顯示文章

這裡允許您檢視這個會員的所有文章。請注意, 您只能看見您有權限閱讀的文章。


文章 - adrianmak

頁: [1] 2 3
1
其實那個firewall 強? 尤其當受都DoS 攻擊時,那個可以頂到較長時間?

2
I setup a mail server using followings components
 
postfix
sasl
pam-mysql
courier-auth 0.58
courier-imap 4.0.6
mysql 5.0.16
 
email user is authenicated against mysql backend db
I added a test account in db and I tested the smtp auth and it works (i.e. can authenticate against db)
but I failed to test with imap and pop3
 
# telnet localhost 110
Trying 127.0.0.1...
Connected to NS1 (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user adrian@mydomain.com
+OK Password required.
pass 123456
-ERR Temporary problem, please try again later
Connection closed by foreign host.
 
the maillog shown
Dec 10 17:37:05 NS1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Dec 10 17:37:17 NS1 pop3d: LOGIN FAILED, user=adrian@mydomain.com, ip=[::ffff: 127.0.0.1]
Dec 10 17:37:17 NS1 pop3d: authentication error: Input/output error
 
 
# telnet localhost 143
Trying 127.0.0.1...
Connected to NS1 (127.0.0.1).
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.
a login adrian@mydomain 123456
* BYE Temporary problem, please try again later
Connection closed by foreign host.
 
the maillog shown
Dec 10 17:42:27 NS1 imapd: Connection, ip=[::ffff:127.0.0.1]
Dec 10 17:42:38 NS1 imapd: LOGIN FAILED, user=adrian@mydomain.com, ip=[::ffff: 127.0.0.1]
Dec 10 17:42:38 NS1 imapd: authentication error: Input/output error
 
authdaemonrc config is, others remains by default values
authmodulelist="authpam authmysql"
 
authmysqlrc config is
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfixuser
MYSQL_PASSWORD          userpostfix
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        home
MYSQL_MAILDIR_FIELD     maildir
 
/etc/pam.d/pop3
auth sufficient pam_mysql.so user=postfixuser passwd=userpostfix host=localhost db=postfix t
able=mailbox usercolumn=username passwdcolumn=password crypt=1
account required pam_mysql.so user=postfixuser passwd=userpostfix host=localhost db=postfix
table=mailbox usercolumn=username passwdcolumn=password crypt=1
 
/etc/pam.d/imap
auth sufficient pam_mysql.so user=postfixuser passwd=userpostfix host=localhost db=postfix t
able=mailbox usercolumn=username passwdcolumn=password crypt=1
account required pam_mysql.so user=postfixuser passwd=userpostfix host=localhost db=postfix
table=mailbox usercolumn=username passwdcolumn=password crypt=1

3
my system is redhat AS3 U4 and using postfix as mta

system has following stock rpm packages installed

postfix-2.0.16-14.RHEL3
cyrus-sasl-2.1.15-10
cyrus-sasl-md5-2.1.15-10
cyrus-sasl-gssapi-2.1.15-10
cyrus-sasl-plain-2.1.15-10
cyrus-sasl-devel-2.1.15-10

I added followings line in /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_authenticated permit_mynetworks check_relay_domains
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

updated the file /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd

then start saslauthd and restart postfix

try telnet localhost 25
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN GSSAPI
250-XVERP
250 8BITMIME


in the AUTH, I can't see whatever DIGEST-MD5 and CRAM-MD5 protocol which I saw in other postfix installation tutorial

What other configuration I was missed ?

4
Linux 討論版 / mrtg 各virtual host
« 於: 2005-08-15 12:30 »
我的linux上host了幾個web site
e.g.
www.domain1.com
www.domain2.com
www.domain3.com

我知道要mrtg httpd, network interface, cpu 等十分容易

但要怎麼mrtg各 virtual host 的network bandwidth 使用量??

5
Linux 討論版 / 新版rrdtool 1.2.x 支持中文嗎?
« 於: 2005-08-15 08:59 »
新版1.2.x 支持true type font
但是否支持中文嗎?
即generate graph 能顯示中文字嗎?

6
Linux 討論版 / ebtables的功用?
« 於: 2005-08-08 07:12 »
可以理解為transparent firewall
因bridge 不需要ip address所以用戶察覺不到它的存在
所以某程度是增加安全

7
Linux 討論版 / mail gateway 疑問
« 於: 2005-08-08 06:29 »
那麼如果要掃瞄由mail client 寄出的郵件是否有virus
mail.abc.com.tw是否要再安裝email virus scanning 軟件?

8
因學習computer security需要,其中一個習作是要寫一個el gamal編碼算法,要求如下
1. keys generation
2. decryption
3. encryption

我已用java 基本寫好了,但decrypted 後的cipher text 是怎樣表示
e.g. plain text 是 ABCD

以一個byte作一個block 來做encryption
我的做法是, 首先 逐個字母轉成ASCII value e.g. A - 65, B - 66, C- 67, D - 68
然後用el gamal 的 那條algorithm 將每個字母轉成 cipher text

e.g. A - 128 , B - 256, C - 312 , D 211

但 問題是計算出來的是數字,怎樣化成chars
e.g. 如果你們接觸過其他編碼算法 e.g. RSA

那出來的keys, cipher text 是一篇chars
e.g.
jfdjfkdjfdhfddfj4%$^FGFGYHGH #$3454364565r5GFHTUYWSEW$#@
eFERTT%^%^%


請問是怎樣做的呢 ?

9
Linux 討論版 / 關於SELinux
« 於: 2005-02-25 09:32 »
打算學習SELinux, 有沒有好的教學文章?

10
LDAP 討論區 / Centralized LDAP Authentication
« 於: 2005-02-25 09:29 »
有沒有方案 win AD + samba + ldap + kerberos ?

11
Linux 討論版 / 怎樣制作php 各module的rpm包?
« 於: 2005-02-11 14:16 »
rpm 包的軟件如php
php 相關的module rpm包都是各自獨立安裝
問題是我怎樣制作這些rpm包? e.g. php-ldap , php-mysql, php-pear, etc

12
沒人懂??

13
謝謝 !!

14
有5台PC, 分別扮演以下各式
Linux load balancer x 1
Apache web server x 3
mysql db server x 1


網頁放在mysql db server上,經NFS 給3台apache web server mount 上
以形成中心網頁文件

但發現有是apache web server不知道什麼原因NFS connection 斷了
導致他人瀏覽web 時出現ERROR 404 找不到pages

15
Network 討論版 / 啥咪是HA firewall的部署啊?
« 於: 2005-01-06 09:46 »
netfilter/iptables 怎樣做HA ?

16
wget 好像有2G file size limit
你提供的prozilla有沒有這個limit ?

17
wget is a good command line tool but it only support single session.
How about any command line download tool which support multi-session download from same file ?

18
I have a linux server which is installed in data centre. 100M bandwidth connected to the Internet.

The server is providing web bbs forum and ftp upload/download service.
To prevent ftp traffic dominate the whole 100M bandwidth, I'm going to implement bandwidth control.

50% reserve for web bbs
50% reserve for ftp download traffic (ftp upload traffic will not restrict to 50% bandwidth i.e. 100M can be used for upload traffic)

I have search a lot of articles regarding linux traffic control. I know that it is using tc to accomplish the bandwidth control. But the details how to implement, I don't know actually  :oops:

Any experts here can teach me how to ? by providing examples.


我有台linux server放在機房. 100M 連上Internet
server提供bbs論壇,ftp上下載服務

防止ftp traffic耗盡所有bandwidth, 所以打算設置bandwidth control

50% bandwidth給bbs
50% bandwidth給Internet ftp 用戶下載 (ps ftp上載沒有bandwidth限制)

上網找都數篇文章,大概是用tc 來實現,但具體是怎樣做,
請各學長指導一下

19
引述: "jimmy999"
您是說 viso2003的原始檔嗎?


icons

20
能否分享你做的圖形嗎??

21
viso2003 內置已有這些圖示嗎? 不用另外買什麼add-on東東

22
Linux 討論版 / 怎樣mrtg 各qdisc class
« 於: 2004-12-15 09:20 »
我用qdisc htb 來分配各重要服務的流量
怎樣用mrtg來plot出各class的使用量?

23
Linux 討論版 / 10000 account 的Webmail規劃
« 於: 2004-12-14 20:55 »
有什麼軟方式做mail server cluster ?

24
libupnp, linux-gid都成功compile, install, 沒有error
但當執行upnpd ppp0 eth0 出了以下error
/usr/sbin/upnpd: relocation error: /lib/libupnp.so: undefined symbol: _ZTVN10__cxxabiv120__si_class_type_infoE

不知是什麼error呢??

OS: redhat enterprise linux 3 update 2
Internet connection: ADSL PPPoE, eth1 -> adsl modem, ppp0 virtual if

25
這個是當然的..............同一ip沒可能有兩個服務用相同的port
這麼最基本簡單的網路知識都搞不懂, 還是看一些基礎網路的書籍

26
這個是我修改一點abelyang提供的tcpdump.ssh
用來plot http, bittorrent
代碼: [選擇]

RRD_PATH="/usr/local/rrdtool/db/tcpdump.rrd"
image_path="/usr/local/httpd/htdocs/mrtg"
sec=300
killall tcpdump
mv ip.packet ip.packet.1
/usr/sbin/tcpdump -w ip.packet  tcp or udp or icmp &
scan_port="80 9000"
rrd_data=""
for sport in $scan_port
do
        port=`/usr/sbin/tcpdump -r ip.packet.1 port $sport -v | sed -e 's/.*, len \(.*\))/
\1/g' |  tr '\n' '+'`
        port=`echo ${port}0| bc`
        port=`expr $port / $sec`
        rrd_data="$rrd_data$port:"
done
total=`/usr/sbin/tcpdump -r ip.packet.1 -v  |grep -v 'config'| sed -e 's/.*, len \(.*\))/\
1/g'  |  tr '\n' '+'`
total=` echo ${total}0 | bc`
now=`date +%s`
echo "/usr/local/rrdtool/bin/rrdtool update tcpdump.rrd $now:$rrd_data$total" >>tcpdump.cmd
/usr/local/rrdtool/bin/rrdtool update tcpdump.rrd $now:$rrd_data$total

image_path=/usr/local/httpd/htdocs/mrtg
now=`date "+%Y/%m/%d %H:%M:%S"`
start_time=`date -d "2003/08/12 19:00" +%s`
time="hour day week month year"
for t in $time
do
/usr/local/rrdtool/bin/rrdtool graph $image_path/example-$t.png \
--title "Application port traffic analysis"   \
DEF:t1=$RRD_PATH:bt:AVERAGE \
DEF:t2=$RRD_PATH:http:AVERAGE \
DEF:t3=$RRD_PATH:total:AVERAGE \
CDEF:v1=t1,t2,+ \
CDEF:v2=t1 \
CDEF:v3=t3,1024,/ \
COMMENT:"PORT analysis---max---average----min-----now\n" \
AREA:v1#339966:"HTTP" \
GPRINT:t4:MAX:"      %12.0lf " \
GPRINT:t4:AVERAGE:"%12.0lf " \
GPRINT:t4:MIN:"%12.0lf " \
GPRINT:t4:LAST:"%12.0lf \n" \
AREA:v2#FF0000:"BT" \
GPRINT:t2:MAX:"      %12.0lf " \
GPRINT:t2:AVERAGE:"%12.0lf " \
GPRINT:t2:MIN:"%12.0lf " \
GPRINT:t2:LAST:"%12.0lf \n" \
LINE2:v3#000000:"Total(Kb)" \
GPRINT:v3:MAX:"  %12.0lf " \
GPRINT:v3:AVERAGE:"%12.0lf " \
GPRINT:v3:MIN:"%12.0lf " \
GPRINT:v3:LAST:"%12.0lf \n" \
COMMENT:"\n" \
COMMENT:"\n" \
COMMENT:"    Last Updated:  $now" \
-v "per second (bytes)" -M -U 10 \
-Y -X b -h 200 -w 480 -s `date -d "-1 $t" +%s`
done

但執行是有以下錯誤
sed: -e expression #1, char 19: Unterminated `s' command
sed: -e expression #1, char 19: Unterminated `s' command
sed: -e expression #1, char 20: Unterminated `s' command

27
I try to use tcpdump.sh but I got a problem
sed: -e expression #1, char 19: Unterminated `s' command
sed: -e expression #1, char 19: Unterminated `s' command
sed: -e expression #1, char 20: Unterminated `s' command

28
我想問有時某個時段有很大流量e.g. 1.5M 其餘時段一般時400k
這造成個圖的比例有太正常,其餘時段的只顯示出很少

如何解決 ?

29
解決了!! 是個shell script 問題!!

30
麻煩abelyang學長給我一看以下是我的rrdtool 配置
用來plot eth1 in & out 流量,但plot 出來的圖沒有數據

不知是那方面出錯

rrdtool create eth1.rrd \
--start `date +%s` \
--step 300 \
DS:eth1_in:COUNTER:600:0:12500000 \
DS:eth1_out:COUNTER:600:0:1250000 \
RRA:AVERAGE:0.5:1:603 \
RRA:AVERAGE:0.5:6:603 \
RRA:AVERAGE:0.5:24:603 \
RRA:AVERAGE:0.5:288:800 \
RRA:MAX:0.5:1:603 \
RRA:MAX:0.5:6:603 \
RRA:MAX:0.5:24:603 \
RRA:MAX:0.5:288:800 \
RRA:MIN:0.5:1:603 \
RRA:MIN:0.5:6:603 \
RRA:MIN:0.5:24:603 \
RRA:MIN:0.5:288:800 \
RRA:LAST:0.5:1:603 \
RRA:LAST:0.5:6:603 \
RRA:LAST:0.5:24:603 \
RRA:LAST:0.5:288:800


以下shell script 是放在cron 每5min執行一次
#!/bin/bash
now=`date +%s`

in=eval snmpwalk -c public -v 1 localhost ifInOctets.3 | gawk '{ print $4 }'
out=eval snmpwalk -c public -v 1 localhost ifOutOctets.3 | gawk '{ print $4 }'

/usr/local/rrdtool/bin/rrdtool update /usr/local/rrdtool/db/eth1.rrd $now:$in:$out

/usr/local/rrdtool/bin/rrdtool graph /usr/local/httpd/htdocs/mrtg/test.png \
--title "eth1 testing" \
DEF:in=/usr/local/rrdtool/db/eth1.rrd:eth1_in:AVERAGE \
DEF:out=/usr/local/rrdtool/db/eth1.rrd:eth1_out:AVERAGE \
LINE2:in#000080:"incoming" \
LINE2:out#0000FF:"outgoing" \
-v "bytes" -M

但出來的圖沒有數據

頁: [1] 2 3