Search Results

Search found 26179 results on 1048 pages for 'linux from scratch'.

Page 434/1048 | < Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441 | Next Page >

IPTables configuration help

- by Sam

I'm after some help with setting up IPTables. Mostly the configuration is working, but regardless of what I try I cannot allow localhost to access the local Apache only (i.e. localhost to access localhost:80 only). Here is my script: !/bin/bash Allow root to access external web and ftp iptables -t filter -A OUTPUT -p tcp --dport 21 --match owner --uid-owner 0 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 80 --match owner --uid-owner 0 -j ACCEPT Allow DNS queries iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT Allow in and outbound SSH to/from any server iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp -d 0/0 --sport 22 -j ACCEPT Accept ICMP requests iptables -A INPUT -p icmp -s 0/0 -j ACCEPT iptables -A OUTPUT -p icmp -d 0/0 -j ACCEPT Accept connections from any local machines but disallow localhost access to networked machines iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT iptables -A OUTPUT -d 10.0.1.0/24 -j DROP Drop ALL other traffic iptables -A OUTPUT -p tcp -d 0/0 -j DROP iptables -A OUTPUT -p udp -d 0/0 -j DROP Now I have tried many permutations and I'm obviously missing everything. I place them above the in/out bound SSH to/from, so it's not the precedence order. If someone could give me the heads up on allowing only the local machine to access the local web server, that'd be great. Cheers guys.

Read the article
PcLinuxOs demands I use only one repository at time. Is it right?

- by m33600

I come to your presence with this question that is paralyzing my coding efforts. PclinuxOs was my distro of choice for reliability, but it is jealous and does not permit me to add repos from, say, Debian. The wiki is clear advising on using just one repo, and I end up not finding what I used to find on normal Debians. Multimon, the audio decoder, for example (my other question) is not there. When I try to install multimon with hammer and plies, it returns errors of all kinds. Is there a way to safely and temporarily add a repository, make the install and remove the repo, returning pclinuxos to its stable state?

Read the article
What can be done to improve time synchronization on networks with sporadic internet access?

- by anregen

I'm looking for advice setting up time servers for a very non-typical network. I support many closed networks that have occasional access to the internet. A network would get access most days for a few hours, but would frequently go 1-3 weeks blacked-out. The computers/servers on this network are mostly *nix-based, but not all the same flavor. The entire network is mobile, so when it connects, it will have very different hops/latency to internet time servers. The servers on the closed network are powered-off frequently (at least daily). Right now, my gut tells me to use NTP (because I hate re-learning all the stuff that someone else already got working pretty well). But I have several issues, and am looking for someone with experience in this type of strange situation. I currently have no solution in place, I'm simply letting the internal clocks drift. This results in errors of ~600s in a majority of networks. I have seen mismatch worse than 10,000s. Is there something "better" than NTP in this situation? I know NTP likes to have very frequent, consistent access to servers that give nearly identical answers. I won't have that. How many internal NTP servers should I configure, so that during periods of internet blackout, I have internal time that is consistent within the closed network? There is no human access. No matter how large the mismatch, the server(s) must attempt to correct itself. Discrete steps are very bad. No matter how large the mismatch, the correction must be "slewed", not "stepped". I understand that this could take many hours to correct.

Read the article
How does Heartbeat determine when to switch to the secondary? Can you force it to switch?

- by John

I've been trying to understand exactly how Heartbeat works - I understand how when one server dies, it switches to the backup. But, for me, it also switches when the primary has a large increase in workload. But, it doesn't always switch at the same value. There doesn't seem to much information on the web about how it works. The best I've found is this article. How does Heartbeat determine when to switch to the secondary, and how does it determine when it switch back to the primary? Is this an editable setting, and can I force it to switch between one and the other? Sometimes when Heartbeat will switch to the secondary, it takes a few days or I've even seen two weeks before it switches back to the primary. This is well after the primary traffic has gone down. I'm currently using BlueOnyx, and my Heartbeat settings are: Auto Failback: on Keepalive: 1 seconds Warntime: 10 seconds Deadtime: 20 seconds Initdead: 30 seconds

Read the article
Do you know a script for email round trip monitoring?

- by crazyfr

Do you know a simple script that can do email round trip monitoring ? I want to monitor email service on A. I install the script on B. B sends an email to A A sends an auto-reply to B B knows that email service is working well. B restarts this test every 30min. If B didn't received replies, it sends an alert message. B could also monitor round-trip delay of emails. I have not access to the email service, I can only ask new end user email and configure auto-reply. B is an Ubuntu. Thanks!

Read the article
Uploads fail with shorewall enabled

- by JamesArmes

I have an Ubuntu 8.04 server with shorewall 4.0.6 installed. When I try to upload files using FTP, SCP, or cURL the file upload stalls almost immediatly and eventually times out. If I turn off shorewall then the uploads work fine. I don't have any rules that specifically allow FTP and I'm not too concerned with it, but I do need to be able to upload via 22 (SCP) and 80 & 443 (cURL). This is what my rules look like: COMMENT Allow Server to respond to any web (80) and SSL (443) requests ACCEPT net $FW tcp 80 ACCEPT $FW net tcp 80 ACCEPT net $FW tcp 443 ACCEPT $FW net tcp 443 COMMENT Allow Server to respond to SNMPD (161) requests ACCEPT net $FW udp 161 COMMENT Allow Server to respond to MySQL (3306) requests (for MySQL Graphing) ACCEPT net $FW tcp 3306 COMMENT Allow Server to respond to any SSH connection attempts, and to SSH out. SSH/ACCEPT net $FW SSH/ACCEPT $FW net COMMENT Allow Server to make DNS Requests out. DNS/ACCEPT $FW net COMMENT Default "close" anything else. Ping/REJECT net $FW ACCEPT $FW net icmp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I expected the top four ACCEPT lines to allow inbound and outbound traffic over 80 and 443 and I expected the two SSH/ACCEPT lines to allow inbound and outbound trffic over 22, including SCP. Any help is greatly appreciated. /etc/shorewall/policy contains the following (all lines above are commented out): # # Allow all connection requests from teh firewall to the internet # $FW net ACCEPT # # Policies for traffic originating from the Internet zone (net) # Drop (ignore) all connection requests from the Internet to the firewall # net all DROP info # THE FOLLOWING POLICY MUST BE LAST # Reject all other connection requests all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Read the article
Terminal, vim and ssh color problem

- by xaph

I'm using vim for my editor. I've problems about the colors of vim. The same colorscheme of vim gives different outputs in terminal, ssh session and screen. I learnt they've different colors(16, 88 or 256). I don't care of using 16 color or 256 color. Also the terminal emulator is not very important to me. My questions: 1- How do I use same vim colorscheme with same output on everywhere? 2- I want to write a color definition and use it every terminal(maybe with Xdefaults file). Is it possible?

Read the article
How to mount a iSCSI/SAN storage drive to a stable device name (one that can't change on re-connect)?

- by jcalfee314

We need stable device paths for our Twinstrata SAN drives. Many guides for setting up iSCSI connectors simply say to use a device path like /dev/sda or /dev/sdb. This is far from correct, I doubt that any setup exists that would be happy to have its device name suddenly change (from /dev/sda to /dev/sdb for example). The fix I found was to install multipath and start a multipathd on boot which then provides a stable mapping between the storage's WWID to a device path like this /dev/mapper/firebird_database. This is a method described in the CentOS/RedHat here: http://www.centos.org/docs/5/html/5.1/DM_Multipath/setup_procedure.html. This seems a little complicated though. We noticed that it is common to see UUIDs appear in fstab on new installs. So, the question is, why do we need an external program (multipathd) running to provide a stable device mount? Should there be a way to provide the WWID directly in /etc/fstab?

Read the article
Free Hosting control panel

- by John Maxim

Hello All, I'm in the mid of researching for one of the best hosting control panels. The server I run is Ubuntu and I have some experience with ISPConfig 2 & 3. Since I haven't explored any others available, what are the recommended ones for an Ubuntu server? I asked because I find that there seems to be some disabling and modifications required for an Ubuntu server if I need to use ispconfig which causes the server to change its actual way of running. It's quite good though, but any more recommended ones ? Something more organic? which doesn't require much breaking and changing. I'm not asking for the simple one, I don't mind going extra mile to install a powerful one but just try sticking with most Ubuntu's conventions will be an ideal one for me. And of course, if there happens to be something that meets the requirement as mentioned "Ubuntu conventions" and also simple to install at the same time, that'd be a bonus. Thanks in advance.

Read the article
Is there any reason this cronjob would fail in cron, but not on the command line?

- by Treffynnon

I have written a little one liner that will email me when a list of files changes - I used sha512 to generate a list of hashes and then periodically check that those hashes still match. */5 * * * * /usr/bin/sha512sum --status -c /sha512.sumlist && echo "Success" > /dev/null || echo "Check robots.txt and index.html in /var/www as staging sites are now potentially exposed to the world and the damned googlebot" | /usr/bin/mail -s "Default staging server files have changed" [email protected] It works fine on the command line with: /usr/bin/sha512sum --status -c /sha512.sumlist && echo "Success" > /dev/null || echo "Check robots.txt and index.html in /var/www as staging sites are now potentially exposed to the world and the damned googlebot" | /usr/bin/mail -s "Default staging server files have changed" [email protected] As soon as I run it as a cronjob though it emails every time it runs with the failure message instead of only when the sha512sum check should fail. Is there something silly I have missed in a rush? I forgot to mention that I am running an Ubuntu machine.

Read the article
Setting up a transparent proxy with only one box.

- by Scott Chamberlain

I am playing around with transparent proxies, unfortunately I do not have two machines to test it out with. The current way I am doing things is the program makes a request to a computer on port 80, I use iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that I am playing with. the proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy so I want to do something like iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80 The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip? Or am I doing this setup completely wrong, I am learning after all and constructive criticism is definitely appreciated. The machine I am using is pretty low end so I would like not not have to create a VM with a second box unless absolutely necessary.

Read the article
Execute script before shutting down in Ubuntu

- by juanefren

When I shut down my computer I want to show some pending tasks that I have to do before leaving the office... I did a local application to manage those tasks, so basically I just want to run a command, and shut down after I kill the app executed. I have already tried with these options: * /etc/gdm/PostSession/Default -- this works only when I select LogOut option instead Shutdown. * /etc/rc0.d/K01mycustomscript -- execute script after X is killed * $HOME/.bash_logout -- This looks like does nothing. * ./app-to-run && sudo shutdown -h now -- Don't like it for 2 reasons, prompts for sudo password, and can't use my laptop shutdown button. I am using Ubuntu 10.04

Read the article
forbidden access on addon domains

- by ehmad11

I have one domain hosted on server domain.com, there are about 20 subdomains as addon domains there. For no good reason someone has changed (chgrp) on all files in domain.com directory to domain.com user now all websites are showing 403 forbidden access error. What should i do now to resume websites. I have tried changing php handler but no luck yet :/ php5 handler is suphp and Apache suEXEC is on....

Read the article
How to Exclude an URL for Apache Mod_proxy?

- by Mughil

We have two Apache server as front-end and 4 tomcat server as back-end configured using mod_proxy module as load balancer. Now, we want to exclude an single tomcat url from the mod_proxy load balancer. Is there any way or rule to exclude? Proxy Balancer Setting: <Proxy balancer://backend-cluster1> BalancerMember http://10.0.0.1:8080 loadfactor=1 route=test1 retry=10 BalancerMember http://10.0.0.2:8080 loadfactor=1 route=test2 retry=10 </Proxy>

Read the article
LAMP Stack Version Help -- Is there a website or version tracker source to help suggest the right versions of each part of a platform stack?

- by Chris Adragna

Taken singly, it's easy to research versions and compatibility. Version information is readily available on each single part of a platform stack, such as MySQL. You can find out the latest version, stable version, and sometimes even the percentage of people adopting it by version (personally, I like seeing numbers on adoption rates). However, when trying to find the best possible mix of versions, I have a harder time. For example, "if you're using MySQL 5.5, you'll need PHP version XX or higher." It gets even more difficult to mitigate when you throw higher level platforms into the mix such as Drupal, Joomla, etc. I do consider "wizard" like installers to be beneficial, such as the Bitnami installers. However, I always wonder if those solutions cater more to the least common denominator -- be all to many -- and as such, I think I'd be better to install things on my own. Such solutions do seem kind of slow to adopt new versions, slower than necessary, I suspect. Is there a website or tool that consolidates versioning data in order to help a webmaster choose which versions to deploy or which upgrades to install, in consideration of all the other parts of the stack?

Read the article
Strange ssh login

- by Hikaru

I am running debian server and i have received a strange email warning about ssh login It says, that user mail logged in using ssh from remote address: Environment info: USER=mail SSH_CLIENT=92.46.127.173 40814 22 MAIL=/var/mail/mail HOME=/var/mail SSH_TTY=/dev/pts/7 LOGNAME=mail TERM=xterm PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games LANG=en_US.UTF-8 SHELL=/bin/sh KRB5CCNAME=FILE:/tmp/krb5cc_8 PWD=/var/mail SSH_CONNECTION=92.46.127.173 40814 my-ip-here 22 I looked in /etc/shadow and find out, that password for is not set mail:*:15316:0:99999:7::: I found this lines for login in auth.log n 3 02:57:09 gw sshd[2090]: pam_winbind(sshd:auth): getting password (0x00000388) Jun 3 02:57:09 gw sshd[2090]: pam_winbind(sshd:auth): pam_get_item returned a password Jun 3 02:57:09 gw sshd[2091]: pam_winbind(sshd:auth): user 'mail' granted access Jun 3 02:57:09 gw sshd[2091]: Accepted password for mail from 92.46.127.173 port 45194 ssh2 Jun 3 02:57:09 gw sshd[2091]: pam_unix(sshd:session): session opened for user mail by (uid=0) Jun 3 02:57:10 gw CRON[2051]: pam_unix(cron:session): session closed for user root and lots of auth failures for this user. There is no lines with COMMAND string for this user. Nothing was found with "rkhunter" and with "ps aux" process inspection, also there is no suspicious connections was found with "netstat" (as I can see) Can anyone tell me how it is possible and what else should be done? Thanks in advance.

Read the article
VirtualBox Port Forward not working when Guest IP *IS* specified (while doc says opposite)

- by Patrick

Trying to port forward from host (Mac OS X) 127.0.0.1:8282 - guest (CentOS)'s 10.10.10.10:8080. Existing port forwards include 127.0.0.1:8181 and 9191 to guest without any IP specified (so whatever it gets through DHCP, as explained in the documentation). Here is how the non-working binding was added: VBoxManage modifyvm "VM name" --natpf1 "rule3,tcp,127.0.0.1,8282,10.10.10.10,8080" Here is how the working ones were added: VBoxManage modifyvm "VM name" --natpf1 "rule1,tcp,127.0.0.1,8181,,80" VBoxManage modifyvm "VM name" --natpf1 "rule2,tcp,127.0.0.1,9191,,9090" And by "non-working", I of course mean not listening (as a prerequisite to forwarding): $ lsof -Pi -n|grep Virtual|grep LISTEN VirtualBo 27050 user 21u IPv4 0x2bbdc68fd363175d 0t0 TCP 127.0.0.1:9191 (LISTEN) VirtualBo 27050 user 22u IPv4 0x2bbdc68fd0e0af75 0t0 TCP 127.0.0.1:8181 (LISTEN) There should be a similar line above but with 127.0.0.1:8282. Just to be clear, this port is listening perfectly fine on the guest itself. And when I remove the guest IP (i.e., clear the 10.10.10.10) the forward works fine, albeit to eth0 (not eth1 where I need it). I can tcpdump and watch the traffic flow back and forth. And yes, I've disabled iptables entirely while testing -- it's not getting blocked anywhere on the guest. As VirtualBox writes in their documentation, you are required to specify the guest IP if it's static (makes sense, no DHCP record it keeps): "If for some reason the guest uses a static assigned IP address not leased from the built-in DHCP server, it is required to specify the guest IP when registering the forwarding rule:". However, doing so (as I need to), seems to break the port forward with nary a report in any log file I can find. (I've reviewed everything in ~/Library/VirtualBox/). Other notes: While I used the above command to add the third rule, I've also verified it showed up correctly in GUI and then removed/re-added from there just to make sure). This forum link -- while very dated -- looks somewhat related in that a port forward to a static IP was not appearing (perhaps they think due to lack of gratuitous arp being sent for host to know IP is there/avail?). Anyway, what gives? Is this still buggy? Any suggestions? If not, easy enough workarounds? What's interesting is that this works perfectly fine on another user's Mac, however he's running a slightly older version (4.3.6 v. 4.3.12).

Read the article
$DISPLAY dependent gtk themes

- by Vlad Seghete

I have a computer at home that I log into remotely. The "monitor" for it is a TV, so I want gtk applications to use a large font and icon theme, which I managed to do by editing the ~/.gtkrc-2.0 file and some other similar stuff. What I want to be able to do is have a separate theme for when I'm logging in remotely. The best way to explain is that I would like my gtk theme choice to be dependent on the X display that the application is started on. For example, if I start something on :0.0 then that is the TV and I want large fonts, but if I start it on localhost:10.0 I want to use a regular size font, because it will get rendered on my laptop screen. The elegant solution would be to have some sort of IF statement in the .gtkrc-2.0 file that checks the $DISPLAY variable and behaves accordingly. The problem is I can't find any documentation on control structures in .gktrc files, or if it's even possible to do that.

Read the article
How to figure out disks performance in Xen?

- by cpt.Buggy

So, I have a Dell R710 with PERC 6/i Integrated and 6 450Gb Seagate 15k SAS disks in RAID10, I have 30 Xen vps working on it. Now I need to deploy second server with same hardware for same tasks and I want to figure out maybe it's a good idea to use RAID5 instead of RAID10 because we have a lot of "free" memory on first server and not so much "free space". How do I find out disks performance on first server and find out could I move it to RAID5 without slowing down of whole system?

Read the article
Debian: Unable to mount a second drive as a subdirectory inside of another partition.

- by jkndrkn

Hello. I have the following /etc/fstab: # /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/md1 / ext3 defaults,errors=remount-ro 0 1 /dev/md0 /boot ext3 defaults 0 2 /dev/md5 /home ext3 defaults 0 2 /dev/md3 /opt ext3 defaults 0 2 /dev/md6 /tmp ext3 defaults 0 2 /dev/md2 /usr ext3 defaults 0 2 /dev/md4 /var ext3 defaults 0 2 /dev/md7 none swap sw 0 0 /dev/sdc /home/httpd ext3 defaults 0 2 /dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/sdc1 /mnt/usb/backup-1 auto defaults 0 0 I am unable to get /dev/sdc/ to mount at /home/httpd/ on reboot. The /home/httpd/ directory exists. Mounting via mount -t ext3 /dev/sdc /home/httpd works just fine. Mounting via mount -a generates the following error message: mount: you must specify the filesystem type This is, incidentally, the same message that I see while booting. The error message goes away if I comment out the line in fstab starting with /dev/sdc.

Read the article
Can't unlock locked screen, in Ubuntu 12

- by Camille Goudeseune

After locking the screen (with a keystroke bound to xlock -nice 8 -mode blank), I can unlock the screen as expected, but only within a few minutes. After being locked overnight, when I hit a key (even Ctrl+Alt combos), the screen stays black with just a brief white flash across the middle of both monitors. The workaround is to ssh in from another host and restart X. Some months ago, this happened every few weeks. By now it happens almost every morning. How do I even start to diagnose this? What might I look for in log files? (The intermittency is particularly troubling.) Failing that, is there an alternative to xlock aka xlockmore? Hardware: 3-year-old HP minitower, GEForce 9800 GT, two Asus LCD monitors. Software: Ubuntu 12.04.2 LTS. Window manager awesome-wm. NVidia driver 304.88. XLock version xlockmore-5.31.

Read the article
Shell script to read value from a file and compare it to another one

- by maneeshshetty

I have a C program which puts one unique value inside a test file (it would be a two digit number). Now I want to run a shell script to read that number and then compare with my required number (e.g. 40). The comparison should deliver "equal to" or "greater". For example: The output of the C program is written into the file called c.txt with the value 36, and I want to compare it with the number 40. So I want that comparison to be "equal to" or "greater" and then echo the value "equal" or "greater".

Read the article
Display the last few lines of a very large file

- by gAMBOOKa

I've got a log file that's managed to bloat upto 150MB. Is there a way to read only the last say 100 lines of the file instead of the whole thing? I don't want to have to download a 150 MB file with my current connection. I'd rather SSH in and read the relevant parts.

Read the article
Xinerama 3 displays can't have main display in the middle

- by mononym

I have 3 monitors running on 2 cards, they are all working as 3 seperate displays, however, if i move the main display from the left (0,0) i cannot drag to the left window as the mouse goes crazy and crashes my system (i have to restart x) I would much prefer my main display to be in the centre. Any help appreciated

Read the article
What do these acronyms stand for ?

- by Luc M

Some directories are easy to understand the meaning /usr /bin ... But for the next ones, I have no idea. /etc /opt opt for optionnal ? etc for electronic t...... configuration (no idea for t) I would like to know what these acronyms are meaning

Read the article

< Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441 | Next Page >