> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Robert Heller > Sent: Saturday, May 14, 2011 19:02 > To: CentOS mailing list > Cc: 'CentOS mailing list' > Subject: Re: [CentOS] Apache in chroot reporting every client > is 16.0.0.0 > > At Sat, 14 May 2011 18:45:32 -0400 CentOS mailing list > <centos at centos.org> wrote: > > > > > > -----Original Message----- > > > From: centos-bounces at centos.org > > > [mailto:centos-bounces at centos.org] On Behalf Of Marian Marinov > > > Sent: Saturday, May 14, 2011 16:06 > > > To: CentOS mailing list > > > Subject: Re: [CentOS] Apache in chroot reporting every client is > > > 16.0.0.0 > > > > > > On Saturday 14 May 2011 20:50:54 Jason Pyeron wrote: > > > > Not sure where to start on this. I went to examine a log file > > > > today and noticed a password protected internal file was being > > > accessed from > > > > 16.0.0.0. Upon further review every log entry has the same IP. > > > > Accessing apache from localhost also reports 16.0.0.0. > > > > > > > > Google is not being my friend right now, any advice? > > > > > > > > Kernel: 2.6.9-89.0.29.Elsmp > > > > > > > > In the chroot: > > > > > > > > httpd-suexec-2.0.52-41.ent.7.centos4 > > > > httpd-devel-2.0.52-41.ent.7.centos4 > > > > httpd-2.0.52-41.ent.7.centos4 > > > > > > > > -jason > > > > > > Check the resolv setup in the chroot. etc/resolv.conf, etc/hosts, > > > etc/nsswitch.conf > > > > Hosts are resolving and /etc/resolv.conf is good. > > > > Etc hosts and nsswitch are defaulted. > > Is this /etc/resolv.conf IN the chroot tree that httpd is > running in or in the real system root? Check > etc/resolv.conf, etc/hosts, etc/nsswitch.conf, under the > chroot tree that httpd is running in, not /etc/resolv.conf. The previous post was for inside the chroot. [root at devserver21 ~]# chroot /var/mnt/192.168.1.52 [root at devserver21 /]# host 127.0.0.1 1.0.0.127.in-addr.arpa domain name pointer localhost. [root at devserver21 /]# host localhost localhost has address 127.0.0.1 [root at devserver21 /]# host 192.168.1.67 67.1.168.192.in-addr.arpa domain name pointer host67.1.internal.pdinc.us. [root at devserver21 /]# host host67.1.internal.pdinc.us host67.1.internal.pdinc.us has address 192.168.1.67 [root at devserver21 /]# tail -n 0 -f /var/log/httpd/*_log & curl -sk https://67.90.184.203/index.html > /dev/null && sleep 15 && kill %1 [1] 14018 ==> /var/log/httpd/access_log <== ==> /var/log/httpd/error_log <== ==> /var/log/httpd/ssl_access_log <== ==> /var/log/httpd/ssl_error_log <== ==> /var/log/httpd/ssl_request_log <== [14/May/2011:19:17:17 -0400] 16.0.0.0 TLSv1 DHE-RSA-AES256-SHA "GET /index.html HTTP/1.1" 18 [root at devserver21 /]# [1]+ Terminated tail -n 0 -f /var/log/httpd/*_log [root at devserver21 /]# -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.