Re: [SLUG] Multiple server roles on one box

[Matthew Hannigan]

On Tue, Jul 27, 2010 at 04:04:05PM +1000, Ben Donohue wrote:
[  ]
> How about a DNS, squid and web server with multiple name based
> virtual domains on the same box?
>
> Is doing the above really dangerous on a fully patched and up to
> date system?

As others have said it's inadvisable.
Even fully patched servers can be are susceptible (so called zero day
vulns might actually be months old) and the reality is you
don't often have the time to fully patch every day anyway.

*IF* you wanted to pursue this you can mitigate it with some
sort of isolation be it chrooting, selinux, containers, vms.
Or all of the above.

The level of risk also depends on the webapp.
I'd be more comfortable with java (especially with security
manager on) which is after all another form of vm.

With php (wordpress, drupal, moodle, or home grown) definitely not confortable.

Matt

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Wireless connection (was Re: slug Digest, Vol 54, Issue 22)

[elliott-brennan]

Hi Jose,

If you've installed a recent distro, it should
recognise the D-Link adapter and at least show you
that it exists. I've used (and use them now) quite
a bit and not had any problems with the adapter
being recognised.

1. Was this on a desktop or laptop?
2. What model name is the adapter?

I'm sure we can help you out with this :))

If it's a laptop, you could bring it with you if
you are coming to the SLUG meeting this Friday.

Regards,

Patrick

> Jose De Almada 
> Wed, 28 Jul 2010 11:47:39 +1000

> 
> I was using a D-Link wireless device .
> I had to go back to the Telstra Modem.
> Now I am okay!
> 
> Thanks,
> Jose
> 
>


-- 
www.techfriend.com.au
Home computer software training and hardware
assistance

www.mercuryvideos.com.au
Stylishly edited DVDs of your photos and videos
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Multiple server roles on one box

[Daniel Pittman]

Ben Donohue  writes:

> just a question...  I'm looking at the possibility of consolidating some
> servers for a client.
>
> If an internal box with DNS and squid were combined, would this be a security
> risk... as in risky way above normal?

No.

> How about a DNS, squid and web server with multiple name based virtual domains
> on the same box?

No.

> Is doing the above really dangerous on a fully patched and up to date
> system?

Yes, because you have world-facing services, which is really dangerous.

However, it is kind of unavoidable; in this case your biggest risk is going to
be the web server, which if it hosts any sort of dynamic content is going to
run the risk of compromise.

The DNS and Squid servers are basically irrelevant here, and putting them on
the same systems is unlikely to increase your practical risk.


> Any advice please?

Do a proper risk assessment, and then work out if putting those on the same
system meets your acceptable risk/value trade-off or not, as a business.

Regards,
Daniel

No, seriously, even if it was more risky running them on the same machine, it
might be worth $4,000 a month to the business in rack space and power to
consolidate them, and so worth doing anyway.

-- 
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
   ♽ made with 100 percent post-consumer electrons
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Re: slug Digest, Vol 54, Issue 22

[Jose De Almada]

Hello, All

I was using a D-Link wireless device .
I had to go back to the Telstra Modem.
Now I am okay!

Thanks,
Jose

On 27 July 2010 12:00,  wrote:

> Send slug mailing list submissions to
>slug@slug.org.au
>
> To subscribe or unsubscribe via the World Wide Web, visit
>http://lists.slug.org.au/listinfo/slug
> or, via email, send a message with subject or body 'help' to
>slug-requ...@slug.org.au
>
> You can reach the person managing the list at
>slug-ow...@slug.org.au
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of slug digest..."
>
> Today's Topics:
>
>   1. Accessing the web with Ubuntu (Jose De Almada)
>   2. Re: Accessing the web with Ubuntu (Ben Donohue)
>   3. Re: Accessing the web with Ubuntu (Heracles)
>
>
> -- Forwarded message --
> From: Jose De Almada 
> To: "slug@slug.org.au" 
> Date: Mon, 26 Jul 2010 14:12:00 +1000
> Subject: [SLUG] Accessing the web with Ubuntu
> Hello
>
> Having installed Linux, I am unable to access the web.
> I've Telstra broadband.
>
> Please, help!?
>
> Thanks,
> José De Almada
>
>
>
> -- Forwarded message --
> From: Ben Donohue 
> To: slug@slug.org.au
> Date: Mon, 26 Jul 2010 14:58:01 +1000
> Subject: Re: [SLUG] Accessing the web with Ubuntu
> check your network card is turned on or activated. Sometimes on install it
> is disabled. Make it enabled.
> Get the settings that you should have from Telstra of anything that you
> have to configure on your computer.
> Usually it will be DHCP from the modem and you should not have to worry.
> You should be able to ring up Telstra and get someone to guide you through
> the setup... (just pretend you have windows...)
> Ben
>
>
> On 26/07/2010 2:12 PM, Jose De Almada wrote:
>
>> Hello
>>
>> Having installed Linux, I am unable to access the web.
>> I've Telstra broadband.
>>
>> Please, help!?
>>
>> Thanks,
>> José De Almada
>>
>>
>
>
>
> -- Forwarded message --
> From: Heracles 
> To: slug@slug.org.au
> Date: Mon, 26 Jul 2010 14:51:36 +1000
> Subject: Re: [SLUG] Accessing the web with Ubuntu
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> What exactly do you mean? To access the net an OS has to recognise the
> equipment you use. Are you on a machine using an ethernet card or a
> wireless card or are you using a USB stick modem? Does the OS recognise
> them?
>
> Heracles
>
> On 26/07/10 14:12, Jose De Almada wrote:
> > Hello
> >
> > Having installed Linux, I am unable to access the web.
> > I've Telstra broadband.
> >
> > Please, help!?
> >
> > Thanks,
> > José De Almada
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxNFFYACgkQybPcBAs9CE9zfQCfUmmdln/LT87N9ZjwH2qn+PpT
> 2WkAmgLL/hxn7b87heP27Y58TklJakLe
> =cqM3
> -END PGP SIGNATURE-
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Perl Regular expression help

[Lindsay Holmwood]

On 28/07/2010, at 1:03, Martin Barry  wrote:

You could get crazy and try to do this in a single regex but two  
stage is

clearer. e.g.

sed -e 's/&pg=[^&]*//g' -e 's/?pg=[^&]*&/?/'


Now you have 2 problems. 
--

SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Perl Regular expression help

[Jamie Wilkinson]

Call me crazy!

s/(&|?)pg=[^&]*/\1/

(correct escaping of & and ? left as an exercise for someone actually using
this :)

On 27 July 2010 08:03, Martin Barry  wrote:

> Sorry to bring up an old thread but I just had to comment on this...
>
> $quoted_author = "Jamie Wilkinson" ;
> >
> > Try:
> >
> > /&pg=[^&]*/
> >
> > match zero or more of the character class that is not an ampersand.
>
> Except there is nothing stopping the variables being reordered, no? So you
> may need to match a leading ? instead of &.
>
> You could get crazy and try to do this in a single regex but two stage is
> clearer. e.g.
>
> sed -e 's/&pg=[^&]*//g' -e 's/?pg=[^&]*&/?/'
>
>
> cheers
> Marty
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Perl Regular expression help

[Martin Barry]

Sorry to bring up an old thread but I just had to comment on this...

$quoted_author = "Jamie Wilkinson" ;
> 
> Try:
> 
> /&pg=[^&]*/
> 
> match zero or more of the character class that is not an ampersand.

Except there is nothing stopping the variables being reordered, no? So you
may need to match a leading ? instead of &.

You could get crazy and try to do this in a single regex but two stage is
clearer. e.g.

sed -e 's/&pg=[^&]*//g' -e 's/?pg=[^&]*&/?/'


cheers
Marty
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Reply-to address on SLUG posts

[Nick Andrew]

On Tue, Jul 27, 2010 at 03:13:38PM +1000, Erik de Castro Lopo wrote:
> I am on a well over 50 mailing lists, some of which can have
> high volumes (the kernel mailing list can peak at over 50 emails
> an hour). Having that torrent end up in my inbox is completely out
> of the question as I also receive emails directly to me that need
> to be acted on at relatively short notice.

Contrarily, I filter my kernel mailing list messages into their own
mailbox and I welcome being CCed on the rare occasion where lkml
messages involve me, cause otherwise I'd miss them or at least not
see them in a timely manner.

Nick.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Multiple server roles on one box

[Nick Andrew]

On Tue, Jul 27, 2010 at 04:04:05PM +1000, Ben Donohue wrote:
> I'm looking at the possibility of consolidating some servers for a client.
>
> If an internal box with DNS and squid were combined, would this be a  
> security risk... as in risky way above normal?

Try OpenVZ and run your applications in separate containers.

> How about a DNS, squid and web server with multiple name based virtual  
> domains on the same box?

I certainly wouldn't put virtual web servers on the same logical box as
DNS and Squid.

> Is doing the above really dangerous on a fully patched and up to date  
> system?

What's the worst that can happen?

Nick.
-- 
PGP Key ID = 0x418487E7  http://www.nick-andrew.net/
PGP Key fingerprint = B3ED 6894 8E49 1770 C24A  67E3 6266 6EB9 4184 87E7
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Simple web authoring tools?

[onlyjob]

Amaya  or Mozilla's Sea
Monkeycomposer may be of use...

On Debian Sea Monkey available as *iceape*.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html