Re: [SLUG] Re: resolv.conf reset each reboot - static config - ubuntu server 10.04
On Fri, 01 Jul 2011 04:23:30 +1000, Zenaan Harkness z...@freedbms.net
wrote:
Adding the following line to /etc/rc.local is a solution to this
problem, but seems ridiculously clunky:
/etc/init.d/networking restart
Surely there's something more elegant?
There is a network configuration file in RHEL or Fedora.
/etc/sysconfig/network-scripts/ifcfg-eth0(for e.g.)
DEVICE=eth0
BOOTPROTO=static (or dhcp)
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.1.1 (none if dhcp)
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
DNS{1,2}=192.168.1.253
There are other parameters but the one above will fix your resolv.conf.
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Smiley Apps for Facebook
I attempted to get the following to run as Facebook application, http://svn.facebook.com/svnroot/platform/samples/smiley/ As you probably know Facebook Apps that hooks to Facebook API can be tested live only on a Web Server that's exposed to the Internet. I have a Web Server hosted that's exposed to the Internet but I have no SSH access to that server yet. So can't run PHP script. As I understand it, one of the steps in making Smiley run is to run a PHP script on the hosted server after setting up the configurations. I simulated the above PHP script on my Web Server and got it it to run with no errors after a couple of attempts. I can't test my Facebook Apps with my localhost as web server. I adjusted a number of parameters and copied to my Internet exposed web server. The Facebook Apps is still complaining with HTTP 500 error, meaning can't access one or several files. The Smiley Facebook Apps is in PHPv5, javascript, and FBML. Has anyone got this Smiley Apps to work? If anyone has I'm prepared to share and pay for the cost of your time for up to 2 hours. Let me know by emailing me and/or if you wish to discuss on the phone. Regards. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: 40 Years of Unix
Shell is a set of functions that includes a text-based user interface. It hides the function details and complexities of the inner core or Kernel of the Operating System (OS). The Kernel is comprised of the device drivers to access various types and brands of disk, printers, networks, and other hardware peripherals in the market. There are dozens of each kind and type of these peripherals out there. For each of these peripherals a unique device driver maybe needed for it to work. For example, the shell could read data from any disk, ide, sata, or scsi using a single function call. This is possible because the OS is layered. It's called Shell because it covers the Kernel of the OS. In many illustrations of the Unix OS,the OS is presented as a sphere, with three layers. The inner most layer is the Kernel, the next layer is the Shell which surrounds the Kernel, and the Applications which surround the Shell. This is to illustrate that Applications request services via the Shell. Of course one could write an Application to bypass the Shell but only a masochist or a fool would do that. There are always exceptions to this last statement, i.e., if an application requires better access efficiency or some cute features. Applications request OS services from the Kernel through the Shell. The OS returns the result to the Application via the Shell. One obvious reason why we love the shell is, so that we do not need to rewrite our Applications every time there is a new brand or type of device. Our OS developer or Device manufacturer writes the device driver and we simply add that to our Kernel. Installing is easier than developing. There are scores of peripherals manufactured every year and so imagine the amount of modifications that Application developers will have to do if OS was not designed with a Shell. KDE, GNOME, etc., are shells with Graphics User Interfaces. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Any Active Directory LDAP gurus?
For a perspective of OpenLDAP, OpenSSL, Digest-MD5(Cyrus-SASL), and Kerberos5(GSSAPI) all integrated into one, you may check this web site http://sites.google.com/site/openldaptutorial/Home I have even a script to enable a setup of Kerberized OpenLDAP on Fedora 10. Let me know if you want it. I will email the script. With this script you can setup in no time. The time consuming part is to understand how the bits and pieces hang together. One observation on OpenLDAP. OpenLDAP changes a number of options during each Version. Some of these changes are 'brutal'. Even then OpenLDAP is fast and simple to maintain once you have it going. Another observation, OpenLDAP is ideal for Single Sign On across many OS Platforms mainly due to ease of replication and/or mirroring. The most important point, OpenLDAP is open source as well as the other frameworks you can integrate with it, like OpenSSL, Oracle DB(formerly Sleepy Cat), Cyrus-SASL, and Kerberos5(MIT or Heimdal). Samba works well with it. On Wed, Mar 18, 2009 at 9:43 PM, David Kempe d...@sol1.com.au wrote: What I really need to know sooner rather than later is what data I need to store in our postgresql database. IE what the LDAP schema is. We can work out the other bits later. if you have an AD server you can point an LDAP browser at it and see the structure/schema In terms of making your application an Active Directory server, you need to be on top of DNS, Kerberos and LDAP to have even a chance of getting it to work. Samba 4 has taken years, even with help from MS (eventually) Also would be interested in finding other products (open or not) that do this running on Ubuntu Hardy preferably. not sure exactly what you are trying to do... perhaps if Samba 4 does what you want, you don't need to worry. It should be able to be backended onto your database with some wrangling so perhaps you don't need to do anything - just store your auth info in the database and deal with getting samba 4 to auth to it. If you want some other more detailed discussions, feel free to contact me off list or give me a call. thanks Dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Co-located Name Server
I would be interested in ppls views on how much of a sysadmin cardinal sin is it to have your primary and secondary name servers co-located, and even more so, on the same subnet - as in /30. Don't worry, I don't do it, but I am assessing another operation. RFC2182 by Robert Elz and others. Hope this helps. O Plameras -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] New Membership Benefit
On Thu, Apr 01, 2004, [EMAIL PROTECTED] wrote: The list of member's Slug is sending is that the mailing list or the paid member list? My understanding is that the committee handed over the entire email address list to the SCO organisation. If this is true then PRIVACY LAW has been broken. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Difficulty in configuring ADSL
From: Crossfire [EMAIL PROTECTED] To: Oscar Plameras [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 11:50 PM Subject: Re: [SLUG] Difficulty in configuring ADSL Oscar Plameras was once rumoured to have said: NAT does one-to-one translation. IP-MASQUERADING does one-to-many. Please see RFC 1631. http://asg.web.cmu.edu/andrew2/rfc/rfc1631.html Sorry, you are mistaken. NAT is any-to-any, IP Masquerading is a specific linux implementation of a Many to One NAT with automatic path deletion for dynamic (non-permenant) links. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Difficulty in configuring ADSL
From: Dennis M. Gray [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 3:47 PM Subject: [SLUG] Difficulty in configuring ADSL Hi, Running Red Hat 7.1 currently with a permanent dial-up link (56K) to my ISP. I have had ADSL provisioned but am having difficulty configuring it. I have a D-Link 302G modem. The eth0 interface is configured for DHCP and when activated gets an IP address of 10.1.1.5 from the modem. The gateway is 10.1.1.1 (inetstat -r reports this). The default routing is through the gateway. The ISP has assigned me a static IP address, which I can ping from my Linux box and from another network. The trouble is, I cannot ping anything other than that address, 10.1.1.1 or 10.1.1.4. I have disabled the firewall and still no luck. Can anyone help me in diagnosing what might be wrong. The configuration looks okay to me. Three fundamental things, namely: 1. Firewall must be activated. On Red Hat 7.1, default is IPCHAINS. You may implement IPTABLES. 2. IP-MASQUERADING must be configured with IPCHAINS or IPTABLES. Perhaps, this is missing in your original config. 3. Default route must be configured. Check that your router(Linux Box) has routing enabled. Have fun and let us have your feedback. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Difficulty in configuring ADSL
From: Grant Parnell [EMAIL PROTECTED] To: Dennis M. Gray [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 5:41 PM Subject: Re: [SLUG] Difficulty in configuring ADSL What Oscar says is mostly true. It is not a requirement to have a firewall to solve the routing problem, it's just that for plenty of other reasons it's a good idea. The firewall is certainly not to be used to turn on routing. This is NOT what I meant. We do not use the firewall to turn on routing. The firewall is used to turn on IP-MASQUERADING. The firewall like IPCHAINS or IPTABLES is required to IP-MASQUERADE and this is what I meant. Also, I'm a bit concerned with the 10.x.x.x addresses, these are designated as private IP space and you won't be able to reach them from the internet - meaning everything must be masqueraded or go through ISP proxies. 10.x.x.x addresses are perfectly OK. Only, you need IP-MASQUERADING. With IP-MASQUERADING I can masquerade 10.x.x.x as valid internet IP-ADDRESS. This is the reason why you need IPCHAINS or IPTABLES or PROXYING. Incidentally, Grant how do you IP-MASQUERADE if you dont turn on IPCHAINS or IPTABLES or in short firewalling ? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Difficulty in configuring ADSL
From: Dennis M. Gray [EMAIL PROTECTED] To: 'Oscar Plameras' [EMAIL PROTECTED]; 'Grant Parnell' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 7:27 PM Subject: RE: [SLUG] Difficulty in configuring ADSL I certainly intent to turn the firewall (ipchains) back on. I only disabled it to try to solve the routing problem. Rather than use IP-MASQUERADING, I intended to use the NAT in the modem to reach to 10.1.1.0 network. I used a Billion 711-CE previously with a different ISP in Adelaide, albeit on a Windows box and had no problems. NAT does one-to-one translation. IP-MASQUERADING does one-to-many. Because you are using DHCP I assume your router is different computer from your workstation. Under this circumstance you need to use IP-MASQUERADING on your router computer. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh over ADSL weeirdness
From: Danny Yee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 03, 2004 1:47 AM Subject: [SLUG] ssh over ADSL weeirdness II've justt set my girrlfriend's ADSL coonnection up, and it appeears to be working finne -- 50ms flat pings to Sydney Uni, an 25kb/s downloads. The problemm? Well, my ssh ssessiions keep duplicating characterrs,, ass yyou cn see!! Dooeees anyone have aadvice on whhatt coould be causing this? TTthhe otheer pproooblem is that the whole GNOME desktop ssometimees goes reaally jeerkyy wwhen Mozilla is doingg anyything. (TThhis is all on Redhatt 9 -- which had no probllemms withh the moodem connetion.) This could be due to your terminfo settings. 'ECHO' parameter is probably on. Check by command, stty and fix by this, stty SANE or stty NOECHO -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] cron entry troubleshooting: missing libpath ?
From: Voytek Eymont [EMAIL PROTECTED] ** Reply to note from Oscar Plameras [EMAIL PROTECTED] Mon, 3 Nov 2003 12:21:44 -0800 /etc/ld.so.conf, includes /usr/local/lib If not add that line and do a, #ldconfig Oscar thanks, oops, seems someone might have given wrong info to you... now, after I deleted the failed-installation tide binary: executing from /etc/cron.daily # ./tide_daily still works, BUT, cron's execution reports: /etc/cron.daily/tide_daily: tide: command not found In 'tide_daily', locate 'tide' and replace it with its full pathname. so, it seems, when cron executes this script, it is calling the failed install binary (that I now deleted) I guess I should prepend full path to the 'good' binary, but, now I think, I might have then added rwong libapth to /etc/ld.so.conf, I should remove it maybe. whilst I'm still somewaht perplexed why command line exec works, and, cron's doesn't, I suspect, cron's uses a different binary search path ? looking at (hopefully) the only tide binary I have left: # ldd tide libpng.so.2 = /usr/lib/libpng.so.2 (0x40024000) libz.so.1 = /usr/lib/libz.so.1 (0x40047000) libstdc++-libc6.2-2.so.3 = /usr/lib/libstdc++-libc6.2-2.so.3 (0x4005500 0) libm.so.6 = /lib/i686/libm.so.6 (0x40098000) libc.so.6 = /lib/i686/libc.so.6 (0x4200) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) The above lists show all modules are present. So, there is no need to modify 'ld.so.conf'. and # cat /etc/ld.so.conf /usr/kerberos/lib /usr/X11R6/lib /usr/lib/qt2/lib /usr/lib/mysql /usr/lib/qt-3.0.5/lib /usr/local/lib I should then : REMOVE ? whole last line I added, OR, EDIT ? to '/usr/lib' ? I'll wait till 4 am to see what happens.. thanks again -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] cron entry troubleshooting: missing libpath ?
From: [EMAIL PROTECTED] Check that the contents of file, /etc/ld.so.conf, includes /usr/local/lib If not add that line and do a, #ldconfig /etc/cron.daily/tide_daily: Oscar, (a day later) tide: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory I guess I need to do likewise with this one, locate where he lives and add his address ? Yes. Do an, #ldd tide This will tell what and where these modules are. Then update accordingly. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux only ADSL service now available
Does your service support Layer2 ADSL ? Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html From: Grant Parnell [EMAIL PROTECTED] I'm only mentioning this because people have asked about it in the past. Yesterday EverythingLinux put on it's first paying ADSL customer with no hitches. We used a Pulsar ADSL PCI card which has binary-only drivers for certification reasons. I think we were lucky with the Telstra side taking about a fortnight from memory. As mentioned before we'll only support Linux servers plugged into the ADSL. It's for businesses that are sick of being told Oh sorry we don't support Linux when contacting their provider for help. Basically we can now do full end-to-end support of the service (barring physical line faults). Another useful option is the backup dialup service with the same login, password and same fixed IP address. -- ---GRiP--- Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, Linux Guru, SLUG/AUUG/Linux Australia member, Sydney Flashmobber, BMX rider, Walker, Raver rave music lover, Big kid that refuses grow up. I'd make a good family pet, take me home today! Do people actually read these things? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux only ADSL service now available
A couple of offlist emails I received asking if there is a way to know if their ADSL is Layer2 or Layer3 apart from asking their ISP providers. In Australia, the answer is yes. And to check your ADSL, use traceroute, like so: [EMAIL PROTECTED] root]# traceroute mail.acay.com.au traceroute to mail.acay.com.au (203.88.255.16), 30 hops max, 38 byte packets 1 compaq (192.168.1.10) 0.421 ms 0.240 ms 0.223 ms 2 adsl (192.168.0.1) 0.648 ms 0.924 ms 0.637 ms 3 203.122.96.254 (203.122.96.254) 156.770 ms 34.474 ms 28.252 ms 4 syd_rt01 (203.88.236.86) 26.148 ms 30.342 ms 26.502 ms 5 mail.acay.com.au (203.88.255.16) 28.293 ms 26.331 ms 28.429 ms In the above traceroute, look for a link with ip-number '172.31.*.*'. There is none in the above. Conclusion, the above ADSL link is Layer2. Why Layer2 over Layer3 ? Layer2 is more reliable and secure given that you use the same hardware and software. This is an obvious outcome due to it being one layer down the OSI model. From my experience with Layer3 is that when a link is dropped at your ISP provider side of the link, many times I have to reset my ADSL modem to restore connections due to routing problems (slow or hung connections). With my Layer2 these problems have disappeared. Does your service support Layer2 ADSL ? Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html From: Grant Parnell [EMAIL PROTECTED] I'm only mentioning this because people have asked about it in the past. Yesterday EverythingLinux put on it's first paying ADSL customer with no hitches. We used a Pulsar ADSL PCI card which has binary-only drivers for certification reasons. I think we were lucky with the Telstra side taking about a fortnight from memory. As mentioned before we'll only support Linux servers plugged into the ADSL. It's for businesses that are sick of being told Oh sorry we don't support Linux when contacting their provider for help. Basically we can now do full end-to-end support of the service (barring physical line faults). Another useful option is the backup dialup service with the same login, password and same fixed IP address. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Looking for openoffice resource
From: Kevin Saenz [EMAIL PROTECTED] Hi all, I want to develop some openoffice apps where I can collect data from a user and input the information into a spread sheet. Can anyone point me to some helpful list to help me out? TIA Kevin Saenz One area is Analysis of Financial Markets. Many users of these analysis would input data using spread sheets; then massage the data; and present the resulting data in many forms like indexes, charts, graphs, dependencies, etc. The problem is these processes is manual intensive. So, a user is limited by time and effort to produce the relevant, timely, and comprehensive data to make it worthwhile in terms of investments as the data becomes obsolete very quickly. If you can come up with a solution you may have a worthwhile product. Good luck. Oscar Plameras http://www.acay.com.au/~oscarp -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Netgear MA521 Wireless Card
Does anyone know if there is linux driver for Netgear MA521 Wireless Card ? Or the chipset manufacturer ? Have enquired from Netgear but no response yet. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Stock market software and WinXX
From: David [EMAIL PROTECTED] I've prided myself on not using Win**, but the desire to play the stock market has brought me undone. Two questions arise, given that I really don't want to dual-boot. first: Is it feasible to run IE under wine, win4lin, crossover or any other reasonable solution. The specific application is some strange downloaded thing from a company called AOT online stock broking. I have no idea what it is unfortunately, although I suspect it's Java. I've also heard that the latest CommSec offering is windows only .. .some sort of .exe download. If anyone has any cluesticks on this stuff I would be mightily appreciative. second: Is there any company out there that has a real-time on-line stockbroking solution that is cross-platform? I use Mozilla on RH 9 RH 8 to trade on WWW.Commsec.com.au. And works well for me. Complementary to this, there is Market Analysis program that runs on linux (it also runs on dos if you prefer) that you can download from eiffel-mas.sourceforge.net that you can parametize to give you an analytic view of your portfolio. It can alert, highlight, etc based on your preferred parameters. It is free too. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] How do group permissions work?
On Sat, 2003-10-18 at 18:21, Simon Bryan wrote: All my staff are in two groups, popusers is their primary group and staff is the secondary group. Below is part of a directory listing, I would have thought that anybody in the 'staff' group would have full control. However they can generally negotiate through the directories until they hit one with files in and then they get 'permission denied' When they are on the local network they access the files with no problems from Windows workstaions using SAMBA. I have subsequently set the permissions to 776 and the owners to nobody.staff for the whole directory. This solves the access problem...but They are accessing the directory through a system called AUC which is a 'curriculum content management system, with email and discussion boards' etc and is in fact a large cgi script. Is it feasible that the cgi is not recognising them as being members of the staff group? If so any ideas on how I would 'fix' it? Yes, your cgi is unable to gain permission to staff group. I suspect your cgi(httpd) is running as owner='nobody' and group='nobody'. I suspect that your 'smbd' and 'nmbd' daemons are running as owner='root' and group='root'. So, it does not matter to SAMBA what your owner permissions because then your group permission='staff'. Given that the above configuration is implemented, I suggest you change your cgi(httpd) owner='nobody' and group='staff' and restart 'httpd'. But be aware that by doing so your cgi will have added permissions to any file and directory with group='staff' within your 'httpd' space in addition to the ones in your list below. Incidentally, I noticed that some of your directory permissions are 'drwxrwxrwx'. This set of permissiions, as you know, allow anybody to 'rwx' in these directories including create and execute those files. If this is not what you intended, you may want to reconsider this permission to at most something like, 'drwxr-xr-x'. This means that group='staff' may scan the directories and write to files within these directories provided these files have the appropriate permissions. The group cannot create files within these directories with the above permissions. drwxrwxrwx 20 root staff4096 Oct 17 12:13 . drwxrwxrwx4 root root 4096 Oct 10 11:10 .. drwxrwx---2 root staff4096 Oct 15 09:55 Admin drwxrwx---2 nobody staff4096 Oct 17 12:23 BOARD drwxrwx---5 root staff4096 Aug 18 11:45 BookIt drwxrwx---2 root staff4096 Sep 11 07:08 BOS drwxrwx---6 root staff4096 Oct 10 11:29 CoCurricular drwxrwx--- 10 root staff4096 Oct 10 11:23 Curriculum_Coordinator drwxrwxrwx4 root staff4096 Oct 10 11:15 Director_of_Mission drwxrwx---2 root staff4096 Oct 16 11:50 Excursions drwxrwxrwx 17 root staff4096 Oct 13 21:14 LearningAreas drwxrwx--- 17 root staff4096 Aug 27 13:37 Literacy drwxrwx---4 root staff4096 Oct 15 16:42 MAGAZINE 2003 drwxrwx---2 root staff4096 Oct 16 07:57 NEWSLETTER ITEMS drwxrwx---9 root staff4096 Aug 4 14:00 Parramatters drwxrwxrwx8 root staff4096 Oct 15 14:49 PastoralCare drwxrwx---3 root staff4096 Oct 10 11:22 Peer_support drwxrwx---2 root staff4096 Sep 30 14:37 ProfDev drwxrwx---2 nobody staff4096 Oct 15 12:39 Technology Bulletin drwxrwxrwx3 root staff4096 Oct 10 11:19 TechSupport -rwxrwx---1 nobody staff 26624 Oct 15 17:33 WORKFLOW STEPS.doc -rwxrwx---1 nobody staff 19968 Oct 15 16:30 Year 11 Retreat.doc Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Gentoo
From: dencar [EMAIL PROTECTED] On Wednesday 15 October 2003 05:40, Oscar Plameras wrote: I've prepared a presentation called About Gentoo for people who think its a crazy idea. It's on offer as a SLUG talk if anyone is interested. So, I'd be keenly interested to know what Gentoo has to offer. On my K6-3 450, 350mb ram, system a stage1 install took 72 hours, including download of KDE (48 hours) using the default 'use' flags. Kde still won't start automatically from runlevel 5, the kernel (installed using genkernel is corrupt and contains messages: wrong loader,giving up, linux fatal error, A20 gate not responding, refuses to access high mem, no setup signature found, incomplete literal tree, incomplete distance tree, out of memory, memory error, malloc error, ran out of input data, system halted, OK booting the kernel, invalid compressed format, to quote a few.) Remarkably the system boots from the HD but not from a boot disk - it quits when it runs out of input data. Also, none of my awe sound is installed nor is the nominated ext3 file support compiled and, when I tried to recompile, lo and behold the sis kernel driver is broken. Gentoo takes me back to RH 5.1 days, with less satisfaction so far, but I'll persevere. I wish you luck. dencar So, what distro do you use at this time ? What do you mainly use it for ? Workstation ? Server ? Gateway ? Firewall ? Specialist application ? Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Gentoo
I've prepared a presentation called About Gentoo for people who think its a crazy idea. It's on offer as a SLUG talk if anyone is interested. Yes, I'm interested in this presentation. I've used Yggdrasill and Slackware in the past. I liked these distros for their flexibility in terms of building components and applications; mixing and matching versions, etc. I currently use RH because it is the one that is readily available on CD distribution from my supplier. My main interest with Linux are as 'Servers', 'Gateways', and 'Firewalls'. I hardly use 'rpm' to build components and applications because I follow the latest versions of 'apache', 'php', 'mysql', 'cyrus-sasl', 'ldap', 'postfix', and 'horde' and I cannot be bothered building rpms. So, I'd be keenly interested to know what Gentoo has to offer. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Gentoo
From: Mike MacCana [EMAIL PROTECTED] On Wed, 2003-10-15 at 05:40, Oscar Plameras wrote: I hardly use 'rpm' to build components and applications because I follow the latest versions of 'apache', 'php', 'mysql', 'cyrus-sasl', 'ldap', 'postfix', and 'horde' and I cannot be bothered building rpms. That's a very interesting comment, and one that's pretty common. IIRC, all the apps you've mentioned use GNU autoconf. Since RPM is designed around building from source (including macros that run configure and make with options to specify correct FHS locations, install files in a temporary dir for later capture for includion in a package, and compile with particular options) it shouldn't take you more than a minute to package any of these applications from source. I'm not a Linux expert by any means, but I find it trivially easy to package just about anything - I build a lot of applications from source, and like being able to install them in (what I percieve to be) the correct fashion - installableon other systems, uninstallable, with upgrading and querying and verification and all that other useful stuff. I suggest you (and most Linux users who know how to build from source unpackaged, but not create RPMs) take a look at RPM again. It really isn't that hard. You described it so easy to build components using 'rpms'. Are you able to post a packaging script that is readily modifiable with building 'HORDE' and all its components ? As you probably know, 'HORDE' with all its components are dependent on all the applications that I mentioned plus more. I have shell (not rpms) scripts that I kick off each time I want to build 'HORDE' with each newer versions as they become available. I would be most grateful if you can and thanks. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Gentoo
Thanks, Mike. On Wed, 2003-10-15 at 06:41, Oscar Plameras wrote: From: Mike MacCana [EMAIL PROTECTED] On Wed, 2003-10-15 at 05:40, Oscar Plameras wrote: I hardly use 'rpm' to build components and applications because I follow the latest versions of 'apache', 'php', 'mysql', 'cyrus-sasl', 'ldap', 'postfix', and 'horde' and I cannot be bothered building rpms. it shouldn't take you more than a minute to package any of these applications from source. Are you able to post a packaging script that is readily modifiable with building 'HORDE' and all its components ? If you just want a bianry horde, visit: http://ftp.horde.org/pub/RPMS/rh9/ If you want a customzied build... 1. grab the source packages from http://ftp.horde.org/pub/SRPMS/rh9/ 2. Install them with rpm -Uvh *.src.rpm 3. Edit /usr/src/redhat/SPECS/(package).spec 4. Append any custom options you want after the `%configure' bit. 5. Install rpm-build, and run rpmbuila -ba (package).spec Install the resulting custom package. Mike -- __ Mike MacCana ConsultantRHCX, MCSE, MCP+I Cybersource: Providing Quality IT Professional Services for 11 Years Specialists in Unix/Linux, TCP/IP and Web Application Development Level 4, 10 Queen St, Melbourne. Ph : 03 9621 2377 Fax: 03 9621 2477 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
From: David [EMAIL PROTECTED] Is there a way of figuring out what IP numbers are located in .au? IP number allocations for '.au' is arbitrary dependent on the owner of the IP number. However, owners of IP numbers obtaining these numbers in Australia are assigned a range of 203.0.0.0 to 203.63.255.255 Once these Australian owners have their numbers they are free to assign their numbers to whatever suffix they require. So, '.au' may or may not be assigned a number in this range. I know I can reverse look up and test for .au but that doesn't always work. I assume that somewhere there must be a list of allocations. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] per user ip accounting suggestions?
From: Sonia Hamilton I've looking for a package that allows me to do per-user accounting (ie bandwidth used for each user in /etc/passwd for different time periods/protocals/etc). Any pointers to a package I could use? Check, http://www.freeradius.org and/or http://www.fwtk.org Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] per user ip accounting suggestions?
From: David Kempe [EMAIL PROTECTED] Sorry Oscar, I don't understand, how would freeradius help? Freeradius is the gpl version of 'radius' that does 'AAA' or 'Authentication, Authorization, and Accounting'. It may be configured to record 'connect time', duration, incoming traffic in bytes, outgoing traffic in bytes, and other things that get recorded into a log file. A script could then be written to summarise the log file info to obtain desired results. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] per user ip accounting suggestions?
From: David Kempe [EMAIL PROTECTED] It may be configured to record 'connect time', duration, incoming traffic in bytes, outgoing traffic in bytes, and other things that get recorded into a log file. A script could then be written to summarise the log file info to obtain desired results. that may be for ppp connections, but I am fairly sure the original poster wanted a per-user from a single host accouting solution. otherwise ipac-ng would provide adequate functionality That was not clarified. That is why I cited an alternative, http://www.fwtk.org More selections and alternatives are better than one. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Firewall / router for BigPond
Dear list, Before I reinvent the wheel. I am looking at using VNC to control Win98 boxen remotely. I need a firewall / router for basic protection, is there any cheap routers eg DLink that are worth it? It is easy enough to just use IPTables but is there a template / pre-written rules floating around. I have Linux kernel version 2.4.20. I am using templates. You may find these at, http://www.acay.com.au/~oscarp/howto There are two scripts: 1. 'firewall-2.4.sh' is fired up with 'start', 'stop', or 'restart' as required, as follows: firewall-2.4.sh start. 2. 'rc.firewall-2.4' is the script that kicks off when script on '1.' is selected with a 'start' parameter Please note to modify 'rc.firewall-2.4' for your requirements. Please also note Linux Kernel version requirements and all legal stuff as indicated within these scripts. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: ADSL uptake is smalll. Re: [SLUG] Yuk
doug foskey wrote: Lucky city-ites with cable ADSL. Most people in the city can not get ADSL either. a) Because they are too far from an exchange and b) The technology only allows a few adsl services in each cable. How about making a little research and try WIRELESS. Check, http://www.nodedb.com/australia/nsw/sydney/ More and more hobbyist are only willing to share resources. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: ADSL uptake is smalll. Re: [SLUG] Yuk
Oscar Plameras wrote:
This is not a personal attack on anyone!
doug foskey wrote:
Lucky city-ites with cable ADSL.
Most people in the city can not get ADSL either.
a) Because they are too far from an exchange and
b) The technology only allows a few adsl services in each cable.
How about making a little research and try WIRELESS. Check,
http://www.nodedb.com/australia/nsw/sydney/
Yep, that is pretty good advice about research {;-).
We are talking 802.11b, which is 11 channels of 10Mb/sec stuff (on a
good, clear day) less that taken up by mobile base phones, toys,
garage door controllers, etc, etc, then divided by the population of
Sydney!
Do not channels ('or freeways on AIR') multiplexed ('or shared')
instead of dedicated ?
Dang that old 300 baud modem is starting to look really fast folks.
The limiting problem on wireless technology is to get the bandwidth for
everyone, you end up frying the user. Wireless works well in an open
office.
Because data and voice traffic multiplexed it is incorrect to assign
bandwidth on a one-to-one correspondence.
More and more hobbyist are only willing to share resources.
You obviously have never frequented the australian wireless list where
you would be told time and time again that this sort of activity is
illegal and you need a carrier liscence (sp?) for it.
Without being cynical can you advise which legal document says
operating 802.11b would require some form of 'carrier license' ?
Is a 'carrier license' required to install a remote garage or gate
control, etc.?
Been there, done that, have 7 listings in the node list, got the
t-shirt, ran the WUG, gotta better things to do, i.e. I got fed up with
people who didn't get past the sales brouchure from the wireless sleazes
and had NAC (not a clue).
And I still haven't solved the problem of how to legally get a 10 metre
mast up to service the one person 3kms away (who can not get adsl) with
a clue.
Can you elaborate why ? Is it cost ? Is it technical ? Is it logistics ?
The attitude should be that I'm not discouraged just because someone
tells me it is not possible.
Oscar Plameras
http://www.acay.com.au/~oscarp/disclaimer.html
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Anyone know where SuSE hide their kernel .config file?
Under /usr/src after installing the kernel source package in SuSE 8.1, you get a directory 2.4.19.SUSE, but I can't find the config file that shows what options they compiled it with. There is also a hidden file like, '.config' that holds options compiled into the kernel in that or kernel-2.4.19 directory. Everytime a 'make config', 'make menuconfig', etc., is processed this file is updated. Then, the next process which is a 'make' obtains options from this hidden file when kernel is compiled. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Athlon not cool in Linux
Russell Davie wrote: Linux runs the athlon 1.2GHz in this box to a steamy 46.5C This is hot? My athlon (xp1600+) consistantly runs in the mid to high fifties and creeps into the high sixties and (rarely) low seventies on a hot summers day (on Windows XP also). This is despite having a larger heatsink and fan fitted to the cpu and having extra case fans fitted. I was reassured that these temps are ok, is this the case? These temperatures are within acceptable operating temperatures. Check here, http://www.heatsink-guide.com/maxtemp.htm You may need to know about measurements corrections here, http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/2623 7.PDF Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] seg fault in passwd, can I 'rpm passwd' ?
Try this:
#strace passwd xx 21
enterpassword
enterpassword
#more xx
will advise what's happening and correct accordingly.
** Reply to note from Vic [EMAIL PROTECTED] Wed, 10 Sep 2003 17:50:00
as root, strace passwd voytek, see how far it ges before segfaulting..
it won't work as a normal user as passwd is setuid..
hmmm, I just tried with what the passwd tool called 'bad, too short' ,
AND, *it worked*.
# passwd voytek
Changing password for user voytek.
New password:
BAD PASSWORD: it is too short
Retype new password:
passwd: all authentication tokens updated successfully.
# passwd voytek
Changing password for user voytek.
New password:
(data fseek failed): Invalid argument
Segmentation fault
last 24 lines
read(5, , 4096) = 0
getuid32() = 0
open(/etc/passwd, O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=4526, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40
021000
read(6, root:x:0:0:root:/root:/bin/bash\n..., 4096) = 4096
close(6)= 0
munmap(0x40021000, 4096)= 0
_llseek(4, 20480, [20480], SEEK_SET)= 0
read(4, g\6\0\36h\6\0gh\6\0\255h\6\0\3i\6\0Ji\6\0\226i\6\0\362..., 4096)
= 409
6
fstat64(3, {st_mode=S_IFREG|0600, st_size=828083, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40
021000
_llseek(3, 18446744072216379392, 0xbfff8040, SEEK_SET) = -1 EINVAL
(Invalid argu
ment)
write(2, (data fseek failed): Invalid arg..., 38(data fseek failed):
Invalid a
rgument
) = 38
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
[EMAIL PROTECTED] root]#
Voytek Eymont
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Potential Obstacles for Open Source
Iuse to checkthis site and suddenly the info on the first page is somewhat concerning. http://www.mrtg.org How would you like to pay for trivial things that we do on the net and to which have been so accustomed for free, much more pay for software from the essential ones and others we can not do without and for free ? Has anyone got additional info on this ? Thanks in advance. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Help/Info pls re ADSL
Hi Bill, ADSL as the technician advised use copper line and is not good with RIM. ADSL is digital (ISDN technology) from exchange to your home using copper lines. RIM is analog to digital at exchange, then trasmitted over fibre, and then digital to analog at distribution box in your area where your phone is now connected. Two different 'last mile' technologies. Suppliers of phone services prefer RIM as it is easier to install, simpler by technology, and less costly to maintain. But as far as internet customers are concerned there are two major disadvantages. First, when you connect to your ISP using 56Kbps modem your best download rate is 33Kbps because you lose speed at the two points of conversion. One at the exchange and another at the distribution box. Secondly, you cannot have your phone line and ADSL on the same line as ADSL uses ISDN technology, which is digital transmission on copper. Now, that you have your phone(s) on RIM, when ADSL is installed it will hang off copper lines and you end with two independent lines. The simplest would have been ADSL and your phone to hang off the same copper lines. Of course you can always ask to transfer your phone line to hang off the same copper lines as your ADSL which should have been done in the first place except that your ADSL supplier and your phone supplier do not talk to each other and would not be able coordinate the work and the type of connection. What I will do if I were in your situation is phone your ADSL supplier ASAP and advise of the situation. I'm pretty sure they can help as you have contracted them to supply the service and I assume they have accepted or committed. Good luck. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html Today I finally had the phones connected at our new house. I have the house wired for cable/data/phone with cat5 - 2 separate phone cables - 1 for our part of the house and 1 for my Mother's part. Two cables have been laid and connected and both connections work. It has taken nearly 3 months to get these connections. When the technician had finishedtoday I asked if our line was ADSL suitable. He said that both lines were pair-gained to a RIM at the Tower, but that there were plenty of copper connections available ( to the exchange I assume), and that our line would be changed to full copper when I requested that ADSL be connected. He said that the work order was for 2 pair-gained connections. All of this despite the fact that during this whole process I kept reiterating that I wanted a line suitable for ADSL, and the fact that my Mother's old house, which we demolished 14 mths ago in order to build this new house, had a full copper connection (verified by the technician today), and that she retained her existing phone number by having it redirected to our phone at our current residence. In other words, her phone was never disconnected and therefore I believe that the full copper connection should have been retained. Apart from signing up for an ADSL account with an ISP (not BigPond), is there any other way to get a full copper connection to the exchange? ie does a fax line require this? As we will not be taking up residence until we have sold our current home I would like to get this phone line fixed in advance. The only other alternative that I can think of is to get ADSL connected, then dial-up from one house to another and connect to the 'Net remotely. Being a relative 'newbie' in many aspects of linux, I'm not sure if I could manage this. On Monday I will be again calling my contact person at Telstra's complaints line ( that is how we finally gained the connections), and any info/advice re the above matters would be appreciated. Bill [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Help/Info pls re ADSL
There is another disadvantage. You pay two X installation fees instead of one. Oscar Plameras http://www.acay.com.au/~oscarp/rss.html (May Take Minutes on Slow Networks) Hi Bill, ADSL as the technician advised use copper line and is not good with RIM. ADSL is digital (ISDN technology) from exchange to your home using copper lines. RIM is analog to digital at exchange, then trasmitted over fibre, and then digital to analog at distribution box in your area where your phone is now connected. Two different 'last mile' technologies. Suppliers of phone services prefer RIM as it is easier to install, simpler by technology, and less costly to maintain. But as far as internet customers are concerned there are two major disadvantages. First, when you connect to your ISP using 56Kbps modem your best download rate is 33Kbps because you lose speed at the two points of conversion. One at the exchange and another at the distribution box. Secondly, you cannot have your phone line and ADSL on the same line as ADSL uses ISDN technology, which is digital transmission on copper. Now, that you have your phone(s) on RIM, when ADSL is installed it will hang off copper lines and you end with two independent lines. The simplest would have been ADSL and your phone to hang off the same copper lines. Of course you can always ask to transfer your phone line to hang off the same copper lines as your ADSL which should have been done in the first place except that your ADSL supplier and your phone supplier do not talk to each other and would not be able coordinate the work and the type of connection. What I will do if I were in your situation is phone your ADSL supplier ASAP and advise of the situation. I'm pretty sure they can help as you have contracted them to supply the service and I assume they have accepted or committed. Good luck. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html Today I finally had the phones connected at our new house. I have the house wired for cable/data/phone with cat5 - 2 separate phone cables - 1 for our part of the house and 1 for my Mother's part. Two cables have been laid and connected and both connections work. It has taken nearly 3 months to get these connections. When the technician had finishedtoday I asked if our line was ADSL suitable. He said that both lines were pair-gained to a RIM at the Tower, but that there were plenty of copper connections available ( to the exchange I assume), and that our line would be changed to full copper when I requested that ADSL be connected. He said that the work order was for 2 pair-gained connections. All of this despite the fact that during this whole process I kept reiterating that I wanted a line suitable for ADSL, and the fact that my Mother's old house, which we demolished 14 mths ago in order to build this new house, had a full copper connection (verified by the technician today), and that she retained her existing phone number by having it redirected to our phone at our current residence. In other words, her phone was never disconnected and therefore I believe that the full copper connection should have been retained. Apart from signing up for an ADSL account with an ISP (not BigPond), is there any other way to get a full copper connection to the exchange? ie does a fax line require this? As we will not be taking up residence until we have sold our current home I would like to get this phone line fixed in advance. The only other alternative that I can think of is to get ADSL connected, then dial-up from one house to another and connect to the 'Net remotely. Being a relative 'newbie' in many aspects of linux, I'm not sure if I could manage this. On Monday I will be again calling my contact person at Telstra's complaints line ( that is how we finally gained the connections), and any info/advice re the above matters would be appreciated. Bill [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] URGENT: Please help, Mail problem (FROMField=NOBODY....change?)
One approach is to format each line command as follows: su username -c mail -s subject [EMAIL PROTECTED] /tmp/mailout.$$ This assumes your system knows to append '@mydomain.com' to yield '[EMAIL PROTECTED]' and you are running in super shell. Oscar Plameras www.purl.org/net/aboutme - Original Message - From: Jared Pritchard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 4:16 PM Subject: [SLUG] URGENT: Please help, Mail problem (FROM Field=NOBODYchange?) Hi - I'm new to this group, and relatively new to linux (I work in it every day and have done for the past 8-10months or so - but it has been all in VI editing HTML PERL scripts etc. so no specific linux commands besides the basics) but now I have reached a point in the PERL scripts that it sends emails out to a list of users... however, when they receive them, it is addressed from 'nobody'. We REALLY REALLY need to change that!!! I use the command 'mail' in the form mail -s subject [EMAIL PROTECTED] /tmp/mailout.$$ I cannot find an option in the 'mail' man pages that allows me to specify the 'from' section, and I am assuming that it is the 'user' that sends the email that fills in that position. Maybe the user is guest, or nobody or whatever - i don't know :/ How can I change the user or specify the 'from' field in the email without using a different mailing program? I need it to be admin or something - If I have to change mail programs, I will opt for sendmail in the short term, so what I would need the correct syntax to accomplish the same as above WITH from defined as well :) (the man pages for sendmail weren't much help in this regard) Any help will be muchly appreciated!!! Regards, Jared Pritchard -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Back trace on an email (St. George Hoax)
Thanks for that. But I am not trying to track these people down. If I was then your answer would be very good. What I am trying to do is to learn how to work backwards through the delivery chain to work out where the email originated. Examine the message header by working backwards from the top most. I receieved your post, for example, from [EMAIL PROTECTED] as indicated below, which originated from etc, etc. Return-Path: [EMAIL PROTECTED] Received: from mailgate2.mci.tel-pacific.com (mailgate2.mci.tel-pacific.com [203.88.255.24]) by acaymail.tel-pacific.com (8.12.8/8.12.8) with ESMTP id h7M4coR8008227; Fri, 22 Aug 2003 14:38:50 +1000 Received: from maddog.slug.org.au (slug.progsoc.uts.edu.au [138.25.7.4]) by mailgate2.mci.tel-pacific.com (8.11.6/8.11.6) with ESMTP id h7M4bWc03492; Fri, 22 Aug 2003 14:37:33 +1000 Received: from maddog.slug.org.au (localhost [127.0.0.1]) by maddog.slug.org.au (Postfix) with ESMTP id 08F6810A7D3; Fri, 22 Aug 2003 14:48:58 +1000 (EST) Delivered-To: [EMAIL PROTECTED] Received: from andrewm.localdomain (unknown [203.82.163.19]) by maddog.slug.org.au (Postfix) with ESMTP id 7135F10A7D5 for [EMAIL PROTECTED]; Fri, 22 Aug 2003 14:48:15 +1000 (EST) Received: from andrewm (localhost [127.0.0.1]) by andrewm.localdomain (8.12.8/8.11.6) with ESMTP id h7M4Ykj3002884; Fri, 22 Aug 2003 14:34:46 +1000 Date: Fri, 22 Aug 2003 14:34:45 +1000 From: Andrew Monkhouse [EMAIL PROTECTED] To: Kevin Saenz [EMAIL PROTECTED] Subject: Re: [SLUG] Back trace on an email (St. George Hoax) Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: [EMAIL PROTECTED]; from [EMAIL PROTECTED] on Fri, Aug 22, 2003 at 14:27:46 +1000 X-Mailer: Balsa 2.0.6 Lines: 14 Cc: [EMAIL PROTECTED] X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.1.1 Precedence: list List-Id: Linux and Free Software Discussion slug.slug.org.au List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Subscribe: http://lists.slug.org.au/listinfo/slug, mailto:[EMAIL PROTECTED] List-Archive: http://lists.slug.org.au/archives/slug List-Unsubscribe: http://lists.slug.org.au/listinfo/slug, mailto:[EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Status: Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PHP strtotime() function problem
I am trying to use the PHP strtotime() function in this manner
$testdate = strtotime('1969-12-31');
in order to return a UNIX timestamp.
This will return -1 (bogus date) as you said.
My understanding is that UNIX time stamps can be negative to indicate
dates prior to 1 Jan 1970.
Is this assumption correct?
This is correct.
You may refer to (PHP 3 + 4):
http://www.acay.com.au/~oscarp/php/index.html
The problem is that any valid date prior to 1 Jan 1970 causes the function
to fail and return the value -1 and that is taken as a valid timestamp.
When it returns -1, it is to be interpreted as bogus date. Any date prior
will return -1.
What function should I be using to get a timestamp for a date prior to 1
Jan 1970?
What I'll do in my case will be to construct a php function to do the task
when
date is before '1 Jan 1970' using the available date functions. Perhaps, an
associative array.
Oscar Plameras
http://www.acay.com.au/~oscarp/disclaimer.html
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Benefits of source distro (Gentoo) somewhat elusive :-)
using Gentoo or LFS (scary thought) for a production Linux server is probably the dumbest thing you'll ever do involving Linux... the maintenance nightmare alone... gcc optimisation levels don't make a massive difference from a lot of real-world POVs, I'd like to see some useful real benchmarks but it still wouldn't be worth the hassle of a re-building everything from source just to get that small improvement.. it would probably have to be worth 10-15% speed to make it worth the hassle.. you know you can also re-build RH and Debian with higher optimisations you could in theory get all the RH SRC RPM and --rebuild them with higher opts on .. We used to have about 70, more or less, Linux and FreeBSD servers and gateways. We started to deploy these servers in 1993 when the fastest CPU was 386sx. We used Yggdrasill distro when Linux was version 0.98. Then, we switched to Slackware two years later when Linux was version 1.+. And we always build the kernel from scratch. It takes several hours like half a day or more to rebuild at that time. At this time, it takes less than an hour on fast PCs. We rebuild to optimise, i.e., take away the unnecessary bits and pieces or modules, to make the kernel leaner and faster. We also rebuild for security and to standardise administration. When the kernel is simpler there are less modules to be concerned about as far as security management is concerned. It is also simpler to administer because when things went wrong we focused our investigation on fewer modules rather than the entire range of modules that came with the distro including those we never hope to get understanding about. A third reason to rebuild was for specific configurations requirements. A number of our firewalls were running on these Linux and FreeBSD and our configuration requirements are to disable IP Forwarding and multicasting which is by default set to ON, amongst other requirements. We also build, rebuild, and upgrade servers on a periodic basis. Is it that difficult to manage ? Not at all. We had a toolbox of scripts that we used to rebuild depending on the configuration. Once, the distro is installed we run the specific script and leave the machine alone until the job is completed. I have not used the Gentoo myself but I've used a couple of their scripts which I grabbed from the Internet. These two scripts have saved me tremendous time and effort. So, after all, Gentoo's are like nice guys to me. And so, are most Linux distro's. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PHP and includes: outside/inside of web root ?
When I first installed PHP with Apache 1.3x, we specified the 'include' path directive to be 'above' the web server's root, so that a browser could NOT access it, and, all the PHP inc files were placed there, inaccesible to any brower. looking at variety of php scripts/apps, these come with an 'includes' directory below the application directory There are a number of ways to access your includes. 1.You put them under the file trees of your 'htdocs'. 2. Put them in a sub-directory of PHP/lib. 3. Put it anywhere in your file system and define an 'alias' in your httpd.conf. For example, If your current includes are in /appl/phpinclude, your entry in httpd.conf .. Alias /phpinclude/ /appl/phpinclude/ Directory /appl/phpinclude/ Options Indexes Multiviews AllowOverride none Order allow, deny Allow from all /Directory .. The /phpinclude/ will appear as a directory under your htdocs like so: htdocs/phpinclude Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Apache vhost logs and file descriptors limits: individuallogs vssingle log
looking at some of the Apache docs on vhosting states in part: - /manual/vhosts/mass.html ... The main disadvantage is that you cannot have a different log file for each virtual host; however if you have very many virtual hosts then doing this is dubious anyway because it eats file descriptors. It is better to log to a pipe or a fifo and arrange for the process at the other end to distribute the logs to the customers (it can also accumulate statistics, etc.). There is a way around. You can have separate log files for each virtual host. Assign ip number for each virtual host. You may also need encryption between your server and clients for security, in these times when users have snippers, tcpdump, and ethereal. So, ip numbers for each virtual host is a must. To assign ip numbers, I have In my /etc/rc.d/rc.local snip ifconfig eth0:0 192.168.1.5 ifconfig eth0:1 192.168.1.6 ifconfig eth0:2 192.168.1.7 (Note:Replace 'eth' accordingly, depending on your Network Card) Then, in your forward named (BIND) database, snip learn IN A 192.168.1.5 manual IN A 192.168.1.6 testIN A 192.168.1.7 Ensure to configure reverse named (BIND) database, too, namely: snip 5INPTRlearn.noy.com.au. 6INPTRmanual.noy.com.au. 7INPTRtest.noy.com.au. And, in your httpd.conf, VirtualHost learn.noy.com.au ServerAdmin [EMAIL PROTECTED] DocumentRoot /home3/noy.com.au/learn ServerName learn.noy.com.au Errorlog /home3/noy.com.au/learn/logs/error_log TransferLog /home3/noy.com.au/learn/logs/access_log Files ~ ^\.ht .inc Order allow,deny Deny from all Satisfy All /Files /VirtualHost # VirtualHost manual.noy.com.au ServerAdmin [EMAIL PROTECTED] DocumentRoot /home3/noy.com.au/manual ServerName manual.noy.com.au Errorlog /home3/noy.com.au/manual/logs/error_log TransferLog /home3/noy.com.au/manual/logs/access_log Files ~ ^\.ht .inc Order allow,deny Deny from all Satisfy All /Files /VirtualHost # VirtualHost test.noy.com.au ServerAdmin [EMAIL PROTECTED] DocumentRoot /home3/noy.com.au/test ServerName test.noy.com.au Errorlog /home3/noy.com.au/test/logs/error_log TransferLog /home3/noy.com.au/test/logs/access_log Files ~ ^\.ht .inc Order allow,deny Deny from all Satisfy All /Files /VirtualHost Have some fun. http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] UPS for Linux environment
Can anyone recommend a UPS for a linux environment? I suggest to check this, http://www.acay.com.au/~oscarp/howto/UPS-HOWTO -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] mixED CAse to lower.case ?
There are tons of ways to 'skin a cat' they say.
Bash'yer and simpler, the better for me.
I rely on 'shell' or 'bourne' scripts the 'natural' language
for my ways.
Renaming of files posed in this thread, for example, I have:
$cat /appl/bin/mv.sh
#!/bin/bash
# rename files with uppercase names to lowercase
for i in `cat fle.txt`
do
mv $i `echo $i | tr '[A-Z]' '[a-z]'`
done
$ls -l /appl/bin/mv.sh
-rwx-r-x--- 1oscarp71 Jul 31 11:19 mv.sh
$ls * fle.txt
$cat fle.txt
jd.JPG
bj.JPEG
$/appl/bin/mv.sh
$ls *
jd.jpg
bj.jpeg
$
Here's a handy perl script which lets you use perl statements to modify
file names. It may be the same thing as your rename program or not -
rename is not a standard item in all distributions.
--
#!/usr/local/bin/perl
# rename script examples from lwall:
# rename 's/\.orig$//' *.orig
# rename 'y/A-Z/a-z/ unless /^Make/' *
# rename '$_ .= .bad' *.f
# rename 'print $_: ; s/foo/bar/ if stdin =~ /^y/i' *
$op = shift;
for (@ARGV) {
$was = $_;
eval $op;
die $@ if $@;
rename($was,$_) unless $was eq $_;
}
--
To do it recursively, you'd combine it with find and xargs:
find . -print0 | xargs -0 rename 's/\.JPE?G$/.jpg/i'
that will turn .JPG, .jpeg or .JPEG suffixes into .jpg
http://www.acay.com.au/~oscarp/disclaimer.html
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Static Routes 101
But how do I add the following Static routes? 172.31.0.0/16 to 192.168.0.252 route add -net 172.31.0.0 netmask 255.255.255.??? gw 192.168.0.252 I've never used the 172.31.0.0/16 form, so I don't know if it works. '172.31.0.0/16', is another way of writing '172.31.0.0 netmask 255.255.0.0' (Note: '172.31.0.0 netmask 255.255.255.0' is another way of writing '172.31.0.0/24'). and these mean we are describing several networks not several hosts. So, static routing of 172.31.0.0/16 to 192.168.0.252 should be, #route add -net 172.31.0.0/16 gw 192.168.0.252 or if you prefer #route add -net 172.31.0.0 netmask 255.255.0.0 gw 192.168.0.252 Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] transparent bridging?
From: Sonia Hamilton [EMAIL PROTECTED] Is it possible to setup a linux box as a transparent bridge? Yes you can. Check http://bridge.sourceforge.net Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html http://www.acay.com.au/~oscarp -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions sought: Exim vs Sendmail
From: [EMAIL PROTECTED] On 30 Jun, Oscar Plameras wrote: The reason is as follows: Number of IPV4 addresses = 255*255*255*255 * 50 bytes (your allocation) = 4,228Mb * 50 = 202,280MB A cache isn't a complete copy. You store what you allow room for, and fall back to your normal mechanism if the entry isn't in the cache. You use LRU typically after the cache fills. Just a point of clarification: Cache is structrured data, or data list, or list, kept in CPU MEMORY all the time and maybe used by a software to locate other informatioin or to manipulate information. Database is structured data, or data list, or list, kept in DISK STORAGE and maybe used by a software to locate other information or to manipulate information. http://www.acay.com.au/~oscarp/disclaimer.html http://www.acay.com.au/~oscarp -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions sought: Exim vs Sendmail
From: [EMAIL PROTECTED] We had some problems at work with system lockups during periods of high email delivery load, due to the cost of the DNS lookups - on Linux. If a few hundred emails arivved for delivery at approximately the same time, it brought the machine to its knees, and took a long long time to recover, as more email arrived in the meantime. DNS BIND is always a difficult problem in terms of performance of an overall network. It is mostly because of the way DNS works and partly because of the i386 and Linux architecture as compared to Sun Solaris as you mentioned. In general DNS uses large chunks of CPU Memory area to store information it needs to do its job, namely to associate a Name with an Address or vice versa. The bigger the CPU Memory the better it becomes. This is not entirely true, though. This is not entirely so because by nature DNS information is scattered across the Internet, is changing all the time, and the best way to complete its job quickly is to have the most used information made ready in some place locally which is a portion of CPU memory and for DNS to predict and fetch just in time the information required. When that particular information is not in the list currently found in CPU memory DNS has to fetch this information from its peer DNS may be located locally and if not fetch from somewhere. The way it does this as we know is, it checks for this information from its peer or the upstream authoritative DNS and if it finds there, well and good the search is over. But if not the search continues on to the next upstream and so on. This fetching involves many conversation between the machines exchanging information. The speed depends on the bandwidth currently available and on the capacity of the authoritative server. This process is as fast as the slowest bandwidth or the slowest server upstream. Now, nobody would want to tie down an application running on a local machine just because it is waiting for the DNS in this same machine to complete its job of fetching information from its peer or upstream. So, if you have a local machine that works hard, do not put a DNS named to run on it. Either the application or DNS or both will suffer in their performance. Ideally, one would want all list to be stored in the local Memory but we know this is impossible and with the internet growing in leaps and bounds the list is growing bigger and faster by the day. Also, you would want a DNS software that predicts the information that will be requested just in time when it is required. Again this is a mammoth task and out there our technical friends have been trying. As I roughly recall from one of our sysadmin people's explanation, Solaris apparently doesn't suffer the same way since it caches in memory the DNS lookup results. The main difference between Sun Solaris and Linux lies in their architecture. Sun Solaris is engineered to use a number of little cpus with their exclusive memory and other buffer memory areas independent from the main CPU memory on a Sun Platform. Linux on the other hand because it relies on the i386 architecture the general and specialists operations are mainly integrated into a single CPU and the CPU memory areas. Perhaps Sun, IBM, Fujitsu, Hitachi, etc, with their own versions of Linux have modified Linux to perform optimized on their respective platforms. With Sun Solaris for example it has lots of buffer memory that goes with independent CPUs to perform specialists operations like buffering, direct memory access, etc., and therefore takes away the load from the main CPU and main memory. Relatively speaking, a Sun Platform as I see it is a number of i386 in one single box. So, a Sun Solaris with 256MHZ CPU with the some amount of memory is not comparable to a Linux on i386 with 256MHZ CPU even if there is one with the same amount of memory . That is why prices for the same CPU and MEMORY configuration of a box for these two are not also comparable. Apart from the differences in hardware make up, there are differences in terms of 'SMARTS' added to it. Hence, the analogy of comparing apples and oranges apply, or really it does not apply ? Seems like an obvious thing to do. Any hint that the appropriate Linux DNS component might be improved in the same way? It is extremely difficult if not totally impossible to have Linux on the i386 architecture as we know it today to come near a Sun Solaris in performance given that both have comparible configuration in terms of CPU and Memory. http://www.acay.com.au/~oscarp/disclaimer.html http://www.acay.com.au/~oscarp -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions sought: Exim vs Sendmail
From: [EMAIL PROTECTED] On 29 Jun, Oscar Plameras wrote: Ideally, one would want all list to be stored in the local Memory but we know this is impossible and with the internet growing in leaps and bounds the list is growing bigger and faster by the day. Also, you would want a DNS software that predicts the information that will be requested just in time when it is required. Again this is a mammoth task and out there our technical friends have been trying. Well, I can't see *any* difference between this problem and the classical caching problem. Your traffic typically has some coherency simply because communications tend to be between people who are in some kind of dialogue. It seems to me that the cost of storing an IP address as a string, plus a word for the decimal IP address, should cost roughly 50 bytes. I.e. I'd guess you should be able to cache about 20,000 addresses / Mb. I'd be surprised if any but very large organisations would receive email from more than that number of *domains* per day. The reason why it is impossible to store all list in local CPU Memory concurrently is, first, because of the physical limitations of the hardware under the current state of technologies. The reason is as follows: Number of IPV4 addresses = 255*255*255*255 * 50 bytes (your allocation) = 4,228Mb * 50 = 202,280MB Number of IPV6 addresses = we can only imagine this number If you have such a list, imagine the amount of cpu time required to search such a list every time an address is to be found. This is one reason why DNS BIND adopted its methodology and strategy. It is meant to prevent having a list that enlarges to such a huge list with out a way to control. The methodology and strategy is a compromise. And the Sysadmin decides how much to compromise by way of manipulating the configuration. Another reason why there is this limitation is that the complete list is scattered among DNS servers all across the Internet at any given time, the list changes every minute (names change, addresses change, addresses removed, addresses added and so on) and that a local DNS only knows about those addresses previously queried for which this local DNS and its authoritative DNS are answerable. If an address was not previously queried it will not get included in the cache. A single name change will instantaneously make a local list inconsistent with reality. And there are hundreds, perhaps thousands of changes, additions, and removals every minute. Incidentally, this is the reason why, when you stop and start a DNS server it takes a while for network throughput to return to normal depending on the number of clients in the network. The DNS cache, local or authoritative, is refreshed every so often, and is expired every so often so the addresses in cache for more than a period of time gets dropped and so the cache will never have the chance to retain the entire list. If one cache entry saves you thousands or even just tens of milliseconds, then setting aside some space would give a speed-up of at least 3 orders of magnitude. One can tune up the named to a point. Tuning up as you know is a compromise; you win some and you lose some and there is no one-way advantage. http://www.acay.com.au/~oscarp/disclaimer.html http://www.acay.com.au/~oscarp -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] MYOB performance over Samba share
Title: Message Hello Steve, I have used MYOB Premier on Samba Server previously. I have used it for about 7 years. There were 6 personssharingthe range of financial database, General Ledger, Payroll, Accounts Receivable, and Accounts Payable, and Asset Ledger. There were about 100 transactions a day. So, a small operations by many standards. My perceptiion then was that it was acceptable by our own standards. It depends on how many users are using the databases and how intense by way of transaction numbers concurrently. By the way, MYOB was not engineered for large volume transactions. And how many users and daily transactions do you have ? - Original Message - From: Steve Sulman To: [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:53 PM Subject: [SLUG] MYOB performance over Samba share Hello Good People, In trying to track down why MYOB Premier performs so badly when the PRM files are shared using Samba on Linux (2.2.8-1 on RH8), I came across several references on your mailing list archives, but no real solutions. Has anyone managed to get the performance up to par with sharing on an MS box? If you have any suggestions, I'd love to hear them to stop the accounts people nagging me! Many thanks, Steve Sulman. -- SLUG - Sydney Linux User's Group - http://slug.org.au/More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions sought: Exim vs Sendmail
From: Jeff Waugh [EMAIL PROTECTED] On Tue, 2003-06-24 at 04:04, Oscar Plameras wrote: It is also a good idea to take the /usr/local/sbin/named away to another FreeBSD/Linux box. DNS lookups is always a slow process and queues other processes particularly during Internet peak hours. Because the box is mainly Email services, and not transaction type application such as financial databases, it will help alleviate processing bottle neck by increasing the time between disc sync'ing as done by the (syncer) process. It wouldn't be a good idea to shift DNS away from the email server - much of what an MTA does is DNS lookups, so it is always a good idea to have a fast, caching name server on the local machine. Better throughput through better latency. Caching (or authoritative, for that matter, on an unbusy domain) DNS isn't a horribly expensive process. True, email services is dns service intensive. It demands both forward and reverse lookup services. So, when MTA requires DNS services it is serviced by named in the same box. First, the catch is, named is less important in this particular box with 0.0/1.6 percent CPU utilisation. Sustained CPU activity is more important for the main task done by spamd as indicated by 78.1/14.7 percent CPU/MEM utilisation. The fact that named has far less activity in this box is perhaps due to spamd being so aggressive and leaves little time for other processes to spawn when it should. By moving it to another box within the same network may make both named and spamd happier and livelier. Secondly, with named servicing the MTA in the box, it also answers service request from other services outside this particular box. It is that time that the DNS in this MTA box spends servicing others that we do not wish to loss in view of the capacity requirements for CPU utilisation by spamd. The advantage of named being in the same box as the MTA is negated and lossing more. It sounds to me like this network is rather busy with a number of domains and users being served. 60Gb of email data in a day alone tells the story. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] constant hard disk access
From: Ben Donohue [EMAIL PROTECTED] Hi Slugs, I have a Mandrake 9 box. Turn it on and after a week or so of running the hard disk access light seems to stay almost constantly on. This will continue for about a week and then stop back to normal ie very low activity. Give it another week or two and then another week or so of hard access again. If I reboot the box (ah windows training) the access is normal till a week or so and then heavy access all over again. I currently have no clue of where to start looking for what is causing this. It is not access from the internet or myself or others. Any pointers as to where to start (to help my Linux learning) would be greatly appreciated! First, look in /etc/cron.d, /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly, or /etc/cron.d. When files are present in a directory above a program is started. When that program is in cron.daily it is started every day; in cron.weekly it is started once a week, etc. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions sought: Exim vs Sendmail
From: [EMAIL PROTECTED]
On Mon, Jun 23, 2003 at 11:19:25AM +1000, James Gray wrote:
We are running into problems when we get a flood of
messages (50/minute)
as the whole mail filtering/scanning thing quickly chews up
all CPU time
Are you running SpamAssassin as a daemon (spamd)? I had this problem
when I first setup SpamAssassin because I was using the perl program
(spamassassin) to process each message. I changed to using
spamc/spamd
and it now has negligible impact on the cpu load.
Cheers,
John
Here's the pertinent details for the system concerned:
# ps aux | awk '{print $1 \t $3 \t $4 \t $10 \t $11}'
USER%CPU%MEMTIMECOMMAND
nobody 78.114.70:11.69 /usr/bin/spamd
root0.0 0.0 0:28.50 (pagedaemon)
root0.0 0.0 0:05.64 (vmdaemon)
root0.0 0.0 0:11.99 (bufdaemon)
root0.0 0.0 0:11.79 (vnlru)
root0.0 0.0 8:24.99 (syncer)
root0.0 0.3 0:39.22 /usr/bin/perl
bind0.0 1.6 39:49.58/usr/local/sbin/named
root0.0 0.3 1:13.24 sendmail:
root0.0 9.4 0:03.92 /usr/bin/spamd
root0.0 0.5 0:00.01 sendmail:
root0.0 0.5 0:00.01 sendmail:
root0.0 0.5 0:00.01 sendmail:
root0.0 0.6 0:00.03 sendmail:
root0.0 0.5 0:00.01 /usr/bin/spamc
root0.0 0.6 0:00.01 sendmail:
root0.0 0.0 0:00.12 (swapper)
root0.0 0.0 0:25.62 /sbin/init
(non-relevant processes snipped - sshd/csh/sh etc).
Notice the spamd load? This looks a little high to me. But our spam
rules are huge (the normal rules that come with Spamassassin + 1168
custom rules). Those custom rules round out to 3504 lines of
RULE/DESCRIPTION/SCORE. so relatively large. FWIW we're running
spamassassin 2.55.
I can send anything that might shed more light on the problem
(sendmail.cf exerpts etc)just let me know :-)
Observations from your stats:
1. Over 6Gb of data, 10,000+ of emails, and 50+ emails/minute during
peak hours.
2. Two instances of /usr/bin/spamd with 78.1/14.7 CPU/MEM on
one and 0.0/9.4 CPU/MEM on the second. One instance of
/usr/bin/spamc is 0.0/0.5 CPU/MEM.
3. Five instances of sendmail with not one exceeding 0.0/0.6
CPU/MEM.
4. Swapper with almost not activity.
Comments
1. It appears that your system is processing at an average and
sustained rate of 30Mb per minute. This is quite good throughput.
2. I can see that /usr/bin/spamd is not multi-threading nicely as
one instance is extremely active and aggressive whilst the
second instance is not processing anything although it is
concurrently loaded in memory.
3. Sendmail MTA which you have identified to replace are
not actually chewing up too much resources as indicated by
five idle processes.
4. Physical memory is sufficient as indicated by the Swapper
process having done almost nothing.
5. In view of the above, I would suggest that Computing
Power is less than adequate for the amount of work that you
have at this moment and it is not so much your current
mail and accessories software that are directly the cause
for this inadequacy.
6. In view of the above, I would suggest further that there
are two ways to resolve your situation, namely:
a. Increase the CPU power of your box even whilst you
contemplate replacing or re-arranging your software.
This is the simplest and straight forward solution as
you know.
b. The other solution is, to use your Network as your
Computer. By this, I mean use two or several computers
connected by a networking technology such as TCP/IP
to provide computer processing to do a job. This is
especially useful for applications like Email Services
as it gives you flexibility and scalability as you go upwards
or downwards with your load. You can add or remove
computer/computers in your Network Computer
depending on your requirements. There is little that you
have to change in your network except for the
re-arrangement of your BIND configuration specifically
your MX records.
With your stats, it might also help if you have a look at
your vmstat, like
vmstat -n 30
I hope you will be able to alleviate your problems
quickly and in the process have some fun.
http://www.acay.com.au/~oscarp/disclaimer.html
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Opinions sought: Exim vs Sendmail
From: Oscar Plameras [EMAIL PROTECTED]
Here's the pertinent details for the system concerned:
# ps aux | awk '{print $1 \t $3 \t $4 \t $10 \t $11}'
USER%CPU%MEMTIMECOMMAND
nobody 78.114.70:11.69 /usr/bin/spamd
root0.0 0.0 0:28.50 (pagedaemon)
root0.0 0.0 0:05.64 (vmdaemon)
root0.0 0.0 0:11.99 (bufdaemon)
root0.0 0.0 0:11.79 (vnlru)
root0.0 0.0 8:24.99 (syncer)
root0.0 0.3 0:39.22 /usr/bin/perl
bind0.0 1.6 39:49.58/usr/local/sbin/named
root0.0 0.3 1:13.24 sendmail:
root0.0 9.4 0:03.92 /usr/bin/spamd
root0.0 0.5 0:00.01 sendmail:
root0.0 0.5 0:00.01 sendmail:
root0.0 0.5 0:00.01 sendmail:
root0.0 0.6 0:00.03 sendmail:
root0.0 0.5 0:00.01 /usr/bin/spamc
root0.0 0.6 0:00.01 sendmail:
root0.0 0.0 0:00.12 (swapper)
root0.0 0.0 0:25.62 /sbin/init
It is also a good idea to take the /usr/local/sbin/named
away to another FreeBSD/Linux box. DNS lookups is
always a slow process and queues other processes
particularly during Internet peak hours.
Because the box is mainly Email services, and not
transaction type application such as financial databases, it
will help alleviate processing bottle neck by increasing
the time between disc sync'ing as done by the (syncer)
process.
http://www.acay.com.au/~oscarp/disclaimer.html
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Strange email attempt
From: Simon Bryan [EMAIL PROTECTED] Hi all, logwatch reports the information below for email I understand most of them because they are misspelling of usernames however the second one is ocurring daily (always on my username) and it has me intrigued. Does anyone know if this is something I should be concerned about. Unknown users: [EMAIL PROTECTED]: 72 Times(s) [EMAIL PROTECTED]: 1 Times(s) If this particular address appears every day, the next item to ascertain is, if it occurs at the same time. If it is, it may be worth checking your crontab and/or cron.daily and check what daemons are initiated and the notification addresses for these daemons. http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] exchange migration pointers?
- Original Message - From: Sonia Hamilton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 20, 2003 10:22 AM Subject: [SLUG] exchange migration pointers? My work is going through a painful multi-site MS Exchange migration at the moment, and me being the Linux person, I said 'why don't you use Linux - less $$ on hardware, more reliable, easier to manage, etc'. But then I realised I wouldn't know how to do the stuff on Linux that can be done on Exchange... ;-) I'm quite comfortable setting up a Linux (postfix) mail server for a single site, with spam and virus scanning, IMAP access, iptables firewalling, etc, but how would I do the following? * setup my mail servers so that mail for users at different sites (Sydney, Melbourne say) gets routed to the correct sites? I could use different domains ([EMAIL PROTECTED] and [EMAIL PROTECTED]), but that's messy.. * have a multi-site email address book? I imagine something with LDAP; what client app would I use? * have multi-site calendaring? I know I can do things with Ximian Evolution for individual users, but multi-user multi site... This isn't a 'help me now' email ;-) - I'm just interested in any pointers people have, things I could investigate further, ... This site may provide some tips. http://www.unixwiz.net/techtips/postfix-exchange-users.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Secondary MX record - To have or not
The most important reason for having a second, etc MX record is, When the primary mail server is down, incoming mail will not bounce in the meanwhile. So, when the faulty mail server is up the seconday server may immediately drain the queued messages to the mail server or servers without any users noticing the lack of service. Perhaps, only delayed delivery. For this reason secondary MX are imperative. Better if you have more depending on the number of mail clients. From my experience optimum is, up to 500 users- 2 MX up to 1000 users- 3 MX up to 3000 users- 4 MX up to 8000 users- 5 MX up to 15000 users- 6 MX .. .. up to 6 users- 10 MX From: Matt Hyne [EMAIL PROTECTED] Folks, A little Linux unrelated (but I suppose it is since I am using a Linux server) but I have been having some discussions with a number of vendors around the place regarding secondary MX records. There seems to be two camps here - those that do not believe that they are needed (and thus don't provide them) and those that believe that they are a mandatory part of a redundant mail system. I am sitting on the fence (I can see some merits to both sides of the argument) but I was wondering what the opinion of the sluggers out there is - would you install one and why ? Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Secondary MX record - To have or not
From: Andrew McNaughton [EMAIL PROTECTED] In the event that a remote mail server is not immediately contactable, mail generally just stays on the queue at the sender's end for up to a few days until it can be delivered. So If your mail server is offline for a while then mail's going to get through when your server is back on line unless you're out of action for several days. You will also have bounce messages for mails already in transit. Especially true for messages coming from slow networks. Seconday MX will also handle incoming messages that the primary cannot cope with momentarily due to heavy load in the primary server. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Is this something of Interest ?
This might interest you to know. http://www.nytimes.com/reuters/technology/tech-tech-linux.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Is this something of Interest ?
You may register it is free. You have the choice. So, don't worry too much ! On Wed, 18 Jun 2003, Oscar Plameras wrote: http://www.nytimes.com/reuters/technology/tech-tech-linux.html There's no point in posting things from the NYTimes, because it requires registration to get in. If it's really important, at least post some sort of prece so we can decide whether to waste time registering or not. -- --- #include disclaimer.h Matthew Palmer, Geek In Residence http://ieee.uow.edu.au/~mjp16 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Is this something of Interest ?
From: Tony Green [EMAIL PROTECTED] On Wed, 2003-06-18 at 10:18, Oscar Plameras wrote: You may register it is free. I think the point which Matthew was making was that it would be nice to mention what the article is about. That way they could decide for themselves if it is worth registering for or not, it's just good netiquette. The article is about Linus Torvalds joining as a fellow at OSDL an Organization supported by IBM, HP, Sun, CA, Fujitsu, Hitachi, Intel, etc. leaving his current job at Transmeta on indefinite leave. What is interesting to me is taht the announcement comes a day after SCO has said it revoked IBM's right to use and distribute software based on Unix. Incidentally, I do not agree that it is more ethical or less ethical to provide an info link with or without a brief. It is one of those many choices that we have to make everyday. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Is this something of Interest ?
From: Michael Lake [EMAIL PROTECTED] Oscar Plameras wrote: You may register it is free. You have the choice. So, don't worry too much ! You have to supply your e-mail address, demographic information (country, zip code, age, sex; household income, industry, job title, job function, and must agree to the terms of their Subscriber Agreement. I wonder Oscar, have you actually read their Subscriber Agreement ? Its at the very bottom of the page in smaller font where you click submit. Come on Oscar fess up, you didnt read it did you :-) I have read the agreement actually. I trust NYTimes. They are a known quantity. I have made a personal decision not to subscribe to any of these places that request such information and I suggest that ppl do read those agreements. What happens if the place files for Chap 11 in the States; who will then buy the company; what will they do with your information? It happens. I can get all the news I want from 'freeer' sources. This is the good thing about the internet. It offers you alternative choices. Also just a short paragraph included from the article would help sluggers here to decide if they wanted to click on it - especially if they are on a dialup from home. These news sites are notorious for bandwidth sucking. Again, my policy is not to color the info that is available with my own interpretation and so it is 'telling it as it is' policy. You make your own judgement about news sites and I will not criticise you for that but I do not unless I am certain. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Is this something of Interest ? - flame time! ;)
From: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote on 18-06-2003 10:57:32 AM: On Wed, Jun 18, 2003 at 10:18:29AM +1000, Oscar Plameras wrote: --snip-- But not an informed choice. For all we know it could be something obscure. Links without comment will have one of four effects on people: 1) Click on the link, register, XYZ is good. (+1 oscar rules) 2) Why is this Oscar guy posting links without commenrts ? (delete, +2 ignore oscar posts) 3) Click on the link, register, don't care about XYZ (+ 10 ignore oscar posts and/or flame) 4) See that the link is nytimes, don't bother but find out later that it would have been nice to know earlier (+1 oscar sux) No Flames, but I would give oscar +10 ignore on the scale above as it is posted on /. (www.slashdot.org) with no registration needed. If went through the pain of registering with NYTimes and subsequently get their monthly newsletters (Or whatever crap is sent weekly/monthly to subscribers), because of a subject I am already educated on, I would be very unhappy. No Offence Oscar. No, I don't. Thank you. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Is this something of Interest ?
From: Colin Humphreys [EMAIL PROTECTED] On Wed, Jun 18, 2003 at 11:05:11AM +1000, Michael Lake wrote: Also just a short paragraph included from the article would help sluggers here to decide if they wanted to click on it - especially if they are on a dialup from home. These news sites are notorious for bandwidth sucking. The title and a short paragraph is usually enough to quickly find a link from news.google.com to the article that doesn't require registering. (Or somewhere else that has the same article, I see according to the url, that this has a reuters source, so is probably available in quite a few places) -- Simple idea but truly brilliant. I learn one more trick today. Thanks. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Is this something of Interest ?
From: Matthew Palmer [EMAIL PROTECTED] I'm well aware I have the choice. I'm just letting you know that posting URLs that can't be viewed without jumping through hoops is largely useless - a waste of your time, and the bandwidth of SLUG and every subscriber. The few people who are already subscribed are more likely to be reading the article anyway, and so will know about it, and with nothing more than a URL to go on, why should the rest of us put our jumping boots on? I cannot decide for you whether you should put up with it or not. This is precisely what I am avoiding. Making decisions for other people. Again, this is the good thing about the internet. You make your own choice and you make your own devices and I cannot decide for you one way or the other. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: Building kernels with GCC 3.3 WAS Re: [SLUG] GCC debian question
Hi Simon, I have RH8.0, source linux-2.4.21, and gcc3.3. I installed gcc3.3 lib at '/usr/local/lib/gcc-lib'. In the beginning, when I build linux I got the same error as you have. So, I renamed '/usr/lib/gcc-lib' which was for gcc3.2 to something else. I symbolic link '/usr/local/lib/gcc-lib' as '/usr/lib/gcc-lib' and rebuild. Everything worked fine. I hope with this info you will be able to progress with your build. I pasted the last bit of my compiler message as follows. snipped ... gcc -D__ASSEMBLY__ -D__KERNEL__ -I/home4/src/linux-2.4.21/include -tradition al -c head.S gcc -D__KERNEL__ -I/home4/src/linux-2.4.21/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -p ipe -mpreferred-stack-boundary=2 -march=i686 -DKBUILD_BASENAME=misc -c misc.c ld -m elf_i386 -Ttext 0x10 -e startup_32 -o bvmlinux head.o misc.o piggy.o make[2]: Leaving directory `/home4/src/linux-2.4.21/arch/i386/boot/compressed' gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -o tools/build tools/build.c -I/home4/src/linux-2.4.21/include objcopy -O binary -R .note -R .comment -S compressed/bvmlinux compressed/bvmlinux.out tools/build -b bbootsect bsetup compressed/bvmlinux.out CURRENT bzImage Root device is (3, 1) Boot sector 512 bytes. Setup is 2515 bytes. System is 1116 kB warning: kernel is too big for standalone boot from floppy make[1]: Leaving directory `/home4/src/linux-2.4.21/arch/i386/boot' [EMAIL PROTECTED] linux-2.4.21]# On Wed, 2003-06-11 at 22:45, Lester Cheung wrote: I believe that the top level makefile set CC to gcc explictly. /usr/src/kernel-source-2.4.20/Makefile: 30 CC = $(CROSS_COMPILE)gcc Is anyone having problems building the kernel with gcc-3.3? My previously compilable kernel 2.4.19 (using gcc 2.95.4) is no longer buildable under gcc 3.3. The first error I get is for the IDE cd-rom module: gcc -D__KERNEL__ -I/usr/src/kernel-source-2.4.19/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i686 -nostdinc -I /usr/lib/gcc-lib/i386-linux/3.3/include -DKBUILD_BASENAME=ide_cd -c -o ide-cd.o ide-cd.c In file included from ide-cd.c:318: ide-cd.h:440: error: long, short, signed or unsigned used invalidly for `slot_tablelen' make[4]: *** [ide-cd.o] Error 1 make[4]: Leaving directory `/usr/src/kernel-source-2.4.19/drivers/ide' make[3]: *** [first_rule] Error 2 make[3]: Leaving directory `/usr/src/kernel-source-2.4.19/drivers/ide' make[2]: *** [_subdir_ide] Error 2 make[2]: Leaving directory `/usr/src/kernel-source-2.4.19/drivers' make[1]: *** [_dir_drivers] Error 2 make[1]: Leaving directory `/usr/src/kernel-source-2.4.19' make: *** [stamp-build] Error 2 Seems funny. I tried setting CC=/usr/bin/gcc-2.95 but same problem. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Postfix - Relaying Denied
From: Tony Green [EMAIL PROTECTED] SMTP auth would be the right solution here. A uname/pw combo tells the MTA to allow relaying for that connection. I don't know how to do it with postfix, but with sendmail you need sasl. SASL will also do the job on postfix. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Network
Hopefully encrypted there is an organisation in Western Sydney that uses wireless networking without encryption. They are a distribution centre. Would hate to see someone get to their databases and screw up their inventory. I would use Public Networks like the Internet on a secured line only. This is always assumed. 'Trust no one' is my rule on Public Networks. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Network
Campus computing? Think 'WIRELESS' now ! From: Phil Scarratt [EMAIL PROTECTED] To the network guru's out there I am working at a school that is currently expanding. There are some new buildings being added to the campus (almost finished) that are now being wired. The question is what is the best way to wire to an existing network, considering the following: 1. The main existing building (call it the library) houses 3 network switches, along with 2 servers (firewall and other) and the adsl connection. In this building there is also 1 lab (15 machines) and 15 library machines on the network. A few admin computers and links from staff rooms in other buildings also come here - nothing else major though. 2. The new building will house the lab (will be moved). Library machines will stay put. The lab being in the new building will mean that there will be fairly heavy traffic through to the library server. 3. ADSL connection is not likely to move. I am thinking of mounting a secondary switch(s) in the new building, with an uplink to the existing network, however, what sort of uplink should it be: 1. Is it worth putting fibre in? 2. What does it take to make a gigabit network instead of 100Mbit? 3. Any other suggestions? TIA Fil -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] On the Rosy Future of LINUX
On the rosy future of Linux, this might interest, http://www.marketwatch.com/news/yhoo/story.asp?source=blq/yhoositeid=yhoodist=yhooguid=%7B28239171%2D6590%2D47D3%2D8DCD%2D2195590DB09D%7D http://www.thestreet.com/_yahoo/tech/billsnyder/10091808.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] WInbind and getent
From: Simon Bryan [EMAIL PROTECTED] Hi all, As one of the final steps of my project I need to get winbind running on my LTS server. I have installed and configure Samba and Winbind in exactly the same way as on a full workstation (which works fine) - however even though wbinfo gives all the right answers: wbinfo -t secret is good wbinfo -a can authenticate plain text and ntlm wbinfo -u all domain users displayed wbinfo -g all domain groups displayed I have added winbind to the passwd and group line in nsswitch.conf I have copied libnss_winbind.so to /lib and made a soft link to .2 and .1 I have copied pam_winbind.so to /lib/security I have modified /etc/pam.d/login as on my workstation Yet, getent stubbornly only shows the local users and groups so i can't login / su with a domain username / password as I can on the workstation. The server is running RH7.2 and Samba is 2.2.8a I am obviously missing something obvious, any clues appreciated. What does your, # cat /var/log/authd.log say ? And check your, # cat /var/log/messages. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] home server on adsl; advice
From: Minh Van Le [EMAIL PROTECTED] This the topology I have in mind for my network. (Maybe minus Firewall 3 and Firwall 4). Is there something wrong with it ? Should I design efficient and optimum security I start by defining what I want to achieve with my security. I may do this with a check-list. My sample check-list looks like as follows: 1. My 'LAN': 1.1.Do I want all my LAN users to accesss out into the Internet ? 1.2 Do I want only some LAN users to access out into the Internet ? 1.3 Do I want none of LAN users to access out into the Internet ? 1.4 Do I want all of the Internet users to access your LAN ? 1.5 Do I want only some of the Internet users to access your LAN ? 1.6 Do I want none of the Internet users to access your LAN ? 2. My 'MAIL' .. 3. My 'FTP' . 4. My 'WWW' . Of course, my check-list may be expanded to cope with various exceptions and all sorts of special cases. The simplicity of the design depends on what I want to achieve. In its simplest form, I probably want all my users to access all of the Internet Services outside my network, but no one from outside to access my Services(mail, ftp, www) and my network. In this case, I will have only one 'Firewall' between my network and the Internet. The other extreme side is allow all my users to access all of the Internet and allow all of the Internet users to access all of my network. This one is extremely difficult and there is no simple solution. Then, there is this in-between depending on the check-list that I mentioned. The resulting topology will vary and there is no single best topology but there is an optimum topology. To evaluate what is optimum is to have a reporting system with my 'Firewall', like, number of accesses, what services were accessed, what domains were accessed, where from the access were made, date and time of access, file sizes of ftps, etc. This means my Firewall must have software to record these activities. I would used FWTK firewall toolkit if I wish to assemble my own and because it is available at no cost from the internet. It is somewhat a challenge to assemble this toolkit. Perhaps I may write or rewrite a bit of the modules here and there to suit my purpose. It is written in c-language. As usual there are a number of contributions to this toolkit. Of course there are several commercial firewall software in the market if I do not wish to go through the hassle myself. +-+ | I N T E R N E T | +-+ | +--+ | ADSL Router / Firewall 1 | +--+ | +--+ |Firewall 2| +--+ | | +---+ ++ | | ++ ++ | Firewall 3 | | Firewall 4 | ++ ++ | | --- --- / Eth Switch 1 // Eth Switch 2 / --- --- | | | | | | | +---+ | | +---+ | | +---+ | | | | | | ++ ++ +--+ +-+ | FTP Server | | WEB Server | | Email Server | | LAN | ++ ++ +--+ +-+ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] X-Windows lag
From: Alex Balayan [EMAIL PROTECTED] Hi all, Recently I had the pleasure of installing the Slackware 9.0 on my IBM ThinkPad 600E (128Meg/RAM). Kernel 2.4.20 running XFree86 4.3.0. It seems X-Windows starts to run really slow when I use Mozilla. Allot of lag. TOP shows X and mozilla-bin processes peaking. Any ideas on what might be causing this ? Is there was way to tweak X-Windows ? am I better off using another browser ? Infact, it seems that most applications using gtk etc slow X down. Can someone shed some light on these issues ? Thanks in advance. Perhaps, if you run, ps -axu- look for unnecessary processes netstat -v - look for open ports that you don't need and disable them. route -e - check your route. Ensure you have all covered. Mozilla tries to access the default web site, perhaps, assuming you are connected to the Net ? vmstat -n 5 -check your SWAP and CPU activities. You have not allocated optimum SWAP space ? 2x Memory size is generally optimum. with and without X running then compare the outputs. You will get some understanding of what's going on with your system. Hard to tell without specific and relevant information from where I stand. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Apache Error
From: El 4Love [EMAIL PROTECTED] To: Sydney LUG [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 1:11 PM Subject: [SLUG] Apache Error Hi All, I configured an apache seerver in an intranet, and the server works, but it is terribly slow to requests. For every request I get this error messages in the ssl_error_log, but I don't really use any ssl features. Can anyone help me please? [Wed Jun 04 11:07:03 2003] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 04 11:07:03 2003] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Wed Jun 04 11:07:04 2003] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 04 11:07:04 2003] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? Put your server's yourFQDN on to, $YOURPATH/apache/conf/httpd.conf ServerName yourFQDN Shutdown your Apache Server and start with, $YOURPATH/apache/bin/apachectl start Your start script may have started with, $YOURPATH/apache/bin/apachectl startssl Have fun. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Apache Error
From: El 4Love [EMAIL PROTECTED] To: Oscar Plameras [EMAIL PROTECTED] Cc: Sydney LUG [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 2:29 PM Subject: Re: [SLUG] Apache Error The FQDN was already in place with the ServerName directive. I tried staring it directly, apachectl start. Still no joy. Got the same error lot with ssl_error_log. Could it be due to any problems in the /etc/hosts file? It cannot be /etc/hosts file. You said you have set the correct FQDN. If you started with apachectl start, it is not apache that is causing to generate ssl_error logs. It is another application. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Re: SMTP AUTH
From: Sychev Maxim [EMAIL PROTECTED] I use postfix 2.0.10, cyrus-sasl 2.1.13 I set up SMTP AUTH using saslauthd -a pam. Everything works fine, except a bothering warning in syslog stating that database file /var/sasl/sasldb can not be found. Your sasl library tries first the available auxprop methods (sasldb is one of them) before using saslauthd. And how to tell it to use saslauthd only? Authentification in Cyrus-imap 2.1.13 with the same saslauthd -a pam does not produce this type of warnings. With your command, # saslauthd -a pam you already told the client application like your postfix not to use the sasldb database. Incidentally, is it not that your sasldb database should be in, /etc/sasldb2 ? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] RE: SMTP AUTH
From: Oscar Plameras And how to tell it to use saslauthd( and not sasldb)only? The command, # saslauthd -a pam CYRUS-SASL already told the client application like postfix(smtp) or CYRUS-IMAP not to use the sasldb database. # saslauthd -a sasldb tells client application to use sasldb. But I will not use 'saslauthd -a sasldb'. I use the previous format because of the flexibility and security that it provides. With this format I configure the file /etc/pam.d/imap for example for my CYRUS-IMAP to be authenticated either by Linux shadow password or by MySQL database. Because I use PLAIN text method of authentication I install TLS/SSL on POSTFIX to secure transactions. With this installation I achieve two objectives, I control SMTP by AUTH, and I secure data passing between networks as far as these application are concerned. This is my understanding. I am new to CYRUS-SASL and would appreciate comments if there is any problem with this understanding. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] setting up a RH8 AMP server, how much RAM, HD partition
You have a large disk storage to leave it up to default installation process to decide for you the partitioning, allocation, and configuration of of your disk and location of your software. If it is up to me I will choose custom for install. In this way you can plan to locate your application software and databases in a way that even if you have to reinstall or upgrade Linux on this same system you ease the hardship and stress of sorting out the oates from the straws. With such a large storage space I would choose custom in installation process and would control myself the partitioning of the drive and choose where to put my application software like Apache, PHP, MySQL, etc. away from file systems directories that branches out from the standard Linux trees. Then, to conform back to standards in locating application and utility software I would merely link symbolic these application and databases files. For example, with Apache, we all know that in Linux, the standard location for locating application software and databases is '/usr/local/apache'. For me I will locate my Apache software and databases in '/appl/apache' or '/home/apache' or anything away from '/usr/local'. Then, assuming I choose '/appl/apache', I will do, ln -s /appl/apache /usr/local/apache echo /appl/apache/lib /etc/ld.so.config ldconfig. In general, I would also do the same to any application software after I install. Caution: Some software requires special ld.so.config. Now, for disk partitioning, because the aim is to leave the file systems inside the Linux trees virtually unchanged apart from the admin files, systems, and application log files, I allocate an optimum size to my file systems in the linux trees. So, for my 20GB my partition will be, / 1GB (may be less) swap 512MB(About x2.0 of Physical Memory. A very large swap space like 2GB swap vs 256MB mem may slow down your system. This is from my experience, for what reason I do not know). /usr1GB /appl 16GB (Depending on size of Databases) /home1.5GB Now if I need to reinstall or upgrade Linux I copy the directory '/etc/' and leave my '/appl' and '/home' without building 'newfs' over it. I just modify or build newfs on '/', 'swap', and '/usr'. From: Voytek Eymont [EMAIL PROTECTED] I'm setting up RH8 with Apache 1.3x, MySQL, PHP as well as BIND, POP/SMTP server and whatever else it will need as an Internet server, it has Cel900, 20GB IDE, 256RAM it will run in character mode only how should I split the 20GB IDE ? swap partion size ? what RAM do you guys suggest, 256 or more ? (before I hear suggestions of 1GB or more, pls keep in mind, the current server is P2-300 with 64MB and 4GB SCSI running OS/2, and, is more than adequate in all aspects) -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] setting up a RH8 AMP server, how much RAM, HD partition
From: Oscar Plameras [EMAIL PROTECTED] I will do, ln -s /appl/apache /usr/local/apache I will add this, ln -s /appl/apache/include /usr/local/apache/include echo /appl/apache/lib /etc/ld.so.config ldconfig. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Partitioning Question
From: Adam W [EMAIL PROTECTED] I have always wondered why the default installation of mandrake or other distro's, partitions your drive into all these different partitions, if you choose the auto allocate feature. For example, different partitions for /home and /var and / I have always just used the one partition for everything - at what stage does the partitioning of the drive start to matter?? Assuming we install everything using default areas, within Linux file trees application and utility programs are installed in /usr/local; admin files are in /etc/; and databases and logs are in /var. Individual user files are in /home. Indeed, the sub-trees that change most are /home, /var/, /usr/local, and /etc. So, in re-installing or upgrading we save /home, /var and /etc/. For /usr/local we re-install application software and utility tools after re-installing OS. Re-install or upgrade overwrites our above partitions except /home if we choose to. So, it will save us time if we manage our partitioning so that we do not have to re-install application software and rebuild databases when we re-install or upgrade OS. In my case because I do not wish to lose time and effort whenever I re-install or upgrade, I always have one or two '/appl1', '/appl2', etc. In this way too, I have structured data storages and avoid losing info. Partitioning matters (1) when you acquire software and generate data on your disk that you wish to retain for sometime in the future; (2) when you install Linux as a workstation as against installing it as a server; (3) when you install more than one disk drive on your server; and (4) for other reasons, like using raid partitions. The most common dilemma confronting partitioning decisions is dealing with (1), (2), and (3) above for small users or organisation. For large organisations issues dealing with some or all of them is always a challenge. Whether your organisation is large or small the objective is to partition so that you save plenty of hassles for yourself whenever you need to upgrade your OS or software. You are also partitioning so you do not run out of space for a period in the future say like one year for a workstation and two years for a server. The workstation and server disk requirements vary. The numbers are of course arbitrary depending on your resources and requirements. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
