December 30, 2007 -
Based on http://e18.physik.tu-muenchen.de/~tnagel/ipt_recent/
The following example is much simpler, it blocks hosts trying to connect more than 3 times to the SSH server within 60 seconds. If you need something more complex, check out the howto mentionned above.
This is my /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LIMIT_SSH - [0:0]
# accept localhost and related/established traffic
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
# transfer connections made to tcp/22 to the LIMIT_SSH chain
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j LIMIT_SSH
# block anything else in the INPUT chain
-A INPUT -j DROP
# if host has made more than 3 attempts in 60 seconds, drop it
-A LIMIT_SSH -m recent --set --name SSH
-A LIMIT_SSH -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP
-A LIMIT_SSH -j ACCEPT
COMMIT
Recent module homepage : http://www.snowman.net/projects/ipt_recent/
December 29, 2007 -
On the log server :
Edit /etc/sysconfig/syslog and change SYSLOGD_OPTIONS to match the following :
SYSLOGD_OPTIONS="-m 0 -r -s example.com"
-r : listen over the network, only necessary for log servers
-s : strip that value out of the logs (client.example.com would become client in the logs)
Restart the service :
# service syslog restart
The server will start listening on UDP/514
Make sure you allow that port in the firewall configuration on the log server
On the “client” (machine sending the logs) :
Edit /etc/syslog.conf and add the following line :
*.* @loghost.example.com
By adding that line and keeping the default config, the logs will be stored on the client machine and sent to the log server as well.
Restart the service :
# service syslog restart
Restart a service (like ntpd.. whatever) and check the log messages appearing on the log server.
Obviously, this post is just a reminder.
Please remember syslog uses UDP, which is an unreliable transport.
During an attack, packets could be dropped and log messages along.
Also there’s no authentication, an attacker could send fake log messages to the log server.
Logs are sent in clear text as well.
Syslog-ng addresses all these issues :
http://www.balabit.com/network-security/syslog-ng/
December 13, 2007 -
Howto for CentOS 4 here : http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/
1. Install packages :
yum install bind bind-chroot bind-libs bind-utils caching-nameserver
2. Configure RNDC :
cd /var/named/chroot/etc
rndc-confgen > rndc.key
chown root:named rndc.key
Edit rndc.key so it looks like this :
key "rndckey" {
algorithm hmac-md5;
secret "SGsvd1dF+mv+yU4ywCCkkg==";
};
You DON’T NEED anything else in the file (you must remove some option lines !)
A symlink in /etc exists and points to the rndc.key file we’ve just created, named expects that file there in order to be able to authenticate against rndc.
3. Configure /var/named/chroot/etc/named.conf
// we include the rndckey (copy-paste from rndc.key created earlier)
key "rndckey" {
algorithm hmac-md5;
secret "SGsvd1dF+mv+yU4ywCCkkg==";
};
// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
inet 192.168.254.207 allow { 192.168.254.0/24; } keys { "rndckey"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
recursion yes;
allow-recursion {
127.0.0.1;
192.168.254.0/24;
};
// these are the opendns servers (optional)
forwarders {
208.67.222.222;
208.67.220.220;
};
listen-on {
127.0.0.1;
192.168.254.207;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
// so people can't try to guess what version you're running
version "REFUSED";
allow-query {
127.0.0.1;
192.168.254.0/24;
};
};
server 192.168.254.207 {
keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
// forward zone
zone "test.be" IN {
type master;
file "data/test.be.zone";
allow-update { none; };
// we assume we have a slave dns server with the IP 192.168.254.101
allow-transfer { 192.168.254.101; };
};
// reverse zone
zone "250.168.192.in-addr.arpa" IN {
type master;
file "data/192.168.250.zone";
allow-update { none; };
allow-transfer { 192.168.254.101; };
};
4. Our first zone
Let’s say I own the domain test.be
We create our first zone under /var/named/chroot/var/named/data/test.be.zone
Here’s an example :
$ttl 38400
test.be. IN SOA ns.test.be. admin.test.be. (
2007020400 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
test.be. IN NS ns.test.be.
test.be. IN MX 1 mx.test.be.
test.be. IN MX 5 mx2.test.be.
www.test.be. IN A 192.168.100.5
ns.test.be. IN A 192.168.100.10
mx.test.be. IN A 192.168.100.20
mx2.test.be. IN A 192.168.100.21
mail.test.be. IN CNAME mx.test.be.
Here’s the corresponding reverse zone under /var/named/chroot/var/named/data/192.168.100.zone :
$TTL 86400
100.168.192.in-addr.arpa. IN SOA ns.test.be. admin.test.be. (
2007032000
10800
900
604800
3600 )
100.168.192.in-addr.arpa. IN NS ns.test.be.
20.100.168.192.in-addr.arpa. IN PTR mx.test.be.
5.100.168.192.in-addr.arpa. IN PTR www.test.be.
5. Start the service and make sure it’ll start at boot
service named start
chkconfig named on
Make sure it’s running :
# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
6. Query
# nslookup mx.test.be. 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mx.test.be
Address: 192.168.100.20
# nslookup www.google.com. 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 216.239.59.99
Name: www.l.google.com
Address: 216.239.59.103
Name: www.l.google.com
Address: 216.239.59.104
Name: www.l.google.com
Address: 216.239.59.147
7. /etc/resolv.conf
If the query made on the previous point is working, you can set up /etc/resolv.conf on the server.
It should look like this :
search test.be
nameserver 127.0.0.1
October 15, 2007 -
I’m planning on moving to PHP 5 and MySQL 5 on our CentOS 4 production server.
Before doing anything on the production machine, I’m testing the process on a fresh installation of CentOS on a virtual machine…
I first tried to upgrade PHP… MySQL updates should be pulled out from the repository as well but it didn’t work.
# yum update php --enable=centosplus
Setting up Update Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 140 kB 00:00
update : ################################################## 451/451
Added 451 new packages, deleted 0 old in 19.89 seconds
primary.xml.gz 100% |=========================| 580 kB 00:01
base : ################################################## 1518/1518
Added 1518 new packages, deleted 0 old in 55.58 seconds
primary.xml.gz 100% |=========================| 157 B 00:00
Added 0 new packages, deleted 0 old in 0.04 seconds
primary.xml.gz 100% |=========================| 54 kB 00:00
extras : ################################################## 228/228
Added 228 new packages, deleted 0 old in 6.44 seconds
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package php.i386 0:5.1.6-3.el4s1.7 set to be updated
--> Running transaction check
--> Processing Dependency: php-cli = 5.1.6-3.el4s1.7 for package: php
--> Processing Dependency: php = 4.3.9-3.22.9 for package: php-pear
--> Processing Dependency: php = 4.3.9-3.22.9 for package: php-mysql
--> Processing Dependency: php-common = 5.1.6-3.el4s1.7 for package: php
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package php-cli.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package php-common.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package php-pear.noarch 1:1.4.11-1.el4s1.1 set to be updated
---> Package php-mysql.i386 0:5.1.6-3.el4s1.7 set to be updated
--> Running transaction check
--> Processing Dependency: php-pdo for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15 for package: php-mysql
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package php-pdo.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package mysql.i386 0:5.0.27-1.el4.centos set to be updated
--> Running transaction check
--> Processing Dependency: libmysqlclient.so.14 for package: mysql-server
--> Processing Dependency: libmysqlclient.so.14(libmysqlclient_14) for package: mysql-server
--> Processing Dependency: libmysqlclient.so.14 for package: perl-DBD-MySQL
--> Processing Dependency: libmysqlclient_r.so.14 for package: mysql-server
--> Processing Dependency: libmysqlclient_r.so.14(libmysqlclient_14) for package: mysql-server
--> Processing Dependency: mysql = 4.1.20-2.RHEL4.1.0.1 for package: mysql-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package perl-DBD-MySQL.i386 0:3.0008-1.el4.centos set to be updated
---> Package mysql-server.i386 0:5.0.48-1.el4.centos set to be updated
--> Running transaction check
--> Processing Dependency: perl(:MODULE_COMPAT_5.8.8) for package: perl-DBD-MySQL
--> Processing Dependency: mysql = 5.0.48-1.el4.centos for package: mysql-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
warning: package mysql = 5.0.27-1.el4.centos was already added, replacing with mysql <= 5.0.48-1.el4.centos
---> Package mysql.i386 0:5.0.48-1.el4.centos set to be updated
---> Package perl.i386 4:5.8.8-4.el4s1 set to be updated
--> Running transaction check
--> Processing Dependency: libmysqlclient_r.so.15 for package: mysql-server
--> Processing Dependency: libmysqlclient.so.15 for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15 for package: mysql
--> Processing Dependency: mysql-libs = 5.0.48-1.el4.centos for package: mysql
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: perl-DBD-MySQL
--> Processing Dependency: libmysqlclient.so.15 for package: mysql-server
--> Processing Dependency: libmysqlclient.so.15 for package: perl-DBD-MySQL
--> Processing Dependency: libmysqlclient_r.so.15(libmysqlclient_15) for package: mysql-server
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: mysql-server
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: mysql
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package mysql.i386 0:5.0.27-1.el4.centos set to be updated
---> Package mysql-libs.i386 0:5.0.48-1.el4.centos set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
php i386 5.1.6-3.el4s1.7 centosplus 1.1 M
Installing for dependencies:
mysql-libs i386 5.0.48-1.el4.centos centosplus 1.8 M
php-cli i386 5.1.6-3.el4s1.7 centosplus 2.0 M
php-common i386 5.1.6-3.el4s1.7 centosplus 135 k
php-pdo i386 5.1.6-3.el4s1.7 centosplus 219 k
Updating for dependencies:
mysql i386 5.0.48-1.el4.centos centosplus 2.7 M
mysql i386 5.0.27-1.el4.centos centosplus 3.3 M
mysql-server i386 5.0.48-1.el4.centos centosplus 9.7 M
perl i386 4:5.8.8-4.el4s1 centosplus 11 M
perl-DBD-MySQL i386 3.0008-1.el4.centos centosplus 145 k
php-mysql i386 5.1.6-3.el4s1.7 centosplus 77 k
php-pear noarch 1:1.4.11-1.el4s1.1 centosplus 345 k
Transaction Summary
=============================================================================
Install 4 Package(s)
Update 8 Package(s)
Remove 0 Package(s)
Total download size: 33 M
Is this ok [y/N]:
As you can notice, it pulls out 2 different versions of the package “mysql”.
This is the explanation of the issue given on IRC :
<sw> wolfy, toracat : well i'm working on a fresh install on a VM before I do anything on the production server.. So i assume I did nothing wrong.. it does try to pull out both version because it complains they are conflicting
<sw> file /usr/bin/mysql conflicts between attempted installs of mysql-5.0.27-1.el4.centos and mysql-5.0.48-1.el4.centos
<Evolution> sw: what command are you running for the install?
<sw> Evolution, yum update php --enablerepo=centosplus
<Evolution> sw: that only pulls in php-mysql, which just needs mysql. you likely have mysql-server already installed
<Evolution> and that's what's conflicting.
<wolfy> Evolution: but shouldn't the new mysql obsolete the older one ?
<sw> the installed version of mysql-server is mysql-server-4.1.20-2.RHEL4.1.0.1
<Evolution> wolfy: it should and does, but php packaging changed, and that's caused a few issues in the upgrade.
<Evolution> it's a valid mixed arch case, as php-pear went from an i386 arch to a noarch
The working command :
# yum --enablerepo centosplus install php php-pear php-mysql mysql mysql-server
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
centosplus 100% |=========================| 951 B 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package php.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package mysql.i386 0:5.0.48-1.el4.centos set to be updated
---> Package mysql-server.i386 0:5.0.48-1.el4.centos set to be updated
---> Package php-pear.noarch 1:1.4.11-1.el4s1.1 set to be updated
---> Package php-mysql.i386 0:5.1.6-3.el4s1.7 set to be updated
--> Running transaction check
--> Processing Dependency: libmysqlclient_r.so.15 for package: mysql-server
--> Processing Dependency: php-cli = 5.1.6-3.el4s1.7 for package: php
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: mysql
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15 for package: mysql
--> Processing Dependency: php-pdo for package: php-mysql
--> Processing Dependency: mysql-libs = 5.0.48-1.el4.centos for package: mysql
--> Processing Dependency: php-common = 5.1.6-3.el4s1.7 for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15 for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15 for package: mysql-server
--> Processing Dependency: php-common = 5.1.6-3.el4s1.7 for package: php
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: mysql-server
--> Processing Dependency: libmysqlclient.so.14 for package: perl-DBD-MySQL
--> Processing Dependency: libmysqlclient_r.so.15(libmysqlclient_15) for package: mysql-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package php-pdo.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package mysql-libs.i386 0:5.0.48-1.el4.centos set to be updated
---> Package php-common.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package php-cli.i386 0:5.1.6-3.el4s1.7 set to be updated
---> Package perl-DBD-MySQL.i386 0:3.0008-1.el4.centos set to be updated
--> Running transaction check
--> Processing Dependency: perl(:MODULE_COMPAT_5.8.8) for package: perl-DBD-MySQL
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package perl.i386 4:5.8.8-4.el4s1 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
mysql i386 5.0.48-1.el4.centos centosplus 2.7 M
mysql-server i386 5.0.48-1.el4.centos centosplus 9.7 M
php i386 5.1.6-3.el4s1.7 centosplus 1.1 M
php-mysql i386 5.1.6-3.el4s1.7 centosplus 77 k
php-pear noarch 1:1.4.11-1.el4s1.1 centosplus 345 k
Installing for dependencies:
mysql-libs i386 5.0.48-1.el4.centos centosplus 1.8 M
php-cli i386 5.1.6-3.el4s1.7 centosplus 2.0 M
php-common i386 5.1.6-3.el4s1.7 centosplus 135 k
php-pdo i386 5.1.6-3.el4s1.7 centosplus 219 k
Updating for dependencies:
perl i386 4:5.8.8-4.el4s1 centosplus 11 M
perl-DBD-MySQL i386 3.0008-1.el4.centos centosplus 145 k
Transaction Summary
=============================================================================
Install 4 Package(s)
Update 7 Package(s)
Remove 0 Package(s)
Total download size: 30 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : perl ####################### [ 1/19]
Installing: php-common ####################### [ 2/19]
Installing: mysql-libs ####################### [ 3/19]
Updating : perl-DBD-MySQL ####################### [ 4/19]
Updating : mysql ####################### [ 5/19]
Installing: php-pdo ####################### [ 6/19]
Installing: php-cli ####################### [ 7/19]
Updating : php ####################### [ 8/19]
Updating : php-pear ####################### [ 9/19]
Updating : mysql-server ####################### [10/19]
Updating : php-mysql ####################### [11/19]
Cleanup : mysql-server ####################### [12/19]
Cleanup : php-mysql ####################### [13/19]
Cleanup : mysql ####################### [14/19]
Cleanup : php-pear ####################### [15/19]
Cleanup : perl ####################### [16/19]
Removing : perl-Filter ####################### [17/19]
Cleanup : php ####################### [18/19]
Cleanup : perl-DBD-MySQL ####################### [19/19]
Dependency Installed: mysql-libs.i386 0:5.0.48-1.el4.centos php-cli.i386 0:5.1.6-3.el4s1.7 php-common.i386 0:5.1.6-3.el4s1.7 php-pdo.i386 0:5.1.6-3.el4s1.7
Updated: mysql.i386 0:5.0.48-1.el4.centos mysql-server.i386 0:5.0.48-1.el4.centos php.i386 0:5.1.6-3.el4s1.7 php-mysql.i386 0:5.1.6-3.el4s1.7 php-pear.noarch 1:1.4.11-1.el4s1.1
Dependency Updated: perl.i386 4:5.8.8-4.el4s1 perl-DBD-MySQL.i386 0:3.0008-1.el4.centos
Complete!
August 24, 2007 -
Yeah, I decided I’ll be switching my servers to Debian.
It slowly started with my desktop OS, when I moved from Fedora to Ubuntu. (and CentOS before Fedora, until came the need for wireless with ipw3945 on my new laptop [was using Orinoco Gold on my old CentOS 4 laptop]).
There was a reason why I chose to try something else. First, the (french) translation under Fedora was somewhat broken back then, sometimes resulting in frenglish sentences. But the most tedious problem in Fedora was (and still is) actually the point of the Fedora project : it is a testing field for RedHat, meaning a lot of updates (I’ve had 100MB+ updates waiting when not booting for a few days), it also meant a lot of kernel updates, and at every kernel release, wireless support (provided by a 3rd party repo due to patent issue) and some other stuff would go kaboom. From there, you have two choices, sticking with the “old” kernel until support is brought up by some good fella out there, or rebuild/recompile that stuff that just broke.
In the end, you spend more time building/compiling/tweaking/figuring out/etc. than doing some actual work.
Then I moved to Ubuntu (since 6.06), it helped me discovering what Debian could be like (mainly the package management). Ubuntu particularly amazed me with the huge work brought at every new release. What struck me the most when I first tried Ubuntu was the availability of tools like ettercap and dsniff directly in the repositories… Indeed, anything depending on libnids/libnet/libpcap under CentOS/Fedora was a real pain (see here). Under Ubuntu, it was just a few clicks away.
What I like is also the huge user base, which means a lot of bug reports (maybe too much ? duplicates must be counter-productive) for all kind of hardware. Anytime I’m finding a bug, a bug report is already filled.
So… Enjoying Ubuntu on the desktop… I decided to give Debian a try on the server, appealed by the official repositories providing just about anything.
Here’s my feeling with Debian Etch after a few days…
Pros :
- Debian has a LOT of packages
- Debian really has a LOT of packages (Redhat based systems must have under 2000 packages available in the official repositories)
- I like the organization behind the project (http://en.wikipedia.org/wiki/Debian is an interesting read)
- I like the stable/testing/unstable/volatile repository scheme and the fact you can fetch some stuff from the testing repo or even unstable if you need the bleeding edge version of something
- apt-get must be 1000x faster than yum (edit : to make things clear, there’s a tad of exaggeration in this statement)
- postfix mysql support brought in packages, always had to rebuild RPM under CentOS
- no need to rely on 3rd party repositories for a majority of packages (until now, I found everything I needed)
- minimal install really IS minimal (you don’t even get telnet)(edit : to make things clear again, I know a minimal install holds on a few Mb, I’m comparing to CentOS 5 here), it takes minutes to install and is like 450 Mb big. That is nice, I like starting from scratch and only add what I really need. A minimal install of CentOS 5 can be tricky to achieve and require from 1 to 5 CD’s, the packages being ridiculously spread out on the CD’s. Also, you still get a truck of useless stuff like Bluetooth or CUPS on first boot. You have a few services listening by default too (netstat -nape is probably the first thing I check when trying a new distro). My first task when installing a new CentOS system was to remove the useless packages (see the list here)
Cons :
- Debian using getty by default instead of mingetty ?
- no real “yum provides” function in dpkg or apt-get.. have to search on packages.debian.org to find which package provide a file.
- a minor one, but vim by default doesn’t turn syntax coloring on.. Under RHEL, I just needed to install vim-enhanced and I was done. I’ll need to make a universal vimrc config file and distribute it..
- I prefer “service postfix restart” than “/etc/init.d/postfix restart”
- I also liked chkconfig under RedHat
Edit :
My simple points of comparison between Debian Etch and CentOS 5
Debian Etch :
Packages :
# dpkg -l | grep ii | wc -l
147
Netstat :
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
CentOS 5 :
Packages :
# rpm -qa | wc -l
340
Netstat :
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:1005 0.0.0.0:* LISTEN 0 5513 1671/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 5452 1646/portmap
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 6076 1906/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 6227 1948/sendmail: acce
tcp 0 0 :::22 :::* LISTEN 0 6136 1924/sshd
tcp 0 0 ::ffff:192.168.254.207:22 ::ffff:192.168.254.20:36575 ESTABLISHED 0 8275 2200/0
udp 0 0 0.0.0.0:999 0.0.0.0:* 0 5495 1671/rpc.statd
udp 0 0 0.0.0.0:1002 0.0.0.0:* 0 5504 1671/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 5451 1646/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 0 6079 1906/cupsd
After using Debian for more than a month, here are my views :
- iptables : no init script provided by default ? I liked the init script and /etc/sysconfig/iptables under RedHat. Now I will need to put a memo on this site.
- libapache2-mod-auth-mysql not in the stable repository ? This is an essential component of any serious LAMP setup
- vim : by default, no “set paste” and “syntax on” option. This is a minor one, easily fixed, but I don’t see the reason why I don’t get colored syntax when I use VIM instead of VI. It’s supposed to be “enhanced”. About the “set paste” option, I may be totally wrong but who wants the default behaviour (tab at every line of a pasted block) ?
- I miss chkconfig !!!
As you can see only minor itches so far, except about the apache module…
Edit 2 :
I’m now used to update-rc.d but here’s another tool to manage services and runlevel :
apt-get install sysv-rc-conf
August 14, 2007 -
Someone asked for help about installing courier-imap under CentOS 5.
I made the RPM for him and thought I would share them here.
The whole thing is packaged in a tar.gz
Courier-authlib
Version: 0.59.3 (22-Apr-2007)
Courier-Imap
Version: 4.1.3 (22-Apr-2007)
Download : http://www.wains.be/pub/courier-centos5-i386-20070814.tar.gz
Packages tested and working.
x86_64
Charles has been kind enough to build the RPMs for the x86_64 architecture and share them.
Courier-authlib
Version : 0.60.2
Courier-Imap
Version : 4.2.1
Download : http://www.wains.be/pub/courier-centos5-x86_64.tgz
I wasn’t able to test them, use these at your own risk.
July 13, 2007 -
I’ll consider you already have a database running.
I’ll only review how to set up the SSL certificate and key and what to change in the config files.
March 28, 2007 -
This was just part of an experiment on a test machine.
I wanted to see if it was a pain to install the latest kernel to a CentOS 4.4 system, and see if the system was stable etc.
The following steps are based on http://howtoforge.com/kernel_compilation_centos guide.
It is probably not the best way to deal with it. And you probably don’t want to install the latest kernel on a production system.
The kernel provided by the CentOS team is just FINE for 99 % cases.
USE AT YOUR OWN RISK.
March 6, 2007 -
Download the script (functional for me as of today with SpamAssassin 3.1.8) :
wget http://www.wains.be/pub/rules_du_jour.gz -O /usr/local/bin/rules_du_jour.gz && gzip -d /usr/local/bin/rules_du_jour.gz
I always find it difficult to download the script (site down, etc), so I put my current script online.
February 28, 2007 -
Download the NTFS kernel modules from :
http://www.linux-ntfs.org/content/view/135/71/
The download for the current kernel at the time is kernel-module-ntfs-2.6.9-42.0.8.EL-2.1.20-0.rr.10.0.i686.rpm
Install the RPM :
rpm -ihv kernel-module-ntfs-2.6.9-42.0.8.EL-2.1.20-0.rr.10.0.i686.rpm
Load the kernel module :
modprobe ntfs
Find the disk info : fdisk -l
One partition should be mentionned as HPFS/NTFS
Mount the partition :
mkdir /media/win
mount -t ntfs /dev/hdb1 /media/win
Voilà !
Next Page »
