I have configured yum server on my RHEL 5.x box. I just tried to install a particular RPM which is in fact a reference manual of MySQL. Here is what I did:First, listing the available packages:
Code:
[root@mahadeva ~]# yum list available
Loading "rhnplugin" plugin
[code]....
I just created an rpm and went to install it on another fc12 vm - it said the package was not signed. I searched on this and one place said to edit the yum.conf file to:
gpgcheck=0
am trying to upload packages o a PPA (packages that contain custom "sources.list"s designed to make upgrades or downgrades between Ubuntu releases easier) and, even after going through all that work to manually generate a key and sign them with gpg, dput still rejects them as "not signed".
View 3 Replies View RelatedWhen I tried to install LibreOffice 3.3_64 on my Fedora14_64 I received the following error:
Package libobasis3.3-extension-pdf-import-3.3.1-8.x86_64.rpm is not signed Has anyone run into this? Is there a way to fix this?
I've got an uber simple test mail script in php on my awesome new dev machine running Ubuntu:
PHP Code:
Unfortunately, something is preventing mail delivery. I can't tell from this error log whether it's the remote machine rejecting me or whether it's my machine rejecting the self-signed cert on the remote machine:
Code:
I'm wondering what I could change in my postfix configuration to remedy this problem.
I tried setting smtp_tls_security_level = may = may but this did not change anything.
I have a server which I use for mail:
[URL]
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
I am having issues trying to compile the alsa-linuxtant module and I am getting errors about not being able to find some files and the source needing to be reconfigured. Anyway the developers told me to try compiling on a pristine source to see if I could compile that way. When I went looking at kernel.org I did not find a 2.6.32-5 version. So I did some checking and to see just what version I have.
$ uname -r
2.6.32-5-amd64
$ dpkg --list | grep linux-image
ii linux-image-2.6-amd 64 2.6.32+27 Linux 2.6 for 64-bit PCs (meta-package)
ii linux-image-2.6.26-2-amd64 2.6.26-24 Linux 2.6.26 image on AMD64
ii linux-image-2.6.32-5-amd64 2.6.32-15 Linux 2.6.32 for 64-bit PCs
So the actual package that is installed is 2.6.32-15 but uname -r reports 2.6.32-5 as the kernel version.
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies View RelatedI got the following task from my boss. I have to find out if there is some alternative tool for create reports from Squid except SARG. Now, we use SARG, but my boss told to me, that the main problem of SARG is, that SARG generate huge amount files, which cause problems during migration our servers. He told to me the following condition for change of current tool (SARG):
* standard package of Debian
* generate less amount of files, optimal is to save reports to the database
So I would like to ask you if you know about some tool (I can not find some by google)... and the best would be if you told to me some practical experiences.
I am trying to monitor server throughput with a centralized ntop instance running as NetFlow aggregator and various NetFlow probes (nProbe, fprobe) on the Servers.ntop shows the probe as NIC correctly and receives the data, but it only shows one Host under "Hosts", which is the server itself. I expected to see a host list just like it is shown when running ntop locally (i.e. the server ntop runs on and every host he contacted separately). This happens both when using nProbe and fprobe. Have I misunderstood the concept of NetFlow Aggregation or am I using ntop/nprobe wrong?
View 1 Replies View RelatedI run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
SARG seems ok but it is not generating any reports.... "Now generating Sarg report from Squid log file /var/log/squid/access.log squid and all rotated versions .... Sarg finished, but no report was generated. See the output above for details. There is also no view generated reports too.
View 1 Replies View RelatedI have a server running CentOS 5.3 (Final) Kernel version is:
2.6.18-128.el5 #1 SMP Wed Jan 21 10:44:23 EST 2009 i686 athlon i386 GNU/Linux
The output from df -h is as follows:
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 9.5G 3.7G 5.4G 41% /
/dev/sda5 4.6G 456M 3.9G 11% /var
[code]....
As you can see, /home claims to be 100% full - but yet there is actually 18Gb free? I seem to recall this could be something to do with running out of inode space?
I am trying to install OpenSwan VPN but get the following [FAILED] errors. I also changed the redirects but it still reports them as failed?Quote:
[root@localhost /]# /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.accept_redirects = 0
[root@localhost /]# /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.send_redirects = 0
[root@localhost /]# ipsec verify
[Code]...
I have squid running perfectly and I added MySQL Squid Access Report 2.1.4 and the reports works just fine. The problem its when I add a dansguardian content filter, from that moment the only IP address that appears on the report its the box itself (I have all running on the same box).
IPtables forward requests to port 8080 Dansguardian listening on port 8080 forwards to squid on port 3128 Squid on port 3128 to internet (Here I review the logs with MySar).
I know it is because the actual http request for Squid came from Dansguardian's IP address (its the job of the proxy). how to have the real IP address on the reports.
I'm trying to find some tool on generating reports based on apache access_log files (of Common format). I found some of them (awstats, lire/logreport, weblog expert, apache logs viewer, etc..) but they generate some global and general report about the log file. Also some perl script I found they just show the Top X number of different patterns. My request is how can I generate some similar report with this output:
IP-s | Total nr. of connections | Number of pages visited | Total time of connection
So basically this is a list with every IP on the log and the respective numbers (connection/pages/time) associated.
I am having squid proxy server running on OpenSuSe 10.2 I noticed when I generate report it just shows me last date log file.Although /var/log/squid contains logs of all previous dates.I really cant remember which file to modify so that I can see all dates reports in html when I use following command Quote: cat access.log | /home/user/squint-0.3.10/squint.pl /home/user/report<date>
View 9 Replies View RelatedWe're using Munin for trend analysis purposes, but would like to use it to generate custom reports. One way I envision this is:
* The report is created as a web-page on the munin server, such as [URL]
* The layout of the report is customized based on the project
* The report will be triggered by a cron-job, and I will be notified by email when the report is completed
Does anyone know if this type of script/job allready exists?
I would like to ask if there's a program that can archive all emails from my employees to a certain server and can generate reports. specifically all types of emails incoming and outgoing. My employees are aware of my policy due to many confidential files within our office.
View 1 Replies View RelatedWe have following setup,
1. Webserver (Centos 5.5)
2. Mail server (Centos 5.5)
We have configured autossh successfully to create/manage the ssh tunnel into mail server in order to dump all emails to localhost port.
To auto start autossh in boot time we have included following into /etc/rc.d/rc.local,
Quote:
So whenever our web application wants to send out emails it dump all emails to localhost:33465 port, easy piecy, all are working great
Now we have a requirement that logwatch reports should get delivered via the same ssh tunnel rather than installing postfix and configuring as a relay.
In logwatch is there a way to achieve that?
How can I add self-signed certificates to e.g: Google Chrome under Linux (from the command line)?
View 1 Replies View RelatedHas anyone setup a system to only allow digitall signed (i.e. approved USB disk drives) to be used on a Linux System.
View 1 Replies View Relatedbuild a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign etc. signature like you know it from Windows, but I mean signed by myself. I.e. I choose the software allowed to run, sign it, and then want to deny any other processes to run.If it is somehow possible I'd like to extend this even to scripts and the kernel (i.e. no unsigned modules can be loaded).Does anyone have a good idea how to solve this problem?The bad thing is: I'm pretty fine with coding stuff myself in C, but have absolutely 0 experience or knowledge in kernel (module)-programming.Any tipps, links, literatureOne approach I came up with (just a rough idea at the moment):Linux starts new processes with a fork-and-exec-combination. I therefore wonder if it is possible to change exec() in such a way that it will only execute signed programs
View 5 Replies View Relatedi just read that in fc12 you can install sighned packages without root password?
View 1 Replies View RelatedSolving issues with signed and unsigned numbers in BASH.For a start, Yes, BASH is type independent � I know that. My problem lays in catching executables output into a BASH variable.My executables are not quite UNIX compatible, where returned values are 0 for OK, >0 ERROR. They return 0 for OK, >0 WARNING (only, so move on) and <0 ERROR (abort) instead.
Code:
// C++ BIN A
int main(){
[code]...
I'm running Ubuntu 10.04 with a complete LAMP installation (for local developement purpose).
Everything is OK (I installed phpMyAdmin without problems) except for one big problem: php shows 500 server internal error instead of a complete error report.
I tried editing php.ini and in-script runtime configuration but nothing changed.
I set up a DNS server, and it works fine when being queried from other hosts.But if I query it from localhost (by using nslookup), it reports error:
======================================
** server can't find www.example.com: NXDOMAIN
======================================
[code]....
Updating my install of OpenSUSE from 11.0 to 11.3 and notice that the Nagios network monitor can no longer probe servers with self signed certs.It appears to be any monitor that used openssl 1.0.0 has an issue. If I install the openssl 0.9.8 libraries and use old plugins linked against it, they work fine.
View 9 Replies View RelatedWhen I do a "openssl x509 -in server1.pem -issuer -noout" after I've supposedly signed it with the CA, the issuer is, for some reason, the DN string of server1. If server1 generated the CSR, and it is coming up as issued by server1, doesn't that indicate a self signed cert? How could the CA be producing a cert that has an issuer of another server? Am I just completely off base? Sorry, I'm a bit of a newb with the SSL pieces.
I hope this is the right place for this, but I'm having some difficulty using the java keytool and OpenSSL tool on a Solaris system.
I have a server (CA server) with OpenSSL installed that I would like to use as a Certificate Authority. The second server (server1) is a WebLogic server with JDK 1.6.0_21. I'm trying to configure it to use a certificate that has been signed by server1.
For some reason it keeps giving me this error when I try to import the signed SSL certificate: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong in this whole process?
1) Generate the Private Key for the CA server
openssl genrsa -out CA.key -des 2048
2) Generate the CSR on the CA
openssl req -new -key CA.key -out CA.csr
3) Sign the new CSR so that it can be used as the root certificate openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 730 -req -in CA.csr -out CA.pem -extfile /usr/local/ssl/openssl.cnf
4) On server1, create Server Private Key KeyStore keytool -genkey -alias server1 -keysize 2048 -keyalg RSA keystore server1.jks -dname "CN=server1.domain.com,OU=Organization,O=Company,L=City,ST=State,C=US"
5) On server1, create a CSR from the recently created Private Key
keytool -certreq -alias server1 -sigalg SHA1WithRSA -keystore server1.jks -file server1.csr
6) Transfer the CSR over to the CA (server1) so that it can be signed openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 365 -req -in server1.csr -out server1.pem -extfile /usr/local/ssl/openssl.cnf
7) Transfer CA Public Cert to server1 and Import into keytool keytool -import -trustcacerts -alias CA_Public -file CA.pem -keystore server1.jks
8) Import recently signed CSR to app server keystore (This is where I receive the error) keytool -import -trustcacerts -alias server1 -file server1.pem -keystore server1.jks
Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.
I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?