spam and bad process trace
by Kaushal Shriyan
Hi ALL
I am looking solution for find spamming or bad process script which is
running using tmp location.
/proc/PID give more info.
if i run
ll /proc/* |grep cwd
it will show current working directory
if we try to search ll /proc/* how can we find who is sending spamming
currently
my simple question is i would like to search scripts from tmp and i would
like to trace process from proc/ bad process or spam process.
Thank you,
Kaushal
17 years, 10 months
Re: Syslog setup server on FC5?[Scanned]
by David G. Miller (aka DaveAtFraud)
Phil Meyer <pmeyer(a)themeyerfarm.com> wrote:
>Chris Bradford wrote:
>
>
>>> Hi guys,
>>>
>>> I am trying to figure our how to setup syslog-ng on FC5 and not having
>>> much luck. I have installed syslog-ng using yum.
>>>
>>> I am trying to log from two HP 5308xl switches. The logging facility
>>> on these switches is 'user' but this can be changed.
>>>
>>> I have opened up UDP port 514 on my firewall and enables the syslog-ng
>>> service, but I think I am missing something in the configuration.
>>
>>
>Isn't it just a matter of editing /etc/sysconfig/syslog and adding -r to
>the options?
>
I'm only familiar with syslog but there are typically four steps to
setting up a remote logging facility:
1) On the device that you want to have remotely log you need to tell it
about the server that will be doing the logging. This usually means
setting the host and the logging facility (numeric) to use.
2) On the server that will be doing the logging, edit syslog.conf and
add an entry that maps logging data received on the above numeric
facility to a log file. If you chose facility 5 this will look
something like:
local5.* /var/log/switch.log
3) Also on the server, you need to enable remote logging in
/etc/sysconfig/syslog. See the posting I'm responding to, above.
4) Restart the syslog service on the server.
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
17 years, 10 months
Tomcat setup
by Ryan Ollerenshaw
I have followed the tutorial at:
http://www.reliablepenguin.com/legacy/projects/tomcat/ everything seemed to
work alright although i cannot see my tomcat server. when i browse to
//mycomputername:8080 i get an Unable to connect error. Is there somthing
in the setup that i am missing. when i look at /logs/catalina.out i do see
one problem which is:
Aug 1, 2006 10:24:05 AM
org.apache.catalina.core.AprLifecycleListenerlifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/java/j2sdk1.4.2_12/jre/lib/i386/client:/usr/java/j2sdk1.4.2_12/jre/lib/i386
But i do not think that this would cause a unable to connect error. any
help would be great, thank you.
Here is the output for a few commands that i have tried:
[root@localhost]# /etc/tomcat5/bin/startup.sh
Using CATALINA_BASE: /etc/tomcat5/
Using CATALINA_HOME: /etc/tomcat5/
Using CATALINA_TMPDIR: /etc/tomcat5//temp
Using JRE_HOME: /usr/java/j2sdk1.4.2_12
[root@localhost]# netstat -an | grep 8080
tcp 0 0 :::8080 :::* LISTEN
[root@localhost]# cat /etc/tomcat5/logs/catalina.out
Created MBeanServer with ID: e94e92:10ccac36df9:-8000:neuron.orst.edu:1
Aug 1, 2006 10:24:05 AM
org.apache.catalina.core.AprLifecycleListenerlifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/java/j2sdk1.4.2_12/jre/lib/i386/client:/usr/java/j2sdk1.4.2_12/jre/lib/i386
Aug 1, 2006 10:24:06 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Aug 1, 2006 10:24:06 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 4221 ms
Aug 1, 2006 10:24:06 AM org.apache.catalina.users.MemoryUserDatabase save
WARNING: User database is not persistable - no write permissions on
directory
Aug 1, 2006 10:24:06 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Aug 1, 2006 10:24:06 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.17
Aug 1, 2006 10:24:06 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Aug 1, 2006 10:24:07 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/manager is unusable.
Aug 1, 2006 10:24:07 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/host-manager is unusable.
Aug 1, 2006 10:24:08 AM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Aug 1, 2006 10:24:08 AM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Aug 1, 2006 10:24:08 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/servlets-examples is unusable.
Aug 1, 2006 10:24:08 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/webdav is unusable.
Aug 1, 2006 10:24:08 AM org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [
org.apache.webapp.balancer.RuleChain: [
org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News /
Redirect URL: http://www.cnn.com], [
org.apache.webapp.balancer.rules.RequestParameterRule: Target param name:
paramName / Target param value: paramValue / Redirect URL:
http://www.yahoo.com], [
org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
http://jakarta.apache.org]]
Aug 1, 2006 10:24:08 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/balancer is unusable.
Aug 1, 2006 10:24:08 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/tomcat-docs is unusable.
Aug 1, 2006 10:24:09 AM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Aug 1, 2006 10:24:09 AM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Aug 1, 2006 10:24:09 AM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified:
/etc/tomcat5/work/Catalina/localhost/jsp-examples is unusable.
Aug 1, 2006 10:24:09 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Aug 1, 2006 10:24:09 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Aug 1, 2006 10:24:09 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/48 config=null
Aug 1, 2006 10:24:09 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Aug 1, 2006 10:24:10 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 3562 ms
Created MBeanServer with ID: 1f436f5:10ccac53480:-8000:neuron.orst.edu:1
Aug 1, 2006 10:25:58 AM
org.apache.catalina.core.AprLifecycleListenerlifecycleEvent
17 years, 10 months
RE: fc version??
by Styma, Robert E (Robert)
>
> On 7/28/06, Sean Bruno <sean.bruno(a)dsl-only.net> wrote:
> > On Fri, 2006-07-28 at 09:07 -0700, bruce wrote:
> > > hi...
> > >
> > > uname -s gives a great deal of information about the kernel...
> > >
> > > how can i tell which version of FC i have on a box??
> > >
> > >
> > rpm -q fedora-release
> >
> Just what I was looking for, however what format is the result?
>
> fedora-release-2-4
>
> Is that FC2 or FC4? I'm assuming FC2.
>
> Sorry, but it's been so long since I touched this.
>
I suspect you are correct as i checked on an FC3 machine and got
fedora-release-3-8
17 years, 10 months
FC-5 iptables question
by Peter Horst
Sorry, kind of a dumb question. I'm trying to open a port to allow DNS
traffic (port 53, UDP and TCP). I tried a quick nmap from outside my
network, and though the tcp port shows up open, there's no reading from
the udp port. How can I tell if I've opened the port correctly? Here's
what I think is the relevant output from 'service iptables status' -
does this look right? Thanks much...
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp
type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:631
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:631
10 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:22
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:25
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:80
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:443
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:53
16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
NEW udp dpt:53
17 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
17 years, 10 months
Need help. Wireless does not work after kernel upgrade
by awrobinson-ml@nc.rr.com
I had ndiswrapper and wireless networking working on my eMachines laptop
running Fedora Core 4 with kernel 2.6.15-1.1831_FC4. This afternoon I
upgraded to kernel 2.6.17-1.2142_FC4. I upgraded ndiswrapper to
ndiswrapper-1.18-1.lvn4 and
kernel-module-ndiswrapper-2.6.17-1.2142_FC4-1.18-1.lvn4.
lspci shows my wireless network adapter:
00:0c.0 Network controller: Broadcom Corporation BCM4306 802.11b/g
Wireless LAN Controller (rev 03)
I still see the wireless driver with 'ndiswrapper -l':
Installed drivers:
netbc564 driver installed, hardware present
When I try to bring up the wireless interface, I get
[root@proteus log]# ifup eth1
SIOCSIFFLAGS: No such file or directory
Failed to bring up eth1.
In the messages I list below, I see references to "bcm43xx". Was there a
native driver developed between kernels 2.6.15 and 2.6.17? Should I be
making use of that? How do I do so? If not, how do I rescue my ndiswrapper?
Thanks!
Andrew Robinson
Jul 31 19:47:53 proteus kernel: bcm43xx: Chip ID 0x4306, rev 0x3
Jul 31 19:47:53 proteus kernel: bcm43xx: Number of cores: 5
Jul 31 19:47:53 proteus kernel: bcm43xx: Core 0: ID 0x800, rev 0x4,
vendor 0x4243, enabled
Jul 31 19:47:53 proteus kernel: bcm43xx: Core 1: ID 0x812, rev 0x5,
vendor 0x4243, disabled
Jul 31 19:47:53 proteus kernel: bcm43xx: Core 2: ID 0x80d, rev 0x2,
vendor 0x4243, enabled
Jul 31 19:47:53 proteus kernel: bcm43xx: Core 3: ID 0x807, rev 0x2,
vendor 0x4243, disabled
Jul 31 19:47:54 proteus kernel: bcm43xx: Core 4: ID 0x804, rev 0x9,
vendor 0x4243, enabled
Jul 31 19:47:54 proteus kernel: bcm43xx: PHY connected
Jul 31 19:47:54 proteus kernel: bcm43xx: Detected PHY: Version: 2, Type
2, Revision 2
Jul 31 19:47:54 proteus kernel: bcm43xx: Detected Radio: ID: 2205017f
(Manuf: 17f Ver: 2050 Rev: 2)
Jul 31 19:47:54 proteus kernel: bcm43xx: Radio turned off
Jul 31 19:47:54 proteus kernel: bcm43xx: Radio turned off
Jul 31 19:47:54 proteus kernel: ndiswrapper version 1.18 loaded
(preempt=no,smp=no)
Jul 31 19:47:55 proteus kernel: bcm43xx: set security called
Jul 31 19:47:55 proteus kernel: bcm43xx: .active_key = 0
Jul 31 19:47:55 proteus kernel: bcm43xx: .level = 1
Jul 31 19:47:55 proteus kernel: bcm43xx: .enabled = 1
Jul 31 19:47:55 proteus kernel: bcm43xx: .encrypt = 1
Jul 31 19:47:55 proteus kernel: SoftMAC: Associate: Scanning for
networks first.
Jul 31 19:47:55 proteus kernel: SoftMAC: Associate: failed to initiate
scan. Is device up?
Jul 31 19:47:55 proteus kernel: bcm43xx: PHY connected
Jul 31 19:47:55 proteus kernel: bcm43xx: Error: Microcode
"bcm43xx_microcode5.fw" not available or load failed.
17 years, 10 months
Apple wireless BT keyboard: how to enable those special keys?
by Jurgen Kramer
The Apple bluetooth keyboard works just beautifully with Fedora and the
hidd daemon. Most keys work but unfortunately some of the special keys
don't even seem to emit a key code (tested with xev).
The keys F13-F16 and Volume up, Volume down, mute and eject do not work.
I modified the XkbModel in xorg.conf to "power_g5" and tried xmodmap as
suggested on the net but no go.
Any idea how can I enable those extra keys?
Thanks,
Jurgen
17 years, 10 months
openssh make install error
by David Desscan
I get the following error when I do make install with openssh-4.3p2. The
configure script was ok. ./configure --prefix =/usr --sysconfdir=/etc
--with-tcp-wrapper=/usr/lib --with-skey=/usr . I have
openssl-0.9.7f-7.10installed (from fedora core 4 rpm)
I have installed zlib-1.2.3 and zlib-devel needed with openssh.
I'm running 2.6.17-1.2141_FC4
Error message:
gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.0 sshconnect1.o
sshconnect2.o -L. -Lopensbsd-compat/ -L/usr/lib -L/usr/lib -lssh
-lopenbsd-comapt -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x3f): In function
`dlfcn_load': dso_dlfcn.c: undefined reference to `dlopen'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x9c): dso_dlfcn.c : undefined
reference to `dlclose'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0xc8):dso_dlfcn.c : undefined
reference to `dlerror'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x151): In function `dlfcn_unload':
dso_dlfcn.c :undefined reference to `dlclose'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x20d): In function
`dlfcn_bind_var':dso_dlfcn.c: undefined reference to `dlsym'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x281): dso_dlfcn.c: undefined
reference to `dlerror'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x2ef): In function
`dlfcn_bind_func':dso_dlfcn.c: undefined reference to `dlsym'
/usr/lib/libcrypto.a(dso_dlfcn.o)(.text+0x36b):dso_dlfcn.c: undefined
reference to `dlerror'
collect2: ld returned 1 exit status
make: *** [ssh] Error 1
Can it be a problem with dynamic linking of libraries? I have not tried to
recompile new versions of openssl. The last time I made a mistake and
remove libssl.so.5 and libcrypto.a (two important libraries needed by rpm,
yum , wget and others). Thanks to you guys in this forum, I received a copy
of the missing libraries and could use utilities again. Thanks in advance
for all help
Rgds
17 years, 10 months
VMonitor on FC5?
by Mauricio Vergara Ereche
Hi!
I'm looking an app like "top" to monitor my web server and be more aware
about robots, mem use, running time on my applications, etc.
I realized that exists a perl module called Apache::VMonitor, but when I
tried to install it with CPAN I realize that works only with Apache 1.3.0
and I have httpd-2.2.2-1.2 (On a FC5 machine)
What other options do I have?
There is a RPM around?
I must to downgrade my apache?
There is other app that does the same thing?
Any other hint?
thanks in advance
Mauricio
17 years, 10 months