|
Martytoof posted:I honestly think it's a toss-up between Fedora/CentOS and Ubuntu. They're both really well documented and while they're different package systems, etc., they're both pretty similar in terms of what they offer. Probably means jack poo poo to the average user though, but yeah.
|
# ? Apr 1, 2012 20:01 |
|
|
# ? May 24, 2024 02:44 |
|
Oh yeah. I guess there are significant differences under the hood. Good point. Sort of wish they'd try to standardize on something. Lukano posted:It's been like 6-8 years since I last used it, but MyNetWatchman does all that and more, especially with some IDS in place. I will give this a long hard look, thank you
|
# ? Apr 1, 2012 20:05 |
|
Now that I've actually sat down and taken a look at the MNW website, it doesn't look like they've actively aggregated / identified / reported incidents since like Nov 2009. They still track firewall events, but they don't do anything with the data anymore On the upside, the source to the mnwclient is there to poke at should someone want to pick up the torch I guess :P
|
# ? Apr 2, 2012 02:10 |
|
quote:Not to start an editor war, but in general, one of vim or emacs is really good to learn well. Learning curves are a bit steep, but I'm far more productive writing code in vim than any IDE I've used. The fact that I can just as trivially write code over a remote shell from any computer, using detachable screen sessions (or tmux, whatever) is icing on the cake. Every time I hear someone say this it later transpires that they haven't used any IDEs since they learned to use vi ten/twenty/thirty years ago. Some of them are actually really good these days! Although granted if you want something you can use over a slow SSH connection or can detach from pretty much anywhere, vi/emacs are boss. All that aside, though - yeah, knowing the absolute basics of vi is a good idea. Nano/pico are easier to use, any graphical editor is easier still, but everything has vi installed. If you know how to load, edit, and save in vi, you will still have a working text editor you can use to fix things even when everything else is missing or broken. (The one possible exception is space-constrained embedded systems; nano is much smaller than vi. But you don't really need to "learn" nano, it's very discoverable.)
|
# ? Apr 2, 2012 14:34 |
|
Zom Aur posted:I think the most significant difference, besides the package manager, would be that fedora uses systemd, centos uses sysvinit (I think?) and ubuntu uses upstart. CentOS6 uses Upstart.
|
# ? Apr 2, 2012 21:45 |
|
evol262 posted:CentOS6 uses Upstart.
|
# ? Apr 3, 2012 06:01 |
What's the best way to manage an Ubuntu machine remotely, specifically the apache/php/mysql/fileserver elements? Webmin is apparently out of date and has been replaced, but I can't figure out with what..
|
|
# ? Apr 3, 2012 09:09 |
|
Sulla-Marius 88 posted:What's the best way to manage an Ubuntu machine remotely, specifically the apache/php/mysql/fileserver elements? Webmin is apparently out of date and has been replaced, but I can't figure out with what.. SSH. Seriously though, I am not sure what replaced Webmin, I know a lot of people still using it. I use SSH for everything.
|
# ? Apr 3, 2012 09:19 |
|
Sulla-Marius 88 posted:What's the best way to manage an Ubuntu machine remotely, specifically the apache/php/mysql/fileserver elements? Webmin is apparently out of date and has been replaced, but I can't figure out with what.. Man up and use the shell, basically.
|
# ? Apr 3, 2012 09:48 |
The frustrating thing about using the shell is copy-pasting commands or code in.. if it's anything longer than 100 chars, it gets really frustrating to get stuff across from webpages or code snippets etc. That's why I prefer VNC or a server GUI to be able to bulk-add text.. how do you guys get around that? Do you just add the code to a file on your local machine and transfer from there, or what?
|
|
# ? Apr 3, 2012 10:38 |
|
Sulla-Marius 88 posted:The frustrating thing about using the shell is copy-pasting commands or code in.. if it's anything longer than 100 chars, it gets really frustrating to get stuff across from webpages or code snippets etc. That's why I prefer VNC or a server GUI to be able to bulk-add text.. how do you guys get around that? Do you just add the code to a file on your local machine and transfer from there, or what?
|
# ? Apr 3, 2012 12:46 |
|
Sulla-Marius 88 posted:The frustrating thing about using the shell is copy-pasting commands or code in.. if it's anything longer than 100 chars, it gets really frustrating to get stuff across from webpages or code snippets etc. That's why I prefer VNC or a server GUI to be able to bulk-add text.. how do you guys get around that? Do you just add the code to a file on your local machine and transfer from there, or what?
|
# ? Apr 3, 2012 12:52 |
|
Sulla-Marius 88 posted:The frustrating thing about using the shell is copy-pasting commands or code in.. if it's anything longer than 100 chars, it gets really frustrating to get stuff across from webpages or code snippets etc. That's why I prefer VNC or a server GUI to be able to bulk-add text.. how do you guys get around that? Do you just add the code to a file on your local machine and transfer from there, or what? What kind of issues are you getting? I have had problems cutting+pasting unicode when the shell expects ascii and it just fucks everything up.
|
# ? Apr 3, 2012 13:21 |
|
Can some one help me with my appalling lack of iptables knowledge? New web host has some sort of monitor running that periodically pings my fancy new server to see if it is up. I learned about this just a few minutes after I setup iptables when I got an automated warning that my machine was unreachable and a ticket had been created and oh god bla bla bla... So I googled around for an entry that would allow ICMP from a specific IP and came up with this: code:
I felt pretty good about this until I got another email a few minutes later saying the sky was falling and my server had disappeared. Some one hold my hand!
|
# ? Apr 3, 2012 16:04 |
|
Sulla-Marius 88 posted:The frustrating thing about using the shell is copy-pasting commands or code in.. if it's anything longer than 100 chars, it gets really frustrating to get stuff across from webpages or code snippets etc. That's why I prefer VNC or a server GUI to be able to bulk-add text.. how do you guys get around that? Do you just add the code to a file on your local machine and transfer from there, or what? Generally I just open the file in nano or vi and paste the text. If I need more involved editing, I (depending on circumstances and how much I need to do) might do any of: - ssh in, use nano - ssh -XC in, use a graphical editor - mount over sshfs, use a local editor - use NX + a graphical editor - rsync everything to my local machine, edit it there, and rsync it back
|
# ? Apr 3, 2012 17:42 |
|
Kaluza-Klein posted:Can some one help me with my appalling lack of iptables knowledge? 2. You shouldn't need the "-A OUTPUT" rule at all, unless that's not your full firewall configuration and/or you're setting a DROP policy on the OUTPUT chain. If the latter, there's bigger problems here. 3. Your source/destination switches are swapped. What you really want is: code:
4. Why not just accept ICMP traffic period? Dropping it is more likely to cause problems than it's going to solve. For one, if the monitor server is ever reIPed, you're going to have to update the firewall rule and will probably forget to. Or the guy who replaces you won't even know that rule is there and be baffled.
|
# ? Apr 3, 2012 17:44 |
|
Kaluza-Klein posted:Can some one help me with my appalling lack of iptables knowledge? Here is my iptables entry for icmp: code:
|
# ? Apr 3, 2012 17:45 |
|
Also, those firewall rules are bizarrely overspecified. I'm guessing you folks found them from here? There's a few things about that page that bothers me. But one of which is the overspecified firewall rules without motivation. For example, why hardcode the destination IP? Is it to prevent smurf attacks? If so, Linux has been ignoring ICMP echo requests on the broadcast address by default since 2.6.14.
|
# ? Apr 3, 2012 18:14 |
|
ExcessBLarg! posted:Also, those firewall rules are bizarrely overspecified. I'm guessing you folks found them from here? I use a simpler rule most of the time now, I just happened to have an example that essentially matched his from when I was trying to familiarize myself with iptables. Helpful to specify that stuff just to see how the syntax works, though my use of linux in a production environment is limited to the single nagios server I'm responsible for.
|
# ? Apr 3, 2012 18:31 |
|
ExcessBLarg! posted:Is it to prevent smurf attacks? If so, Linux has been ignoring ICMP echo requests on the broadcast address by default since 2.6.14. So that's why that stopped working? I had a legitimate reason to want to do that once or twice and wondered why nothing happened anymore.
|
# ? Apr 3, 2012 18:38 |
|
spoon0042 posted:So that's why that stopped working? Pinging broadcasts is a cheap way to figure out which machines on a subnet are up, but nmap can basically do the same thing with unicast addresses so there's not a huge functionality loss.
|
# ? Apr 3, 2012 19:01 |
|
This "pinging to check if the server is up" is something the hosting service is doing, I had no idea it was there until it yelled at me! I just gave up and allowed all ICMP. And yes, ExcessBLarg!, I did find the rules I tried at that link! I do have allow all output, so I realize now that the output rule for icmp was useless. The perils of copy/pasting :/. This is just a server I can goof off with and idle on irc with, so hopefully no one is worried that I am learning on it.
|
# ? Apr 3, 2012 19:17 |
|
I get that poo poo all the time at work. "Please allow SSH access on someserver to someip" *opens port "It's not working! I can't ping!"
|
# ? Apr 3, 2012 19:20 |
|
Kaluza-Klein posted:This "pinging to check if the server is up" is something the hosting service is doing, I had no idea it was there until it yelled at me! Kaluza-Klein posted:This is just a server I can goof off with and idle on irc with, so hopefully no one is worried that I am learning on it. A modern Linux system usually doesn't need a firewall. That said, stateful, "default deny" of incoming TCP/UDP traffic isn't bad. Just open the ports you need and that way you can run whatever daemons without worry that a misconfiguration gets you owned. ICMP is pretty harmless though. I've never had a problem just allowing it, and I've not found good motivation for blocking it in most circumstances. I have, however, run into problems where things like PMTU discovery breaks because folks unnecessarily filter ICMP and it gets annoying. spankmeister posted:"It's not working! I can't ping!"
|
# ? Apr 3, 2012 19:39 |
|
People weren't kidding when they said Centos Minimal install is basic.
|
# ? Apr 3, 2012 20:03 |
|
ExcessBLarg! posted:A modern Linux system usually doesn't need a firewall. That said, stateful, "default deny" of incoming TCP/UDP traffic isn't bad. Just open the ports you need and that way you can run whatever daemons without worry that a misconfiguration gets you owned. Sure it does. Anything on the internet should (most people are behind NAT at home so you could argue that those don't, but still should)
|
# ? Apr 3, 2012 20:48 |
|
Bob Morales posted:Sure it does. What attack vector exists that non-firewalled, but properly-configured Linux machines are susceptible to? I understand running a firewall on machines where semi-trusted users are running riff-raff services/programs that the world shouldn't have access to. I would go as far as to say that these machines should run a firewall. But if you're running a machine with limited services and no riff-raff users, why does it need a firewall?
|
# ? Apr 3, 2012 21:21 |
|
Any users of Symantec / Veritas backup exec for Linux here? From the server, what account do you use to connect to the clients? I have a client set up but the thing is that the windows server backup manager program thing needs an account from the linux machine to access it. And I don't like using root for that, seems weird to have to store the root password in the backup application if the backup service is already running as root.
|
# ? Apr 3, 2012 21:35 |
|
ExcessBLarg! posted:Why? What if you install a piece of software that does something dumb like opening a service/port without you knowledge and you get attacked that way? If you have a firewall blocking that port, it doesn't matter if something is opened without your knowledge. I understand that in most cases a non-open port is just as good as a firewalled port. But there's no reason to NOT run one just in case.
|
# ? Apr 3, 2012 21:38 |
|
Bob Morales posted:What if you install a piece of software that does something dumb like opening a service/port without you knowledge and you get attacked that way? In the past, there were systems that were vulnerable to attack merely by virtue of being online, and thus, in absence of timely patching, needed a firewall just to function. That's no longer the case, you can put a properly-configured Linux machine online without a firewall, and it won't get owned by virtue of inherently running Linux. That's what I mean by need. That said, running a firewall may well be prudent depending on what one intends to do with the machine. But it should be considered as part of risk assessment, not something that absolutely has to be done. Bob Morales posted:I understand that in most cases a non-open port is just as good as a firewalled port. But there's no reason to NOT run one just in case. Long story short, if I'm connecting to a host I should have access to, I expect it to:
|
# ? Apr 3, 2012 22:02 |
|
As often happens, a weird problem that I don't even know where to start with. Background: I've got this Rails app I've written for work, including a content-type that has attachments. These attachments need to be stored somewhere on the file system, so I got a directory created on our fileserver (/home/f0/html/saird) for this storage. Correct permissions given and everything. I run the webapp, try to upload and store a file and the app errors out. No big surprise, had it working in dev but the production environment is a bit different and no doubt I have to configure it right. It's when I go looking at the storage dir that things get strange: code:
code:
code:
|
# ? Apr 4, 2012 10:53 |
|
outlier posted:That's not good. In fact, what does that even mean and how can it happen? http://stackoverflow.com/questions/541533/only-questionmarks-in-linux-dirlisting Looks like a permissions error: quote:That happens when the user can't do a stat() on the files (which requires execute permissions), but can read the directory entries (which requires read access on the directory). So you get a list of files in the directory, but can't get any information on the files because they can't be read. If you have a directory which has read permission but not execute, you'll see this. Someone probably tried to protect the .ssh directory incorrectly - it should be "chmod 0700 .ssh/" and owned by the user which owns the homedir. More than likely, someone was following instructions for securing a .ssh file but applied it to a .ssh directory.
|
# ? Apr 4, 2012 13:09 |
|
spankmeister posted:Any users of Symantec / Veritas backup exec for Linux here? IIRC we have a local user on each machine with a different set of credentials and added it to the default beoper group that is created by the agent install process.
|
# ? Apr 4, 2012 13:18 |
|
i barely GNU her! posted:IIRC we have a local user on each machine with a different set of credentials and added it to the default beoper group that is created by the agent install process. So the account it uses doesn't actually need to have any rights, just be able to log in and be in beoper? I thought it would be enough, but wasn't sure. (The install doc says to use root )
|
# ? Apr 4, 2012 13:23 |
|
outlier posted:
Try giving everyone execute access to the directory. And by "everyone" I mean chmod 755.
|
# ? Apr 4, 2012 17:14 |
|
Copying my lubuntu install from a lowly 250GB HD to a 750GB WD RE. So I'm watching GParted copy 227GB. Probably would have been faster to just create the partitions and just cp the files over, right? Since there's...maybe 6GB of actual data on the drive? 1h 44m left then I can cross my fingers and hope I can get grub installed right on the new drive. I'd just re-install but I'd end up spending 5 hours re-installing (and re-building) a whole list of Ruby gems and poo poo like that.
|
# ? Apr 4, 2012 20:05 |
|
Bob Morales posted:Copying my lubuntu install from a lowly 250GB HD to a 750GB WD RE. So I'm watching GParted copy 227GB. Probably would have been faster to just create the partitions and just cp the files over, right? Since there's...maybe 6GB of actual data on the drive? First step should have been to shrink the partitions. Though what I do in these cases is dd the entire drive over, then reboot and let gparted resize the partitions.
|
# ? Apr 4, 2012 21:20 |
|
Anyone have suggestions for a good Quake-style drop-down terminal? The built in terminal in Ubuntu is okay for light use but I miss hotkey drop-down like I can get with iTerm in OS X. (Oh god how I miss iTerm...)
|
# ? Apr 4, 2012 22:14 |
|
etcetera08 posted:Anyone have suggestions for a good Quake-style drop-down terminal? The built in terminal in Ubuntu is okay for light use but I miss hotkey drop-down like I can get with iTerm in OS X. (Oh god how I miss iTerm...)
|
# ? Apr 4, 2012 22:22 |
|
|
# ? May 24, 2024 02:44 |
|
spankmeister posted:So the account it uses doesn't actually need to have any rights, just be able to log in and be in beoper? Yep. Pretty sure we arrived at that conclusion once we realized that's all that the installer did. The user will need a real shell though, they can't just be authenticatable.
|
# ? Apr 4, 2012 22:47 |