Search Results

Search found 41561 results on 1663 pages for 'linux command'.

Page 516/1663 | < Previous Page | 512 513 514 515 516 517 518 519 520 521 522 523 | Next Page >

iptables -- OK, **now** am I doing it right?

- by Agvorth

This is a follow up to a previous question where I asked whether my iptables config is correct. CentOS 5.3 system. Intended result: block everything except ping, ssh, Apache, and SSL. Based on xenoterracide's advice and the other responses to the question (thanks guys), I created this script: # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete all chains # Disable routing. Drop packets if they reach the end of the chain. iptables -P FORWARD DROP # Drop all packets with a bad state iptables -A INPUT -m state --state INVALID -j DROP # Accept any packets that have something to do with ones we've sent on outbound iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept any packets coming or going on localhost (this can be very important) iptables -A INPUT -i lo -j ACCEPT # Accept ICMP iptables -A INPUT -p icmp -j ACCEPT # Allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow httpd iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow SSL iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Block all other traffic iptables -A INPUT -j DROP Now when I list the rules I get... # iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere state INVALID 9 612 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 DROP all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5 packets, 644 bytes) pkts bytes target prot opt in out source destination I ran it and I can still log in, so that's good. Anyone notice anything major out of wack?

Read the article
Conditionnal relay in postfix

- by Florent

I use postfix to send direct email. But, I use a relay to send email for specific senders. So I use "sender_dependent_relayhost_maps" : /etc/postfix/main.cf : relayhost = transport_maps = hash:/etc/postfix/transport smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay /etc/postfix/sender_relay : [email protected] smtp.relay.com So when I send an email with sender email "[email protected]", postfix will use the relay. But... I don't want to use the relay host for some recipient. ;) I think I must use "transport_map" to catch the email before it pass through "sender_dependent_relayhost_maps" but I don't know how to do it... Thanks

Read the article
dhclient append settings from multiple DHCP servers

- by Brian

I have a server with two interfaces connected to two separate networks, using DHCP for both. When dhclient is writing /etc/resolv.conf, I would like it to append settings that aren't already there. For instance, if I receive from one DHCP server: nameserver 10.0.0.1 search one.mydomain.com and from another: nameserver 10.1.1.254 search two.mydomain.com Then resolv.conf should look like this: search one.mydomain.com two.mydomain.com nameserver 10.0.0.1 nameserver 10.1.1.254 At the moment, it seems the last dhclient overwrites whatever was there. I know I can preconfigure settings in dhclient.conf using supercede or append, but then I have to hard-code the values. I've scoured the man page for dhclient, but it seems like dhclient prefers to work alone (i.e. not in conjunction with any other dhclients)...or am I missing something?

Read the article
CPU Affinity on ARM processors

- by dsljanus

I am using some RaspberryPI boards for a data acquisition system. They are nice boards, with plenty of community support around them, but they are really slow. I am thinking of gradually replacing them with ODROID multicore boards, with the Samsung Exynos processors. I have some experience using taskset to set CPU affinity on my servers because I am always running Node.js applications that are by definition single threaded. Now, is it possible to do this on an ARM board? I do not see why it would not in theory, but I have doubts over how well it is going to work. Does anyone have experience with this kind of hack? Also, I would appreciate any comments about ARM CPUs and how they differ from x86.

Read the article
How do I set up a virtual host?

- by user1698332

My router redirects port 80 to port 8080. This is my virtual hosts file: NameVirtualHost *:80 <VirtualHost *:80> DocumentRoot /home/admins/lampstack-5.3.16-0/apps/wordpress ServerName example.com ServerAlias www.example.com </VirtualHost> I can access my website by entering "mywebsite.com:8080" but I cannot access it by entering "mywebsite.com" For further information, this is a part of my httpd.conf: Listen 8080 Servername localhost:8080 DocumentRoot "/home/admins/lampstack-5.3.16-0/apache2/htdocs <Directory /> Options FollowSymLinks AllowOverride None Order deny, allow deny from all </Directory> <Directory "/home/admins/lampstack-5.3.16-0/apache2/htdocs"> Options FollowSymLinks AllowOverride None Order allow, deny allow from all </Directory>

Read the article
Sign multiple domains with single Domain Key (dk-filter)

- by Lashae

Motivation The private shopping website GILT, send periodical update emails from giltgroupe.bounce.ed10.net however all of the mails are signed with domain keys of giltgroupe.com. mailed-by giltgroupe.bounce.ed10.net signed-by giltgroupe.com My Story I couldn't manage to sign x.com with y.com 's domain key using dk-filter under Debian Lenny with postfix. If I try to init dk-filter service with following arguments: DAEMON_OPTS="$DAEMON_OPTS -d x.com,y.com -c nofws -k -i /var/dk-filter/internal_hosts -s /etc/dk-keys.conf" dk-filter service signs with domain x.com (d=x.com) If I change the daemon arg.s as following: DAEMON_OPTS="$DAEMON_OPTS -d x.com -c nofws -k -i /var/dk-filter/internal_hosts -s /etc/dk-keys.conf" then emails sent From y.com is not being signed. the dk-keys.conf file is as follows: *:/var/dk-filter/y.com/mail I managed to do same thing with DKIM, works perfect. However DK doesn't seem to work. I don't have any problem signing y.com's emails with y.com's key and x.com's emails x.com's key, which indicates there is no configuration problem. Do you have any experience/advice to make it possible to sign emails from multiple domains by a specific chosen domain?

Read the article
How to mount remote sambe from local host with multiple groups ?

- by Dragos

I am using mount.cifs to mount a remote samba share (both client and server are Ubuntu server 8.04) like this: mount.cifs //sambaserver/samba /mountpath -o credentials=/path/.credentials,uid=someuser,gid=1000 `$ cat .credentials username=user password=password I mounted a user from local system with username and password with mount.cifs but the problem is that the user is part of multiple groups on the remote system and with mount.cifs I can only specify one gid. Is there a way to specify all the gids that the remote user has ? Is there a way to: 1) Mount the remote samba with multiple groups on the local system ? 2) Browse the mount from 1) with the terminal since I want to pass some files from samba as arguments to local programs. Other solutions would be: nautilus sftp:// which runs through gvfs but the newer gnome does not write to disk the ~/.gvfs anymore so I can't browse it in terminal. An the last solution would be nfs but that means that I have to synchronize the uids and gids on the local system with the ones from the server.

Read the article
Set nginx.conf to deny all connections except to certain files or directories

- by Ben

I am trying to set up Nginx so that all connections to my numeric ip are denied, with the exception of a few arbitrary directories and files. So if someone goes to my IP, they are allowed to access the index.php file, and the phpmyadmin directory for example, but should they try to access any other directories, they will be denied. This is my server block from nginx.conf: server { listen 80; server_name localhost; location / { root html; index index.html index.htm index.php; } location ~ \.php$ { root html; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /srv/http/nginx/$fastcgi_script_name; include fastcgi_params; } } How would I proceed? Thanks very much!

Read the article
mod rewrite help

- by Benny B

Ok, I don't know regex very well so I used a generator to help me make a simple mod_rewrite that works. Here's my full URL https://www.huttonchase.com/prodDetails.php?id_prd=683 For testing to make sure I CAN use this, I used this: RewriteRule prodDetails/(.*)/$ /prodDetails.php?id_prd=$1 So I can use the URL http://www.huttonchase.com/prodDetails/683/ If you click it, it works but it completely messes up the relative paths. There are a few work-arounds but I want something a little different. https://www.huttonchase.com/prod_683_stainless-steel-flask I want it to see that 'prod' is going to tell it which rule it's matching, 683 is the product number that I'm looking up in the database, and I want it to just IGNORE the last part, it's there only for SEO and to make the link mean something to customers. I'm told that this should work, but it's not: RewriteRule ^prod_([^-]*)_([^-]*)$ /prodDetails.php?id_prd=$1 [L] Once I get the first one to work I'll write one for Categories: https://www.huttonchase.com/cat_11_drinkware And database driven text pages: https://www.huttonchase.com/page_44_terms-of-service BTW, I can flip around my use of dash and underscore if need be. Also, is it better to end the URLs with a slash or without? Thanks!

Read the article
Can you change the metadata version on an existing array?

- by xenoterracide

So I've been told that grub requires metadata version 0.90 I'm wondering if I can change my existing arrays to use that instead of the default which is 1.2. That way I don't have to go about a reinstall. If yes, how can I do it?

Read the article
unable to decompress a *.tar.xz file

- by neubert

Per http://askubuntu.com/a/107976 I tried tar xf php-5.6.0RC4.tar.xz and tar -xJf php-5.6.0RC4.tar.xz and in both cases I get the following: tar (child): xz: Cannot exec: No such file or directory tar (child): Error is not recoverable: exiting now tar: Child returned status 2 tar: Error is not recoverable: exiting now Here's php-5.6.0RC4.tar.xz: http://downloads.php.net/tyrael/php-5.6.0RC4.tar.xz I'm running Ubuntu 14.04 LTS.

Read the article
how're routing tables populated?

- by Robbie Mckennie

i've been reading "tcp/ip illustrated" and i started reading about ip forwarding. all about how you can receive a datagram and work out where to send it next based on the desination ip and your routing table. but what confused me is how (in a home network setting) the table itself is populated. is there a lower layer protocol at work here? does it come along with dhcp? or is it simply based on the ip address and netmask of each interface? i do know (from other books) that in the early days of ethernet one had to set up routing tables by hand, but i know i didn't do that.

Read the article
Ubuntu server; Backup of server and MySql database, and Solr database

- by Camran

How is backup done on ubuntu servers? I have a server (Ubuntu 9.10) which has apache2 installed, php5, mysql etc... The website is a classifieds website where all classifieds are stored in mysql and Solr. I need to backup this server with all information to be able to fully restore it if something goes wrong. How should I start? Is it an automated task, or will I do backups manually? (prefer manually) Thanks

Read the article
Debian Testing installs Iceweasel ESR (severely outdated)?

- by Lucas Phillips

I just reinstalled Debian Testing, and for some reason, instead of Iceweasel 25, I have 17. The installed and candidate versions are both 17.0.9esr-1~deb7u1. apt-get update && apt-get upgrade does nothing, and it seems that version 17 is the latest for this install. I was on Debian Testing before, and Iceweasel was at the latest version. Even Debian Stable had an Iceweasel version 20. Why would it be trying to install ESR now?

Read the article
Xorg: How can I map AltGr to the CapsLock Key (to toggle 3rd level symbols)

- by basweber

Hi, as many others I don't need Capslock. I want to reassign it to have the function of AltGr. I use Kubuntu 9.10 but I think there must be a solution which is distribution independent. I already tried to use setxkbmap or xmodmap. Using xmodmap at least I managed that the CapsLock key to behaves like the Delete key by following this description. But I could not achieve assigning the AltGr behavior to CapsLock.

Read the article
I need a reverse proxy solution for SSH

- by Bond

Hi here is a situation I have a server in a corporate data center for a project. I have an SSH access to this machine at port 22.There are some virtual machines running on this server and then at the back of every thing many other Operating systems are working. Now Since I am behind the data centers firewall my supervisor asked me if I can do some thing by which I can give many people on Internet access to these virtual machines directly. I know if I were allowed to get traffic on port other than 22 then I can do a port forwarding. But since I am not allowed this so what can be a solution in this case. The people who would like to connect might be complete idiots.Who may be happy just by opening putty at their machines or may be even filezilla.I have configured an Apache Reverse Proxy for redirecting the Internet traffic to the virtual machines on these hosts.But I am not clear as for SSH what can I do.So is there some thing equivalent to an Apache Reverse Proxy which can do similar work for SSH in this situation. I do not have firewall in my hands or any port other than 22 open and in fact even if I request they wont allow to open.2 times SSH is not some thing that my supervisor wants.

Read the article
xrander detect only one display

- by cupakob

Hi all, i have a problem, to get a picture on my tv over VGA (and also over S-Video to SCART). I've tried it first over xorg, but without success. After that i tried xrand, but xrander detect only my laptop display, here the output bufka [~] $ xrandr -q Screen 0: minimum 1680 x 1050, current 1680 x 1050, maximum 1680 x 1050 default connected 1680x1050+0+0 0mm x 0mm 1680x1050 50.0* 51.0 52.0 Any suggestions, how to solve the problem? My video card is Nvidia Geforce 8600M GT, TV is LG M227WPD and OS Ubuntu Lucid...

Read the article
Very high memory usage, but not claimed by any process?

- by SharkWipf

While stress-testing LVM on one of our Debian servers, I came across this issue where memory would fill up a lot to the point where it would run the server out of memory, but no process would claim the memory. See http://i.imgur.com/cLn5ZHS.png, and see http://serverfault.com/a/449102/125894 for an explanation on the colors used in htop. Why is this happening? And is there any way to see what process is using the memory? Htop is configured not to hide any processes, so what is it that htop is missing? In this particular case, I can fairly certainly say that it is caused, directly or indirectly, by lvmcreate, lvmremove or dmsetup, as I was stress-testing that. Do note that this question is not about solving the LVM problem, but about why the memory isn't claimed by any process. Stopping all LVM commands does bring the memory back down to <600MB.

Read the article
Looking for a "light" compositing manager for GNOME

- by detly

I have an HP Pavilion DM3 (graphics is nVidia GeForce G105M), running Debian Squeeze with GNOME 2.30. My preference for DE is Gnome + Metacity + Nautilus. I'd like to use Docky, but it requires compositing. So I'm looking for a relatively "light" compositing manager. I realise that "light" is ambiguous, but I basically want something that won't chew through my notebook's batteries because of CPU or GPU usage. I know that Metacity is capable of compositing, but as far as I'm aware it's still testing. Some people report that it's smooth and lightweight, others claim that it eats up processor time. I've also seen references to a problem with nVidia, but no actual details. I'm not averse to Compiz, but I haven't used it before and I don't know what to expect in terms of "weight." And maybe there's something else I haven't heard of. So can anyone recommend anything? Or dispel my idea that Metacity is not the right tool for the job? (Originally posted on GNOME forums.)

Read the article
Convert Ubuntu 10.04 into a server?

- by letseatfood

Hello, I have Ubuntu 10.04 Lucid Lynx Desktop version installed and am interested in running it as a server. I have already installed Apache, PHP, and MySQL. I am completely new to server administration. Would somebody please point me in a good direction to setting this up? I am sure there are numerous tutorials online, but I just can't seem to find one. Thanks!

Read the article
Keepalived for more than 20 virtual addresses

- by cvaldemar

I have set up keepalived on two Debian machines for high availability, but I've run into the maximum number of virtual IP's I can assign to my vrrp_instance. How would I go about configuring and failing over 20+ virtual IP's? This is the, very simple, setup: LB01: 10.200.85.1 LB02: 10.200.85.2 Virtual IPs: 10.200.85.100 - 10.200.85.200 Each machine is also running Apache (later Nginx) binding on the virtual IPs for SSL client certificate termination and proxying to backend webservers. The reason I need so many VIP's is the inability to use VirtualHost on HTTPS. This is my keepalived.conf: vrrp_script chk_apache2 { script "killall -0 apache2" interval 2 weight 2 } vrrp_instance VI_1 { interface eth0 state MASTER virtual_router_id 51 priority 101 virtual_ipaddress { 10.200.85.100 . . all the way to . 10.200.85.200 } An identical configuration is on the BACKUP machine, and it's working fine, but only up to the 20th IP. I have found a HOWTO discussing this problem. Basically, they suggest having just one VIP and routing all traffic "via" this one IP, and "all will be well". Is this a good approach? I'm running pfSense firewalls in front of the machines. Quote from the above link: ip route add $VNET/N via $VIP or route add $VNET netmask w.x.y.z gw $VIP Thanks in advance. EDIT: @David Schwartz said it would make sense to add a route, so I tried adding a static route to the pfSense firewall, but that didn't work as I expected it would. pfSense route: Interface: LAN Destination network: 10.200.85.200/32 (virtual IP) Gateway: 10.200.85.100 (floating virtual IP) Description: Route to VIP .100 I also made sure I had packet forwarding enabled on my hosts: $ cat /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv4.ip_nonlocal_bind=1 Am I doing this wrong? I also removed all VIPs from the keepalived.conf so it only fails over 10.200.85.100.

Read the article
How to determine if a file has been backed up?

- by Console

I try to consolidate old drives to new ones of larger capacity. Sometimes files have been renamed, but are otherwise identical. Sometimes an old directory has just a few more files in it than a newer directory with the same name. Sometimes a file has the same name but the size differs. So I often find myself asking the question: Are there any files on this old drive or directory that I haven't already copied to the new drive? I just want to know that I have the files, I don't want to try and sync stuff automatically (Syncing tools tend to just sync, creating duplicate folder structures and other problems, so I prefer to do it by hand). Basically, if an old drive has a file called "foo.bar" ten directories deep, and my new big drive has an identical file called "oldstuff.zip" in the root, I just want a "yes you have it" or "no, unique files exist". Is there a free tool, a script or a quick and easy method (Mac/Unix or Windows) to get the answer?

Read the article
Easier way to create floppy disk images?

- by Bryan

I'm using Vyatta routers with KVM and want to attach a floppy drive with a config file for Vyatta when I boot the image. I'll be doing this over and over again, and as such am looking for an automated way of creating the floppy images. Right now, I'm doing the following: Create floppy image with qemu-img create Format floppy image with mkdosfs Mount floppy image with mount -t fat /tmp/floppy.img /media/floppy Populate floppy image with cp -r /tmp/configs/ /media/floppy/ Unmount floppy image with umount /media/floppy Save floppy image with mv /tmp/floppy.img ~/floppies/ Any chance there's an easier way to do this?! Perhaps a shortcut application that I can give a directory to and it will do all this for me w/out having to mount the image?

Read the article
Add user in CentOS 5

- by Ron

I created a new user in my CentOS web server with useradd. Added a password with passwd. But I can't log in with the user via SSH. I keep getting 'access denied'. I checked to make sure that the password was assigned and that the account is active. /var/log/secure shows the following error: Aug 13 03:41:40 server1 su: pam_unix(su:auth): authentication failure; logname= uid=500 euid=0 tty=pts/0 ruser=rwade rhost= user=root Please help, Thanks Thanks for the responses so far: I should add that it is a VPS on a remote computer, fresh out of the box. I can log in as the root user quite fine. I can also su to the new user, but I cannot log in as the new user. Here is my sshd_config file: # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no #UsePAM no UsePAM yes # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #ShowPatchLevel no #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server

Read the article
How to remap AltGr key in KDE 4.3.2?

- by Alan Haggai Alavi

Hi, I have enabled altgr-intl keyboard layout. How can I remap such that Windows key acts as AltGr instead of right Alt key. KDE 4.3.2

Read the article

< Previous Page | 512 513 514 515 516 517 518 519 520 521 522 523 | Next Page >