Discuss October 2013

discuss@lists.centos.org

179 participants
157 discussions

SMTP Auth Spam Mail Attack
by Paul Shuttleworth 05 Oct '13

05 Oct '13

Hi All I have a server which seems to be getting spam relayed through it. The story is this..... User reported loads of undeliverables being received so I had a trawl through the logs. So the attacker connects to our server using SMTP AUTH........ Oct 5 15:17:53 www sendmail[6972]: AUTH=server, relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged), authid=jon, mech=LOGIN, bits=0 This then seemingly passes the AUTH for the user jon and allows the system to send e-mails such as the following. Oct 5 15:17:58 www sendmail[6982]: r95EHqoc006972: to=<qqueenllouise(a)aol.com>, ctladdr=<jon(a)xxxxxxxx.co.uk> (516/100), delay=00:00:05, xdelay=00:00:02, mailer=esmtp, pri=300552, relay=mailin-03.mx.aol.com. [205.188.156.193], dsn=2.0.0, stat=Sent (2.0.0 Ok: queued as B648F3800008D) Now there seem to be 2 user names that appear in the logs with the authid= one is jon as above and the other is jon(a)xxxxx.co.uk (obviously I have replaced the real domain with xxxxx) Now the interesting thing is that there are only a handful of sites on the server and they are set up so the site has a main username and any other addresses that need to accept mail are set as aliases. So in effect there is only one user per domain with one email account. So despite the main account not being "jon" or "jon(a)xxxxx.co.uk" and there are no users on the domain with those usernames, SMTP auth accepets the user and authenticates correctly to allow the relay through. I have checked the server with an external SMTP checker, and it is not an open relay. I have changed the password on the domain in question and they are still getting in. I have tried changing the password and sending mail with the old password, this gets .. relying denied, so SMTP auth is working ok. I have been through the server and looked at each domain for these users, I did find one called jon on an old domain which I have now deleted, just in case this was accepting the SMTP auth. Has anyone any idea how they can be authenticating against SMTP auth with a username that does not exist on the server ? Any pointers towards next steps appreciated, as I am running out of ideas to try and lock this server down. Cheers Paul. -- There are only 10 types of people in the world.. Those who understand binary and those who don't

3 3

Unattended install of CentOS in a VM with given login/password?
by Fernando Cassia 05 Oct '13

05 Oct '13

Is there a way to make CentOS install unattended, right from the boot until I can SSH into it?. I'd like being able to boot a new Virtualbox virtual machine right from the CentOS ISO, and then from the Virtualbox host, ssh into the brand new VM client and customize it using SSH shell scripts (SU, yum install, etc). Is there any way to tweak the ISO to specify "unattended install" and the root password (to be later changed after VM is installed).? The main idea is turning this into a bash script so I can download whatever new language and to the VM install "automagically". Thanks in advance. FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell

2 2

Samba problem
by Joseph Hesse 05 Oct '13

05 Oct '13

Hello, I am trying to learn how to use Samba. I first just want to get it to work, then I'll make it better. I am not concerned about security since everything is on a private network. I am following the material in "CentOS 6 Linux Server Cookbook" by Jonathan Hobson. I am using two virtual computers with Virtual Box running on Fedora 19. Both virtual computers have bridged networking. One virtual computer is Win7, the other is CentOS 6.4. They are both up to date. There is only one user, "admin", on the CentOS virtual computer. The Win7 computer can successfully ping the CentOS computer. My Win7 computer can not see the share on the Samba server. The command "# testparm" shows no errors. The command below gives the following error: [admin@CentOS ~]$ smbclient //CentOS/admin Enter admin's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-151.el6_4.1] tree connect failed: NT_STATUS_ACCESS_DENIED My smb.conf file, below, is taken from the book I am using. Any suggestions or help would be much appreciated. Thank you, Joe Hesse [global] unix charset = UTF-8 dos charset = CP932 workgroup = WORKGROUP server string = CentOS netbios name = CentOS dns proxy = no wins support = no interfaces = 127.0.0.0/8 192.168.0.0/24 eth0 bind interfaces only = no log file = /var/log/samba/log.%m max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\ spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = no domain master = no local master = no preferred master = no os level = 8 [homes] comment = Home Directories browseable = yes writable = yes valid users = %S create mask =0755 directory mask =0755

5 8

Xorg fills up /var/log/Xorg.0.log with AUDIT messages (up to system crash)
by Frank Thommen 04 Oct '13

04 Oct '13

Hi, on a CentOS 6.4-workstation we have the problem, that Xorg fills up /var/log/Xorg.0.log with AUDIT messages faster than one can read. Within four hours the logfile grew to 160 MB and usually within 1-2 days applications and sometimes the OS crash because /var becomes full. Here a small extract of /var/log/Xorg.0.log: [...] [ 24272.458] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.487] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24951 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.490] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.500] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.516] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24948 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.516] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24952 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.521] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.549] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24957 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.552] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.564] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.575] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24954 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.577] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24958 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.585] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.612] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24963 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.616] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.628] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.630] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24960 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.633] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24964 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.644] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.673] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24969 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.679] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [ 24272.691] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 disconnected [ 24272.692] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 connected from local host ( uid=9435 gid=577 pid=24966 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.697] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 30 connected from local host ( uid=9435 gid=577 pid=24970 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 572 [ 24272.711] AUDIT: Wed Oct 2 15:41:44 2013: 2625: client 28 disconnected [...] The client numbers are just a small repeating set, but trying to find the associated processes through the pids fails, because when the logfile entry is written, the processes are already gone. For sure these messages are associated with "something" the user(s) do, because as soon as nobody is logged in, these messages stop. We have lots of CentOS 6 machines, but this is the only one with such an issue, even though there are more or less the same applications running on all machines. Xorg is running with the following options (CentOS 6 default settings): /usr/bin/Xorg :0 -nr -verbose -audit 4 -auth /var/run/gdm/auth-for-gdm-jQ4DVP/database -nolisten tcp vt1 Questions: * How can one find out which processes are responsible for these audit messages? * How can I stop auditing completely? With CentOS 5 Xorg ran with "audit 0" and I was unable to find the place where the audit level is set. * (more generally) What's auditing good/used for anyway? Any hint is appreciated. Cheers frank [cross-posted on lopsa-tech maillist]

3 3

php 5.1 to 5.3
by Nikos Gatsis - Qbit 04 Oct '13

04 Oct '13

Hello list I'm managing a web server with centos-release-5-9.el5.centos.1. I have php-5.1.6-40.el5_9 right now and I'd like to update it to php53. I wander if its easy or complicated. If somebody have any instructions I'd be very glad! Thank you in advance. Nikos -- Untitled Document ------------------------------------------------------------------------ *Γατσής Νίκος - Gatsis Nikos* Web developer tel.: 2108256721 - 2108256722 fax: 2108256712 email: ngatsis(a)qbit.gr http://www.qbit.gr

5 5

Historical Data related to CPU,IO and Memory
by Kaushal Shriyan 03 Oct '13

03 Oct '13

Hi, Are there any utilities or tools to look at historical data of Memory, CPU Utilization or IO activity on CentOS 6.4 or 5.9 Version? For example the how much the memory was consumed for the period of last six months. Regards, Kaushal

8 9

Target TRACE in CentOS
by Sergio Belkin 03 Oct '13

03 Oct '13

HI, I'm trying to use TRACE target of raw table but It doesn't work It's a CentOS 6.2 with kernel 2.6.32-220.7.1.el6.x86_64. lsmod | egrep -i "raw|trace|log" iptable_raw 2264 1 ip_tables 17831 4 iptable_raw,iptable_filter,iptable_mangle,iptable_nat xt_TRACE 1060 1 ipt_LOG 5845 5 ipt_ULOG 10765 11 dm_log 10122 2 dm_mirror,dm_region_hash dm_mod 81596 14 dm_mirror,dm_log The problem is TRACE target maches but it isn't logging anything.... Chain PREROUTING (policy ACCEPT 380796 packets, 194521672 bytes) pkts bytes target prot opt in out source destination 6 360 TRACE tcp -- * * 0.0.0.0/0 A.B.C.D tcp dpt:443 if I use the LOG target it WORKS, but TRACE it's better for debugging, am I doing something wrong or this CentOS release has no full support for this target? Thanks in advance! -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org

1 0

CentOS-announce Digest, Vol 104, Issue 2
by centos-announce-request＠centos.org 03 Oct '13

03 Oct '13

Send CentOS-announce mailing list submissions to centos-announce(a)centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request(a)centos.org You can reach the person managing the list at centos-announce-owner(a)centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2013:1400 CentOS 6 setup Update (Karanbir Singh) 2. CEBA-2013:1401 CentOS 6 qemu-kvm Update (Karanbir Singh) ---------------------------------------------------------------------- Message: 1 Date: Wed, 2 Oct 2013 16:45:47 +0000 From: Karanbir Singh <kbsingh(a)centos.org> Subject: [CentOS-announce] CEBA-2013:1400 CentOS 6 setup Update To: centos-announce(a)centos.org Message-ID: <20131002164547.GA65224(a)n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2013:1400 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1400.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: f3baabe199eabf0c11866c1c076f0c6bc01abe0c1cab20aa3348cd8e1c967031 setup-2.8.14-20.el6_4.1.noarch.rpm x86_64: f3baabe199eabf0c11866c1c076f0c6bc01abe0c1cab20aa3348cd8e1c967031 setup-2.8.14-20.el6_4.1.noarch.rpm Source: 6cd2835e633e6af4c072f1e444dc150aa91cb96bf92c1ca84321e2bed2b54377 setup-2.8.14-20.el6_4.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net ------------------------------ Message: 2 Date: Wed, 2 Oct 2013 16:52:02 +0000 From: Karanbir Singh <kbsingh(a)centos.org> Subject: [CentOS-announce] CEBA-2013:1401 CentOS 6 qemu-kvm Update To: centos-announce(a)centos.org Message-ID: <20131002165202.GA523(a)n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2013:1401 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1401.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9a5d53661265a21e2c01437bfa501c89a97931b5d9d204f85e9ac9a237f90123 qemu-guest-agent-0.12.1.2-2.355.0.1.el6_4.9.i686.rpm x86_64: d7bba07262272b8d1ba80430c0aed94c66689ad2f0bc204c0d4db73d9212a28c qemu-guest-agent-0.12.1.2-2.355.0.1.el6_4.9.x86_64.rpm 927ca6ac3edc771921ac09980347a42e5fbcd1da932014a0997e0dfee0ee2104 qemu-guest-agent-win32-0.12.1.2-2.355.0.1.el6_4.9.x86_64.rpm a40f87712412f4b6b4483f11fe8c7dbb301f1888b4d62ad172cae0b6d4ee6b28 qemu-img-0.12.1.2-2.355.0.1.el6_4.9.x86_64.rpm 031c4b40e2003851a7b062efb555382835d59a54659b396b68a4736ccd6d19b8 qemu-kvm-0.12.1.2-2.355.0.1.el6_4.9.x86_64.rpm e8d64b86e9ae7564ae68149c8f4e9d927f1987fb816f46d9cd8caea2be2a8549 qemu-kvm-tools-0.12.1.2-2.355.0.1.el6_4.9.x86_64.rpm Source: 5f7e087dee9073fb16ee6d3b49f6902c487d01665471ab0bfe70948d650f5449 qemu-kvm-0.12.1.2-2.355.0.1.el6_4.9.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 104, Issue 2 ***********************************************

1 0

About Memory mirroring
by Rajagopal Swaminathan 03 Oct '13

03 Oct '13

Greetings, Was wondering if any software exists for mirroring memory across hosts like what drbd does for disks. I am somewhat aware of copying of a VM's memory when a live migration is done. Another query, as I have not seen too many VM migrations, is that what happens to the memory contents such as data yet to be written onto disk, states etc happens when one of the RHCS cluster hosts which is running VM fail: does the cluster restart the machine? An example perhaps would be suppose the VM is running a movie what would the user's experience would be. I tried it on cluster with ctdb. The movie simply restarted. Any experiences? -- Regards, Rajagopal

1 0

CIFS Share with encrypted credentials
by Dolev Farhi 03 Oct '13

03 Oct '13

Hi, I have a CIFS share that I mount on a CentOS6.4. Currently I am keeping the password in a regular hidden file, for example /test/.cred with the username and password. the /etc/fstab directive points to that file. for example: //10.0.0.1/share /mnt cifs defaults,credentials=/test/.cred Since this file is readable by the root user, I figured if there might be a way to encrypt this file, and with decrypt this file with a script so the mount will succeed, and then encrypt it again. or maybe there is another way of doing this? any ideas? --- Dolev

4 3

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss October 2013