Re: [CentOS] Find out which process consumed Network bandwidth
See "man iptables-extensions" and "man iptables". I don't know how this works with firewall-cmd, but I imagine firewalld "just" manages iptables? Yes thats right I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find out which process consumed network bandwidth during a specific time period? For example, the Nginx process consumed how much network traffic on Sept 01, 2021. As far as I know, such accounting isn't done in a standard CentOS system, so there's no way to determine such information about a past event While you probably can't recover such information for past events, going forward, iptables can help you figure this out. Putting an IPtables rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT because now "iptables -L" will display a count of the packets that matched each rule and the number of bytes. By comparing with the total packets and bytes for a given time period, you can work out the share for nginx. You can also estimate packet and byte counts by IP and port using this method. You could run an hourly cronjob to log the stats. That is nice solution! Why do you add a new output rule rather you can look at the existing port rule: # iptables -v -L | grep https xxx yyy ACCEPT tcp -- anyany anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what is gained? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] iptables - how to block established connections with fail2ban?
I am working to a CentOS 6 server with nonstandard iptables system without rule for ACCEPT ESTABLISHED connections. All tables and chains empty (flush by legacy custom script) so only filter/INPUT chain has rules (also fail2ban chain): Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix tcp -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 ACCEPT all -- 127.0.0.0/8 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:25 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:587 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:995 DROP tcp -- 0.0.0.0/00.0.0.0/0 tcp flags:0x17/0x02 Chain f2b-postfix (1 references) target prot opt source destination REJECT all -- 200.23.235.300.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 177.11.167.570.0.0.0/0 reject-with icmp-port-unreachable RETURN all -- 0.0.0.0/00.0.0.0/0 When fail2ban block a IP address, established connections are allowed to continue, but with no rule to accept established connections how is that possible? Why doesn't f2b first rule block established connections? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Recommended PHP 7 source for Centos 7
I know there's a couple third party repos offering PHP 7 for Centos. I prefer not to add too much third party that I don't have to and PHP 7 has been mainstream for some time now, I thought maybe it would be in EPEL by now. What is the most recommended and stable way to get an up to date PHP on Centos 7? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to install Banshee on CentOS 7?
on centos 7 I tried to install banshee from EPEL yum install banshee gotting this error: Error: Package: banshee-2.6.2-11.el7.x86_64 (epel) Requires: libgpod-sharp >= 0.8.2 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest seems known problem but ignored to fix it in a year or more: https://bugzilla.redhat.com/show_bug.cgi?id=1406012 I tried "yum insall --skip-broken banshee" however this will skip banshee itself! lol what else can I do to install banshee? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] latest skype (version 8.16.0.4) on Centos 7
On 2018-03-06 15:12, Fabian Arrotin wrote: On 05/03/18 19:53, Fred Smith wrote: Hi all! I've finally been reduced to having to install Skype on my Linux box. I resisted for years, but now ended up trying it. sandbox it! or use https://appear.in or one of the other clones ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CAA records using PowerDNS from EPEL
On 2017-12-08 20:37, Kenneth Porter wrote: --On Friday, December 08, 2017 7:54 PM + MRob <mro...@insiberia.net> wrote: PowerDNS supports CAA records beginning with version 4.0, but the pdns package in EPEL for most recent centos versions is stuck at around version 3.4 (3.4.11 is what I have). Do I have no other choice but to manually compile and maintain my own pdns installation? I prefer to avoid this but I need up-to-date features. Rawhide has version 4. With any luck you could just rebuild the SRPM with no issues. I've done that with packages where I need a bleeding edge feature on a CentOS system. Sometimes I have to tweak the spec file so that it will build with the older tools. The worse problem is when it depends on much newer other packages. Then one gets into dependency hell. In such a case, you might want to try using Fedora COPR to assemble a custom build system. Thank you for that reply. It turns out PowerDNS hosts their own repositories: https://repo.powerdns.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CAA records using PowerDNS from EPEL
PowerDNS supports CAA records beginning with version 4.0, but the pdns package in EPEL for most recent centos versions is stuck at around version 3.4 (3.4.11 is what I have). Do I have no other choice but to manually compile and maintain my own pdns installation? I prefer to avoid this but I need up-to-date features. Perhaps there is a PowerDNS specific work-around? Maybe the EPEL maintainers backported CAA record support? Thank you for any assistance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
