Search Results

Search found 111524 results on 4461 pages for 'user mode linux'.

Page 317/4461 | < Previous Page | 313 314 315 316 317 318 319 320 321 322 323 324  | Next Page >

  • Is this a good starting point for iptables in Linux?

    - by sbrattla
    Hi, I'm new to iptables, and i've been trying to put together a firewall which purpose is to protect a web server. The below rules are the ones i've put together so far, and i would like to hear if the rules makes sense - and wether i've left out anything essential? In addition to port 80, i also need to have port 3306 (mysql) and 22 (ssh) open for external connections. Any feedback is highly appreciated! #!/bin/sh # Clear all existing rules. iptables -F # ACCEPT connections for loopback network connection, 127.0.0.1. iptables -A INPUT -i lo -j ACCEPT # ALLOW established traffic iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # DROP packets that are NEW but does not have the SYN but set. iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # DROP fragmented packets, as there is no way to tell the source and destination ports of such a packet. iptables -A INPUT -f -j DROP # DROP packets with all tcp flags set (XMAS packets). iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # DROP packets with no tcp flags set (NULL packets). iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # ALLOW ssh traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport ssh -m limit --limit 1/s -j ACCEPT # ALLOW http traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport http -m limit --limit 5/s -j ACCEPT # ALLOW mysql traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport mysql -m limit --limit 25/s -j ACCEPT # DROP any other traffic. iptables -A INPUT -j DROP

    Read the article

  • How do I strip local symbols from linux kernel module without breaking it?

    - by Kimvais
    If I do --strip-debug or --strip-unneeded, I have the .ko that lists all function names with nm, if I do just strip foo.ko I have a kernel module that refuses to load. Does anyone know a quick shortcut how to remove all symbols that are not needed for module loading so that people cannot reverse engineer the API:s as easily? PS: For all you open source bigots; this is something that general public will never be using in any case so no need to turn the question into a GPL flame war.

    Read the article

  • Is there any way to get the combine two xml into one xml in Linux.

    - by Tattat
    XML one is something like that: <dict> <key>2</key> <array> <string>A</string> <string>B</string> </array> <key>3</key> <array> <string>C</string> <string>D</string> <string>E</string> </array> </dict> XML Two is something like that: <dict> <key>A</key> <array> <string>A1</string> <false/> <false/> <array> <string>Apple</string> <string>This is an apple</string> </array> <array> <string>Apple Pie</string> <string>I love Apple Pie.</string> </array> </array> <key>B</key> <array> <string>B7</string> <false/> <false/> <array> <string>Boy</string> <string>I am a boy.</string> </array> </array> </dict> I want to convert to this: <dict> <key>2</key> <array> <string>A, Apple, Apple Pie</string> <string>B, Boy</string> </array> ... </dict>

    Read the article

  • Can anyone recommend a command line virus scanner that is open source and works with linux/php/apach

    - by Scarface
    Hey guys recently I have had the 'priveledge' of trying to set up an anti virus scanner to scan file uploads to my VPN server. I just finished trying to set up ClamAV but it slowed my server down to a hault once initiated so I had to kill it. Does anyone have any recommendations to a program that will accomplish my task and can be executed in php (other than clamAv)? Any advice greatly appreciated.

    Read the article

  • What the best approach to iterate and "store" files over a directory in C (Linux) ?

    - by Andrei Ciobanu
    I have written a function that checks if to files are duplicates or not. This function signature is: int check_dup_memmap(char *f1_name, char *f2_name) It returns: (-1) - If something went wrong; (0) - If the two files are similar; (+1) - If the two files are different; The next step is to write a function that iterates through all the files in a certain directory,apply the previous function, and gives a report on every existing duplicates. Initially I've thought to write a function that generates a file with all the filenames in a certain directory and then, read that file again and gain and compare every two files. Here is that version of the function, that gets all the filenames in a certain directory. void *build_dir_tree(char *dirname, FILE *f) { DIR *cdir = NULL; struct dirent *ent = NULL; struct stat buf; if(f == NULL){ fprintf(stderr, "NULL file submitted. [build_dir_tree].\n"); exit(-1); } if(dirname == NULL){ fprintf(stderr, "NULL dirname submitted. [build_dir_tree].\n"); exit(-1); } if((cdir = opendir(dirname)) == NULL){ char emsg[MFILE_LEN]; sprintf(emsg, "Cannot open dir: %s [build_dir_tree]\t",dirname); perror(emsg); } chdir(dirname); while ((ent = readdir(cdir)) != NULL) { lstat(ent->d_name, &buf); if (S_ISDIR(buf.st_mode)) { if (strcmp(".", ent->d_name) == 0 || strcmp("..", ent->d_name) == 0) { continue; } build_dir_tree(ent->d_name, f); } else{ fprintf(f, "/%s/%s\n",util_get_cwd(),ent->d_name); } } chdir(".."); closedir(cdir); } Still I consider this approach a little inefficient, as I have to parse the file again and again. In your opinion what are other approaches should I follow: Write a datastructure and hold the files instead of writing them in the file ? I think for a directory with a lot of files, the memory will become very fragmented. Hold all the filenames in auto-expanding array, so that I can easy access every file by their index, because they will in a contiguous memory location. Map this file in memory using mmap() ? But mmap may fail, as the file gets to big. Any opinions on this. I want to choose the most efficient path, and access as few resources as possible. This is the requirement of the program... EDIT: Is there a way to get the numbers of files in a certain directory, without iterating through it ?

    Read the article

  • Linux C++: how to profile time wasted due to cache misses?

    - by anon
    I know that I can use gprof to benchmark my code. However, I have this problem -- I have a smart pointer that has an extra level of indirection (think of it as a proxy object). As a result, I have this extra layer that effects pretty much all functions, and screws with caching. Is there a way to measure the time my CPU wastes due to cache misses? Thanks!

    Read the article

  • How do I use command line and wmctrl to make a window larger than the screen to get a huge screenshot?

    - by Mnebuerquo
    I use a program which makes a large image which I have to scroll to view. The program has no way to save the image, and I have no access to the source to modify it. The only way I have to get the image from the program is by screenshot. My goal is to save the full size image without having to piece together individual screenshots. I'm using this script to try taking a screenshot: #!/bin/bash window=$(wmctrl -l | grep "Program$" | awk '{print $1}') wmctrl -v -i -r $window -e '0,0,0,6030,5828' wmctrl -i -a $window import -window $window ~/Desktop/screenshot.png This uses wmctrl to get the window id ($window) for a window named "Program". It then tries to resize the window to the desired dimensions. It uses imagemagick (import) to save a screenshot.png on the user's Desktop. All of this works except the resize step. I can resize the window using wmctrl -r -e, but sizes greater than the screen size don't work. I'm using Ubuntu 10.04 and the Gnome Desktop. I run two monitors, but I've tried this with one of them disabled. Is there a way to resize the window larger than my screen to get a huge screenshot?

    Read the article

  • In a Linux user space process what is the address of the vsyscall page?

    - by TomMD
    I would like to acquire the address of the vsyscall page for my own uses. I only have two ideas here: alter the compiler to store this information in some known location after it is given to __start, or read /proc/[pid]/maps. I really don't want to read /proc/ as that is slow and shouldn't be necessary. I also don't want to make compiler modifications. Does anyone have an alternative? Is there a symbol I should know about? Its at the point I'm tempted to stuff this functionality into an ioctl call in a module I've developed as part of this work!

    Read the article

  • Django form and User data

    - by Dean
    I have a model that looks like this: class Client(models.Model): name = models.CharField(max_length=100, primary_key=True) user = models.ForeignKey(User) class Contract(models.Model): title = models.CharField(max_length=100, primary_key=True) start_date = models.DateField() end_date = models.DateField() description = models.TextField() client = models.ForeignKey(Client) user = models.ForeignKey(User) How can i configure a django form so that only clients associated with that user show in the field in the form? My initial thought was this in my forms.py: client = forms.ModelChoiceField(queryset=Client.objects.filter(user__username = User.username)) But it didn't work. So how else would I go about it?

    Read the article

  • What I should know about memory management?

    - by bua
    first of all: I don't use stackadmin or similar so please don't vote for moving there, I'm reading man top and paper "what every programmer should know about memory ..." I need really simple explanation like for retard ;) Having following top dump: top - 11:21:19 up 37 days, 21:16, 4 users, load average: 0.41, 0.75, 1.09 Tasks: 313 total, 5 running, 308 sleeping, 0 stopped, 0 zombie Cpu(s): 0.4%us, 0.6%sy, 0.9%ni, 96.2%id, 0.1%wa, 0.0%hi, 1.9%si, 0.0%st Mem: 132103848k total, 131916948k used, 186900k free, 54000k buffers Swap: 73400944k total, 73070884k used, 330060k free, 13931192k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3305 tudb 25 10 144m 52m 940 R 6.0 0.0 1306:09 app 3011 tudb 15 0 71528 19m 604 S 3.3 0.0 171:57.83 app 3373 tudb 25 10 209m 93m 940 S 3.0 0.1 1074:53 app 3338 tudb 25 10 144m 47m 940 R 2.7 0.0 780:48.48 app 4227 tudb 25 10 208m 99m 904 S 1.3 0.1 198:56.01 app 8506 tudb 25 10 80.7g 49g 932 S 2.0 39.6 458:31.22 app I'm wondering what is: RES (my expl. physical memory consumption ? see 49GB) VIRT (memory mapped disk to cache? see 80GB) SHR (shared pages?) Swap: (is this cached label - for memory mapped disk into swap cache?) Should sum of RES give MEM: X used? or maybe sum of VIRT?

    Read the article

  • ModelName(django.contrib.auth.models.User) vs ModelName(models.Model)

    - by amr.negm
    I am developing a django project. I created some apps, some of those are related to User model, for instance, I have a feeds app that handles user feeds, and another app that deals with extra user data like age, contacts, and friends. for each of these, I created a table that should be connected to the User model, which I using for storing and authenticating users. I found two ways to deal with this issue. One, is through extending User model to be like this: ModelName(User): friends = models.ManyToMany('self') ..... Two, is through adding a foreign key to the new table like this: ModelName(models.Model): user = models.ForeignKey(User, unique=True) friends = friends = models.ManyToMany('self') ...... I can't decide which to use in which case. in other words, what are the core differences between both?

    Read the article

  • How to check if a process is running or got segfaulted or terminated in linux from its pid in my mai

    - by rkbang
    Hello all, I am invoking several processes in my main and I can get the pid of that processes. Now I want to wait until all this processes have been finished and then clear the shared memory block from my parent process. Also if any of the process not finished and segfaulted I want to kill that process. So how to check from the pid of processes in my parent process code that a process is finished without any error or it gave broke down becoz of runtime error or any other cause, so that I can kill that process. Also what if I want to see the status of some other process which is not a child process but its pid is known. Code is appreciated( I am not looking for script but code ).

    Read the article

  • declerative_authorization on User problem

    - by Webpain
    I am trying to block all default methods except create and update in my users controller using declerative_authorization. But at the time I add filter_resource_access or filter_access_to into my usersController i always get "Couldn't find User without an ID". Anyone care to explain why this could be happening? class UsersController :new end end def show @user = @current_user end def edit @user = @current_user end def update @user = @current_user # makes our views "cleaner" and more consistent if @user.update_attributes(params[:user]) flash[:notice] = "Account updated!" redirect_to account_url else render :action = :edit end end end

    Read the article

  • Debian: Unable to mount a second drive as a subdirectory inside of another partition.

    - by jkndrkn
    Hello. I have the following /etc/fstab: # /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/md1 / ext3 defaults,errors=remount-ro 0 1 /dev/md0 /boot ext3 defaults 0 2 /dev/md5 /home ext3 defaults 0 2 /dev/md3 /opt ext3 defaults 0 2 /dev/md6 /tmp ext3 defaults 0 2 /dev/md2 /usr ext3 defaults 0 2 /dev/md4 /var ext3 defaults 0 2 /dev/md7 none swap sw 0 0 /dev/sdc /home/httpd ext3 defaults 0 2 /dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/sdc1 /mnt/usb/backup-1 auto defaults 0 0 I am unable to get /dev/sdc/ to mount at /home/httpd/ on reboot. The /home/httpd/ directory exists. Mounting via mount -t ext3 /dev/sdc /home/httpd works just fine. Mounting via mount -a generates the following error message: mount: you must specify the filesystem type This is, incidentally, the same message that I see while booting. The error message goes away if I comment out the line in fstab starting with /dev/sdc.

    Read the article

  • Single application through OpenVPN tunnel (Debian Lenny)

    - by user14124
    I'm using Debian Lenny and I want to tunnel rtorrent only through a OpenVPN tunnel. I have a tunnel running, the config file looks like this: client dev tun proto udp remote openvpn.xxx.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/xxx/keys/ca.crt cert /etc/openvpn/xxx/keys/client.crt key /etc/openvpn/xxx/keys/client.key tls-auth /etc/openvpn/xxx/keys/tls.key 1 ns-cert-type server comp-lzo verb 3 auth-user-pass script-security 3 reneg-sec 0 My idea is that I could run a sockd proxy internally that redirects traffic to the openvpn tunnel. I could use the *nix "proxifier" application "tsocks" to make it possible for rtorrent to connect through that proxy (as rtorrent doesn't support proxies). I have trouble configuring sockd as my IP inside the VPN changes every time I connect. This is a config file someone said would help: http://ircpimps.org/sockd.conf As my IP changes at each connect I don't know what to put in that config file. I have no control over the host side config file. Any help wanted. Any other method is very welcome.

    Read the article

  • Linux server, locating files containing nothing but 4 specific lines.

    - by Denis
    Hi, I'm dealing with a compromised website, in which hackers injected an htaccess instruction to redirect traffic. I can easily locate .htaccess files that contain the forwarding hack, BUT in cases where the directory already contained an htaccess file, they appended the dangerous instructions, so I cannot just deleted any htaccess file or could harm the site by letting formerly pw-protected directories wide open, or urlrewrite instructions (WordPress) be deleted, etc. I could not find the way to locate files that only contain those 4 lines of redirect hack, could you shed some light ? So far, using find . -type f -exec grep -q targetpiratedomain {} \; -exec echo rm {} \; Thanks !

    Read the article

  • Which technology(s) / language(s) to write linux web application/service? [closed]

    - by Lee Tickett
    I am currently playing with some open source home automation software www.domotiga.nl The software is built in Gambas2 (a graphical programming language similar to visual basic). I am considering building something similar or porting domotiga to a server based application/service. The application would need a web front end and i will likely be developing in debian (arm). But i'm not sure if php or python are suitable for server based applications which need to be always running (collecting data etc) rather than just running when accessed. Which technology(s) / language(s) would you suggest i look into? I used to do a lot of Visual Basic, then VB.NET, now C# and have played with php a few years back- but don't really want this to sway the decision too much as i should be able to pickup whatever language if i decide to proceed.

    Read the article

  • application is crashing while user exits from fullscreen mode in mpmovieplayer

    - by ravoorinandan
    hi folks we do have a video file in our application,every thing is going fine except one,i.e the application crashes when user exits from fullscreen mode while the movie is playing and also when we pause the movie in fullscreen mode and minimize it,the video starts from the beginning i tried searching whether there is any notification available to notify but of no use plz help me out.thx in advance.

    Read the article

  • Why can't a bind linux service to the loop-back only?

    - by Jon Trauntvein
    I am writing a server application that will provide a service on an ephemeral port that I only want accessible on the loopback interface. In order to do this, I am writing code like the following: struct sockaddr_in bind_addr; memset(&bind_addr,0,sizeof(bind_addr)); bind_addr.sin_family = AF_INET; bind_addr.sin_port = 0; bind_addr.sin_addr.s_addr = htonl(inet_addr("127.0.0.1")); rcd = ::bind( socket_handle, reinterpret_cast<struct sockaddr *>(&bind_addr), sizeof(bind_addr)); The return value for this call to bind() is -1 and the value of errno is 99 (Cannot assign requested address). Is this failing because inet_addr() already returns its result in network order or is there some other reason?

    Read the article

< Previous Page | 313 314 315 316 317 318 319 320 321 322 323 324  | Next Page >