Search Results

Search found 26947 results on 1078 pages for 'util linux'.

Page 432/1078 | < Previous Page | 428 429 430 431 432 433 434 435 436 437 438 439  | Next Page >

• How to read iptables -L output?

  - by skrebbel

  I'm rather new to iptables, and I'm trying to understand its output. I tried to RTFM, but to no avail when it comes to little details like these. When iptables -vnL gives me a line such as: Chain INPUT (policy DROP 2199 packets, 304K bytes) I understand the first part: on incoming data, if the list below this line does not provide any exceptions, then the default policy is to DROP incoming packets. But what does the 2199 packets, 304K bytes part mean? Is that all the packets that were dropped? Is there any way to find out which packets that were, and where they came from? Thanks!

  Read the article

• Securing debain with fail2ban or iptables

  - by Jimmy

  I'm looking to secure my server. Initially my first thought was to use iptables but then I also learnt about Fail2ban. I understand that Fail2ban is based on iptables, but it has the advantages of being able to ban IP's after a number of attempts. Let's say I want to block FTP completely: Should I write a separate IPtable rule to block FTP, and use Fail2ban just for SSH Or instead simply put all rules, even the FTP blocking rule within the Fail2Ban config Any help on this would be appreciated. James

  Read the article

• How to write rules for persistent net names?

  - by ndemou

  I know that a process generates persistent network card names based on rules found in /lib/udev/rules.d/75-persistent-net-generator.rules. I also know how to completely disable this process with a simple echo '#' > /etc/udev/rules.d/75-persistent-net-generator.rules but I've read that I "could also write my own rules file to give the interface a name — the persistent rules generator ignores the interface if a name has already been set" (/etc/udev/rules.d/README confirms that this is possible). Do you have any pointers to documentation about how to write such rules? (I mostly care about Debian/Ubuntu and a bit less for CentOS) As a specific example of why I want to write custom rules: I have two identical servers with one onboard LAN and one PCI LAN. In case of HW failure I want to be able to move disks from HW#1 to HW#2 and it's important for eth0 to continue pointing to the onboard card and eth1 to the PCI card (no one wants to mess with cabling in the middle of a HW failure panic). My current workaround works but is a lot of work[1] so I wonder if writing custom rules would allow me to express something simple like this: cards with MAC A or B should be named eth0 cards with MAC C or D should be named eth1 follow default naming scheme for anything else [1] install the OS in HW#1 and keep a copy of /etc/udev/rules.d/70-persistent-net.rules. Move the disks to HW#2 and keep a second copy of the same file. Concatenate the two copies and manually edit the NAME="ethX" part. Replace /etc/udev/rules.d/70-persistent-net.rules with my version. Finally disable auto-creation of a new 70-persistent-net.rules using echo '#' > /etc/udev/rules.d/75-persistent-net-generator.rules

  Read the article

• Understanding ulimit -u

  - by tripleee

  I'd like to understand what's going on here. linvx$ ( ulimit -u 123; /bin/echo nst ) nst linvx$ ( ulimit -u 122; /bin/echo nst ) -bash: fork: Resource temporarily unavailable Terminated linvx$ ( ulimit -u 123; /bin/echo one; /bin/echo two; /bin/echo three ) one two three linvx$ ( ulimit -u 123; /bin/echo one & /bin/echo two & /bin/echo three ) -bash: fork: Resource temporarily unavailable Terminated one I speculate that the first 122 processes are consumed by Bash itself, and that the remaining ulimit governs how many concurrent processes I am allowed to have. The documentation is not very clear on this. Am I missing something? More importantly, for a real-world deployment, how can I know what sort of ulimit is realistic? It's a long-running daemon which spawns worker threads on demand, and reaps them when the load decreases. I've had it spin the server to its death a few times. The most important limit is probably memory, which I have now limited to 200M per process, but I'd like to figure out how I can enforce a limit on the number of children (the program does allow me to configure a maximum, but how do I know there are no bugs in that part of the code?)

  Read the article

• Is there a way to rsync in batches?

  - by Chris

  I have a huge chunk of data (11G) in a subversion repository that I'm using rsync to migrate to Alfresco, which lucene indexes new files as they hit the file system. I'm using a dav mount as a proxy to allow me to rsync. The issue I'm having is the indexing post-rsync is quite an expensive operation for such a huge chunk of data, so I was wondering whether there's a way I could logically separate the rsync into identically-sized batches (say 500MB each) so I could schedule them in cron. At the moment, I'm traversing the top level folders and taking the smallest ones across first, but once I'm done with those, the much larger sub-directories are going to be quite troublesome. Please let me know if you need any further info. Thanks in advance.

  Read the article

• CentOS 6 init script doesn't work properly

  - by user711643

  I'm setting up my ruby production server based on CentOS 6. I need a process called god (which is a process monitoring tool) to start at boot. I'm using an init script that I found here. Just as stated in the guide I ran: chkconfig --add god and then chkconfig --level 345 god on After this if I run "service god start|restart" everything works. It loads the available configurations and brings up the related processes (if they are not running). Problem is it doesn't work at boot. If I reboot the system, then I do "ps -aux | grep god". At this point "god" is running but apparently it didn't load the configuration files. If i run again service god restart, it loads everything without problems. What am I doing wrong?

  Read the article

• Can't unlock locked screen, in Ubuntu 12

  - by Camille Goudeseune

  After locking the screen (with a keystroke bound to xlock -nice 8 -mode blank), I can unlock the screen as expected, but only within a few minutes. After being locked overnight, when I hit a key (even Ctrl+Alt combos), the screen stays black with just a brief white flash across the middle of both monitors. The workaround is to ssh in from another host and restart X. Some months ago, this happened every few weeks. By now it happens almost every morning. How do I even start to diagnose this? What might I look for in log files? (The intermittency is particularly troubling.) Failing that, is there an alternative to xlock aka xlockmore? Hardware: 3-year-old HP minitower, GEForce 9800 GT, two Asus LCD monitors. Software: Ubuntu 12.04.2 LTS. Window manager awesome-wm. NVidia driver 304.88. XLock version xlockmore-5.31.

  Read the article

• How can I change the flow through this PAM (programmable authentication module) file?

  - by Jamie

  I'd like the PAM module to skip the pam_mount.so line when a unix login succeeds. I've tried various things including: auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=2 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth requisite pam_permit.so auth required pam_permit.so auth optional pam_mount.so But can't get it to work. Conversely, when a session shuts down, how can I modify the following os that an unmount command (via pam_mount.so) is avoided during a unix login? session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session required pam_unix.so session optional pam_winbind.so session optional pam_mount.so

  Read the article

• How to Exclude an URL for Apache Mod_proxy?

  - by Mughil

  We have two Apache server as front-end and 4 tomcat server as back-end configured using mod_proxy module as load balancer. Now, we want to exclude an single tomcat url from the mod_proxy load balancer. Is there any way or rule to exclude? Proxy Balancer Setting: <Proxy balancer://backend-cluster1> BalancerMember http://10.0.0.1:8080 loadfactor=1 route=test1 retry=10 BalancerMember http://10.0.0.2:8080 loadfactor=1 route=test2 retry=10 </Proxy>

  Read the article

• CSF Unresolved issue

  - by josephmarhee

  I began receiving service failures for CSF/LFD once the limit was reached in iptables preventing the service from working properly. I flushed all iptables rules, and redid by rules using CIDR rather than the individual IPs that were listed and the issue persists. Error: The VPS iptables rule limit (numiptent) is too low (1527/1536) - stopping firewall to prevent iptables blocking all connections, at line 1459 This is after restarting CSF, which gave me: You have an unresolved error when starting csf. You need to restart csf successfully to remove this warning CSF still seems to be trying to enforce rules that no longer exists (lists entire chains upon trying to be restarted,only to fail with that error). Any idea of what's going on?

  Read the article

• setting up a second monitor in centos

  - by Rob

  I have CentOS installed on my laptop. I hooked up my TV via VGA and it works, just not as I'd like it to. The left side (on the tv) is cut off, like the image is justified too far left. I want it to be centered, but I also want to use a different resolution. You see, I use a netbook, and thus my laptop screen is tiny, meaning some things cant fit in the same window without scrolling. I want my TV to fix that for me.

  Read the article

• How do I get rid of sockets in FIN_WAIT1 state?

  - by Gert M

  I have a port that is blocked by a process I needed to kill. (a little telnet daemon that crashed) The process was killed successfully but the port is still in a 'FIN_WAIT1' state. It doesn't come out of it, the timeout for that seems to be set to 'a decade'. The only way I've found to free the port is to reboot the entire machine, which is ofcourse something I do not want to do. $ netstat -tulnap | grep FIN_WAIT1 tcp 0 13937 10.0.0.153:4000 10.0.2.46:2572 FIN_WAIT1 - Does anyone know how I can get this port unblocked without rebooting?

  Read the article

• What should I encrypt in Debian during install?

  - by ianfuture

  I have seen various guides and recommendations on web about how best to do this but nothing that clearly explains the best way and why. So I understand there is a need for part of Debian during install to be un-encrypted on its own partition to allow it to boot. Most info I have seen is call this /boot and set the boot flag. Next I believe the best approach is to create another partition out of all the rest of the disk space, encrypt this, then on top of that create a LVM and then within the LVM create my various partitions , name them , select size, and file system type. Can I include /swap in the encrypted LVM part ? Is this approach sound? If so what are the partitions I should use (this is going to be a minimal server install with a view to install as and when what I need for a dev server)? Finally how does the installer know what to put in each partition I define ? I appreciate there are more than one question but any help and suggestions would be appreciated. If further clarification is needed please mention in the comments . EDIT : 16/3/2010 After Richard Holloways reply I thought it relevant to add this info: The reasons why I want to do this are to explore maximising security on any server install and set up, due to interest in the area of Computer Security and Forensics. Also I am trying to peform the task as if it being performed in an enterprise situation. On a technical matter, once set up and configured with minimal packages and ssh this server will not physically be easy to access so I will only be entering via ssh. (Yes I know why encrypt something no one will ever be able to get their hands on? Because I can and I want to is the simple answer, but see above too).

  Read the article

• Enter response once prompt returns?

  - by mjb

  It's neither a secure idea nor one I'd recommend elsewhere, but I have a situation when occasionally it takes a while for my Ansible ad-hoc command to respond. I'd love to pipe or args or whatever is needed to push the required text into the prompt so I can walk away and know it will finish. Ex: $ ansible all -m shell -a "reboot" --ask-pass Password: blah blah blah it worked I'd love to send an argument or << or something to get the password in. Is that possible?

  Read the article

• Error when sending mail to an external mail server from Postfix on CentOS

  - by yankitwizzy

  I just installed Postfix. i have not yet done any configuration on it. Each time I try to use it to sendmail from another application, it keeps telling me that COnnection was refused from the ip I want to connect to. This is the error I get [root@localhost /]# telnet mail.abuse.org Trying 69.43.160.153... telnet: connect to address 69.43.160.153: Connection refused telnet: Unable to connect to remote host: Connection refused COuld someone please help me the problem

  Read the article

• What could cause a file system to spontaneously unmount or become invalid for a short time?

  - by Ichorus

  We've got DB2 LUW running on a RHEL box. We had a crash of DB2 and IBM came back and said that a file that DB2 was trying to access (through open64()) unmounted or became invalid. We have done nothing but restart the database and things seem to be running fine. Also, the file in question looks perfectly normal now: $ cd /db/log/TEAMS/tmsinst/NODE0000/TEAMS/T0000000/ $ ls -l total 557604 -rw------- 1 tmsinst tmsinst 570425344 Jan 14 10:24 C0000000.CAT $ file C0000000.CAT C0000000.CAT: data $ lsattr C0000000.CAT ------------- C0000000.CAT $ ls -l total 557604 -rw------- 1 tmsinst tmsinst 570425344 Jan 14 10:24 C0000000.CAT With those facts in hand (please correct me if I am mis-interpreting the data at hand) what could cause a file system to 'spontaneously unmount or become invalid for a short time'? What should my next step be? This is on Dell hardware and we ran their diagnostic tools against the hardware and it came back clean.

  Read the article

• Pass parameters to a script securely

  - by codeholic

  What is the best way to pass parameters to a forked script securely? E. g. passing parameters through command line operands is not secure, since someone who has an account on the host can run ps and see them. Unnamed pipe is quite secure, as far as I understand, isn't it? I mean, passing parameters to STDIN of the forked process. What about passing parameters in environment vars? Is it secure? What about passing parameters by other means I didn't mention?

  Read the article

• How to configure OpenVPN server to use custom default gateway?

  - by Arenim

  I have a vpn server at address 10.1.0.2 and the server have another ip in it's network -- 10.0.0.2 in his subnet (it's a tun2socks router). But default server's gateway is NOT 10.0.0.2 (and it's ok) but another external IP. I want all the client's traffic to be forwarded through this ip address -- 10.0.0.2. Here is part of my server's config: dev tap0 server-bridge 10.1.0.1 255.255.255.0 10.1.0.50 10.1.0.100 push "route 10.0.0.0 255.255.255.0" ; now client can ping 10.0.0.2 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 10.1.0.1" push "dhcp-option WINS 10.1.0.1" in fact i want some like push "redirect-gateway 10.0.0.2" How can I achieve this?

  Read the article

• Triple-Boot + 4 partition Limit

  - by dsimcha

  I just bought a new hard drive so that I could convert my XP-only machine into an XP-Ubuntu-Windows 7 triple boot machine. Since the drive is absurdly huge (1 TB) I wouldn't mind throwing ReactOS into the mix, too. I just found out that master boot records are limited to 4 entries, meaning 4 primary partitions. I had Windows XP set up on my old drive as a boot partition, a program files partition and a media partition. Since I really didn't want to install XP from scratch, I cloned this setup on my new drive. This leaves me one MBR partition entry for installing Windows 7, Ubuntu and ReactOS. I'd like to avoid having to install XP from scratch like the plague, partly because it's supposed to be a safety net in case things go wrong with my other OS's and because I've invested a lot of time getting it set up exactly the way I like it. Here are the options I've considered and why I don't like them: Install Windows 7 on my media partition. This would work, but I prefer to keep my media partition completely separate from any OS, so that I can reformat an OS partition without affecting my media partition at all. Use wubi or something to install Ubuntu in the same partition as something else. Again, this is brittle. Move all my media to a logical drive on an extended partition. Create another logical drive on this extended partition for Ubuntu. The problem here is that extended partitions are rather brittle--if you nuke one, it renders the rest useless. Just put the old drive back in my computer and run XP off it. Use the new one for the other OS's. The problem here is that the old drive is slower and uses extra power, generates extra heat, etc. Can anyone suggest any other possibilities that I may have overlooked?

  Read the article

• How to get the PID of a process started by /bin/su -c

  - by crash3k

  I'm writing a init.d-script for an java-app. But the java-app should be run by another user. (The OS I'm using is Debian Squeeze.) I already got this: /bin/su - $USER - c "cd $PATH;echo $PASSWORD | $JAVA -Xmx256m -jar $PATH/app.jar -d > /dev/null" & PID=$! /bin/su - $USER - c "echo $PID > $PIDFILE" But this will of course only save the pid of the "/bin/su"-process instead of the pid of the created java-process.

  Read the article

• Getting PAM/user info into php - something like Net_Finger instead of a db?

  - by digitaltoast

  I've got a very small user group who just need to login, upload, check and then move specific files to a different area when ready. Right now, I use the nginx PAM auth module to log them in against their unix accounts. As their login is their home directory, I've already got the info to send the uploads to the right area - one line of php and no database needed. But I'm maintaining a separate DB just so PHP can welcome them, grab their email and send them an email when processed. Yes, sure I could use nosql or sqlite instead so as to not need a whole mysql install. But it occurred to me that as I've got all these blank user fields for phone numbers I could populate with any data, that I could use something like php's Net_Finger. Which failed for me with: sudo pear install Net_Finger Starting to download Net_Finger-1.0.1.tgz (1,618 bytes) ....done: 1,618 bytes could not extract the package.xml file from "/build/buildd/php5-5.5.9+dfsg/pear-build-download/Net_Finger-1.0.1.tgz" Download of "pear/Net_Finger" succeeded, but it is not a valid package archive Error: cannot download "pear/Net_Finger" At which point I thought I'd stop, and take a ServerFault reality check - is this a really bad/dangerous/stupid idea just to stop me having to maintain details in two places rather than one? It there a better way? Googling shows that it's not an oft-asked thing, so perhaps with good reason?

  Read the article

• how to check if something is in the queue of torque?

  - by kloop

  I want to re-run some jobs that completed prematurely under torque. These jobs are run through .job scripts (using qsub). However, I don't want to re-run a job which is already in the queue. Given a script filename, how can I know whether it is already in torque's queue (using qstat?) or not? I prefer to do it programmatically, of course, so any oneliner that searches for a given script name would be great. I will note that I can grep submit_args in qstat -f, but I can't get it to display the whole script name when it is too long. This is crucial. EDIT: I managed to solve it using the following command: qstat -x | perl -pi -e 's/\<\//\n/g' | grep job$ | grep -v submit_args | perl -pi -e 's/Job_Id\>\<Job_Name\>//' works because all my scripts end in the string "job".

  Read the article

• How may I start a process without having network access and later allow network access?

  - by Eduardo

  I want to run a process without network access but at a later time give access to the network.

  Read the article

• Setup Webmail server unable to receive mails

  - by user26516

  I installed centos and configured email server and if I send email goes perfectly but if i reply from email that email i am getting this kind of error. Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mx00.1and1.com. [74.208.5.3]. I have bought domain in 1and1.com and i successful parked the domain. But i have doubt shall i need to add anything in MX record for other mail server. Please anyone help.

  Read the article

• Can't ping Ip over bridge

  - by tmn29a

  I'm unable to ping another host over a bridge I created, I can't see the error -.- It's a remote machine running debian stable with some backports for which I want to set up DHCP on the new Subnet 172.30.xxx.xxx to be used for KVM-Guests. ifconfig : bond0 Link encap:Ethernet HWaddr e4:11:5b:d4:94:30 inet addr:10.54.2.84 Bcast:10.54.2.127 Mask:255.255.255.192 inet6 addr: fe80::e611:5bff:fed4:9430/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:34277 errors:0 dropped:0 overruns:0 frame:0 TX packets:18379 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2638709 (2.5 MiB) TX bytes:2887894 (2.7 MiB) br0 Link encap:Ethernet HWaddr f2:fc:4d:7f:15:f0 inet addr:172.30.254.66 Bcast:172.30.254.127 Mask:255.255.255.192 inet6 addr: fe80::f0fc:4dff:fe7f:15f0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:252 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:10800 (10.5 KiB) Pings : ping -I br0 172.30.xxx.65 PING 172.30.xxx.65 (172.30.xxx.65) from 172.30.xxx.66 br0: 56(84) bytes of data. --- 172.30.xxx.65 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2017ms ping -I bond0 172.30.254.65 PING 172.30.xxx.65 (172.30.xxx.65) from 10.54.2.84 bond0: 56(84) bytes of data. 64 bytes from 172.30.x.65: icmp_req=1 ttl=64 time=0.599 ms 64 bytes from 172.30.x.65: icmp_req=2 ttl=64 time=0.575 ms 64 bytes from 172.30.x.65: icmp_req=3 ttl=64 time=0.565 ms --- 172.30.x.65 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.565/0.579/0.599/0.031 ms Route : Destination Gateway Genmask Flags Metric Ref Use Iface 172.30.x.64 * 255.255.255.192 U 0 0 0 br0 10.54.x.64 * 255.255.255.192 U 0 0 0 bond0 default 10.54.x.65 0.0.0.0 UG 0 0 0 bond0 default 172.30.x.65 0.0.0.0 UG 0 0 0 br0 The Interface : cat /etc/network/interfaces auto lo br0 iface lo inet loopback # Bonding Interface auto bond0 iface bond0 inet static address 10.54.x.84 netmask 255.255.255.192 network 10.54.x.64 gateway 10.54.x.65 slaves eth0 eth1 bond_mode active-backup bond_miimon 100 bond_downdelay 200 bond_updelay 200 iface br0 inet static bridge_ports bond0 address 172.30.x.66 broadcast 172.30.x.127 netmask 255.255.x.192 gateway 172.30.x.65 bridge_maxwait 0 If you need more info please ask. Thanks for your help !

  Read the article

< Previous Page | 428 429 430 431 432 433 434 435 436 437 438 439  | Next Page >