
for username and password. So if you leave password auth runnig and you 
use key pair, it will work. Take a look at ssh man page for the specifics.

Ljubomir
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] fail2ban problem on shutdown

Another post on fail2ban reminded me of a problem I had
in Italy, when the ADSL connection kept dropping,
and only came back on re-booting.
(I solved the problem in the end by getting a Billion modem/router
in place of the no-name one supplied by Telecom Italia.)

It seems that if there was no internet connection,
fail2ban hung for an inordinate length of time,
possibly for ever, when shutting down.
I found I had to stop it separately, before shutting down
or re-booting.


-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 

 -Original Message-
 From: centos-boun...@centos.org 
 [mailto:centos-boun...@centos.org] On Behalf Of John R Pierce
 Sent: Sunday, May 08, 2011 15:24
 To: centos@centos.org
 Subject: Re: [CentOS] Building a Back Blaze style POD
 
 On 05/08/11 12:06 PM, Jason wrote:
  Rudy,
 
 
  Do you have a recommendation of a motherboard?
 
  I am still reading the rest of your post. Thanks!
 
 most any server board that supports dual intel xeon 5500/5600 
 will let you pretty easily add 24GB per CPU socket while 
 using relatively affordable 4GB dimms.
 
 http://www.supermicro.com/products/motherboard/QPI/5500/X8DA6.
 cfm?SAS=N
 or whatever
 
 you might look at these chassis, which are, IMHO, better 
 engineered than that backblaze thing 
 http://www.supermicro.com/products/chassis/4U/847/SC847E16-R1400U.cfm


If you can use less drives, this would be more cost effective (time building 
time fixing)

http://www.newegg.com/Product/Product.aspx?Item=N82E16811219038 [400$]

And then if you wwant raid:
http://www.newegg.com/Product/Product.aspx?Item=N82E16816118141 [1300$] or
http://www.newegg.com/Product/Product.aspx?Item=N82E16816115095 [700$]

 
 this supports 36 SAS/SATA drives in a 4U (24 in front, 12 in 
 back) and has SAS2 backplane multiplexers so you don't need 
 nearly as many SAS/SATA cards
 
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Am I being to paranoid?

 -Original Message-
 From: centos-boun...@centos.org 
 [mailto:centos-boun...@centos.org] On Behalf Of Jason
 Sent: Sunday, May 08, 2011 15:02
 To: CentOS mailing list
 Subject: Re: [CentOS] Am I being to paranoid?

 Hi Russ,

   3. Is there a better way to right these rules?

  I wrote about my approch some time ago ...

 http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-update
  s.html

  Send them safely off your box, and back home

 I read your article and It seems we are doing the same thing? 
 Is there a benefit I dont understand to use your approach 
 versus the one I am using already?

The point you missed was that he packaged the conf gile as a RPM and then added
it to his local yum repo, so all his machines would get it durring the update
cycle.

 Is it true that you can to (.*) to handle easier matching?

 Say phpmyadmin, phpadmin, php-myadmin

 Could I do something like: RewriteCond %{REQUEST_URI} 
 ^/php(.*) [NC,OR] and that would handle all of them? 

 -Jason
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Typing startx gives me a black scrren, have to reboot to get back to runlevel 3

2011-05-08 Thread Gilbert Sebenste

On Sat, 7 May 2011, Phil Schaffner wrote:

 Gilbert Sebenste wrote on 05/07/2011 11:57 AM:
 ...
 I get a ton of stuff before this, but just info messages. Where should I
 start looking to fix this problem? I use the Redhat experimental kernels
 at http://epople.redhat.com/jwilson/el5/. Running CentOS 5.6,
 fully patched as of this morning with the gdb/OO updates.

 Not sure what the experimental kernels have to do with it, but you might
 try a standard kernel.

 See if this helps:
 http://wiki.centos.org/HowTos/ConfigureNewVideoCard

 If still having problems then see FAQ #23 at
 http://wiki.centos.org/FAQ/General

I'll do that tomorrow and see how it goes. Thanks, Phil!
I much appreciate the Wiki pointer, that's my first step.

***
Gilbert Sebenste 
(My opinions only!)  **
Staff Meteorologist, Northern Illinois University  
E-mail: seben...@weather.admin.niu.edu  ***
web: http://weather.admin.niu.edu  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD


 -Original Message-
 From: Jason Pyeron
 Sent: Sunday, May 08, 2011 16:04
 To: 'CentOS mailing list'
 Subject: Re: [CentOS] Building a Back Blaze style POD
 
 
  -Original Message-
  From: John R Pierce
  Sent: Sunday, May 08, 2011 15:24
  To: centos@centos.org
  Subject: Re: [CentOS] Building a Back Blaze style POD
  
  On 05/08/11 12:06 PM, Jason wrote:
   Rudy,
  
  
   Do you have a recommendation of a motherboard?
  
   I am still reading the rest of your post. Thanks!
  
  most any server board that supports dual intel xeon 
 5500/5600 will let 
  you pretty easily add 24GB per CPU socket while using relatively 
  affordable 4GB dimms.
  
  http://www.supermicro.com/products/motherboard/QPI/5500/X8DA6.
  cfm?SAS=N
  or whatever
  
  you might look at these chassis, which are, IMHO, better engineered 
  than that backblaze thing 
  
 http://www.supermicro.com/products/chassis/4U/847/SC847E16-R1400U.cfm

And http://www.avsforum.com/avs-vb/showthread.php?t=1149005

 
 
 If you can use less drives, this would be more cost effective 
 (time building  time fixing)
 
 http://www.newegg.com/Product/Product.aspx?Item=N82E16811219038 [400$]
 
 And then if you wwant raid:
 http://www.newegg.com/Product/Product.aspx?Item=N82E1681611814
1 [1300$] or
 http://www.newegg.com/Product/Product.aspx?Item=N82E16816115095 [700$]
 
  
  this supports 36 SAS/SATA drives in a 4U (24 in front, 12 in
  back) and has SAS2 backplane multiplexers so you don't need 
 nearly as 
  many SAS/SATA cards
  

ps, I hate Outlook.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH using Keys, no password and SFTP?

2011-05-08 Thread Brandon Ooi

On Sun, May 8, 2011 at 12:29 PM, Ljubomir Ljubojevic off...@plnet.rswrote:

 Jason wrote:
  So is it possible to require some users to use Password only and some to
 use Key only authentication?
 
  -Jason
 
 I am not sure.

 First auth ssh will try is key pair. if that does not work, it will ask
 for username and password. So if you leave password auth runnig and you
 use key pair, it will work. Take a look at ssh man page for the specifics.

 Ljubomir


Clients like filezilla can use SFTP keys held by ssh-agent. Filezilla on
windows can use the ssh-agent provided by putty. Try just putting no
password, the client may just work (with ssh-agent running)

Brandon
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Am I being to paranoid?

2011-05-08 Thread Eric Viseur

My 2 cents : OSSEC is quite good at actively blocking attackers in
situations like this.

2011/5/8 Jason Pyeron jpye...@pdinc.us


  -Original Message-
  From: centos-boun...@centos.org
  [mailto:centos-boun...@centos.org] On Behalf Of Jason
  Sent: Sunday, May 08, 2011 15:02
  To: CentOS mailing list
  Subject: Re: [CentOS] Am I being to paranoid?
 
  Hi Russ,
 
3. Is there a better way to right these rules?
  
   I wrote about my approch some time ago ...
  
  
  http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-update
   s.html
  
   Send them safely off your box, and back home
 
  I read your article and It seems we are doing the same thing?
  Is there a benefit I dont understand to use your approach
  versus the one I am using already?
 

 The point you missed was that he packaged the conf gile as a RPM and then
 added
 it to his local yum repo, so all his machines would get it durring the
 update
 cycle.

  Is it true that you can to (.*) to handle easier matching?
 
  Say phpmyadmin, phpadmin, php-myadmin
 
  Could I do something like: RewriteCond %{REQUEST_URI}
  ^/php(.*) [NC,OR] and that would handle all of them?
 
  -Jason
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 




 --
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 -   -
 - Jason Pyeron  PD Inc. http://www.pdinc.us -
 - Principal Consultant  10 West 24th Street #100-
 - +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
 -   -
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 This message is copyright PD Inc, subject to license 20080407P00.



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD

On 05/08/11 1:03 PM, Jason Pyeron wrote:
 If you can use less drives, this would be more cost effective (time building
 time fixing)

 http://www.newegg.com/Product/Product.aspx?Item=N82E16811219038  [400$]


multiple reports online indicate that norco case is very flimsy and 
poorly made.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Building a Back Blaze style POD