As there is a working exploit against Apache's byte range implementation (CVE-2011-3192, see here), I'd like to disable it until official patches are shipped with my distros (Debian, Ubuntu). The sites are all "normal" websites without big downloads. Are there any disadvantages in disabling the feature besides downloads that can't be resumed?
PS.: I'm disabling the feature by enabling mod_headers and unsetting the range header using the following line:
RequestHeader unset Range
I have an account on a shared web host which allows me to work on the server via SSH. As I have some problems installing Magento using the web installer I switched to the commandline installation. The command to install looks something like this:
php -f install.php -- \
...
--db_host "dbhost" \
--db_name "dbname" \
--db_user "username" \
--db_pass "password" \
...
--admin_username "username" \
--admin_password "password" \
...
While the command is running (and its running for a few minutes), of course everybody else on that server can see the parameters (and passwords) by inspecting running processes (with ps aux for example). I was just wondering if its possible to hide that data in some way (e.g. with some kind of wrapper scripts/programs)?
short question: I'm usually a linux admin but need to setup a Win2k8 R2 server for a student project. The server is running as VM on a root server and has a public internet IP assigned. Additionally I need a VPN server to access some services running on the server. I managed to set up a working VPN gateway via the Routing and RAS service which assigns clients an IP in the private subnet 192.168.88.0/24 with the Interface "Internal" listening on 192.168.88.1. Additionally I set up the external interface as NAT interface.
So I can connect to the VPN server, get an IP assigned and the server additionally does NAT and I can access the internet over the VPN connection. The only thing I additionally need, is that I can access the server itself over that internal IP (e.g. client 192.168.88.2, server 192.168.88.1) as I want to access some services which I don't like to expose to the internet and restrict them to connected VPN clients.
Does anybody have a hint, which configuration I'm missing here to be able to access the server over the VPN connection?
EDIT: VPN clients get assigned the IP from the private subnet with subnetmask 255.255.255.255, I guess that might be the reason I can't access the server on the private IP address although it's in the same network range. Any ideas how to change this? I defined a static address pool in the Routing and RAS service, but I can't change the netmask there.
EDIT2: I can't access the server from the client, but I can fully access the client from the server (ping, HTTP). I guess it has to do with firewall configuration.
Thanks in advance, Mathias
I'm running a Lenny Xen dom0 hosting multiple virtual machines in a routed IP setup. To get an additional private subnet, I created the bridge xenbr0 in the dom0 with the following commands:
brctl addbr xenbr0
ifconfig xenbr0 10.0.0.1 netmask 255.255.255.0
ifconfig xenbr0 up
This works as expected, and domU interfaces are added to the bridge by Xen on VM start. My only problem is: how the heck do i specify this configuration in /etc/network/interfaces that it remains permanent and the bridge is available after a reboot? I tried the following config as found on a lot of tutorials:
auto xenbr0
iface xenbr0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
bridge_stp no
I get 2 different errors, depending on if the bridge already exists or not. If it doesn't exist:
root@dom0:~# brctl show
bridge name bridge id STP enabled interfaces
root@dom0:~# /etc/init.d/networking restart
Reconfiguring network interfaces...if-up.d/mountnfs[eth0]: waiting for interface xenbr0 before doing NFS mounts (warning).
SIOCSIFADDR: No such device
xenbr0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
xenbr0: ERROR while getting interface flags: No such device
xenbr0: ERROR while getting interface flags: No such device
Failed to bring up xenbr0.
done.
And if it exists:
root@dom0:~# brctl show
bridge name bridge id STP enabled interfaces
xenbr0 8000.000000000000 no
root@dom0:~# /etc/init.d/networking restart
Reconfiguring network interfaces...if-up.d/mountnfs[eth0]: waiting for interface xenbr0 before doing NFS mounts (warning).
RTNETLINK answers: File exists
Failed to bring up xenbr0.
done.
Could anyone point me in the right direction please? The bridge works fine when created manually, i just need the right config file entries. The most tutorials I found add some devices to the bridge in the config, is that maybe the problem why it is not working? I don't have any interfaces I want to add to the bridge on creation as they get added later on VM start...
Thanks, Mathias
a short question: is it possible to list all symbolic links onto a directory other than running a find over the whole filesystem?
Background: I have a directory containing a lot of different versions of a library and I'd like to do some cleanup work and delete the versions which weren't used in any projects.
Thanks, Mathias
I'd like to run some benchmarks on linux virtualization solutions (namely Xen, KVM and OpenVZ) and I'm currently thinking about how to set up the test environment. My current approach would be the following:
Would this approach be OK or should I completely separate the 3 systems from each other (have 3 completely independent installations each one with only one solution installed)?
Additional question: any hints what kind of benchmarks I should run? I thought about some compiling (e.g. linux kernel), ab (Apache Benchmark) and OSDB (Open Source Database Benchmark). The comparison should mainly focus on overall performance, I/O performance and response time of individual VMs.
Thanks in advance, Mathias