Re: [CentOS] Best way to duplicate a live Centos 5 server?
On 6/14/12, Smithies, Russell wrote: > How about using one of the backup tools to image the server? > We use Symantec System Recovery and image all the disks. We then have the > option of restoring to different hardware (physical or virtual) which works > very well. > There's a 60-day evaluation period. > http://www.symantec.com/products/trialware.jsp?pcid=pcat_business_cont&pvid=1602_1 Not an option for me unfortunately, the only Windows systems on location are at best Win7 Home Premium and SSR requires a Win Server OS according to their page. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6.2 32 default kernel support pae?
A client is insisting to install CentOS 6.2 32 bit version [1] on a system with 4GB RAM. Lately, I have done 64 bit installations only; not sure if the 32 bit kernel supports pae for >= 4GB RAM. If anyone knows the answer please let me know (will save me time on an installation in my setup). [1] The Client's ERP vendor has validated the application on the 32 bit platform only thus the reason for 32 bit version. Thanks, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
Am 14.06.2012 09:46, schrieb Arun Khan: > A client is insisting to install CentOS 6.2 32 bit version [1] on a > system with 4GB RAM. > > Lately, I have done 64 bit installations only; not sure if the 32 bit > kernel supports pae for >= 4GB RAM. > > If anyone knows the answer please let me know (will save me time on an > installation in my setup). > > [1] The Client's ERP vendor has validated the application on the 32 > bit platform only thus the reason for 32 bit version. > > Thanks, > -- Arun Khan https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.0_Release_Notes/kernel.html see "12.6.1. Physical Address Extension (PAE)" Not said there, but support is up to 64GB of RAM. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
On 06/14/12 12:46 AM, Arun Khan wrote: > [1] The Client's ERP vendor has validated the application on the 32 > bit platform only thus the reason for 32 bit version. the client should find a ERP vendor who's not stuck back in the 90s. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Two CentOS installations failed dual boot
Hello everybody, I installed Centos 6.2 on a computer with an older version of it in order to dual boot both of them. I managed to install the new OS on a physically seperated hard drive, and configured grub to make the newly installed OS the default one. Now the older OS won't boot and this error message shows: *"error 13: invalid or unsupported executable format"*. I attached to the email the output of *"fdisk -l"* and a copy of the *"/etc/grub.conf"* configuration file. I have no experience dealing with boot/grub issues, so any help on this will be much appreciated. Regards. [root@mypc ~]# fdisk -l Disk /dev/sda: 80.0 GB, 800 bytes 255 heads, 63 sectors/track, 9726 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0080 Device Boot Start End Blocks Id System /dev/sda1 * 1947276077056 83 Linux /dev/sda294729726 2045952 82 Linux swap / Solaris Disk /dev/sdb: 80.0 GB, 80032038912 bytes 255 heads, 63 sectors/track, 9730 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xdbdbdbdb Device Boot Start End Blocks Id System /dev/sdb1 * 1 13 104391 83 Linux /dev/sdb2 14973078051802+ 8e Linux LVM Disk /dev/mapper/VolGroup00-LogVol01: 2080 MB, 2080374784 bytes 255 heads, 63 sectors/track, 252 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x30307800 Disk /dev/mapper/VolGroup00-LogVol01 doesn't contain a valid partition table Disk /dev/mapper/VolGroup00-LogVol00: 77.8 GB, 77812727808 bytes 255 heads, 63 sectors/track, 9460 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x Disk /dev/mapper/VolGroup00-LogVol00 doesn't contain a valid partition table [root@mypc ~]# # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd1,0) # kernel /boot/vmlinuz-version ro root=/dev/sda1 # initrd /boot/initrd-[generic-]version.img #boot=/dev/sdb default=0 timeout=5 splashimage=(hd1,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.32-220.17.1.el6.i686) root (hd1,0) kernel /boot/vmlinuz-2.6.32-220.17.1.el6.i686 ro root=UUID=b5d4d678-1e3d-47ce-acf1-d061097b6885 rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=fr LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=VolGroup00/LogVol01 rd_NO_DM initrd /boot/initramfs-2.6.32-220.17.1.el6.i686.img title CentOS IPBX (2.6.32-220.el6.i686) root (hd1,0) kernel /boot/vmlinuz-2.6.32-220.el6.i686 ro root=UUID=b5d4d678-1e3d-47ce-acf1-d061097b6885 rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=fr LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=VolGroup00/LogVol01 rd_NO_DM initrd /boot/initramfs-2.6.32-220.el6.i686.img title VoisGate rootnoverify (hd0,0) chainloader +1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
On Thu, Jun 14, 2012 at 1:35 PM, Alexander Dalloz wrote: > > https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.0_Release_Notes/kernel.html > > see "12.6.1. Physical Address Extension (PAE)" > > Not said there, but support is up to 64GB of RAM. > Thanks very much for pointing out the Release Notes section :) -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 32 default kernel support pae?
On Thu, Jun 14, 2012 at 1:46 PM, John R Pierce wrote: > On 06/14/12 12:46 AM, Arun Khan wrote: >> [1] The Client's ERP vendor has validated the application on the 32 >> bit platform only thus the reason for 32 bit version. > > > the client should find a ERP vendor who's not stuck back in the 90s. > Agreed, I pointed it out to client but I am not the one who selected the ERP vendor for them; sometimes one has to choose which battles to fight. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best way to duplicate a live Centos 5 server?
On Thu, Jun 14, 2012 at 2:32 AM, Emmanuel Noobadmin wrote: > On 6/14/12, Smithies, Russell wrote: >> How about using one of the backup tools to image the server? >> We use Symantec System Recovery and image all the disks. We then have the >> option of restoring to different hardware (physical or virtual) which works >> very well. >> There's a 60-day evaluation period. >> http://www.symantec.com/products/trialware.jsp?pcid=pcat_business_cont&pvid=1602_1 > > Not an option for me unfortunately, the only Windows systems on > location are at best Win7 Home Premium and SSR requires a Win Server > OS according to their page. Clonezilla-live is good for straight image copies, but you have to shut down the source while taking the copy and it doesn't do raid. It does handle most filesystems including windows and knows enough to only copy the used blocks. ReaR will make the copy with the source running and handles most linux disk layouts. There is not much documentation at this point and there are a lot of options, but if you have an NFS share to hold the intermediate backup copy it only takes a couple of lines in a conf file to set it up. However, since it is designed for backup/restore, the default is for the restore iso to use the same IP as the source which is awkward for live cloning. You can work around that but should probably try a test system first. It is definitely worth looking at as a simple backup solution in any case. If the target hardware is different, both clonezilla and rear may require you to build a new initrd with appropriate disk drivers included. Using the VMware converter tool (free) might work. I've done it with windows, but so far it has not worked with the disk layouts on the linux systems I have tried. When it works, it works very well - and you could probably do additional conversions from the vmware image. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 88, Issue 9
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2012:0731 Moderate CentOS 5 expat Update (Johnny Hughes)
2. CESA-2012:0730 Important CentOS 5 java-1.6.0-openjdk Update
(Johnny Hughes)
3. CESA-2012:0729 Critical CentOS 6 java-1.6.0-openjdk Update
(Johnny Hughes)
4. CESA-2012:0731 Moderate CentOS 6 expat Update (Johnny Hughes)
5. CEBA-2012:0738 CentOS 5 gawk FASTTRACK Update (Johnny Hughes)
6. CEBA-2012:0737 CentOS 6 corosync Update (Johnny Hughes)
7. CEEA-2012:0739 CentOS 6 mlx4_ib Update (Johnny Hughes)
8. CEEA-2012:0739 CentOS 6 mlx4_en Update (Johnny Hughes)
9. CEBA-2012:0740 CentOS 6 apr Update (Johnny Hughes)
10. CEEA-2012:0739 CentOS 6 mlx4_core Update (Johnny Hughes)
--
Message: 1
Date: Wed, 13 Jun 2012 17:07:10 +
From: Johnny Hughes
Subject: [CentOS-announce] CESA-2012:0731 Moderate CentOS 5 expat
Update
To: centos-annou...@centos.org
Message-ID: <20120613170710.ga31...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0731 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0731.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3cd68b239349db1f2a58ad30ef511148235cda9e7b692323d0b8606aa0f094e3
expat-1.95.8-11.el5_8.i386.rpm
1a19aae09d3fae92d7e31244abe1d12804206a3f0445a7d56c34e363d16e870a
expat-devel-1.95.8-11.el5_8.i386.rpm
x86_64:
3cd68b239349db1f2a58ad30ef511148235cda9e7b692323d0b8606aa0f094e3
expat-1.95.8-11.el5_8.i386.rpm
9e40d6c5cfd8288231e0a3c7a193a1601fb6a909df00a917d59cc02e596ea7dd
expat-1.95.8-11.el5_8.x86_64.rpm
1a19aae09d3fae92d7e31244abe1d12804206a3f0445a7d56c34e363d16e870a
expat-devel-1.95.8-11.el5_8.i386.rpm
25f29550c06e68dbdd2847421e2c1db4f8fa3a02dab12f6cdfc7b2b3ab72e2c8
expat-devel-1.95.8-11.el5_8.x86_64.rpm
Source:
f394a130aa92f025255ee20283d9dc9e93f73c8858bfb1a87736e211df8b65b6
expat-1.95.8-11.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Wed, 13 Jun 2012 17:29:00 +
From: Johnny Hughes
Subject: [CentOS-announce] CESA-2012:0730 Important CentOS 5
java-1.6.0-openjdk Update
To: centos-annou...@centos.org
Message-ID: <20120613172900.ga31...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2012:0730 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0730.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
f1f34d561b7a8792c87baa365b8c476dbc16149df94ea0a932e022d474097445
java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm
0cea3bb758babe5704bdf9897f07f29a96eb97c4be5ce21c618fc8d33747b04a
java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm
71ab34ae5c8c4d7e43a61fcfae9e10f50941cbeebc2e0fe23d82285817b21efb
java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm
21f4b7cbe5175549528a3dac11c505f28b7a668e9dde5ccbf17cf345cf83575b
java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm
280419ee63d45161e204fef85af031d278eb0909e9cc1bafc452b0705db7836e
java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm
x86_64:
1b0412bd15d348d4877e0fbd9cd50e82c3e6dce631bf308f6f8858de98f7b5f2
java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm
b9dcd93b7fa94e31887896710a5fa359db59f4e9718560529595b54a68153434
java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm
5f3e3f41f9e0f012d12d42fc238ca0c71bbebc2e50c090a104797ef9f216d723
java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm
9a78d0538ab735128188ea3a6aa5664db2111d94c2e8162f1acd44875c4aaa29
java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm
f5b83eb56f378bcf7dfbb99231b715455b98c0dd6c259b4373b6c5822bece004
java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm
Source:
49f7df8ca0562c4a706c0553ac41c4b625a2035d21ba7a730c154d3f79c95b43
java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Wed, 13 Jun 2012 18:29:41 +
From: Johnny Hughes
Subject: [CentOS-announce] CESA-2012:0729 Critical CentOS 6
java-1.6.0-openjdk Update
To: centos-annou...@centos.org
Message-ID: <201206131
[CentOS] CentOS 4x Download
Dear Community Friends, i badly require CentOS 4x, because one of our application only work with that version, and current server has failed. The image which is available in CentOS following sites. CD is not boot able, cannot install. http://vault.centos.org/4.9/ http://vault.centos.org/ can anyone help to guide me how can o get CD or DVD image CentOS 4x. Thanks / Regards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT - Is there a package to monitor network traffic
We have a situation here that is a real mystery. Our MRTG on our outgoing router and a firewall server that protects our web servers is showing a spike every six hours. I can't find the server behind the firewall that is generating such an extreme amount of packets, even though I've looked through the crontabs of nearly all servers, performed "ps" variations, and other types of investigation. Is there any type of package I can install that will monitor traffic and report abnormal, over-threshold packets similar to what wireshark might do in a manner that would allow me to determine where these packets might be going or from where they originate? Thanks for any help. steve campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
How about tcpdump? Mike On 06/14/2012 01:07 PM, Steve Campbell wrote: > We have a situation here that is a real mystery. > > Our MRTG on our outgoing router and a firewall server that protects our > web servers is showing a spike every six hours. I can't find the server > behind the firewall that is generating such an extreme amount of > packets, even though I've looked through the crontabs of nearly all > servers, performed "ps" variations, and other types of investigation. > > Is there any type of package I can install that will monitor traffic and > report abnormal, over-threshold packets similar to what wireshark might > do in a manner that would allow me to determine where these packets > might be going or from where they originate? > > Thanks for any help. > > steve campbell > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] unfsd scalability issues
On Wed, Jun 13, 2012 at 10:11 AM, wrote: > Boris Epstein wrote: > > On Sat, Jun 2, 2012 at 2:50 PM, John R. Dennison > wrote: > >> On Sat, Jun 02, 2012 at 10:59:13AM -0400, Boris Epstein wrote: > > > To be specific, I use UNFSD to export a MooseFS file system. MooseFS, by > > the way, is userland-process based too. > > > > Be that as it may, I've seen situations where a comparably configured > > MooseFS client get to read at, say, 40 MB/s - which is fine - but the > > UNFSD at the same time reads at 40K/s(!) Why would that be? I mean, some > > degradation I can dig but 3 orders of magnitude? What is with this? Am I > > doing something wrong? > > I wonder... what's the architecture of what you're getting these results? > I tried opening a bug with upstream over NFS4 and 6.x, and no one ever > looked at it, and they closed it. > > 100% repeatably: unpack a package locally, seconds. > unpack it from an NFS mount onto a local drive, about 1 > min. > unpack it from an NFS mount onto an NFS mount, even when >the target is exported FROM THE SAME MACHINE* that the >process is running on: 6.5 - 7 MINUTES. > > * That is, > [server 1] [server 2] >/export/thatdir --NFS-->/target/dir >/s2/source >/source/dir --NFS-->/s2/source > and cd [server 2]:/target/dir and unpack from /s2/source > > I suppose I'll try logging into upstream's bugzilla using our official > licensed id; maybe then they'll assign someone to look at it > >mark > > > Mark, Thanks, my architecture is extremely similar to yours, except that in my case the "second layer", if I may say so, is MooseFS ( http://www.moosefs.org/ ), not NFS. MooseFS itself is blazing, by the way. So the diagram in my case would look something like this: /export/thatdir --NFS-->/target/dir /s2/source /source/dir -- MooseFS mount (mfsmount) -->/s2/source The discrepancy in the resultant performance is comparable. Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4x Download
On 06/14/2012 12:05 PM, Shiv. Nath wrote: > Dear Community Friends, > > i badly require CentOS 4x, because one of our application only work with > that version, and current server has failed. The image which is > available in CentOS following sites. CD is not boot able, cannot install. > > http://vault.centos.org/4.9/ > http://vault.centos.org/ > > can anyone help to guide me how can o get CD or DVD image CentOS 4x. > The CDs should be just fine as far as booting them goes. You need to burn them as "an image" with your burning software and boot any if the CD-1 or DVD-1 images. If your machine does not boot from CD, you can create a pen drive boot using bootdisk.img from here: http://vault.centos.org/4.9/os/x86_64/images/ (or i386 instead of x86_64) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4x Download
> On 06/14/2012 12:05 PM, Shiv. Nath wrote: >> Dear Community Friends, >> >> i badly require CentOS 4x, because one of our application only work with >> that version, and current server has failed. The image which is >> available in CentOS following sites. CD is not boot able, cannot >> install. >> >> http://vault.centos.org/4.9/ >> http://vault.centos.org/ >> >> can anyone help to guide me how can o get CD or DVD image CentOS 4x. >> > > The CDs should be just fine as far as booting them goes. > > You need to burn them as "an image" with your burning software and boot > any if the CD-1 or DVD-1 images. > > If your machine does not boot from CD, you can create a pen drive boot > using bootdisk.img from here: > > http://vault.centos.org/4.9/os/x86_64/images/ > > (or i386 instead of x86_64) > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Thanks Johnny. I will give a try using pen drive. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On Thu, Jun 14, 2012 at 12:07 PM, Steve Campbell wrote: > We have a situation here that is a real mystery. > > Our MRTG on our outgoing router and a firewall server that protects our > web servers is showing a spike every six hours. I can't find the server > behind the firewall that is generating such an extreme amount of > packets, even though I've looked through the crontabs of nearly all > servers, performed "ps" variations, and other types of investigation. > > Is there any type of package I can install that will monitor traffic and > report abnormal, over-threshold packets similar to what wireshark might > do in a manner that would allow me to determine where these packets > might be going or from where they originate? If you can catch it while the event is happening, wireshark can help you analyze the traffic. Do a short capture, then Statistics/Converstation list/ipv4 (or endpoint/ipv4) will give you a sortable list of the bulk of the traffic. If you are monitoring the traffic on all interfaces and switch ports with SNMP (Cacti/OpenNMS etc.) you would probably see it too. OpenNMS generates nightly reports of 'top 20' interface usage although backups sometimes show up there. 'Ntop' is also good at identifying traffic and can summarize in different ways, but you have to run it on the server where the traffic is happening. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
Hi all, Just like to know which secure FTP servers are popular in use on Linux, the FTP server should provides HTTPS, FTPS and SFTP methods. Current we are with Serv-U FTP server, but it has been crashed all the time for unknown reasons -- can not find any causes in its log file at all. Although we like its interfaces, but our customers complain its reliability a lot. Finally we are tired of it and would like an alternative. If you are satisfied with your ftp server, Please feel free to share with me. :) Thanks. --David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On Jun 13, 2012, at 2:52 AM, Sanjay Arora wrote: > My machine is on LAN 192.168.1.0/24, has an IP of 192.168.1.3. This > Network has GW 192.168.1.1 which is an adsl router in the office. No > firewall on the router. Other LAN machines have IPs in the > 192.168.1.0/24 network & I'm not allowed to use those IPs. They are > reserved for LAN use. > > Now My machine has a second card for LTSP Network (it is a LTSP > Server) with IP 172.16.1.0/24 Can your VMs request IPs on this network or is it NAT'd as well? > I want Virtual hosts on my machine so I have to have a different IP > rangesay 192.168.2.0/24 Maybe better to use LTSP network IPs and use the 192.168 bridge interface for Internet only giving out dnsmasq IPs which are 169.X I believe? > And I want routing among three as well as Internet access through the > NATTED adsl router which has a dynamic IP. If you have 172.16 IPs on the VMs for the LTSP bridged network, then use dnsmasq to assign dynamic IPs for the Internet NAT'd bridge on the 192.168 network, set a default route out the Internet NAT'd bridged interfaces and you should get what you want. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On Jun 14, 2012, at 1:07 PM, Steve Campbell wrote: > We have a situation here that is a real mystery. > > Our MRTG on our outgoing router and a firewall server that protects our > web servers is showing a spike every six hours. I can't find the server > behind the firewall that is generating such an extreme amount of > packets, even though I've looked through the crontabs of nearly all > servers, performed "ps" variations, and other types of investigation. > > Is there any type of package I can install that will monitor traffic and > report abnormal, over-threshold packets similar to what wireshark might > do in a manner that would allow me to determine where these packets > might be going or from where they originate? Setup a nettop server and netflow on the routing interfaces and you will find tour culprit. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Is there a package to monitor network traffic
On Jun 14, 2012, at 6:44 PM, Ross Walker wrote: > On Jun 14, 2012, at 1:07 PM, Steve Campbell wrote: > >> We have a situation here that is a real mystery. >> >> Our MRTG on our outgoing router and a firewall server that protects our >> web servers is showing a spike every six hours. I can't find the server >> behind the firewall that is generating such an extreme amount of >> packets, even though I've looked through the crontabs of nearly all >> servers, performed "ps" variations, and other types of investigation. >> >> Is there any type of package I can install that will monitor traffic and >> report abnormal, over-threshold packets similar to what wireshark might >> do in a manner that would allow me to determine where these packets >> might be going or from where they originate? > > Setup a nettop server and netflow on the routing interfaces and you will find > tour culprit. Nettop -> ntop -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 3:39 PM, Gelen James wrote: > Just like to know which secure FTP servers are popular in use on Linux, the > FTP server should provides HTTPS, FTPS and SFTP methods. sftp is part of SSH, not FTP. https is HTTP not FTP. ftps (FTP over SSL) is a non-standard mess and should be banned. I use vsftp for a straight FTP server, and apache for a https server, openssh for a SSH server. these are all standard CentOS components. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
Hi John, I had the same idea with you just a few years back that the ftp only servers FTP protocol. But nowadays a FTP server provides same contents over a lot of protocols at the same time: FTP/FTPS/SFTP/HTTP/HTTPS. Please check the wiki page http://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so many choices but it is difficult to find one that is reliable, secure and at the same time easy to use. Thanks. --David From: John R Pierce To: centos@centos.org Sent: Thursday, June 14, 2012 3:59 PM Subject: Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not On 06/14/12 3:39 PM, Gelen James wrote: > Just like to know which secure FTP servers are popular in use on Linux, the >FTP server should provides HTTPS, FTPS and SFTP methods. sftp is part of SSH, not FTP. https is HTTP not FTP. ftps (FTP over SSL) is a non-standard mess and should be banned. I use vsftp for a straight FTP server, and apache for a https server, openssh for a SSH server. these are all standard CentOS components. -- john r pierce N 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 4:08 PM, Gelen James wrote: > I had the same idea with you just a few years back that the ftp only servers > FTP protocol. But nowadays a FTP server provides same contents over a lot of > protocols at the same time: FTP/FTPS/SFTP/HTTP/HTTPS thats just silly. I suppose we should call NFS FTP too, because it serves files? the classic FTP protocol is a hangover from the 1970s and really should be sent to pasture and allowed to die a peaceful death.I generally use http for serving anonymous read only files, and sftp/scp for authenticated transfers -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On Thu, Jun 14, 2012 at 6:18 PM, John R Pierce wrote: >> > thats just silly. I suppose we should call NFS FTP too, because it > serves files? What do you call something like Alfresco that emulates all kinds of file/web services while imposing additional logic compared to what the OS would do? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 4:08 PM, Gelen James wrote: > Please check the wiki > pagehttp://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so > many choices psst? most of those are for MS Windows, which doesn't come with a decent FTP server built in. many of them are commercial. there's really only a couple on that list suitable for a linux server, headed up with vsftpd, the default ftp server in CentOS. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 6/14/2012 7:23 PM, John R Pierce wrote: > On 06/14/12 4:08 PM, Gelen James wrote: >> Please check the wiki >> pagehttp://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so >> many choices > > psst? most of those are for MS Windows, which doesn't come with a > decent FTP server built in. many of them are commercial. there's > really only a couple on that list suitable for a linux server, headed up > with vsftpd, the default ftp server in CentOS. > I do hear good things about ProFTP and actually have it on one of my new installs, but haven't yet messed with it. I found it odd that it didn't make the wiki list. Maybe some others can give some feedback on it? -- John Hinton 877-777-1407 ext 502 http://www.ew3d.com Comprehensive Online Solutions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sendmail SMTP Brute-Force Attack
Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com>, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>, size=3958, class=0, nrcpts=1, msgid=<201206142307.q5en710u024...@myserver.com>, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:23 at6412 sendmail[24868]: q5EN7M6D024868: from=< qmar...@qmarket.cl>, size=2193, class=0, nrcpts=2, msgid=< 20120614231448.1e99a13e...@smtp02qmarket.qmarket.cl>, proto=ESMTP, daemon=MTA, relay=[200.1.174.121] Jun 14 19:07:24 at6412 sendmail[24961]: q5EN7OT4024961: from=< nob...@2012.123icq.cl>, size=4716, class=0, nrcpts=1, msgid=< e1sfj8h-0005kv...@2012.123icq.cl>, proto=ESMTP, daemon=MTA, relay= pc1.globalmac.cl [200.29.231.61] (may be forged) Jun 14 19:07:33 at6412 sendmail[25013]: q5EN7SqK025013: from=< a.pfsv...@yahoo.com>, size=760, class=0, nrcpts=1, msgid=< 1531549-634033...@owfzdl.net>, proto=SMTP, daemon=MTA, relay= h095159149119.ys.dsl.sakhalin.ru [95.159.149.119] Jun 14 19:07:37 at6412 sendmail[25065]: q5EN7bCj025065: from=< en.viaimp...@gmail.com>, size=4531, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=186-105-73-29.baf.movistar.cl [186.105.73.29] I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn & Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org - - *Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint. Lea http://www.gnu.org/philosophy/no-word-attachments.es.html* ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/14/12 4:22 PM, Les Mikesell wrote: > What do you call something like Alfresco that emulates all kinds of > file/web services while imposing additional logic compared to what the > OS would do? "useless" hey, you asked what *I* would call it. I have no use for that sort of silliness. Maybe someone running a 'warez' server does, not me. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
> I need help for STOP this spamers right now.
>
> Thanks in advance to anyone who can guide me
2 of the three relay IPs listed in your log fragment are listed on
spamhaus' Zen combined list, http://www.spamhaus.org/zen/
this is free for use by low volume non-commercial email servers. see the
terms linked on the above URL.
adding the following line to your sendmail.mc file, then rebuilding the
.cf and restarting sendmail would reject all mail connections from
servers listed via Spamhaus.
FEATURE(dnsbl,`zen.spamhaus.org',`Message from $&{client_addr} rejected
- see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl
(note this file is in M4 syntax, and has to use 'funny' quoting, with a
` as the opening quote).
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On 06/15/2012 01:28 AM, John Hinton wrote: > On 6/14/2012 7:23 PM, John R Pierce wrote: >> On 06/14/12 4:08 PM, Gelen James wrote: >>> Please check the wiki >>> pagehttp://en.wikipedia.org/wiki/List_of_FTP_server_software. There are so >>> many choices >> >> psst? most of those are for MS Windows, which doesn't come with a >> decent FTP server built in. many of them are commercial. there's >> really only a couple on that list suitable for a linux server, headed up >> with vsftpd, the default ftp server in CentOS. >> > I do hear good things about ProFTP and actually have it on one of my new > installs, but haven't yet messed with it. I found it odd that it didn't > make the wiki list. Maybe some others can give some feedback on it? > If you are running a recent distro you should go with sftp. With the Match directive you can even selectively create chroots for users and groups which should cover most use-cases. FTP is just insecure (plaintext passwords) and the secure variant FTPS makes firewall setups a pain because the "fixes" for FTPs protocol layering violations (the conntrack and nat modules for iptables) stop working. Don't use FTP unless you absolutely have to. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
You can use, also, fail2ban http://www.fail2ban.org/wiki/index.php/Sendmail http://www.fail2ban.org/wiki/index.php/HOWTOs Work over the filter. You can set that if 'x' connection from same IP in 'y' seconds, block in firewall -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
The problem with my server is: I use it to offer webhosting services. Some
customers using Outlook are blocked because they use black listed ips (ips
simply are dynamic).
With Kind Regards,
Gustavo A. Lacoste Z.
Curacautín - Chile
Skype: knxroot
Msn & Gtalk: knx.root [at] gmail.com
Home page: http://www.lacosox.org
- -
*Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint.
Lea http://www.gnu.org/philosophy/no-word-attachments.es.html*
2012/6/14 John R Pierce
> On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
> > I need help for STOP this spamers right now.
> >
> > Thanks in advance to anyone who can guide me
>
> 2 of the three relay IPs listed in your log fragment are listed on
> spamhaus' Zen combined list, http://www.spamhaus.org/zen/
>
> this is free for use by low volume non-commercial email servers. see the
> terms linked on the above URL.
> adding the following line to your sendmail.mc file, then rebuilding the
> .cf and restarting sendmail would reject all mail connections from
> servers listed via Spamhaus.
>
> FEATURE(dnsbl,`zen.spamhaus.org',`Message from $&{client_addr} rejected
> - see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl
>
>
> (note this file is in M4 syntax, and has to use 'funny' quoting, with a
> ` as the opening quote).
>
>
>
>
>
> --
> john r pierceN 37, W 122
> santa cruz ca mid-left coast
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
If you have disabled open relaying then I would look at grey listing and
throttling to reduce the number of spam per hour that comes in.
Since your routing others emails there is no point in spam analysis cause your
customers are probably doing it already. Just need to dissuade spammers from
full throttling your edge severs.
-Ross
On Jun 14, 2012, at 8:58 PM, Gustavo Lacoste wrote:
> The problem with my server is: I use it to offer webhosting services. Some
> customers using Outlook are blocked because they use black listed ips (ips
> simply are dynamic).
>
>
>
> With Kind Regards,
>
> Gustavo A. Lacoste Z.
> Curacautín - Chile
> Skype: knxroot
> Msn & Gtalk: knx.root [at] gmail.com
> Home page: http://www.lacosox.org
> - -
> *Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint.
> Lea http://www.gnu.org/philosophy/no-word-attachments.es.html*
>
>
> 2012/6/14 John R Pierce
>
>> On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
>>> I need help for STOP this spamers right now.
>>>
>>> Thanks in advance to anyone who can guide me
>>
>> 2 of the three relay IPs listed in your log fragment are listed on
>> spamhaus' Zen combined list, http://www.spamhaus.org/zen/
>>
>> this is free for use by low volume non-commercial email servers. see the
>> terms linked on the above URL.
>> adding the following line to your sendmail.mc file, then rebuilding the
>> .cf and restarting sendmail would reject all mail connections from
>> servers listed via Spamhaus.
>>
>> FEATURE(dnsbl,`zen.spamhaus.org',`Message from $&{client_addr} rejected
>> - see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl
>>
>>
>> (note this file is in M4 syntax, and has to use 'funny' quoting, with a
>> ` as the opening quote).
>>
>>
>>
>>
>>
>> --
>> john r pierceN 37, W 122
>> santa cruz ca mid-left coast
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On Thu, Jun 14, 2012 at 7:58 PM, Gustavo Lacoste wrote: > The problem with my server is: I use it to offer webhosting services. Some > customers using Outlook are blocked because they use black listed ips (ips > simply are dynamic). > Give them logins/passwords and only rely if the connection is authenticated. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/14/12 5:58 PM, Gustavo Lacoste wrote: > The problem with my server is: I use it to offer webhosting services. Some > customers using Outlook are blocked because they use black listed ips (ips > simply are dynamic). They should be using smtp auth over SASL, or they should be using their ISP's smarthosts for forwarding outbound mail. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
On Jun 15, 2012 12:39 AM, "Gelen James" wrote: > Just like to know which secure FTP servers are popular in use on Linux, the FTP server should provides HTTPS, FTPS and SFTP methods. Proftpd, hands down for the (s)ftp(s) but for http you have to look somewhere else. Mikael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] any reliable FTP server with HTTPS/FTPS, commercial or not
> Proftpd, hands down for the (s)ftp(s) but for http you have to look > somewhere else. k +1 for ProFTPD. I have not used it for sftp, but I have for ftps. Make sure on ftps to use ccc - clear command channel which allows the command channel to be picked up by firewalls that need to know about the port change conversation. Also .. limit your passive ports as well. 1 for administration + 2*number of concurrent users. Use apache for https. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On Wed, Jun 13, 2012 at 9:12 PM, Les Mikesell wrote: > On Wed, Jun 13, 2012 at 1:52 AM, Sanjay Arora > wrote: >> > OK, I don't quite understand what 'reserved for LAN' use means. I'll > assume it means someone else controls it and they won't cooperate if Correct. > you bridge you VM's to the LAN. In most scenarios, the adsl router > would give out DHCP addresses and unless you run out, bridged machines > would just grab their own address and work just like a new physical > machine. > True Enough but the adsl Ip range is not in my control as you have assumed correctly. >> Now My machine has a second card for LTSP Network (it is a LTSP >> Server) with IP 172.16.1.0/24 >> >> I want Virtual hosts on my machine so I have to have a different IP >> rangesay 192.168.2.0/24 >> >> And I want routing among three as well as Internet access through the >> NATTED adsl router which has a dynamic IP. >> >> This is my problem. > > You still don't say what kind of access you need Basically accessing the VMs from the Internetssh, vnc, rdp, ftp & so on...different needs for different vm. > - or why you can't > bridge on the 172.16.1.0 side which eliminates half of the problem. > Outbound connections are easy - your LTSP clients probably already > have that via NAT on the server, and they also should be using the > server as their default gateway. Yes LTSP has outward NAT access...require the same inward access there too... > If you don't want the VM guests on > the same subnet, you can create a new guest-only subnet with the same > setup as the LTSP side (server is default gateway and can route among > all networks). So you only have a problem if you need to accept > inbound connections from the LAN or internet. You probably don't have > that now for the LTSP subnet. Do you need it for the VMs? Yes to both. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On 06/14/12 10:51 PM, Sanjay Arora wrote: > True Enough but the adsl Ip range is not in my control as you have > assumed correctly. when you bridge virtual hosts to a LAN, they appear just like they are real machines plugged into the same LAN. they'll each get their own IP from the ADSL router's DHCP. why is this a problem? are you not allowed to plug in multiple systems? as I previously explained, if you create a separate subnet for your VMs, you'll need to route them, and ALL the hosts on the LAN including the ADSL internet gateway will need to know this route or they (and the internet) wont work for those VMs. alternately, you use NAT, and then your VM's aren't externally visible, but they can connect out to the internet (which will appear to your router like your host system is doing the connections) -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Networking: Some Queries -- GURUS HELP PL
On 06/14/12 10:51 PM, Sanjay Arora wrote: >> > You still don't say what kind of access you need > Basically accessing the VMs from the Internetssh, vnc, rdp, ftp& > so on...different needs for different vm. > how will that work if you have no control over the ADSL internet router? the internet can only see the IP of the ADSL gateway, and can't connect to ANY systems behind it, unless that router has port forwarding setup. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
