Ethabelle's questions

I have a rule that is set up like so;

In /etc/sec/rules.d I have;

type=SingleWithSuppress
ptype=regexp
pattern=(\S+) sshd\[\d+\]: PAM \d+ more authentication failures\; logname=.* uid=.* euid=.* tty=ssh ruser=.* rhost=(.*) user=(.*)
desc=Login Failure: $0
action=pipe '%s ' /bin/mail -s "login failure $2 to $3@$1" [email protected]
window=300

So if this came through syslog;

Nov 21 11:24:10 servername.server.com sshd[26846]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=kloggins

It should match this (which, it does according to my regex editor) according to the pattern;

servername.server.com sshd[26846]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=kloggins

We were having an issue with spam because the timestamp was changing. So I rewrote the pattern to match everything after the hostname.

However, this doesn't seem to be working and every time a user "authentication fails", I still get an e-mail.

I've been using the following to test;

logger -p syslog.err 'sshd[26846]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost= user='

Any ideas? I might just be misunderstanding sec. This is the first time I'm working with it! Any help would be greatly appreciated. Thanks!

What I want to do;

I want mobile users to be redirected to http://m.site.org/mobile-home.

Being redirected to the m.bzaeds.org isn't an issue. I also have this working fine in Apache, but the same .htaccess rule I have in apache doesn't seem to be working in NGINX. I also tried to convert this exact rule using an NGINX translator, but the rule it gave me did not work either.

  RewriteCond %{HTTP_HOST} m.site.org
  RewriteCond %{REQUEST_URI} ^\/?$
  RewriteRule ^(.*)$ mobile-home [L]

What I've done so far;

So, I have NGINX redirecting to m.site.here/mobile-home. Now, we use a Mobile module that detects if the device connected is a mobile device and automatically applies a custom mobile theme. It is detecting with no issues if a device is a mobile device.

However, it fails to load even though the redirection is working and I looked in the error_log and noticed it was failing because /var/www/html/drupal/mobile-home didn't exist -- which, yes, is true. I'm assuming this has something to do with mobile-home actually being a node, because that's what pages are in drupal.

However, no matter how I tried to create the redirect (or return 301), it either was forbidden, infinite redirect loop of doom, or threw me the aforementioned error.

Any ideas?

Now here is a plethora of confusion that I've tried so far;

    location / {
            #if ($http_user_agent ~* '(iPhone|iPod|android|blackberry)') {
    #   rewrite ^/(.*)$ /index.php?q=$1;
    #}
            #if ($http_host ~ "m.bzaeds.org"){
            #rewrite ^(.*)$ /mobile-home [L] RewriteCond $request_filename !-f;
            #}
    try_files $uri @rewrite;
    #try_files $uri /mobile-home break;
}        


    location @rewrite {
        #index index.php;
    #   if ($http_user_agent ~* ('iPhone|iPod)') {
    #     rewrite ^(.*)$/index.php http://m.bzaeds.org/mobile-home$1 break;
    #   }
        # Some modules enforce no slash (/) at the end of the URL
            # Else this rewrite block wouldn't be needed (GlobalRedirect)
    rewrite ^/(.*)$ /index.php?q=$1;
    #return 301 /mobile-home break;

(And, I've also tried getting rid of location @rewrite and just doing the main rewrite under location / , but I still got many of the same errors. I just had done this statement like this in my non-mobile version, so, mmyes.)

OS: Centos 6.4 OpenLDAP: 2.4 Mac: 10.8.3 through 10.8.4

I have an OpenLDAP server and I'm able to have users authenticate, however, for some reason even though I've changed the Mappings of NFSDirectory to apple-home-userDirectory and pointed it to the correct /Volumes/Users/ it will not create their home directory.

Things I've tried;

I tried commenting out /etc/auto_master and it did not work.

I tried using #/Users/$uid as the mapping, which, did work -- because it simply tells it to ignore the LDAP Home Directory attribute, but I noticed that the resulting behavior was quirky -- as in, if I went to System Preferences > Users & Groups, I was unable to see anything.

Is there a way, like with AD, that you can force it to create a local directory?

I figured this applied as a server question as well, since I have to make changes in both places. I mean, it seems like there is plenty on OpenLDAP + NFS, hardly anything on Open LDAP + Local Directories.

Sometimes.

It's very confusing. We have a service and you get a confirmation e-mail with a link to confirm your account, etc.

If a user is sending an e-mail from one of their own domains; like [email protected] or [email protected] or [email protected] then it always reports that it can't find them, or the user doesn't exist.

Now, all this is is a php mail function (from what I understand) and it's sent from our web servers. These web servers are a part of our domain, and we use Google, and have the appropriate SFP & MX entries.

The most common message that I get is a claim that the address does not exist or that it's mistyped, but -- in all of the cases, the e-mail exists & has no extra .'s or spaces, or letters.

The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 el5si16864532vdb.30 - gsmtp (in reply to RCPT TO command))

I've tested this with one of my @gmail.com accounts and have not had an issue with it sending me an e-mail.

So, since it tends to have a higher reject rate of these @randomtheirdomain.net here, could it be us or them? Or both?

Edit; I'd like to note that when I set up postfix, I set it up using the postfix's "null client" settings (http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client)

I did this because I figured the server would only ever be sending mail, and should not receive and/or do local mail delivery.

I've read a lot of different sources, and I just can't decide what is the best way to handle deployment of modules to nodes/hosts nor have I gotten some of them to work. I have created everything in modules.

That being said, when I was testing I was deploying the modules like this;

node 'basetesting' {
        include fail2ban
        include nrpe
}

node 'test-dev' inherits 'basetesting' {
}

However, I've created a lot of modules and realized that my servers will vary on what their role is (application, web, etc). There is a set of base requirements all of them have. So I essentially want a node to have the base. Then have their required modules, which I believe would look something like this;

node 'basetesting' {
        include fail2ban
        include nrpe
}

node 'test-dev' inherits 'basetesting' {
            include httpd
}

Then I realized ... that I would have to make a definition for every single node. Which, I guess wouldn't be bad, but I imagine if you had 50+ servers, that might become quite the nodes.pp file.

Is there a better way to do this?

I wanted to install splunkforwarder and none of the existing modules were working. So, I just decided to write it from scratch, except, fun story, I'm caught up at just installing the package.

So, I created a repository on my puppet master server. The repository works. If I do a yum install on my client, I'm able to install the splunkforwarder and it installed it properly under /opt. So, the repository to me is not the problem.

So, I just wanted the most basic of basic installs where there is no configuration.

class splunk2 {
         package { "splunkforwarder": ensure => "installed" }
}

This didn't work. There are no logs and the client doesn't throw an error -- nor does it mention installing it.

There are only two files; init.pp and up.pp

init.pp only contains;

class splunk2 {
}

Still the same issue. I just can't think of what's going wrong because it seems like this should be incredibly basic if I just want it to install the package.

Any ideas :(?

Edit: I did put in lololdolaol into the up.pp and puppet didn't complain. It's almost like it's ignoring this module.

I have a host who set up our Juniper SSG 5 VPN with Firmware version-6.2.0r5.0

I've been trying to set up VPN on it using this guide: http://kb.juniper.net/InfoCenter/index?page=content&id=KB4094 I've followed the steps and on my Mac, whenever I try to connect using L2TP over IPSec I get the following error;

Summary of Steps: Create User (give them L2TP auth ability), Create Group, Place User in Group, Create VPN Gateway, Create VPN, create IP Pool, change default L2TP settings, create Untrust > Trust Policy.

The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.

I looked in my Firewall's logs, but I don't even see anything under Reports > Logs > Events.

I'm.. obviously missing something, I just don't know what I'm missing at this point. I'm just starting networking and this is sort of Step 101 and I'm getting annoyed and just want to throw up OpenVPN, but I've read that has problems with Juniper Firewalls. Hooray.

I've been utilizing Bacula for backups. I implemented the system and it works great! However, one of the things I did was just have everything fall under one volume. I decided that I wanted to complicate it just a little bit so that Incrementals would only be kept for a week and then it would purge and rewrite those in that volume, thus making sure space doesn't become an issue because we keep 30 days worth of Incrementals.

So what I tried to do was have a Volume called DAILY, a volume called WEEKLY, and a volume called MONTHLY. The Daily is incremental, the weekly is differential, and the monthly is a full. We would keep daily for 7 days, monthly for 30 days, and full for a year (because we need to!).

Now, I know this can be done with tapes. The problem is I use disks... and if I try to do the above it either a) crashes (if the Full/Incremental Jobs are under the same Schedule) or b) doesn't work (it creates a full backup on the daily volume, etc).

Has anyone attempted this? Or can give me an idea on how they have theirs set up? I'm just not sure why it's having issues with this...

Bacula Example;

The Pools

Pool {
   Name = Daily
   Pool Type = Backup
   Volume Retention = 3 days
   Recycle = yes
   AutoPrune = yes
   LabelFormat = DAILY
   Maximum Volume Bytes = 50G
}

Pool {
   Name = Weekly
   Pool Type = Backup
   Volume Retention = 30 days
   Recycle = yes
   AutoPrune = yes
   LabelFormat = WEEKLY  
   Maximum Volume Bytes = 100G
}

Pool {
   Name = Monthly
   Pool Type = Backup
   Volume Retention = 365 days
   Recycle = yes
   AutoPrune = yes
   LabelFormat = MONTHLY
}

The Job/Client/Schedule

Client {
   Name = centos13
   Password = *IMAHAPPYLITTLEPASSWORD*  
   Address = centos13
   FDPort = 9102
   Catalog = MyCatalog
   File Retention = 30 days
   Job Retention = 6 months
}

FileSet {
   Name = centos13
   Include {
     File = /etc/bacula/bacula-fd.conf
     Options {}
   }
}

Schedule {
   Name = centos13
   Run = Level=Full Pool=Monthly 1st sat at 00:05
   Run = Level=Differential Pool=Weekly sat at 00:05
   Run = Level=Incremental Pool=Daily mon-fri at 00:05
}


Job {
   Name = centos13
   Type = Backup
   Client = centos13
   FileSet = centos13
   Schedule = centos13
   Storage = File
   Messages = Standard
   Full Backup Pool = Monthly
   Incremental Backup Pool = Daily
   Differential Backup Pool = Weekly
}

I perhaps just need some extra insight because I don't see where I'm going wrong. I used an SSL Cert to secure our nagios server. We want to specifically require all traffic over nagios (like 2 users, lol) to use SSL.

So I thought, oh, mod_rewrite + Rewrite Rule in .htaccess, right?

So I went into the DocumentRoot and did a vi .htaccess (one didn't already exist) and then I put in the following rule;

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://our.server.org/$1 [R,L]

This does absolutely nothing. Does nada.

Whhhyy..

Note: AllowOverride all in httpd.conf is on. Also, I verified that the module is not uncommented out ... but note, I couldn't find the mod_rewrite module installed so I copied it over from another server and placed it in modules/mod_rewrite.so . It was weird because it was enabled in the httpd.conf file, but then didn't exist in modules ...

I'm a baddie :(

FreePBX has a 'Reports' tab that allows you to create a few reports and some of them you can export as a .csv or .pdf, but it doesn't really have any finer features than that. I would ultimately like to be able to have a report automatically e-mailed at the end of each day with call statistics, but I'm not seeing any way to do that. The oldest article I could find with google-fu on the subject was done back in 2008 with a much older version, so I'm just wondering if there is an easy-ish (we all dream, right?) to do automatic reporting with FreePBX.

Edit: I noticed there is a module (http://redmine.colsolgrp.net/projects/list_files/csreporting) that can be used. Albeit, there is not a lot of good information on this module that I've found thus far.