One day I got report, that server’s ip is added to CBL Composite Blocking List.
This list is mostly used in email servers, to block spammers ip and mails. In my situation it was worm which creates mail server and sends its copy to the others. One of nat’ed clients got this worm, so I needed to block such activities. I blocked 25 port going out from internal network except real mail server. Theres how it is done in iptables:
/sbin/iptables -A OUTPUT -p TCP -i $ETH_OUT –dport 25 -s ! $SMTP_SERVER -j LOG
/sbin/iptables -A OUTPUT -p TCP -i $ETH_OUT –dport 25 -s ! $SMTP_SERVER -j DROP
Where $SMTP_SERVER – internal smtp server and $ETH_OUT – ethernet which goes out (connects to dsl modem and so on)
First line logs such activity, so its easier, to trace which ip in internal lan is infected.
Everyone knows how vital backing up is.
Here is my PostgreSQL and MySQL backup scheme:
backup_db.sh shell script:
read more »
To make bridge between network interfaces there is bridge-utils package. Just emerge apt-get or download form http://bridge.sourceforge.net and you will have brctl utility. If you need to have two or more interfaces with one ip (similiar to hardware switch) you will need to use brctl. For example you have eth0 and eth1 interfaces:
Make sure they have no ip’s:
# ifconfig eth0 0.0.0.0
# ifconfig eth1 0.0.0.0
Then create bridge:
# brctl addbr mybridge
mybridge is your preferred bridge name.
Add interfaces to created bridge:
# brctl addif mybridge eth0
# brctl addif mybridge eth1
Now set ip and netmask to bridge:
# ifconfig mybridge 192.168.0.1 netmask 255.255.255.0
192.168.0.1 is your preferred ip and 255.255.255.0 is netmask.
Thats it. Now mybridge acts as ethernet device (ifconfig -a).
Today I was updating portage, because couldn’t emerge Midnight Commander. My portage was too old and some libraries was not found because of different versions. Portage is gentoo’s packaging system, where all information about soft and utilities is stored. After emerge sync I got this error:
It was allways frightening thing to update system for me, so I went to gentoo forums and found solution:
- Delete old make.profile symlink
- Create new symlink ln -s /usr/portage/profiles/hardened/x86/2.6 /etc/make.profile
- emerge -pv portage (in case of error selected to pretend -p and verbose output -v)
- Everything seemed to be ok, so made emerge portage.
Thats all. Newest portage, and everything goes fine (for now :)
Note, that in my case there were hardened profile, so path to profile was /usr/portage/profiles/hardened/x86/2.6
Uh, started to learn how to program in java webapps. Too few good info, too few manuals who describes me exactly what I need. At first – try eclipse. Powerfull tool, wonderful interface
"Eclipse is an open platform for tool integration built by an open community of tool
providers. Operating under an open source paradigm, with a common public license that
provides royalty free source code and world wide redistribution rights, the eclipse
platform provides tool developers with ultimate flexibility and control over their
software technology."
Next thing google’ing info about tomcat, jsp, webapp and so on…
Accidently thought, that http://www.hotscripts.com has not only PHP resources, so went there and found easy reading, step-by-step tutorial how to make webapp, where to place it and so on. Here it is:
Developing-JavaServer-Pages
Some points form me are obvious and already known from PHP, but some aspects in this tutorial is new and very useful for beginners and professionals. BTW you need already to know java language if you want to understand how to code JSP.
P.S. devshed.com uses strip slashes, so paths in tutorial are without them…
