Discuss September 2005

discuss@lists.centos.org

243 participants
335 discussions

Paranoid Firewalling
by Kirk Bocek 09 Oct '05

09 Oct '05

After reading this article: http://www.theregister.co.uk/2005/08/31/blocking_chinese_ip_addresses/ I got to thinking that there is really no reason for *any* traffic to hit my servers that comes from anywhere outside North America. So I wrote the perl script at the end of this posting to extract selected IP ranges posted at iana.org and convert them into iptables rules blocking any traffic from those ranges. I'd like comments on this. I know it's not perfect as there are both corporate and 'various registries' address ranges that aren't covered but it's a start. Since my company web site is hosted elsewhere but we are doing the DNS, I put in the exceptions for DNS. In my ten or so years of administering Linux servers, following the usual security precautions has been sufficient: closing unused ports, keeping up to date on patches, limiting permissions and logins, etc. I've never had a system broken into. But if I can lessen the bandwidth used up by brute-force password attacks and port scans at the cost of a few CPU cycles, that's a good thing. I've had the new rules up on one server for about half an hour and can see about 10 or so connection attempts from the addresses in question. What do you think? Kirk Bocek #!/usr/bin/perl # # iana-makeiptables.pl # Convert IPv4 Address assignment document from iana.org into # a shell script that will insert iptables rules to block traffic # from selected regional registries. # # Copy the data from: # http://www.iana.org/assignments/ipv4-address-space # and save it to the file in $datafile (here -- iana-assignments.dat) # Then edit the 'my @block' line below to select the registries you want to block # # Sept 6, 2005 Kirk Bocek # use strict; my $datafile='iana-assignments.dat'; my $outfile='iana-block.sh'; #Registries are ARIN APNIC RIPE LACNIC AfriNIC my @block=qw/APNIC RIPE LACNIC AfriNIC/; die "Data File $datafile Not Found!" unless -f $datafile; die "Cannot open $outfile for writing!" unless open OUT, ">$outfile"; die "Cannot open $datafile for reading!" unless open DAT, "<$datafile"; print OUT "#!/bin/bash\n"; print OUT "# Blocking traffic from: @block\n"; print OUT "# Generated by iana-makeiptables.pl\n"; foreach (<DAT>) { next unless /^\d{3}\/8/; BLOCK: foreach my $reg (@block) { if (/^(\d{3})\/8.*$reg/) { my $x=$1; $x=substr($x,1) if substr($x,0,1) eq '0'; #Strip leading zero $x=substr($x,1) if substr($x,0,1) eq '0'; #Might be two of them print OUT 'iptables -I INPUT -s ',$x,".0.0.0/8 -j DROP\n"; last BLOCK; } } } #Put any exceptions here #For example, I'm allowing DNS traffic print OUT "iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT\n"; print OUT "iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT\n"; close OUT; close DAT; # End of iana-makeiptables.pl

11 23

Headline - Linux misses Windows of opportunity
by Ken 05 Oct '05

05 Oct '05

Dear CentOS, Ken wants you to know about this story on http://www.theage.com.au. Personal Message: How much did MS pay for the article? Linux misses Windows of opportunity September 27, 2005 URL: http://www.theage.com.au/articles/2005/09/26/1127586780339.html The online edition of The Age brings you updated local and world news, sports results, entertainment news and reviews and the latest technology information. Click here to sign up for news alerts from The Age newsroom sent each morning and afternoon. http://www.theage.com.au/newsletters/subscription.html

20 31

scsi tape drive problems
by James B. Byrne 02 Oct '05

02 Oct '05

I am experimenting with a scsi2 HP SureStore DAT24 attached as an external device to an Intel P4 system. I am attempting to create a raw disk image of a dds2 tape made on a non linux system. My immediate problem is that I am trying to terminate a dd process and having no luck. dd was invoked thus: dd if=/dev/nst1 of=/tmp/disk.dds2.img bs=512 & pid=$! a ps reveals this: ps PID TTY TIME CMD 1936 pts/0 00:00:00 bash 2034 pts/0 00:00:15 dd 2093 pts/0 00:00:00 ps a call to kill has no apparent effect: kill -s SIGKILL 2034 ps PID TTY TIME CMD 1936 pts/0 00:00:00 bash 2034 pts/0 00:00:18 dd 2100 pts/0 00:00:00 ps and calls to mt show this: mt -f /dev/nst1 status /dev/nst1: Device or resource busy Short of a reboot, how do I get control of the tape drive back? (once I get the drive back I will have a lot of other questions regarding dd.) Regards, Jim -- . *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3

3 2

RE: [CentOS] SATA RAID Block
by Bowie Bailey 01 Oct '05

01 Oct '05

From: Ed Morrison [mailto:edward.morrison@gmail.com] > > I'm looking to add a sata raid controller to my server, give it a > terabyte of HDs and make a myth backend. I'm having trouble > determining > if this raid block is compatible with linux. Does anyone have any > experience with this item? > > http://www.plinkusa.net/webBP-SATA3141B.htm This is just an SATA backplane and so it shouldn't have any compatibility issues. If you want to do raid, you will still need a raid card to connect to the disks in this enclosure. You will need to check the compatibility of the raid card. The best ones are made by 3ware. There was an extended conversation about them on this list a while back. Check the archives if you're interested. Bowie

2 1

Copy and paste in a terminal with the mouse
by Jean Lee 01 Oct '05

01 Oct '05

Hi all, Does anybody know what is the name of the tool which is needed to copy some text in a terminal window and to paste this text at the end of the command line using the mouse ? It is a basic function but really helpfull and it is not installed on my workstation. I am using Gnome and CentOS 4.1. Regards, Jean LEE

5 6

Error running startx as non-root user
by Todd Reed 30 Sep '05

30 Sep '05

I've been looking online for resources that may help me, but I haven't found anything that worked. I'm trying to run x as a non-root user. Any suggestions? I get the messages: Fatal server error: PAM authentication failed, cannot start X server. Perhaps you do not have console ownership? Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Here is what I've tried: 1) chmod 777 /dev/console 2) /etc/pam.d/xserver looks like: auth sufficient pam_rootok.so auth required pam_console.so account required pam_permit.so auth required /lib/security/pam_console.so auth required /lib/security/pam_permit.so account required /lib/security/pam_permit.so

2 1

Converting from RHEL to CentOS questions.
by Shaun T. Erickson 30 Sep '05

30 Sep '05

I have servers that are running: Red Hat Enterprise Linux ES release 3 (Taroon Update 5) and Red Hat Linux Advanced Server release 2.1AS (Pensacola) [which I think RH renamed as Red Hat Enterprise Linux AS release 2.1]. The servers are running fine. Is it possible (and if so, how) to convert these to the equivalent releases of CentOS, without doing a complete upgrade (I want to mess with the systems as little as possible)? I work at a small company and we simply can't afford to pay for the renewal costs to be able to keep them updated from Red Hat. -- -ste

3 6

Re: [CentOS] Headline - Linux misses Windows of opportunity --incompetent local resource
by Brian T. Brunner 30 Sep '05

30 Sep '05

Thanks, Bryan. Good analysis. Brian Brunner brian.t.brunner(a)gai-tronics.com (610)796-5838 >>> thebs413(a)yahoo.com 09/29/05 07:41PM >>> [ I've temporarily subscribed my Yahoo address to post this single comment, and then I'm going to unsubscribe it so I can't post again. ] File this one on "Linux loses due to incompetent local support resources." No need to have meta-discussions on anything else -- the comparison of RHN/Update to SUS is laughable. ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated

1 0

rhel3 i386 arpwatch
by Henk van Lingen 30 Sep '05

30 Sep '05

Hi, What happened to the rhel3 i386 arpwatch package? There is only a x86_64 version: sarastro:/users/henkvl 573% ls /users/mirror/Linux/centos/3/*/*/RPMS/arp* /users/mirror/Linux/centos/3/addons/x86_64/RPMS/arpwatch-2.1a11-7.E3.5.x86_64.rpm but there once was a i386 version, as a have a /var/cache/yum/addons/headers/arpwatch-14-2.1a11-7.E3.5.i386.hdr Cheers, -- Henk van Lingen, Systems & Network Administrator (o- -+ Dept. of Computer Science, Utrecht University. /\ | phone: +31-30-2535278 v_/_ http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/

1 0

how is CentOS build??
by Alberto 30 Sep '05

30 Sep '05

Hi, I would like to know the inside work of CentOS community. How rebuilds are done, modify rpms, boot cds, removing packages, adding new rpms, centos server cd, etc... and how can I contribute to the project? Alberto

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss September 2005