Re: [CentOS] Critical update for bash released today.
It is listed how one can check whether his system is vulnerable to shellshock or not how to verify after the upgrade of bash rpm. https://garage.godaddy.com/webpro/security/shellshock-vulnerability-need-know/ On Fri, Sep 26, 2014 at 4:24 PM, Johnny Hughes joh...@centos.org wrote: On 09/25/2014 01:49 AM, James Hogarth wrote: On 24 Sep 2014 17:12, Johnny Hughes joh...@centos.org wrote: For informational purposes: https://access.redhat.com/articles/1200223 As a by heads up that advisory has been updated since the updated packages were released. The fix in the previous packages is incomplete and there is a new cve being tracked as a result: https://access.redhat.com/security/cve/CVE-2014-7169 These are now released as well: CentOS7: http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html CentOS6: http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html CentOS5: http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html *NOTE*: CentOS-4 has been past End Of Life for a long time (February 2012), and this bash issue is just one of many Critical ones that mean you should not be running CentOS-4 in production where it in any way touches the Internet: http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html If you absolutely must run an EL4 workload, please do not do it on CentOS-4 and instead pay for and upgrade to RHEL-4 ELS as described in the above link from February 2012. CentOS-4 is unsafe .. don't use it .. don't do it .. please. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Critical update for bash released today.
Better one - https://support.godaddy.com/help/article/12120/patching-bash-on-your-server-shellshock-patch On Fri, Sep 26, 2014 at 4:33 PM, Ankush Grover ankushcen...@gmail.com wrote: It is listed how one can check whether his system is vulnerable to shellshock or not how to verify after the upgrade of bash rpm. https://garage.godaddy.com/webpro/security/shellshock-vulnerability-need-know/ On Fri, Sep 26, 2014 at 4:24 PM, Johnny Hughes joh...@centos.org wrote: On 09/25/2014 01:49 AM, James Hogarth wrote: On 24 Sep 2014 17:12, Johnny Hughes joh...@centos.org wrote: For informational purposes: https://access.redhat.com/articles/1200223 As a by heads up that advisory has been updated since the updated packages were released. The fix in the previous packages is incomplete and there is a new cve being tracked as a result: https://access.redhat.com/security/cve/CVE-2014-7169 These are now released as well: CentOS7: http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html CentOS6: http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html CentOS5: http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html *NOTE*: CentOS-4 has been past End Of Life for a long time (February 2012), and this bash issue is just one of many Critical ones that mean you should not be running CentOS-4 in production where it in any way touches the Internet: http://lists.centos.org/pipermail/centos-announce/2012-February/018462.html If you absolutely must run an EL4 workload, please do not do it on CentOS-4 and instead pay for and upgrade to RHEL-4 ELS as described in the above link from February 2012. CentOS-4 is unsafe .. don't use it .. don't do it .. please. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux and tinydns
On Thu, Feb 14, 2013 at 11:33 AM, Philip Manuel p...@zomojo.com wrote: Hi all, tinydns starts up fine, selinux reports no issues (now after a day of clearing errors). If I turn selinux back to permissive in /etc/sysconfig/selinux, and reboot, tinydns responds to queries. If I turn selinux back to enforcing and reboot, tinydns does not respond. Monitoring /var/log/messages shows no errors from iptables/shorewall or selinux. The only way I can find an error is performing the following:- netstat -npl | grep tinydns # gives me the process id strace -f -p process id From this I can see that tinydns is reporting an error of:- recvfrom(3, 0x606720, 513, 0, 0x7fffc7321ec0, 0x7fffc7321edc) = -1 EACCES (Permission denied) I've got setroubleshoot set to send me an alert on first occurrence of an issue, so far none received. Does anyone know how I should proceed from here ? May be you can see what is there is in the audit log and audit2allow tool might help you http://wiki.centos.org/HowTos/SELinux Thanks Phil. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 2way authentication for SSH?
you can use openotp which is free upto 25 users. http://www.rcdevs.com/products/openotp/ On Mon, Jan 28, 2013 at 1:37 PM, Alexander Dalloz ad+li...@uni-x.orgwrote: Am 28.01.2013 08:51, schrieb Rudi Ahlers: Hi, Does anyone know of a stable / working 2way authentication system for SSH, and even web authentication services? Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this. Does anyone know of a universal plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc? Any pointer would be appreciated. You may check LinOTP http://www.linotp.org/index.php/about Don't know your business case, but maybe even the commercially supported variant may be of interest for you. Regards Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] load balancer recommendations
You can try Zen Load Balancer http://www.zenloadbalancer.com/ On Thu, Jan 24, 2013 at 1:20 PM, andreas andr...@cymail.eu wrote: Στις 23-01-2013 16:25, Bowie Bailey έγραψε: On 1/20/2013 10:12 AM, Nikolaos Milas wrote: You'll undoubtedly find more material on the iNet, but I hope the above may serve as a starting point. The iNet? Wow, Apple's getting into everything these days... :) A clear indication of loosing sight of core competences. Isn't it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SIEM
Try anyone of these.. http://communities.alienvault.com/ http://www.cyberoam-iview.org/ On Tue, Dec 11, 2012 at 8:31 AM, Ray Van Dolson ra...@bludgeon.org wrote: ArcSi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squid cache question
Thanks Les. I will test your suggestion only thing I need to unable is sending the original source IP to the parent proxy and not the squid child proxy ip otherwise all the clients connected to child proxy will have unlimited download limit. John, Delay pools will not work in my case.. Thanks anyway.. Thanks Regards Ankush On Mon, Oct 8, 2012 at 3:32 PM, John Doe jd...@yahoo.com wrote: From: ankush grover ankushcen...@gmail.com We are trying to cache some files from apple.com like .dmg, .pkg, .ipa etc.. so that local clients can fetch the data from the cache. The problem we are facing is that we have download restrictions for every client to 25 MB during work hours except for a particular client. Now when this exception client downloads the files from apple.com it gets downloaded from the site and gets stored in the cache but as the download restrictions are for 25MB the files which are even in cache with size more than 25MB are not accessed by the other clients, if we remove download restriction for that client then the software gets downloaded. Not sure if I understand your goal but did you have a look at delay_pools? You would not restrict by size but by bandwidth... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squid cache question
Any update on this? We are stuck and need help.. Thanks Regards Ankush On Wed, Oct 3, 2012 at 9:20 AM, ankush grover ankushcen...@gmail.comwrote: Hi Friends, Same question has been asked on the Squid mailing list but so far no reply on the mailing list so posting it here also. We are trying to cache some files from apple.com like .dmg, .pkg, .ipa etc.. so that local clients can fetch the data from the cache. The problem we are facing is that we have download restrictions for every client to 25 MB during work hours except for a particular client. Now when this exception client downloads the files from apple.com it gets downloaded from the site and gets stored in the cache but as the download restrictions are for 25MB the files which are even in cache with size more than 25MB are not accessed by the other clients, if we remove download restriction for that client then the software gets downloaded. Is there any way we can allow any client to access objects/files in cache without removing the download restriction. We are using Squid 2.6 on Centos 5 64-bit. Cache configuration: cache_mem 128 MB maximum_object_size_in_memory 1024 KB cache_dir ufs /var/spool/squid 40 16 256 maximum_object_size 4096 MB refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|dmg|pkg|ipa)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private reply_body_max_size 0 allow sp-download-grant reply_body_max_size 0 allow sp-download-grant-dst acl WorkingHours4 time D 09:00-18:00 acl WorkingHours1 time D 10:30-12:59 acl WorkingHours2 time D 15:00-18:30 acl WorkingHours3 time D 13:00-14:59 acl google dstdomain .video.google.com acl youtube dstdomain .youtube.com reply_body_max_size 5 allow WorkingHours1 google reply_body_max_size 5 allow WorkingHours2 google reply_body_max_size 5 allow WorkingHours3 google reply_body_max_size 500 allow WorkingHours2 youtube reply_body_max_size 500 allow WorkingHours1 youtube reply_body_max_size 5000 allow WorkingHours3 youtube http_access allow google indus http_access allow youtube indus reply_body_max_size 2600 allow WorkingHours1 all reply_body_max_size 2600 allow WorkingHours2 all reply_body_max_size 5000 allow WorkingHours3 all http_access allow allowindus WorkingHours4 http_access allow indus Do let me know if you need any further information. Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] squid cache question
Hi Friends, Same question has been asked on the Squid mailing list but so far no reply on the mailing list so posting it here also. We are trying to cache some files from apple.com like .dmg, .pkg, .ipa etc.. so that local clients can fetch the data from the cache. The problem we are facing is that we have download restrictions for every client to 25 MB during work hours except for a particular client. Now when this exception client downloads the files from apple.com it gets downloaded from the site and gets stored in the cache but as the download restrictions are for 25MB the files which are even in cache with size more than 25MB are not accessed by the other clients, if we remove download restriction for that client then the software gets downloaded. Is there any way we can allow any client to access objects/files in cache without removing the download restriction. We are using Squid 2.6 on Centos 5 64-bit. Cache configuration: cache_mem 128 MB maximum_object_size_in_memory 1024 KB cache_dir ufs /var/spool/squid 40 16 256 maximum_object_size 4096 MB refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|dmg|pkg|ipa)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private reply_body_max_size 0 allow sp-download-grant reply_body_max_size 0 allow sp-download-grant-dst acl WorkingHours4 time D 09:00-18:00 acl WorkingHours1 time D 10:30-12:59 acl WorkingHours2 time D 15:00-18:30 acl WorkingHours3 time D 13:00-14:59 acl google dstdomain .video.google.com acl youtube dstdomain .youtube.com reply_body_max_size 5 allow WorkingHours1 google reply_body_max_size 5 allow WorkingHours2 google reply_body_max_size 5 allow WorkingHours3 google reply_body_max_size 500 allow WorkingHours2 youtube reply_body_max_size 500 allow WorkingHours1 youtube reply_body_max_size 5000 allow WorkingHours3 youtube http_access allow google indus http_access allow youtube indus reply_body_max_size 2600 allow WorkingHours1 all reply_body_max_size 2600 allow WorkingHours2 all reply_body_max_size 5000 allow WorkingHours3 all http_access allow allowindus WorkingHours4 http_access allow indus Do let me know if you need any further information. Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Log viewing and analysis tools
Please check which one suits you more both are web-based Octopussy or loganalyer http://loganalyzer.adiscon.com/ http://sourceforge.net/projects/syslog-analyzer/ On Tue, Aug 28, 2012 at 3:21 PM, David McGuffey davidmcguf...@verizon.netwrote: I have a requirement to allow our security officer to regularly view and analyze the logging and auditing results of one of the machines in our lab. He comes from the Microsoft Windows world and is not a *nix trained person. I know I can configure logwatch. I can also create a script containing various 'aureport' runs into a cron job. Any recommendations for a GUI-based tool that would be easy for him to learn? Dave M ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Script for enabling screen savers in GNOME and KDE on Centos 5.x
Hi Friends, I am trying to configure screensavers settings on Gnome and KDE running Centos 5.x 32-bit environment. I need to prepare a script which will be push by Puppet and this script should be able to change settings like idle_delay, set customized password-protected screen saver, enabling lock etc.. I have tried below commands for Gnome and somehow the settings are not taking place. The users screensavers setting remains the same. Gnome Settings: gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /apps/gnome-screensaver/idle_delay 4 gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type boolean --set /apps/gnome-screensaver/lock_enabled true gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type boolean --set /apps/gnome-screensaver/idle_activation_enabled true gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --set --type list --list-type=string /apps/gnome-screensaver/themes [blank-only] On KDE I am not able to get what settings should be there for enabling idle_delay, activating the customized password protected screen saver etc.. KDE Settings $ qdbus org.freedesktop.ScreenSaver /ScreenSaver Do let me know whether any more information is required or not. Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help in writing a shell/bash script
Thanks supergiantpotato and Edo. Scripts worked for me. Thanks a lot :) On Sat, Dec 31, 2011 at 12:45 AM, m.r...@5-cent.us wrote: John R Pierce wrote: On 12/30/11 9:58 AM, Les Mikesell wrote: Here's a perl approach: which, unlike all the other versions, doesn't require the data be pre-sorted, by virtue of adding all the tuples to a hash. I don't even think that sort in the output loop is required, unless you want the groups output in alphabetic order. IIRC, the awk will come out in order, given the hash. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Need help in writing a shell/bash script
Hi Friends, I am trying to write a shell script which can merge the 2 columns into 3rd one on Centos 5. The file is very long around 31200 rows having around 1370 unique groups and around 12000 unique user-names. The 1st column is the groupname and then 2nd column is the user-name. 1st Column (Groupname)2nd Column (username) admin ankush admin amit powerusers dinesh powerusers jitendra The desired output should be like this admin: ankush, amit powerusers: dinesh, jitendra There are commands available but not able to use it properly to get the desired output. Please help me Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to grep 5 mins logs
It is really slow when 2-3 greps are combined. But it will do the job until you solve this with more elegance. What you can try is to compile search pattern from 2-3 date outputs so it will match the text in the log. dayname=$(date +%a); month=$(date +%b); time=$(date +%d); year=$(date +%Y); search1=$dayname $month $time $year # add spaces where needed and order parts properly to match log for (( i = 5; i=0; i-- )) ; do grep $(date +%R -d -$i min) /var/ossec/logs/active-responses.log | grep $search1 /tmp/newlog.log;done Also consider dropping parts like day as a name when you have day as a number to speed up. Ljubomir Thanks a lot Ljubomir :) The script is below month=$(date +%b); time=$(date +%d);year=$(date +%Y); search1=$month $time echo $search1 for (( i = 5; i=0; i-- )) ; do grep $(date +%R -d -$i min) /var/ossec/logs/active-responses.log | grep $search1 | grep $year /tmp/ossecactive.log;done ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Unable to grep 5 mins logs
Hi Friends! I need to prepare a script which will grep logs from the current time to previous 5 mins that is if the current time is Mon Jun 13 12:40:40 IST 2011 then all the logs between the interval Mon Jun 12:35 - 12:40 2011 should be grepped by the script and append it to another file. However, the below script is not able to grep the desired logs, so I need some help in preparing the script. I am running Centos 5.2 32-bit. for (( i = 5; i =0; i-- )) ; do grep $(date +%a %b %d %R %Y -d -$i min) /var/ossec/logs/active-responses.log /tmp/newlog.log;done /var/ossec/logs/active-responses.log format is below Fri Jun 3 15:38:14 IST 2011 /var/ossec/active-response/bin/host-deny.sh add - 172.31.5.12 1307095694.71353 31151 Fri Jun 3 15:38:14 IST 2011 /var/ossec/active-response/bin/firewall-drop.sh add - 172.31.5.12 1307095694.71353 31151 Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to grep 5 mins logs
Combine 2-3 greps: for (( i = 5; i=0; i-- )) ; do grep `date +%a` | grep `date +%b` | grep `date +%d` | grep `date +%Y` | $(date +%R -d -$i min) /var/ossec/logs/active-responses.log /tmp/newlog.log;done Change order of greps to gain speed at first cutting part of lines with most hits. Ljubomir _ It is really slow when 2-3 greps are combined. __ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] system time automatically fowards in time and then comes back to normal
Hi friends, I am running Nagios 2.7-1 on Centos 5.0 32-bit hosted on Vmware ESX 4.0. The issue I am seeing on the server is sometimes nagios is showing the below messages in /var/log/messages and as the system time gets changed some false alarms gets generated. I searched it on the google but I am not able to find the correct solution. I even posted on the nagios forum and they asked me to see elsewhere why the server shitfs so much before looking at nagios. Nov 21 20:37:12 linuxmonitoring nagios: Warning: A system time change of 4398 seconds (forwards in time) has been detected. Compensating... Nov 21 19:23:54 linuxmonitoring nagios: Warning: A system time change of 4398 seconds (backwards in time) has been detected. Compensating.. Earlier this server was syncing time through ntp daemon and below is the ntp.conf file. Now I have set a cronjob which sync the time with the ntp server every 5 minutes but still the problem persist. ntp.conf file restrict default ignore restrict 127.0.0.1 driftfile /var/lib/ntp/drift broadcastdelay 0.008 #authenticate yes keys /etc/ntp/keys restrict 172.16.6.3 nomodify notrap noquery server 172.16.6.3 restrict 172.16.6.2 nomodify notrap noquery server 172.16.6.2 Please see the output of hwclock and date at the same time. hwclock Sat 21 Nov 2009 08:19:02 PM IST -0.496922 seconds date Sat Nov 21 20:19:55 IST 2009 Please advice what I need to do to fix this error. Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Issues with Ldap client on Centos 5
Hi Friends, We are running some of the Centos 5 32 bit, 5.2 64-bit systems. These systems are ldap clients and the ldap server is Windows 2003 Server. Sometimes 1 or 2 services on these servers sucks 100% cpu and the load becomes high on the server. Below is an example where one the httpd process was eating 100% cpu and we took dump of this process gcore 17711 Core was generated by `/usr/sbin/httpd'. #0 0x2ad1849cd997 in ldap_chase_v3referrals () from /usr/lib64/libldap-2.3.so.0 (gdb) bt full #0 0x2ad1849cd997 in ldap_chase_v3referrals () from /usr/lib64/libldap-2.3.so.0 No symbol table info available. #1 0x2ad1849bc4dd in ldap_msgdelete () from /usr/lib64/libldap-2.3.so.0 No symbol table info available. #2 0x2ad1849bceb0 in ldap_result () from /usr/lib64/libldap-2.3.so.0 No symbol table info available. /etc/ldap.conf file host dc.example.com base ou=users,dc=example,dc=com binddn cn=ldap,ou=extra accounts,dc=example,dc=com bindpw QrQcepFKHR6wGNXu4 scope sub ssl no nss_base_passwd dc=example,dc=com?sub nss_base_shadow dc=example,dc=com?sub nss_base_group dc=example,dc=com?sub nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute uidNumber UidNumber nss_map_attribute gidNumber GidNumber nss_map_attribute loginShell LoginShell nss_map_attribute gecos name nss_map_attribute userPassword unixUserPassword nss_map_attribute homeDirectory unixHomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute uniqueMember msSFU30PosixMember nss_map_attribute cn cn pam_login_attribute sAMAccountName pam_filter objectclass=user pam_password md5 timelimit 0 sizelimit 0 tls_cacertdir /etc/openldap/cacerts There are 2 bugs listed on the redhat site but no solution for this problem has been provided. https://bugzilla.redhat.com/show_bug.cgi?id=222667 https://bugzilla.redhat.com/show_bug.cgi?id=474181 Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] restricting mails from mail command to specific domains only in postfix
On Sat, Jan 3, 2009 at 5:07 AM, mouss mo...@ml.netoyen.net wrote: ankush grover a écrit : Hi Friends, I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through mail command I am able to send mails to any domain from these 5 servers. bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.gro...@example.com 250 Ok 501 Syntax: RCPT TO: address rcpt to:ank...@gmail.com 554 ank...@gmail.com: Relay access denied How can I restrict mails even going through mail command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through mail command. smtpd_*_restrictions apply to mail submitted via SMTP (which is the case if you use telnet or if mail is received from a remote machine). but mail submitted via the sendmail command (which is the case when you use the 'mail' command) is not subject to these restrictions. Seems so. in short, with your current config, you have what you want except for mail submitted via a sendmail on the relay itself. The issue was on one of the linux server the relay host was not defined in sendmail and I was testing the mail configuration that server. Anyway now mails from other domains are getting denied from all the 5 servers and only thing left is how to restrict mails from the relay host (postfix mail server). Mouss has given a good example and I will try that. Thanks to all of you for helping me out :) Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] restricting mails from mail command to specific domains only in postfix
Hi Friends, I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through mail command I am able to send mails to any domain from these 5 servers. bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.gro...@example.com 250 Ok 501 Syntax: RCPT TO: address rcpt to:ank...@gmail.com 554 ank...@gmail.com: Relay access denied How can I restrict mails even going through mail command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through mail command. Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] centralized logs server and also storing the logs on the local server
Hi Friends, I am running most of my company's Linux Servers on Centos 4.x/5.x 32 and 64-bit. I am now trying to configure a centralized logging server where logs of all the linux servers will be stored and also I want to store all the logs on the local server aka means logs will be sent to the central log server but also will be stored on the local server. The reason for storing the logs locally is because we have offices in different cities and few more offices are coming up and it is good to store the logs locally so that when the connectivity b/w the offices break the logs does not get lost. There are lots of configuration available on internet which tells how to send the logs to the centralized log server but I did not find any configuration where logs can be stored locally as well as send to the centralized log. Moreover I am also looking for logs analyzer tool which can generate reports separately for each host for ex there are logs of 15 servers are stored on the server and this logs analyzer tool should generate reports separately for each host. Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network issues with CentOS 5.2
On Fri, Sep 19, 2008 at 8:43 PM, Joey Mendez [EMAIL PROTECTED] wrote: I appreciate your reply to my email. The steps ou have given me are things that I have done and are already in place. I still cannot get the eth to activate unless I issue it a static IP it for some reason will not activate under the DHCP selection. Has anyone ever experienced this. If I do assign it an IP it will activate but still has no internet connection. I can ping itself but cannot ping any machine outside of it or have a machine outside be able to ping it. Hi, For internet to work properly dns servers needs to be entered if you are using static ipaddress. Open the terminal and edit /etc/resolv.conf file through any text editor and enter dns servers domain example.com # Incase you want this domain to be your default domain nameserver xx.xx.xx.xx # Dns Server ipaddress or hostname nameserver xx.xx.xx.xx# DNS Server ipadddress or hostname save the file and restart nscd service service nscd restart As you mentioned you are not able to ping the machine outside kindly check the firewall rules aka iptables. iptables -L If you don't want to use iptables or firewall on this machine then run the below commands iptables -F service iptables save chkconfig iptables off Now check the network connectivity by pinging other machines. Note: You need to be root to perform the above steps Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using NOPASSWD in sudoers
On Thu, Sep 18, 2008 at 11:19 PM, Ski Dawg [EMAIL PROTECTED] wrote: Hello Everyone, I am trying to change our /etc/sudoers (using visudo) to allow 2 commands to be run as root without a password, but it isn't working. Here is the part of the sudoers file that is in question. # User alias specification User_Alias FULLACCESS = doug, scott # members of the FULLACCESS User_Alias may run chown and chmod without a password FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod # members of the FULLACCESS User_Alias may run anything but need a password FULLACCESS ALL=(root) ALL The part for requiring a password works, but not the NOPASSWD line. I have tried changing the order of these lines with no change in behavior. After each change to the sudoers file, I am logging out of the machine and logging back in to make sure that it is properly reading the changes. I have also replaced the list of commands with a Cmnd_Alias, with no change in behavior. Any thoughts or suggestions about what I am missing. -- Hi, Can you remove (root) and then try for NOPASSWD Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to compile mod_jk on Centos 5.2 64-bit (solved)
On Tue, Sep 2, 2008 at 4:11 PM, Farkas Levente [EMAIL PROTECTED] wrote: ankush grover wrote: Hi Friends, I am trying to compile mod_jk on Centos 5.2 64-bit but I am getting apxs not found. Whereas apxs is already there on the server Hi, Problem was apr-devel 64 bit was not installed and it seems to be a bug on centos 5.2 where apr-devel is not getting installed when httpd-devel is installed through yum. Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Unable to compile mod_jk on Centos 5.2 64-bit
Hi Friends, I am trying to compile mod_jk on Centos 5.2 64-bit but I am getting apxs not found. Whereas apxs is already there on the server type apxs apxs is /usr/sbin/apxs ./configure CFLAGS=' -arch x86_64 ' APXSLDFLAGS=' -arch x86_64 ' --with-apxs=/usr/sbin/apxs checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for test... /usr/bin/test checking for rm... /bin/rm checking for grep... /bin/grep checking for echo... /bin/echo checking for sed... /bin/sed checking for cp... /bin/cp checking for mkdir... /bin/mkdir need to check for Perl first, apxs depends on it... checking for perl... /usr/bin/perl could not find /usr/sbin/apxs configure: error: You must specify a valid --with-apxs path httpd-devel is already installed on this server but still the error persisting. Installed Packages httpd.x86_64 2.2.3-11.el5_1.centos. installed httpd-devel.x86_64 2.2.3-11.el5_1.centos. installed httpd-manual.x86_64 2.2.3-11.el5_1.centos. installed Below is the config.log file This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.60. Invocation command line was $ ./configure CFLAGS=-arch x86_64 APXSLDFLAGS=-arch x86_64 --with-apxs=/usr/sbin/apxs ## - ## ## Platform. ## ## - ## hostname = webserver.example.com uname -m = x86_64 uname -r = 2.6.18-92.el5 uname -s = Linux uname -v = #1 SMP Tue Jun 10 18:51:06 EDT 2008 /usr/bin/uname -p = unknown /bin/uname -X = unknown /bin/arch = x86_64 /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/kerberos/sbin PATH: /usr/kerberos/bin PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /sbin PATH: /bin PATH: /usr/sbin PATH: /usr/bin PATH: /root/bin /configure CFLAGS=' -arch x86_64 ' APXSLDFLAGS=' -arch x86_64 ' --with-apxs=/usr/sbin/apxs checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for test... /usr/bin/test checking for rm... /bin/rm checking for grep... /bin/grep checking for echo... /bin/echo checking for sed... /bin/sed checking for cp... /bin/cp checking for mkdir... /bin/mkdir need to check for Perl first, apxs depends on it... checking for perl... /usr/bin/perl could not find /usr/sbin/apxs configure: error: You must specify a valid --with-apxs path cat config.log | more This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.60. Invocation command line was $ ./configure CFLAGS=-arch x86_64 APXSLDFLAGS=-arch x86_64 --with-apxs=/usr/sbin/apxs ## - ## ## Platform. ## ## - ## hostname = webserver.example.com uname -m = x86_64 uname -r = 2.6.18-92.el5 uname -s = Linux uname -v = #1 SMP Tue Jun 10 18:51:06 EDT 2008 /usr/bin/uname -p = unknown /bin/uname -X = unknown /bin/arch = x86_64 /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/kerberos/sbin PATH: /usr/kerberos/bin PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /sbin PATH: /bin PATH: /usr/sbin PATH: /usr/bin PATH: /root/bin ## --- ## ## Core tests. ## ## --- ## configure:1996: checking build system type configure:2014: result: x86_64-unknown-linux-gnu configure:2036: checking host system type configure:2051: result: x86_64-unknown-linux-gnu configure:2073: checking target system type configure:2088: result: x86_64-unknown-linux-gnu configure:2134: checking for a BSD-compatible install configure:2190: result: /usr/bin/install -c configure:2201: checking whether build environment is sane configure:2244: result: yes configure:2309: checking for gawk configure:2325: found /bin/gawk configure:2336: result: gawk configure:2347: checking whether make sets $(MAKE) configure:2368: result: yes configure:2563: checking for test
[solved]Re: [CentOS] How to Auto Add forward slash / when accessing a link/url through ProxyPass
On Sun, Jul 6, 2008 at 8:21 PM, nate [EMAIL PROTECTED] wrote:
ankush grover wrote:
I have the below lines added in httpd.conf file
RewriteEngine On
RewriteCond %{REQUEST_URI} /testdiary
RewriteRule /testdiary(.)$ /testdiary/
ProxyPass /testdiary http://testdiary.example.com/
ProxyPassReverse /testdiary http://testdiary.example.com/
This is what I do on my systems
RedirectMatch /testdiary$ http://mysite.example.com/testdiary/
nate
Hi
Using RedirectMatch /testdiary$ /testdiary/ fixed the problem
Thanks everyone.
Regards
Ankush
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to Auto Add forward slash / when accessing a link/url through ProxyPass
Hi Friends,
I am using Centos 5.2 and using ProxyPass to access applications
running on other servers. Everything is working fine except for one of
the applications I need to auto add forward slash when any user tries
to access that application. For ex
ProxyPass /testdiaryhttp://testdiary.example.com/
ProxyPassReverse /testdiary http://testdiary.example.com/
If somebody access directly http://testdiary.example.com/ everything
is coming means the login page but when the same link is accessed
through apache server on which proxypass is running then the login
page does not appear(http://portal.example.com/testdiary). How can I
auto add / when somebody put the url
http://portal.example.com/testdiary which should first be
converted/redirected to http://portal.example.com/testdiary/ (auto
added forward slash).
I have the below lines added in httpd.conf file
RewriteEngine On
RewriteCond %{REQUEST_URI} /testdiary
RewriteRule /testdiary(.)$ /testdiary/
ProxyPass /testdiary http://testdiary.example.com/
ProxyPassReverse /testdiary http://testdiary.example.com/
Please let me know if you need any other information.
Regards
Ankush
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] redirecting outside connections to https on apache
Hi friends, There are about 15 applications hosted on different in our infrastructure mostly running on apache/iis/tomcat. We have a frontend apache server running on Centos 4.4 64bit which make these applications accessible to outside world. For the applications which are running on tomcat we are running jkmount to make these applications available without mentioning tomcat ports. For apache/iis applications we are using ProxyPass. The issue we are facing is that we are not able to make these applications accessible through https automatically means if the user is not from within the LAN then the http link should automatically redirected to https. We already have GoDaddy stamped ssl certificate on this apache frontend server but we are struggling for rules for outside world. What is the best way to make these applications accessible to outside world through https connections only that is if somebody use http://xx.xx.com/xx to use the application it should be redirected to https we don't have the requirement for https connections from within the LAN but definitely for outside connections. JkMount /team/* team JkMount /team team Then we have rules for this in the workers.properties file ProxyPass /public http://my.testing.com/public ProxyPassReverse /public https://my.testing.com/public Please let me know do you need any further inputs Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] put command is not working in tftp server
Hi Friends,
I am trying to configure a tftp server on Centos 5.0. get command is
working fine but not the put command. I searched on the google and
tried few things like 777 on /tftpboot, changing ownership to nobody
on /tftpboot and also in /etc/xinetd.d/tftp, adding -c as server_args
but still the problem persists.
tftp -v localhost
Connected to localhost.localdomain (127.0.0.1), port 69
tftp put wine-core-0.9.50-1.el5.rf.i386.rpm
putting wine-core-0.9.50-1.el5.rf.i386.rpm to
localhost.localdomain:wine-core-0.9.50-1.el5.rf.i386.rpm [netascii]
Error code 1: File not found
tftp localhost
tftp get wine-core-0.9.50-1.el5.rf.i386.rpm
ls -la /etc/xinetd.d/tftp
-rw-r--r-- 1 root root 509 Feb 28 03:09 /etc/xinetd.d/tftp
cat /etc/xinetd.d/tftp | grep -v #
service tftp
{
socket_type = dgram
protocol= udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source= 11
cps = 100 2
flags = IPv4
}
rpm -qa | grep tftp
tftp-server-0.42-3.1.el5.centos
tftp-0.42-3.1.el5.centos
Please let me know if you need any further inputs.
Thanks Regards
Ankush
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] put command is not working in tftp server
On Wed, Feb 27, 2008 at 10:27 PM, Lorenzo Quatrini [EMAIL PROTECTED] wrote: nate ha scritto: ankush grover wrote: Please let me know if you need any further inputs. I'm not sure if it applies to all tftp servers but for the most part the file your uploading must already exist and be world writable. touch /tftpboot/filename chmod 666 /tftpboot/filename then upload filename (assuming /tftpboot/ is where your root is at) nate Yes, this is done for security reasons. If you want you can override this adding the -c flag to the server_args line (server_args = -c -s /tftpboot) but since there is no authentication anyone which can reach the server can write (or overwrite) anything on \tftpboot directory Lorenzo Hi , Security is not an issue on this server as this is a testing server. I added the -c parameter and now put command is working fine. Thanks Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] discrepancy between what quota reports and what du reports (second time post)
Hi Friends,
I am running samba as domain member of AD 2k3 on Centos 4.4 . Quota of
2GB is set for each user but for 2-3 uers quota or edquota is
showing wrong blocks even though disk space occupied by that user is
very less than the quota specified for ex 810 MB.
quota bhavesh.kumar
Disk quotas for user bhavesh.kumar (uid 11254):
Filesystem blocks quota limit grace files quota limit grace
/dev/cciss/c0d0p5
2791832* 200 2001595 0 0
# du -sh bhavesh.kumar
809Mbhavesh.kumar
dumpe2fs /dev/cciss/c0d0p3 |grep -i block size
dumpe2fs 1.35 (28-Feb-2004)
Block size: 4096
I tried quotaoff and quotaon on the /home partition and also mount
-all command to remount the partitions but still the problem is
persisting.
Further diagnosing the problem there are double entries of the files
in the directory kindly see entries 45-50 63-68
find . -uid 11254 -exec ls -l {} ;|nl | more
45 -rwxr--r-- 1 bhavesh.kumar root 27136 Feb 7 15:44 Appraisal-ADP.xls
46 -rwxr--r-- 1 bhavesh.kumar root 24064 Feb 7 15:44 Appraisal-DAL.xls
47 -rwxr--r-- 1 bhavesh.kumar root 26112 Feb 7 15:44
Appraisal-Guidelines.xls
48 -rwxr--r-- 1 bhavesh.kumar root 55296 Feb 7 15:44 Appraisal-GUI.xls
49 -rwxr--r-- 1 bhavesh.kumar root 30208 Feb 7 15:44 AppraisalMaster.xls
50 -rwxr--r-- 1 bhavesh.kumar root 37376 Feb 7 15:44 Appraisal-QA.xls
51 drwxr-xr-x 2 bhavesh.kumar root 4096 Feb 7 15:44 Apr-Sep2006
52 drwxr-xr-x 2 bhavesh.kumar root 4096 Feb 7 15:44 Apr-sep-2007
53 -rwxr--r-- 1 bhavesh.kumar root 21504 Feb 7 15:44 Brabeion -
Appraisal.xls
54 -rwxr--r-- 1 bhavesh.kumar root 19456 Feb 7 15:44 Guidelines.xls
55 drwxr-xr-x 2 bhavesh.kumar root 4096 Feb 7 15:44 Oct-Mar2007
56 -rwxr--r-- 1 bhavesh.kumar root 37376 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Appraisal-QA.xls
57 -rwxr--r-- 1 bhavesh.kumar root 24064 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Appraisal-DAL.xls
58 total 28
59 -rwxr--r-- 1 bhavesh.kumar root 26624 Feb 7 15:44 Team.xls
60 -rwxr--r-- 1 bhavesh.kumar root 26624 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-sep-2007/Team.xls
61 -rwxr--r-- 1 bhavesh.kumar root 26112 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Appraisal-Guidelines.xls
62 total 256
63 -rwxr--r-- 1 bhavesh.kumar root 27136 Feb 7 15:44 Appraisal-ADP.xls
64 -rwxr--r-- 1 bhavesh.kumar root 24064 Feb 7 15:44 Appraisal-DAL.xls
65 -rwxr--r-- 1 bhavesh.kumar root 26112 Feb 7 15:44
Appraisal-Guidelines.xls
66 -rwxr--r-- 1 bhavesh.kumar root 55296 Feb 7 15:44 Appraisal-GUI.xls
67 -rwxr--r-- 1 bhavesh.kumar root 30208 Feb 7 15:44 AppraisalMaster.xls
68 -rwxr--r-- 1 bhavesh.kumar root 37376 Feb 7 15:44 Appraisal-QA.xls
69 -rwxr--r-- 1 bhavesh.kumar root 21504 Feb 7 15:44 Brabeion -
Appraisal.xls
70 -rwxr--r-- 1 bhavesh.kumar root 19456 Feb 7 15:44 Guidelines.xls
71 -rwxr--r-- 1 bhavesh.kumar root 37376 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Appraisal-QA.xls
72 -rwxr--r-- 1 bhavesh.kumar root 24064 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Appraisal-DAL.xls
73 -rwxr--r-- 1 bhavesh.kumar root 26112 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Appraisal-Guidelines.xls
74 -rwxr--r-- 1 bhavesh.kumar root 30208 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/AppraisalMaster.xls
75 -rwxr--r-- 1 bhavesh.kumar root 21504 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Brabeion - Appraisal.xls
76 -rwxr--r-- 1 bhavesh.kumar root 19456 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Guidelines.xls
77 -rwxr--r-- 1 bhavesh.kumar root 27136 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Appraisal-ADP.xls
78 -rwxr--r-- 1 bhavesh.kumar root 55296 Feb 7 15:44 ./Laptop
Data/Brabeion/Appraisal/Apr-Sep2006/Appraisal-GUI.xls
79 total 200
I have rebooted the system but still the problem persists. Even I have
recreated the users again but everytime it is taking up the old
blocks.
There is another person who faced the same problem with redhat 4.4 but the
solution is not given.
http://www.opensubscriber.com/message/centos@centos.org/8548096.html
Thanks Regards
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] equota reporting wrong blocks
Hi Friends, I am running samba as domain member of AD 2k3 on Centos 4.4 . Quota of 2GB is set for each user but for one of the user quota or edquota is showing wrong blocks even though disk space occupied by that user is 809M. quota bhavesh.kumar Disk quotas for user bhavesh.kumar (uid 11254): Filesystem blocks quota limit grace files quota limit grace /dev/cciss/c0d0p5 2791832* 200 2001595 0 0 # du -sh bhavesh.kumar 809Mbhavesh.kumar dumpe2fs /dev/cciss/c0d0p3 |grep -i block size dumpe2fs 1.35 (28-Feb-2004) Block size: 4096 I tried quotaoff and quotaon on the /home partition and also mount -all command to remount the partitions but still the problem is persisting. Kindly suggest me how to get rid of this problem. Please let me know if you need any further inputs. Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] strategy/technology to backup 20TB or more user's data
Hi Friends, I am currently using Samba on Centos 4.4 as a domain member of AD 2003 with each user having a quota of 2GB(no of users is around 2,000). Now the management wants to increase the quota to 10GB with this there will be more than 20TB of data to be backup weekly which will take lots of hours. Currently Veritas backup software is used to backup data on tapes. There is a concept of snapshots of Samba with LVM where snapshots of samba are taken at the given interval but so far haven't found any good article or how-to on that and also what is the experience of users using this technology and also what other technologies are being to handle TBs of data. Kindly let me know if you need any further inputs Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum upgrade php dependency failure
On Feb 6, 2008 10:30 AM, Ed Morrison [EMAIL PROTECTED] wrote: Hi, I am trying to upgrade php to version 5. When running yum upgrade I get this failure: -- Running transaction check -- Processing Dependency: php = 4.3.9-3.22.9 for package: php-pear -- Finished Dependency Resolution Error: Missing Dependency: php = 4.3.9-3.22.9 is needed by package php-pear but the required php version is installed: [EMAIL PROTECTED] ~]# rpm -q php php-4.3.9-3.22.9 Any suggestions on what is wrong and how to fix this? Thanks! Ed Hi, The error says the php 4.3.9-3.22.9 is needed by the package php-pear. yum remove php-pear and then try to upgrade php. Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Need help in analyzing ntop data
Hi, I want to do some analysis of NTOP data. Currently I have installed NTOP on Centos 5.1 and I am able to see some network data being graphed. But there is no documentation given whether NTOP is showing Network Throughput in MBytes or MBits for ex I am getting Throughput Min: 163.7k , Max: 3.0 M and Last 859.4k and there are some options like anomalia, upper,lower and trend (30min). Under All Protocols - Traffic I can see per hour data received and data sent but I am not able to figure out how NTOP is currently the percentage of this data TimeTot. Traffic Sent %Traffic Sent Tot. Traffic Rcvd % Traffic Rcvd 10 AM 287.8 MBytes 0.3% 32.9 MBytes 1.4 % How NTOP is calculating %Traffic Sent /Rcvd? Please let me know if you need any further inputs . Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] need help in configuring iptables for smtp traffic
Hi Alain, Thanks for replying to my question. My understandin is: You are load balancing your outgoing traffic Yes, load balancing outgoing traffic route add $smtpserver1 netmask 255.255.255.255 gw $publicip1 route add $publicip1 gw $gw1 You are trying to force the GW for smtpserver1, but Yes, we are trying to the force the gateway for smtpserver1 and smtpserver2 . As both the smtpservers will go through specified ISPs. Some more iptables rules which ban sending mails from different vlans/lans directly to public ips (both 1 and 2) $IPTABLES -A INPUT -p tcp -s $lan1 -d $publicip1 --dport $SMTP -j DROP \ $IPTABLES -A INPUT -p tcp -s $lan2 -d $publicip1 --dport $SMTP -j DROP \ $IPTABLES -A INPUT -p tcp -s $lan3 -d $publicip1 --dport $SMTP -j DROP \ Same rules we have for publicip2. But still we are not able to send emails from the $smtpserver running in the local lan to outside. Our requirement is like this smtpserver1 which is running postfix should only send/receive emails through publicip1 and smtpserver2 which is also running postfix should sends/receive mails through publicip2. We are able to receive emails both the public ips on the respective smtp servers but when we are sending emails to outside world it is sometimes going through both the public ips from a single smtp server. ... it doesn't work. I had a similar problem. I have create rules in the mangle INPUT table to 'mark' packets , for example: 0 for packet that must be load balanced 1 for packet that must go through first ISP 2 for the second ISP Then in my routing rules, I use the mark to use one or another routing table. Can you mail me an example that will be very helpful for me. Thanks Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] need help in configuring iptables for smtp traffic
Hi Friends, I am running Centos 5 64-bit on a Dell sever. I am trying to configure iptables for smtp traffic for which I need some help/guidance. The scenario is like this: On a linux box we have 3 public ips(eth1,eth2 and eth3) and 1 LAN IP(eth0). 2 public IPs are from the same service provider and 1 is from different service provider. eth3 and eth2 are from the same public provider but currently we are using only eth2 public ip There is a script which load balances the Internet Connection to both the Service providers through ip rule ip rule add from $publicip1 table 1 ip rule add from $publicip2 table 2 ip route add default scope global nexthop via $publicip1 dev eth1 weight 2 nexthop via $publicip2 dev eth2 weight 6 The problem we are facing is that we have 2 mx exchangers in our domain. Both the exchangers receives/sends the mails from the public ip like mx1 will receive/sends mails through eth1 (another service provider) mx2 will receive/sends mails through eth2 (another service provider) Accepting mails from public ip iptables -A INPUT -p tcp -d $publicip1 --dport 25 -j ACCEPT \ Natting rules iptables -A FORWARD -p tcp -d $smtpserver1 --dport 25 -j ACCEPT \ iptables -t nat -A PREROUTING -d $publicip1 -p tcp --dport 25 -j DNAT --to $smtpserver1:25 \ Sending mails from smtpserver1 to publicip1 iptables -t nat -A POSTROUTING -s $smtpserver1 -d 0/0 -o eth1 -j SNAT --to-source $publicip1 route add $smtpserver1 netmask 255.255.255.255 gw $publicip1 route add $publicip1 gw $gw1 Some more iptables rules which ban sending mails from different vlans/lans directly to public ips (both 1 and 2) $IPTABLES -A INPUT -p tcp -s $lan1 -d $publicip1 --dport $SMTP -j DROP \ $IPTABLES -A INPUT -p tcp -s $lan2 -d $publicip1 --dport $SMTP -j DROP \ $IPTABLES -A INPUT -p tcp -s $lan3 -d $publicip1 --dport $SMTP -j DROP \ Same rules we have for publicip2. But still we are not able to send emails from the $smtpserver running in the local lan to outside. Our requirement is like this smtpserver1 which is running postfix should only send/receive emails through publicip1 and smtpserver2 which is also running postfix should sends/receive mails through publicip2. We are able to receive emails both the public ips on the respective smtp servers but when we are sending emails to outside world it is sometimes going through both the public ips from a single smtp server. Any suggestions/comments are most welcome Thanks Regards Ankush Grover ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftp and nonpriv_user option question
On 9/7/07, Blackburn, Marvin [EMAIL PROTECTED] wrote: So what is the advantage of using nopriv_user=ftpsecure ? Hi, May be this gives u an answer http://forums.fedoraforum.org/archive/index.php/t-62225.html Regards Ankush ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
