Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 23rd February 2011, 09:25
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Just a note to all, you do not really need the doc package for a functional system it just contains the documentation.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Sponsored Links
  #12  
Old 23rd February 2011, 15:14
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Andrew thanks, I did realize that but you know how the copy and paste effect goes, if it's there, just leave it..lol Laziness I guess.

Jim,
If you used Andrew's deb, then the upgrade will not work if you try it with my deb as I've changed a few things from the original. I've been able to upgrade all of my installs using the guide.

Normanu,
It's always good to know how to do it yourself.
__________________
Home of the SpamSnake
Reply With Quote
  #13  
Old 23rd February 2011, 16:01
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default

Quote:
Originally Posted by Rocky View Post
Andrew thanks, I did realize that but you know how the copy and paste effect goes, if it's there, just leave it..lol Laziness I guess.

Jim,
If you used Andrew's deb, then the upgrade will not work if you try it with my deb as I've changed a few things from the original. I've been able to upgrade all of my installs using the guide.

Normanu,
It's always good to know how to do it yourself.
Thanks Rocky, but for some odd reason the .deb install of Andrew's .deb files worked flawlessly, but of course I don't know where to check for errors hehe.

But at least it fixed the AJAX Java problems when releasing from quarantine/deleting/sa-learning etc.

Anyway I can check that the system is tip-top without degrading my system??

Thank you.
__________________
Best regards

Jim
Reply With Quote
  #14  
Old 23rd February 2011, 16:13
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Hmm, I haven't used Andrews deb for an upgrade, but I'm sure since it's not really altering anything outside of Baruwa, it should be fine. However, if it was used in a fresh install scenario with the snake, I assume it would cause some probs with it's dependencies.

Just check your log files(mail, uswgi, nginx), if no errors are apparent and mail is being scanner/relayed, then I would say you are good to go. Make sure to read the postfix section carefully to really understand the addons, because some things cannot be used with others.
__________________
Home of the SpamSnake
Reply With Quote
The Following User Says Thank You to Rocky For This Useful Post:
itsnedkeren (23rd February 2011)
  #15  
Old 23rd February 2011, 16:49
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default

Quote:
Originally Posted by Rocky View Post
Hmm, I haven't used Andrews deb for an upgrade, but I'm sure since it's not really altering anything outside of Baruwa, it should be fine. However, if it was used in a fresh install scenario with the snake, I assume it would cause some probs with it's dependencies.

Just check your log files(mail, uswgi, nginx), if no errors are apparent and mail is being scanner/relayed, then I would say you are good to go. Make sure to read the postfix section carefully to really understand the addons, because some things cannot be used with others.
Thanks Rocky.

Nginx seems clear apart from this:
Code:
200.46.83.245 - - [23/Feb/2011:16:31:39 +0100] "GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1" 400 172 "-" "-"
Mail.log looks fine

uwsgi.log contains a lot of these:

Code:
Wed Feb 23 08:36:15 2011 - SIGINT/SIGQUIT received...killing workers...
Wed Feb 23 08:36:16 2011 - goodbye to uWSGI.
Wed Feb 23 08:37:05 2011 - [uWSGI] getting YAML configuration from /etc/uwsgi/uwsgi-python2.6/baruwa.ini
Wed Feb 23 08:37:05 2011 - *** Starting uWSGI 0.9.6.6 (32bit) on [Wed Feb 23 08:37:05 2011] ***
Wed Feb 23 08:37:05 2011 - compiled with version: 4.4.5
Wed Feb 23 08:37:05 2011 - Python version: 2.6.6 (r266:84292, Sep 15 2010, 16:02:57) 
[GCC 4.4.5]
Wed Feb 23 08:37:05 2011 - writing pidfile to /var/run/uwsgi/uwsgi-python2.6/baruwa/pid
Wed Feb 23 08:37:05 2011 - uWSGI running as root, you can use --uid/--gid/--chroot options
Wed Feb 23 08:37:05 2011 - setgid() to 33
Wed Feb 23 08:37:05 2011 - setuid() to 33
Wed Feb 23 08:37:05 2011 - your memory page size is 4096 bytes
Wed Feb 23 08:37:05 2011 - allocated 416 bytes (0 KB) for 1 request's buffer.
Wed Feb 23 08:37:05 2011 - binding on UNIX socket: /var/run/uwsgi/uwsgi-python2.6/baruwa/baruwa.sock
Wed Feb 23 08:37:05 2011 - your server socket listen backlog is limited to 64 connections
Wed Feb 23 08:37:05 2011 - initializing hooks...Wed Feb 23 08:37:05 2011 - done.
Wed Feb 23 08:37:05 2011 - application 0 () ready
Wed Feb 23 08:37:05 2011 - setting default application to 0
Wed Feb 23 08:37:05 2011 - spawned uWSGI master process (pid: 1843)
Wed Feb 23 08:37:05 2011 - max_ovec = 0
Wed Feb 23 08:37:05 2011 - spawned uWSGI worker 1 (pid: 1850)
Wed Feb 23 08:37:05 2011 - spawned uWSGI worker 2 (pid: 1851)
Wed Feb 23 08:37:42 2011 - routing 0 routes 0
[pid: 1850|app: 0|req: 1/1] 80.87.90.14 () {28 vars in 335 bytes} [Wed Feb 23 02:37:42 2011] GET /webdav/test => generated 2259 bytes in 104 msecs (HTTP/1.1 404) 1 headers in 51 bytes (0 async switches on async core 0)
Wed Feb 23 08:37:56 2011 - routing 0 routes 0
[pid: 1851|app: 0|req: 1/2] 193.219.27.230 () {48 vars in 903 bytes} [Wed Feb 23 02:37:56 2011] GET /messages/ => generated 146 bytes in 347 msecs (HTTP/1.1 200) 2 headers in 71 bytes (0 async switches on async core 0)
Wed Feb 23 02:38:47 2011 - routing 0 routes 0
[pid: 1850|app: 0|req: 2/3] 193.219.27.230 () {42 vars in 773 bytes} [Wed Feb 23 02:38:47 2011] GET / => generated 3390 bytes in 382 msecs (HTTP/1.1 200) 5 headers in 219 bytes (0 async switches on async core 0)
Wed Feb 23 02:38:47 2011 - routing 0 routes 0
[pid: 1851|app: 0|req: 2/4] 193.219.27.230 () {44 vars in 772 bytes} [Wed Feb 23 02:38:47 2011] GET /jsi18n/ => generated 667 bytes in 5 msecs (HTTP/1.1 200) 4 headers in 118 bytes (0 async switches on async core 0)
Wed Feb 23 02:38:53 2011 - routing 0 routes 0
[pid: 1850|app: 0|req: 3/5] 193.219.27.230 () {44 vars in 836 bytes} [Wed Feb 23 02:38:53 2011] GET /settings/ => generated 2064 bytes in 146 msecs (HTTP/1.1 200) 5 headers in 219 bytes (0 async switches on async core 0)
Wed Feb 23 02:38:53 2011 - routing 0 routes 0
[pid: 1851|app: 0|req: 3/6] 193.219.27.230 () {44 vars in 781 bytes} [Wed Feb 23 02:38:53 2011] GET /jsi18n/ => generated 667 bytes in 1 msecs (HTTP/1.1 200) 4 headers in 118 bytes (0 async switches on async core 0)
Wed Feb 23 02:38:55 2011 - routing 0 routes 0
[pid: 1850|app: 0|req: 4/7] 193.219.27.230 () {44 vars in 865 bytes} [Wed Feb 23 02:38:55 2011] GET /settings/domains/2/ => generated 2084 bytes in 103 msecs (HTTP/1.1 200) 5 headers in 219 bytes (0 async switches on async core 0)
Wed Feb 23 02:38:55 2011 - routing 0 routes 0
By "postfix section" do you mean of your guide?
__________________
Best regards

Jim
Reply With Quote
  #16  
Old 23rd February 2011, 17:05
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Yes, I meant the guide.

This is what I got for researching nginx:

What is GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1?




A record of "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" in your Raw Access logs indicates that someone has been hacking at your web site!
By itself, this entry does not mean that you have been hacked. It only means that someone has been trying to hack your site. The entry should always have caused a "400" error on your site, indicating that the attempt was unsuccessful.
This entry should send you a message. Keep your code clean! Most web sites are attacked in one way or another almost every day. Your best defense is to learn what you can do to keep your files, directories, and scripts safe from hackers. Be sure you have your file and directory permissions set properly. Even more imortantly, only use safe scripts that have a good reputation for security on the Internet, and be sure that you always check the parent sites for your scripts at least once a month for updates and bug fixes.

Hope that helps.
__________________
Home of the SpamSnake
Reply With Quote
  #17  
Old 23rd February 2011, 18:29
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
 
Default

Quote:
Originally Posted by Rocky View Post
Yes, I meant the guide.

This is what I got for researching nginx:

What is GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1?




A record of "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" in your Raw Access logs indicates that someone has been hacking at your web site!
By itself, this entry does not mean that you have been hacked. It only means that someone has been trying to hack your site. The entry should always have caused a "400" error on your site, indicating that the attempt was unsuccessful.
This entry should send you a message. Keep your code clean! Most web sites are attacked in one way or another almost every day. Your best defense is to learn what you can do to keep your files, directories, and scripts safe from hackers. Be sure you have your file and directory permissions set properly. Even more imortantly, only use safe scripts that have a good reputation for security on the Internet, and be sure that you always check the parent sites for your scripts at least once a month for updates and bug fixes.

Hope that helps.
Excellent, thank you very much. The only thing running on that is Baruwa. I think I'll use my "well tested" IPTables script as firewall in stead.
__________________
Best regards

Jim
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
MailWatch Error: no rows retrieved from database sergio.arnaldo Server Operation 25 21st March 2011 06:05
[The Perfect Spamsnake Ubuntu 10.10] - No mail relay, just errors. itsnedkeren HOWTO-Related Questions 2 20th February 2011 10:45
MailScanner trouble with DBD-MYSQL sergio.arnaldo Server Operation 11 26th August 2009 18:08
Perfect Spamsnake - libole upgrade issue resolved jshampur HOWTO-Related Questions 3 15th July 2009 20:36
SpamSnake SpamAssassin not working? getrav HOWTO-Related Questions 5 23rd June 2008 23:02


All times are GMT +2. The time now is 20:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.