I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows:
/etc/hosts.allow
sendmail : 10.0.0.0/255.0.0.0
sendmail : LOCAL
/etc/hosts.deny
sendmail : ALL
When I try to connect to port 25 from an Internet host via telnet, the
server still responds as usual. The only difference I
$ ldd /usr/sbin/sendmail.sendmail | grep wrap
libwrap.so.0 = /usr/lib/libwrap.so.0 (0x00319000)
tcp_wrappers never sees the connection directly. sendmail handles it
from start to end.
Thanks for this info. I will set up an iptables rule to block this access.
I'm confused. I'd expect the above symbol listing to show that sendmail is
in fact using the libwrap library and it should be doing what the allow/deny
files say.
Regardless, the simple way to tell sendmail what you want to permit is to
use the /usr/mail/access file.
My goal was to block
Is there a way to force rsync to set a specific owner and group on
destination files? I have managed to get the permissions set up the
way I want, but the owner and group are still defaulting to a numeric
id instead of the correct owner and group. I suppose I could add a
manual chown -R
Do your user and group names on both your source and destination
systems have matching numeric values?
No. The source system is a Windows machine running cygwin-rsyncd.
Linux/UNIX systems carry the numeric values and look up the text
values in /etc/passwd and /etc/group for display. If
What rsync options are you using? rsync has options to preserve owner
and group, if you exclude those options, then won't the files assume
the user and group of the user account on the destination machine? I
haven't tested this, but it looks good on paper.
Currently the script runs as root,
How about setting up a cron to monitor it and auto restart if it's not
responding?
wget -q --timeout=30 http://localhost:8008/ -O /dev/null || (command to
restart jserv)
I tried pulling up port 8008 in a web browser, but it doesn't work
quite like that. Apache is configured with mod_jserv
Check
http://support.hyperic.com/confluence/display/hypcomm/HyperForge/#HyperFORGE-pluginforge
for existing plugins.
Perhaps what you want can be done with a JMX plugin ?
Hyperic looks interesting, but anytime someone claims Zero-Touch
Systems Management I have to raise a skeptical eyebrow.
Sounds similar to the mod_jk connector in apache to connect to
tomcat. When I had to deal with this I setup a dedicated apache
instance on each system running tomcat whose sole purpose for
existence was for testing that connector.
So say setup an apache instance on another port, and have it
Sounds similar to the mod_jk connector in apache to connect to
tomcat. When I had to deal with this I setup a dedicated apache
instance on each system running tomcat whose sole purpose for
existence was for testing that connector.
We have decided to take this tactic and set up a dedicated
[EMAIL PROTECTED]:~/ApacheJServ-1.1.2]$ ./configure
--with-jdk-home=/usr/local/mercury/Sun/jdk1.5.0_01
--with-JSDK=/usr/local/mercury/Sun/JSDK2.0/lib/jsdk.jar
--with-apache-src=/usr/include/httpd/
If I run the configure command without --with-apache-src here is what I get:
configure: error:
This seems to indicate that it wants the apache header files, which
are installed in /usr/include/httpd. Anyway if someone has an idea
how I can get a working mod_jserv module for CentOS3 let me know.
Ok, so after doing some more reading it appears that you can simply
build the mod_jserv.so
mod_jserv is really old, are you sure it can be compiled against apache
2?
If you need a jk connector, use mod_jk. You can find the source rpm in
the RHWAS repository (I didn't check if CentOS has a binary version
somewhere).
ciao
ad
Hi Andrea, thanks for your reply. I know mod_jserv is
Hi Andrea, thanks for your reply. I know mod_jserv is ancient, but we
have to support it because it's still being used on production
machines. Will mod_jk connect in the same way that mod_jserv does?
I have mod_jk module properly loaded now, how would I duplicate this
function of jserv with
I have mod_jk module properly loaded now, how would I duplicate this
function of jserv with mod_jk?
IfModule mod_jserv.c
ApJServMount /servlets ajpv12://servername.com:8008/root
ApjServAction .html /servlets/gnujsp
/IfModule
I should add that servername.com is localhost, so this
I found this on the mod_jk howto from the apache site:
*
For example the following directives will send all requests ending in
.jsp or beginning with /servlet to the ajp13 worker, but jsp
requests to files located in /otherworker will go to remoteworker.
JkMount /*.jsp
Andrea thank you again for your help. I think I have almost got this
set up right. I copied your workers.properties file and the
appropriate entries from mod_jk.conf and now I can connect, but get a
400 error. I only have the default Apache site configured on this
box, and my mod_jk.conf file
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
I'm not too famillar with those JkOptions but looking at my old
mod_jk configs I have no JkOptions defined, try removing them and
see if anything changes? My old configs were ajp13, so perhaps
they might be needed with ajp12,
I guess what I'm not clear on is how you replace mod_jserv's configuration:
ApJServMount /servlets ajpv12://host.domain.com:8008/root
with the equivalent version using JkMount.
On the old server running mod_jserv our configuration looks like this:
IfModule mod_jserv.c
Might it be
JkMount /*.html ajp12
assuming ajp12 is the name of your worker in worker.properties
Yea, I tried that and even just a simple wildcard like this:
JkMount /* ajp12
but no dice. If I can't solve this then I may have to just install
apache 1.3 everywhere to
This is a bit naive and childish:
how terribly shocking...I suggest also blocking China, 'cause they're
commies, and France because they eat frogs
The OP is not discriminating against Africa because of government systems,
skin color, or diet. He is trying to reduce lost revenue, credit card
Ever heard of the Western Union scam?
Yes, it usually goes something like this:
Scammer emails an online business asking if he can over-pay you with a
check. The check looks just like any other business check and is often
printed with the name of a real bank. The scammer then asks you to
This awk command pulls URLs from an apache config file, where $x is
the config filename.
awk '/:8008\/root/ {printf $3 \t}' $x
The URL that is output by the script looks something like this:
ajpv12://hostname.network.company.com:8008/root
Is there a way to alter the output so it only shows
The URL that is output by the script looks something like this:
ajpv12://hostname.network.company.com:8008/root
Is there a way to alter the output so it only shows hostname by
itself? Do I need to pipe this through awk again to clean it up?
awk '/:8008\/root/ {printf $3 \t}' $x | sed
The awk output that was piped into to the sed command looks like this:
ajpv12://host1.domain.company.com:8008/root
ajpv12://host2.domain.company.com:8008/root
ajpv12://host3.domain.company.com:8008/root
___
CentOS mailing list
CentOS@centos.org
those are supposed to be tab-separated urls, all on one line.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
If 'ajpv12://' and ':8008/root' are always going to be the same:
awk '/:8008\/root/ {printf $3 \t}' $x | sed 's/ajpv12:\/\///g' | sed
's/:8008\/root//g'
If these change then your going to need either a more complex awk,
or more complex sed expression.
-Ross
Marvelous. Thanks for taking
I'm attempting to block access to port 53 from internet hosts for an
internal server. This device is behind a gateway router so all
traffic appears to come from source ip 10.100.1.1. Here are my
(non-working) iptables rules:
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
[ OK ]
FATAL: Module off not found.
CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support
Try looking inside /etc/modprobe.conf for these lines:
alias net-pf-10
I've used the guide on mantic.org before, worked well for me:
http://www.mantic.org/wiki/Installing_BackupPC
We use BackupPC extensively where I work, once you get it settled down
and in a steady state it is invaluable.
___
CentOS mailing list
Yep. They are there. So what is the 'proper' method to get them out (other
than using VI and deleteing the lines?)?
I would comment them out and add another comment like this:
# Un-comment these to disable ipv6
#alias net-pf-10 off
#alias ipv6 off
You will need to reboot the server to enable
Are you running tcpdump on the same machine that is doing the filtering?
You do realize that tcpdump sees the packets as they come from the
interface and before they are passed to the filter rules, right?
I had forgotten this important piece of information. Thank you for
pointing this out.
I would like to block all DNS queries that come from one particular ip
address. I used TCPdump to verify that the queries were in fact,
coming from this IP:
[EMAIL PROTECTED]:~]$ sudo tcpdump -n udp port 53 and src 10.100.1.1
tcpdump: listening on eth0
11:12:17.162100 10.100.1.1.19233
On Tue, Jul 15, 2008 at 11:55 AM, nate [EMAIL PROTECTED] wrote:
Sean Carolan wrote:
What is confusing me is why my iptables rule is not working correctly.
TCPdump shows that the source is correct. Any ideas?
try blocking tcp as well, most name servers listen on both tcp and
udp.
I do
I do have a rule for blocking TCP, forgot to mention that. You can
see from my tcpdump output above that the inbound packet is UDP
though. I wonder why iptables doesn't block it even with this rule?
The really strange part about this is, if I remove the ACCEPT rules
that are further down in
Strange...your rule seems ok to me. Try with DROP instead of REJECT ?
Nice! it works :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On Tue, Jul 15, 2008 at 1:43 PM, nate [EMAIL PROTECTED] wrote:
Sean Carolan wrote:
I do have a rule for blocking TCP, forgot to mention that. You can
see from my tcpdump output above that the inbound packet is UDP
though. I wonder why iptables doesn't block it even with this rule?
Try
I would like to use swatch to tail a log file for PageTurnEvent, and
if this is not seen in the past 15 minutes then a restart script
should be run.
Does anyone know if this is possible with the swatch program?
___
CentOS mailing list
CentOS@centos.org
Does anyone know if this is possible with the swatch program?
I don't see how as swatch is looking for things that happen, not
those that don't.
I figured as much. Before I go and write my own, are there any
general purpose utilities that can simply monitor a log file for
inactivity? In
Can anyone help make sense of this? This is an ext3 partition. It's
only showing 403GB out of 426GB used, but then it says only 632MB
available? Where'd the extra ~25GB go?
[EMAIL PROTECTED] df -H /disks/vrac5
Filesystem Size Used Avail Use% Mounted on
/dev/sdb2
/dev/sda is the virtual disk as it appears to CentOS as I can access it
with hdparm.
Do I need to use another device for the RAID array (which?) or is it
impossible to smart monitor thru a RAID controller?
You probably will want to install the HP Proliant Support Pack as it will
include the
IMO, this is easier to setup than selinux, *may* meet all your needs and
will not be affected by upgrades.
I would agree with this. Try just creating a user with rbash as his login
shell and then sudo /bin/su - username. Poke around and see what you are
able to do, and you'll find out if it
If a disk based archive will work, backuppc (
http://backuppc.sourceforge.net/) is fairly painless and it's scheme of
compression and hardlinking duplicates lets you keep about 10x the history
you'd expect. If you need offsite copies you'll have to run an independent
instance elsewhere or
Is there a flag for the df command to get the total disk space used on
all filesystems as one number? I have a server with a lot of mounted
shares. I'm looking for a simple way to measure rate of data growth
across all shares as one total value.
___
df -kl | awk '/^\/dev\// { avail += $3/1024 } END { printf(%d Mb
used\n,avail)} '
Awesome, this is going into my bag of goodies. Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
I really like gnu screen and use it everyday but there's one thing
that is a bit inconvenient, and that's the odd line wrapping and
terminal size issues that seem to pop up. The problem crops up when I
type or paste a really long command, and then go back and try to edit
it; the text starts to
You wouldn't by any chance be using PuTTY to access the session? If
so, you may need to play around with the terminal settings including
the scroll type so that it displays correctly. I don't recall the
specifics but a similar thing happened to me.
Actually, no I'm using gnome-terminal on
In this case, you might want to conditionally assign some reasonable
value on failure. Say:
tput -T $TERM init /dev/null 21 || export TERM=xterm
'tset -q' is another test which can be used.
The remote host's $TERM variable is in fact xterm. When I connect to
the screen session the
The remote host's $TERM variable is in fact xterm. When I connect to
the screen session the $TERM variable is 'screen'.
Are you running screen locally or remotely?
Remotely. My work machine is a laptop, which is not powered on all
the time. Hence I use a remote box as a jumping-off point,
Can anyone point out reasons why it might be a bad idea to put this
sort of line in your /etc/hosts file, eg, pointing the FQDN at the
loopback address?
127.0.0.1hostname.domain.com hostname localhost localhost.localdomain
___
CentOS mailing list
First, if your host is actually communicating with any kind of ip-based
network, it is quite certain, that 127.0.0.1 simply isn't his IP
address. And, at least for me, that's a fairly good reason.
Indeed. It does seem like a bad idea to have a single host using
loopback, while the rest of the
(Make sure you pick .dummy so as not to interfere with any other DNS.)
In theory you could leave off .dummy, but then you risk hostname being
completed with the search domain in resolv.conf, which creates the
problems already mentioned with putting hostname.domain.com in
/etc/hosts. (I have
Anyone have a script or utility to convert an RTF file to ANSI? The
main idea here is to preserve the color codes that are specified in
the RTF file, so they can be displayed easily in a terminal window.
___
CentOS mailing list
CentOS@centos.org
Anyone know how to get statistics on bonded interfaces? I have a
system that does not use eth0-3, rather we have bond0, bond1, bond2.
The members of each bond are not eth0-3, rather they are eth6, eth7,
etc. I didn't see anything in the man page about forcing sar to
collect data on specific
Anyone know how to get statistics on bonded interfaces? I have a
system that does not use eth0-3, rather we have bond0, bond1, bond2.
The members of each bond are not eth0-3, rather they are eth6, eth7,
etc. I didn't see anything in the man page about forcing sar to
collect data on specific
I have never encountered anything like this before, so thought I'd post here
and see if anyone can help.
We have a java application that sends out notification emails to end-users.
The body of the email is some boilerplate text and HTML that is pulled from
a database. When the emails are
Thanks, gents!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
I have a domain, let's call it example.com. I am able to do zone
transfers on the local host as follows:
dig example.com AXFR @localhost
This command outputs all of the contents of the zone as expected. I
am unable to do zone transfers on my subdomain though:
dig subdomain.example.com AXFR
What am I missing here?
Ok, I was able to sort this one out on my own. I was missing some
periods on my NS records, apparently this was somehow preventing the
transfers. All is good.
___
CentOS mailing list
CentOS@centos.org
I'm having trouble getting the GDM login screen to show up when I
connect from a remote host. I'm using Xming on the local Windows
machine, but every time I connect to the remote server all I get is a
gray window with the X cursor. I have Enable=true in the [xdmcp]
section of
On Wed, Oct 1, 2008 at 6:04 PM, Sean Carolan [EMAIL PROTECTED] wrote:
I'm having trouble getting the GDM login screen to show up when I
connect from a remote host.
I should add to this that I'm able to run X-windows programs on my
local workstation, such as gnome-terminal, xclock, etc. Xming
I should add to this that I'm able to run X-windows programs on my
local workstation, such as gnome-terminal, xclock, etc. Xming opens
them up with no issues whatsoever. It's just that I can't get a gdm
login screen when trying to connect via xdmcp.
If it's any help here is what I see in
A bit more info if it's helpful: I have tried kdm as well and get the
exact same results, gray screen with an X cursor, no login window or
greeter at all.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Set Enable=true under XDMCP section on /usr/share/gdm/defaults.conf
and relogin it will work you out.
I thought about this until I read the directions in the defaults.conf file:
# This file should not be updated by hand. Since GDM 2.13.0.4,
# configuration choices in the
why don't you start with the kernel version and architecture?
- uname -a
This server is running centos 3.9
Linux server.domain.com 2.4.21-57.ELsmp #1 SMP Wed May 7 06:10:55 EDT
2008 i686 i686 i386 GNU/Linux
- /var/log/messages relevant lines?
There was nothing out of the ordinary in
We have an HP DL360 server with dual on-board Tigon3 ethernet cards.
We are using eth0, eth1 is unused at the moment. Sometimes when the
network interface is under heavy load, for example moving large file
transfers over rsync or NFS, the network interface stops working and
we lose all connection
We have an issue with some customers who refuse to accept ICMP traffic
to their mail servers. It seems that they have put Mordac, preventer
of information services in charge of their firewall policy
(http://en.wikipedia.org/wiki/List_of_minor_characters_in_Dilbert#Mordac).
My mail logs are
There was nothing out of the ordinary in /var/log/messages. The
logging just stops after the network card drops offline. dmesg also
shows nothing out of the ordinary when the driver is loaded. The
network card works fine until it is under heavy load.
Since you are running CentOS 3 I am
Thanks for the information. If I understand this correctly, the
client would have to convince the owner of each and every router hop
along the way to disable PMTU discovery if he insists on dropping all
ICMP packets?
And Scott hit the nail on the head with this comment:
Sometimes you can't be
We have several dozen production Linux servers and I would like to
have better control over what files are changed, by whom, when they
were changed, etc. Because these are all production servers that are
in use 24x7, we do not have the luxury of simply doing a clean build,
taking md5sums of each
I have an init script that after running, causes my terminal not to
log out cleanly. Here's what i mean:
# /etc/init.d/script restart this runs fine, returns my shell prompt
# exitWhen I enter this command, my shell window just stays
stuck and actually won't close down.
Anyone know why
# /etc/init.d/script restart this runs fine, returns my shell prompt
# exitWhen I enter this command, my shell window just stays
stuck and actually won't close down.
Anyone know why this happens?
Are you spawning/backgrounding jobs in the script?
Here is the script, it is a fairly
You might try to change the script in init.d to append /dev/null
/dev/null 21 at the line that starts the daemon, this might force
it to detach itself from the terminal.
This appears to have corrected the issue, thank you very much for the reply.
___
Ok this is kind of a goofy question but I want to make sure I get it
right. Suppose we have a 25 mb video, that is 117 seconds long. If we
wish for this streaming video to play smoothly with no compression,
buffering or skipping, the following bandwidth requirements must be
met:
25 megabytes =
Don't forget that the data speed != line speed.
A line will only carry about 70% of the line
speed as data because of packet overheads.
Thanks for pointing this out. I believe I have enough information to
make my case. My guesstimate before seeing the actual file sizes was
that this would
The size of the file doesn't make much difference. What matters is the
resolution and framerate of the vide
For a back-of-the napkin calculation can we not assume that data equal
to the entire size of the file will be streamed to the client during
playback? I understand that frame rate, etc.
Is there an easy way to configure sendmail to only send mail to
addresses in one particular domain?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
If it is 'your' domain, configure the sender(s) to use the intended
receiving server as the SMART_HOST but don't give it RELAY permissions in
the receiving access file. That way it can attempt to send to other
addresses but only ones local to the receiving machine will be accepted.
Thanks,
I'm a bit baffled by this problem. Maybe there's a sendmail guru out there
who can help me out here. We have some end-users who need to receive
system-generated mail that originates from a java-based application on our
network. The java app sends the mail through our sendmail cluster, which
I'm a bit baffled by this problem. Maybe there's a sendmail guru out
there who can help me out here. We have some end-users who need to
receive system-generated mail that originates from a java-based
application on our network. The java app sends the mail through our
sendmail cluster, which
#1 - turn your sendmail logging/debugging setting up as high as
it will go for just long enough to capture some of these events.
(then turn it back to its previous setting)
#2 - try using script and then telnet to capture an SMTP session
(Done by hand) with the MTA at the receiving end.
Anyone have a function or script for uploading files from a web
browser with a bash script? I know this is possible to do with Perl,
I'm wondering if the same is possible using only bash.
___
CentOS mailing list
CentOS@centos.org
I think he wants to have a shell-script that can process upload-file-
forms, displayed in browsers.
AFAIK, the general rule is: don't do that (CGI programming with shell-
scripts).
Use something else (PHP as CGI, if you don't want to have mod_php).
Good to know, thanks for the info. I
What do you use for monitoring your Apache Tomcat servers? I have used
jconsole to manually connect and look at the statistics. I'm wondering if
there are any standard tools for watching the health of the java process.
___
CentOS mailing list
You can use snmp and cacti to monitor some of the tomcat information.
You simply need to add a few configuration modifications.
See http://java.sun.com/j2se/1.5.0/docs/guide/management/SNMP.html\
Thank you all for the replies. We already use Nagios so I'm hoping
for a nagios-friendly
I have a perl script which runs from a cron job. How would you limit
the amount of RAM that this script is allowed to consume? Is there a
ulimit setting that will accomplish this? If so does ulimit have to
be run each time the script is run, or is there a way to set it
permanently?
If you run it as a regular user, then maybe you can check out
/etc/security/limits.conf
Currently the script runs as the root user. I may be able to change
this, but wanted to find out whether there was some other way first.
Would it be possible to use a ulimit command within the perl script
First, install the perl module BSD::Resource
yum install perl-BSD-Resource
Then use it in your program like:
#!/usr/bin/perl
use BSD::Resource;
setrlimit(RLIMIT_VMEM, 1_000_000, 1_000_000);
# rest of the program that is limited to 1MByte now
Thanks, Paul. I knew I'd find an
While having hard limits makes it safer, wouldn't it be better to control the
memory usage of the script instead of setting limits that would trigger an
out of memory...?
How would you control the memory usage of the script if it's run by
the root user?
But what if the program's memory use is dependent on lots of factors
which are not easily predictable.
And you want to avoid bringing the whole system to it's knees while swapping
and killing arbritrary other programs while one program is consuming all
of ram and swap.
In that case it's
I have an odd situation here, maybe one of you can help. We have a
script that runs via a cron job. It's purpose is to decrypt
PGP-encrypted files in a certain directory. I have tried the command
two different ways, both fail with the same error message:
gpg --decrypt $file
On Mon, Oct 19, 2009 at 2:41 PM, Spiro Harvey sp...@knossos.net.nz wrote:
Is the cron job running as a different user? eg; are you running gpg as
a non-privileged user and the cronjob as root?
The cronjob script runs from /etc/crontab. Let me try root's personal
crontab instead.
Typically this type of problem is caused by environment variables
that are set in a login shell, but are missing or different than
those set for jobs running under cron.
You nailed it, Bill. Running the cron from root's personal crontab
worked fine. Must have been environment variable
What do you use to keep your environment files like .bashrc,
.bash_profile, etc. synchronized across all your servers?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Anyone know if this is possible with GNU screen?
I would like to have a macro or keyboard shortcut whereby the
following actions are performed:
1. Open new screen window (CTRL-A C)
2. ssh to some $host
3. Rename current screen as $host (CTRL-A A $host)
I can see that typing screen while
On Mon, Feb 23, 2009 at 11:53 AM, Don Harper d...@duckland.org wrote:
Under bash, I have a function defined like so:
function ss () {
screen -t $1 ssh $*
}
Then, I simply type:
ss hostname
Nice, this is helpful. I used ssc instead because there appears to
be a built in ss command.
I like Gnu screen, but the choice of CTRL-A as the command sequence is
extremely unfortunate. Like many other bash users, I use CTRL-A to
get back to the beginning of the line (emacs editing mode).
How do you all get around this problem? Also, I'm wondering if there
is an easy way to get mouse
Also, I'm wondering if there
is an easy way to get mouse scrolling to work when reviewing terminal
history in screen. It's a pain in the arse to CTRL-A then ESC to be
able to scroll back.
If anyone else is looking for mouse wheel scrolling in GNU screen,
here's the solution I found. I added
I am unable to find any documentation about this error message,
perhaps one of you has experienced this as well. We have an FTP
server that is configured to accept FTP transactions over SSL. The
server is working fine, as I am able to log in with lftp from my test
linux machine in the office.
None of our data center machines are
able to connect so perhaps this is a firewall or NAT issue? Anyway
here is the very un-descriptive error message:
SSL_connect: error::lib(0):func(0):reason(0)
Closing control socket
`ls' at 0 [Delaying before reconnect: 18]
Further
1 - 100 of 201 matches
Mail list logo