[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RE: cobalt-users digest, Vol 1 #1461 - 20 msgs
- Subject: [cobalt-users] RE: cobalt-users digest, Vol 1 #1461 - 20 msgs
- From: Christine MRecher <christinem@xxxxxxxxxxxxxxx>
- Date: Mon Oct 9 15:39:04 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Please take me off of your listings - I do not want any more e-mails
-----Original Message-----
From: cobalt-users-request@xxxxxxxxxxxxxxx
[mailto:cobalt-users-request@xxxxxxxxxxxxxxx]
Sent: Monday, October 09, 2000 10:52 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: cobalt-users digest, Vol 1 #1461 - 20 msgs
Send cobalt-users mailing list submissions to
cobalt-users@xxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://list.cobalt.com/mailman/listinfo/cobalt-users
or, via email, send a message with subject or body 'help' to
cobalt-users-request@xxxxxxxxxxxxxxx
You can reach the person managing the list at
cobalt-users-admin@xxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cobalt-users digest..."
Today's Topics:
1. Re: re: shared SSL on RaQ4 (Jeff Lasman)
2. RE: Webalizer problem solved!!!! (L. James Prevo)
3. Re: Is there a fix for making invisbles visible on RQ4? (Jeff Lasman)
4. Re: SERVER_ADMIN (Jeff Lasman)
5. Re: Publish using Front Page via IP (Jeff Lasman)
6. Re: Shutting down the Qube (Jeff Lasman)
7. POP B4 SMTP for certain sites? (Mike Fritsch)
8. Re: Sendmail (Randall Clark)
9. Auto account creation (Randall Clark)
10. FP extensions language localisation (Benoit Sarton)
11. RE: RE: Webalizer problem solved!!!! (Dan Kriwitsky)
12. Re: RaQ 3 - Can not add sites after Restore - Help! (Eurowolf@xxxxxxx)
13. Re: Secure CGI on a RaQ4 (Duncan Laurie)
14. [RaQ3] Any other experiences with All System 3.0.1-6482? (Florian
Effenberger)
15. [RAQ4] PINE (Jake Smith)
16. Raq 3 admin .. lost /usr/admserv/html/.cobalt/siteManage directories
(Dr R Fishwick)
17. Re: [RaQ3i] hosts.deny (James Riordon)
18. RE: Secure CGI on a RaQ4 (Christopher Simmons)
19. Re: [RaQ3i] hosts.deny (Fabrice Prémel)
20. Re: hosts.deny - try ipchains (Nick Voth)
--__--__--
Message: 1
Date: Sun, 08 Oct 2000 22:53:32 -0700
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Organization: nobaloney.net
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] re: shared SSL on RaQ4
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Christopher Simmons wrote:
> Beside the point however, I do want to offer shared SSL regardless of
> the pros and cons. I always thought it was a nice feature and "isn't
> hurting anyone" so why not? If I can make an extra $100 - 200 month in
> hosting revenue simply by installing this feature properly (umm...
> "hack" properly) then it's worth it to me. Plus I was offering this
> service through that crappy hosting sweat shop ("CT").
While almost everyone offers shared SSL, the fact is that there is a
major "con"...
> Now that I'm bringing it all into my own 1/2-rack environment and have
> total power (nyah haha hhah!!!), then I hope to be able to provide
> better service to my customers.
Bragging ignored <smile>.
> Any compelling reason not to do it? (Shared SSL.) Melt down, humidity
> on the diodes, LCD display failure, etc.? (kidding)
It's most likely against the license agreement you sign when you
purchase the cert.
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205
--__--__--
Message: 2
From: "L. James Prevo" <president@xxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2000 01:59:23 -0400
Subject: [cobalt-users] RE: Webalizer problem solved!!!!
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
I set up a stats user in my main site so the user name could no be taken.
I then tried with a site with the mods and could not create one.
L. James Prevo
President
The Prevo Network
http://www.prevo.net
"The Place Where We Unlock Your Doors to the Net!"
> Message: 1
> From: "Dan Kriwitsky" <dan@xxxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Subject: RE: [cobalt-users] Webalizer problem solved!!!!
> Date: Sun, 8 Oct 2000 15:02:30 -0400
> Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>
> >
> > Only draw back, you can't have a user called stats, but who
> > would anyways.
> >
> And you better hope that none of your users goes to
> www.domain.com/siteadmin
> and creates a user called stats.
> --
> Dan Kriwitsky
>
>
>
--__--__--
Message: 3
Date: Sun, 08 Oct 2000 23:07:28 -0700
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Organization: nobaloney.net
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Is there a fix for making invisbles visible on
RQ4?
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Stew Smith wrote:
> > It's ridiculous to have to telnet in to remove a simple file created by
> > a perl script. I can't have all my resold clients telneting in to play
> > with cd and ls -a and rm commands willy nilly.
>
> No it isn't ridiculous. Unless you fubar your file permissions,
site-admins
> can't harm your system; aside from their sites data. Give them admin
access
> though, and you are up-creek... System management isn't done through a
ftp
> client. Is any part of this confusing you?
Sorry to have to disagree with anyone with a Cobalt return address, but
I would NEVER give any user, not even a site-admin, telnet access to any
RaQ under my control.
After all, even the paranoid do get followed <smile>.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205
--__--__--
Message: 4
Date: Sun, 08 Oct 2000 23:10:15 -0700
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Organization: nobaloney.net
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] SERVER_ADMIN
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Florian Effenberger wrote:
> I just saw that SERVER_ADMIN is set to "admin" and not to
> "admin@<servername>". Anybody knows why? :)
Because the "@<servername>" would be redundant for local delivery.
There's only one user named "admin" on your box.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205
--__--__--
Message: 5
Date: Sun, 08 Oct 2000 23:26:48 -0700
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Organization: nobaloney.net
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Publish using Front Page via IP
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Fathi Said wrote:
> Just use to have a good provider, and you can get any amount of IP
addresses
> you want (as long as you use them).
Won't be true much longer (more below)...
> Once you have a few thousands of assigned IPs, you can request additional
> ones easily from ARIN. The cost is reasonable too.
ARIN has changed the rules. Effective a few weeks ago, domain names can
no longer be used as justification for IP#s.
Your provider will probably change his rules when he finds out it's
getting harder to get more.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205
--__--__--
Message: 6
Date: Sun, 08 Oct 2000 23:31:09 -0700
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Organization: nobaloney.net
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Shutting down the Qube
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Jean Koclas wrote:
> The standard procedure to shutdown the Qube is to use the LCD display with
> the back control panel, which is very awkward.
> Is there any side-effect of sending the "halt" command through telnet
> instead (as was pointed out to me by my 15 year old)?
There are major bad side-effects to allowing telnet at all, but then
again, your 15-year-old probably told you that as well.
You can probably run:
# shutdown -h now
I say probably because "shutdown" may not be in your path. If it isn't
find it using:
# find / -name shutdown
and then do:
# /path/to/shutdown -h now
Which will shut down your Qube.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205
--__--__--
Message: 7
From: "Mike Fritsch" <mfritsch@xxxxxxxxxxxx>
To: "Cobalt List" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2000 00:56:50 -0700
Subject: [cobalt-users] POP B4 SMTP for certain sites?
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
I have search all through the POP B4 SMTP information and can not find the
answer to this question. We would like allow only certain domains on our
RaQ3s to use SMTP. Is there any way to limit POP B4 SMTP to only certain
domains which we select?
Thanks
Mike
--__--__--
Message: 8
From: "Randall Clark" <wz297@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-users] Sendmail
Date: Mon, 9 Oct 2000 00:56:23 -0700
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
I did a search as root for the file and can not find it.
I ran the command:
find -name cobalt.mc
----- Original Message -----
From: "Jim Carey" <ozbcoz@xxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Saturday, October 07, 2000 5:29 PM
Subject: RE: [cobalt-users] Sendmail
> there is such a directory on my RAQ3 - the directory quoted by the earlier
> poster had an extra /cf in the path for some reason.
>
> Jim Carey
>
>
>
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Favio
> > Balestrieri
> > Sent: Sunday, 8 October 2000 8:46 AM
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: RE: [cobalt-users] Sendmail
> >
> >
> > I have the same problem, please tell me if
/usr/lib/sendmail-cf/redhat.mc
> > is correct.
> >
> > -----Mensaje original-----
> > De: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]En nombre de Randall Clark
> > Enviado el: Sábado, 07 de Octubre de 2000 06:18 p.m.
> > Para: cobalt-users@xxxxxxxxxxxxxxx
> > Asunto: Re: [cobalt-users] Sendmail
> >
> >
> > There is no such thingf as a /usr/lib/sendmail-cf/cf/cobalt.mc file
> >
> >
> > ----- Original Message -----
> > From: "Jeff Bilicki" <jeff@xxxxxxxxxxx>
> > To: <cobalt-users@xxxxxxxxxxxxxxx>
> > Sent: Saturday, October 07, 2000 11:11 AM
> > Subject: Re: [cobalt-users] Sendmail
> >
> >
> > > If you are going to mod the mc files I would suggest starting
> > > with /usr/lib/sendmail-cf/cf/cobalt.mc instead. Also, check
> > > to see if the @ is escaped in the email address in the cgi
> > > sending the mail.
> > >
> > > Jeff-
> > >
> > > > I found the fix for my problem, here it is...
> > >
> > > > To fix the mail command used in PHP, CGI or command line.
> > > > Add the following in the /usr/lib/sendmail-cf/redhat.mc file.
> > > > FEATURE(accept_unresolvable_domains)dnl
> > >
> > > > Thank you for all your help.
> > > > Randall
> > >
> > >
> > >
> > >
> > > > ----- Original Message -----
> > > > From: "Florian Effenberger" <florian.effenberger@xxxxxxxxxxxxx>
> > > > To: "Randall Clark" <cobalt-users@xxxxxxxxxxxxxxx>
> > > > Sent: Saturday, October 07, 2000 5:19 AM
> > > > Subject: Re[6]: [cobalt-users] Sendmail
> > >
> > >
> > > >> Hi Randall,
> > > >>
> > > >> sorry, I'm not a "crack" on this, I have no idea myself.
> > Maybe anybody
> > > >> else on this list has a tip for Randall?
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To Subscribe or Unsubscribe, please go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> > >
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
--__--__--
Message: 9
From: "Randall Clark" <wz297@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2000 00:59:00 -0700
Subject: [cobalt-users] Auto account creation
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Does anyone on this list have a script that will take a web form from post
to the creation of a user automaticly?
--__--__--
Message: 10
From: "Benoit Sarton" <bs@xxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2000 11:16:35 +0200
Subject: [cobalt-users] FP extensions language localisation
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
I would like to translate the frontpage extensions into french ( date format
and so on)
Where could I do that ?
I have noticed the following line in the file
/usr/local/frontpage/version4.0/frontpage.cnf :
defaultLanguage:en
Would that be the line to change ?
Thanks for help
Benoit
--__--__--
Message: 11
From: "Dan Kriwitsky" <dan@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] RE: Webalizer problem solved!!!!
Date: Mon, 9 Oct 2000 07:05:49 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
> I set up a stats user in my main site so the user name could no be taken.
>
> I then tried with a site with the mods and could not create one.
>
Of course not. You can only have one unique user name per RaQ.
--
Dan Kriwitsky
--__--__--
Message: 12
From: Eurowolf@xxxxxxx
Date: Mon, 9 Oct 2000 07:24:34 EDT
Subject: Re: [cobalt-users] RaQ 3 - Can not add sites after Restore - Help!
To: cobalt-users@xxxxxxxxxxxxxxx
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
<< > >
> > My questions are...
> > Has anyone else successfully restored a RaQ3. If so, what am I doing
> wrong?
> > Your suggestions are greatly appreciated.
>>
We have restored quite a few raq3's and none of them gave a glitch...sorry
that I can't be of more help, all we did was follow the lcd panel
instructions
--__--__--
Message: 13
Date: Mon, 9 Oct 2000 04:37:23 -0700
From: Duncan Laurie <duncan@xxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Secure CGI on a RaQ4
Organization: Cobalt Networks, Inc.
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
In article <NEBBKBOOOLHLLBGNGGNBAECOCGAA.main@xxxxxxxxxxxxxxxxxxxx> you
wrote:
| TEMPORARY?? FIX FOR SECURE CGI PROBLEM
|
| I recently added shared SSL on a RaQ4 server.
|
| Now, any site on the server can use SSL like so...
|
https://www.main-secure-domain.com/secure/www.anydomain.com/nameoffile.html
|
| I ran into a problem with attempting to process secure cgi scripts...
| https://www.server600.net/secure/www.avidinternet.com/formmail.pl
|
| I kept getting an Internal Server Error. I understand that I must use
some
| type of ScriptAlias to make this work. However, numerous visits to the
| Cobalt.com site, the archives, and Redhat Linux config manuals
|
(http://www.redhat.com/support/manuals/RHL-7-Manual/ref-guide/ch-configurati
| on.html) have resulted in nothing but late nights and some new circles
under
| my eyes.
Hi Bill,
The problem with running CGIs through an AliasMatch is that cgiwrap relies
heavily on the PATH_INFO and PATH_TRANSLATED variables to determine
what script to run and to perform security checks.. Much of this is because
cgiwrap is a 3rd party app, not an apache module--it must take the
environment that apache gives for granted. So an AliasMatch like:
AliasMatch ^/secure/([^/]+)(/(.*))? /home/sites/$1/web/$3
passes cgiwrap PATH_INFO and PATH_TRANSLATED variables that do not match up:
PATH_TRANSLATED=/home/sites/www.domain.com/web/script.cgi
PATH_INFO=/secure/www.domain.com/script.cgi
Fixing this part is a pretty trivial change to the AliasMatch:
AliasMatch ^/secure/([^/]+)(/(.*))? /home/sites/$1/web/secure/$1/$3
but it means secure CGIs must be in the directory specified by PATH_INFO,
in relation to the web root of the site. After this CGIs will work, but
only if you refer to the site by its groupname, not the fqdn. This is
because it does security checks against the groupname given by the
PATH_TRANSLATED variable (the $1 regex from the AliasMatch) and fails
because the group "www.domain.com" does not exist.
To fix this I modified cgiwrap to obtain the group info from the file
referred to by PATH_TRANSLATED; which it then compares to the owner of the
file to verify the user is a member of that group (a site administrator).
This may not be the ideal solution, but it is minor and doesn't require
making massive changes to cgiwrap. Now with the above AliasMatch and
this cgiwrap change you can access CGIs like so:
https://www.secure-server.com/secure/www.domain.com/formmail.pl
If the script is in:
/home/sites/www.domain.com/web/secure/www.domain.com/formmail.pl
You can find the new cgiwrap RPM (and SRPM) at:
ftp://ftp.cobaltnet.com/pub/users/duncan/cgiwrap/cgiwrap-3.6.4-C11.i386.rpm
-duncan
--__--__--
Message: 14
Date: Mon, 9 Oct 2000 14:54:32 +0200
From: Florian Effenberger <florian.effenberger@xxxxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] [RaQ3] Any other experiences with All System
3.0.1-6482?
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Hi,
as Cobalt has not removed this patch, nor anybody else told me about
problems, I gonna install
All System 3.0.1-6482
This update changes the configuraton options so that mail sent to mail
lists will not be be routed to the 'admin' user if the message
contains majordomo configuration commands in the first 10 lines.
on my RaQ3. Any feedback is very welcome! Who already installed it?
Any problems? You can contact me offlist if you wish to do so.
Thanks,
Florian
--__--__--
Message: 15
Date: Mon, 09 Oct 2000 09:23:29 -0400
To: cobalt-users@xxxxxxxxxxxxxxx
From: Jake Smith <jake@xxxxxxxxxx>
Subject: [cobalt-users] [RAQ4] PINE
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
I can not send mail in PINE on my raq4 has anyone else had this problem and
does anyone know how to fix it?
Also aliases seem a bit screwy with some working and some not working,
thanks for any help,
Jake Smith
--__--__--
Message: 16
From: "Dr R Fishwick" <fish@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2000 14:23:57 +0100
Subject: [cobalt-users] Raq 3 admin .. lost
/usr/admserv/html/.cobalt/siteManage directories
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Is there any way of regenerating the /usr/admserv/html/.cobalt/siteManage
directories? I have lost it (don't ask why:~) and so the web admin
interface doesn't quite work. I get the site listing, but the links to
administer the individual sites go to a "File not found".
TIA
Fish
--__--__--
Message: 17
Date: Mon, 9 Oct 2000 10:12:23 -0400
To: cobalt-users@xxxxxxxxxxxxxxx
From: James Riordon <James@xxxxxxxxxx>
Subject: Re: [cobalt-users] [RaQ3i] hosts.deny
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Hi
>Unfortunately I'm probably
>not bold enough to recompile IPFWADM
>into my kernal at this time either.
From what I understand, IPFWADM is IP Firewall Admin which is a
lesser quality predecessor to IPCHAINS. Therefore you would still be
installing a firewall of sorts.
I have compiled IPFWADM into the kernel before and have had no
problems at all. Not though that it was not on a RaQ.
I have tried putting the unwanted IP's that i have into
/etc/httpd/conf/access.conf and have had good success with that.
Though I am not sure if this is a particularly good way to block out
people it did work for me.
I am still waiting for someone to reply to my previous post,
"Blocking IP's". Anyone out there brave enough to give an answer :)
That's it for my two cents worth.
James
>
>Has anyone else out there attempted this kernal recompile, and would
>they like to report the results?
--__--__--
Message: 18
Date: Mon, 09 Oct 2000 07:22:46 -0700
From: Christopher Simmons <cs@xxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: Mindset - www.mindsetdesign.com
To: cobalt <cobalt-users@xxxxxxxxxxxxxxx>
Subject: [cobalt-users] RE: Secure CGI on a RaQ4
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Bill--
I too setup the shared SSL as you did, but hadn't yet tried the CGI.
Bummer!
Another thought occured to me for the one script, formmail.pl/.cgi and
that is create a shared version on your secure domain.
Example: in the config block for formmail.pl simply add the domain names
for all of your client domains and they can all
access the formmail.pl script securely at
https://yoursecuredomain.com/cgi-bin/formmail.pl and the script will
process their forms.
Of course, this is NO help for our little respective shopping carts we
want our hosting customers to be able to use under a shared SSL.
I have no idea how to help resolve this overall alias issue, and am
waiting with baited breath for the solution!
Here's my $25 "donation" to you when you get it solved.
Christopher
------------your mesg---------
From: "WebSite Creations" <main@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-users] Secure CGI on a RaQ4
Date: Sun, 8 Oct 2000 22:58:47 -0400
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
TEMPORARY?? FIX FOR SECURE CGI PROBLEM
I recently added shared SSL on a RaQ4 server.
--
------------------------------------------------------
M I N D S E T (tm)
A marketing communications & content company.
Founded 1983. Web services since 1995.
--__--__--
Message: 19
From: Fabrice Prémel <fabrice@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Date: Mon, 9 Oct 2000 16:33:24 GMT
Subject: Re: [cobalt-users] [RaQ3i] hosts.deny
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>I have tried putting the unwanted IP's that i have into
>/etc/httpd/conf/access.conf and have had good success with that.
>Though I am not sure if this is a particularly good way to block out
>people it did work for me.
Note that editing access.conf, compiling ipchains in ... all share
one point : the connection comes to your box, thus eating bandwidth.
I would advise to call your ISP and have them block the IP : this
way, it will not use any of your ressources.
Just a quick note,
Fabrice Prémel.
--__--__--
Message: 20
Date: Mon, 09 Oct 2000 08:44:31 -0600
From: "Nick Voth" <nvoth@xxxxxxxxxxx>
To: cobalt-users@xxxxxxxxxxxxxxx
CC: theoj@xxxxxxxxxxxxx
Subject: [cobalt-users] Re: hosts.deny - try ipchains
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Theo,
I ran into the same trouble when trying to deny access to several spammers.
Instead of recompiling the kernal, try using ipchains. It is a rewrite of
IPFWADM and you can get an .rpm file from the RedHat site. I guess the
kernal on our Raq3's is already compiled to allow support for ipchains. Just
go to:
http://www.redhat.com
Go to the "Download" link and do a search for "ipchains." I believe the
first hit in the results is the application you want. I have found the link
on the RedHat results is sometime broken, but searching around the mirror
sites with FTP should get you what you need.
I have installed it on 2 RaQ3's and it works very well. There is also fairly
good documentation included with it.
Good luck,
-Nick Voth
> Date: Sun, 08 Oct 2000 21:10:34 -0700
> From: Theodore Jones <theoj@xxxxxxxxxxxxx>
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] [RaQ3i] hosts.deny
> Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>
> Brandon,
>
> Thanks for the info.
>
> Yah, security didn't seem to be at the top of their list when stirring
> the "special sauce"...
>
> I've allready got PortSentry running for my regular inet services, just
> didn't know it didn't cover httpd as well... Unfortunately I'm probably
> not bold enough to recompile IPFWADM
> into my kernal at this time either.
>
> Has anyone else out there attempted this kernal recompile, and would
> they like to report the results?
>
>
> ~ Theo
>
> Brandon Wheaton wrote:
>
>> On Sun, 8 Oct 2000, a remote ECHELON node intercepted, flagged and
>> forwarded the following transmission from Theodore Jones:
>> > when I add and IP to the "hosts.deny" file under /etc,
>> > ALL: 209.74.20.34
>> > then do a:
>> > /etc/rc.d/init.d/inet reload
>> > then watch my /home/log/httpd/error file (tail -f), I
>> > don't seem to see that this IP/person is blocked from
>> > making random guesses at my CGI files....
>>
>> Hi Theo.
>>
>> Hosts.deny is a component of TCP Wrappers. TCP Wrappers
>> only protects services running under inet (for a list of
>> inet services, look in /etc/inetd.conf) hence any entries
>> you add to your hosts.deny and hosts.allow file will only
>> block traffic for those services. (i.e. pop and telnet)
>>
>> If you want to block traffic to your entire box (short
>> of utilizing an external firewall) you will need to
>> utilize a kernel-level filter called IPFWADM. Use of
>> IPFWADM requires Kernel recompilation, which will no
>> doubt void your warranty. I can't imagine why Cobalt
>> would leave this critical component out of it's OS. But
>> if you are a brave soul, here is the rundown. IPFWADM
>> is the basic Linux firewall tool. (Kernel 2.102+ uses
>> IPCHAINS) To utilize it to block an IP, all you have
>> to do is /sbin/ipfwadm -I -i deny -S 209.74.20.34 -o
>> With the -o option, all access attempts will be entered
>> into /var/log/messages for your viewing pleasure. The
>> "deny" makes it look to your attacker as if you have
>> fallen off the Internet. You can also use the "reject"
>> option, which gives attackers a "connection refused"
>> message if that's what you prefer. Either way - the result
>> is that you won't need to worry about them any longer.
>> Until they get smart and attack you from another IP,
>> that is ;^) That is where Portsentry comes into play
>> - but that's another e-mail entirely.
>>
>> Have fun.
>>
>> Brandon Wheaton
>> UNIX Systems Engineer
>> ValiCert, Inc.
>> 1215 Terra Bella Ave.
>> Mountain View, CA 94043
>> 650.567.5430
--__--__--
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users
End of cobalt-users Digest