Multiple dhcp servers.
Hi all, At the moment I have one dhcp server running ISC dhcpd, and its working fine. However I wish to add another in case the main one goes down. Is it as simple as setting it up on another machine with similar config? My worry is that a client will request an address and both server's will respond, potentially causing problems. Is there a master/slave setup I can use? Or shall I simply set up a second one. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multiple dhcp servers.
Hi all, Thanks for your suggestions. > Or you can have two DHCP servers, each of which allocates half the address > space. I will split the address space in half and use it accress 2 servers, this seems the best solution for the moment. > > The other option is have the second machine as a complete failover and > > use a heartbeat much like the current mailserver thread is going > > That's an option too. It is indeed an option and I may try it in due course. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Scripting telnet client logins.
Hi all, I wish to script a telnet command and would like to know if it is possible to automate the giving of credentials. The service I am trying to connect to does not support the TELNET ENVIRON option so I cannot do as the manual page suggests. Perhaps I misunderstood but if anyone has any suggestions let me know. Perhaps there are applications similar to "yes" that I can use to give the credentials to telnet. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
LDAP authentication and ncpfs home directories.
Hi All, We have a Novell server that provides authentication for windows clients via nds. However it also runs an ldap server. Currently I am using NIS and NFS for authentication and home directories respectively on the Linux/Unix machines. I would like to configure the Linux based machines to use ldap on the Netware server for authentication. Using ldap for authentication is not uncommon and I will not have problems setting that up. However I also wish to have the user's home directories shared from the Netware server. It is not a problem mounting the shares manually with ncpmount after login. What I wish to know is, how can I have ncpfs home directories that are automatically mounted on the user's home directory after ldap authentication succeeds? What mechanisms are avialable to achieve this? Any hints and stratagies on how this can be accomplished will be much appreciated. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pam_ncp_auth and autofs advice.
Hi all, I have a few questions that you could perhaps help me out with. What I am aiming for is to authenticate from a Netware server using pam_ncp_auth pam modules and then using autofs to mount the user's home directory. What I have done so far is to get autofs to mount the Netware share but I either need to specify the plaintext password in my autofs config file (in my case auto.master uses auto.netware) or use a file where the passwords are also stored unencrypted. Is it possible to have the user prompted for the password when autofs mounts the netware volume? or failing that have the passwords stored encrypted? It would be ideal if I could authenticate via the pam_ncp_auth pam module and then retain that password for use by autofs when the home directory is mounted. Does anyone have any ideas about how to achieve this? Kind Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Resource limit problems.
Hi all, I have a newly installed Debian system that is giving me error I cannot find the cause of, here is an example : bash: fork: Resource temporarily unavailable The machine is not under much load and ulimit has not been set to limit anything. Nothing is appearing in the system logs either. The error message appeared in that case when I ran "ldd" on a executable to see what libraries it needed. Any input would be much appreciated. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Resource limit problems.
Hi All, I have allieviated the fork problems by adjusting kernel parameters (/proc/sys/file-max and /proc/sys/inode-max). However when I try to run a c++ executable I get the following result : Regex Error: Memory exhausted Aborted The executable in question is pkzip avialable from www.pkware.com. I am sure you can duplicate this problem in any woody system, I have done it on 3 so far. Here is some more info (despite the misleading name it is not a windows executable): $ldd pklin251.exe libg++.so.27 => /usr/lib/libg++.so.27 (0x4000b000) libstdc++.so.27 => /usr/lib/libstdc++.so.27 (0x4005) libm.so.5 => /lib/libm.so.5 (0x40052000) libc.so.5 => /lib/libc.so.5 (0x4005b000) libstdc++-libc6.1-2.so.3 => /usr/lib/libstdc++-libc6.1-2.so.3 (0x40119000) libm.so.6 => /lib/libm.so.6 (0x4015e000) libc.so.6 => /lib/libc.so.6 (0x4017f000) libstdc++-libc6.1-1.so.2 => /usr/lib/libstdc++-libc6.1-1.so.2 (0x4029c000) ld-linux.so.2 => /lib/ld-linux.so.2 (0x402de000) I had to create the libstdc++* and libg++* symlinks manually. I am not sure why this is happening. Any input would again be appreciated. Kind regards, Fred. On Thursday 25 April 2002 10:56, Fred Clausen wrote: > Hi all, > > I have a newly installed Debian system that is giving me error I cannot > find the cause of, here is an example : > > bash: fork: Resource temporarily unavailable > > The machine is not under much load and ulimit has not been set to limit > anything. Nothing is appearing in the system logs either. The error message > appeared in that case when I ran "ldd" on a executable to see what > libraries it needed. > > Any input would be much appreciated. > > Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Discrepencies between du and df.
Hi All, I am having a strange problem where the output of du and df do not correlate. Here are the symptoms : $df /var Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda10 606405596139 0 100% /var $du -s /var 54157 /var Here we can see that du thinks there is only about 54M used but df reckons there is over 596M used. I am using kernel 2.2.14, which is old but I cannot upgrade because I am using an IDE raid device from Raidzone (Smartcan) which they no longer support and have no more drivers for. I will include further diagnostic info below. Here is the output of mount : /dev/hda8 on / type ext2 (rw,errors=remount-ro) proc on /proc type proc (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/hda1 on /boot type ext2 (rw) /dev/hda5 on /usr type ext2 (rw) /dev/hda10 on /var type ext2 (rw) /dev/hda6 on /home type ext2 (rw) /dev/rza1 on /raid type ext2 (rw) I have attached the output of dmesg. If anyone has any advice I would be most grateful. Kind regards, Fred. Linux version 2.2.14 (root@localhost) (gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)) #9 SMP Fri Mar 2 19:52:54 GMT 2001 Warning only 960MB will be used. Intel MultiProcessor Specification v1.4 Virtual Wire compatibility mode. OEM ID: INTELProduct ID: LancewoodAPIC at: 0xFEE0 Processor #1 Pentium(tm) Pro APIC version 17 Processor #0 Pentium(tm) Pro APIC version 17 I/O APIC #2 Version 17 at 0xFEC0. Processors: 2 mapped APIC to e000 (fee0) mapped IOAPIC to d000 (fec0) Detected 696421855 Hz processor. Console: colour VGA+ 80x25 Calibrating delay loop... 694.68 BogoMIPS Memory: 971520k/983040k available (1004k kernel code, 436k reserved, 10012k data, 68k init) Dentry hash table entries: 131072 (order 8, 1024k) Buffer cache hash table entries: 524288 (order 9, 2048k) Page cache hash table entries: 262144 (order 8, 1024k) Pentium-III serial number disabled. Checking 386/387 coupling... OK, FPU using exception 16 error reporting. Checking 'hlt' instruction... OK. POSIX conformance testing by UNIFIX Pentium-III serial number disabled. per-CPU timeslice cutoff: 50.03 usecs. CPU1: Intel Pentium III (Coppermine) stepping 03 calibrating APIC timer ... . CPU clock speed is 696.4089 MHz. . system bus clock speed is 99.4868 MHz. Booting processor 0 eip 2000 Calibrating delay loop... 694.68 BogoMIPS Pentium-III serial number disabled. OK. CPU0: Intel Pentium III (Coppermine) stepping 03 Total of 2 processors activated (1389.36 BogoMIPS). enabling symmetric IO mode... ...done. ENABLING IO-APIC IRQs init IO_APIC IRQs IO-APIC (apicid-pin) 2-0, 2-5, 2-9, 2-10, 2-11, 2-16, 2-17, 2-18, 2-22 not connected. number of MP IRQ sources: 20. number of IO-APIC #2 registers: 24. testing the IO APIC... IO APIC #2.. register #00: 0200 ...: physical APIC id: 02 register #01: 00170011 ... : max redirection entries: 0017 ... : IO APIC version: 0011 register #02: ... : arbitration: 00 IRQ redirection table: NR Log Phy Mask Trig IRR Pol Stat Dest Deli Vect: 00 000 00 100 0 00000 01 000 00 000 0 01159 02 0FF 0F 000 0 01151 03 000 00 000 0 01161 04 000 00 000 0 01169 05 000 00 100 0 00000 06 000 00 000 0 01171 07 000 00 000 0 01179 08 000 00 000 0 01181 09 000 00 100 0 00000 0a 000 00 100 0 00000 0b 000 00 100 0 00000 0c 000 00 000 0 01189 0d 000 00 100 0 00000 0e 000 00 000 0 01191 0f 000 00 000 0 01199 10 000 00 100 0 00000 11 000 00 100 0 00000 12 000 00 100 0 00000 13 0FF 0F 110 1 011A1 14 0FF 0F 110 1 011A9 15 0FF 0F 110 1 011B1 16 000 00 100 0 00000 17 0FF 0F 110 1 011B9 IRQ to pin mappings: IRQ0 -> 2 IRQ1 -> 1 IRQ3 -> 3 IRQ4 -> 4 IRQ6 -> 6 IRQ7 -> 7 IRQ8 -> 8 IRQ12 -> 12 IRQ13 -> 13 IRQ14 -> 14 IRQ15 -> 15 IRQ19 -> 19 IRQ20 -> 20 IRQ21 -> 21 IRQ23 -> 23 done. PCI: PCI BIOS revision 2.10 entry at 0xfdab0 PCI: Using configuration type 1 PCI: Probing PCI hardware PCI->APIC IRQ transform: (B0,I12,P0) -> 19 PCI->APIC IRQ transform: (B0,I12,P0) -> 19 PCI->APIC IRQ transform: (B0,I14,P0) -> 21 PCI->APIC IRQ transform: (B0,I18,P3) -> 21 PCI->APIC IRQ transform: (B2,I4,P0) -> 20 PCI->APIC IRQ transform: (B3,I4,P0) ->
Re: Discrepencies between du and df.
On Friday 03 May 2002 12:58, you wrote: > My first guess is you have deleted some files that are stil open. DU will > not show the deleted files, but since they are still in use DF will count > them. Thank you all. You were correct. I am the proud owner of some new knowledge as well. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Updated Apache packages for Woody (testing).
Hi all, There was recently an Apache vulnerability and I notice there is an update on debian.org with packages for stable. A search also reveals Apache 1.3.26 for unstable. However I was unable to find any for testing. Are there any packages for Woody or should I make my own? Kind Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: transfer rate
Hi All, Further to what Jeff said I can also recommend a utility called "mii-diag". Simply running this utility will enable you to see the currently selected media type. Use "mii-diag -h" to see full options. It also allows you to set the media type. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Using mod_auth or auth_ldap via https.
Hi All, I wish to use auth_ldap or mod_auth on virtual hosts being served out with https. Note that I am talking about https with regards to Apache serving out web documents, not ssl with regards to auth_ldap accessing a ldap server. I have activated mod_auth and auth_ldap modules. I would prefer to use auth_ldap, here is the global directive stating which file to use for access control authentication : AccessFileName .htaccess And I also have this for added security : Order allow,deny Deny from all Satisfy All Access control works perfectly for both modules via http but if I am using https then there is no prompt for credentials and the page is simply served out. There are no messages in the error log either. Are there in issues regarding the use of authentication if serving pages out via https? I am using Apache 1.3.26, the virtual hosting is done with mod_vhost_alias. Any input would be much appreciated. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Regarding Openssl package and Apache version string.
Hi all, I have installed openssl 0.9.6e and have verified this with : $dpkg -l | grep openssl ii openssl0.9.6e-1 Secure Socket Layer (SSL) binary (Trimmed description to fit on one line). After I had done the upgrade to openssl I restart Apache but the server string reported reads : Apache/1.3.26 (Unix) Debian GNU/Linux mod_ssl/2.8.9 OpenSSL/0.9.6d PHP/4.1.2 Notice it still says OpenSSL/0.9.6d even though I have the OpenSSL 0.9.6e package installed. I am just concerned because of the security problems in OpenSSL < 0.9.6e. I am running Woody. Any help on this would be appreciated. Kind regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Adjusting php flags on a site by site basis.
Hi all, I am trying to adjust the following variables on a site by site basis : magic_quotes_gpc magic_quotes_runtime This is through httpd.conf not php.ini. I am doing the following to attempt to accomplish this : php_flag magic_quotes_gpc true php_flag magic_quotes_runtime true I am also not trying to use .htaccess to adjust these variables. However when I use to see if the changes have taken effect, it shows : magic_quotes_gpc off magic_quotes_runtime off And the site does not work as expected indicating that those options have not taken effect. I had stopped and started Apache after editing the config file (httpd.conf). Any information as to what the best way to accomplish this would be appreciated. I am using Debian Woody. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Adjusting php flags on a site by site basis.
Hi Vinai, Thanks! Your advice worked. It turns out that "on" is what I was looking for. I post this to the list as well so that others may benefit. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Using testing (sarge) in production.
Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Also, do packages in testing get updated as security vulnerabilies occur? or only when the maintainers wish to upload a newer version? Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Moving from BSDi
Hi, > First, does anyone know of a way to export the user accounts on BSDi and > import them into > a Debian box? I have close to 5,000 accounts I need to bring over. >From the password database conversion scripts I gather you are storing the user account information locally. Perhaps with this many users it would be advisable to use a directory like LDAP to store the user data. This would provide easier managability if you ever need to have the same accounts on multiple machines. Also you can ensure redundancy by having multiple servers. I am using LDAP for our user account authentication and it makes my job much easier, here is a URL for a document describing how it can be done : http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/ There are also conversion tools avialable to convert your current user database in one suitable for import into an LDAP directory, see www.padl.com. Hope this helps. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Making packages apt-get able.
Hi All, I have so far not been able to find any resources describing how to set up a ftp or http server so that you can add it to sources.list and use apt-get to install new packages. If anyone could direct me to some docs describing this I would be most grateful. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DNS servers
Hi All, I think this thread is becoming less a thread about which nameserver to use and more people defending the time, money and effort they have spent learning/writing the particular software package they use. Of course nobody is going to instantly change their software package and have to re-learn how it is implemented in the new one. People should certainly be aware about what is available and feel free to try other pieces of software but nobody is obligated to use one or the other. People must accept that different people have different needs (tastes even) and so may use something else. A comprehensive analysis of what is required in *your* organisation is needed, then pick software based on that. And if someone else likes something else, then fine, good for him/her. They may have different requirements. To conclude, nobody is forcing anyone to use one software package or the other. Cool headed analysis is required, not name calling. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help - just deleted root's crontab - recovery?
Hi Andrew, You could also use /etc/crontab and edit it directly. That way you will avoid the crontab -r problem in the future. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 On Fri, 6 Dec 2002, Andy Gardner wrote: > > Doh. > > Typed crontab -r instead of crontab -e > > Any way of recovering the file or even getting a partial copy from a cache > somewhere on the box? > > Stupid stupid stupid. > > -- > Andrew P. Gardner > barcelona.com stolen, stmoritz.com stays. What's uniform about the UDRP? > We could ask ICANN to send WIPO a clue, but do they have any to spare? > Get active: http://www.tldlobby.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache and SSL
Hi, Make sure you have : Listen 443 NameVirtualHost 192.168.1.1:443 in your httpd.conf. Replace 192.168.1.1 with your IP. Hope this helps. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 On Thu, 12 Dec 2002, Johnno wrote: > I have wanting to get apache to work is SSL mode.. > > I have Install Apache, OpenSSL, Mod_SSL, PHP > > The problem is in the httpd.conf file I have the following.. > > > ServerAdmin [EMAIL PROTECTED] > ServerName testing.zz > DocumentRoot /www/testing > > > I am wanting it to accept connection of port 80 which is does, but also port > 443 (https) how do i go about it.. > I also have other virtual domains on this server... > > Many Thanks, > Johnno > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache and SSL
Hi Johnno, Take a look at http://httpd.apache.org/docs for lots of information on how to configure apache. Anyway, you cannot put "NameVirtualHost" directive inside a virtual host container. Here is how you could do it: (Rest of config) Listen 80 Listen 443 (Rest of config) NameVirtualHost * NameVirtualHost *:443 ServerAdmin [EMAIL PROTECTED] ServerName testing.zz DocumentRoot /www/testing ServerAdmin [EMAIL PROTECTED] ServerName testing.zz DocumentRoot /www/testing Check http://httpd.apache.org/docs/vhosts/name-based.html for more info. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 On Fri, 13 Dec 2002, Johnno wrote: > I have tried > > > namevirtualhost 192.168.1.1:443 > ServerAdmin [EMAIL PROTECTED] > ServerName testing.zz > DocumentRoot /www/testing > > > and > > > namevirtualhost 192.168.1.1 > ServerAdmin [EMAIL PROTECTED] > ServerName testing.zz > DocumentRoot /www/testing > > > and even VirtualHost 192.168.1.1 and 192.168.1.1:80 > > for some reason it keeps on going back to the deafult server page you get > when you first install apache. > this is only when you use https, if you use http://testing.zz it goes to the > right page. > > Thanks for all the help > > Johnno > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Tools for analysing web statistics.
Hi All, I would like to know what your experiences are with analysing web logs. I am currently testing Webalizer and Lire but if anyone has any others they could recommend then I would be interested in hearing your experiences. We currently host multiple sites using the apache mod_vhost_alias module. I then use a perl script to split the main access log into access logs for each site. After that I have written a shell script to run webalizer on each access log for the individual sites, I am busy figuring out Lire and would like to try that with lire. Lire can generate pdf docs (amongst others) as well so that makes it attractive. The problems I am having with webalizer is that is will inexplicably stop generating html output but still be processing the log file, so sometimes a site will have stats stopped at a certain date. I then grep out the offending date and re-run webalizer and it works fine. But this does not always work and I need a reliable logs analysis tool. I would much appreciate any comments anyone has. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Tools for analysing web statistics.
Hi, Thanks for pointing out the logtools packages, that is definitly faster than a perl script. I am using Webalizer V2.01-10, which is the one distributed with Woody and is also the latest version of webalizer anyway. I think that putting all the site logs into a dedicated logs directory instead of a subdirectory of the site doc root is a better way to go about it anyway (which is what clfdomainsplit does). Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SpamAssassin Causing Server Startup Failure
Hi, > server I can try this in. Unfortunately, I don't quite know how to force a > Debian server to stay in runlevel 1 during the boot process. I cannot really help you with your Spamassissin problems but if you do not want to process any startup scripts at all then from lilo use : linux init=/bin/sh Then you will get a shell with / mounted read only. To make changes do : mount -o remount / You do not have to include the "rw" flags, for me it seems to mount it rw by merely specifying the remount option. When you are finished do : mount -o remount,ro / and unmount any other filesystems you may have mounted. Then reboot. I don't know how "proper" this method is but it stops Debian from going to runlevel 2 first (which it seems to do) and also does not bring up any network interfaces. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache / PHP4 config problem (newbee on PHP)
Hi, Glad you got it working. As an aside, I would recommend you upgrade your Apache and php because various vulnerabilities have come out. For example: http://www.debian.org/security/2002/dsa-168 http://www.debian.org/security/2002/dsa-187 Among others. You can also easily upgrade from Potato to Woody with minimal disruption. Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Limit data traffic on Apache virtual hosts
Hi Jasper, Try this out : http://www.snert.com/Software/mod_throttle/index.shtml It sounds like it will do what you wish to accomplish. Cheers, Fred. Jasper Metselaar wrote: Hi, I would like to limit the amount of data traffic that is generated by the virtual hosts on my server: Let's say I want to allow most domains 1 GB of traffic per month and I would like to generate a warning when they reach 900 MB and shut the site down when it reaches 1 GB (unless my customer purchases additional traffic). Is this possible? And if so, does anyone suggestions on how to do this? Thanks in advance! - Jasper ___ -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cracking attempt
Hi All, c) i don't know about you, but i wouldn't be inclined to trust the security of a $100 consumer-grade firewall. I agree. Use a PC running SE Linux instead. ;) I would just like to add (to this already long thread but thats what I like about Debian-ISP) that an OpenBSD firewall in a bridging configuration makes for a good setup. This saves on IP addresses and provides added security due to the "stealth" nature of the firewall. One can also run Snort on it. And I might add the OpenBSD packet filter syntax is my favourite as far as writing firewall rules go. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Scripting telnet client logins.
Hi all, I wish to script a telnet command and would like to know if it is possible to automate the giving of credentials. The service I am trying to connect to does not support the TELNET ENVIRON option so I cannot do as the manual page suggests. Perhaps I misunderstood but if anyone has any suggestions let me know. Perhaps there are applications similar to "yes" that I can use to give the credentials to telnet. Regards, Fred.
Updated Apache packages for Woody (testing).
Hi all, There was recently an Apache vulnerability and I notice there is an update on debian.org with packages for stable. A search also reveals Apache 1.3.26 for unstable. However I was unable to find any for testing. Are there any packages for Woody or should I make my own? Kind Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: transfer rate
Hi All, Further to what Jeff said I can also recommend a utility called "mii-diag". Simply running this utility will enable you to see the currently selected media type. Use "mii-diag -h" to see full options. It also allows you to set the media type. Cheers, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Using mod_auth or auth_ldap via https.
Hi All, I wish to use auth_ldap or mod_auth on virtual hosts being served out with https. Note that I am talking about https with regards to Apache serving out web documents, not ssl with regards to auth_ldap accessing a ldap server. I have activated mod_auth and auth_ldap modules. I would prefer to use auth_ldap, here is the global directive stating which file to use for access control authentication : AccessFileName .htaccess And I also have this for added security : Order allow,deny Deny from all Satisfy All Access control works perfectly for both modules via http but if I am using https then there is no prompt for credentials and the page is simply served out. There are no messages in the error log either. Are there in issues regarding the use of authentication if serving pages out via https? I am using Apache 1.3.26, the virtual hosting is done with mod_vhost_alias. Any input would be much appreciated. Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Regarding Openssl package and Apache version string.
Hi all, I have installed openssl 0.9.6e and have verified this with : $dpkg -l | grep openssl ii openssl0.9.6e-1 Secure Socket Layer (SSL) binary (Trimmed description to fit on one line). After I had done the upgrade to openssl I restart Apache but the server string reported reads : Apache/1.3.26 (Unix) Debian GNU/Linux mod_ssl/2.8.9 OpenSSL/0.9.6d PHP/4.1.2 Notice it still says OpenSSL/0.9.6d even though I have the OpenSSL 0.9.6e package installed. I am just concerned because of the security problems in OpenSSL < 0.9.6e. I am running Woody. Any help on this would be appreciated. Kind regards, Fred.
Adjusting php flags on a site by site basis.
Hi all, I am trying to adjust the following variables on a site by site basis : magic_quotes_gpc magic_quotes_runtime This is through httpd.conf not php.ini. I am doing the following to attempt to accomplish this : php_flag magic_quotes_gpc true php_flag magic_quotes_runtime true I am also not trying to use .htaccess to adjust these variables. However when I use to see if the changes have taken effect, it shows : magic_quotes_gpc off magic_quotes_runtime off And the site does not work as expected indicating that those options have not taken effect. I had stopped and started Apache after editing the config file (httpd.conf). Any information as to what the best way to accomplish this would be appreciated. I am using Debian Woody. Regards, Fred.
Re: Adjusting php flags on a site by site basis.
Hi Vinai, Thanks! Your advice worked. It turns out that "on" is what I was looking for. I post this to the list as well so that others may benefit. Cheers, Fred.
Using testing (sarge) in production.
Hi all, I read Teun Vink's posting about his Apache problems with unstable. I am currently using a mixture of stable and testing in production systems, depending on which versions of the applications I require. What are your experiences with testing in production environments? I have not had any problems but I would like to know others' experience. Most of our production systems are web/database systems. Also, do packages in testing get updated as security vulnerabilies occur? or only when the maintainers wish to upload a newer version? Regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1677 F: +44 (0)20 7486 5081
Re: Moving from BSDi
Hi, > First, does anyone know of a way to export the user accounts on BSDi and > import them into > a Debian box? I have close to 5,000 accounts I need to bring over. >From the password database conversion scripts I gather you are storing the user account information locally. Perhaps with this many users it would be advisable to use a directory like LDAP to store the user data. This would provide easier managability if you ever need to have the same accounts on multiple machines. Also you can ensure redundancy by having multiple servers. I am using LDAP for our user account authentication and it makes my job much easier, here is a URL for a document describing how it can be done : http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/ There are also conversion tools avialable to convert your current user database in one suitable for import into an LDAP directory, see www.padl.com. Hope this helps. Cheers, Fred.
Making packages apt-get able.
Hi All, I have so far not been able to find any resources describing how to set up a ftp or http server so that you can add it to sources.list and use apt-get to install new packages. If anyone could direct me to some docs describing this I would be most grateful. Regards, Fred.
Re: Cracking attempt
Hi All, c) i don't know about you, but i wouldn't be inclined to trust the security of a $100 consumer-grade firewall. I agree. Use a PC running SE Linux instead. ;) I would just like to add (to this already long thread but thats what I like about Debian-ISP) that an OpenBSD firewall in a bridging configuration makes for a good setup. This saves on IP addresses and provides added security due to the "stealth" nature of the firewall. One can also run Snort on it. And I might add the OpenBSD packet filter syntax is my favourite as far as writing firewall rules go. Cheers, Fred.
Using system locking with mysqld.
Hi All, I am in the process of deploying shared storage (SAN) via a external SCSI. Both machines will see the external SCSI raid as a local device (/dev/sda1). I am running various common internet services on there including mysql. I am going to enable the system locking by inserting "enable-locking" in my.cnf. I just wish to check with you folks that this will prevent data consistency issues due to that fact that each server will be accessing the same data. Will system locking prevent data corruption? Are there any other issues I should be aware of? Only one server will be actively servicing requests at a time, I have them in a heartbeat "failover cluster" configuration sharing the storage so in theory the 2 mysqlds should not interefere with each other but I just wish to be safe. My platform is MySQL 3.23.49 running on Linux 2.4.20 (on one server) and Linux 2.2.14 on other server, old kernel due to legacy proprietary driver needed (raidzone, not related to external storage). Same MySQL version. Kind regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081
Using system locking with mysqld.
Hi All, I am in the process of deploying shared storage (SAN) via a external SCSI. Both machines will see the external SCSI raid as a local device (/dev/sda1). I am running various common internet services on there including mysql. I am going to enable the system locking by inserting "enable-locking" in my.cnf. I just wish to check with you folks that this will prevent data consistency issues due to that fact that each server will be accessing the same data. Will system locking prevent data corruption? Are there any other issues I should be aware of? Only one server will be actively servicing requests at a time, I have them in a heartbeat "failover cluster" configuration sharing the storage so in theory the 2 mysqlds should not interefere with each other but I just wish to be safe. My platform is MySQL 3.23.49 running on Linux 2.4.20 (on one server) and Linux 2.2.14 on other server, old kernel due to legacy proprietary driver needed (raidzone, not related to external storage). Same MySQL version. Kind regards, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Find out how long a connecting has been open.
Hi All, I am helping a developer debug a program that seems to be hanging when making a certain network connection. To this end I would like to know if there is a way of telling how long a tcp connection has been established. I tried the -o option of netstat but that just gives me "off (0.00/0/0)" which implies to connection is new but is has been in the "established" state for a long time. Any assistance would be much appreciated. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
PHP 4.2.3 Woody backport?
Hi All, I wish to run php4.2.3 on a Debian woody machine without having to upgrade the whole system to unstable. Also I wish to avoid upgrading libc and/or any other sytem libraries as would happen with version pinning. Are there any php 4.2.3 Woody packages available? Or perhaps I guide so that I can backport it myself. Tried using "apt-get --compile source php4" but there are dev dependencies that cannot be satisfied in Woody. Any assistance would be much appreciated. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PHP 4.2.3 Woody backport?
Thanks alot! that was exactly what I was looking for. Another one for the bookmarks... Cheers, Fred. Thomas Kirk wrote: Hep On Tue, Jun 17, 2003 at 11:26:27AM +0100, Fred Clausen wrote: I wish to run php4.2.3 on a Debian woody machine without having to upgrade the whole system to unstable. Also I wish to avoid upgrading libc and/or any other sytem libraries as would happen with version pinning. Are there any php 4.2.3 Woody packages available? Or perhaps I guide so that I can backport it myself. Tried using "apt-get --compile source php4" but there are dev dependencies that cannot be satisfied in Woody. Any assistance would be much appreciated. I would consult apt-get.org :) -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Question about system accounts in LDAP.
Hi All, I am in the process of deploying openldap for authentication. I am just not sure what the best policy is for including system account like root, daemon, lp, etc. in LDAP. Should they be there for consistency across systems? Or will they just cause confusion by having the same system account with multiple UIDs? I am inclined to remove them and only source real users from LDAP (and maybe some groups, like cvs and/or staff). What would you guys suggest is the best practice? Kind regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim SMTP AUTH
Hi Antony, Are you sure that exim is not expecting encrypted passwords in the /etc/exim/passwd file? I am not an exim expert but I suspect that may be an issue. You might want to paste the relevant snippet from your exim config file. Cheers, Fred. On Tue, 2003-09-23 at 11:25, Antony Gelberg wrote: > Hi all, > > I'm trying to set up SMTP AUTH with the LOGIN method. I see AUTH LOGIN as a > response to EHLO. I have created /etc/exim/passwd with contents: > bobBob123 > > I converted the username and password to base64, for testing: > echo -n '\0bob\0Bob123'| mimencode > XDBib2JcMEJvYjEyMw== > > > This is what I get: > www:/etc/exim# exim -bh 127.0.0.1 > > SMTP testing session as if from host 127.0.0.1 > Not for real! > > >>> host in host_lookup? yes (*) > >>> looking up host name for 127.0.0.1 > >>> IP address lookup yielded www > >>> Alias www.bob.com > >>> Alias localhost > >>> Alias localhost.localdomain > >>> host in host_reject? no (option unset) > >>> host in host_reject_recipients? no (option unset) > >>> host in auth_hosts? no (option unset) > >>> host in sender_unqualified_hosts? no (option unset) > >>> host in receiver_unqualified_hosts? no (option unset) > >>> host in helo_verify? no (option unset) > >>> host in helo_accept_junk_hosts? no (option unset) > 220 www.bob.com ESMTP Exim 3.35 #1 Tue, 23 Sep 2003 03:10:07 -0700 > ehlo pulse > 250-www.bob.com Hello www [127.0.0.1] > 250-SIZE > 250-PIPELINING > 250-AUTH LOGIN > 250 HELP > auth login XDBib2JcMEJvYjEyMw== > 334 UGFzc3dvcmQ6 > > >>> login authenticator: > >>> $1 = \0bob\0Bob123 > >>> expanded string: 0 > 535 Incorrect authentication data > LOG: Authentication failed for www (bob) [127.0.0.1]: 535 Incorrect > authentication data > quit > 221 www.bob.com closing connection > > Any ideas? I've looked in the exim docs and have no idea where I'm going > wrong. > > Antony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Gated vs Zebra
As an interesting aside, here is why Quagga is a apt name for a fork of Zebra: http://www.museums.org.za/sam/quagga/quagga.htm Cheers, Fred. On Mon, 2003-09-29 at 10:40, Stephane Bortzmeyer wrote: > On Mon, Sep 29, 2003 at 12:29:58AM +0300, > kgb <[EMAIL PROTECTED]> wrote > a message of 39 lines which said: > > > Which software is more good Gated or Zebra? > > Gated is non-free and non-maintained. Zebra is free but no longer > maintained. Use Quagga. Or start with Zebra if you don't want to run > sid, it will be easy to switch to Quagga after that. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Configuring mod_ssl
Hi, I have found that I need to specify "Listen 443" in addition to enabling the mod_ssl module. I notice that you do not have the directive "SSLEngine On" either so try putting in the aforementioned directives and see if that helps. Not sure about your unresolved symbol problem, you only need to load and configure mod_ssl to achieve SSL communications. Cheers, Fred. On Tue, 2003-10-28 at 19:00, [EMAIL PROTECTED] wrote: > Hi, > > I'm trying to get mod_ssl configured on my server but it isn't coming > together and was hoping I could get some help from the field. Below is a > description of my setup and what I'm trying to do. Any guesses where I'm > going wrong? > > I've got a server with multiple virtual hosts. For the most part, I really > only need https to work for my Squirrelmail webmail pages, but may also at > some point have to put in an ecommerce thing on a site to accept credit > cards. It seems to me that for simplicity sake, I'd ideally like to just > have all my sites be accessible identically via http and https. I'll just > put in a redirect for the http version of squirrelmail to go to 443 > instead of 80. Is there any good reason why I shouldn't have my docs > available under http and https? > > Environment (debian packages) > --- > apache 1.3.27.0-2 > apache-common 1.3.27.0-2 > libapache-mod-ssl 2.8.14-3 > openssl 0.9.7b-2 > libssl0.9.6j-1 > > # apache -l > Compiled-in modules: > http_core.c > mod_so.c > mod_macro.c > suexec: disabled; invalid wrapper /usr/lib/apache/suexec > > What I've done > -- > Initially, I planned to use apache-ssl to do the https, but then figured > if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and > easier to maintain system. So, my attempt to do that resulted in the > following changes to my httpd.conf. These are in the main section and not > duplicated in the Virtual hosts sections. > > LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so > > and > > SSLVerifyClient 0 > SSLVerifyDepth 10 > # generated below with openssl > SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key > SSLCertificateFile /etc/ssl/demoCA/certs/server.crt > SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem > > What happens > > When I try to hit my home page via https, I get the following in my > access_log: > > 10.0.0.16 - - [20/Oct/2003:23:02:07 -0700] "\x80g\x01\x03\x01" 501 - > > And my Safari browser gives an immediate error message: > "Could not open the page 10.0.0.22 because Safari could not establish a > secure connection to the server 10.0.0.22." > > Previously, I was getting the following the following error when I tried > restarting apache: > Cannot load /usr/lib/apache/1.3/libssl.so into server: > /usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout > > This happened when I tried to load the apache_ssl_module in my http.conf > file. I _think_ I'm not supposed to do that. If I'm correct, that module > isn't necessary to run mod_ssl and is only used for apache-ssl. True? > -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange problem with NIC
Hi Roman, Try and see if there are any newer drivers available, maybe there is a bug in the card with your particular RealTek card. Check on RealTek's site perhaps. It might be worth looking at dmesg to see if there are any error messages related to the card. You might try and swap the card for another just to be sure it is the card itself. Although I usually use Intel cards I have never had problems with RealTek myself either. Hope that helps, Fred. On Sun, 2003-11-23 at 09:49, Roman Medina wrote: > Hi, > > I'm experimenting the following problem: one Debian machine with 1 > 10/100 Ethernet NIC where its upstream speed is reasonable (2 or 3 > Mbytes per second) but its downstream speed is awful (35 kbytes per > second ). All experiments are made in a LAN, so I cannot explain > the 35 kbytes/s extremely low speed. > > Any idea? TIA > > Saludos, > --Roman > > -- > PGP Fingerprint: > 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 > [Key ID: 0xEAD56742. Available at KeyServ] -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package update notification script.
Hi All,
I have written a small Perl script to check for package updates,
I know that this kind of thing has been done before (usually with much
smaller shell scripts) but I did this more for fun than size or
originality :) I have found it useful so I thought I would share it with
the folks here. This script should work on any APT based system, tested on
Red Hat (apt-rpm) and Debian.
This script can be run from Cron and will email a list of packages that
need to be updated. You need to adjust some variables at the start of the
script controlling the SMTP server to use to send mail and the address to
send it to. The other options should be fine for most sites. It does not
print anything unless debugging is on or there are errors. All results are
sent via an email.
The script requires the Perl Net::SMTP module which is part of Perl 5.6.
Please find the script (sec_update.pl) attached or at :
http://homepages.nildram.co.uk/~xinit/sec_update
Hope some people find it useful!
Regards, Fred.
#!/usr/bin/perl -w
# sec_update.pl
#
# sec_update.pl -- Check for available security updates on systems running APT
#
# BEGIN LICENSE BLOCK
#
# Copyright (c) 2004 Fred Clausen
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# A copy of that license should have arrived with this
# software, but in any event can be snarfed from www.gnu.org.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# END LICENSE BLOCK
#
# TODO:
# * Verify remote mail server accepted the message for delivery
User configurable options ###
my $apt_get = "/usr/bin/apt-get"; # Location of apt.
my $smtpserver = "localhost"; # SMTP server to use when sending messages.
my $admin_address = '[EMAIL PROTECTED]'; # Email address to send the messages to.
my $debug = 0;
End user configrable options
use strict;
use Net::SMTP;
my $uid = `id -u`;
my $if = `ifconfig`;
my $host = $ENV{HOSTNAME};
sub check_sys {
if (! -x "$apt_get") {
die "Error apt-get on $host (executable $apt_get) not found or not
executable, please modify \$apt_get \n";
} elsif ($uid != 0) {
die "This script must be run as the root user \n";
}
}
sub check_online {
if (system("ping -c 1 $smtpserver > /dev/null")) {
print "Cannot contact $smtpserver or we are offline, exiting... \n";
exit (0);
}
}
sub debug {
my $msg;
if ($debug) {
while(@_) {
$msg = shift;
print "$msg";
}
}
}
sub get_updates {
my (@untested, @package_list, $size);
debug ("Getting Update List \n");
system ("apt-get update > /dev/null");
system ("apt-get -y --dry-run upgrade > /tmp/apt.output");
open (APTOUT, ") {
@untested = split;
if ($untested[0] eq "Inst") {
push (@package_list, $untested[1]);
}
}
close (APTOUT);
unlink ("/tmp/apt.output") || die "Cannot clean up /tmp/apt.output : $! \n";
$size = @package_list;
debug ("Got Update List \n");
return [EMAIL PROTECTED], $size;
}
sub send_message {
my $to_upgrade = $_[0];
my $size = $_[1];
my $i;
if ($size > 0) {
debug ("Preparing Email message \n");
my $smtp = Net::SMTP->new("$smtpserver") || die "Could not open connection
to $smtpserver: $! \n";
$smtp->mail ("[EMAIL PROTECTED]");
$smtp->to ("$admin_address");
$smtp->data();
$smtp->datasend ("Subject: [$0] Machine $host needs package updates.
Dear Administrator,
On machine $host, there are $size packages out of date that need to be upgraded.
They are: \n
");
debug ("Number packages: $size \n");
debug ("Host: $host \n");
for ($i=0;$i < $size;$i++) {
$smtp->datasend ("Package $i: $to_upgrade->[$i] \n");
}
$smtp->datasend ("\nBest regards, \nsec_update.pl\n\n");
$smtp->datasend ("Info: \n");
$smtp->datasend ("$if \n");
$smtp->dataend();
$smtp->quit();
debug ("Email message sent\n");
} else {
debug ("No updates found, exiting... \n");
exit (0);
}
}
my ($to_upgrade, $size);
check_sys;
check_online;
($to_upgrade, $size) = get_updates;
send_message ($to_upgrade, $size);
debug ("Normal exit... \n");
exit 0;
Re: Recovery
Hi, > I'm trying to perform a recovery of some files on a remote server running > Woody. Since I can't take the server down to do an exhaustive recovery, I'm > exploring what options I have with regard to do this remotely via ssh. > > The original file system has been replaced by a new one, but since the RAID > volume the server is running is quite large there's a good possibility that > the original sectors still haven't been overwritten by any new data. I think > I'm looking for a way to dump all unpartitioned space/unused sectors to a > remote computer, without writing to the RAID volume itself. This may be of assistance to you: http://freshmeat.net/projects/magicrescue/?branch_id=48319&release_id=153385 Regards, Fred. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mod_asp
Hi, You might want to try this if you have money to spend: http://wwws.sun.com/software/chilisoft/ if you are going to offer ASP hosting commercially you may as well get that. But no harm in trying mod_asp, I am not sure of the extent of its support. There is also mod_mono to think about. I suggest trialing all 3 options. Cheers, Fred. On Wed, 2004-04-07 at 12:30, Antonin Karasek wrote: > Hi, > is there anybody experienced with mod_asp? I want to offer ASP to my > customers, but I'm not running win :o) How much functions does mod_asp > implement and how much is it reliable? > > Is it a good idea to install this module and tell customers, that they > can use ASP the same way as it is a Misrosoft's implementation on > Windows machine? > > I'm running a self-compiled Apache 2.0 - with MPM Prefork. But I > think, It's not important. > > Many thanks. > -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Find out how long a connecting has been open.
Hi All, I am helping a developer debug a program that seems to be hanging when making a certain network connection. To this end I would like to know if there is a way of telling how long a tcp connection has been established. I tried the -o option of netstat but that just gives me "off (0.00/0/0)" which implies to connection is new but is has been in the "established" state for a long time. Any assistance would be much appreciated. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081
PHP 4.2.3 Woody backport?
Hi All, I wish to run php4.2.3 on a Debian woody machine without having to upgrade the whole system to unstable. Also I wish to avoid upgrading libc and/or any other sytem libraries as would happen with version pinning. Are there any php 4.2.3 Woody packages available? Or perhaps I guide so that I can backport it myself. Tried using "apt-get --compile source php4" but there are dev dependencies that cannot be satisfied in Woody. Any assistance would be much appreciated. Cheers, Fred. -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081
Re: PHP 4.2.3 Woody backport?
Thanks alot! that was exactly what I was looking for. Another one for the bookmarks... Cheers, Fred. Thomas Kirk wrote: Hep On Tue, Jun 17, 2003 at 11:26:27AM +0100, Fred Clausen wrote: I wish to run php4.2.3 on a Debian woody machine without having to upgrade the whole system to unstable. Also I wish to avoid upgrading libc and/or any other sytem libraries as would happen with version pinning. Are there any php 4.2.3 Woody packages available? Or perhaps I guide so that I can backport it myself. Tried using "apt-get --compile source php4" but there are dev dependencies that cannot be satisfied in Woody. Any assistance would be much appreciated. I would consult apt-get.org :) -- Fred Clausen - Systems Administrator Unique Interactive, part of UBC Media Group plc Winners of the 2002 CRCA NTL New Media Award http://www.ubcmedia.com http://www.uniqueinteractive.co.uk T: +44 (0)20 7453 1667 F: +44 (0)20 7486 5081
Re: Configuring mod_ssl
Hi, I have found that I need to specify "Listen 443" in addition to enabling the mod_ssl module. I notice that you do not have the directive "SSLEngine On" either so try putting in the aforementioned directives and see if that helps. Not sure about your unresolved symbol problem, you only need to load and configure mod_ssl to achieve SSL communications. Cheers, Fred. On Tue, 2003-10-28 at 19:00, [EMAIL PROTECTED] wrote: > Hi, > > I'm trying to get mod_ssl configured on my server but it isn't coming > together and was hoping I could get some help from the field. Below is a > description of my setup and what I'm trying to do. Any guesses where I'm > going wrong? > > I've got a server with multiple virtual hosts. For the most part, I really > only need https to work for my Squirrelmail webmail pages, but may also at > some point have to put in an ecommerce thing on a site to accept credit > cards. It seems to me that for simplicity sake, I'd ideally like to just > have all my sites be accessible identically via http and https. I'll just > put in a redirect for the http version of squirrelmail to go to 443 > instead of 80. Is there any good reason why I shouldn't have my docs > available under http and https? > > Environment (debian packages) > --- > apache 1.3.27.0-2 > apache-common 1.3.27.0-2 > libapache-mod-ssl 2.8.14-3 > openssl 0.9.7b-2 > libssl0.9.6j-1 > > # apache -l > Compiled-in modules: > http_core.c > mod_so.c > mod_macro.c > suexec: disabled; invalid wrapper /usr/lib/apache/suexec > > What I've done > -- > Initially, I planned to use apache-ssl to do the https, but then figured > if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and > easier to maintain system. So, my attempt to do that resulted in the > following changes to my httpd.conf. These are in the main section and not > duplicated in the Virtual hosts sections. > > LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so > > and > > SSLVerifyClient 0 > SSLVerifyDepth 10 > # generated below with openssl > SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key > SSLCertificateFile /etc/ssl/demoCA/certs/server.crt > SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem > > What happens > > When I try to hit my home page via https, I get the following in my > access_log: > > 10.0.0.16 - - [20/Oct/2003:23:02:07 -0700] "\x80g\x01\x03\x01" 501 - > > And my Safari browser gives an immediate error message: > "Could not open the page 10.0.0.22 because Safari could not establish a > secure connection to the server 10.0.0.22." > > Previously, I was getting the following the following error when I tried > restarting apache: > Cannot load /usr/lib/apache/1.3/libssl.so into server: > /usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout > > This happened when I tried to load the apache_ssl_module in my http.conf > file. I _think_ I'm not supposed to do that. If I'm correct, that module > isn't necessary to run mod_ssl and is only used for apache-ssl. True? > -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED]
Re: Strange problem with NIC
Hi Roman, Try and see if there are any newer drivers available, maybe there is a bug in the card with your particular RealTek card. Check on RealTek's site perhaps. It might be worth looking at dmesg to see if there are any error messages related to the card. You might try and swap the card for another just to be sure it is the card itself. Although I usually use Intel cards I have never had problems with RealTek myself either. Hope that helps, Fred. On Sun, 2003-11-23 at 09:49, Roman Medina wrote: > Hi, > > I'm experimenting the following problem: one Debian machine with 1 > 10/100 Ethernet NIC where its upstream speed is reasonable (2 or 3 > Mbytes per second) but its downstream speed is awful (35 kbytes per > second ). All experiments are made in a LAN, so I cannot explain > the 35 kbytes/s extremely low speed. > > Any idea? TIA > > Saludos, > --Roman > > -- > PGP Fingerprint: > 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 > [Key ID: 0xEAD56742. Available at KeyServ] -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED]
Package update notification script.
Hi All,
I have written a small Perl script to check for package updates,
I know that this kind of thing has been done before (usually with much
smaller shell scripts) but I did this more for fun than size or
originality :) I have found it useful so I thought I would share it with
the folks here. This script should work on any APT based system, tested on
Red Hat (apt-rpm) and Debian.
This script can be run from Cron and will email a list of packages that
need to be updated. You need to adjust some variables at the start of the
script controlling the SMTP server to use to send mail and the address to
send it to. The other options should be fine for most sites. It does not
print anything unless debugging is on or there are errors. All results are
sent via an email.
The script requires the Perl Net::SMTP module which is part of Perl 5.6.
Please find the script (sec_update.pl) attached or at :
http://homepages.nildram.co.uk/~xinit/sec_update
Hope some people find it useful!
Regards, Fred.
#!/usr/bin/perl -w
# sec_update.pl
#
# sec_update.pl -- Check for available security updates on systems running APT
#
# BEGIN LICENSE BLOCK
#
# Copyright (c) 2004 Fred Clausen
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# A copy of that license should have arrived with this
# software, but in any event can be snarfed from www.gnu.org.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# END LICENSE BLOCK
#
# TODO:
# * Verify remote mail server accepted the message for delivery
User configurable options ###
my $apt_get = "/usr/bin/apt-get"; # Location of apt.
my $smtpserver = "localhost"; # SMTP server to use when sending messages.
my $admin_address = '[EMAIL PROTECTED]'; # Email address to send the messages
to.
my $debug = 0;
End user configrable options
use strict;
use Net::SMTP;
my $uid = `id -u`;
my $if = `ifconfig`;
my $host = $ENV{HOSTNAME};
sub check_sys {
if (! -x "$apt_get") {
die "Error apt-get on $host (executable $apt_get) not found or
not executable, please modify \$apt_get \n";
} elsif ($uid != 0) {
die "This script must be run as the root user \n";
}
}
sub check_online {
if (system("ping -c 1 $smtpserver > /dev/null")) {
print "Cannot contact $smtpserver or we are offline, exiting...
\n";
exit (0);
}
}
sub debug {
my $msg;
if ($debug) {
while(@_) {
$msg = shift;
print "$msg";
}
}
}
sub get_updates {
my (@untested, @package_list, $size);
debug ("Getting Update List \n");
system ("apt-get update > /dev/null");
system ("apt-get -y --dry-run upgrade > /tmp/apt.output");
open (APTOUT, ") {
@untested = split;
if ($untested[0] eq "Inst") {
push (@package_list, $untested[1]);
}
}
close (APTOUT);
unlink ("/tmp/apt.output") || die "Cannot clean up /tmp/apt.output : $!
\n";
$size = @package_list;
debug ("Got Update List \n");
return [EMAIL PROTECTED], $size;
}
sub send_message {
my $to_upgrade = $_[0];
my $size = $_[1];
my $i;
if ($size > 0) {
debug ("Preparing Email message \n");
my $smtp = Net::SMTP->new("$smtpserver") || die "Could not open
connection to $smtpserver: $! \n";
$smtp->mail ("[EMAIL PROTECTED]");
$smtp->to ("$admin_address");
$smtp->data();
$smtp->datasend ("Subject: [$0] Machine $host needs package
updates.
Dear Administrator,
On machine $host, there are $size packages out of date that need to be
upgraded.
They are: \n
");
debug ("Number packages: $size \n");
debug ("Host: $host \n");
for ($i=0;$i < $size;$i++) {
$smtp->datasend ("Package $i: $to_upgrade->[$i] \n");
}
$smtp->datasend ("\nBest regards, \nsec_update.pl\n\n");
$smtp->datasend ("Info: \n");
$smtp->datasend ("$if \n");
$smtp->dataend();
$smtp->quit();
debug ("Email message sent\n");
} else {
debug ("No updates found, exiting... \n");
exit (0);
}
}
my ($to_upgrade, $size);
check_sys;
check_online;
($to_upgrade, $size) = get_updates;
send_message ($to_upgrade, $size);
debug ("Normal exit... \n");
exit 0;
Re: Recovery
Hi, > I'm trying to perform a recovery of some files on a remote server running > Woody. Since I can't take the server down to do an exhaustive recovery, I'm > exploring what options I have with regard to do this remotely via ssh. > > The original file system has been replaced by a new one, but since the RAID > volume the server is running is quite large there's a good possibility that > the original sectors still haven't been overwritten by any new data. I think > I'm looking for a way to dump all unpartitioned space/unused sectors to a > remote computer, without writing to the RAID volume itself. This may be of assistance to you: http://freshmeat.net/projects/magicrescue/?branch_id=48319&release_id=153385 Regards, Fred.
Re: mod_asp
Hi, You might want to try this if you have money to spend: http://wwws.sun.com/software/chilisoft/ if you are going to offer ASP hosting commercially you may as well get that. But no harm in trying mod_asp, I am not sure of the extent of its support. There is also mod_mono to think about. I suggest trialing all 3 options. Cheers, Fred. On Wed, 2004-04-07 at 12:30, Antonin Karasek wrote: > Hi, > is there anybody experienced with mod_asp? I want to offer ASP to my > customers, but I'm not running win :o) How much functions does mod_asp > implement and how much is it reliable? > > Is it a good idea to install this module and tell customers, that they > can use ASP the same way as it is a Misrosoft's implementation on > Windows machine? > > I'm running a self-compiled Apache 2.0 - with MPM Prefork. But I > think, It's not important. > > Many thanks. > -- Fred Clausen - Professional Services Engineer Unit 7 Skylines Business Village Limeharbour Docklands London E14 9TS Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246 Ext: 209- Web: www.xinitsystems.com E-Mail: [EMAIL PROTECTED]
