We are seeing some dropped SSH connections because of which some of the process are failing . The main likely reason for the connection drops is that both the client and server remains 100% busy during a certain time interval and during that time interval we see those occassional connection closed by the server.
[Code]...
I seem to be able to install / configure Postfix server in 10 minutes as an MTA for a single domain but my struggle is really understanding the maps / restrictions which even after reading "The Book of Postfix" is not very clear to me:
[Code]....
My question is between those commonly used three maps above, what are the difference between them and how do I know when to use one over the other? Can someone clearly explain them to me? Here's what I have in my 'main.cf' but honestly I couldn't tell you if they're correct or now:
[Code]....
I have Googled and searched dozens of forums and mailing list archives for a couple days now, and I haven't found a straightforward answer to what is REALLY required in a Postfix main.cf file to stop backscatter.
A couple of our servers are stil being flagged as sending backscatter. Is it possible to send a bounce message these days without it being considered backscatter?
I keep adding suggested "fixes" to my main.cf file, but Backscatterer.org still says we're doing it.
Here's my postconf -n output:
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
[Code].....
having trouble understanding selinux. the domain is cluster containing permissions. a type is nothing more than a label applied to something like a file,right? so instead of applying the permission set of foo domain to the /etc/shadow file it would be apply label shadow_t to /etc/shadow and make the shadow_t apart of the foo domain?
View 1 Replies View RelatedI have a set of iptables rules generated by Firestarter, and i'm in the process of trying to familiarise myself with iptables itself, but there's one particular rule which is confusing me, perhaps somebody could explain it to me
My INPUT chain reads as follows:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- cdns01.plus.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cdns01.plus.net anywhere
ACCEPT tcp -- cdns02.plus.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
[Code]...
Given that the firewall is actually blocking packets, it can't be this simple, so what am I missing?
I have a process that forks, where the childs puts some data of random size and exits while the parent should get the data and does some manipulation.. here I have used a pipe for child to write the data and parent to read the data.. Child simply dumps the data, and the data is of any size even child and parent doesnt know.
I have used select in the parent to see whether there is any data coming on the reading end of the pipe.. if there is a data.. I copy into a buffer.. Im reading the data continusly when the child exits after closing the writing end of pipe. Parent gets blocked on the read part But my question is how parent know the other of pipe is closed when using the select call. In otherwords.. while using select in readfds, how would i know the other end has closed the pipe..
I searched this on the web to no avail. Could I get a clarification on what exactly Yum ,Yumex, and Packager Installer are? Yum is the terminal and Package installer is (System>Addministration>Add/Remove Sofware correct? Additionally what is Yup and what is Yumex.
View 1 Replies View RelatedI run a Laptop (Mint 17.1), which is connected to a Debian 8.1 server over a LAN. The systems are connected through a router. Both of them show no problems when working independently and when doing work on the internet. Also, ping works fine (no lost packets, no delays!) from Debian to Mint. However when doing a ping from the Laptop (Mint) to the Debian server, I experience frequent packet losses and timeouts. In fact, a "first" ping may lose the first 20 to 30 "tries". Thereafter, if I repeat pings immediately and quickly one after the other, they might in geral not lose packages or show delays. Ping to and from the router also works perfectly in either direction!
Of course, functions such as ssh or samba-sharing are hampered as well by this behaviour. Also, if I DO in fact manage to connect to the Debian server via ssh, my console (KDE 14) is freuqently "locked" (i.e. - doesn't show my input for a while) but in the end DOES show the characters entered and gets processed o.k. (eg. when doing an "ls"-command). Both systems are at the latest software-level and I just finished installing Debian 8.1. The situation was the same on Debian Wheezy, however.
I want to make a script for something, but I'm worried the timeouts on sudo permissions (how you can't got more than 5/10 minutes between sudo commands before needing your password again). Basically, I don't want my script to be redundant and require overseeing for password inputs.
Code:
sudo echo Hello.
sleep 6000
sudo echo This is text. This shows the basis of the problem. I will need to enter my password twice.
Would allowing it to run uninterrupted be as easy as running this theoretical shell script his sudo to begin with?
i'm new to linux so bear with me.we have two servers running in a cluster mode. i disable the cluster so that we could install a new os kernel that was provided by our vendor tumbleweed.So the active server which does not have the upgraded os kernel the version is Linux version 2.6.5-7.283-smp (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 SMP Wed Nov 29 16:55:53 UTC 2006 for the server which does not have the kernel upgrade, i can mount to netapp mount. however from the server which has it's kernel upgraded, i get a rpc timeout error when i try to mount the drive.
somehow the server which has got the kernel upgrade is trying to use udp. the server goes through a firewall before getting to the netapp server and upd is not allowed.in the fstab entries, i specified tcp,proto=tcp but no matter what values i put in, it's trying to use upd.
There's a short version at the bottom.
I just installed jessie with gdm3 and use xfce.
I like my monitor to turn off when I'm not at the computer for more than 10 or 20 minutes or so and it wasn't doing that. I haven't used Linux for years and was used to xorg.conf/x11.conf and xinitrc and such.
So I rediscovered xset is responsible for DPMS settings. xset -q revealed DPMS was off. So I used it and put it in ~/.xinitrc. It didn't work. After some canoodling around I found out about xfce's Session and Startup gui thing. I was using that to run ~/.xinitrc.
When I got to my desktop and did a check with xfce4-terminal by running xset -q it would show DPMS enabled but the values were wrong. 600, 0, 900 to be exact.
After some searching I came across the information that xscreensaver will override DPMS settings as it manages DPMS too. So after more canoodling I found out about xfce's Screensaver preferences dialogue and used that to set my values. The values would immediately be set but the problem is that they are not persistent. If I reboot or log out the values will revert to 600, 0, 900. They will only reset to what I want them to be by running xfce's Screensaver preferences dialogue manually.
man gdm3, info gdm3, grep -r DPMS in /etc/gdm3, grep -r dpms in /etc/gdm3 reveal nothing related to DPMS. I've done some searching and nothing useful.
there is an /etc/X11/app-defaults/XScreenSaver-nogl which has some DPMS settings but the times are too large (2 hours); the only thing that matches is the off setting which is specified there.
xscreensaver -no-splash is present in the output of ps so it is xscreensaver and not gnome-screensaver.
The weird thing is that I re-enabled my ~/.xinitrc in xfce's Session and Startup gui thing and it is being run, but the numbers are getting set wrong after it is run. (I put an echo command after xset dpms 900 1200 1500, and the file is appearing in ~)
Where does 600, 0, 900 come from? Mystified on how to proceed from here. I don't remember enough on how to see what's doing what. Is there some sys thing or proc thing I can monitor to find out what's setting these values?
Short version: my xset dpms values are getting reset to 600, 0, 900 every time I logout or reboot. They revert to 600, 0, 900 every time I get to my desktop. I use gdm3 and xfce. Where are these coming from?
I was having a problem where my server would go unresponsive to it's No-IP redirected name while access via local net IP was unaffected. Access via the No-IP name would usually be restored within 5 minutes or so.
View 1 Replies View RelatedI am having a problem with HTTPs in a double NAT'd network configuration. The scenario is like this..
[Code]...
Machines on these LANs can talk to each other no problem. There is also a NAT rule configured for traffic going from LAN A via LAN C out to the Internet. The Nokia is also doing NAT'ing. Normal web browsing works fine with this setup, but whenever I try to access HTTPS sites, it just hangs and eventually times out.Packet captures have showed lots of TCP Retransmission messages. If I logon directly to the Linux Router and fire up a browser, I am able to access HTTPS sites without any problems. This appears to be something to do with the traffic being NAT'd twice. Is there a way I can get around this without changing the config of the Nokia?
I'm using the linksys wmp300n with ndiswrapper to connect to a belkin wireless router with a static ip (192.168.2.3). The rest of the PCs in the house have .2, .4, and .5 only running windows XP and 7. This one won't stay connected during large file transfers within the network or over the internet in Ubuntu. I made a script to restart ndiswrapper but I have to do it every 2 or 3 min during a file transfer. I can't play online games at all. No ssh sessions for more than a few min... so on and so forth. None of these issues happen in Windows 7 but when it was first installed it had to do something with dhcp before it would stay connected. Windows wouldn't tell me what was going on though. code...
View 2 Replies View Relatedconfigured myself a NAS, which is infrequently accessed, so I set the standby timer of the disks to 241 (30 minutes) using hdparm.
for i in /dev/sd?; do
hdparm -S 241 $i > /dev/null
done
[code]....
I'm sure I'm missing something pretty obvious, but I can't for the life of me stop my pysqlite scripts crashing out with a database is locked error. I have two scripts, one to load data into the database, and one to read data out, but both will frequently, and instantly, crash depending on what the other is doing with the database at any given time.I've got the timeout on both scripts set to 30 seconds: cx = sqlite.connect("database.sql", timeout=30.0)and think I can see some evidence of the timeouts in that i get what appears to be a timing stamp (e.g 0.12343827e10 1) dumped occasionally in the middle of my curses formatted output screen, but no delay that ever gets remotely near the 30 second timeout, but still one of the other keeps crashing again and again from this. I'm running RHEL5.4 on a 64 bit HS21 IBM blade, and have heard some mention about issues about multi-threading and am not sure if this might be relevant.
Packages in use are sqlite-3.3.6-5 and python-sqlite-1.1.7-1.2.1, and upgrading to newer versions outside of RedHat's official provisions is not a great option for me. Possible, but not desirable due to the environment in general.I have had autocommit=1 on previously on both scripts, but have since disabled on both, and am now cx.commit()ing on the inserting script and not committing on the select script. Ultimately as I only ever have one script actually making any modifications, I don't really see why this locking should ever ever happen
I've got this weird problem: when I reboot my Debian 8.3 server, I have to run through the crypto unlocking processes for my encrypted volumes a few times before I actually get to a login screen. The operation times out 85% of the time, leaving me to reboot and try over and over until the system is happy.
Here's my partitioning setup (manually partitioned at install):
/boot: 500 MB, EXT2, nodev, nosuid, noexec
/tmp: 2 GB, EXT2, AES-256/xts-plain64 with RANDOM KEY
swap: 2.5 GB, AES-256/xts-plain 64 with RANDOM KEY
/: 35 GB, EXT4, AES-256/xts-plain 64 with PASSPHRASE
/var: 35 GB, EXT4, AES-256/xts-plain 64 with PASSPHRASE
/home: 45 GB, EXT4, AES-256/xts-plain 64 with PASSPHRASE
Here's the output from journalctl -b -p 3:
Code: Select allDate and time | server name | systemd[1]: Timed out waiting for device dev-sda5.device
Date and time | server name | systemd[1]: Dependency failed for Cryptography Setup for sda5_crypt
Date and time | server name | systemd[1]: Dependency failed for Encrypted Volumes
Date and time | server name | systemd[1]: Dependency failed for dev-mapper-sda5_crypt.device
Date and time | server name | systemd[1]: Dependency failed for /tmp
[Code] ....
I had the same problem in previous builds where I chose Twofish instead of AES, and I was hoping that the timeouts would be fixed by switching to AES as my CPU has the AES instruction set. Obviously that didn't make a damn bit of difference.
What am I doing wrong, or what should I change in my setup? The encryption is a requirement. Could the problem be caused by something as stupid as using a RANDOM KEY instead of a PASSPHRASE on /tmp and swap?
Debian 8.3 as OS version.
I am trying to Setup citrix ICA client 9 on Ubuntu 9.04 Server. I installed it very easily and I am not getting any lib error also. But when I try to connect to the citrix server, it fails with a pop up saying "Error in Network Connection Network or Dialup connection may be preventing ......" This is driving me crazy from 3 days. My project is to check the feasiblity of a Linux desktop
View 1 Replies View RelatedI have finally gotten around to installing Ubuntu 10.4, and I really like it, but it does irk me that OpenOffice is installed by default. Is it possible to prevent OpenOffice from being installed?
View 7 Replies View RelatedI have a virtualbox installation on top of CentOS, and I need fairly high security separation between host and guest traffic. The university network the box hangs off uses statically-allocated ip addresses, allocated to fixed MAC addresses (i.e. it eats any traffic with mismatched ip and MAC addresses).
Host OS: CentOS 5.3 64bit
VBox: 3.0.4
Guest OS: Fedora 11 64bit
Hardware: dual NIC, Intel server
Bridged networking, with separate NICs for host and guest
I'm aiming for high-security separation between host and guest traffic. To do this, I would like to to run all host traffic through one NIC, H, and all guest traffic through the other, G. The host and guest have separate, statically allocated, IP addresses, IPH and IPG. The network forces these to be mapped to specific MAC addresses, MACH (the address of NIC H) and MACG (the address of NIC G).
So it's not too hard to write host firewall rules to enforce this policy. The rules just have to state that traffic coming into H must have a destination compatible with IPH, and traffic going out must have IPH as source - and vv for G and IPG. There also don't seem to be any trouble telling the guest to only use NIC G. As a result, turning off NIC G (or equivalently, firewalling it off from host traffic) crashes the network, I have to reboot it to get networking working.
But I can't figure how to tell the host (i.e. CentOS) to _only_ use NIC H for anything else except the guest. Even though we don't see any IPH traffic coming into NIC G from outside, I don't seem to be able to stop the host from starting connections on NIC G. Does anyone know any way to do this - to tell the host that it can only use IPH as its IP address unless traffic is coming from a guest process, and that it can only use address MACH and NIC H?
just a quick question: I have an external HD with 2 partitions, one ext3 and one FAT32.When I plug in the HD both partitions get automatically mounted, but as I only use I use the FAT32 partition to transfer data from/to Windows machines (which does not happen so often) I would like only the ext3 partition to be mounted automatically.
View 2 Replies View RelatedI am trying to lock down our application and server with iptables. Anybody have any idea how to prevent accesses to the application from another application? Basically I opened up the ports 80 and 443 for the application server. However, the application points to other apps (ie. database, ldap). I want to limit what it can connect to or who can connect to it. Bascially I can limit who connects to the server itself but the application can still get input from outside servers.
View 4 Replies View RelatedI'm using the Fedora Eee kernel for Fedora 12 (it's an unofficial kernel for the Eee PC), and want to update my system (I just set it up today). How can I update via command line and prevent an update to the default kernel?
View 1 Replies View Relatedi need to restrict access of deleting to directory and partitions os disk? how do i do it?
View 5 Replies View RelatedI have a problem as following: "using iptables to prevent IP spoofing".
View 4 Replies View RelatedI will move my VPS account between hosting services. When I do this I am concerned about losing emails sent between the last user's download and when the IP number changes as the change propagates through the DNS.
View 3 Replies View RelatedI have a virtualbox installation, and I need fairly high security separation between host and guest traffic. The university network the box hangs off uses statically-allocated ip addresses, allocated to fixed MAC addresses (i.e. it eats any traffic with mismatched ip and MAC addresses).
VBox: 3.0.4
Guest OS: Fedora 11 64bit
Hardware: dual NIC, Intel server
Bridged networking, with separate NICs for host and guest
I'm aiming for high-security separation between host and guest traffic. To do this, I would like to to run all host traffic through one NIC, H, and all guest traffic through the other, G. The host and guest have separate, statically allocated, IP addresses, IPH and IPG. The network forces these to be mapped to specific MAC addresses, MACH (the address of NIC H) and MACG (the address of NIC G). So it's not too hard to write host firewall rules to enforce this policy. The rules just have to state that traffic coming into H must have a destination compatible with IPH, and traffic going out must have IPH as source - and vv for G and IPG. There also don't seem to be any trouble telling the guest to only use NIC G. As a result, turning off NIC G (or equivalently, firewalling it off from host traffic) crashes the network, I have to reboot it to get networking working.
But I can't figure how to tell the host to _only_ use NIC H for anything else except the guest. Even though we don't see any IPH traffic coming into NIC G from outside, I don't seem to be able to stop the host from starting connections on NIC G. Does anyone know any way to do this - to tell the host that it can only use IPH as its IP address unless traffic is coming from a guest process, and that it can only use address MACH and NIC H? I've been reading route and arp manuals all day, but I can't seem to figure anything on this - mainly because arp and route don't know about host/guest processes, and I guess weren't designed with this in mind...
I'm running F13 with KDE 4.4.4 on my desktop PC. A few months ago I had occasion to run Kalarm (invoked via "Kickoff" app launcher). Ever since that time, the Kalarm icon appears in my KDE "system tray" after I login. I power down my PC when I'm finished using it for the day.In an effort to get rid of the Kalarm icon, I changed my KDE "session manager" (System settings -> Advanced -> Session Manager) settings to: "on login: start with an empty session". But the Kalarm icon still appears in my "system tray" after the next reboot/login.I've also tried right-clicking on the Kalarm icon and selecting "quit". The icon still re-appears after the next reboot/login.Why didn't the session manager setting: "on login: start with an empty session" get rid of the Kalarm icon?
View 2 Replies View RelatedI'm having trouble booting after a recent bunch of updates (haven't been able to boot F12 from hard disk for a couple of days). The boot process gets as far as "NetworkManager daemon [OK]", then just stops. I get this for all 3 kernels that I can choose from the grub menu (2.6.32.16-141, 2.6.32.14-127, 2.6.32.12-115)Mounting the hard drive with a liveUSB, a quick inspection of /var/log/messages reveals that things go smoothly until: etc. until I hit the power button.I ought to mention that I wireless card that requires the Realtek RTL8192SE driver, which requires
Code:
sudo su
make
[code]....
I have a 2 monitor configuration, with the second monitor uses exclusively for mythtv. When I'm not actually watching tv or a muvie or watching visualizations with music playing, I actually use the machine for more productive uses. As the result the second monitor is typically not turned on, might have something to do the the fact it's a crt design, consumes a fair bit of power and does a good job keeping the media room overly warm.
The question is, does Fedora 11 or newer have a means to prevent applications from opening on the second monitor? I've checked the obvious places and nothing jumps out .
btw: According to the nvidia x server settings control panel the second monitor is set up as in twinview mode. This mode was chosen to allow the gpu to do most of the video decoding tasks using vdupau or something as I recall.