Archive for Uncategorized

Problems with DNS

Edouard HINVI asked:

I’m in charge of the admin of the VPS of the company I’m working. Basically, those VPS host our websites and also serve as name servers for the domain names we purchased. To manage all this, I’m using ISPConfig 3 on Linux debian Wheezy machines.

The problem is that we purchased some domain names at our registrar and asked him to point those names to our VPS. Then on the VPS, with the help of ISPConfig I added the zones for each purchased domain, mentioning the host name of our registrar’s name servers. But the domain name is not working. When I try to ping after setup, I get : “unknown host etaxe.bj” error (one of the domain names is etaxe.bj). The registrar confirmed that he pointed the domain name to my VPS IP address. So the problem may be at my side. As I’m very newbie in managing DNS zone, I’d like to know what I can do to first find where is the problem and try to solve it. How to troubleshoot DNS zone issues ? If anyone could help me, I’d really appreciate.

Best regards,

Edouard.


I answered:

The nameservers for your domain are not valid.

Currently they are set to:

Name Server: ns1.hesystems.group.com
Name Server: ns2.hesystems.group.com

But neither of these actually exists.

$ host ns1.hesystems.group.com
Host ns1.hesystems.group.com not found: 3(NXDOMAIN)
$ host ns2.hesystems.group.com
Host ns2.hesystems.group.com not found: 3(NXDOMAIN)

You need to set these correctly at your registrar.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

date and hwclock not in sync – why

Noob asked:

I am in GMT+8 Singapore

[root@SJOAM ~]# hwclock -r
Thu 30 Jul 2015 02:10:14 AM SGT  -0.469446 seconds
[root@SJOAM ~]# date
Thu Jul 30 10:11:28 SGT 2015

[root@SJOAM ~]# cat /etc/sysconfig/clock 
# The time zone of the system is defined by the contents of /etc/localtime.
# This file is only for evaluation by system-config-date, do not rely on its
# contents elsewhere.
ZONE="Asia/Singapore"

[root@SJOAM ~]# ls -l /etc/localtime 
-rw-r--r--. 3 root root 402 Apr 29 02:48 /etc/localtime
[root@SJOAM ~]# cat /etc/localtime 
T�����gN�
�`ʳ�`ˑ�Hm���M��a]bpg    g ix~�ixp�SMTMALTMALSTJSTSGTTZif2       ����~6S��������������gN�����
gi~�ixp�LMTSMTMALTMALSTJSTSGTa]a]bg 
SGT-8

hwclock is showing the correct time, but date is always +8 hours more.
I tried setting hwclock to system by issuing

hwclock -s
[root@SJOAM ~]# hwclock -s
[root@SJOAM ~]# date
Thu Jul 30 02:14:32 SGT 2015
[root@SJOAM ~]# hwclock
Thu 30 Jul 2015 02:14:36 AM SGT  -0.406676 seconds

, but everytime after reboot, the time is incorrect again

[root@SJOAM ~]# date
Thu Jul 30 10:25:27 SGT 2015
[root@SJOAM ~]# hwclock -r
Thu 30 Jul 2015 02:24:18 AM SGT  -0.969146 seconds

I answered:

Your hardware clock should be storing UTC time, but you forgot to use the -u option to tell hwclock this. For example,

hwclock -ru

Resetting the date and then running

hwclock -su

will resolve the problem.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Is smart hosting to an A record a violation of RFC-5321 section 1?

Mike B asked:

I have a sendmail server configured to smarthost to a downstream resource. The configuration is currently:

define(`SMART_HOST',`relay:[vip.example.local]')dnl

Since it’s sending the A record for vip.example.local. I’ve been told that this is a violation of IETF RFC-5321 section 5.1 which states:

Once an SMTP client lexically identifies a domain to which mail will
be delivered for processing (as described in Sections 2.3.5 and 3.6),
a DNS lookup MUST be performed to resolve the domain name (RFC 1035
[2]). The names are expected to be fully-qualified domain names
(FQDNs): mechanisms for inferring FQDNs from partial names or local
aliases are outside of this specification. Due to a history of
problems, SMTP servers used for initial submission of messages SHOULD
NOT make such inferences (Message Submission Servers [18] have
somewhat more flexibility) and intermediate (relay) SMTP servers MUST
NOT make them.

The lookup first attempts to locate an MX record associated with
the name. If a CNAME record is found, the resulting name is
processed as if it were the initial name. If a non-existent domain
error is returned, this situation MUST be reported as an error. If
a temporary error is returned, the message MUST be queued and
retried later (see Section 4.5.4.1). If an empty list of MXs is
returned, the address is treated as if it was associated with an
implicit MX RR, with a preference of 0, pointing to that host. If
MX records are present, but none of them are usable, or the
implicit MX is unusable, this situation MUST be reported as an
error.

If one or more MX RRs are found for a given name, SMTP systems MUST
NOT utilize any address RRs associated with that name unless they are
located using the MX RRs; the “implicit MX” rule above applies only
if there are no MX records present. If MX records are present, but
none of them are usable, this situation MUST be reported as an error.

When a domain name associated with an MX RR is looked up and the
associated data field obtained, the data field of that response MUST
contain a domain name. That domain name, when queried, MUST return
at least one address record (e.g., A or AAAA RR) that gives the IP
address of the SMTP server to which the message should be directed.
Any other response, specifically including a value that will return a
CNAME record when queried, lies outside the scope of this Standard.
The prohibition on labels in the data that resolve to CNAMEs is
discussed in more detail in RFC 2181, Section 10.3 [38].

Since mail servers support the option to smart host to an IP, I don’t understand how smarthosting to an A record could be a violation.


I answered:

This obviously applies to mail servers attempting to deliver mail to its destination. It’s utterly irrelevant to situations where you are delivering all mail to a smarthost; the smarthost that you deliver to is responsible for following this, but you are not.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

How can I force sendmail to use SMTP instead of internal relay?

Ben Harold asked:

I have a web server that was blacklisted from sending email because it was responding to SMTP HELO with localhost.localdomain instead of the domain name of my server (we’ll call it example.com). I was able to get the server to respond to the HELO with example.com by removing localhost.localdomain from my /etc/hosts file. However, now any time I try to send email to an address with the same domain name, sendmail is attempting to deliver the message locally instead of sending it via SMTP to our actual mail server (which is hosted at Rackspace).

I followed the advice here: Why sendmail is accepting mails for hostname not present in local-host-names file? and ran

echo '$=w' | sendmail -bt

And got:

[mail]
[162.243.XX.XXX]
mail
[mail.example.com]
mail.example.com
localhost
[127.0.0.1]
example.com

From what I understand, sendmail considers all of those domains local. I set DontProbeInterfaces=True in my sendmail.cf file. Now when I run

sendmail -bt
$=w

I get:

localhost
[127.0.0.1]
example.com

I also tried removing example.com from /etc/mail/local-host-names, but sendmail still thinks that example.com is local. How can I get sendmail to stop attempting local mail delivery for example.com email addresses?

EDIT:

echo '$j' | sendmail -bt

produces

example.com


I answered:

Fix your server’s hostname. No server should ever have a hostname equal to the naked domain name; this is but one of the many problems which occurs when you do this.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

OOM invoked with plenty of free swap

Evengard asked:

I am running an ARM router with i2p and tor on it – a Netgear R7000.
Of course I’ve added a full 512 MB of SWAP to it to prevent OOMs, understanding that it could slow down the system… But then I still get OOM killer starting with plenty of SWAP free, and killing tor! More interesting, after killing tor it seems that the system is OK for an unlimited amount of time… But still seems like tor couldn’t be swapped.
I even tried to turn off the overcommit, didn’t helped at all.

See the dmesg log below

resetbutton invoked oom-killer: gfp_mask=0x2000d0, order=0, oom_score_adj=0
CPU: 0 PID: 1500 Comm: resetbutton Tainted: P             3.10.79 #381
Backtrace:
[<c0015cb8>] (dump_backtrace+0x0/0x118) from [<c0015ec0>] (show_stack+0x18/0x1c)
 r6:c7a4cdc0 r5:00000000 r4:c6818000 r3:00000000
[<c0015ea8>] (show_stack+0x0/0x1c) from [<c012e5c0>] (dump_stack+0x24/0x28)
[<c012e59c>] (dump_stack+0x0/0x28) from [<c007c5cc>] (dump_header.isra.13+0x84/0x194)
[<c007c548>] (dump_header.isra.13+0x0/0x194) from [<c007c958>] (oom_kill_process+0x90/0x3e8)
[<c007c8c8>] (oom_kill_process+0x0/0x3e8) from [<c007d17c>] (out_of_memory+0x2c0/0x304)
[<c007cebc>] (out_of_memory+0x0/0x304) from [<c007fcbc>] (__alloc_pages_nodemask+0x5b0/0x694)
[<c007f70c>] (__alloc_pages_nodemask+0x0/0x694) from [<c00a2464>] (cache_alloc_refill+0x2c8/0x600)
[<c00a219c>] (cache_alloc_refill+0x0/0x600) from [<c00a214c>] (kmem_cache_alloc+0x88/0xd8)
[<c00a20c4>] (kmem_cache_alloc+0x0/0xd8) from [<c00afdd4>] (getname_flags+0x2c/0x104)
 r7:b6f5509c r6:00000000 r5:00000000 r4:00020000
[<c00afda8>] (getname_flags+0x0/0x104) from [<c00afec4>] (getname+0x18/0x1c)
[<c00afeac>] (getname+0x0/0x1c) from [<c00a5270>] (do_sys_open+0xbc/0x178)
[<c00a51b4>] (do_sys_open+0x0/0x178) from [<c00a5350>] (SyS_open+0x24/0x28)
 r9:c6818000 r8:c0008d24 r7:00000005 r6:00000000 r5:00000000
r4:00000000
[<c00a532c>] (SyS_open+0x0/0x28) from [<c0008ba0>] (ret_fast_syscall+0x0/0x30)
Mem-info:
Normal per-cpu:
CPU    0: hi:   42, btch:   7 usd:   0
CPU    1: hi:   42, btch:   7 usd:   0
HighMem per-cpu:
CPU    0: hi:   42, btch:   7 usd:   0
CPU    1: hi:   42, btch:   7 usd:   0
active_anon:10263 inactive_anon:12797 isolated_anon:0
 active_file:957 inactive_file:1335 isolated_file:0
 unevictable:151 dirty:0 writeback:0 unstable:0
 free:13787 slab_reclaimable:912 slab_unreclaimable:5734
 mapped:1171 shmem:0 pagetables:283 bounce:0
 free_cma:0
Normal free:26184kB min:32768kB low:40960kB high:49152kB active_anon:0kB inactive_anon:0kB active_file:96kB inactive_file:64kB unevictable:64kB isolated(anon):0kB isolated(file):0kB present:131072kB managed:124196kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:3648kB slab_unreclaimable:22936kB kernel_stack:1192kB pagetables:1132kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:4440 all_unreclaimable? no
lowmem_reserve[]: 0 1024 1024
HighMem free:28656kB min:128kB low:8772kB high:17416kB active_anon:41052kB inactive_anon:51512kB active_file:3764kB inactive_file:5244kB unevictable:540kB isolated(anon):0kB isolated(file):0kB present:131072kB managed:131072kB mlocked:0kB dirty:0kB writeback:0kB mapped:4684kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
Normal: 102*4kB (UEM) 118*8kB (UEM) 360*16kB (UM) 158*32kB (UM) 28*64kB (UEM) 8*128kB (UM) 4*256kB (UM) 4*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (R) = 26248kB
HighMem: 1177*4kB (UMR) 1620*8kB (UMR) 225*16kB (UMR) 30*32kB (UMR) 29*64kB (UMR) 8*128kB (UMR) 1*256kB (U) 2*512kB (U) 0*1024kB 1*2048kB (U) 0*4096kB = 28436kB
9347 total pagecache pages
6914 pages in swap cache
Swap cache stats: add 484419, delete 477505, find 187469/228822
Free swap  = 408788kB
Total swap = 524284kB
65536 pages of RAM
13904 free pages
1661 reserved pages
6646 slab pages
549590 pages shared
6923 pages swap cached
[ pid ]   uid  tgid total_vm      rss nr_ptes swapents oom_score_adj name
[  622]     0   622      189        7       3       13             0 hotplug2
[  626]     0   626      199       30       3        6             0 mstpd
[  971]     0   971      217        9       3        8             0 dropbear
[  987]     0   987      297      105       3       30             0 dnsmasq
[ 1112]     0  1112      315       29       4       30             0 ttraff
[ 1195]     0  1195      209       25       3        6             0 dhcp6c
[ 1288]     0  1288      755        3       4       83             0 httpd
[ 1330]     0  1330      315       26       3       18             0 process_monitor
[ 1334]     0  1334      361       44       3       38             0 upnp
[ 1337]     0  1337      334       50       4        9             0 wland
[ 1338]     0  1338      190       42       3        3             0 igmprt
[ 1339]     0  1339      291       10       3        6             0 udhcpc
[ 1449]     0  1449      182       27       3        3             0 cron
[ 1457]     0  1457      370       38       3       32             0 nas
[ 1460]     0  1460      370       36       4       32             0 nas
[ 1495]     0  1495      291       11       3        6             0 syslogd
[ 1497]     0  1497      291       15       3        6             0 klogd
[ 1500]     0  1500      334       32       3       12             0 resetbutton
[ 1684] 65534  1684     1008       18       5      499             0 tinyproxy
[ 1690] 65534  1690     1021        9       5      508             0 tinyproxy
[ 1691] 65534  1691     1021        9       5      508             0 tinyproxy
[ 1692] 65534  1692     1021        9       5      508             0 tinyproxy
[ 1693] 65534  1693     1008        6       5      502             0 tinyproxy
[ 1694] 65534  1694     1008        6       5      502             0 tinyproxy
[ 1695] 65534  1695     1008        6       5      502             0 tinyproxy
[ 1696] 65534  1696     1008        6       5      502             0 tinyproxy
[ 1697] 65534  1697     1008        6       5      502             0 tinyproxy
[ 1698] 65534  1698     1008        6       5      502             0 tinyproxy
[ 1699] 65534  1699     1008        6       5      502             0 tinyproxy
[ 1711]   106  1711    36556    12756      73    10236             0 tor
[ 1730]    13  1730      580        9       4       38             0 polipo
[ 1806]  1000  1806     2828       41       5      124             0 wrapper
[ 1808]  1000  1808    59927     7979      69    13797             0 java
[ 1921]     0  1921      241       18       3       31             0 dropbear
[ 1923]     0  1923      293        9       3        9             0 sh
[ 3705]     0  3705      804        5       4       86             0 bash
[ 5859]     0  5859      320       61       3       12             0 radvd
[ 5860]     0  5860      320       18       3       18             0 radvd
Out of memory: Kill process 1711 (tor) score 118 or sacrifice child
Killed process 1711 (tor) total-vm:146224kB, anon-rss:49036kB, file-rss:1988kB
tor: page allocation failure: order:0, mode:0x20058
CPU: 1 PID: 1711 Comm: tor Tainted: P             3.10.79 #381
Backtrace:
[<c0015cb8>] (dump_backtrace+0x0/0x118) from [<c0015ec0>] (show_stack+0x18/0x1c)
 r6:00000000 r5:00000000 r4:00020058 r3:00000000
[<c0015ea8>] (show_stack+0x0/0x1c) from [<c012e5c0>] (dump_stack+0x24/0x28)
[<c012e59c>] (dump_stack+0x0/0x28) from [<c007def4>] (warn_alloc_failed+0x100/0x110)
[<c007ddf4>] (warn_alloc_failed+0x0/0x110) from [<c007faf0>] (__alloc_pages_nodemask+0x3e4/0x694)
 r3:00040001 r2:00000000
 r7:c0405180 r6:00000001 r5:00000000 r4:00020058
[<c007f70c>] (__alloc_pages_nodemask+0x0/0x694) from [<c007a274>] (find_or_create_page+0x48/0x94)
[<c007a22c>] (find_or_create_page+0x0/0x94) from [<c00cfc08>] (__getblk+0x16c/0x308)
 r9:00000000 r8:0223764c r7:c7418110 r6:00000001 r5:00001000
r4:00000000
[<c00cfa9c>] (__getblk+0x0/0x308) from [<c00d0668>] (__bread+0x1c/0xd8)
[<c00d064c>] (__bread+0x0/0xd8) from [<bf5e96c8>] (_8+0x208/0x4a0 [ext2])
 r4:c6bb5b58
[<bf5e963c>] (_8+0x17c/0x4a0 [ext2]) from [<bf5ea2e0>] (_35+0x78/0x884 [ext2])
[<bf5ea268>] (_35+0x0/0x884 [ext2]) from [<c00d6da8>] (do_mpage_readpage+0x268/0x6d4)
[<c00d6b40>] (do_mpage_readpage+0x0/0x6d4) from [<c00d72d4>] (mpage_readpages+0xc0/0x104)
[<c00d7214>] (mpage_readpages+0x0/0x104) from [<bf5e99ac>] (_61+0x24/0x28 [ext2])
[<bf5e9988>] (_61+0x0/0x28 [ext2]) from [<c0082f08>] (__do_page_cache_readahead+0x170/0x1f8)
[<c0082d98>] (__do_page_cache_readahead+0x0/0x1f8) from [<c0083428>] (ra_submit+0x30/0x38)
[<c00833f8>] (ra_submit+0x0/0x38) from [<c007bb4c>] (filemap_fault+0x1bc/0x434)
[<c007b990>] (filemap_fault+0x0/0x434) from [<c008e5a4>] (__do_fault+0xac/0x490)
[<c008e4f8>] (__do_fault+0x0/0x490) from [<c0091284>] (handle_pte_fault+0x78/0x6d4)
[<c009120c>] (handle_pte_fault+0x0/0x6d4) from [<c0091968>] (__handle_mm_fault+0x88/0x90)
[<c00918e0>] (__handle_mm_fault+0x0/0x90) from [<c00920e0>] (handle_mm_fault+0x28/0x2c)
[<c00920b8>] (handle_mm_fault+0x0/0x2c) from [<c001948c>] (do_page_fault+0x118/0x288)
[<c0019374>] (do_page_fault+0x0/0x288) from [<c0008580>] (do_DataAbort+0x40/0x9c)
[<c0008540>] (do_DataAbort+0x0/0x9c) from [<c0008998>] (__dabt_usr+0x38/0x40)
Exception stack(0xc6bb5fb0 to 0xc6bb5ff8)
5fa0:                                     b6fe43d8 b6cfd864 00000005 00000053
5fc0: 00000001 b6fe43dd b6d0a358 b6cfd864 b866141c 00000000 b6fe43d8 00000000
5fe0: b6d0b658 be8798f0 b6cf2330 b6a4c388 20000010 ffffffff
 r8:b866141c r7:b6cfd864 r6:ffffffff r5:20000010 r4:b6a4c388
Mem-info:
Normal per-cpu:
CPU    0: hi:   42, btch:   7 usd:   0
CPU    1: hi:   42, btch:   7 usd:   0
HighMem per-cpu:
CPU    0: hi:   42, btch:   7 usd:   0
CPU    1: hi:   42, btch:   7 usd:   0
active_anon:10263 inactive_anon:13171 isolated_anon:0
 active_file:971 inactive_file:1322 isolated_file:0
 unevictable:151 dirty:1 writeback:0 unstable:0
 free:13621 slab_reclaimable:912 slab_unreclaimable:5739
 mapped:1172 shmem:0 pagetables:283 bounce:0
 free_cma:0
Normal free:27136kB min:32768kB low:40960kB high:49152kB active_anon:0kB inactive_anon:0kB active_file:40kB inactive_file:120kB unevictable:64kB isolated(anon):0kB isolated(file):0kB present:131072kB managed:124196kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:3648kB slab_unreclaimable:22956kB kernel_stack:1192kB pagetables:1132kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:40 all_unreclaimable? no
lowmem_reserve[]: 0 1024 1024
HighMem free:27380kB min:128kB low:8772kB high:17416kB active_anon:41052kB inactive_anon:52684kB active_file:3764kB inactive_file:5248kB unevictable:540kB isolated(anon):0kB isolated(file):0kB present:131072kB managed:131072kB mlocked:0kB dirty:4kB writeback:0kB mapped:4688kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
Normal: 96*4kB (UEM) 120*8kB (UEM) 360*16kB (UM) 182*32kB (UM) 32*64kB (UEM) 8*128kB (UM) 4*256kB (UM) 4*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (R) = 27264kB
HighMem: 918*4kB (UMR) 1620*8kB (UMR) 225*16kB (UMR) 30*32kB (UMR) 29*64kB (UMR) 8*128kB (UMR) 1*256kB (U) 2*512kB (U) 0*1024kB 1*2048kB (U) 0*4096kB = 27400kB
9533 total pagecache pages
7099 pages in swap cache
Swap cache stats: add 484625, delete 477526, find 187576/228974
Free swap  = 408868kB
Total swap = 524284kB
65536 pages of RAM
13939 free pages
1661 reserved pages
6652 slab pages
549523 pages shared
7099 pages swap cached
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets
TCP: too many orphaned sockets

The sysctl vm related settings:

vm.admin_reserve_kbytes = 7914
vm.block_dump = 0
vm.dirty_background_bytes = 0
vm.dirty_background_ratio = 10
vm.dirty_bytes = 0
vm.dirty_expire_centisecs = 3000
vm.dirty_ratio = 20
vm.dirty_writeback_centisecs = 500
vm.drop_caches = 0
vm.highmem_is_dirtyable = 0
vm.laptop_mode = 0
vm.legacy_va_layout = 0
vm.lowmem_reserve_ratio = 32    32
vm.max_map_count = 65530
vm.min_free_kbytes = 32768
vm.mmap_min_addr = 4096
vm.nr_pdflush_threads = 0
vm.oom_dump_tasks = 1
vm.oom_kill_allocating_task = 0
vm.overcommit_memory = 2
vm.overcommit_ratio = 50
vm.page-cluster = 3
vm.panic_on_oom = 0
vm.percpu_pagelist_fraction = 0
vm.scan_unevictable_pages = 0
vm.stat_interval = 1
vm.swappiness = 100
vm.user_reserve_kbytes = 7914
vm.vfs_cache_pressure = 100

What am I doing wrong (except for using a SOHO router for tor, lol)?

PS: Using DD-WRT firmware


I answered:

You have a couple of obvious problems.

First:

vm.swappiness = 100

You’ve told the kernel to swap as aggressively as possible, even when it’s not strictly necessary to do so.

On an embedded device (which usually won’t have swap at all) this is completely insane. This should be set to 0 (probably best) or 1.

Second:

vm.overcommit_memory = 2

Aside from preventing any overcommit at all, and preventing the system from using all free memory and swap, this also causes additional memory to be reserved for admin and user processes as specified in admin_reserve_kbytes and user_reserve_kbytes.

I can’t find a single system I manage, embedded, desktop or server, where this setting is anything other than 0.

Finally, about DD-WRT… I’m not happy with them. They went overly commercial some time back and stopped making regular releases and updates. These days I recommend OpenWrt as a platform for building embedded systems.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

ipset not being applied to iptables

cardinalPilot asked:

I’m trying to filter out a country that keeps probing my SMTP server (CentOS6) and I can’t seem to get the ipset to work out right in iptables.

I downloaded that countries IP addresses from ipdeny.com and installed the list as a text file. Originally, I had all my blacklist IP addresses in a big long iptables chain, but that could really affect the CPU adversely – hence me wanting to use an ipset.

Here’s an excerpt from that IP addresses file:

185.40.4.31
80.82.65.237
2.60.0.0/14

So now I’m trying to use that list in an ipset set. I verify the ipset set is populated using ‘ipset list’.

Name: blacklist
Type: hash:net
Header: family inet hashsize 2048 maxelem 65536
Size in memory: 108816
References: 1
Members:
....
185.40.4.31
185.40.152.0/22
...

With this ipset, I add it to iptables:

iptables -A INPUT -p tcp -m set --set blacklist src -j DROP

But when I try and test the set using hping3, the packages still gets thru.

hping3 --syn --destport 25 --count 3 -a 185.40.4.31 <server_ip>

When I was using the long iptables chain, things were working as expected.

Here’s the abbreviated output of iptables -L -n (I editted out most of the 6200+ ipdeny entries)

Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  217.199.240.0/20     0.0.0.0/0
DROP       all  --  217.199.208.0/20     0.0.0.0/0
...
DROP       all  --  2.60.0.0/14          0.0.0.0/0
DROP       all  --  94.102.50.41         0.0.0.0/0
DROP       all  --  80.82.65.237         0.0.0.0/0
DROP       all  --  185.40.4.31          0.0.0.0/0
ACCEPT     all  --  192.168.2.0/24       0.0.0.0/0
ACCEPT     all  --  192.168.1.0/24       0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:27944 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21 state NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:27940
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:110
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           match-set blacklist src

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

I answered:

Your rule never takes effect because you have added it to the end of the chain. Immediately preceding it is a rule to drop all traffic, thus your rule is never reached. In iptables, rules are matched in order; this is different than many other firewalls.

To resolve the problem, move the rule up to earlier in the chain. And if you really want to blacklist those addresses, it should be as early as possible in the chain, e.g. the first rule.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

word wrap in ssh session not working with grep

user53029 asked:

When I ssh to my Linux servers and use grep like this:

grep ‘timeout exceeded’ logfile | less

word wrap does not work.

However, if I use the same command but use less first, like this:

less logfile | grep ‘timeout exceeded’

the lines wrap. I am not sure what the problem is or if this is normal or not. But it happens regardless of the ssh client I use. I have tried both putty and an Ubuntu client. How can I fix this?


I answered:

This is not the default behavior of less. The default is to wrap long lines.

You are seeing this behavior because you have the -S option (and several others) set in your LESS environment variable.

       -S or --chop-long-lines
              Causes  lines  longer than the screen width to be chopped (trun‐
              cated) rather than wrapped.  That is, the portion of a long line
              that does not fit in the screen width is not shown.  The default
              is to wrap long lines; that is, display  the  remainder  on  the
              next line.

To resolve the problem, check your shell startup scripts (e.g. $HOME/.bash_profile, $HOME/.bashrc) and the system shell startup scripts (e.g. those in the /etc/profile.d directory) to see where the environment variable is being set, and make the desired changes.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Linux mail(x) command. Can't open or use. Just spits out old message and returns to prompt

jaydisc asked:

(Debian Squeeze)

I was working on a shell script that piped output to the mail command. I must have done something wrong, as I am no longer able to use the command for anything. Even if I type “mail” with no arguments, it just spits out what appears to be the content I previously tried to email, but it then just returns me to a prompt. The same output occurs regardless of which arguments I use with the command.

We do not use local mail storage, and I have deleted all of the user files in /var/mail and /var/spool/mail (one is a link to the other), but for the life of me, I cannot figure out how to get use of this command back.

I’m struggling with any kind of searching for this problem as the search terms seem way too vague.


I answered:

I suspect that at some point you accidentally did something like:

....command... > /usr/bin/mail

instead of

....command... | /usr/bin/mail

thus replacing /usr/bin/mail with a copy of some data.


I would suggest that you reinstall the mail program. Because Debian ships several alternatives, you can find the one you have installed with:

root@www:~# ls -l /usr/bin/mail
lrwxrwxrwx 1 root root 22 2011-04-04 02:48 /usr/bin/mail -> /etc/alternatives/mail

root@www:~# ls -l /etc/alternatives/mail
lrwxrwxrwx 1 root root 18 2011-04-04 02:48 /etc/alternatives/mail -> /usr/bin/bsd-mailx

So the mail program is really /usr/bin/bsd-mailx on this system. Let us find out which package it came from:

root@www:~# apt-file search /usr/bin/bsd-mailx
bsd-mailx: /usr/bin/bsd-mailx

And finally we will reinstall that package.

root@www:~# apt-get install --reinstall bsd-mailx
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 1 not upgraded.
Need to get 155kB of archives.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]?

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Where to create an AF_LOCAL/AF_UNIX socket file when not allowed to write in /var/run?

hl037_ asked:

FSH says that socket and pid files should go to /var/run
However, for security purpose, only root can creates file and subdirectories in this location.

A common solution is creating a subdirectory for the script in /var/run and ten chmod it… But what to do when you don’t have access to root user ?

Where should I put a .socket (and a .pid) if I don’t have access to root ?


I answered:

On systemd-based systems such as Arch Linux and (latest) Debian, services are expected to tell systemd that they want a directory under /run by adding a a tmpfiles.d configuration file to the system.

By default these are stored in /usr/lib/tmpfiles.d, though local additions can be added in /etc/tmpfiles.d which override the defaults.

The tmpfiles.d facility can be used to create and empty directories, create files, symlinks, device nodes, sockets, and more.

For example:

# cat /usr/lib/tmpfiles.d/php-fpm.conf
d /run/php-fpm 755 root root

This specifies to create a directory /run/php-fpm, with mode 0755, owned by root and group root. The directory will be created at system startup or whenever the systemd-tmpfiles-setup service is restarted. You can also run systemd-tmpfiles manually.

There are many other options available; check the tmpfiles.d documentation for full details.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

How do i know if this logs are normal, and if somenone got into my server?

BlueStarry asked:

last month i was logging into my server as usual and was a mess: programs not working, /home not mounting anymore etc etc

Now i’ve downloaded all the Ubuntu server logs and i’ve noticed that auth is full of lines like this:

    Jun  7 06:57:01 ns375259 CRON[5663]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun  7 06:57:01 ns375259 CRON[5663]: pam_unix(cron:session): session closed for user root

I mean, really full, 2 months + of lines

Root access was denied on my ssh.. i don’t really know what that is.
What i should look for for a security breach in the logs?


I answered:

The repeated occurrence of “cron” indicates that this session was started by a cron job. It is not indicative of a compromise.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.