enable root login to remote system (was - failed root login withshared ssh key)
Further test, which I missed earlier for some unknown reason, was to create an ssh key for a non-root user, copy to the target server, and try a key authenticated login with the non-root user... worked perfectly. As such, the problem does not appear to be with the ssh key login, but with the fact that it is a root login. I am focusing my efforts there. Any idea as to why the server would not allow root login given that we have already checked PermitRootLogin yes for the sshd_config. Is there another location or entry which would be preventing root logins? Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Chkrootkit anomaly
Since there have already been a couple of questions on this I thought I'd see if anyone could shed some light on something I've noticed since I started running chkrootkit. It runs every 15 minutes (overkill? Nah.) in quiet mode to cut down on noise in the logs, and sporadically I get these notifications: You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed These messages will appear only on the odd occasion, seemingly completely at random. False positives or very crafty rootkit? Any advice would be greatly appreciated! http://www.chkrootkit.org/ FAQ item #6 is what you are intersted in, although it isn't clear. The problem is that processes are ending before it can check it, thus they are incorrectly tagged as hidden and result in a false positive. There are better resources regarding this (researched it a few months ago) but that is roughly the gist of it. Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
failed root login with shared ssh key
have several FreeBSD servers around all with varrying installs, 4.3 with a number of patches, up to a 4.7 that is relatively new. Some maintenance on the servers that requires root is run from a master server which connects to run the command(s) via SSH. The public key for [EMAIL PROTECTED] has been distributed out to the ~root/.ssh/authorized_keys file. I am having problems with the 4.7 box in that it will not accept the key authentication, and bounces back to asking for a password to login as root. I cannot log in as root over ssh with a password, but that fine, i don't want or need to. I do need to allow this server to log in using the shared public key to this (and all the servers. Have checked /etc/ssh/sshd_config, and AllowRootLogin yes is present, and it pretty much matches the other 4.3 to 4.5 installs. Have checked /etc/ttys, and while all the ttyps do not specifically state secure, neither doe they on the servers that this works fine on. I am sure I am forgetting something stupid, just have not been able to google anything that is pointing me in the right direction. Thanks Dave debug from SSH session (and no, df -k is not the command that requires root) /// server# ssh -v target df -k SSH Version OpenSSH_2.3.0 [EMAIL PROTECTED] 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to target.domain.com [123.456.789.2] port 22. debug: Allocated local port 921. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 FreeBSD-20020702 debug: no match: OpenSSH_3.4p1 FreeBSD-20020702 debug: Local version string SSH-1.5-OpenSSH_2.3.0 [EMAIL PROTECTED] 20010321 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'target' is known and matches the RSA host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying RSA authentication with key '[EMAIL PROTECTED]' debug: Received RSA challenge from server. debug: Sending response to host key RSA challenge. debug: Remote: RSA authentication accepted. debug: RSA authentication refused. debug: Doing password authentication. [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
recommended book/guide for /bin/sh shell programming
For multiple reasons I am moving away from doing everything in perl/php for server based tasks. Made sense at the time to do everything in the language we used for the web as well, but am finding I do less web work and more server admin work as time progreses, and there are some significant hits to loading perl or php each time I want to move files and do other such tasks. As such I am finding more and more tasks being performed in plain ol shell scripting, thousgh this is still a hunt and peck type of operation fr the appropriate commands etc... As such, am looking for recommendations for a good guide/book or two for shell programming, but most of the books seem to be specific to bash, tcsh, ksh, etc... Given that there is a seperate bash shell port available, I would assume that /bin/sh != bash. I would prefer to use plain ol /bin/sh since most of the core scripts scattered through the stable installs we have use it. Sugestions? Amazon links? Thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: quickquestion
Installed XFree86 using ports method: # cd /usr/ports/x11/XFree86-4 # make install clean now trying to run 'XFree86-configure' so i can configure it - but i can not locate the program anywhere! locate XFree86-configure or which XFree86-configure might be a good place to start On a larger scale can i am tired of constantly changing dirs to run apps. can i adjust an environment variable to run programs from any dir i am in, instead searching through everything. I installed a lot of port software but can't seem to be able to run or find any of it. thats usually what /usr/local/bin and sbin are for (at least in my usage) since they are in your path, simply symlink your port after installing it into that directory. Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ran snort, now fxp1 stuck in promisc mode
was experimenting with snort to try and track down the source of some hack attempts (which were futile but annoying). Before settling on the various flags that I indeed wanted to use, there were a number of failed snort starts, stops, etc... don't remember the specifics now as this was some time ago. Have noticed that since then the fxp1 interface has been stuck in promisc mode. fxp1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 Have tried manually to unset this using; # ifconfig -promisc fxp1 to no avail. snort is no longer running, though when I do start it to track something, I have since been running it with the -p flag to turn off promisc sniffing. This doesn't seem to affect the interface since it is already in promisc mode. This box is regularly checked for root kits or other potential comprimises that could have caused this, and we did notice it after the first few unsuccessful attempts with snort in promisc mode so we are pretty sure of the source. Aside from rebooting the box entirely (undesireable given it is a production server) anyone have any ideas as to how to force fxp1 to let go of its promisc fetish? Appreciate any suggestions. Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: shell scripting while if string length != 0
I'm not a shell guru, but pipelines don't necessarily run in sequence. In line 5 of your script, the part that says sed '1d' /path/to/file_o_commands will destroy all contents of the original file. This may or may not happen before cat /path/to/file_o_commands has finished reading it. Good point. The few tests done so far appear to run as expected, certainly not under load of any sort though. If you just want to execute the lines of a file in order, use something like cat file_o_commands | while read CMD ; do eval $CMD done How to remove completed commands though? On the other hand, if you want the script to hang around at the end of the file and wait for new commands, you may need a named pipe (FIFO). This is a file that one process writes to and another one reads from, not necessarily at the same time. See http://www.linuxjournal.com/article.php?sid=2156 and http://tldp.org/LDP/lpg/node15.html for some info on these. Not really what I was thinking of, but may be a much more eloquent solution than an occasional cron run. Will definately check it out, thanks. Dave - Original Message - From: Dave [Hawk-Systems] [EMAIL PROTECTED] Subject: shell scripting while if string length != 0 for reasons best left unsaid, we need to pull in a file full of partial commands, and run them via a shell script on occasion, removing each command as we run it. Have managed to hack togetherthe following shell script, but and stumped on something simple because of my lack of shell knowledge; the file that holds out commands file_o_commands Server1 df -k Server2 df -k Server3 top | grep myprog Server4 who add new commands to the end of the file with echo Server2 who /path/to/file_o_commands then when we need to, run through the commands file_to_run_stuff #!/bin/sh # get top command DOCOMMAND=`head -n 1 /path/to/file_o_commands` # remove that command cat /path/to/file_o_commands | sed '1d' /path/to/file_o_commands # run that command ssh ${DOCOMMAND} this works as intended with 1 exception, we need to add a while in there to loop through the file and stop processing an exit when `head -n 1 /path/to/file_o_commands` does not return a line. I almost want to borrow -n from if while [ -n (DOCOMMAND=`head -n 1 /path/to/file_o_commands`) ] do ...rest of script... done Anyone care to enlighten me a bit? Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
shell scripting while if string length != 0
for reasons best left unsaid, we need to pull in a file full of partial commands, and run them via a shell script on occasion, removing each command as we run it. Have managed to hack togetherthe following shell script, but and stumped on something simple because of my lack of shell knowledge; the file that holds out commands file_o_commands Server1 df -k Server2 df -k Server3 top | grep myprog Server4 who add new commands to the end of the file with echo Server2 who /path/to/file_o_commands then when we need to, run through the commands file_to_run_stuff #!/bin/sh # get top command DOCOMMAND=`head -n 1 /path/to/file_o_commands` # remove that command cat /path/to/file_o_commands | sed '1d' /path/to/file_o_commands # run that command ssh ${DOCOMMAND} this works as intended with 1 exception, we need to add a while in there to loop through the file and stop processing an exit when `head -n 1 /path/to/file_o_commands` does not return a line. I almost want to borrow -n from if while [ -n (DOCOMMAND=`head -n 1 /path/to/file_o_commands`) ] do ...rest of script... done Anyone care to enlighten me a bit? Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
file table is full - but not...?
received the following from a logcheck; Unusual System Events =-=-=-=-=-=-=-=-=-=-= Jul 24 23:11:50 web1 /kernel: le: table is full Jul 24 23:11:50 web1 /kernel: file: table is full Jul 24 23:14:00 web1 /kernel: le: table is full Jul 24 23:14:00 web1 /kernel: file: table is full Jul 24 23:14:00 web1 /kernel: pid 94326 (cron), uid 0: exited on signal 11 (core dumped) Jul 24 23:14:07 web1 /kernel: file: table is full Jul 24 23:14:07 web1 /kernel: pid 93772 (httpd), uid 65534: exited on signal 11 Jul 24 23:14:07 web1 /kernel: file: table is full in a bit of a panic I logged into the server and checked the file table df -ki Filesystem 1K-blocks UsedAvail Capacity iused ifree %iused Mounted on /dev/ad0s1a 99183356815556839%1401 23685 6% / /dev/ad0s1f 55177478 5942572 4482070812% 271618 13521148 2% /usr /dev/ad0s1e 19815 50717723 3% 1484906 3% /var /dev/ad1s1e 56824822 6443295 4583554212%2033 14203405 0% /backup procfs 440 100% 276 76826% /proc while that was about 35 min after the incident, nothing should be even close to maxing out and causing that error... any ideas? Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ASP on FreeBSD/Apache - most recent, stable and viable solution?
This may be better posted to the Apache list, but that has been filling up with windows implementations as of late... Have recently been inundated with requests for ASP on our FreeBSD/Apache servers (probably because the Win2K solutions are incredibly unreliable/vulnerability prone). What is the latest and most stable solution to providing ASP functionality on FreeBSD 4.x stable with Apache 1.3x (currently we are running with SSL, PHP, etc... in case there are any conflicts that we need to be aware of). I see the perl port in the ports, anyone with experience with that? thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Virtual FreeBSD
I figured it was jail(8) or a suped up, customized jail. So where is everyone getting this exact same set of documentation? http://support.securesites.com/support/virtual/freebsd/ http://www.2kweb.net/support/virtual/freebsd/ http://iasweb.com/support/docs/virtual/freebsd.html http://www.vpshosting.net/support/virtual/freebsd/ http://www.aplonis.com/support/virtual/freebsd/ http://www.perilpoint.com/support/virtual/freebsd/ If you look at all those domains they are hosted either by secure.net or bestserver.net. I would guess that these are linked at some level so really I wouldn't be surprised if this was the same company or some form of reseller Verio (or ViaVerio) Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ASP on FreeBSD/Apache - most recent, stable and viable solution?
On Fri, Jul 18, 2003 at 09:41:56AM -0400, Dave [Hawk-Systems] typed: This may be better posted to the Apache list, but that has been filling up with windows implementations as of late... Have recently been inundated with requests for ASP on our FreeBSD/Apache servers (probably because the Win2K solutions are incredibly unreliable/vulnerability prone). Isn't asp part of these unreliable/vulnerability prone Win2K solutions? yes. its like customers asking for frontpage support on unix because windows is unreliable. Logic would indicate that maybe they shouldn't be using frontpage then, but when everyone with a copy of frontpage is a developer... What is the latest and most stable solution to providing ASP functionality on FreeBSD 4.x stable with Apache 1.3x (currently we are running with SSL, PHP, etc... in case there are any conflicts that we need to be aware of). I see the perl port in the ports, anyone with experience with that? What exactly do you mean by ASP functionality? Anything you can do in asp that you can't do in php/perl/whatever scripting language? The goal being to allow developers who want to use ASP because they are incapable of grasping perl/PHP/etc... to develop or migrate sites to our unix based servers. You are preaching to the choir as we use Perl/PHP to accomplish all our server based programing and scripting. Telling clients however that they need to migrate their code over to Perl/PHP just means we lose them to someone supporting windows/ASP. Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ASP on FreeBSD/Apache - most recent, stable and viable solution?
Supposedly this product will work natively on FreeBSD. http://www.halcyonsoft.com/products.asp?s=1 will check it out I belive Chili!Soft ASP has been bought out by Sun and renamed Sun ONE, so you may want to look into that product. It runs on Linux so it might work with FreeBSD. Previous attempts to look at chilisoft put me at the same conclusion, and at $500 per license, and not listing FreeBSD as a supported OS, pretty hefty for something that may or may not work for our chosen OS. that being said, if it works and is stable, $500 would be worth it on a select machine or two. thanks for the link. Dave This may be better posted to the Apache list, but that has been filling up with windows implementations as of late... Have recently been inundated with requests for ASP on our FreeBSD/Apache servers (probably because the Win2K solutions are incredibly unreliable/vulnerability prone). What is the latest and most stable solution to providing ASP functionality on FreeBSD 4.x stable with Apache 1.3x (currently we are running with SSL, PHP, etc... in case there are any conflicts that we need to be aware of). I see the perl port in the ports, anyone with experience with that? thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: (* chtoorkit)
I found the following a day on our Mailserver (* chtoorkit) What means that? /usr/ports/security/chkrootkit does a batch of scans and comparisons to see if a root kit has been installed on your system. If you are using it, just a warning, that if you have a busy web server, you may get false lkm positives from time to time regarding hidden processes. Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: rpc.statd: invalid hostname to sm_stat
On Sun, Jul 06, 2003 at 02:37:36PM -0400, Dave [Hawk-Systems] wrote: I received an answer to this before and it was that FreeBSD isn't vulnerable to this type of attack, but the log entries persist in varrying degrees of reoccurance. This is a FAQ. It's an attempt to exploit an old Linux vulnerability. thanks, this I did know. However searching the FreeBSD FAQ I didn't find any reference to my two questions; 1) Is there a way to tell where it is coming from? 2) What is the intended result? Thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: daily /security run output via periodic - stopped
we have 4 servers running, each sends daily and security run output email each day around 3am. Recently one of them stopped sending these messages. In looking at the periodic.conf and associated directories, I don't see any problems or changes that I am aware of. There are no enrties in cron for it, but then again there aren't any entries in the functional servers either. Is it possible we have disabled something by accident which could stop this one server from sending these messages? double checked everything just after sending... periodic.conf was missing. (doh!) Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: daily /security run output via periodic - stopped
On Fri, Jul 04, 2003 at 08:48:24AM -0400, Dave [Hawk-Systems] wrote: we have 4 servers running, each sends daily and security run output email each day around 3am. Recently one of them stopped sending these messages. In looking at the periodic.conf and associated directories, I don't see any problems or changes that I am aware of. There are no enrties in cron for it, but then again there aren't any entries in the functional servers either. Is it possible we have disabled something by accident which could stop this one server from sending these messages? double checked everything just after sending... periodic.conf was missing. (doh!) ... but that's OK, as the periodic system will just run using the default settings from /etc/defaults/periodic.conf -- note the instructions in that file: /etc/periodic.conf should contain only those entries you want to be different to the default values. and the different values were where each of the reports should be emailed to. As for how the periodic scripts get run each night: they are run as cron jobs, but out of the system crontab in /etc/crontab. That's a slightly different animal which lives in a parallel universe to the normal per-user crontabs, which are stored in /var/cron/tabs and generally accessed via crontab(1). that I didn't know, but do now. Thanks As for the missing mail, did you check the client mailqueue? probably dunped into whatever the default is... root? Thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
shell scripting - automating rotation of files in differentdirectories
have looked at a couple of the ports for log rotation and such, but none seem to come close to the simplicity and complexity of what I am looking for. have user directories and log files in each directory... each user requests to have 1 day ro 30 days of logs made available for them to download at any given time. Looking for a way to simply touch or delete log files and have the script identify the correct rotation to. For example, brutally pseudo script for($i=30; $i0;$1--){ # 30 days is maximum retained for LOG in `ls /users/*/logs/ | grep .$i'`; do # move any of the previous logs into the current existing # so that we don't add to number of logs per user $prevLOG = strreplace(($i-1)($i) on $LOG) mv $prevLOG $LOG done ) /brutally pseudoscript this way, if a user wants more logs, just touch (create empty) logs files, and the next time the script runs it will rotate all them... need less, simply delete the unneeded log files and they will not be rotated into. Am thinking that the shell script will need to drop to awk to perform the disection of the log number extensions... any thoughts on this/easier methods before I sit down and devote some time to it? thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
reverse makemap hash to get original text file
we have a 0 length file, but a 4k db is there a way to reverse the db to get the original data (or close to) thanks Dave ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: apache exiting signal 11, high request period
no takers on this? -Original Message- clip Subject: apache exiting signal 11, high request period Following showed up in our morning security mailer Unusual System Events =-=-=-=-=-=-=-=-=-=-= Mar 19 06:01:00 web1 /kernel: pid 62342 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:00 web1 /kernel: pid 62343 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:00 web1 /kernel: pid 62344 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:01 web1 /kernel: pid 62345 (httpd), uid 65534: exited on signal 11 ... and doing a cat of the /var/log/httpd*.log [Wed Mar 19 06:31:00 2003] [notice] child pid 69197 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69196 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69195 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69194 exit signal Segmentation fault (11) ... Looking at the input and output of the NIC for that period of time, there was a burst of access attempts between 5am-7am (same period covered by the above log anomalies) doing a cat of all the log files for virtual host directories showed the culprit (or suspected culprit at least) [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user cobras not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user loredana not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user steve not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user e not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user horno not found: /members/members.htm ... Now aside from the fact that this schmuck is trying to get in and won't given the password and userid scheme that this hosting client is using(and the method he is using to circumvent this), it does concern me that the httpd process is crashing. Is it just child processes? Is the cause likely the burst of traffic, and if so, is there a tweak to allow apache to weather a volume of requests more successfully? Or is there other mitigating factors that need to be investigated? Server Version: FreeBSD 4.3(with patches) Apache/1.3.19 (Unix) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.2.2 Appreciate any insight. Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
apache exiting signal 11, high request period
Following showed up in our morning security mailer Unusual System Events =-=-=-=-=-=-=-=-=-=-= Mar 19 06:01:00 web1 /kernel: pid 62342 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:00 web1 /kernel: pid 62343 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:00 web1 /kernel: pid 62344 (httpd), uid 65534: exited on signal 11 Mar 19 06:01:01 web1 /kernel: pid 62345 (httpd), uid 65534: exited on signal 11 ... and doing a cat of the /var/log/httpd*.log [Wed Mar 19 06:31:00 2003] [notice] child pid 69197 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69196 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69195 exit signal Segmentation fault (11) [Wed Mar 19 06:31:00 2003] [notice] child pid 69194 exit signal Segmentation fault (11) ... Looking at the input and output of the NIC for that period of time, there was a burst of access attempts between 5am-7am (same period covered by the above log anomalies) doing a cat of all the log files for virtual host directories showed the culprit (or suspected culprit at least) [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user cobras not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user loredana not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user steve not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user e not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user horno not found: /members/members.htm ... Now aside from the fact that this schmuck is trying to get in and won't given the password and userid scheme that this hosting client is using(and the method he is using to circumvent this), it does concern me that the httpd process is crashing. Is it just child processes? Is the cause likely the burst of traffic, and if so, is there a tweak to allow apache to weather a volume of requests more successfully? Or is there other mitigating factors that need to be investigated? Server Version: FreeBSD 4.3(with patches) Apache/1.3.19 (Unix) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.2.2 Appreciate any insight. Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Block requests based on repeated failed httpd login attempts
Had a situation with a user trying to gain access to an htaccess protected directory. [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user cobras not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user loredana not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user steve not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user e not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user horno not found: /members/members.htm ... This user will never gain access to the directory using this method just given the password and userid scheme that this hosting client is using. The fact that this schmuck bangs away for hours (as have others over the past 6 months) is annoying though. Is there a port or methodology to parse for such action and ban the IP address from making further attempts for X hours (all automated of course). Server Version: FreeBSD 4.3(with patches) Apache/1.3.19 (Unix) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.2.2 Thanks, Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
transparent ipfw
Been browsing for a bit (knowing I will get some rtfm responses from this) but havnt come across a solid answer for this. Most solutions involve NAT or some other non-routable ip block type of solution. Have the following (192.168.100.0/24 used in place of routable addresses) - Internet connection coming into port 1 of Cisco switch(switch address 192.168.100.1). - Other FreeBSD servers(192.168.100.2 - 192.168.100.252) connected to various ports on the switch using the switch as the gateway device. - Other networks(192.168.101.0/24 etc...) connected to the switch which is bridging them over to the internet connection out of port 1. Wish to place a FreeBSD server in front of the switch to count traffic to and from various IP addresses for the entire network. NIC1 on the FreeBSD box would go to the Internet Connection NIC2 on the FreeBSD box would go to the switch. All addresses used are routable(3 /24 blocks will be coming down to NIC1), and all addresses/packets should be passed through without any NAT or other readdressing taking place. Aside from telnetting into the box itself, it doesn't need any IP addresses except for whatever is needed for the above setup. Comments appreciated, this would be my first implementation of ipfw / fw rules in general using a FreeBSD box. Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
shell script to backup files with datestamp
Without dumping to perl or another external language, would like to accomplish the following; prior to making changes in a file, backup incrementially the current file to create a record of changes ans versions. For example. we are about to make changes to file.conf and would like to make a copy of our current file before doing so *without* overwriting previous backup copies #cp /path/to/file.conf /path/to/file.conf.20030210 I almost want to say this could be done with something simple like #cp /path/to/file.conf /path/to/file.conf.$DATE which would be the solution if I was using perl, php, or soething else to accomplish the copy of files, but would prefer a simple one liner without having to load another processor just for this one command. Suggestions would be appreciated. Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: shell script to backup files with datestamp
From: Doug Poland Jack L. Stone said: At 11:19 AM 2.10.2003 -0500, Dave [Hawk-Systems] wrote: Without dumping to perl or another external language, would like to accomplish the following; clip #cp /path/to/file.conf /path/to/file.conf.20030210 I almost want to say this could be done with something simple like #cp /path/to/file.conf /path/to/file.conf.$DATE clip If you use date as follows, it will take it out to the month, day, hour and minute cp ../file.conf`date +.%m.%d.%H.%M` ...will give: file.conf.02.06.04.45 I suggest spending an hour or two learning RCS. You'll have history, rollback, tags, and much more with a real revision control system. RCS is not at all hard to learn with basic checkin (ci) checkout (co) and diff (rcsdiff) commands. Any time you spend learning RCS will help if you later have to move to CVS for a distributed solution. Thanks to both for the solutions... The short-term fix by Jack is exactly what I was looking for... but for long term use I really like the potential that RCS has (was never aware that function existed). Will definately be spending some time with that and likely be moving to that in the future. Thanks again. Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: 2 networks, six NICs, 3 Servers, 1 switch.
I am about to move our 2 servers, and add a third, to a new colo. On each of the three servers there will be two NICs. 1 NIC on each box is to be dedicated to the internet. 1 1 NIC in each box is to be dedicated to local. (192.168.0.1-3). Can I plug all three NIC s into one switch (the switch will also be connectoed to our providered swtch, for Inet connection) and expect both networks to work OK? It does work, but you will be getting a lot of warnings because some IP-packages will arrive at the wrong NIC first. (I run one server like this for a half year now) Call me lazy. :-) Shoudn't the switch figure out after a few packets that NIC1 contains addresses 10 and NIC2 addresses 192... and not send the wrong packets to the wrong NIC? Or are you using a HUB in your installations and thus the wrong packets being sent? Isn't the purpose of the switch to avoid this behavior either automatically or via manual onfiguration of the switch ports? Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
periodic output not being emailed
little perplexed here... Looking at two servers... Server One - has .qmail-root alias directing mail to [EMAIL PROTECTED] - this is also the somedomain.com server we are retrieving mail from - we get daily, weekly, monthly and security output from this server in the specified email address Server Two - has .qmail-root alias directing mail to [EMAIL PROTECTED] - we get daily, weekly, monthly output from this server *** - we do NOT get the security output email from this server I am stumped as to why the daily,weekly etc emails would be correctly delivered to [EMAIL PROTECTED] but the security email from the second server does not. In looking at the periodic files, it appears to simply call sendmail for all mailings. Why would the security output being sent through sendmail be any different? Would appreciate any insight to avoid dumping output to file and seting up a seperate cron to email the file. Thanks Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: periodic output not being emailed
In looking at the periodic files, it appears to simply call sendmail for all mailings. Why would the security output being sent through sendmail be any different? The security script is mailed separately. Look at /etc/periodic/daily/450.status-security. I did see that and understand that. Are you implying that it does not use the daily_output override in /etc/periodic.conf for the target email address? currently /etc/periodic.conf contains # overrides for where to send periodic output daily_output=[EMAIL PROTECTED] weekly_output=[EMAIL PROTECTED] monthly_output=[EMAIL PROTECTED] do we need to add a daily_status_security_output=[EMAIL PROTECTED] to the /etc/periodic.conf? Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Mail Server Advice
postfix on freebsd is apparently more efficient than qmail, though. no comment on that (lest we revive deep rooted animosity between the two camps)... If you are looking at the qmail solution, check out the following. Provides a complete package from a multiple domain mail solution... great starting point. Then you can tweak once you are familiar with all the ports/componants. http://matt.simerson.net/computing/mail/toaster/ Cheers, Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: DUMP to disk over 2GB
ran into the file size limitation of 2GB when doing a L0 dump of the /usr partition. Hmm. I think the trick is to not be aware that there *is* a 2GB limit! Could be it there... using 4.3 stable with security patches and selected port upgrades only... I didn't think there was any change in behaviour during this time. Assumption from responses being upgrading to a more recent stable version is required to eliminate the problem? I think it would be better if you showed more detail about what you've done and what happened. Of course, if you want to upgrade to 4.7 anyway, that might be instructive, but don't expect it to fix your problems. backed up then deleted the entire backup mount, redid a fresh L0 dump and it worked just fine. Not sure what the problem was, or why it would choose to halt almost exactly around the 2GB mark... a quick search in google brough some 2GB limit conversation so I figured Id better run it by the list. Appreciate the comments. Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
DUMP to disk over 2GB
ran into the file size limitation of 2GB when doing a L0 dump of the /usr partition. Is there a workaround to the 2GB limit... can you reliably pipe dump to split or something then reverse the process with restore later? Working with what will be approximately a 6GB L0 dump so over 3x the size limitation. examples or suggestions appreciated Dave To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message