Archive for the ‘Gentoo’ Category

Denyhosts and other ssh security

Saturday, July 24th, 2010

We have several servers exposed to the internet.  Being Linux servers, we manage them by ssh.  For security, we only allow key access — no passwords.  But we still get a HUGE number of login attempts from — how shall I put it — unauthorized users.  We always had no passwords set (! in the shadow file, not blank) and root disallowed from ssh so nobody could have logged in, but they still tried.  Even after I turned off PasswordAuthentication, we still got attempts.
(more…)

iSCSI on a Dell MD3000i

Thursday, April 1st, 2010

My company recently got a Dell MD3000i “SAN” for a pretty good deal.  We’re starting to dabble in such things as virtualization, and the offer was too good to refuse.  The MD3000i is pretty basic.  Really it seems like just a JBOD with an iSCSI head, but it is a good way to start to play in that space.   We got it with dual controllers and about 6TB of space.
(more…)

Recovering from mishandling the Gentoo sys-libs/ss and sys-libs/com_err block of sys-fs/e2fsprogs

Friday, April 10th, 2009

Worst case: a new admin didn’t read my previous note correctly, and in order to “resolve” the block unmerged ss and com_err without first fetching the new packages.  What do you do now?  You can’t rsync the files over from another server, nor does scp work.  A co-worker of mine used -pv instead of -av on his –featchonly emerge and ran into this problem.  (more…)

Gentoo ss and com_err blocking e2fsprogs

Monday, December 1st, 2008

Gentoo appears to have released a change before releasing the portage that can handle it. If you emerge world right now, you’ll probably get a block involving sys-fs/e2fsprogs, sys-libs/ss and sys-libs/com_err. You’ll see something like this:
[blocks B ] sys-libs/e2fsprogs-libs-1.41.0)
[blocks B ] sys-libs/ss (is blocking sys-libs/e2fsprogs-libs-1.41.0)
[blocks B ] sys-libs/com_err (is blocking sys-libs/e2fsprogs-libs-1.41.0)

(more…)

OpenSSH 4.6 (and higher) problem with LDAP

Saturday, November 22nd, 2008

At work we upgraded some of our server a while ago and ran into a problem when upgrading from OpenSSH 4.5 to 4.6. It just stopped working. We use LDAP authentication and It would log an error “‘user’ is not in ‘sshgroup'”.

“id user” would confirm that they were indeed in sshgroup, and interestingly enough, adding them to a local group “sshgroup” would not help either.
(more…)

Qmail on x86_84 softlimit error

Friday, August 22nd, 2008

I recently installed qmail (mail-mta/netqmail in Portage) on an Intel based server under x86_64 Gentoo. Everything seemed fine, but when qmail-smtpd tried to receive remote email, it would die with the following error:

2008-08-22 10:51:38.328444500 tcpserver: status: 1/40
2008-08-22 10:51:38 tcpserver: pid 5004 from 192.168.0.33
2008-08-22 10:51:38 tcpserver: ok 5004 franklin:192.168.0.4:25 newyork:192.168.0.33::4878
2008-08-22 10:51:38 /var/qmail/bin/qmail-smtpd: error while loading shared libraries: \
   libcom_err.so.2: failed to map segment from shared object: Cannot allocate memory
2008-08-22 10:51:38 tcpserver: end 5004 status 32512
2008-08-22 10:51:38 tcpserver: status: 0/40

Google didn’t show any association between libcom_err and qmail, but “failed to map segment” turned up other problems associated with softlimit.
(more…)