eck/
Bye
Volker
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon+49 30 6104-3307
fax+49 30 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trou
.
"man tar" - you probably don't have the same hardware on your backup
server in case of emergency:
tar cvf /backup/file+dir.tar --preserve --numeric-owner \
/etc/exim* /etc/passwd /etc/shadow \
/var/spool/mail/ /var/spool/exim/
Bye
Volker Tanger
IT-Security Consulting
crunching. Okay, maybe you did not think of a
(text-based) MUD/MUSH when asking about a "game server"... ;-)
Bye
Volker
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon+49 30 6104-3307
fax+49 30 6104-3461
[EMAIL PROTECTED]
http://www
x). Even the fast+wide PCI barely is just fast enough for a
full Gbit/s line run full-duplex.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
Telefon (030) 6104-3307
Telefax (030) 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
--
To UNSUBSCRIBE,
work at
all in"smart" signaling mode and is not supported by APC Corp.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
Telefon (030) 6104-3307
Telefax (030) 6104-3435
[EMAIL PROTECTED]
http://www.discon.de/
--
To UNSUBSCRIBE, em
work members to achieve acceptable
results.
All this is available as run-off-the-mill software.
I did not check back, but isn't there policy based routing for Linux
somewhere out there? If so, you could implement that on the cluster
instead of switching default gates. Does anyone know
referne
Greetings!
On Thu, 13 Mar 2003 17:26:21 +0100 Andrew Miehs <[EMAIL PROTECTED]> wrote:
> On Thu, Mar 13, 2003 at 04:47:47PM +0100, Volker Tanger wrote:
> > For incoming the firewalls simply use DNS Round-Robin on the FW
> > members which have to be listed as primary/m
istor-boosted relais for each
input building that box should not be too complicated.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon+49 30 6104-3307
fax+49 30 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
Volker
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon+49 30 6104-3307
fax+49 30 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
x). Even the fast+wide PCI barely is just fast enough for a
full Gbit/s line run full-duplex.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
Telefon (030) 6104-3307
Telefax (030) 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
work at
all in"smart" signaling mode and is not supported by APC Corp.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
Telefon (030) 6104-3307
Telefax (030) 6104-3435
[EMAIL PROTECTED]
http://www.discon.de/
work members to achieve acceptable
results.
All this is available as run-off-the-mill software.
I did not check back, but isn't there policy based routing for Linux
somewhere out there? If so, you could implement that on the cluster
instead of switching default gates. Does anyone know
referne
Greetings!
On Thu, 13 Mar 2003 17:26:21 +0100 Andrew Miehs <[EMAIL PROTECTED]> wrote:
> On Thu, Mar 13, 2003 at 04:47:47PM +0100, Volker Tanger wrote:
> > For incoming the firewalls simply use DNS Round-Robin on the FW
> > members which have to be listed as primary/m
?
For displaying you can use Nagios (NetSaint - http://www.nagios.org/).
For data collection you can use the supplied plugins or write them
yourself e.g. via SSH as http://www.wyae.de/software/aslcheck/ does.
Bye
Volker Tanger
IT-Security
discon gmbh
DeTeWe AG & Co. KG
Fon +49 30 6
ounting, you could try
http://wyae.de/software/trafan/
which works even from a third machine - just plug in and be happy. I do
not have any experiences with high load scenarios, though.
Bye
Volker Tanger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "uns
;Messy" as in higher load than IPtables or as in packet drops - or how?
Can you hint me at some ressources (URLs) on this?
Thanks a lot for your input
Volker Tanger
PS: TrafAn was a quick-shot designed to give a rough estimate on
intra-network protocol usage e.g. plugged into a SPAN-por
t; -rw-r--r--1 root root 1948 Apr 6 2002 index.html
> -rw-r--r--1 root root 2302 Apr 6 2002 main.html
> drwxr-xr-x2 root root 4096 Jul 21 17:27 neat
> -rw-r--r--1 root root19900 Jul 21 15:22 netsaint.cfg
Bye
Volker Tanger
On Wed, 6 Aug 2003 12:39:29 +0200 Stephane Bortzmeyer
<[EMAIL PROTECTED]> wrote:
> > you could try BigBrother (http://bb4.com/)
>
> Heavily non-free.
...because of which it has a (GPLed) Big Sister
http://bigsister.graeff.com/home.html
Bye
Volker Tanger
won't have proper metrics in the logs
(correction please, if I'ver overseen something) - to get an approximate
weighted accounting you probably should go with something like
in-bytes per VHost = i-bytes total / requests total * requests VHost
Bye
Volker Tanger
--
To UNSUBSCRIBE
Another one is http://vd-server.de/ (virtual server here, too) - no
personal experience here.
Another option would be housing of your own hardware or reinstallation
of a dedicated server at hoster (e.g. as described in Linux Magazine
http://www.linux-magazin.de/Artikel/ausgabe/2002/11/)
By
cause i know nothing of bsd, and do
> practically everything with debian since it's my favorite dist.
For traffic shaping with IPtables/netfilter see
http://lartc.org/howto/
http://www.docum.org/
Bye
Volker Tanger
ITK-Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTE
pening...
http://www.wyae.de/software/aslrules/
(alas, as soon as the server is repaired *grrr*)
You'll have to adapt it to your disk layout etc, but the basics should
be there.
Bye
Volker Tanger
ITK-Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ry
first one after MS-IE. What do the headers of the proxy's answer packet
tell about the auth scheme?
Bye
Volker Tanger
ITK-Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
d
> bloat, was causing major maintainance & security hasle.
Well, with the current release timescale being ~2 years (3.0 was
released 2002-07-19) I won't call Debian "rapidly moving"...
Maintenance is - as always - minimum hassle with Debian.
:-)
Bye
Volker Tanger
ITK-S
basically is an IIS plugin) to accept NTLM *and* basic authentication
methods - or not to authenticate at all. That option is hidden somewhere
in a submenu, so happy hunting...
Bye
Volker Tanger
ITK-Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscri
ns
apt-get upgrade
That shoud do it. Or try one of the low-level approaches
http://wyae.de/docs/img_dd.php
http://wyae.de/docs/img_rsync.php
Bye
Volker Tanger
ITK-Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ft error
smtpd_error_sleep_time = 50
# sleep ERR-NR secs after this many errors (> time !)
smtpd_soft_error_limit = 50
--8<--
Volker Tanger
--
ITK-Security
DeTeWe AG & Co. KG
Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/
Herzlich willkommen vom 18.-24. Maerz 200
type?
XFS, JFS and ReiserFS are using BTree (or similar) directory
structures that are much faster than the Ext's linear list.
Bye
Volker Tanger
ITK Security
Herzlich willkommen vom 18.-24. Maerz 2004 auf unserem CeBIT-Messestand,
Halle 13, D 58 - unter dem Motto "DeTeWe- Your connection
nd some hands-on tests with Nagios before rolling your
own. I've not tested Cheops, but it looks a bit like what you have in
mind, too.
Bye
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
t to clobber
the list.
Thanks
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
.htm
Bye
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
webserver mainly for static
files, others than apache could be quite interesting for you,
especially thttpd, mathopd and Zeus - see
http://www.acme.com/software/thttpd/benchmarks.html
Smaller size and select method instead of (pre)forking spells more free
RAM which can then be used for
d of the
complete disc? Well, doing the partitioning manually, you could RSYNC
the server instead of DD+NETCATing, which probably is faster and fails
more gracefully.
Bye
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tlabs (with frequent system
bashing) it's the leisure-factor that is heavily in favour of DD images,
I confess... ;-)
Bye
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
llowed to (write) access the raw device as ordinary user...
Boot in text mode ("knoppix 2") or Ctrl-Alt-1 from X11 into console. Try
again then.
If this does not solve the problem, we'll have to search on.
Bye
Volker Tanger
ITK Security
PS: I've updated my docs accordingly -
data
and performing its own backup.
See http://www.mikerubel.org/computers/rsync_snapshots/ for ideas of
HD-based backup/mirror.
Bye
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
d that I missed deleting the first
half of the cited mail. My post should have read in short:
RAID for backup (1st half)? - NO! Definitely no.
Use RSYNC (2nd half) - yes, but (only if) to remote servers
Sorry if that lead to confusion...
> On Aug 23, 2004, at 7:07 AM, Volker Ta
27;s fast to implement and light on
system ressources. Plus you won't need additional IPSec or whatever
config on your systems...
Bye
Volker Tanger
ITK Security
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
e sender addresses) in no time.
So rejecting already before DATA statement is a *very* good idea.
Bye
Volker Tanger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
?
For displaying you can use Nagios (NetSaint - http://www.nagios.org/).
For data collection you can use the supplied plugins or write them
yourself e.g. via SSH as http://www.wyae.de/software/aslcheck/ does.
Bye
Volker Tanger
IT-Security
discon gmbh
DeTeWe AG & Co. KG
Fon +49 30 6
till get nothing through, your iptables config
is hosed. If you only have one card, it'll be much more difficult. As
will be sniffing in respective networks. NAT-issues come to mind, that
will be very difficult to debug w
ilsoftware42/
Well, that's the MTA side - what about the client part. Do you need POP
or IMAP? Both? LDAP access? What spool design, etc. There are (again)
loads of agents available. Again: what is your metric for "best"?
Bye
Volker Tanger
--
---
creating such a directory tree will
mimick a number of hierarchies of a tree search thus saving quite some
file access time. But with new file systems they will come with a slight
access time penalty compared to a flat
es.
This may not be THAT much of a problem with config and even less with
the software.
One thing, though, often overseen: where do you put the logs? A firewall
without logs looses a *LOT* of its practical value.
Bye
Volker Tanger
IT-Security
discon gmbh
DeTeWe AG & Co. KG
Fon +49
cause i know nothing of bsd, and do
> practically everything with debian since it's my favorite dist.
For traffic shaping with IPtables/netfilter see
http://lartc.org/howto/
http://www.docum.org/
Bye
Volker Tanger
ITK-Security
pening...
http://www.wyae.de/software/aslrules/
(alas, as soon as the server is repaired *grrr*)
You'll have to adapt it to your disk layout etc, but the basics should
be there.
Bye
Volker Tanger
ITK-Security
ry
first one after MS-IE. What do the headers of the proxy's answer packet
tell about the auth scheme?
Bye
Volker Tanger
ITK-Security
d
> bloat, was causing major maintainance & security hasle.
Well, with the current release timescale being ~2 years (3.0 was
released 2002-07-19) I won't call Debian "rapidly moving"...
Maintenance is - as always - minimum hassle with Debian.
:-)
Bye
Volker Tanger
ITK-Security
basically is an IIS plugin) to accept NTLM *and* basic authentication
methods - or not to authenticate at all. That option is hidden somewhere
in a submenu, so happy hunting...
Bye
Volker Tanger
ITK-Security
ns
apt-get upgrade
That shoud do it. Or try one of the low-level approaches
http://wyae.de/docs/img_dd.php
http://wyae.de/docs/img_rsync.php
Bye
Volker Tanger
ITK-Security
ft error
smtpd_error_sleep_time = 50
# sleep ERR-NR secs after this many errors (> time !)
smtpd_soft_error_limit = 50
--8<--
Volker Tanger
--
ITK-Security
DeTeWe AG & Co. KG
Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/
Herzlich willkommen vom 18.-24. Maerz 200
type?
XFS, JFS and ReiserFS are using BTree (or similar) directory
structures that are much faster than the Ext's linear list.
Bye
Volker Tanger
ITK Security
Herzlich willkommen vom 18.-24. Maerz 2004 auf unserem CeBIT-Messestand,
Halle 13, D 58 - unter dem Motto "DeTeWe- Your connection
nd some hands-on tests with Nagios before rolling your
own. I've not tested Cheops, but it looks a bit like what you have in
mind, too.
Bye
Volker Tanger
ITK Security
t to clobber
the list.
Thanks
Volker Tanger
ITK Security
.htm
Bye
Volker Tanger
ITK Security
55 matches
Mail list logo
