From owner-freebsd-isp Sun Aug 26 16:15:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id B582937B405 for ; Sun, 26 Aug 2001 16:15:30 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f7QNFOH26750 for ; Sun, 26 Aug 2001 17:15:24 -0600 (MDT) From: "Dave VanAuken" To: "BSD-ISP" Subject: Frontpage Extensions - security and reliability assessment Date: Sun, 26 Aug 2001 19:12:40 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Recently have had a few requests for frontpage support. We are entirely FreeBSD Server based and I dread the thought of installing an NT/2k Server on our network to support these requests. Reviewed Frontpage extensions and a myriad of security, reliability, and general discontented reports. Have also tracked down some helpful resources like the rtr.com site. The general feeling is that adding FP extensions is going to create a security and support headache. Looking for feedback, install suggestinos, particularly good resources, hacks, patches, and anything else that may help us make an accurate judgement on this. FreeBSD boxes for the most part have performed without a hitch under a wide range of setups and hacks... Would hate to comprimise this just to support a few "developers" using a Micro$oft product. TIA Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Aug 26 19: 7:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pendragon.tacni.net (mail.tacni.net [216.178.136.165]) by hub.freebsd.org (Postfix) with SMTP id 92B6137B405 for ; Sun, 26 Aug 2001 19:07:53 -0700 (PDT) (envelope-from tom.oneil@tacni.com) Received: (qmail 74787 invoked by alias); 27 Aug 2001 02:07:32 -0000 Received: from unknown (HELO tacni.com) (216.201.173.186) by pendragon.tacni.net with SMTP; 27 Aug 2001 02:07:32 -0000 Message-ID: <3B89AB63.B2633D66@tacni.com> Date: Sun, 26 Aug 2001 21:07:31 -0500 From: Tom ONeil Organization: Texas American Communications Network Inc. X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Dave VanAuken , Free Subject: Re: Frontpage Extensions - security and reliability assessment References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FWIW - we gave up on FP on FreeBSD and put in a Win2K server. Making FP work on unix felt.... dirty, somehow. We have enough call for other M$ stuff that it became worth it to have a separate machine. Tom Dave VanAuken wrote: > > Recently have had a few requests for frontpage support. We are entirely FreeBSD > Server based and I dread the thought of installing an NT/2k Server on our > network to support these requests. > > Reviewed Frontpage extensions and a myriad of security, reliability, and general > discontented reports. Have also tracked down some helpful resources like the > rtr.com site. > > The general feeling is that adding FP extensions is going to create a security > and support headache. > > Looking for feedback, install suggestinos, particularly good resources, hacks, > patches, and anything else that may help us make an accurate judgement on this. > > FreeBSD boxes for the most part have performed without a hitch under a wide > range of setups and hacks... Would hate to comprimise this just to support a > few "developers" using a Micro$oft product. > > TIA > > Dave > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Thomas J. ONeil tom.oneil@tacni.com http://www.tacni.net "National Power, Local Presence" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Aug 26 19:51:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 2F5A537B406 for ; Sun, 26 Aug 2001 19:51:37 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f7R2pZj46585; Sun, 26 Aug 2001 20:51:36 -0600 (MDT) From: dave@hawk-systems.com (Dave) To: "Tom ONeil" , "Free" Subject: RE: Frontpage Extensions - security and reliability assessment Date: Sun, 26 Aug 2001 22:48:53 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3B89AB63.B2633D66@tacni.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > FWIW - we gave up on FP on FreeBSD and put in a Win2K server. Making FP >work on unix felt.... dirty, somehow. I know, but I feel the same way about putting a Win2k server on our network... what do you do, offer a Network SLA and then a Win2k Server SLA to differentiate reliability and security :( At the same time I get about as much a feeling of "stability" from the frontpage extensions for *nix as I do from a Win2k server... needless to say that isn't great. > We have enough call for other M$ stuff that it became worth it to have >a separate machine. We have not as of yet... pushing the FBSD/Cisco/Redundancy aspect of things as our "thing" and have been gracefully outsourcing or passing on the few customers who were dying to work with FP or services on Win platform. Any positive solutions or feedback from anyone using frontpage extensions on FreeBSD/Apache? >> Reviewed Frontpage extensions and a myriad of security, reliability, >and general >> discontented reports. Have also tracked down some helpful resources like the >> rtr.com site. >> >> The general feeling is that adding FP extensions is going to create >a security >> and support headache. >> >> Looking for feedback, install suggestinos, particularly good >resources, hacks, >> patches, and anything else that may help us make an accurate >judgement on this. >> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Aug 26 20: 1:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from backup.dagupan.com (www.psysc.org.ph [206.101.69.5]) by hub.freebsd.org (Postfix) with ESMTP id F039137B403 for ; Sun, 26 Aug 2001 20:01:20 -0700 (PDT) (envelope-from francisv@dagupan.com) Received: by chat.dagupan.com with Internet Mail Service (5.5.2653.19) id ; Mon, 27 Aug 2001 11:00:52 +0800 Message-ID: <10F29E27A956D511B0940050DA8D86A908F7BF@chat.dagupan.com> From: francisv@dagupan.com To: isp@freebsd.org Subject: PPPoE server Date: Mon, 27 Aug 2001 11:00:49 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Has anyone here experienced building a PPPoE server? --- francis vidal [bitstop network services] streaming media + web services v(02)330-2872,(02)330-2873 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 4:52:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by hub.freebsd.org (Postfix) with SMTP id A501937B405 for ; Mon, 27 Aug 2001 04:52:31 -0700 (PDT) (envelope-from troy@psknet.com) Received: (qmail 84812 invoked by uid 85); 27 Aug 2001 11:52:25 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-0.95 (uvscan: v4.1.20/v4143. . Clean. Processed in 0.333713 secs); 27 Aug 2001 11:52:25 -0000 Received: from abyss.dashit.net (HELO abyss) (gunk@63.171.251.250) by voyager.psknet.com with SMTP; 27 Aug 2001 11:52:24 -0000 From: "Troy Settle" To: "Dave" , "Tom ONeil" , "Free" Subject: RE: Frontpage Extensions - security and reliability assessment Date: Mon, 27 Aug 2001 07:52:24 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Having run the FP extensions on Apache/FreeBSD since 1996, I can say that if you're careful and read the docs, you can have a safe, secure machine running the FP extensions. In fact, apache+frontpage is probably more secure than IIS+Frontpage. I would recommend building a test box first. Once you've gotten FP installed, try to break it. Chances are that if you do break it, it's going to be due to a misconfiguration on your part. Support is actually pretty easy. After creating a web (IP or Name based) and testing, I create a user for the web and give that username/password to the customer. Make sure he can open the web, then leave it alone. The only time I get a call for support is when I forget to set something within the web configuration (such as the mail-from address), or if a user needs help importing/publishing an existing web site to it's new home. For reliability, frontpage will not compromise this. There's still some boxes from a previous life that are running Apache+FP. One has been up for 521 days and running apache non-stop since 03 Jan 2001, the other has been up over 760 days and running apache since 03 June 2000. Between the two, there are about 280 web sites, most of which are Frontpage enabled. I suppose it would be fair to mention that users can also use FP to publish their web site via FTP, however they lose all FP functionality beyond that. This is what my 'normal' users do when they want to use FP to build their personal web site. HTH, -- Troy Settle Pulaski Networks 540.994.4254 - 866.477.5638 http://www.psknet.com PS: FWIW, I kicked and screamed like a child when my boss first asked me to install FP back in '96. I was NOT a happy camper and I damned near lost my job over the issue. ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Dave ** Sent: Sunday, August 26, 2001 10:49 PM ** To: Tom ONeil; Free ** Subject: RE: Frontpage Extensions - security and reliability assessment ** ** ** > FWIW - we gave up on FP on FreeBSD and put in a Win2K server. Making FP ** >work on unix felt.... dirty, somehow. ** ** I know, but I feel the same way about putting a Win2k server on ** our network... ** what do you do, offer a Network SLA and then a Win2k Server SLA ** to differentiate ** reliability and security :( ** ** At the same time I get about as much a feeling of "stability" ** from the frontpage ** extensions for *nix as I do from a Win2k server... needless to ** say that isn't ** great. ** ** > We have enough call for other M$ stuff that it became worth it to have ** >a separate machine. ** ** We have not as of yet... pushing the FBSD/Cisco/Redundancy ** aspect of things as ** our "thing" and have been gracefully outsourcing or passing on ** the few customers ** who were dying to work with FP or services on Win platform. ** ** Any positive solutions or feedback from anyone using frontpage ** extensions on ** FreeBSD/Apache? ** ** >> Reviewed Frontpage extensions and a myriad of security, reliability, ** >and general ** >> discontented reports. Have also tracked down some helpful ** resources like the ** >> rtr.com site. ** >> ** >> The general feeling is that adding FP extensions is going to create ** >a security ** >> and support headache. ** >> ** >> Looking for feedback, install suggestinos, particularly good ** >resources, hacks, ** >> patches, and anything else that may help us make an accurate ** >judgement on this. ** >> ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 4:57:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.amplex.net (mailsrv.amplex.net [209.57.124.54]) by hub.freebsd.org (Postfix) with ESMTP id 55AAC37B406 for ; Mon, 27 Aug 2001 04:57:43 -0700 (PDT) (envelope-from mark@amplex.net) Received: from mark2000 (amplex-mark.amplex.net [209.57.124.58]) (authenticated) by mailsrv.amplex.net (8.11.2/8.11.2) with ESMTP id f7RBtwR12512 for ; Mon, 27 Aug 2001 07:55:58 -0400 (EDT) From: "Mark Radabaugh - Amplex" To: "Free" Subject: RE: Frontpage Extensions - security and reliability assessment Date: Mon, 27 Aug 2001 07:57:37 -0400 Message-ID: X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Any positive solutions or feedback from anyone using > FrontPage extensions on > FreeBSD/Apache? > We have used FP on FreeBSD (not extensively) without much trouble - actually in a lot of ways it worked better than on an IIS box. There are several things that Unix/FP does better than IIS - in particular allowing users to set their own access controls to the site. Under IIS this has to be done by adding users to the NT user list - ugly and unscalable - or using databases. FP under IIS can be a pain as it is fairly easy to break the extensions. The biggest cause of headaches seems to be customers that want both ftp and FP access. FP stores most of it's configuration (and access control) in several special directories in the web site. Customers are forever 'accidentally' blowing these directories away with ftp and then wondering why FP quits working. It's probably easiest to just run a IIS box for customers that want FP (at least that is what we do). 2000's uptime so far is much improved over NT - if you don't count the reboots required by the security patch of the week... Mark Radabaugh Amplex (419) 833-3635 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 6:22:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inu.net (mail.inu.net [63.151.4.24]) by hub.freebsd.org (Postfix) with ESMTP id 7E21F37B405 for ; Mon, 27 Aug 2001 06:22:12 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: from buckhorn.net [63.151.3.239] by inu.net with ESMTP (SMTPD32-5.05) id A97D114F01A8; Mon, 27 Aug 2001 08:22:05 -0500 Message-ID: <3B8A4965.5484BA3B@buckhorn.net> Date: Mon, 27 Aug 2001 08:21:41 -0500 From: Bob Martin Reply-To: bob@inu.net X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.4-PRERELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Dave VanAuken Cc: BSD-ISP Subject: Re: Frontpage Extensions - security and reliability assessment References: Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dave VanAuken wrote: > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Recently have had a few requests for frontpage support. We are entirely FreeBSD > Server based and I dread the thought of installing an NT/2k Server on our > network to support these requests. > > Reviewed Frontpage extensions and a myriad of security, reliability, and general > discontented reports. Have also tracked down some helpful resources like the > rtr.com site. > > The general feeling is that adding FP extensions is going to create a security > and support headache. > > Looking for feedback, install suggestinos, particularly good resources, hacks, > patches, and anything else that may help us make an accurate judgement on this. > > FreeBSD boxes for the most part have performed without a hitch under a wide > range of setups and hacks... Would hate to comprimise this just to support a > few "developers" using a Micro$oft product. > > TIA > > Dave We have been running FP on Apache for some time now. Never a hitch. We recently moved 2 domains to a NT 2000 box as the customers wanted VB support. They where less than pleased by the performance hit the extensions took. While we could move all of our FP customers to NT, we keep them on Unix because the provisioning is much simpler.... Well, at least for us 8^) -- Bob Martin, CTO InterNet Unlimited http://www.inu.net mailto:bob@inu.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 7:36: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from federation.addy.com (federation.addy.com [208.11.142.20]) by hub.freebsd.org (Postfix) with ESMTP id C6F1F37B407 for ; Mon, 27 Aug 2001 07:35:57 -0700 (PDT) (envelope-from jim@federation.addy.com) Received: from localhost (jim@localhost) by federation.addy.com (8.9.3/8.9.3) with ESMTP id KAA55991 for ; Mon, 27 Aug 2001 10:40:32 -0400 (EDT) (envelope-from jim@federation.addy.com) Date: Mon, 27 Aug 2001 10:40:32 -0400 (EDT) From: Jim Sander Cc: BSD-ISP Subject: Re: Frontpage Extensions - security and reliability assessment In-Reply-To: <3B8A4965.5484BA3B@buckhorn.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ditto what others have been saying. We've got a few hundred FP-enabled sites running on FreeBSD, and relatively few problems. Security-wise, there's no way to know for sure since the code isn't public, but we haven't seen any real problems since the early days. (knock on wood!) Common sense seems to be enough to keep a reasonably secure system. Users here also have FTP and shell access to their FP-enabled accounts, so it is pretty easy for them to clobber things that FP expects to see. That (usually) won't totally hose their site, and (again usually) a simple uninstall and reinstall of the extensions fixes the problem. We tell people that if they want to do "advanced" things, they're probably better off without the extensions since most of those capabilities are trivially duplicated via CGI scripts anyway. One problem missed is that lots of the functionality of the FP server extensions is controlled by the FP client. For instance FP97, and early versions of FP98, by default create more restrictive .htaccess files than later versions- specifically not allowing the POST method everywhere. This can confuse people who don't understand such things (the likely users of FP) if you're also allowing them to use their own scripts. We've also seen problems related to the way FP2K handles sub-webs compared to FP98. (now you're allowed to have nested subwebs) If customers use both versions of FP (or for a short time after they upgrade) it can be a bit strange until they republish their entire web and all the subwebs. If you're supporting a heterogenous environment is a bit of a pain, especially from the aspect of documentation- but mostly people have moved to FP2K now I think. (and we'll see what happens with 2002 I guess) Mostly it's a question of FP not "playing well with others" - if you stick to supporting only the built-in FP stuff, you're OK. When you try to mix in your own complex CGI functions it can get interesting sometimes. Still, with care it's definitely possible- it just takes some hacking. Then there's the issue of ASP support- which of course is nonexistant. So certain things like the "Save to Database" form component won't work. That's probably the biggest hurdle- explaining that having the FrontPage extensions doesn't necessarily enable ASP scripting. -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 8: 1:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id DBF4837B405 for ; Mon, 27 Aug 2001 08:01:27 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f7RF1Rq32105 for ; Mon, 27 Aug 2001 09:01:27 -0600 (MDT) From: "Dave VanAuken" To: "BSD-ISP" Subject: Apache with Frontpage patch or manual script alias Date: Mon, 27 Aug 2001 10:58:49 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Assuming the decision to go forward with FP on FreeBSD... There are generall two methods, one being the installation of the apache-fp patch and the other a manual script aliasing of the apache cgi's... Which is recommended? Ideally the end result is Apache with mod_ssl, mod_php and a few others... and giving the option of using frontpage extensions to users. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 8:34:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inu.net (mail.inu.net [63.151.4.24]) by hub.freebsd.org (Postfix) with ESMTP id F344037B401 for ; Mon, 27 Aug 2001 08:34:34 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: from buckhorn.net [63.151.3.239] by inu.net with ESMTP (SMTPD32-5.05) id A889DDD100D0; Mon, 27 Aug 2001 10:34:33 -0500 Message-ID: <3B8A6870.D59F2D86@buckhorn.net> Date: Mon, 27 Aug 2001 10:34:08 -0500 From: Bob Martin Reply-To: bob@inu.net X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.4-PRERELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Dave VanAuken Cc: BSD-ISP Subject: Re: Apache with Frontpage patch or manual script alias References: Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dave VanAuken wrote: > > Assuming the decision to go forward with FP on FreeBSD... There are generall > two methods, one being the installation of the apache-fp patch and the other a > manual script aliasing of the apache cgi's... > > Which is recommended? > > Ideally the end result is Apache with mod_ssl, mod_php and a few others... and > giving the option of using frontpage extensions to users. > > Dave It takes a little reading, but you can build apache with everything but the kitchen sink. We have one server that's mod_ssl, mod_perl, mod_php and FP. I confess that we use Raven software for our ssl, and so I can't coment on building apache with openssl, but I would think it's pretty much the same process. -- Bob Martin, CTO InterNet Unlimited http://www.inu.net mailto:bob@inu.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 9: 4: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 076D837B407 for ; Mon, 27 Aug 2001 09:04:03 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f7RG3qw54682; Mon, 27 Aug 2001 11:03:56 -0500 (CDT) (envelope-from nick@rogness.net) Date: Mon, 27 Aug 2001 11:03:51 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: bob@inu.net Cc: Dave VanAuken , BSD-ISP Subject: Re: Apache with Frontpage patch or manual script alias In-Reply-To: <3B8A6870.D59F2D86@buckhorn.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 27 Aug 2001, Bob Martin wrote: > > Which is recommended? > > Ideally the end result is Apache with mod_ssl, mod_php and a few > others... and > giving the option of using frontpage extensions to > users. > > Dave It takes a little reading, but you can build apache > with everything but the kitchen sink. We have one server that's > mod_ssl, mod_perl, mod_php and FP. I confess that we use Raven > software for our ssl, and so I can't coment on building apache with > openssl, but I would think it's pretty much the same process. I just built apache+ssl with mod_php, mysql, mod_perl, and FP extentions...what a pain in the a$$. I built it with frontpage98 extentions and it sucks. The frontpage script to add stuff does not understand the /usr/local/etc/apache config structure so you have to make some symlinks to /usr/local/etc along with some compat libs symlinks. The documentation sucks and is old. I'm trying to get all my notes together and write a mini HOWTO. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 14:30:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84]) by hub.freebsd.org (Postfix) with ESMTP id 939C837B403 for ; Mon, 27 Aug 2001 14:30:53 -0700 (PDT) (envelope-from jim@siteplus.net) Received: from veager.siteplus.net ([65.14.122.116]) by femail4.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010827213053.JUHM22658.femail4.sdc1.sfba.home.com@veager.siteplus.net>; Mon, 27 Aug 2001 14:30:53 -0700 Date: Mon, 27 Aug 2001 17:30:51 -0400 (EDT) From: Jim Weeks To: Nick Rogness Cc: bob@inu.net, Dave VanAuken , BSD-ISP Subject: Re: Apache with Frontpage patch or manual script alias In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 27 Aug 2001, Nick Rogness wrote: > I just built apache+ssl with mod_php, mysql, mod_perl, and FP > extensions...what a pain in the a$$. Nick, I installed this again about a month ago following a short tutorial I had written a while back. It went off without a hitch on a 4.3-STABLE (GENERIC) #0: Sat May 19 machine. I didn't include mod_perl, however this should be a simple matter. The only thing I did different was to use the latest FreeBSD version of frontpage. Other than that I did not deviate from the following. Date: Sun, 26 Nov 2000 14:44:46 -0500 (EST) From: Jim Weeks To: freebsd-isp@freebsd.org Cc: freebsd-ports@freebsd.org Subject: apache-ssl-php4-fp solution I will preface this by saying I am no authority in this field, but I have seen a few posts on this subject and hope this may help someone else in a simular situation. To the matter at hand. I had several production servers running 3.X-stable. All of these were running apache-ssl-php3-frontpage with php3 and frontpage compiled into the binary and ssl as DSO. This presented a problem in upgrading to php4. You may have noticed that there are a lot of new DSO modules in /usr/ports/www. The problem is that some, such as mod_ssl, are only available from RELENG_4, and seem to be 4.X dependent. After building Apache a *lot* of different ways, including from source, I have come to this conclusion. This task can be done easily with the ports collection, even for the 3.X platform. First, you must download and install the FreeBSD version of frontpage extensions into /usr/local. They may be found at, http://msdn.microsoft.com/workshop/languages/fp/2000/unixfpse.asp Now, we can easily adapt /usr/ports/www/apache13-modssl. This can be done by copying two files already present on the machine and making one entry in the Makefile. Php4 "/usr/ports/www/mod_php4" can be added after apache has been compiled. The first file: Copy the apache frontpage patch "fp-patch-apache_1.3.12" from /usr/local/frontpage/version4.0/apache-fp/ to /usr/ports/www/apache13-modssl/files/ and rename it patch-aj The second file: $ cd /usr/ports/www/apache13-modssl $ cp ../apache13-fp/files/mod_frontpage.c \ > files/mod_frontpage.c Edit the Makefile: Place "--add-module=mod_frontpage.c" near the bottom of the CONFIGURE_ARGS section. Mine looks like this. CONFIGURE_ARGS= --prefix=${PREFIX} \ --server-gid=nogroup \ --with-perl=${PERL} \ --with-layout=${FILESDIR}/FreeBSD.layout:FreeBSD \ --suexec-docroot=${PREFIX}/www/data \ --without-confadjust \ --enable-module=most \ --enable-module=auth_db \ --enable-module=mmap_static \ --disable-module=auth_dbm \ --enable-shared=max \ --enable-module=ssl \ --add-module=mod_frontpage.c \ --enable-module=define Finish up: $ make $ make certificate $ make install $ make clean $ cd ../mod_php4 $ make $ make install $ make clean Appropriate entries for enabling mod_php4 will automatically be added to httpd.conf when the module is built. You may need to add frontpage yourself. Just add "AddModule mod_frontpage.c" to the AddModule list. Good luck, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 14:50:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 2A56A37B40D for ; Mon, 27 Aug 2001 14:50:36 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f7RLoD557441; Mon, 27 Aug 2001 16:50:13 -0500 (CDT) (envelope-from nick@rogness.net) Date: Mon, 27 Aug 2001 16:50:12 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Jim Weeks Cc: bob@inu.net, Dave VanAuken , BSD-ISP Subject: Re: Apache with Frontpage patch or manual script alias In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 27 Aug 2001, Jim Weeks wrote: > > On Mon, 27 Aug 2001, Nick Rogness wrote: > > > I just built apache+ssl with mod_php, mysql, mod_perl, and FP > > extensions...what a pain in the a$$. > > Nick, > > I installed this again about a month ago following a short tutorial I > had written a while back. It went off without a hitch on a 4.3-STABLE > (GENERIC) #0: Sat May 19 machine. I didn't include mod_perl, however > this should be a simple matter. The only thing I did different was to > use the latest FreeBSD version of frontpage. Other than that I did > not deviate from the following. [snip] > > First, you must download and install the FreeBSD version of frontpage > extensions into /usr/local. They may be found at, > http://msdn.microsoft.com/workshop/languages/fp/2000/unixfpse.asp I installed frontpage98 ext's and this is were the hard part comes in. fp_install.sh was missing a compat library and was also looking for srm.conf & access.conf in /usr/local/etc among other idiotic things. The build of Apache went off without a hitch. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 15: 9:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id CF9C137B408 for ; Mon, 27 Aug 2001 15:09:33 -0700 (PDT) (envelope-from jeremy@cableaz.com) Received: from caz ([63.241.150.19]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id PAA11390 for ; Mon, 27 Aug 2001 15:06:18 -0700 Message-ID: <001701c12f44$e00cc760$1396f13f@caz> From: "Jeremy Buckner" To: Subject: html interface Date: Mon, 27 Aug 2001 15:09:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Can anyone recommend a simple html interface that would allow my customers to change there passwords on their mail accounts. I am running 4.3 with sendmail and qpopper and don't want them to have direct access to the box. Jeremy Buckner IT Administrator CableAmerica Corp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 16: 0: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aries.ai.net (aries.ai.net [205.134.163.4]) by hub.freebsd.org (Postfix) with ESMTP id A607A37B405; Mon, 27 Aug 2001 15:59:57 -0700 (PDT) (envelope-from deepak@ai.net) Received: from blood (pool-138-88-46-58.res.east.verizon.net [138.88.46.58]) by aries.ai.net (8.9.3/8.9.3) with SMTP id TAA02891; Mon, 27 Aug 2001 19:04:45 -0400 (EDT) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "FreeBSD-Questions" , "freebsd-isp@FreeBSD. ORG" Subject: Interesting Router Question Date: Mon, 27 Aug 2001 19:03:59 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0 and ti1]. At no point was bandwidth an issue. The router was under some kind of ICMP attack: For about 30 minutes: icmp-response bandwidth limit 96304/200 pps icmp-response bandwidth limit 97801/200 pps icmp-response bandwidth limit 97936/200 pps icmp-response bandwidth limit 97966/200 pps icmp-response bandwidth limit 98230/200 pps icmp-response bandwidth limit 97998/200 pps icmp-response bandwidth limit 98132/200 pps icmp-response bandwidth limit 98326/200 pps icmp-response bandwidth limit 98091/200 pps icmp-response bandwidth limit 87236/200 pps icmp-response bandwidth limit 85108/200 pps icmp-response bandwidth limit 84609/200 pps icmp-response bandwidth limit 86915/200 pps icmp-response bandwidth limit 88917/200 pps icmp-response bandwidth limit 88218/200 pps icmp-response bandwidth limit 72871/20000 pps icmp-response bandwidth limit 74934/20000 pps icmp-response bandwidth limit 74507/20000 pps icmp-response bandwidth limit 82928/20000 pps icmp-response bandwidth limit 75657/20000 pps The router is a dual 600mhz PIII and had a load average of about 0.2 peak during the entire event, but was running out of buffer space. A ping would return "No buffer space available". Performance became atrocious with high packet loss and latency, but completely buffer related. The mbuf settings are as follows: 1235/2640/67584 mbufs in use (current/peak/max): 1195 mbufs allocated to data 40 mbufs allocated to packet headers 592/1054/16896 mbuf clusters in use (current/peak/max) 2768 Kbytes allocated to network (5% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines sysctl settings: net.inet.ip.redirect: 0 net.local.stream.sendspace: 255360 net.local.stream.recvspace: 8192 net.inet.icmp.drop_redirect: 1 net.inet.icmp.log_redirect: 1 net.inet.icmp.bmcastecho: 0 net.inet.tcp.sendspace: 524288 net.inet.tcp.recvspace: 524288 net.inet.udp.recvspace: 524288 What settings need to be tweaked to allow more ICMP-related buffers to allow the system's CPU to discard packets normally. ipfw didn't help or hurt this performance [i.e., blocking ICMPs or not] same result. The solution was to install an ICMP filter on the Cisco feeding this customer. Under normal circumstances, this is what a netstat -i 1 returns: input (Total) output packets errs bytes packets errs bytes colls 43001 0 12845737 42965 0 12715776 0 42589 0 12426503 42624 0 12299112 0 42485 0 12804047 42409 0 12675087 0 42059 0 12324347 42060 0 12197342 0 42989 0 13004977 42985 0 12875017 0 42331 0 12608670 42353 0 12481620 0 42327 0 12941571 42252 0 12815136 0 42435 0 12414956 42451 0 12288774 0 43408 0 13065007 43369 0 12932819 0 42849 0 12649420 42853 0 12521309 0 42328 0 12918886 42349 0 12788549 0 44085 0 13469072 44009 0 13337215 0 47849 0 14434350 47686 0 14272423 0 Thanks for any assistance, Deepak Jain AiNET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 18:39:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id E439737B401; Mon, 27 Aug 2001 18:39:13 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 15bXUf-00025J-00; Mon, 27 Aug 2001 18:16:41 -0700 Date: Mon, 27 Aug 2001 18:16:39 -0700 (PDT) From: Tom Samplonius To: Deepak Jain Cc: FreeBSD-Questions , "freebsd-isp@FreeBSD. ORG" Subject: Re: Interesting Router Question In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 27 Aug 2001, Deepak Jain wrote: > The router was under some kind of ICMP attack: > > For about 30 minutes: > icmp-response bandwidth limit 96304/200 pps ... Looks like multiple attempts to open ports that have nothing listening. An aggressive port scan will do that. So will shutting Apache down while lots of people are hitting your web site. > The router is a dual 600mhz PIII and had a load average of about 0.2 peak > during the entire event, but was running out of buffer space. A ping would > return "No buffer space available". Performance became atrocious with high > packet loss and latency, but completely buffer related. You need more buffer space then. > The mbuf settings are as follows: > > 1235/2640/67584 mbufs in use (current/peak/max): > 1195 mbufs allocated to data > 40 mbufs allocated to packet headers > 592/1054/16896 mbuf clusters in use (current/peak/max) > 2768 Kbytes allocated to network (5% of mb_map in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines I assume this after a reboot, not directly after or during the attack, as none of the maximums have been hit. You should double your mbuf clusters. ... > What settings need to be tweaked to allow more ICMP-related buffers to allow > the system's CPU to discard packets normally. ipfw didn't help or hurt this > performance [i.e., blocking ICMPs or not] same result. > > The solution was to install an ICMP filter on the Cisco feeding this > customer. You need to find out what ports the traffic was directed at, and stop that. You can also have FreeBSD ignore open packets to unused ports. You could use ipfw to block traffic directed at the system's own interfaces. That will probably fix the problem entirely. Since it is only routing, it should not receive traffic destined to its own IPs from outside the network. I'm not convinced that the ICMP filter on the Cisco actually helped. The site might be under several kinds of attacks, but what you've shown is that the server is sending ICMP, not receiving. > > Under normal circumstances, this is what a netstat -i 1 returns: > > input (Total) output > packets errs bytes packets errs bytes colls > 43001 0 12845737 42965 0 12715776 0 > 42589 0 12426503 42624 0 12299112 0 > 42485 0 12804047 42409 0 12675087 0 > 42059 0 12324347 42060 0 12197342 0 > 42989 0 13004977 42985 0 12875017 0 > 42331 0 12608670 42353 0 12481620 0 > 42327 0 12941571 42252 0 12815136 0 > 42435 0 12414956 42451 0 12288774 0 > 43408 0 13065007 43369 0 12932819 0 > 42849 0 12649420 42853 0 12521309 0 > 42328 0 12918886 42349 0 12788549 0 > 44085 0 13469072 44009 0 13337215 0 > 47849 0 14434350 47686 0 14272423 0 > > Thanks for any assistance, > > Deepak Jain > AiNET Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 22: 3:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from fepE.post.tele.dk (fepE.post.tele.dk [195.41.46.137]) by hub.freebsd.org (Postfix) with ESMTP id 67EB737B40A for ; Mon, 27 Aug 2001 22:03:09 -0700 (PDT) (envelope-from leifn@neland.dk) Received: from arnold.neland.dk ([62.243.124.171]) by fepE.post.tele.dk (InterMail vM.4.01.03.21 201-229-121-121-20010307) with ESMTP id <20010828050308.TUSR13589.fepE.post.tele.dk@arnold.neland.dk> for ; Tue, 28 Aug 2001 07:03:08 +0200 Received: from gina ([192.168.5.109]) by arnold.neland.dk (8.11.5/8.11.5) with SMTP id f7S54Be24215 for ; Tue, 28 Aug 2001 07:04:12 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <09a601c12f7e$b7940340$6d05a8c0@neland.dk> From: "Leif Neland" To: Subject: fp2002 missing fpsrvadm.exe Date: Tue, 28 Aug 2001 07:03:02 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For some strange reason fp50 doesn't have fpsrvadm.exe, but owsadm.exe, which appearently does the same thing, but with other command-line options. It looks like a wrapper around owsadm.exe can be written, so scripts etc can work with fp5 the same way as with fp4, without having to be rewritten. Before I try to write that wrapper, I wonder if anybody else has done that? Leif --- http://members.ud.com/services/teams/team.htm?id=C47FB770-0A0A-452B-88 51-874646C2B375 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 22:45:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id E1DCE37B401; Mon, 27 Aug 2001 22:45:39 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id cqmcaaaa for ; Tue, 28 Aug 2001 15:44:50 +1000 Message-ID: <3B8B30DF.CE0DD233@quake.com.au> Date: Tue, 28 Aug 2001 15:49:19 +1000 From: Kal Torak X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: deepak@ai.net Cc: FreeBSD-Questions , "freebsd-isp@FreeBSD. ORG" Subject: Re: Interesting Router Question References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Deepak Jain wrote: > > We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0 > and ti1]. At no point was bandwidth an issue. > > The router was under some kind of ICMP attack: > > For about 30 minutes: > icmp-response bandwidth limit 96304/200 pps > icmp-response bandwidth limit 97801/200 pps > icmp-response bandwidth limit 97936/200 pps > icmp-response bandwidth limit 97966/200 pps > icmp-response bandwidth limit 98230/200 pps ...snip... No, this is showing that your router was generating a lot of icmp packets, and your kernel was limiting the amount of responses to save bandwidth... You were probably under attack though, it could of been a ping flood or anything that causes your system to reply with icmp packets... Since filtering out icmp packets on the cisco helped it could of been a simple ping flood, since that would of stoped the icmp echo requests from reaching the server... But it also could of been a number of other things... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Aug 27 23:52:14 2001 Delivered-To: freebsd-isp@freebsd.org Received: from xor.aubonne.virtua.ch (virtua.sefanet.ch [195.202.225.253]) by hub.freebsd.org (Postfix) with ESMTP id 0AE1637B405 for ; Mon, 27 Aug 2001 23:52:09 -0700 (PDT) (envelope-from marcel-lists@virtua.ch) Received: from RATAMIAOU (RATAMIAOU.aubonne.virtua.ch [192.168.1.127]) by xor.aubonne.virtua.ch (8.9.3/8.8.7) with SMTP id IAA26775 for ; Tue, 28 Aug 2001 08:52:13 +0200 Message-ID: <003301c12f8d$e4e59570$7f01a8c0@gastroleader.com> From: "Marcel Prisi" To: "BSD-ISP" References: Subject: Re: Apache with Frontpage patch or manual script alias Date: Tue, 28 Aug 2001 08:51:41 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For those that need a better mod_frontpage (improved security) just have a look at : http://home.edo.uni-dortmund.de/~chripo It replaces M$'s patch and provides much better security by doing many checks before actually running the extensions, it works with suEXEC, and even contains an HOW-TO for getting ssl+php4+php3+improved_frontpage ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Aug 28 14:18:50 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aries.ai.net (aries.ai.net [205.134.163.4]) by hub.freebsd.org (Postfix) with ESMTP id 4D55237B403; Tue, 28 Aug 2001 14:18:34 -0700 (PDT) (envelope-from deepak@ai.net) Received: from blood (pool-138-88-45-161.res.east.verizon.net [138.88.45.161]) by aries.ai.net (8.9.3/8.9.3) with SMTP id RAA15488; Tue, 28 Aug 2001 17:21:42 -0400 (EDT) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "Tom Samplonius" Cc: "FreeBSD-Questions" , "freebsd-isp@FreeBSD. ORG" Subject: RE: Interesting Router Question Date: Tue, 28 Aug 2001 17:20:41 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks for the response - The MBUFs, during the attack, were never maxed. If they were, it would have been a simple matter to address the problem. Watching the netstat -i on the customer router showed an INSTANT return to normal behavior within seconds of applying the list on the Cisco. The cisco was trapping 4000 icmps per second. This router does not run Apache and has normally nothing to pay attention to other than routing. All packets through the box were seeing send-buffer exhaustion. Even when the threshold for responses went up, the problem did not leave and the MBUF situation did not report a difference. Thanks for the input, Deepak Jain AiNET -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Tom Samplonius Sent: Monday, August 27, 2001 9:17 PM To: Deepak Jain Cc: FreeBSD-Questions; freebsd-isp@FreeBSD. ORG Subject: Re: Interesting Router Question On Mon, 27 Aug 2001, Deepak Jain wrote: > The router was under some kind of ICMP attack: > > For about 30 minutes: > icmp-response bandwidth limit 96304/200 pps ... Looks like multiple attempts to open ports that have nothing listening. An aggressive port scan will do that. So will shutting Apache down while lots of people are hitting your web site. > The router is a dual 600mhz PIII and had a load average of about 0.2 peak > during the entire event, but was running out of buffer space. A ping would > return "No buffer space available". Performance became atrocious with high > packet loss and latency, but completely buffer related. You need more buffer space then. > The mbuf settings are as follows: > > 1235/2640/67584 mbufs in use (current/peak/max): > 1195 mbufs allocated to data > 40 mbufs allocated to packet headers > 592/1054/16896 mbuf clusters in use (current/peak/max) > 2768 Kbytes allocated to network (5% of mb_map in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines I assume this after a reboot, not directly after or during the attack, as none of the maximums have been hit. You should double your mbuf clusters. ... > What settings need to be tweaked to allow more ICMP-related buffers to allow > the system's CPU to discard packets normally. ipfw didn't help or hurt this > performance [i.e., blocking ICMPs or not] same result. > > The solution was to install an ICMP filter on the Cisco feeding this > customer. You need to find out what ports the traffic was directed at, and stop that. You can also have FreeBSD ignore open packets to unused ports. You could use ipfw to block traffic directed at the system's own interfaces. That will probably fix the problem entirely. Since it is only routing, it should not receive traffic destined to its own IPs from outside the network. I'm not convinced that the ICMP filter on the Cisco actually helped. The site might be under several kinds of attacks, but what you've shown is that the server is sending ICMP, not receiving. > > Under normal circumstances, this is what a netstat -i 1 returns: > > input (Total) output > packets errs bytes packets errs bytes colls > 43001 0 12845737 42965 0 12715776 0 > 42589 0 12426503 42624 0 12299112 0 > 42485 0 12804047 42409 0 12675087 0 > 42059 0 12324347 42060 0 12197342 0 > 42989 0 13004977 42985 0 12875017 0 > 42331 0 12608670 42353 0 12481620 0 > 42327 0 12941571 42252 0 12815136 0 > 42435 0 12414956 42451 0 12288774 0 > 43408 0 13065007 43369 0 12932819 0 > 42849 0 12649420 42853 0 12521309 0 > 42328 0 12918886 42349 0 12788549 0 > 44085 0 13469072 44009 0 13337215 0 > 47849 0 14434350 47686 0 14272423 0 > > Thanks for any assistance, > > Deepak Jain > AiNET Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 11:38:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-r07.mx.aol.com (imo-r07.mx.aol.com [152.163.225.103]) by hub.freebsd.org (Postfix) with ESMTP id 2C11937B405 for ; Wed, 29 Aug 2001 11:38:34 -0700 (PDT) (envelope-from Bsdguru@aol.com) Received: from Bsdguru@aol.com by imo-r07.mx.aol.com (mail_out_v31_r1.4.) id n.33.1a2ac595 (4413) for ; Wed, 29 Aug 2001 14:38:27 -0400 (EDT) From: Bsdguru@aol.com Message-ID: <33.1a2ac595.28be90a3@aol.com> Date: Wed, 29 Aug 2001 14:38:27 EDT Subject: Motherboards for standard 1U cases To: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anyone using any P3 or P4 ATX in standard 1U cases? It seems that many of them have an agp slot where the pci riser wants to be. We've rejected Tyan as a vendor, so any others would be appreciated. Bryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 13:19: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id 13AC837B406 for ; Wed, 29 Aug 2001 13:18:57 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f7TKItm09890 for ; Wed, 29 Aug 2001 14:18:56 -0600 (MDT) From: "Dave VanAuken" To: Subject: shell script or command line for user/group quota Date: Wed, 29 Aug 2001 16:16:40 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anyone have a ready made script for adding and modifying user/group quotas... would like to automate this rather than popping into vi each time Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 13:29:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hex.databits.net (hex.databits.net [207.29.192.16]) by hub.freebsd.org (Postfix) with SMTP id 5157337B405 for ; Wed, 29 Aug 2001 13:29:31 -0700 (PDT) (envelope-from petef@hex.databits.net) Received: (qmail 7439 invoked by uid 1001); 29 Aug 2001 20:29:30 -0000 Date: Wed, 29 Aug 2001 16:29:30 -0400 From: Pete Fritchman To: Dave VanAuken Cc: isp@FreeBSD.ORG Subject: Re: shell script or command line for user/group quota Message-ID: <20010829162930.F2491@databits.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from dave@hawk-systems.com on Wed, Aug 29, 2001 at 04:16:40PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ++ 29/08/01 16:16 -0400 - Dave VanAuken: | Anyone have a ready made script for adding and modifying user/group quotas... | would like to automate this rather than popping into vi each time /usr/ports/sysutils/setquota -pete -- Pete Fritchman finger petef@databits.net for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 13:44: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cableaz.com (mail.cableaz.com [63.241.154.20]) by hub.freebsd.org (Postfix) with ESMTP id 54D4F37B401 for ; Wed, 29 Aug 2001 13:44:01 -0700 (PDT) (envelope-from jeremy@cableaz.com) Received: from caz ([63.241.150.19]) by mail.cableaz.com (Build 101 8.9.3/NT-8.9.3) with SMTP id NAA00843; Wed, 29 Aug 2001 13:40:34 -0700 Message-ID: <002701c130cb$3cd87e80$1396f13f@caz> From: "Jeremy Buckner" To: Cc: References: <20010829162930.F2491@databits.net> Subject: Re: shell script or command line for user/group quota Date: Wed, 29 Aug 2001 13:43:08 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dave, not to make this more complicated than it needs to be, but there is a really slick interface called Webmin www.webmin.com that I was turned on to a while ago. It allows you to control most all of the services (and access to those services from other admins) running on your machine via an html interface. I mention it cause it's cool and also cause you can edit your quotas with it too. Hope this helps some.. Jeremy Buckner IT Administrator CableAmerica Corp. ----- Original Message ----- From: "Pete Fritchman" To: "Dave VanAuken" Cc: Sent: Wednesday, August 29, 2001 1:29 PM Subject: Re: shell script or command line for user/group quota > ++ 29/08/01 16:16 -0400 - Dave VanAuken: > | Anyone have a ready made script for adding and modifying user/group quotas... > | would like to automate this rather than popping into vi each time > > /usr/ports/sysutils/setquota > > -pete > > -- > Pete Fritchman > finger petef@databits.net for PGP key > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 14:25:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id B04F637B401 for ; Wed, 29 Aug 2001 14:25:37 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f7TLPaT21166; Wed, 29 Aug 2001 15:25:37 -0600 (MDT) From: dave@hawk-systems.com (Dave) To: "Pete Fritchman" Cc: Subject: RE: shell script or command line for user/group quota Date: Wed, 29 Aug 2001 17:23:22 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20010829162930.F2491@databits.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Pete, Sweet... just what the doctor ordered. Installed and tested in about 3 min... perfect. Dave >Subject: Re: shell script or command line for user/group quota >| Anyone have a ready made script for adding and modifying user/group quotas... >| would like to automate this rather than popping into vi each time > >/usr/ports/sysutils/setquota > >-pete To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 14:25:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk-systems.com (hawk-systems.com [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id ECDCF37B405 for ; Wed, 29 Aug 2001 14:25:38 -0700 (PDT) (envelope-from dave@hawk-systems.com) Received: from WS1 (ws1.nexusinternetsolutions.net [204.50.158.15]) by hawk-systems.com (8.11.2) id f7TLPbT21170; Wed, 29 Aug 2001 15:25:37 -0600 (MDT) From: dave@hawk-systems.com (Dave) To: "Jeremy Buckner" Cc: Subject: RE: shell script or command line for user/group quota Date: Wed, 29 Aug 2001 17:23:22 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <002701c130cb$3cd87e80$1396f13f@caz> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Have looked at it in the past, and it isn't all that bad if you are looking for a whole wack of stuff. Little too much overhead for us, as we have our systems already integrated to the max with custom interfaces. Pete's direction towards /usr/ports/sysutils/setquota was along the lines of what I was looking for. Thanks though Dave >From: Jeremy Buckner [mailto:jeremy@cableaz.com] >Subject: Re: shell script or command line for user/group quota >Dave, not to make this more complicated than it needs to be, >but there is a really slick interface called Webmin >www.webmin.com that I was turned on to a while ago. It >allows you to control most all of the services (and access >to those services from other admins) running on your machine >via an html interface. I mention it cause it's cool and also >cause you can edit your quotas with it too. Hope this helps >some.. >> | Anyone have a ready made script for adding and modifying >user/group quotas... >> | would like to automate this rather than popping into vi >each time To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 15:51:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tgd.net (rand.tgd.net [64.81.67.117]) by hub.freebsd.org (Postfix) with SMTP id 014D737B403 for ; Wed, 29 Aug 2001 15:51:25 -0700 (PDT) (envelope-from sean@mailhost.tgd.net) Received: (qmail 3036 invoked by uid 1001); 29 Aug 2001 22:51:20 -0000 Date: Wed, 29 Aug 2001 15:51:20 -0700 From: Sean Chittenden To: freebsd-net@freebsd.org, freebsd-isp@freebsd.org Subject: [yairamir@cnds.jhu.edu: [mls-users] Wackamole Release Announcement: N-Way Fail Over for IP addresses in a Cluster] Message-ID: <20010829155120.D2679@rand.tgd.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kjpMrWxdCilgNbo1" Content-Disposition: inline X-PGP-Key: 0x1EDDFAAD X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --kjpMrWxdCilgNbo1 Content-Type: multipart/mixed; boundary="E7i4zwmWs5DOuDSH" Content-Disposition: inline --E7i4zwmWs5DOuDSH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I think enough of you guys would have an interest in this. The=20 guys at CNDS do some really nifty stuff: worth checking out. -sc --=20 Sean Chittenden --E7i4zwmWs5DOuDSH Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Delivered-To: chittenden.org-sean-apache-mls-users@chittenden.org Received: (qmail 2888 invoked from network); 29 Aug 2001 22:30:24 -0000 Received: from longsword.omniti.com (216.0.51.134) by perrin.tgd.net with SMTP; 29 Aug 2001 22:30:24 -0000 Received: from localhost ([127.0.0.1] helo=longsword.omniti.com ident=exim) by longsword.omniti.com with esmtp (Exim 3.22 #2) id 15cDqM-0003pE-00; Wed, 29 Aug 2001 18:29:54 -0400 Received: from [128.220.231.250] (helo=commedia.cnds.jhu.edu ident=exim) by longsword.omniti.com with esmtp (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.22 #2) id 15cDqL-0003p7-00 for mls-users@lists.backhand.org; Wed, 29 Aug 2001 18:29:54 -0400 Received: from scout-6.cnds.jhu.edu ([128.220.221.226] helo=cnds.jhu.edu) by commedia.cnds.jhu.edu with asmtp (Exim 3.22 #8) id 15cDqL-0006O0-00 for mls-users@lists.backhand.org; Wed, 29 Aug 2001 18:29:53 -0400 Message-ID: <3B8D6EE9.13B18D63@cnds.jhu.edu> Date: Wed, 29 Aug 2001 18:38:33 -0400 From: Yair Amir Reply-To: yairamir@cnds.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: mls-users@lists.backhand.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: [mls-users] Wackamole Release Announcement: N-Way Fail Over for IP addresses in a Cluster Sender: mls-users-admin@lists.backhand.org Errors-To: mls-users-admin@lists.backhand.org X-BeenThere: mls-users@lists.backhand.org X-Mailman-Version: 2.0beta2 Precedence: bulk List-Id: mod_log_spread -- users list Hi, We at the Center for Networking and Distributed Systems at Johns Hopkins University (http://www.cnds.jhu.edu) are happy to announce the release of Wackamole, a software tool that provides N-Way Fail Over for IP Addresses in a cluster. It is available here: http://www.backhand.org/wackamole/ and is released under the CNDS open source license http://www.backhand.org/wackamole/LICENSE.shtml which is essentially a version of BSD license with a somewhat stronger advertising requirement. Wackamole is a tool that helps with making a cluster highly available. It manages a bunch of virtual IPs that should be available to the outside world at all times. Wackamole ensures that exactly one machine within the cluster is listening on each virtual IP address that Wackamole manages. If it discovers that particular machines within the cluster are not alive, it will almost immediately ensure that other machines acquire the virtual IP addresses the down machines were managing. At no time will more than one connected machine be responsible for any virtual IP. Wackamole also works toward achieving a balanced distribution of the public IPs within the cluster it manages. How it works: Wackamole runs as root on each of the cluster's machines. It uses the membership notifications provided by the Spread Toolkit (http://www.spread.org, also available under a similar license) to generate a consistent state that is agreed upon among all of the connected Wackamole instances. Wackamole uses this knowledge to ensure that all of the public IP addresses served by the cluster will be covered by exactly one Wackamole instance. Wackamole is the newest component in the Backhand project (http://www.backhand.org), adding to its predecessors mod_backhand and mod_log_spread. For questions or comments - e-mail wackamole@backhand.org Best regards, :) Yair. http://www.cnds.jhu.edu _______________________________________________ mls-users mailing list mls-users@lists.backhand.org http://lists.backhand.org/mailman/listinfo/mls-users --E7i4zwmWs5DOuDSH-- --kjpMrWxdCilgNbo1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iEYEARECAAYFAjuNcecACgkQn09c7x7d+q1DhACdHdrMHFMKLky5UBAakxl7b+ta 2SsAn2d/9sFuoLoV2UHGzcXqAIBqs5TT =2dNF -----END PGP SIGNATURE----- --kjpMrWxdCilgNbo1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Aug 29 20:39:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cx175057-a.ocnsd1.sdca.home.com (cx175057-a.ocnsd1.sdca.home.com [24.13.23.40]) by hub.freebsd.org (Postfix) with ESMTP id 7C6E637B405 for ; Wed, 29 Aug 2001 20:39:49 -0700 (PDT) (envelope-from bri@sonicboom.org) Received: from localhost (bri@localhost) by cx175057-a.ocnsd1.sdca.home.com (8.11.3/8.11.3) with ESMTP id f7U3erL37284 for ; Wed, 29 Aug 2001 20:40:53 -0700 (PDT) (envelope-from bri@sonicboom.org) Date: Wed, 29 Aug 2001 20:40:53 -0700 (PDT) From: Brian Whalen X-X-Sender: To: Subject: sendmail date Message-ID: <20010829203915.F36979-100000@cx175057-a.ocnsd1.sdca.home.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It really ticks me off when people send me email with a grossly incorrect date/time stamp. It totally screws up pine. Is there a way to have sendmail restamp that?? Brian "Sonic" Whalen Success = Preparation + Opportunity To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Aug 30 23:13:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from postal.admin.gil.com.au (postal.admin.gil.com.au [202.47.47.23]) by hub.freebsd.org (Postfix) with ESMTP id B36A137B408 for ; Thu, 30 Aug 2001 23:13:19 -0700 (PDT) (envelope-from GHollings@admin.gil.com.au) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: Broken SU X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Date: Fri, 31 Aug 2001 15:35:36 +1000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Broken SU Thread-Index: AcEx2rJjOYQEmwOORHiJAnE8VJsKawABAgdA From: "Glen Hollings" To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Has anyone ever experenced a broken SU command? I cant seem to SU to root when logged in as any 'normal' user.... eg normuser@bsdbox normuser]$su -m Password: (stalls after this) Or if I put in the wrong password normuser@bsdbox normuser]$su -m Password: Sorry (stalls after this) it does this... putting sshd into debug mode doesnt seem to reveal anything of use.. Here is an strace output of an attempted su: $strace su execve("/usr/bin/su", ["su"], [/* 20 vars */]) =3D 0 __sysctl([hw.pagesize], 2, "\0\20\0\0", [4], NULL, 0) =3D 0 mmap(0, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =3D 0x4005e000 geteuid(0xbfbffc1c) =3D 0 getuid() =3D 1002 (euid 0) open("/var/run/ld-elf.so.hints", O_RDONLY) =3D 3 read(3, "Ehnt\1\0\0\0\200\0\0\0(\0\0\0\0\0\0\0\'\0\0\0\0\0\0\0\0"..., = 128) =3D 128 lseek(3, 128, SEEK_SET) =3D 128 read(3, "/usr/lib:/usr/lib/compat:/usr/lo"..., 40) =3D 40 close(3) =3D 0 access("/usr/lib/libutil.so.3", F_OK) =3D 0 open("/usr/lib/libutil.so.3", O_RDONLY) =3D 3 fstat(3, {st_mode=3DS_IFREG|0444, st_size=3D32848, ...}) =3D 0 read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0h#\0\000"..., = 4096) =3D 4096 mmap(0, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =3D 0x40066000 mmap(0x4006e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7000) =3D 0x4006e000 close(3) =3D 0 access("/usr/lib/libskey.so.2", F_OK) =3D 0 open("/usr/lib/libskey.so.2", O_RDONLY) =3D 3 fstat(3, {st_mode=3DS_IFREG|0444, st_size=3D24252, ...}) =3D 0 read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0008\23\0"..., = 4096) =3D 4096 mmap(0, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =3D 0x4006f000 mmap(0x40073000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) =3D 0x40073000 close(3) =3D 0 access("/usr/lib/libmd.so.2", F_OK) =3D 0 open("/usr/lib/libmd.so.2", O_RDONLY) =3D 3 fstat(3, {st_mode=3DS_IFREG|0444, st_size=3D34272, ...}) =3D 0 read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\000"..., = 4096) =3D 4096 mmap(0, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =3D 0x40076000 mmap(0x4007e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7000) =3D 0x4007e000 close(3) =3D 0 access("/usr/lib/libcrypt.so.2", F_OK) =3D 0 open("/usr/lib/libcrypt.so.2", O_RDONLY) =3D 3 fstat(3, {st_mode=3DS_IFREG|0444, st_size=3D28588, ...}) =3D 0 read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\16"..., = 4096) =3D 4096 mmap(0, 102400, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =3D 0x4007f000 mmap(0x40086000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) =3D 0x40086000 mmap(0x40087000, 69632, PROT_READ|PROT_WRITE, = MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) =3D 0x40087000 close(3) =3D 0 access("/usr/lib/libc.so.4", F_OK) =3D 0 open("/usr/lib/libc.so.4", O_RDONLY) =3D 3 fstat(3, {st_mode=3DS_IFREG|0444, st_size=3D572588, ...}) =3D 0 read(3, "\177ELF\1\1\1\t\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\314-\1"..., = 4096) =3D 4096 mmap(0, 622592, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =3D 0x40098000 mmap(0x40118000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7f000) =3D 0x40118000 mmap(0x4011c000, 81920, PROT_READ|PROT_WRITE, = MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) =3D 0x4011c000 close(3) =3D 0 access("/usr/lib/libcrypt.so.2", F_OK) =3D 0 access("/usr/lib/libmd.so.2", F_OK) =3D 0 sigaction(SIGILL, {0x4004f0fc, [], 0}, {SIG_DFL}) =3D 0 sigprocmask(SIG_BLOCK, NULL, []) =3D 0 sigaction(SIGILL, {SIG_DFL}, NULL) =3D 0 sigprocmask(SIG_BLOCK, ~[ILL TRAP ABRT EMT FPE BUS SEGV SYS], []) =3D 0 sigprocmask(SIG_SETMASK, [], NULL) =3D 0 readlink("/etc/malloc.conf", 0xbfbff6f4, 63) =3D -1 ENOENT (No such file = or directory) mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) =3D = 0x40130000 break(0x804d000) =3D 0 getpriority(PRIO_PROCESS, 0) =3D 0 setpriority(PRIO_PROCESS, 0, -2) =3D 0 getuid() =3D 1002 (euid 0) getlogin(0x401203f8, 0x11) =3D 0 geteuid(0x4011b304) =3D 0 break(0x804e000) =3D 0 stat("/etc/spwd.db", {st_mode=3DS_IFREG|0600, st_size=3D40960, ...}) =3D = 0 open("/etc/spwd.db", O_RDONLY) =3D 3 fcntl(3, F_SETFD, FD_CLOEXEC) =3D 0 read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"..., = 260) =3D 260 break(0x804f000) =3D 0 break(0x8050000) =3D 0 break(0x8051000) =3D 0 lseek(3, 28672, SEEK_SET) =3D 28672 read(3, "\30\0\373\17\302\17\275\17r\17l\17$\17\37\17\344\16\337"..., = 4096) =3D 4096 break(0x8052000) =3D 0 close(3) =3D 0 geteuid(0x4011b304) =3D 0 stat("/etc/spwd.db", {st_mode=3DS_IFREG|0600, st_size=3D40960, ...}) =3D = 0 open("/etc/spwd.db", O_RDONLY) =3D 3 fcntl(3, F_SETFD, FD_CLOEXEC) =3D 0 read(3, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"..., = 260) =3D 260 break(0x8053000) =3D 0 lseek(3, 24576, SEEK_SET) =3D 24576 read(3, "\26\0\373\17\301\17\272\17i\17d\17\23\17\n\17\321\16\314"..., = 4096) =3D 4096 close(3) =3D 0 geteuid(0x4006e3bc) =3D 0 getegid(0x4006e3bc) =3D 1002 setegid(0Password: anyone have any ideas?? please! Thanks ********************************************** *Glen Hollings | There Cant Be * *Network Administrator | a Crisis Today,* *Global Info Links | my schedule is * *ghollings@admin.gil.com.au | already full. * ********************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 1 17: 0:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailout02.sul.t-online.de (mailout02.sul.t-online.com [194.25.134.17]) by hub.freebsd.org (Postfix) with ESMTP id 0B0F637B409 for ; Sat, 1 Sep 2001 17:00:19 -0700 (PDT) Received: from fwd04.sul.t-online.de by mailout02.sul.t-online.de with smtp id 15dKgU-0006sE-01; Sun, 02 Sep 2001 02:00:18 +0200 Received: from asterix.local (320080844193-0001@[217.80.84.73]) by fmrl04.sul.t-online.com with smtp id 15dKgR-06OFTUC; Sun, 2 Sep 2001 02:00:15 +0200 Received: (qmail 1110 invoked from network); 2 Sep 2001 00:00:14 -0000 Received: from homer.local (HELO homer.local.nlocal) (192.168.1.50) by 0 with SMTP; 2 Sep 2001 00:00:14 -0000 Received: (nullmailer pid 4296 invoked by uid 1100); Sun, 02 Sep 2001 00:00:14 -0000 Date: Sun, 2 Sep 2001 02:00:14 +0200 From: Clemens Hermann To: BSD-ISP Subject: Domain Report Message-ID: <20010902020013.A4209@homer.local> Mail-Followup-To: Clemens Hermann , BSD-ISP Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Mailer: Mutt 1.2.5i (FreeBSD 4.3-RELEASE i386) Organization: Linuxlupe InternetSolutions X-Sender: 320080844193-0001@t-dialin.net Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm looking for a script or the like which takes a list of domains as input and then queries the according whois-servers for the different TLD's the domains contain and finally presents a table with the first name / last name of the admin-c of each domain. Is there something like this around or some perl subs etc. which might help? tia /ch -- "Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 1 18:37: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pendragon.tacni.net (mail.tacni.net [216.178.136.165]) by hub.freebsd.org (Postfix) with SMTP id C135B37B40E for ; Sat, 1 Sep 2001 18:37:05 -0700 (PDT) Received: (qmail 95926 invoked by alias); 2 Sep 2001 01:37:05 -0000 Received: from unknown (HELO tacni.com) (216.201.173.186) by pendragon.tacni.net with SMTP; 2 Sep 2001 01:37:05 -0000 Message-ID: <3B918D3F.26ADF8A6@tacni.com> Date: Sat, 01 Sep 2001 20:37:03 -0500 From: Tom ONeil Organization: Texas American Communications Network Inc. X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Clemens Hermann Cc: BSD-ISP Subject: Re: Domain Report References: <20010902020013.A4209@homer.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brute force method; for i in `cat $DOMAINLIST.COM` do whois $i | egrep 'Ad|Te|Bi|.com' >>$i.contact sleep 5 # Without this the registrars will bounce your requests done cat *.contact >>ALL.contacts Tom Clemens Hermann wrote: > > Hi, > > I'm looking for a script or the like which takes a list of domains as > input and then queries the according whois-servers for the different > TLD's the domains contain and finally presents a table with the first > name / last name of the admin-c of each domain. > Is there something like this around or some perl subs etc. which might > help? > > tia > > /ch > > -- > "Contrary to popular belief, Unix is user friendly. > It just happens to be selective about who it makes friends with." > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Thomas J. ONeil tom.oneil@tacni.com http://www.tacni.net "National Power, Local Presence" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message