Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 5 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
Just did an update on my system and for some reason I can no longer log into my VPN service. I'm running gentoo.
Here's my /etc/openvpn/openvpn.conf.
client
dev tun
proto udp
remote myvpnguys.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem
keepalive 10 300
auth-user-pass
I start my service on gentoo as follows:
$ sudo /etc/init.d/openvpn start
* Caching service dependencies ... [ ok ]
* Starting openvpn ... [ ok ]
* WARNING: openvpn has started, but is inactive
And here is the log file which shows the username prompt, but it's as if it just keeps on going.
$ sudo cat ./openvpn.log
Sat Aug 15 00:57:32 2015 OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 15 2015
Sat Aug 15 00:57:32 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Auth Username:
Sat Aug 15 00:57:32 2015 ERROR: could not read Auth username from stdin
Sat Aug 15 00:57:32 2015 Exiting due to fatal error
This is a bug in 2.3.7 and fixed in 2.3.8:
https://community.openvpn.net/openvpn/ticket/248
Add this line to /etc/portage/package.keywords:
=net-misc/openvpn-2.3.8
and install 2.3.8.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I am currently trying to set up postfix on RHEL as an SMTP Relay for our internal ticketing system.
The basic configuration is running and working fine; mails get send and recieved. We do alter some headers to secure our internal networks, but that's about it.
Trying 10.71.17.107...
Connected to mail-gw.doma.in.
Escape character is '?'.
220 mail-gw.doma.in ESMTP Postfix
STARTTLS
220 2.0.0 Ready to start TLS
Similary, I am able to ask the GMail-Server for STARTTLS, so I presume that firewalls are not an issue:
Trying 108.177.15.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '?'.
220 **************************************************
EHLO mail-gw.doma.in
250-mx.google.com at your service, [91.198.93.107]
250-STARTTLS
STARTTLS
220 2.0.0 Ready to start TLS
I have acquired a free SSL Certificate for this mail-gw, and it seems to be valid. However, whenever I relay a message to GMail, it shows me that the message has not been encrypted.
Not secure according to google
Here is my master.cf
smtp inet n - n - - smtpd -v
submission inet n - n - - smtpd -v
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
And here is my main.cf
smtp_sasl_auth_enable = no
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwords
smtp_tls_CAfile = /etc/pki/tls/certs/mail-gw_doma_in.ca-bundle
smtp_tls_cert_file = /etc/pki/tls/certs/mail-gw_doma_in.crt
smtp_tls_key_file = /etc/pki/tls/private/prv.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/pki/tls/certs/mail-gw_doma_in.ca-bundle
smtpd_tls_cert_file = /etc/pki/tls/certs/mail-gw_doma_in.crt
smtpd_tls_key_file = /etc/pki/tls/private/prv.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
I am all out of ideas, especially since all solutions in the internet are smtp_tls_security_level = may.
Any help would be appreciated.
e: As per the comments, here is my connection log with Google.
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: < gmail-smtp-in.l.google.com[173.194.76.27]:25: 220 **************************************************
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: name_mask: disable_esmtp
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: name_mask: delay_dotcrlf
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: 14ED21038196: enabling PIX workarounds: disable_esmtp delay_dotcrlf for gmail-smtp-in.l.google.com[173.194.76.27]:25
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: > gmail-smtp-in.l.google.com[173.194.76.27]:25: HELO mail-gw.doma.in
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: < gmail-smtp-in.l.google.com[173.194.76.27]:25: 250 mx.google.com at your service
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: server features: 0x31000 size 0
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: smtp_stream_setup: maxtime=300 enable_deadline=0
Nov 15 07:06:44 atdc1-proxy01 postfix/smtp[26878]: > gmail-smtp-in.l.google.com[173.194.76.27]:25: MAIL FROM:<dct_test_it#doma.in>
Is it supposed to be this way? When I debug incoming connections, I see my server responding with all SMTP options (including STARTTLS)? Even more confusing since telnetting onto the google host also offers me STARTTLS.
I finally found the solution.
For some reason - I am not sure how - my Postfix thought that our Firewall was doing SMTP Inspection, and enabled the PIX workaround "disable_esmtp"
Thus, my Postfix only started a connection with a HELO, and didn't get the option to STARTTLS.
Solution:
In your main.cf, only enable the other workarounds. For the sake of brevity, I did it like this for now:
smtp_pix_workarounds = delay_dotcrlf
Hard for me to believe that I haven't found anything about this.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 4 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
We've searched countless threads to solve this problem, but none seems worked for us.
Can anyone help me with this nginx permission issues?
I've installed it with non-root user as suggested in this article.
How To Serve Flask Applications with Gunicorn and Nginx on CentOS 7
However, we could never be able to access the socket neither the static files.
Taken from tail -f /var/log/nginx/error.log, it always produces 502 Bad Gateway Error while accessing the socket
*5 connect() to unix:/home/devops/article-prod/articles.sock failed (13: Permission denied)
and producing 403 Forbidden Error while accessing static files
*14 open() "/home/devops/article-prod/assets/icons/types/article.png" failed (13: Permission denied)
Here are our permissions path
/home/devops/article-prod/
/home/devops/article-prod/articles.sock
/home/devops/article-prod/assets
/home/devops/article-prod/assets/icons
/home/devops/article-prod/assets/icons/types
/home/devops/article-prod/assets/icons/types/article.png
drwxr-xr-x. 4 root root 34 Mar 15 03:57 home
drwxr-xr-x. 6 devops nginx 172 Mar 15 05:38 devops
drwxr-xr-x. 6 devops nginx 197 Mar 15 07:56 article-prod
srwxrwx---. 1 devops nginx 0 Mar 15 06:03 articles.sock
drwxr-xr-x. 3 devops nginx 19 Mar 15 04:56 assets
drwxr-xr-x. 4 devops nginx 36 Mar 15 04:56 icons
drwxr-xr-x. 2 devops nginx 25 Mar 15 04:56 types
-rwxr-xr-x. 1 devops nginx 1718 Mar 15 04:56 article.png
FILE nginx.conf:
...
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
...
server {
listen 80;
server_name www.article.com;
location /assets/ {
root /home/devops/article-prod;
autoindex on;
}
location / {
proxy_pass http://unix:/home/devops/article-prod/articles.sock;
}
}
...
FILE articles.service:
[Unit]
Description=Gunicorn instance to serve articles
After=network.target
[Service]
User=devops
Group=nginx
WorkingDirectory=/home/devops/article-prod
Environment="PATH=/home/devops/article-prod/venv/bin"
ExecStart=/home/devops/article-prod/venv/bin/gunicorn --workers 3 --bind unix:articles.sock -m 007 wsgi
[Install]
WantedBy=multi-user.target
I've also did this to make sure devops user is within nginx group
sudo usermod -a -G devops nginx
and even the otherway around
sudo usermod -a -G nginx devops
but still doesn't work.
Any help would be really appreciated.
have you tried to disable SELINUX ? check your SELINUX status by running:
$ sudo sestatus
if the status is enabled you can disable it (temporary) by running:
$ sudo setenforce 0
and edit file /etc/sysconfig/selinux and then change SELINUX=enforcing into SELINUX=disabled to disable it permanently.
you can restart your server if you want.
hope this will help you
I'm running Docker on CentOS 7, from time to time there's the following message displayed:
Message from syslogd#dev-master at Mar 29 17:23:03 ...
kernel:unregister_netdevice: waiting for lo to become free. Usage count = 1
I've googled a lot, read a lot of resources found and tried many ways like keeping my system updated, upgrading kernel etc, but the message still keeps showing up, it's not too often but sooner or later I'll see it. Also I found issue for this problem on docker github is still open, then my questions are:
What does this message mean? Could somebody give me a simple explanation why docker causes it?
Is there any workaround for this?
If it could not be fixed yet(the issue is still open), will it affect the server or services running inside docker container? Will it be a serious performance issue because it also happens on our production servers?
Docker version:
Client:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:42 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:42 2016
OS/Arch: linux/amd64
OS info:
CentOS 7, with kernel version: 4.6.0-1.el7.elrepo.x86_64
I really appreciate for any info/tips or resources, thanks a lot.
Your best source of information is the issue you linked to docker#5618. This is a kernel bug, and has not yet been resolved. The issue is "triggered" by docker because starting/stopping containers also creates network interfaces for containers when they are created/destroyed.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have a YARN cluster running in EMR. When ssh into the master node and run nmap 10.0.0.254 I get the following result
Starting Nmap 5.51 ( http://nmap.org ) at 2015-06-10 00:17 UTC
Nmap scan report for ip-10-0-0-254.ec2.internal (10.0.0.254)
Host is up (0.00045s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8443/tcp open https-alt
8649/tcp open unknown
8651/tcp open unknown
8652/tcp open unknown
9000/tcp open cslistener
9101/tcp open jetdirect
9102/tcp open jetdirect
9103/tcp open jetdirect
9200/tcp open wap-wsp
14000/tcp open scotty-ft
I know the YARN resource manager is running on 10.0.0.254:9026, but I do not see it in the result above, however when I run nmap -p 9026 10.0.0.254 I get
Starting Nmap 5.51 ( http://nmap.org ) at 2015-06-10 00:18 UTC
Nmap scan report for ip-10-0-0-254.ec2.internal (10.0.0.254)
Host is up (0.000055s latency).
PORT STATE SERVICE
9026/tcp open unknown
Why does nmap not include the service running on 9026 when I run the first command?
By default, Nmap scans the most common 1,000 ports for each protocol (TCP in your case) 9026 is not one of the most common.
Here's how to specify ports to scan:
http://nmap.org/book/man-port-specification.html
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I need a tool or script to parse Cisco IPS configuration,I know there is a tool called nipper for parsing firewall and switch configuration , but i doesn't support Cisco IPS , and I google it but there is no good result.
You should use ciscoconfparse.
The following example uses a Cisco configuration below... I can't use an IPS config unless the OP posts one... this uses a Cisco IOS configuration...
The following script will load a configuration file from /tftpboot/bucksnort.conf and use CiscoConfParse.find_lines() to parse it for the names of all serial interfaces. Note that the ^ symbol at the beginning of the search string is a regular expression; ^interface Serial tells python to limit it’s search to lines that begin with interface Serial.
[mpenning#typo tmp]$ python
Python 2.6.6 (r266:84292, Sep 11 2012, 08:34:23)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from ciscoconfparse import CiscoConfParse
>>> parse = CiscoConfParse("/tftpboot/bucksnort.conf")
>>> serial_intfs = parse.find_lines("^interface Serial")
>>>
>>> serial_intfs
['interface Serial1/0', 'interface Serial1/1', 'interface Serial1/2']
>>>
>>> qos_intfs = parse.find_parents_w_child( "^interf", "service-policy output QOS_1" )
>>> qos_intfs
['interface Serial1/1']
! Filename: /tftpboot/bucksnort.conf
!
policy-map QOS_1
class GOLD
priority percent 10
class SILVER
bandwidth 30
random-detect
class default
!
interface Ethernet0/0
ip address 1.1.2.1 255.255.255.0
no cdp enable
!
interface Serial1/0
encapsulation ppp
ip address 1.1.1.1 255.255.255.252
!
interface Serial1/1
encapsulation ppp
ip address 1.1.1.5 255.255.255.252
service-policy output QOS_1
!
interface Serial1/2
encapsulation hdlc
ip address 1.1.1.9 255.255.255.252
!
class-map GOLD
match access-group 102
class-map SILVER
match protocol tcp
!
access-list 101 deny tcp any any eq 25 log
access-list 101 permit ip any any
!
access-list 102 permit tcp any host 1.5.2.12 eq 443
access-list 102 deny ip any any
!
logging 1.2.1.10
logging 1.2.1.11
logging 1.2.1.12