Search Results

Search found 1620 results on 65 pages for 'eric king'.

Page 23/65 | < Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >

  • Watchguard Firewall WebBlocker Regular Expression for Multiple Domains?

    - by Eric
    I'm pretty sure this is really a regex question, so you can skip to REGEX QUESTION if you want to skip the background. Our primary firewall is a Watchguard X750e running Fireware XTM v11.2. We're using webblocker to block most of the categories, and I'm allowing needed sites as they arise. Some sites are simple to add as exceptions, like Pandora radio. That one is just a pattern matched exception with "padnora.com/" as the pattern. All traffic from anywhere on pandora.com is allowed. I'm running into trouble on more sophisticated domains that reference content off of their base domains. We'll take GrooveShark as a sample. If you go to http://grooveshark.com/ and view page source, you'll see hrefs referring to gs-cdn.net as well as grooveshar.com. So adding a WebBlocker exception to grooveshark.com/ is not effective, and I have to add a second rule allowing gs-cdn.net/ as well. I see that the WebBlocker allows regex rules, so what I'd like to do in situations like this is create a single regex rule that allows traffic to all the needed domains. REGEX QUESTION: I'd like to try a regex that matches grooveshark.com/ and gs-cdn.net/. If anybody can help me write that regex, I'd appreciate it. Here is what is in the WatchGuard documentation from that section: Regular expression Regular expression matches use a Perl-compatible regular expression to make a match. For example, .[onc][eor][gtm] matches .org, .net, .com, or any other three-letter combination of one letter from each bracket, in order. Be sure to drop the leading “http://” Supports wild cards used in shell script. For example, the expression “(www)?.watchguard.[com|org|net]” will match URL paths including www.watchguard.com, www.watchguard.net, and www.watchguard.org. Thanks all!

    Read the article

  • Motherboard HDDPWR1 connector

    - by Eric Leschinski
    I need help identifying the name of a connector. I have a Gateway DX4870-UB318 computer, I opened the case and wanted to attach another hard drive, but to my surprise one existing SATA hard drive was connected to the motherboard with this connector: And here is the spot on the Motherboard where the power was supplied. What is the name of this adapter and where can I get another one? Clues: This computer was bought new October 2013 from best buy, box number: DX4870-UB318. The gateway folks won't divulge the type of motherboard it has nor give specs on it. On the wire itself is an identification code: H.35090NJ01-000 Next to the connector on the motherboard it says: HDDPWR1 and the second one says HDDPWR2. This cable has two SATA power connectors and one mystery connector. The power supply has no molex power cables and no SATA power connectors! This is the most bizarre hard drive power system I've seen. I guess the motherboard folks are trying to remove the burden for desktop power supplies to provide adapters (molex, SATA, other) to CD's and hard drives. Can someone put a name on that white flat 6 pin HDD Power Connector? My Solution I can buy a "SATA Power Y Splitter Cable" to provide more spaces to power sata devices.

    Read the article

  • Accidentally deleted symlink libc.so.6 in CentOS 6.4. How to get sudo privilege to re-create it?

    - by Eric
    I accidentally deleted the symbol link /lib64/libc.so.6 - /lib64/libc-2.12.so with $ sudo rm libc.so.6 Then I can not use anything including ls command. The error appears for any command I type ls: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory I've tried $ export LD_PRELOAD=/lib64/libc-2.12.so After this I can use ls and ln ..., but still can not use sudo ln ..., sudo -E ln ..., sudo su or even su. I always get this err sudo: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory or su: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory It seems LD_PRELOAD works only for the current shell session of my account, but not for a new account like root or a new session. It's a remote server so I can not use a live CD. I now have a ssh bash session alive but can not establish new ones. I have sudo privilege, but don't have root password. So currently my problem is I need to run sudo sln -s libc-2.12.so libc.so.6 to re-create the symlink libc.so.6, but I can not run sudo without libc.so.6. How can I fix it? Thanks~

    Read the article

  • What kind of “sysadmin stuff” should I show to students during a talk?

    - by Gregory Eric Sanderaon
    A teacher asked me If I could talk about my job as a linux sysadmin in his class. The course is called "Introduction to Operating systems" and i've been given 45 minutes to talk. The students are beginning their second year, so they've had a bit of experience with programming in different languages. What i'm like to do is show a series of hands-on examples of the kinds of things I do on a regular basis. I've already got a few ideas jotted down, but I'm afraid that they might be either too advanced or too simple for the students to appreciate. Another concern is that a topic might be too long to explain and use too much time overall. Here are a few ideas : Program deployment using version control (git in my case) filtering apache logs using grep, awk, uniq, tail A couple of bash scripts that i've made for various stuff on servers live montitoring (htop, iotop, iptraf) creating databases and assigning roles in mysql/postgresql So, are these ideas any good ? Do you have better ideas ? are the ideas too simple and should I go for more "advanced" stuff ?

    Read the article

  • SQL Server 2008 Recovery Mode reverts from FULL to SIMPLE

    - by Eric Hazen
    Three of our SQL databases have their recovery model change every night from FULL to SIMPLE. The only jobs that I'm aware of are two BackupExec jobs that run nightly. Why would the recovery model change? Backup Jobs: SQL FULL BACKUP, SQL LOG BACKUP Event Manager: Event 5084: Setting Database option RECOVERY to SIMPLE for database databaseName

    Read the article

  • Why do I get NT_STATUS_CONNECTION_REFUSED from net rpc shutdown?

    - by Eric
    When I use "net rpc shutdown -f -I xxx.xxx.xxx.xxx -U usr%pwrd" I receive the following error. "NT_STATUS_CONNECTION_REFUSED" I checked that the firewall is disabled and that I can telnet to port 135 on the remote machine from the local machine. Telnet connects, there is no banner though is there supposed to be one? Not entirely sure. Remote machine is Windows 7 Ultimate Local machine is CentOS 5.7 "SME Server" Any ideas why this is still failing?

    Read the article

  • PC to HDTV, Catalyst Control Center problem (Overscan)

    - by Eric
    I'm trying to get to the overscan slider in CCC but in the Desktops and Displays menu I can't right click the tv in the bottom left to bring up the configure option. If i hover the mouse over the tv it says TV, Disabled. How do i enable it? It's a Panasonic plasma hooked up to my pc using an HDMI to a Radeon HD 4870 X2 http://img38.imageshack.us/img38/4875/ati3r.jpg

    Read the article

  • hyperv vss writer unexpected error

    - by Eric Martin
    I am using Mozy Pro to backup our Hyperv servers. I am doing this without any issues on a 2nd server but this box hasn't backed up sucessfully yet. I was told by the support tech at Mozy to type: vssadmin list providers >c:\providers.txt vssadmin list writers >c:\writers.txt Writers.txt: vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool (C) Copyright 2001-2013 Microsoft Corp. Writer name: 'Task Scheduler Writer' Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124} Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b} State: [1] Stable Last error: No error Writer name: 'VSS Metadata Store Writer' Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06} Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93} State: [1] Stable Last error: No error Writer name: 'Performance Counters Writer' Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2} Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381} State: [1] Stable Last error: No error Writer name: 'System Writer' Writer Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Instance Id: {506e7d9c-ded3-4edf-824a-4dd9af7f7538} State: [1] Stable Last error: No error Writer name: 'ASR Writer' Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Instance Id: {1de438e4-09de-487c-9ea8-eeafbe3fd210} State: [1] Stable Last error: No error Writer name: 'COM+ REGDB Writer' Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Instance Id: {511d23d9-4cbb-400f-b739-e6e0a8ecdbee} State: [1] Stable Last error: No error Writer name: 'Microsoft Hyper-V VSS Writer' Writer Id: {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de} Writer Instance Id: {32f41185-2b20-41ff-a7aa-92c262f578cd} State: [1] Stable Last error: Unexpected error Writer name: 'Registry Writer' Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Instance Id: {fa328ece-623f-43cc-9888-e897e108c40e} State: [1] Stable Last error: No error Writer name: 'Shadow Copy Optimization Writer' Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Instance Id: {7b582861-7f7f-4c10-adb1-5106bcab3902} State: [1] Stable Last error: No error Writer name: 'WMI Writer' Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Instance Id: {d2f73a0f-c19a-44cc-bcd2-6c84ac6e516b} State: [1] Stable Last error: No error Writer name: 'MSMQ Writer (MSMQ)' Writer Id: {7e47b561-971a-46e6-96b9-696eeaa53b2a} Writer Instance Id: {95ea6efc-c00c-47ca-90d1-28fbe6d7a8d0} State: [1] Stable Last error: No error Writer name: 'IIS Config Writer' Writer Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6} Writer Instance Id: {d5a32f43-0675-400d-8502-cdece4c867e1} State: [1] Stable Last error: No error Providers.txt: vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool (C) Copyright 2001-2013 Microsoft Corp. Provider name: 'Microsoft File Share Shadow Copy provider' Provider type: Fileshare Provider Id: {89300202-3cec-4981-9171-19f59559e0f2} Version: 1.0.0.1 Provider name: 'Microsoft Software Shadow Copy provider 1.0' Provider type: System Provider Id: {b5946137-7b9f-4925-af80-51abd60b20d5} Version: 1.0.0.7 The tech said I needed to resolve this issue: Writer name: 'Microsoft Hyper-V VSS Writer' Writer Id: {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de} Writer Instance Id: {32f41185-2b20-41ff-a7aa-92c262f578cd} State: [1] Stable Last error: Unexpected error I checked the event viewer and this is the only thing I found related to hyperv: I don't know where to start to resolve this or to find out where the issue is at. I know nothing of the vss writer for hyperv so any input would be greatly appreciated.

    Read the article

  • TF2 with Parallels on a MacBook Pro

    - by Eric Koslow
    I am trying to get TF2 to run under Parallels on my 15'' MacBook Pro, but it is ultimatly failing. To get any decent frame rate I have to put all the setting to low, but even then I get weird graphical "gliches" when I play. Controlls are unresponsive and very laggy as well. I have increased the video memory to 256mb, but that doesn't seem to have helped. What else should I do to make the game playable?

    Read the article

  • pfSense with two WANs, routing skype traffic over a specific WAN

    - by Eric
    I have a pfSense setup with two WANs (WAN1 and WAN2) and one LAN network. The two WANs are setup for failover. However, QoS has recently been an issue for skype calls in our office place (about 30 people) so we want to dedicate WAN2 for skype traffic (we use skype for all voip calls, etc.) As Skype is notoriously difficult to deal with, does anyone have any suggestions on how I should deal with this? A simple rile based on ports will not work, and using layer7 inspection witha skype porfile on all incoming LAN packets doesn't seem like the way to go eiter. here is a related pfsense forum post: http://forum.pfsense.org/index.php/topic,50406.msg268520.html#msg268520

    Read the article

  • ColdFusion 9 64bit / MAMP Pro 1.9 64Bit on OSX

    - by Eric Ryan Jones
    I followed this thread and it's associated links. But there is nothing i can do to get CF9 to work. MAMP Pro now has the 64bit version of apache 2.2. Whenever i start apache i get an error saying it couldn't start and to check the logs. i check the logs and this is what i see. 6/1/10 12:39:12 PM [0x0-0x8d78d7].de.appsolute.mamppro[52702] Cannot load /Applications/ColdFusion9/runtime/lib/wsconfig/1/mod_jrun22.so into server: cannot create object file image or add library I've tried copying the mod_jrun22.so file form the installer, wsconfig.jar and from another developer running standalone apache. all fail. any ideas????

    Read the article

  • How do I Install fonts on Windows Web Server 2008 R2

    - by Eric Brearley
    I would like to install Arial on to our web servers. Just need to add, this is because we generate reports server-side and make them available in a number of downloadable formats (Excel, PDF etc), hence the need to have the fonts installed on the server. I have console access to our webfarm, and from the server I've copied the .ttf files and placed them in c:\fonts folder. Then I run the following VBScript on the server. ' VBScript to install fonts on Blade Servers ' Arial font-family Set objShell = CreateObject("Shell.Application") Set objFolder = objShell.Namespace("c:\fonts") Set objFolderItem = objFolder.ParseName("arial.ttf") objFolderItem.InvokeVerb("Install") Set objShell = CreateObject("Shell.Application") Set objFolder = objShell.Namespace("c:\fonts") Set objFolderItem = objFolder.ParseName("arialbd.ttf") objFolderItem.InvokeVerb("Install") Set objShell = CreateObject("Shell.Application") Set objFolder = objShell.Namespace("c:\fonts") Set objFolderItem = objFolder.ParseName("arialbi.ttf") objFolderItem.InvokeVerb("Install") Set objShell = CreateObject("Shell.Application") Set objFolder = objShell.Namespace("c:\fonts") Set objFolderItem = objFolder.ParseName("ariali.ttf") objFolderItem.InvokeVerb("Install") Set objShell = CreateObject("Shell.Application") Set objFolder = objShell.Namespace("c:\fonts") Set objFolderItem = objFolder.ParseName("ariblk.ttf") objFolderItem.InvokeVerb("Install") msgbox "Fonts installed" I get the message box, but no font installation pop-ups like I do when I run this script on my desktop. The fonts do not get installed, they do not sure in the font selection dialogue in notepad (on the web server) and we get the asp.net exception "Font 'Arial' cannot be found.". Have also restarted the server. I have also tried copying the .ttf files to the c:\windows\fonts folder and restarting the server. What do I need to do to install fonts on Windows Web Server 2008 R2?

    Read the article

  • Snort/Barnyard2 Logging

    - by Eric
    I need some help with my Snort/Barnyard2 setup. My goal is to have Snort send unified2 logs to Barnyard2 and then have Barnyard2 send the data to other locations. Here is my currrent setup. OS Scientific Linux 6 Snort Version 2.9.2.3 Barnyard2 Version 2.1.9 Snort command snort -c /etc/snort/snort.conf -i eth2 & Barnyard2 command /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo & snort.conf output unified2: filename snort.log, limit 128 barnyard2.conf output alert_syslog: host=127.0.0.1 output database: log, mysql, user=snort dbname=snort password=password host=localhost With this setup, barnyard2 is showing all of the correct information in the database and I'm using BASE to view it on the web GUI. I was hoping to be able to send the full packet data to syslog with barnyard2 but after reading around, it seems that it is impossible to do that. So I then started trying to modify the snort.conf file and add lines like "output alert_full: alert.full". This definitely gave me a lot more information but still not the full packet data like I want. So my question is, is there anyway I can use barnyard2 to send the full packet data of alerts to a human readable file? Since I can't send it directly to syslog, I can create another process to take the data from that file and ship it off to another server. If not, what flags and/or snort.conf configuration would you recommend to get the most data possible but still be able to handle quite a bit of traffic? In the end of it all, these alerts will be shipped to a central server via a SSH tunnel. I'm trying to stay away from databases.

    Read the article

  • 3ds Max with Parallels on a MacBook Pro

    - by Eric Koslow
    I am trying to get 3ds Max to run under Parallels on my 15'' MacBook Pro, but it is ultimatly failing. To get any decent frame rate I have to put all the setting to low, but even then I get weird graphical "gliches" when I play. Controlls are unresponsive and very laggy as well. I have increased the video memory to 256mb, but that doesn't seem to have helped. What else should I do to make the game playable? Mod-edit: I changed TF2 with a "random" 3D modelling software, which solves gaming related issues.

    Read the article

  • OSSIM - Snort/OSSEC/Nagios Logging Config Question

    - by Eric
    Quick n00b OSSIM question. I've looked around but haven't found exactly what I'm looking for. I currently have a Nagios, OSSEC, Nessus, and Snort server and I want to keep those servers active but just ship the logs to the OSSIM server and have it do the correlating and graphing. Can that be done? Everything I've seen is putting the various software functions actually on the OSSIM box but I don't want to do that. I'm running CentOS on all of the systems. Thanks.

    Read the article

  • Insufficient Permissions on UNC Path for Physical Path in IIS7

    - by Eric C
    I've got a multi-server setup where Server A is hosting the html files and Server B is running IIS 7.5. I've specified a UNC path for the Physical Path of the website on Server B. When I try to hit localhost I'm receiving the following error: Cannot read configuration file due to insufficient permissions I am able to browse and modify files in the UNC path on Server B. I'm guessing it has something to do with IIS_IUSRS of Server B not having permissions, but I'm unsure how to add them to the shared directory of Server A.

    Read the article

  • IE Kerberos failure on some machines with CNAME web server (with SPN for host's A record)

    - by Eric Thames
    It's fairly well known that IE doesn't like to do Kerberos against hosts that are registered in DNS as CNAMEs. What happens is that IE turns around and uses the underlying A record for the host for looking up the Service Principal Name (SPN). On a test network we are able to get Kerberos working by having the SPN registered for the A record of the host, so that Kerberos authentication happens successfully when accessing the web server via it's CNAME in the browser. Kerberos authentication works properly when directly accessing the web server with the A record host in the URL, but for various reasons that are beyond my control, it is desired to use the CNAME. On the production network, this same configuration fails though and I can't figure out why. Any thoughts? This is a java web application using the SPNEGO library - not IIS. Kerberos authentication is working properly in both the test and production networks (and has been confirmed to not fail back to NTLM), but the CNAME access only works in test.

    Read the article

  • Selenium server causes crazy load on server - how to prevent?

    - by Eric
    I'm running this linux: Linux host.themepark.com 2.6.32-220.4.1.el6.x86_64 #1 SMP Tue Jan 24 02:13:44 GMT 2012 x86_64 x86_64 x86_64 GNU/Linux And I run the Selenium stand-alone server on my box with this command: java -jar /home/l/cron/selenium-server-standalone-2.24.1.jar > /logs/selenium.log 2>&1 & Here's the problem: as soon as I do that, the server load starts skyrocketing. I even went back and downloaded older versions of the Selenium server, but same results with 2.23.1, 2.23.0, and 2.19.0. Note that the server load starts going nuts before I issue ANY commands to Selenium or do anything else. All I'm doing is firing up the server, per the command above. This used to work perfectly on my server without causing massive server load, so something has changed, but I'm not sure what. My server is a managed VPS so I don't know if there is some kind of auto-update script that kicked in or what... but it's a problem. (Incidentally, even though the server load climbs like crazy, everything still works: after firing up Selenium, my server creates a screen with Xvfb so Firefox will be happy, then a PHP script talks to Selenium to do what it needs to do before shutting everything down. It takes a LONG time, and the load gets all the way up to 8 [!!!] before it is finished, which kills my web server and makes the main site horribly unresponsive... but it does get everything done.) Any suggestions for what is going on, why it's started doing this and/or, most importantly, how I can make Selenium not kill the server when it starts up... would be GREATLY appreciated!

    Read the article

  • High mysql server load, sar output

    - by eric
    I have a MySQL Server that should be performing better than it seems to be. We're running ubuntu on a Amazon Cluster Compute (cc1.4xlarge) Linux ip-10-0-1-60 3.2.0-25-virtual #40-Ubuntu SMP Wed May 23 22:20:17 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 12.04 LTS Release: 12.04 Codename: precise I have several output files from sar that i'm not really sure how to interpret. For example, I ran: # Individual block device I/O activities sar -d 1 180 > logs/block_device_io.log & which gave me what looks like really high utilisation of my disk (turns out this block device maps to /dev/xvdh on /var/lib/mysql type ext4 (rw,_netdev) The output from my log: 10:48:59 PM DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util 10:49:00 PM dev202-16 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 10:49:00 PM dev202-32 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 10:49:00 PM dev8-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 10:49:00 PM dev202-112 1008.00 31040.00 1416.00 32.20 1.02 1.01 0.89 90.00 10:49:00 PM dev202-80 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Am I wrong in thinking this is a problem? I have it above 90% almost the entire time we're seeing slowness. Or does this just mean MySQL is doing what it's supposed to do?

    Read the article

  • Dynamic DNS registration for VPN clients

    - by Eric Falsken
    I've got a VPN server set up in my Active Directory on a remote network. (VPN Server is separate box from DNS/AD) When I dial into the network (client machine is not a member of the AD) the machine does not register its IP or Hostname in the DNS. I've played with all possible combinations of DHCP and RRAS-allocated IP pools, and none of them seem to cause my client to register. Is it because my client has to be a member of the domain? Are there some security settins I can tweak so that it can register its hostname/ip? I've looked in the event logs (System and Security) for the AD, DNS, DHCP, RRAS, and the client machine, and don't see anything relating to DNS Registration. Here's the IPConfig on the client machine (once connected): PPP adapter My VPN Name: Connection-specific DNS Suffix . : mydomain.local Description . . . . . . . . . . . : My VPN Name Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.1.52 <- DC1 192.168.1.53 <- DC2 NetBIOS over Tcpip. . . . . . . . : Enabled Edit: It looks like my clients are not recieving the DHCP Scoope Options. I found this great article in Microsoft's KB. So the problem here is that the VPN Server "pre-reserves" the DHCP addresses, but then you have to add the DHCP Relay Agent to relay the secondary request for scope options. My problem is that the DHCP Relay Agent isn't relaying to the local DHCP server (same box as the VPN/RRAS). I've configured the DHCP Relay Agent according to this KB, but it dosn't work for a local DHCP server. (I see the request count increasing, but no responses) I was able to get everything working by specifying the DNS server and domain name in the VPN connection properties on the client. But am still unable to assign it (or the default gateway) dynamically via DHCP. The client also has to be a member of the remote domain.

    Read the article

  • Secure iptables config for Samba

    - by Eric
    I'm trying to setup an iptables config such that outbound connections from my CentOS 6.2 server are allowed ONLY if they are of state ESTABLISHED. Currently, the following setup is working great for sshd, but all the Samba rules get totally ignored for a reason I cannot figure out. iptables Bash script to setup ALL rules: # Remove all existing rules iptables -F # Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow incoming SSH iptables -A INPUT -i eth0 -p tcp --dport 22222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22222 -m state --state ESTABLISHED -j ACCEPT # Allow incoming Samba iptables -A INPUT -i eth0 -s 10.1.1.0/24 -p udp --dport 137:138 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -d 10.1.1.0/24 -p udp --sport 137:138 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -s 10.1.1.0/24 -p tcp --dport 139 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -d 10.1.1.0/24 -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT # Enable these rules service iptables restart iptables rule list after running the above script: [root@repoman ~]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:22222 state NEW,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:22222 state ESTABLISHED Ultimately, I'm trying to restrict Samba the same way I have done for sshd. In addition, I'm trying to restrict connections to the following IP address range: 10.1.1.12 - 10.1.1.19 Can you guys offer some pointers or possibly even a full-blown solution? I've read man iptables quite extensively, so I'm not sure why the Samba rules are getting thrown out. Additionally, removing the -s 10.1.1.0/24 flags don't change the fact the rules get ignored.

    Read the article

  • Automatically Applying Security Updates for AWS Elastic Beanstalk

    - by Eric Anderson
    I've been a fan of Heroku since it's earliest days. But I like the fact that AWS Elastic Beanstalk gives you more control over the characteristics of the instances. One thing I love about Heroku is the fact that I can deploy an app and not worry about managing it. I am assuming Heroku is ensuring all OS security updates are timely applied. I just need to make sure my app is secure. My initial research on Beanstalk shows that although it builds and configures the instances for you, after that it moves to a more manual management process. Security updates won't automatically be applied to the instances. It seems there are two areas of concerns: New AMI releases - As new AMI releases hit it seems we would want to run the latest (presumably most secure). But my research seems to indicate you need to manually launch a new setup to see the latest AMI version and then create a new environment to use that new version. Is there a better automated way of rotating your instances into new AMI releases? In between releases there will be security updates released for packages. Seems we want to upgrade those as well. My research seems to indicate people install commands to occasionally run a yum update. But since new instances are created/destroyed based on usage it seems that the new instances would not always have the updates (i.e. the time between the instance creation and the first yum update). So occasionally you will have instances that aren't patched. And you are also going to have instances constantly patching themselves until the new AMI release is applied. My other concern is that perhaps these security updates haven't gone through Amazon's own review (like the AMI releases do) and it might break my app to automatically update them. I know Dreamhost once had a 12 hour outage because they were applying debian updates completely automatically without any review. I want to make sure the same thing doesn't happen to me. So my question is does Amazon provide a way to offer fully managed PaaS like Heroku? Or is AWS Elastic Beanstalk really more of just a install script and after that you are on your own (other than the monitoring and deployment tools they provide)?

    Read the article

< Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >