[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Lost web interface w/ raq4
- Subject: Re: [cobalt-users] Lost web interface w/ raq4
- From: Jim Dory <engineer@xxxxxxxxxxxxx>
- Date: Thu Jun 6 11:39:03 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Jeff Lasman wrote
I sure hope you mean srm.conf.master; My RaQ4s don't have an
srm.conf.orig. The command to compare the two files is:
# conf /etc/httpd/conf/srm.conf /etc/httpd/conf/srm.conf.master
(This raq has a srm.conf.orig as well as the other two. As per below
they all match now)
I couldn't find the command conf but did a google and found diff and
cmp. Diff shows some lines that differ and cmp shows the char and line
numbers. What I found were the lines (in srm.conf):
[AddType application/x-httpd-php4 .php3
AddType application/x-httpd-php4 .php4
AddType application/x-httpd-php4 .php]
didn't have a '4' after the first php in each line so I added that.
There's also some lines directly below those with pound # signs in front
of them so assume they are comments and do nothing, but just thought I
should mention that there are extra #AddType... lines in the srm.conf
file that mimic the above 3 lines. So something must have commented out
the original 3 lines and added the {AddType application/x-http-php
.hpp3] lines (without the 4 following first php).
I tried restarting httpd but still get the error message that a syntax
error occurs in [UserDIR web] (invalid command UserDir). Above that is a
line [Documentroot /home/sites/home/web] and I double checked to see
that I still have that directory in place.
I'm still looking at trying to figure out if I'm hacked. I installed
lsof but not smart enough to recognize any output as suspicious. I tried
installing kstat but too many errors during the make install for it to
work (wouldn't install).
My Watchguard is reporting events that concern me:
'deny in eth0 24.xxx.xxx.xxx' which is good and eth0 is the external
port, but then
'filtered http event from 24.xxx.xxx.xxx:[some port number-varies] on
eth1' which is my trusted port '
to [mystatic ip number]:80
I assume since it is denying in it is ok, but that it is reaching my
trusted port is scary.
Cheers,
Jim D.