Re: [CentOS] Ideas for stopping ssh brute force attacks
Dan Carl wrote: Just change the default port. You can also limit the allowed nocks on door with iptables, but changing the port is much eaieer. Cleans up the logs real nice. Dan I'll second that. Combining that with the SSH iptables entries to limit the number of attempts will help as well. Those two actions will, effectively, make the brute force impossible. -- Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anti Virus and Anti Spam
horas simalango wrote: New be in linux! Currently I have Install DNS, Email and Web server using centos 4.3. All functions are running properly! What anti virus and anti spam recomended for me to install to my server? What I have to configure after installing anti virus and anti spam? Would some one help me please.! Now many spam mail come to user mailbox! Thank's 'n Regards Well there are builds of spamassassin available via RPM that you can install. You might mention which MTA you're usingSendmail? Postfix? If you're using Sendmail then you can use milter plugins for spam and antivirus. Are you looking for free antivirus plugins or ones your pay for? -- Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anti Virus and Anti Spam
horas simalango wrote: New be in linux! Currently I have Install DNS, Email and Web server using centos 4.3. All functions are running properly! What anti virus and anti spam recomended for me to install to my server? What I have to configure after installing anti virus and anti spam? Would some one help me please.! Now many spam mail come to user mailbox! Thank's 'n Regards Well there are builds of spamassassin available via RPM that you can install. You might mention which MTA you're usingSendmail? Postfix? If you're using Sendmail then you can use milter plugins for spam and antivirus. Are you looking for free antivirus plugins or ones your pay for? -- Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anti Virus and Anti Spam
horas simalango wrote:
I am using sendmail as MTA, and I am looking for free anti virus.
About the milter, where can I download it?
Thank you
Horasima
I don't think all of this is available via the the conventional centos
mirrors but I'd bet they're on Dag's as well as a few others. find one
you trust.
I am pasting the following from this website
http://www.be4mind.com/?q=node/190
I gave it a once over and it looks fairly complete. This write includes
adding greylisting as well.
PLEASE COPY CONFIGURATION FILE OPTIONS FROM THE ATTACHED DOCUMENT
(NEWLINES PROBLEMS IN HTML) OTHERWISE SOMETHING COULD GO WRONG
(EXPECIALLY WITH SENDMAIL).
Follow these steps to try stopping sPaMmErs :)
1. CONFIGURING YUM REPOSITORIES
[EMAIL PROTECTED] ~]# wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
[EMAIL PROTECTED] ~]# wget http://centos.karan.org/kbsingh-CentOS-Misc.repo
[EMAIL PROTECTED] ~]# mv *.repo /etc/yum.repos.d/
[EMAIL PROTECTED] ~]# rpm --import
http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
[EMAIL PROTECTED] ~]# wget
http://dag.wieers.com/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
[EMAIL PROTECTED] ~]# rpm -ivh rpmforge-release-0.3.6-1.el4.rf.i386.rpm
2. INSTALLING REQUIRED PACKAGES
#FROM kbsingh
[EMAIL PROTECTED] ~]# yum install milter-greylist spamassassin
spamass-milter pyzor
#FROM rpmforge
[EMAIL PROTECTED] ~]# yum install clamd.i386
Installed: clamd.i386 0:0.90.3-1.el4.rf
Dependency Installed: clamav.i386 0:0.90.3-1.el4.rf clamav-db.i386
0:0.90.3-1.el4.rf
Complete!
[EMAIL PROTECTED] mail]# yum install clamav-milter.i386
Installed: clamav-milter.i386 0:0.90.3-1.el4.rf
Complete!
3. SENDMAIL CONFIGURATION
-Backup your sendmail config files and edit sendmail.mc:
[EMAIL PROTECTED] ~]# cd /etc/mail
[EMAIL PROTECTED] mail]# cp sendmail.mc sendmail.mc.orig
[EMAIL PROTECTED] mail]# mv sendmail.cf sendmail.cf.orig
-Add the following line just before the two MAILER lines:
[EMAIL PROTECTED] mail]# vi sendmail.mc
[...]
dnl #
dnl # ANTISPAM/VIRUS AND GREYLIST AND DNSBL
dnl #
FEATURE(`dnsbl',`relays.ordb.org')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
INPUT_MAIL_FILTER(`greylist',`S=local:/var/lib/milter-greylist/run/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
INPUT_MAIL_FILTER(`spamassassin',
`S=local:/var/run/spamass-milter/spamass-milter.sock,
F=,T=C:15m;S:4m;R:4m;E:10m')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clmilter.socket, F=T,
T=S:4m;R:4m')
dnl #
MAILER(smtp)dnl
MAILER(procmail)dnl
-Compile sendmail.mc:
[EMAIL PROTECTED] mail]# m4 sendmail.mc > sendmail.cf
4. CONFIGURE SPAMASSASIN
-There's a nice spamassasin configurator at:
http://www.yrex.com/spam/spamconfig.php
-Create your config file and put it in /etc/mail/spamassassin/local.cf
[EMAIL PROTECTED] mail]# cp /etc/mail/spamassassin/local.cf
/etc/mail/spamassassin/local.cf.orig
[EMAIL PROTECTED] mail]# vi /etc/mail/spamassassin/local.cf
-
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)
# How many hits before a message is considered spam.
required_score 3.0
# Change the subject of suspected spam
rewrite_header subject *SPAM*
# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_pyzor 1
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en
## General Whitelist
## Be careful using "whitelist_from" can be easly forged by spammers, use
## trusted_networks combined with whitelist_from_rcvd instead
#internal_networks 127.0.0.1 192.168.1.0/24
#trusted_networks 127.0.0.1 192.168.1.0/24 64.233.0.0/16
#whitelist_from_rcvd [EMAIL PROTECTED] *gmail.com,*google.com
#whitelist_from [EMAIL PROTECTED]
-
5. CONFIGURE CLAMAV:
Make sure config files are enabled by editing them as follows:
[EMAIL PROTECTED] mail]# vi /etc/freshclam.conf
Comment or remove the line below.
#Example
[EMAIL PROTECTED] mail]# vi /etc/clamd.conf
Comment or remove the line below.
#Example
Edit freshclam config file and remove or comment last line with
FRESHCLAM_DELAY
directive. Optionally run freshclam from the root console to check that
everything
works.
Use the cron
Re: [CentOS] How fast?
-Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Sorin Srbu > Sent: Tuesday, October 06, 2009 12:23 AM > To: 'CentOS mailing list' > Subject: Re: [CentOS] How fast? > If I may suggest Smoothwall for a firewall appliance...? This is a specialty distro, IPCop is another similar distro. Smoothwall's even got a simple > static DNS built-in, just the thing for a smallish home network. Might be just what the OP is looking for? > -- > /Sorin I'll throw in a second for Smoothwall. If you want to get really fancy there's a ton of firewall options available within their homebrew community. Just about any feature you could want in a firewall is available there. Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rebuild xorg (continued from Centos-devel)
On 2008-12-22, 17:38 GMT, William L. Maltby wrote: >> Well, having faith that things really _are_ working, one of his >> messages in the log file about insufficient memory reminded me that >> many laptops and less-expensive desktops have shared memory. I've >> suggested that he check BIOS for various things. >No such thing should be necessary to get Xorg working. If it doesn't work >without such black magic, then it is broken. >Matěj Perhaps removing all of xorg, Gnome and xwindows is inorder and then a reinstall via yum of the groups is in order? yum groupinstall "X Window System" "GNOME Desktop Environment" Between a possible bad install to all of the tinkering...return to the baseline and try again. -- Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Update to Centos 5 anaconda kickstart %post bug?
Is there a process for finding status updates to open bugs within Centos? The particular bug I am talking about is 0002329 http://bugs.centos.org/view.php?id=2329. This was assigned on 01-20-2008 and, as far as I can tell, there's been no action other than it being acknowledged. I've also searched upstream with RHEL and FC and I cannot seem to find a bug report there though complaints of the problem can be found through searching the web. I do see the manual fix for it and will be testing that shortly. I am, however, dealing with a fairly rigid internal legal department that may not welcome a "fix" that's not "official". So I have two questions: 1) Is there an "official" or "accepted" way to inquire about the status of an open bug? 2) With regard to bug 0002329 is this something that has to be fixed upstream so it filters down to centos? Thank you! Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update to Centos 5 anaconda kickstart %post bug?
Scott Silva wrote: > The bug page gives you the status. It was assigned (to Karanbir), and he ack'ed it. If it was fixed, it would > be resolved. It shouldn't be that hard to apply the fix manually and your legal department is too rigid if they > are that picky about a fix to "free" software. I can see if they were paying contract support on it. I appreciate the response. If you recall I did post the link so it's a safe assumption that I read the page and understood it's content. What I'm after is whether there's any other information channel that might not be so obvious for seeing if there might be action coming up for an particular issue. Being in a highly regulated industry the legal department has a tough job. I work within the guidelines they set. > If Karanbir thinks it merits an upstream bug report, I'm almost sure he might do that, if the original bug > poster doesn't. It "might" be fixed by the time > 5.3 comes out, but do you want to wait? I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3 isn't an option either. Once I can sort out whether something "official" will fix this I can then determine how to pursue this internally. A workaround fix does not address that the kickstart-built system will still contain this bug as it will be built from RPM's that are not fixed. Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update to Centos 5 anaconda kickstart %post bug?
Lanny Marcus Wrote: > Does that mean that your Legal Department does not permit you to upgrade your box, to get the latest packages, > issued for Security & Stability reasons? 5.1, as you are well aware, is not the latest and greatest. That is correct. What they approve is based on the contents of the DVD or CD for a particular version at the time of initial release. The governmental regulatory framework in which we work is what drives the requirements. I am well aware that 5.1 is not the latest, greatest, current or anything else of that matter. Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update to Centos 5 anaconda kickstart %post bug?
Scott Silva wrote: > You might want to hint to your legal department that unpatched servers sitting on the internet are just waiting > to be hacked and exploited. The fact that they make you sit with an older version without any patches says that > they have no idea how much damage can be done, or how much info can leak from unpatched systems. > Maybe if a million customer records leak out because they won't let you patch systems they might update their thinking. Not relevant. These machines are not tied to any public network. As much as I appreciate the commentary and lessons you're not telling me anything I'm not already aware of. I'm simply seeking some insight on this particular bug and, more generally, if there's a better way to find status on something like this. So far RP Herrold has helped most as I was not aware that there's been much conversation within anaconda and kickstart mailing lists. Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update to Centos 5 anaconda kickstart %post bug?[SOLVED]
I appreciate the input on this question from those who have made suggestions. As the unofficial "fix" for %post does not change the target build (as the anaconda rpms are untouched) I will move in that direction. Those of you speculating will have to accept that there is much I cannot share and much of which you do not know about the systems and target environment. To suggest a "shaming" only makes the Centos community look bad as it would be done so without understanding the entire environment and situation. Thank you. Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mirroring centos servers
Fabian posted: > apprecite if someone can help me of any site with examples on how to mirror 2 centos servers so i one fails the other works perfect Can you describe what services these servers will be providing? Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2 x86_64 DVD
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of ward.p.fonte...@wellsfargo.com Sent: Wednesday, February 11, 2009 3:17 PM To: CentOS@centos.org Subject: [CentOS] 5.2 x86_64 DVD Paul Fontenot said: > I've pulled this down with Firefox, wget, a bittorrent client and an ftp client using Windows as well as Linux hosts. Is something wrong with the > distributed DVD image? It has failed an MD5 check every time I've pulled it down. I created my own as I needed it as I already had the CD's. This site http://www.electrictoolbox.com/save-time-bandwidth-dvd-from-cds/ actually does a good job of explaining how. Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] installing updates in post kickstart
Jerry Geis wrote: > I can do a yum update in my post kickstart (which is what I am doing now actually). > However, I want to save network time at installations. > If I copy down the files from centos/5.3/updates/x86_64/RPMS and place them in a directory local on my network, can I just "rpm -U > /mnt/directory/updates/x86_64/RPMS*" > in my post section? > Assuming I have nfs mounted the directory of course... You can always replace the updated RPMS in the CentOS directory and run createrepo to rebuild the comps.xml and header info so that you do your initial build with the newer files without running yum at all. Ymmv Eucke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
