Saturday, August 31, 2019

active directory - Setting a Windows Non-Interactive User Account

Does anybody know how I can, or if it's possible, to set a Windows domain account as a "non-interactive" user.



I would like to set specific Windows domain service accounts as "non-interactive" so that they'll only be able to run the application they're assigned to, since you shouldn't be logging into the GUI desktop with said account anyways.

Friday, August 30, 2019

security - Linux hardening - web servers




What are your checklist/routine when setting up a Linux web server?



What do you recommend to achieve maximum security?



Is there any preferred way to perform repeated maintenance?


Answer




  • First of all, be aware that any scripting ability in Apache (php, cgi, ruby,...) is the potential equivalent of a shell account with privileges of the user running the script.


  • If the server is shared with multiple users, you might want to think about using suexec (- or ITK MPM - Suggested by David Schmitt) so not every script runs as the same apache user.


  • Virtualize or chroot apache, so that any compromise is at least somewhat contained in an additional layer of security. Be aware that when you chroot apache, maintenance may become harder, as you end up moving libraries to the jail etc. If you're on FreeBSD you can use a jail instead, which is much easier to maintain, since you can just install apache from ports, and run portaudit from within it, without having to worry about any library dependencies and moving files manually, which always becomes an ugly mess. With BSD jails you can simply keep using the package management system (ports). (On GNU/Linux you can also use VServer for virtualization. - Suggested by David Schmitt )



  • (obviously) Keep up with updates and patches, not only for Apache, but also PHP, ruby, perl, etc... don't just trust your OS to give you all the updates either. Some distro's are extremely slow with their patches. Limit exposure time to 0-day vulnerabilities as much as possible. Stick the milw0rm feed in your RSS reader, subscribe to the insecure.org mailing lists, etc... Not only will it help you learn about vulnerabilities before your OS gets around to releasing a patch, you will also learn about vulnerabilities in certain php cms applications for example, which may not even be managed or patched by your OS at all.


  • Use something like tripwire/aide, audit, or mtree(on BSD) to keep track of changes on your filesystem. This one is really important. Have any changes mailed to you regularly, review them manually, every day. If any file changes that shouldn't change, investigate why. If some malicious javascript somehow gets inserted into your pages through whatever method, you WILL catch it this way. This not only saves your server, but also your users, as your own webpages can be abused to infect your visitors. (This is a very very common tactic, the attackers often don't even care about your server, they just want to infect as many of your visitors as possible until discovered. These attackers also don't even bother to hide their tracks usually. Catching a compromise like this as fast as possible is very important.)


  • Using stuff like suhosin to protect php helps. But also learn to understand it, tweak it's config to your application's expected parameters.


  • Using a kernel patch such as PaX may help protect you from many buffer overflow vulnerabilities. Even if your software is vulnerable. (This does not make you invulnerable, it's just yet another, minor, layer.)


  • Don't get over-confident when using some security tool. Understand the tools you use, and use common sense. Read, learn, keep up with as much as you can.


  • Consider using mandatory access control (eg: SELinux). It allows you to specify, for each application, what it is allowed to do, in great detail. What files is it allowed to access. What kernel calls is it allowed to make, etc. This is a very involved process and requires lots of understanding. Some distro's provide pre-made SELinux policies for their packages (eg: Gentoo ). This suggestion is kind of a contradiction to the one below, but still valid, nevertheless.


  • Keep things simple. A complex security strategy may work against you.


  • In Apache, set up a very restrictive default rules (Options None, Deny from all, etc...) and override as needed for specific VirtualHosts.


  • Deny access to all dotfiles (which also immediately covers .htaccess files)


  • Always use https anywhere there is any sort of password authentication.



  • Firewall should be a deny-by-default policy. Build some specific rules in your firewall to log specific traffic.


  • Set up log parsing scripts to scan your logs for anomalies. (the prelude IDS suite can do this, but honestly, I recommend you build up your own scripts over time, as it will help you understand your own tools and rules better.)


  • Have the server mail you daily reports on last logged in users, active connections, bandwidth used, etc...


  • Have a cron scan for suid binaries, world writeable files, and stuff like that, and have them mailed to you.


  • For any of the stuff you set up that gets mailed to you, you should build up a list of exceptions over time. (folders to ignore filesystem changes on, 777 files to allow, suid binaries to allow). It is important that you only get notified of things that shouldn't happen. If you get a mail every day with trivial stuff, you will start to ignore them, and they will become pointless.


  • Have a good solid layered redundant backup strategy. And don't just assume that making an image or copy of everything works. For example, if MySQL is in the middle of writing to a table during your backup, your MySQL binary files may be corrupted when you restore your backup. So you will need a cron that mysqldump's your databases on top of regular images or nightly tarballs or version control or whatever else you have setup. Think about your backup strategy. I mean, REALLY think about it.


  • Don't rely on lists like this for security :) Seriously! You'll find lots of these all over the internet, go read them all, research every suggestion, and use common sense and experience to make up your own mind. In the end, experience and common sense are the only things that will save you. Not lists, nor tools. Do read, but don't just copy without understanding.



hard drive - Root volume /dev/mapper/centos-root full

On one of my host, i have /dev/mapper/centos-root reporting almost full (99%), here is output of df -h.



==



[root@LA3QSSD02-20217 /]# df -h
Filesystem Size Used Avail Use% Mounted on

/dev/mapper/centos-root 50G 50G 540M 99% /
devtmpfs 63G 0 63G 0% /dev
tmpfs 63G 64K 63G 1% /dev/shm
tmpfs 63G 18M 63G 1% /run
tmpfs 63G 0 63G 0% /sys/fs/cgroup
/dev/sdy1 494M 210M 285M 43% /boot
/dev/mapper/centos-home 411G 33M 411G 1% /home
/dev/mapper/datastore-datastore 11T 548G 9.1T 6% /datastore
/dev/mapper/data-sdx 734G 73M 734G 1% /data-sdx
/dev/mapper/data-sdf 734G 73M 734G 1% /data-sdf

/dev/mapper/data0 734G 80M 734G 1% /data0
/dev/mapper/data-sdd 734G 73M 734G 1% /data-sdd
/dev/mapper/data-sdt 734G 73M 734G 1% /data-sdt
/dev/mapper/data-sdg 734G 73M 734G 1% /data-sdg
/dev/mapper/data-sdu 734G 73M 734G 1% /data-sdu
/dev/mapper/data-sdb 734G 73M 734G 1% /data-sdb
10.253.48.21:/vol/eq1ag4rdtest01/kvm_ostemplates 3.0T 1.8T 1.3T 58% /vol/eq1ag4rdtest01/kvm_ostemplates
tmpfs 13G 0 13G 0% /run/user/0



==



Im unable to find out what is causing / to report full, here is some more details.



++++





0       bin
229M boot

5.5M data0
0 data-sdb
0 data-sdc
0 data-sdd
0 data-sde
0 data-sdf
0 data-sdg
0 data-sdh
0 data-sdi
0 data-sdj

0 data-sdk
0 data-sdl
0 data-sdm
0 data-sdn
0 data-sdo
0 data-sdp
0 data-sdq
0 data-sdr
0 data-sds
0 data-sdt

0 data-sdu
0 data-sdv
0 data-sdw
0 data-sdx
698G datastore
152K dev
24M etc
320K home
0 lib
0 lib64

0 media
0 mnt
171M opt
0 proc
160M root
115M run
0 sbin
20K sharedstore
0 srv
0 sys

40K tmp
2.6G usr
1.8G var
1.7T vol


+++++



Please help me in find out what is consuming space on / and how to free it.




Thanks



Regards
Aun

domain name system - What is the difference between the NS records and the glue records?




I have two glue records at Godaddy, for example:



NS1.MYDNSSERVER.COM
NS2.MYDNSSERVER.COM


And I have three NS records in my domain:



NS1.MYDNSSERVER.COM

NS2.MYDNSSERVER.COM
NS3.MYDNSSERVER.COM



  1. If I have glue records why do I need the NS records?

  2. The extra record (NS3.MYDNSSERVER.COM) is a real DNS server but from some reason I can't update this record as a glue record. Can this cause any problems?


Answer



Glue records are "hint" IP addresses that the parent servers (i.e not GoDaddy) provide in addition to the answer when a resolver asks what the NS records are for your domain. They are not the authoritative answer. The records you have labeled above as glue records are not glue records, however GoDaddy probably use those records to tell the parent nameserver what the glue should be. The canonical DNS answer describes this much better than I am able to.




Some resolvers will use the glue records without double-checking and some will query the NS records from the authoritative name servers (the ones provided in the glue records) to make sure they are actually correct.



I know from experience that PowerDNS is in the former group and bind9 is in the latter. I have no experience with any other resolvers.



Not having NS records at your nameservers will cause problems with bind9. The kind of problems where anyone whose ISP is using bind9 will not be able to visit your website.



Having an extra NS record at your nameservers that isn't at the parent nameservers will just mean that nameserver gets less traffic than the other two. It's the other way around in this situation and bind9 will use all the nameservers and PowerDNS will not.


networking - Windows server 2008 File Server problems

First of all i would like to apolagies for my lack of knowladge in this matter but with your help i hope i can fix the problem.



Here's the situation:

We have a Windows 2008R2 Server running Databases, File Server, DNS Server and AD controller (I know it is not best pratice, but it's what we got)



Recently, and without any changes in server configuration, some people are having problems accessing their shared folders on the server. When they try to access it says access denied (even when logging on with domain credentials), but what is most weird is that without any changes from my side, people are suddenly allowed to access the folders and after X time the problem returns.... And so on.



I already tried clear all conections with net use *\delete, and I also removed Stored User Names and Passwords (Control Panel\User Acconts\Advanced) but nothing works.



Some times when i try to enter the server address \\192.168.2.100 or \\Umclinica it open the window to enter my credencials and when i try to put the domain credencials for that user it says:




"Logon Unsuccessful: The user name you typed is the same as the user name you logged in with. That user name has already been tried. A domain controller cannot be found to verify that user name."





Another wierd thing i noticed is that until now it only happened on windows XP.



Do u think this might be a Server problem or local PC problem ? I already search all over the place but couldnt figure out the problem.



Beside this problem the server is running as normal, databases are working good, internet (even in the problematic PCs), softwares, etc... everything fine but file server.

Servers - Buying New vs Buying Second-hand



We're currently in the process of adding additional servers to our website. We have a pretty simple topology planned: A Firewall/Router Server infront of a Web Application Server and Database Server.



Here's a simple (and technically incorrect) diagram that I used in a previous question to illustrate what I mean:



Diagram



We're now wondering about the specs of our two new machines (the Web App and Firewall servers) and whether we can get away with buying a couple of old servers. (Note: Both machines will be running Windows Server 2008 R2.)




We're not too concerned about our Firewall/Router server as we're pretty sure it won't be taxed too heavily, but we are interested in our Web App server. I realise that answering this type of question is really difficult without a ton of specifics on users, bandwidth, concurrent sessions, etc, etc., so I just want to focus on the general wisdom on buying old versus new.



I had originally specced a new Dell PowerEdge R300 (1U Rack) for our company. In short, because we're going to be caching as much data as possible, I focussed on Processor Speed and Memory:




  • Quad-Core Intel Xeon X3323 2.5Ghz (2x3M Cache) 1333Mhz FSB

  • 16GB DDR2 667Mhz




But when I was looking for a cheap second-hand machine for our Firewall/Router, I came across several machines that made our engineer ask a very reasonable question: If we stuck a boat load of RAM in this thing, wouldn't it do for the Web App Server and save us a ton of money in the process?



For example, what about a second-hand machine with the following specs:




  • 2x Dual-Core AMD Opteron 2218 2.6Ghz (2MB Cache) 1000Mhz HT

  • 16GB DDR2 667Mhz



Would it really be comparable with the more expensive (new) server above?




Our engineer postulated that the reason companies upgrade their servers to newer processors is often because they want to reduce their power costs, and that a 2.6Ghz processor was still a 2.6Ghz processor, no matter when it was made.



Benchmarks on various sites don't really support this theory, but I was wondering what server admin thought.



Thanks for any advice.


Answer



First off, a 2.6GHz processor is not a 2.6GHz processor if they're from different generations. You're correct in thinking twice about that. This has been true for a long time now (at least since the 486 / Pentium days), and so it's important to point out to your engineer just how wrong the Megahertz Myth is. Especially given the massive performance improvements i7 based chips offer over Core / Core2 based ones at the same clock speed.



That being said, that's not my first concern with this plan. My first concern is that used servers will have a significantly reduced operational life that a new server, since you don't know how it was previously used, under what conditions, or what'll happen to it in transit on the way to you. Generally speaking, for production systems, reliability should always take precedence to performance, since it'll cost you way more to fix a dead production server than to upgrade a server that's too slow.




My feeling is that the price difference would have to be very, very substantial to even want to look at doing this, and that if you're buying used, you'll want to redundantly cluster them just to be safe.


Thursday, August 29, 2019

yum - CentOS 5.5 php-posix with dependency error php53-common

I'm having problems installing php-posix. The problem I have, is that I used epel.repo and now I can't work out how to get past this. I'm not great with Redhat & yum.





[root@badelivery ~]# yum install php-posix
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: mirrors.liquidweb.com
* base: mirror.atlanticmetro.net
* epel: mirror.cogentco.com
* extras: centos.aol.com
* updates: mirror.ash.fastserv.com
addons | 1.9 kB 00:00

base | 1.1 kB 00:00
epel | 3.7 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php53-process.x86_64 0:5.3.3-22.el5_10 set to be updated
--> Processing Dependency: php53-common = 5.3.3-22.el5_10 for package: php53-process
--> Running transaction check

---> Package php53-common.x86_64 0:5.3.3-22.el5_10 set to be updated
--> Processing Conflict: php53-common conflicts php-common
--> Finished Dependency Resolution
php53-common-5.3.3-22.el5_10.x86_64 from updates has depsolving problems
--> php53-common conflicts with php-common
Error: php53-common conflicts with php-common
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest



I used EPEL to get fail2ban running, but what I didn't realise is that it has updated my php packages.





[root@badelivery ~]# rpm -qa | grep remi
php-xmlrpc-5.3.5-1.el5.remi.1
php-gd-5.3.5-1.el5.remi.1
php-mysql-5.3.5-1.el5.remi.1

php-pear-1.9.1-6.el5.remi
php-odbc-5.3.5-1.el5.remi.1
mysql-server-5.1.54-1.el5.remi
php-xml-5.3.5-1.el5.remi.1
php-devel-5.3.5-1.el5.remi.1
php-snmp-5.3.5-1.el5.remi.1
mysql-libs-5.1.54-1.el5.remi
mysql-5.1.54-1.el5.remi
php-mcrypt-5.3.5-1.el5.remi.1
mysql-bench-5.1.54-1.el5.remi

php-5.3.5-1.el5.remi.1
mysqlclient15-5.0.67-1.el5.remi
php-cli-5.3.5-1.el5.remi.1
php-common-5.3.5-1.el5.remi.1
php-mbstring-5.3.5-1.el5.remi.1
php-imap-5.3.5-1.el5.remi.1
php-ldap-5.3.5-1.el5.remi.1
mysql-devel-5.1.54-1.el5.remi
php-pdo-5.3.5-1.el5.remi.1



It looks like php-postfix is not available on epel.



If I remove php-common, a lot of dependencies will be removed, which I think will lead to a lot of problems.



Is there way to solve this without a lot of pain. This is a prod server.
thanks!

spf - How to improve DMARC Compliance?

I've been monitoring our DMARC compliance with policy "p=none" for a month or two using both dmarcian and dmarcanalyzer. I've noticed that when we send a large email marketing campaign (10k+ emails), there is a spike in mail that fails DMARC that seems to be from the campaign.



My company sends marketing emails to our clients using Pardot, and Pardot sends emails using a 5321.MailFrom address with a domain of "bounce.s7.exacttarget.com".
We have set up our DKIM keys properly in Pardot and have SPF records on our domain that allow their servers to send mail on our behalf. I also know that since the Pardot emails are sent from "bounce.s7.exacttarget.com", we'll never be in DMARC alignment for SPF.



So the problem is, if we send 10,000 emails to our clients, I'm only seeing DMARC aggregate report successes (using DKIM) for 1,000-1,500 emails. (I assume its normal for only a percentage of mail servers to send aggregate reports?) And I see a spike of DMARC aggregate report failures for 100-500 emails.




Many of these show DKIM fail for our domain which is puzzling, and many show DKIM fail for a different domain altogether. I've looked up a few of the domains that failed DKIM, and the numbers to those domains seem to match emails that were sent to that domain via our campaign.
This sounds like the email hit a mail server and then was forwarded which broke the DKIM signature.



Does that sound likely to you?



How do I get legitimate marketing emails to our customers to pass DMARC when there may be forwarding going on?

Windows 2008 Best Raid Configuration



I have 4 2TB hard drives and I was thinking about using Raid 10. This would give me 4TB correct? My next question is would it be easy to add more hard drives to the raid array. For example if I bought another hard drive can I add it to the array without backing up any data?



Basically I want to be able to start off with 4TB and when the space becomes full add more space as needed. If this isn't possible with Raid 10, is it possible with any Raid configuration.



Any suggestions would be appreciated. Thank you.


Answer



This is entirely dependent on your RAID controller.




Any halfway decent RAID controller will allow you to add disks and grow an existing array. I suggest you consult the manual for your server's RAID controller - It should spell out whether or not this is supported in no uncertain terms.



Assuming that the controller supports this, you can easily extend the volume in Windows using diskmgmt.msc afterwards.


Wednesday, August 28, 2019

.htaccess - Unexpected behavior with htaccess Redirect 301

I have the following in my .htaccess file-



Redirect 301 / http://www.foo.com/south-carolina-real-estate/
Redirect 301 /related/aiken-sc.htm?tkn=MXNDbGxQjEAKEwj0qrmMz_OYAhUdBGoKHY43MKwYASAFMKCTDDgNUKCTDFDLuosP http://www.foo.com/south-carolina-real-estate/
Redirect 301 /related/aiken-sc.htm http://www.foo.com/south-carolina-real-estate/
Redirect 301 /related/spartanburg.htm?tkn=0bzl_HmfIxIKEwj0qrmMz_OYAhUdBGoKHY43MKwYASADMKCTDDgNUKCTDFDLuosP http://www.foo.com/south-carolina-real-estate/
Redirect 301 /related/spartanburg.htm http://www.foo.com/south-carolina-real-estate/


But when I visit http://www.url.com/related/aiken-sc.htm I get the following URL in the browser-




http://www.foo.com/south-carolina-real-estate/related/aiken-sc.htm



Not sure what the problem is, this works fine on other sites...?

Tuesday, August 27, 2019

Common wisdom about Active Directory authentication for Linux Servers?



What is the common wisdom in 2014 about Active Directory authentication/integration for Linux servers and modern Windows Server operating systems (CentOS/RHEL-focused)?



Over the years since my first attempts with integration in 2004, it seems like the best-practices around this have shifted. I'm not quite sure which method currently has the most momentum.



In the field, I've seen:


Winbind/Samba
Straight-up LDAP
Sometimes LDAP + Kerberos
Microsoft Windows Services for Unix (SFU)
Microsoft Identity Management for Unix
NSLCD
SSSD
FreeIPA
Centrify
Powerbroker (née Likewise)



Winbind always seemed terrible and unreliable. The commercial solutions like Centrify and Likewise always worked, but seemed unnecessary, since this capability is baked into the OS.




The last few installations I've done had the Microsoft Identity Management for Unix role feature added to a Windows 2008 R2 server and NSLCD on the Linux side (for RHEL5). This worked until RHEL6, where the lack of maintenance on NSLCD and memory resource management issues forced a change to SSSD. Red Hat also seemed to back the SSSD approach, so that's been fine for my use.



I'm working with a new installation where the domain controllers are Windows 2008 R2 Core systems and do not have the ability to add the Identity Management for Unix role feature. And I'm told that this feature is deprecated is no longer present in Windows Server 2012 R2.



The benefit of having this role installed is the presence of this GUI, while allows easy one-step administration of user attributes.





But...





The Server for Network Information Service (NIS) Tools option of
Remote Server Administration Tools (RSAT) is deprecated. Use native
LDAP, Samba Client, Kerberos, or non-Microsoft options.




That makes it really difficult to rely on if it may break forward-compatibility. The customer wants to use Winbind, but everything I see from the Red Hat side points to the use of SSSD.



What's the right approach?
How do you handle this in your environment?



Answer



In March 2014, Red Hat published a reference architecture for integrating Red Hat Enterprise Server with Active Directory. (This material should certainly be current and relevant.) I hate to post this as an answer, but it's really just too much material to transfer into the answer field.



This document (corrected) is hot off the press seems to focus on the new features of Red Hat Enterprise Linux (RHEL) 7. It was published for the Summit last week.



Should this link go stale, please let me know and I'll update the answer accordingly.



I have personally used WinBind fairly reliably for authentication. There's very infrequent service failure that requires someone with root or other local account to go in and bounce winbindd. This could probably be dealt with via proper monitoring if you care to put the effort into it.



It is worth noting that Centrify does have additional functionality, though this can be provided by separate configuration management. (Puppet, etc.)




Edit 6/16/14:



Red Hat Enterprise Linux 7 Windows Integration Guide


Monday, August 26, 2019

iptables - Forwarding port 5000 traffic from one interface to another one

I'm trying to give public access from outside my network to a specific device (10.1.1.12) inside my network, using port 5000.




I have a PC acting as a firewall between my gateway and the devices inside my network, so I need to change that PC's iptables. That PC acting as firewall has two interfaces: eth0 (10.1.1.1) and eth1 (192.168.1.5).



The incoming traffic from outside will come from eth1 (192.168.1.5) and I just need to forward it to eth0 (10.1.1.1) because, at the moment, I've already set the forwarding from 10.1.1.1 to 10.1.1.12 (the final device) and it's working fine.



Searching on the web, I tried to set the next two iptables rules, without success:



iptables -A FORWARD -p tcp --destination-port 5000 --in-interface eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp --destination-port 5000 --out-interface eth0 -j MASQUERADE



Then, I tried to set the next iptables rule, also unsuccessful:



iptables -t nat -A PREROUTING -p tcp --destination-port 5000 --in-interface eth1 -j MASQUERADE


In conclusion, if I type in a browser 10.1.1.1:5000 from inside my network, I can access 10.1.1.12, so that forwarding is working fine. But if I type in a browser my.public.i.p:5000 from outside my network, I get an ERR_ADDRESS_UNREACHABLE, so the forwarding between eth1 and eth0 is not working fine.



Some help will be appreciated. Thanks.

Detaching a Microsoft SQL 32bit database and attaching it to a 64bit server




I want to detach a database from a 32bit Microsoft SQL 2005 environment and attach it to a 64bit Microsoft SQL 2008 environment.



Microsoft says:




The SQL Server on-disk storage format
is the same in the 64-bit and 32-bit
environments. Therefore, attach works
across 32-bit and 64-bit environments.

A database detached from a server
instance running in one environment
can be attached on a server instance
that runs in another environment.




I was just wondering if there would be any limitations since the database was created in a 32bit environment?



Should I just bite the bullet and create a new database in SQL 2008 64bit and migrate the data, or can I get away with detaching and attaching?


Answer




Go ahead and do the detach/attach. I've done it many times with no problems. Like the article says, the storage layer is the same so there's nothing to worry about between the 32-bit and 64-bit editions.


domain name system - Cannot send email to Hotmail or MSN addresses





I am running into a problem at work where end users are unable to email Hotmail or MSN email addresses. We are running an Exchange 2007 server and the message itself is in HTML and contains no attachments. If messages are sent to a distribution list, those recipients who use other email providers are able to receive and view the message. Now the kicker is that sometimes we are able to reach the addresses, though not with any regularity. For instance, a user may not be able to send a message in the morning, but will be able to in the afternoon or perhaps a couple of days later. Other times, we are unable to reach the addresses at all no matter how many times we try.



Here's some of the information that will get sent back during an unsuccessful attempt:




Delivery has failed to these recipients or distribution lists:




An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.



The following organization rejected your message: snt0-mc1-f7.Snt0.hotmail.com.




Also, our mail server generates diagnostic information that the Hotmail (or MSN) server returned a "#500 Unrecognized command ##"



Has anyone encountered anything like this or know what the problem may be?




Update



I've looked at the issue a little more and it appears that the SPF record is good (or at least passable).


Answer



You may be getting caught in their anti-spam checks. According to the FAQ here: http://postmaster.msn.com/, you should publish your "Sender Policy Framework (SPF) records to help pass any Sender ID authentication checks."



Learn more about Sender ID and how to publish your SPF records here: http://www.microsoft.com/senderid


nginx - "Image cannot be processed." Cryptic Wordpress error when uploading new header image



When I attempt to upload a new header image to my wordpress installation my browser's work is acknowledged with a cryptic "Image could not be processed. Please go back and try again." The upload does succeed: wp-content/uploads/.../header.jpg exists as it should.



There are no error messages in /var/log/messages--which php is configured to log errors to--nor in nginx's error log. This setup was previously discussed here.







  • Wordpress 3.0.4

  • Twenty Ten 1.1

  • nginx 0.8.54

  • php-fpm 5.3.5 (fpm-fcgi)

  • Arch Linux


Answer



You might not have the gd library installed and enabled in php. I'm not much of an Linux guy, but I did this to get it installed on my setup:



yum install php-gd



Here's some more about it: http://ubuntuforums.org/showthread.php?t=506801



Don't forget to restart httpd after installing gd.


Wednesday, August 21, 2019

email - Postfix - can send mail to outside directly from server, but not from remote hosts connecting to it



I'm currently in the process of configuring a mail server on our AWS VPC to relay messages from applications on multiple servers on that same network onto the internet. This SMTP server is only ever meant to send automated emails and never to receive anything. The main purpose of this machine is to monitor and centralize logs, but I've been asked to configure it as a mail server as well.



So far, I've been able to configure postfix to enable sending email to my work email address from the command line (using the mail command) and email alerts from the log manager.




However, I've attempted to connect to this SMTP server from the other machines through telnet and I'm unable to send email - logs show a message from google alerting that mail from the server's public IP address is rate limited due to low reputation.



This seems odd to me because, in both situations, the emails are coming from the same public ip address.






Log entries for a successful email look something like this:



host.sub.example.com postfix/pickup[23352]: D1F941407D1: uid=1001 from=

host.sub.example.com postfix/cleanup[26119]: D1F941407D1: message-id=<20170130114758.D1F941407D1@mail.example.com>
host.sub.example.com postfix/qmgr[23353]: D1F941407D1: from=, size=384, nrcpt=1 (queue active)
host.sub.example.com postfix/smtp[26122]: D1F941407D1: to=, relay=alt2.aspmx.l.google.com[74.125.205.27]:25, delay=0.81, delays=0.01/0/0.32/0.47, dsn=2.0.0, status=sent (250 2.0.0 OK 1485776921 14si8136222lju.15 - gsmtp)
host.sub.example.com postfix/qmgr[23353]: D1F941407D1: removed


Generated by the command: echo "test" | mail -s "testsubj" work.email@example.com







Unsuccessful ones look like this:



host.sub.example.com postfix/smtpd[26773]: connect from otherhostname[private-ip-address]
host.sub.example.com postfix/smtpd[26773]: improper command pipelining after MAIL from otherhostname[privateipaddress]: RCPT TO: work.email@example.com\r\nDATA\r\nFrom: fromheader@mail.example.com\r\nSubject: word1 word2\r
host.sub.example.com postfix/smtpd[26773]: ADD161407D1: client=otherhostname[private-ip-address]
host.sub.example.com postfix/cleanup[26780]: ADD161407D1: message-id=<>
host.sub.example.com postfix/qmgr[23353]: ADD161407D1: from=, size=284, nrcpt=1 (queue active)
host.sub.example.com postfix/smtp[26781]: ADD161407D1: host alt1.aspmx.l.google.com[173.194.69.26] said: 421-4.7.0 [public-ip-address 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. 28si16209237wru.213 - gsmtp (in reply to end of DATA command)
host.sub.example.com postfix/smtpd[26773]: disconnect from otherhostname[private-ip-address]
host.sub.example.com postfix/smtp[26781]: ADD161407D1: to=, relay=alt2.aspmx.l.google.com[74.125.205.26]:25, delay=16, delays=0.02/0/16/0.31, dsn=4.7.0, status=deferred (host alt2.aspmx.l.google.com[74.125.205.26] said: 421-4.7.0 [public-ip-address 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending IP address. 421-4.7.0 To protect our users from spam, mail sent from your IP address has 421-4.7.0 been temporarily rate limited. Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. 65si8149735lfw.365 - gsmtp (in reply to end of DATA command))



Generated by the following telnet exchange:



Trying private-ip-address...
Connected to private-ip-address.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix (Ubuntu)
HELO mail.example.com
MAIL FROM: mailfrom@mail.example.com

RCPT TO: work.email@example.com
DATA
From: fromheader@mail.example.com
Subject: word1 word2
Line1
Line2
Line3
.
250 mail.example.com
250 2.1.0 Ok

250 2.1.5 Ok
354 End data with .
250 2.0.0 Ok: queued as ADD161407D1
QUIT
221 2.0.0 Bye
Connection closed by foreign host.






For completeness' sake this is my current configuration, using mostly default values:



smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = mail.example.com
myorigin = /etc/mailname
mydestination = mail.example.com localhost

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 private-ip-network
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtp_generic_maps = hash:/etc/postfix/generic






Questions:



Why can I send mail locally from the SMTP server, but not from hosts connecting remotely to it?



Could it have something to do with reverse DNS or SPF records? If so, why aren't all emails blocked?



Could it have to do with the fact that I haven't configured authentication yet?







I hope I'm not overlooking something completely obvious. I barely have any experience with mail servers and I've only ever done anything slightly related in a small project at school using postfix+dovecot and local users.



Thank you very much for taking the time to read this, and I apologize if I've missed something in terms of what's appropriate to ask here. I'm a new user and I'm still learning the ropes, so to speak.


Answer



One of the emails finally came through to my inbox. I've looked at the raw message and there are some differences between the two.



This is the email that was originally filtered but finally came through:



Delivered-To: work.email@example.com

Received: by 10.182.80.36 with SMTP id o4csp1373399obx;
Mon, 30 Jan 2017 04:43:46 -0800 (PST)
X-Received: by 10.25.22.211 with SMTP id 80mr2073754lfw.89.1485780226765;
Mon, 30 Jan 2017 04:43:46 -0800 (PST)
Return-Path:
Received: from mail.example.com (ec2-etc.compute.amazonaws.com. [public-ip-address])
by mx.google.com with ESMTP id q189si8223874lfe.362.2017.01.30.04.43.46
for ;
Mon, 30 Jan 2017 04:43:46 -0800 (PST)
Received-SPF: neutral (google.com: public-ip-addres is neither permitted nor denied by best guess record for domain of mailfrom@mail.example.com) client-ip=public-ip-address;

Authentication-Results: mx.google.com;
spf=neutral (google.com: public-ip-address is neither permitted nor denied by best guess record for domain of mailfrom@mail.example.com) smtp.mailfrom=mailfrom@mail.example.com
Date: Mon, 30 Jan 2017 04:43:46 -0800 (PST)
Message-Id: <588f3502.c6a7190a.dccd4.4f34SMTPIN_ADDED_MISSING@mx.google.com>
Received: from mail.example.com (otherhostname [private-ip-address]) by mail.example.com (Postfix) with SMTP id ADD161407D1 for ; Mon, 30 Jan 2017 11:55:27 +0000 (UTC)
From: fromheader@mail.example.com
Subject: subjectline

Line1
Line2






This is the email that worked from the start:



Delivered-To: work.email@example.com
Received: by 10.182.80.36 with SMTP id o4csp319976obx;
Fri, 27 Jan 2017 09:59:19 -0800 (PST)
X-Received: by 10.84.195.1 with SMTP id i1mr14082000pld.77.1485539959249;

Fri, 27 Jan 2017 09:59:19 -0800 (PST)
Return-Path:
Received: from mail.example.com (ec2-etc.compute.amazonaws.com. [public-ip-address])
by mx.google.com with ESMTP id h125si7036671wme.3.2017.01.27.09.59.18
for ;
Fri, 27 Jan 2017 09:59:19 -0800 (PST)
Received-SPF: neutral (google.com: public-ip-address is neither permitted nor denied by best guess record for domain of no-reply@mail.example.com) client-ip=public-ip-address;
Authentication-Results: mx.google.com;
spf=neutral (google.com: public-ip-address is neither permitted nor denied by best guess record for domain of no-reply@mail.example.com) smtp.mailfrom=no-reply@mail.example.com
Received: by mail.example.com (Postfix, from userid 1001) id 61C031407CF; Fri, 27 Jan 2017 17:49:22 +0000 (UTC)

Subject: This is the subject line
To:
X-Mailer: mail (GNU Mailutils 2.99.98)
Message-Id: <20170127174922.61C031407CF@mail.example.com>
Date: Fri, 27 Jan 2017 17:49:22 +0000 (UTC)
From: Filipe Simoes

This is the body of the email



A notable difference is in the lines Message-Id and Received.



Filtered email:



Message-Id: <588f3502.c6a7190a.dccd4.4f34SMTPIN_ADDED_MISSING@mx.google.com>
Received: from mail.example.com (otherhostname [private-ip-address]) by mail.example.com (Postfix) with SMTP id ADD161407D1 for ; Mon, 30 Jan 2017 11:55:27 +0000 (UTC)


Unfiltered email:




Message-Id: <20170127174922.61C031407CF@mail.example.com>
Received: by mail.example.com (Postfix, from userid 1001) id 61C031407CF; Fri, 27 Jan 2017 17:49:22 +0000 (UTC)


So apparently google doesn't like it when postfix relays messages from a remote source, but is totally fine with it sending emails directly.



The problem was the Message-Id! When sending mail through telnet, the message-id - which is usually generated by the mail client - wasn't getting set properly. When I added a message-id like Message-Id: <20170130155222.61C031407CF@mail.example.com> to the headers after the DATA command, the message went through to my inbox almost instantly.


Monday, August 19, 2019

HP Proliant Array Configuration Utility shows 4TB drive size as zero



I tried adding a pair of 4TB WD RE disks to a HP Proliant ML350 G6 server, but the ACU utility shows them as having a capacity of 0.0 GB.



Is this a known issue? From the documentation for the Smart Array P410 Controller, I believe it should support 4TB drives. I am not planning on using them as a boot drive either, just to add some RAID1 storage to the box.


Answer



Definitely upgrade the firmware of your Smart Array P410i controller and the entire server.



4TB disks are compatible with this server and RAID controller provided you're on the right firmware.




Please understand that consumer SATA disks will downshift to 3Gbps speeds on this controller, so that's a factor.


Saturday, August 17, 2019

nat - DLink dsl-g604t port forwarding inside network

I have a D-Link DSL-G604T. I have a dns that resolves a URL to its IP address.




I port forward port 80 to a computer. All works fine - except when I try to access that URL inside the network, instead of seeing the webpage I'm trying to view it just shows me the router's management webpage.



It's really annoying. Is there any way to fix this?

Friday, August 16, 2019

linux - Virtual Host Web Files Not Being Served



I am attempting to serve web files via virtual host, but Apache keep blocking the directory's files. All that will show is the default Apache Welcome page.




index.html gets a permissions error, and index2.html (which does not exist) get file not found error - as expected; so the virtual host conf files are being read.



Error Log:



(13)Permission denied: access to /index.html denied


httpd.conf



ServerTokens OS

ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

StartServers 8
MinSpareServers 5
MaxSpareServers 20

ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000


StartServers 4
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25

MaxRequestsPerChild 0

Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so

LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so

LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so

LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so

LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off

DocumentRoot "/var/www/html"

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all



UserDir disabled

DirectoryIndex index.html index.html.var index.php
AccessFileName .htaccess

Order allow,deny
Deny from all
Satisfy All


TypesConfig /etc/mime.types
DefaultType text/plain

MIMEMagicFile conf/magic

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"

Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny

Allow from all


# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride None
Options None

Order allow,deny
Allow from all

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe

AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for

AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif

ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo

AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl

AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"




AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr

ForceLanguagePriority Prefer Fallback



BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully

BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
NameVirtualHost *
Include vhosts.d/*.conf



Example of an included vhost file created via WebMin (myvhostname.conf):




DocumentRoot /srv/vhosts/myvhostname/htdocs
ServerName mydomainname.com

allow from all
Options +Indexes





Permissions:



/etc/httpd/vhosts.d - 751 root:root
/etc/httpd/vhosts.d/(configuration files) - 644 root:root
/srv/vhosts - 751 root:root
/srv/vhosts/(vhost directories) - 751 root:root
/srv/vhosts/(vhost directories)/htdocs - 751 apache:apache
/srv/vhosts/(vhost directories)/htdocs/(web files) - 644 apache:apache



htdocs Permissions



-rw-r--r--.  1 apache apache     0 Apr 14 09:28 index.html
-rw-r--r--. 1 apache apache 418 Sep 24 2013 index.php
-rw-r--r--. 1 apache apache 19929 Jan 18 2013 license.txt
-rw-r--r--. 1 apache apache 7185 Apr 7 15:40 readme.html
-rw-r--r--. 1 apache apache 4892 Oct 4 2013 wp-activate.php
drwxr-xr-x. 9 apache apache 4096 Apr 8 14:44 wp-admin

-rw-r--r--. 1 apache apache 271 Jan 8 2012 wp-blog-header.php
-rw-r--r--. 1 apache apache 4795 Sep 5 2013 wp-comments-post.php
-rw-r--r--. 1 apache apache 3087 Oct 24 18:58 wp-config-sample.php
drwxr-xr-x. 4 apache apache 4096 Apr 8 14:44 wp-content
-rw-r--r--. 1 apache apache 2932 Sep 24 2013 wp-cron.php
drwxr-xr-x. 12 apache apache 4096 Apr 8 14:44 wp-includes
-rw-r--r--. 1 apache apache 2380 Oct 24 18:58 wp-links-opml.php
-rw-r--r--. 1 apache apache 2359 Oct 24 18:58 wp-load.php
-rw-r--r--. 1 apache apache 31909 Dec 3 15:12 wp-login.php
-rw-r--r--. 1 apache apache 8235 Nov 13 06:58 wp-mail.php

-rw-r--r--. 1 apache apache 10880 Nov 4 19:24 wp-settings.php
-rw-r--r--. 1 apache apache 25665 Nov 12 22:23 wp-signup.php
-rw-r--r--. 1 apache apache 4026 Oct 24 18:58 wp-trackback.php
-rw-r--r--. 1 apache apache 3015 Oct 24 22:29 xmlrpc.php

Answer



It might be an SELinux problem. Make sure that the context of your htdocs folder and it's subfolders/files are set to httpd_sys_content_t.



See http://wiki.centos.org/HowTos/SELinux for more details on all the different apache contexts.


hard drive - Is it safe to place write-intensive partitions on an SSD (in an SSD+HDD system)?



I'm setting up a (sort of) powerful workstation for SW development work on Linux. It's a Xeon system with multiple cores, 32GB memory, a large HDD and a 120 GB SSD (Samsung
MZ7WD120HAFV a.k.a. SM843T).



I have to decide which partitions to put on the HDD, and which on the SSD. I'm getting conflicting recommendations on this question:





  • "Don't put frequently-write-intensive partitions on the SSD, you'll shorten its lifetime significantly, it might fail within several months that way." (similar to this answer)

  • "If you have a 2nd or 3rd generation SSD (that means any drive with TRIM) then you don't have to treat it any different than a regular HDD: you can put write intensive files, journal and swap on it." (from this answer here on the site)



Both performance and stability are important to me, although this is not a mission-critical server. So, what should I do?



Notes:





  • Of course, I'll have some sort of backup scheme for my critical data, the question is not about that.


Answer



The Samsung SM843T is a very nice looking SSD. The key points you want to look at in an SSD datasheet are the figures talking about drive longevity, which may be expressed as device writes per day or TB written. The SM843T datasheet has both, and more usefully has the figure for both random and sequential workloads.



A random workload means 100% random 4K writes with an IO Queue depth of 32 - this is the figure that most SSD datasheets will quote, particularly for consumer grade drives that have figures like '20GB/day for 3 years'.



The SM843T, however, claims 2x device writes per day for 5 years for random workloads, or 11 x device writes per day for sequential workloads. This is much better than any of the other consumer grade SSDs currently available (and indeed, the SM843T is marketted as a datacentre drive).




I won't say you won't wear this SSD out ahead of time, because I'm sure you could (2x device writes per day on a 120GB drive is only a constant ~690 IOPs, which isn't that much after all), but if you're just doing software development on this machine I really doubt you'll come anywhere close to those figures.



If you're interested, you can monitor the SSD's internal SMART counters for wearout. The exact attributes are different depending on the SSD controller used, but if you want the general gist of what to look for then I wrote about it here.


raid - How does LSI MegaRAID actually lay out RAID10 sets?



I'm trying to set up a RAID10 set on an LSI MegaRAID controller. It is unclear to me how the RAID controller will actually lay out the RAID set on the physical drives.



Part of the problem is that MegaRAID seems to use terms very inconsistently; the same idea often has multiple terms, and it seems as if sometimes they use the same term to refer to multiple ideas. I'm going to try to use the terms that the MegaCli command seems to use most frequently.



MegaRAID requires that there be two to eight arrays within a RAID10 set. Each array must contain physical drives in multiples of two. Each array in the RAID10 set must have the same number of physical drives.



Is each array a RAID10 set, and then the arrays are joined together? If so, does the fact that the arrays have to be the same size imply that the arrays are being striped? If so, given that each array is striped, and then there's an additional layer of striping on top of that, should I be concerned about that redundancy in regards to performance? (Or would it be a good thing?)




If each array is a RAID10 set, though, why does MegaRAID require that you have at least two of them?



If each array is not a RAID10 set, why does it require that arrays have physical drives in multiples of two?



In the documentation, it refers to arrays as spans, which it elsewhere defines like this:




Disk spanning allows multiple drives to function like one big drive. Spanning overcomes lack of disk space and simplifies storage management by combining existing resources or adding relatively inexpensive resources. For example, four 20 GB drives can be combined to appear to the operating system as a single 80 GB drive. Spanning alone does not provide reliability or performance enhancements. Spanned virtual drives must have the same stripe size and must be contiguous.





Which, to me, implies concatenation, or, at best, striping. Let's be generous and call it RAID0.



So if I have to define two arrays, and arrays are spans, and spans are RAID0, then I'm defining two RAID0 sets. And if I have to define two of them, it'd make sense that it's mirroring those. But that would be a RAID1 of two RAID0s, or RAID0+1, which is bad.



I'd expect, then, that if I defined three arrays, that would be creating a three-way mirror of RAID0 sets, but if I actually do that, the logical drive still has half the capacity of all the drives in total, not a third. So that conclusion doesn't make sense, either.



The problem is that I have 18 drives I want in a RAID10 set. In every other RAID system I've used, I'd just create 9 two-drive mirrors and then stripe them, but I can't do that with MegaRAID. Because there have to be between two and eight arrays, and each array must have an even number of drives, the only config I can come up with that works is three arrays of six drives each, but I just feel strange doing that without having a better notion of how those disks are actually going to be laid out.



Am I overthinking this? Should I just let MegaRAID do its thing and just hope that the drives are laid out optimally?


Answer




LSI claim that their approach to RAID 10 differs from the standard definition because they follow the SNIA specification.




With MegaRAID RAID 1 can consist of from two drives (the more
traditional definition) to up to sixteen drives. MegaRAID RAID 1 must
be an even number of drives. With MegaRAID 1, if more than two drives
are in the Virtual Drive (VD), then the VD consists of striped
mirrored pairs. In other words, what traditionally would be
considered RAID 10 (striped mirror pairs) is reported by MegaRAID as
RAID 1.




With MegaRAID RAID 10, instead of the traditional method of having
striped mirrored pairs, MegaRAID uses SNIA PRL=11, RLQ=0
For example, while a traditional eight drive RAID 10 would consist of
eight mirrored pairs striped together, MegaRAID 'RAID 10' is actually
four drives in a traditional RAID 10 span (two mirrored pairs striped)
in a span striped with another four drives of striped mirrored pairs.
Up to eight of these spans are supported.





Which means that if you want RAID10, choose what LSI labels RAID1. What LSI labels as RAID10 is what might be better referred to as RAID100 or RAID 1+0+0.


Wednesday, August 14, 2019

Why is my LAN saying "unidentified network"? (Help setting up server architecture)




as some of you may be aware, I'm currently involved in an on-going saga in getting our servers up and running. As pretty much a newb, I'm slowly making progress, but I've hit a stumbling block.



Here's a bit more about us: We're a website. We've grown too big for our server and hit the ceiling our lowly PowerEdge can handle. For a solution we're adding two servers: One as a Firewall/Router/VPN and one as a Web Application server. The original will be altered to become a DB server.



All three boxes are running Windows Server 2008 R2 and I'm using RRAS to configure it all. All three boxes are DIRECTLY connected (there are no hardware hubs, switches or routers).



This diagram hopefully gives a clearer idea of what I'm talking about (even though it's pretty vague).



alt text




The IP addresses are the static IPs I'm configuring for each network adapter.



Focussing on the "left-hand leg" (10.0.1.1 to 10.0.2.1), we currently have the following setup:



FIREWALL/ROUTER



For the adapter facing the Web App server (10.0.1.1):




  • IP: 10.0.1.1


  • Subnet: 255.255.255.0

  • Default gateway: (blank)



WEB APPLICATION SERVER



For the adapter facing the Firewall/Router (10.0.2.1):




  • IP: 10.0.2.1


  • Subnet: 255.255.255.0

  • Default gateway: 10.0.1.1



What's odd is that the Web Application server thinks that the connection is an identified network and thus I've been able to set it to Private Network (Work), but on the Firewall/Router it classes the connection to the Web Application server as unidentified Public.



Why would it do this? How can I fix it? What should I put in the (blank) space?



Thankfully the Web Application server is able to get an internet connection through RRAS's NAT on the Firewall/Router, so things appear to be configured correctly so far. Am I going about this the right way?




Thanks for any help or pointers.



UPDATE



Thanks to advice from Massimo and Sim, we've decided to get a switch. Now our configuration looks more like this...



alt text



Thanks again, folks. This has been (and will continue to be) a real learning experience.


Answer




This is the same question as "Windows 7, network connection with no default gateway: any way to change the “Unknown network” status?".



Short answer is: this is normal behavior. Unfortunately you won't be able to make the "unidentified network" message go away unless you specify a default gateway on the adapter. The specified gateway must respond to ARP requests (meaning: it must be alive).


remote desktop - RDP exits immediately after connecting to Windows Server 2008 R2




Background: I recently got a Windows cloud VPS server. I don't have much experience with server admin (I'm a programmer), and what little I do have is with linux servers.



Ever since getting the server I've been having issues with RDP. I can connect about two or three times, after which point I can't connect until one of the tech guys "fixes" it (see below). When I connect, I can stay connected for hours with no problem.



When the problem connecting starts, the first time I try to log in, the remote desktop window pops up, starts connecting, and then exits with "Your Remote Desktop session has ended". After that, for about 10-20 minutes if I try to connect again, the connections times out with




Remote Desktop can't connect to the computer for one of these reasons: 1) Remote access on the server is not enabled 2) The remote computer is turned off 3) The remote computer is not available on the network





then goes back to connecting once and immediately disconnecting.



All of the updates are installed. The firewall has been correctly configured to let RDP traffic through. The remote setting is "Allow connections from computers running any version of Remote Desktop". I tried creating a second user, and when I can't connect, I can't connect to that user either. I've tried both soft and hard reboots, neither of which help. I've tried connecting from two different computers (both running Windows 7) from two different networks (work and home), and the behavior is the same.



Everything else on the server continues to run fine (IIS-served http pages, Tomcat-served java pages, svn, ping).



The "fix" that the tech guys supply is simply logging into the console on their end, after which point I can connnect 2 or 3 times again.



The event viewer on the server has "authentication failure" (or something similar) events generated when I attempt to log in and can't. I can't get to the actual event at the moment as I'm currently in the can't connect stage, and waiting for the techs to log in. But when I searched for the event earlier this morning I couldn't find anything useful.




Can anyone help?


Answer



I had a similar thing as well with regards to Windows Updates. One of the updates seemed to disable RDP and VNC Services but local login was fine.



I ended up having LogMeIn installed by a local tech and when I logged in with my account I found a dialog waiting for me to click on that said 'Windows Service Pack 1 installed Successfully' or something to that effect. After clicking OK everything worked fine.



Thanks Microsoft.


Tuesday, August 13, 2019

windows server 2008 - Adding Static IP's to the NIC




We are currently working on migrating a lot of new machines to our network, and my job this morning was to setup all of the IP Addresses. I worked on this all morning, and when I got back tonight I was informed that they had all been setup incorrectly, and had to be removed and re-added. I am quite confused as I have been setting up IP's on machines for a long time and I am curious as to what the issue is.



Just taking into account this example...



72.26.196.160/29
255.255.255.248



A /29 block is 5 usable IP's. With the script I wrote and used, the IP Addresses .162 - .166 were added to the NIC. I can't remember now what the name for .161 was, but isn't it the broadcast address or something which isn't assigned to the NIC when adding additional IP Blocks?



I am curious as to where my logic is failing me. Not to mention even if .161 was to be added, there is no reason why all of the IPs would have to be removed, as .161 could just be added in addition to these.



Answer



Your logic is failing you. 72.26.196.160/29 provides for 6 useable ip addresses:



72.26.196.161 through 72.26.196.166



72.26.196.160 is the network address (Subnet ID) and 72.26.196.167 is the broadcast address



Aside from that, your question doesn't really make sense. Can you provide some additional detail and context?


Monday, August 12, 2019

virtual machines - linux OOM-kill why?

.

Greetings, fellow admins. I post in the hope of shedding light on the OOM-kills that haunt one of my company's machines. I cannot decide if they are legit OOMs or not.



It's a Centos 6.x with kernel 2.6.32-279.1.1.el6.x86_64.



Ram 8 gb, cpu athlon2-x4.



The big processes are mysql and vmware player 4, with a max of respectively 2 and 4 GB of ram constantly allocated plus some overhead. (Vmware is the one which gets killed, because of its bigger size.)



There's daemons running other than these 2, but they are very small, and very lightly loaded, so I dont understand where the remaining 1/1.5 gig of ram would disappear, not counting the huge swap...




Also, the kills happen only while it is running the backup cronjobs at night. (These are simple shell scripts with standard tools which dump some databases and zip some web and mailbox directories.)



Here, for example, it was doing a mysqldump -- and it's the first time it happens with this particular task.
It used to happen almost every time, also coupled with 'page allocation failure', when I ran rsyncs or zips of a big directory tree (~1 million small files). BUT I moved all that to another machine with zfs: after this operation, the killer left me alone, for a while..



I hate that after juggling with the issue for months, reading and re reading every thread on the internet, I still cannot relate the info to my case.
There is swap, why it doesn't swap instead of killing? And who takes all the ram anyway? (In the beginning there were a couple of legit memory leakers and I got them.) Can't be fragmentation either, as the failed requests are of order zero..



I paste some data before the actual kill logs:





vm.swappiness = 100
vm.vfs_cache_pressure = 5000
vm.min_free_kbytes = 262144


(these I added to try fixing it, they're probably a bit extreme but it runs smoothly anyway)



I experimented, in vain, with overcommit_memory=2, too. Isn't that supposed to disable the killer?




This is the normal memory status of the system.
Note that vmware's ram counts as cache, because of the mmap-ed vmem.
And by the way, vmware is set to allow reclaiming/swapping of vm memory. And it doesn't do it, ever.




total used free shared buffers cached
Mem: 7800792 7400032 400760 0 61100 4449196
-/+ buffers/cache: 2889736 4911056
Swap: 8388600 761588 7627012


SwapCached: 286648 kB
PageTables: 40200 kB
CommitLimit: 15409312 kB
Committed_AS: 8099460 kB
AnonHugePages: 192512 kB

Node 0, zone DMA 4 1 1 3 1 1 0 0 1 1 3
Node 0, zone DMA32 378 1476 2541 1491 328 240 74 28 8 0 0
Node 0, zone Normal 1555 124 956 1825 659 175 54 31 15 0 0




Finally, the OOM:






Jan 2 21:37:38 : vmware-vmx invoked oom-killer: gfp_mask=0xd0, order=0, oom_adj=0, oom_score_adj=0
Jan 2 21:37:38 : vmware-vmx cpuset=/ mems_allowed=0
Jan 2 21:37:38 : Pid: 19635, comm: vmware-vmx Not tainted 2.6.32-279.1.1.el6.x86_64 #1

Jan 2 21:37:38 : Call Trace:
Jan 2 21:37:38 : [] ? cpuset_print_task_mems_allowed+0x91/0xb0
Jan 2 21:37:38 : [] ? dump_header+0x90/0x1b0
Jan 2 21:37:38 : [] ? __delayacct_freepages_end+0x2e/0x30
Jan 2 21:37:38 : [] ? security_real_capable_noaudit+0x3c/0x70
Jan 2 21:37:38 : [] ? oom_kill_process+0x82/0x2a0
Jan 2 21:37:38 : [] ? select_bad_process+0xe1/0x120
Jan 2 21:37:38 : [] ? out_of_memory+0x220/0x3c0
Jan 2 21:37:38 : [] ? __alloc_pages_nodemask+0x89e/0x940
Jan 2 21:37:38 : [] ? alloc_pages_current+0xaa/0x110

Jan 2 21:37:38 : [] ? __get_free_pages+0xe/0x50
Jan 2 21:37:38 : [] ? __pollwait+0xb4/0xf0
Jan 2 21:37:38 : [] ? eventfd_poll+0x7d/0x80
Jan 2 21:37:38 : [] ? do_sys_poll+0x29b/0x520
Jan 2 21:37:38 : [] ? __pollwait+0x0/0xf0
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60

Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? pollwake+0x0/0x60
Jan 2 21:37:38 : [] ? read_tsc+0x9/0x20
Jan 2 21:37:38 : [] ? ktime_get_ts+0xa9/0xe0
Jan 2 21:37:38 : [] ? poll_select_set_timeout+0x8d/0xa0
Jan 2 21:37:38 : [] ? sys_ppoll+0x4c/0x180
Jan 2 21:37:38 : [] ? system_call_fastpath+0x16/0x1b
Jan 2 21:37:38 : Mem-Info:

Jan 2 21:37:38 : Node 0 DMA per-cpu:
Jan 2 21:37:38 : CPU 0: hi: 0, btch: 1 usd: 0
Jan 2 21:37:38 : CPU 1: hi: 0, btch: 1 usd: 0
Jan 2 21:37:38 : CPU 2: hi: 0, btch: 1 usd: 0
Jan 2 21:37:38 : CPU 3: hi: 0, btch: 1 usd: 0
Jan 2 21:37:38 : Node 0 DMA32 per-cpu:
Jan 2 21:37:38 : CPU 0: hi: 186, btch: 31 usd: 175
Jan 2 21:37:38 : CPU 1: hi: 186, btch: 31 usd: 40
Jan 2 21:37:38 : CPU 2: hi: 186, btch: 31 usd: 180
Jan 2 21:37:38 : CPU 3: hi: 186, btch: 31 usd: 152

Jan 2 21:37:38 : Node 0 Normal per-cpu:
Jan 2 21:37:38 : CPU 0: hi: 186, btch: 31 usd: 170
Jan 2 21:37:38 : CPU 1: hi: 186, btch: 31 usd: 67
Jan 2 21:37:38 : CPU 2: hi: 186, btch: 31 usd: 108
Jan 2 21:37:38 : CPU 3: hi: 186, btch: 31 usd: 63
Jan 2 21:37:38 : active_anon:1467089 inactive_anon:263165 isolated_anon:64
Jan 2 21:37:38 : active_file:12404 inactive_file:65792 isolated_file:96
Jan 2 21:37:38 : unevictable:2 dirty:66080 writeback:1 unstable:0
Jan 2 21:37:38 : free:73888 slab_reclaimable:8971 slab_unreclaimable:10661
Jan 2 21:37:38 : mapped:780904 shmem:1035969 pagetables:10566 bounce:0

Jan 2 21:37:38 : Node 0 DMA free:15688kB min:500kB low:624kB high:748kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15284kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
Jan 2 21:37:38 : lowmem_reserve[]: 0 3254 7799 7799
Jan 2 21:37:38 : Node 0 DMA32 free:127608kB min:109180kB low:136472kB high:163768kB active_anon:2209600kB inactive_anon:441980kB active_file:35784kB inactive_file:207948kB unevictable:8kB isolated(anon):0kB isolated(file):256kB present:3333024kB mlocked:8kB dirty:211888kB writeback:0kB mapped:955900kB shmem:1376604kB slab_reclaimable:20276kB slab_unreclaimable:6460kB kernel_stack:488kB pagetables:8856kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:580800 all_unreclaimable? no
Jan 2 21:37:38 : lowmem_reserve[]: 0 0 4545 4545
Jan 2 21:37:38 : Node 0 Normal free:152256kB min:152456kB low:190568kB high:228684kB active_anon:3658756kB inactive_anon:610680kB active_file:13832kB inactive_file:55220kB unevictable:0kB isolated(anon):256kB isolated(file):128kB present:4654080kB mlocked:0kB dirty:52432kB writeback:4kB mapped:2167716kB shmem:2767272kB slab_reclaimable:15608kB slab_unreclaimable:36184kB kernel_stack:3016kB pagetables:33408kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:410848 all_unreclaimable? no
Jan 2 21:37:38 : lowmem_reserve[]: 0 0 0 0
Jan 2 21:37:38 : Node 0 DMA: 4*4kB 1*8kB 1*16kB 3*32kB 1*64kB 1*128kB 0*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB = 15688kB
Jan 2 21:37:38 : Node 0 DMA32: 240*4kB 925*8kB 1553*16kB 748*32kB 253*64kB 152*128kB 56*256kB 28*512kB 6*1024kB 0*2048kB 0*4096kB = 127608kB
Jan 2 21:37:38 : Node 0 Normal: 1155*4kB 1362*8kB 2962*16kB 860*32kB 330*64kB 113*128kB 23*256kB 18*512kB 9*1024kB 1*2048kB 0*4096kB = 152380kB
Jan 2 21:37:38 : 1162322 total pagecache pages

Jan 2 21:37:38 : 48040 pages in swap cache
Jan 2 21:37:38 : Swap cache stats: add 3148787, delete 3100747, find 1726176/2015458
Jan 2 21:37:38 : Free swap = 7750696kB
Jan 2 21:37:38 : Total swap = 8388600kB
Jan 2 21:37:38 : 2031600 pages RAM
Jan 2 21:37:38 : 81402 pages reserved
Jan 2 21:37:38 : 1987047 pages shared
Jan 2 21:37:38 : 707527 pages non-shared
Jan 2 21:37:38 : [ pid ] uid tgid total_vm rss cpu oom_adj oom_score_adj name
Jan 2 21:37:38 : [ 457] 0 457 2673 90 1 -17 -1000 udevd

Jan 2 21:37:38 : [ 1261] 0 1261 62271 293 0 0 0 rsyslogd
Jan 2 21:37:38 : [ 1275] 0 1275 1171 91 0 0 0 mdadm
Jan 2 21:37:38 : [ 1284] 81 1284 5382 159 1 0 0 dbus-daemon
Jan 2 21:37:38 : [ 1295] 70 1295 6946 160 2 0 0 avahi-daemon
Jan 2 21:37:38 : [ 1296] 70 1296 6914 27 1 0 0 avahi-daemon
Jan 2 21:37:38 : [ 1344] 68 1344 6292 346 0 0 0 hald
Jan 2 21:37:38 : [ 1345] 0 1345 4524 152 0 0 0 hald-runner
Jan 2 21:37:38 : [ 1391] 0 1391 5053 87 2 0 0 hald-addon-inpu
Jan 2 21:37:38 : [ 1406] 0 1406 6014 103 2 0 0 vmware-usbarbit
Jan 2 21:37:38 : [ 1420] 0 1420 16028 119 1 -17 -1000 sshd

Jan 2 21:37:38 : [ 1439] 38 1439 7539 146 0 0 0 ntpd
Jan 2 21:37:38 : [ 1483] 0 1483 29309 135 2 0 0 crond
Jan 2 21:37:38 : [ 1494] 0 1494 5362 47 2 0 0 atd
Jan 2 21:37:38 : [ 1511] 501 1511 25371 5751 1 0 0 Xvnc
Jan 2 21:37:38 : [ 1521] 501 1521 26513 66 0 0 0 sh
Jan 2 21:37:38 : [ 1532] 512 1532 21634 461 0 0 0 Xvnc
Jan 2 21:37:38 : [ 1541] 501 1541 5006 82 1 0 0 dbus-launch
Jan 2 21:37:38 : [ 1542] 501 1542 5382 141 2 0 0 dbus-daemon
Jan 2 21:37:38 : [ 1546] 501 1546 5629 283 0 0 0 xfconfd
Jan 2 21:37:38 : [ 1551] 501 1551 28034 71 3 0 0 gpg-agent

Jan 2 21:37:38 : [ 1561] 501 1561 57668 351 1 0 0 xfce4-session
Jan 2 21:37:38 : [ 1565] 501 1565 49604 290 2 0 0 xfsettingsd
Jan 2 21:37:38 : [ 1567] 501 1567 55385 549 1 0 0 xfwm4
Jan 2 21:37:38 : [ 1569] 501 1569 59719 1148 2 0 0 xfce4-panel
Jan 2 21:37:38 : [ 1571] 501 1571 56642 311 1 0 0 Thunar
Jan 2 21:37:38 : [ 1573] 501 1573 81823 695 3 0 0 xfdesktop
Jan 2 21:37:38 : [ 1582] 501 1582 56799 339 1 0 0 xfce4-settings-
Jan 2 21:37:38 : [ 1584] 0 1584 520550 188 1 0 0 console-kit-dae
Jan 2 21:37:38 : [ 1650] 501 1650 55456 487 3 0 0 panel-6-systray
Jan 2 21:37:38 : [ 1654] 512 1654 26513 65 0 0 0 sh

Jan 2 21:37:38 : [ 1669] 512 1669 5006 68 2 0 0 dbus-launch
Jan 2 21:37:38 : [ 1670] 512 1670 5383 135 0 0 0 dbus-daemon
Jan 2 21:37:38 : [ 1674] 512 1674 5629 264 3 0 0 xfconfd
Jan 2 21:37:38 : [ 1680] 512 1680 28034 70 3 0 0 gpg-agent
Jan 2 21:37:38 : [ 1683] 500 1683 27549 6909 2 0 0 Xvnc
Jan 2 21:37:38 : [ 1694] 512 1694 57667 346 2 0 0 xfce4-session
Jan 2 21:37:38 : [ 1699] 512 1699 55386 461 1 0 0 xfwm4
Jan 2 21:37:38 : [ 1701] 512 1701 66152 1404 2 0 0 xfce4-panel
Jan 2 21:37:38 : [ 1703] 512 1703 56617 235 0 0 0 Thunar
Jan 2 21:37:38 : [ 1705] 512 1705 85537 529 1 0 0 xfdesktop

Jan 2 21:37:38 : [ 1707] 512 1707 49604 285 1 0 0 xfsettingsd
Jan 2 21:37:38 : [ 1715] 512 1715 56799 312 0 0 0 xfce4-settings-
Jan 2 21:37:38 : [ 1717] 512 1717 55456 438 3 0 0 panel-4-systray
Jan 2 21:37:38 : [ 1721] 500 1721 26513 66 0 0 0 sh
Jan 2 21:37:38 : [ 1740] 500 1740 5006 68 1 0 0 dbus-launch
Jan 2 21:37:38 : [ 1741] 500 1741 5383 167 2 0 0 dbus-daemon
Jan 2 21:37:38 : [ 1745] 500 1745 5629 275 1 0 0 xfconfd
Jan 2 21:37:38 : [ 1757] 500 1757 28070 139 3 0 0 gpg-agent
Jan 2 21:37:38 : [ 1758] 0 1758 1542 83 3 0 0 pptpd
Jan 2 21:37:38 : [ 1774] 500 1774 57667 356 0 0 0 xfce4-session

Jan 2 21:37:38 : [ 1779] 500 1779 55674 785 2 0 0 xfwm4
Jan 2 21:37:38 : [ 1781] 500 1781 65790 1363 1 0 0 xfce4-panel
Jan 2 21:37:38 : [ 1783] 500 1783 82194 451 0 0 0 Thunar
Jan 2 21:37:38 : [ 1785] 500 1785 85642 813 2 0 0 xfdesktop
Jan 2 21:37:38 : [ 1790] 500 1790 49604 283 2 0 0 xfsettingsd
Jan 2 21:37:38 : [ 1800] 500 1800 38863 313 3 0 0 xterm
Jan 2 21:37:38 : [ 1807] 500 1807 56798 353 3 0 0 xfce4-settings-
Jan 2 21:37:38 : [ 1808] 500 1808 55456 470 1 0 0 panel-6-systray
Jan 2 21:37:38 : [ 1811] 500 1811 27074 69 2 0 0 bash
Jan 2 21:37:38 : [ 1823] 0 1823 4704 145 0 0 0 smartd

Jan 2 21:37:38 : [ 1831] 0 1831 1014 48 2 0 0 mingetty
Jan 2 21:37:38 : [ 1833] 0 1833 1014 48 0 0 0 mingetty
Jan 2 21:37:38 : [ 1835] 0 1835 1014 48 1 0 0 mingetty
Jan 2 21:37:38 : [ 1837] 0 1837 1014 48 2 0 0 mingetty
Jan 2 21:37:38 : [ 1839] 0 1839 1014 49 3 0 0 mingetty
Jan 2 21:37:38 : [ 1843] 0 1843 1014 48 0 0 0 mingetty
Jan 2 21:37:38 : [ 2025] 0 2025 25340 59 2 0 0 vmnet-bridge
Jan 2 21:37:38 : [ 2033] 0 2033 25333 15 1 0 0 vmnet-netifup
Jan 2 21:37:38 : [ 2058] 0 2058 27069 101 0 0 0 vmnet-natd
Jan 2 21:37:38 : [ 2060] 0 2060 25333 15 1 0 0 vmnet-netifup

Jan 2 21:37:38 : [ 2097] 0 2097 30105 82 2 0 0 vmware-authdlau
Jan 2 21:37:38 : [ 2981] 500 2981 36335 76 0 0 0 su
Jan 2 21:37:38 : [ 2984] 0 2984 27074 233 1 0 0 bash
Jan 2 21:37:38 : [ 6347] 500 6347 39207 406 2 0 0 xterm
Jan 2 21:37:38 : [ 6349] 500 6349 27074 70 0 0 0 bash
Jan 2 21:37:38 : [ 6407] 500 6407 36335 77 0 0 0 su
Jan 2 21:37:38 : [ 6410] 0 6410 27074 251 0 0 0 bash
Jan 2 21:37:38 : [ 6481] 0 6481 57857 154 0 0 0 mysql
Jan 2 21:37:38 : [ 6911] 0 6911 19820 120 1 0 0 master
Jan 2 21:37:38 : [ 6914] 89 6914 19889 122 0 0 0 qmgr

Jan 2 21:37:38 : [ 6918] 89 6918 19839 141 0 0 0 tlsmgr
Jan 2 21:37:38 : [17572] 0 17572 103460 2142 3 0 0 Thunar
Jan 2 21:37:38 : [21227] 500 21227 38801 594 0 0 0 xterm
Jan 2 21:37:38 : [21229] 500 21229 27074 73 0 0 0 bash
Jan 2 21:37:38 : [29713] 500 29713 36870 214 3 0 0 lftp
Jan 2 21:37:38 : [32170] 500 32170 38815 184 0 0 0 xterm
Jan 2 21:37:38 : [32172] 500 32172 27074 77 1 0 0 bash
Jan 2 21:37:38 : [32189] 500 32189 36335 86 1 0 0 su
Jan 2 21:37:38 : [32197] 0 32197 27074 93 1 0 0 bash
Jan 2 21:37:38 : [16025] 0 16025 2070 89 3 0 0 pptpctrl

Jan 2 21:37:38 : [16026] 0 16026 5544 108 1 0 0 pppd
Jan 2 21:37:38 : [31174] 0 31174 27073 175 1 0 0 mysqld_safe
Jan 2 21:37:38 : [31909] 27 31909 1143356 587238 1 0 0 mysqld
Jan 2 21:37:38 : [32037] 0 32037 26546 169 0 0 0 mysqld_safe
Jan 2 21:37:38 : [32437] 495 32437 136524 7673 1 0 0 mysqld
Jan 2 21:37:38 : [32449] 0 32449 26546 169 2 0 0 mysqld_safe
Jan 2 21:37:38 : [ 368] 493 368 211813 3831 0 0 0 mysqld
Jan 2 21:37:38 : [ 884] 500 884 27074 310 1 0 0 bash
Jan 2 21:37:38 : [ 1065] 501 1065 122130 2881 3 0 0 vmplayer
Jan 2 21:37:38 : [ 2031] 500 2031 38570 281 0 0 0 xterm

Jan 2 21:37:38 : [ 2034] 500 2034 27074 180 0 0 0 bash
Jan 2 21:37:38 : [ 2051] 500 2051 36335 140 0 0 0 su
Jan 2 21:37:38 : [ 2055] 0 2055 27074 181 2 0 0 bash
Jan 2 21:37:38 : [16591] 501 16591 77851 712 3 0 0 vmware-unity-he
Jan 2 21:37:38 : [16803] 0 16803 26883 237 1 0 0 watch
Jan 2 21:37:38 : [19635] 501 19635 1693624 793343 1 0 0 vmware-vmx
Jan 2 21:37:38 : [ 2186] 0 2186 38139 158 0 0 0 proftpd
Jan 2 21:37:38 : [ 5289] 500 5289 38992 979 3 0 0 xterm
Jan 2 21:37:38 : [ 5291] 500 5291 27074 188 2 0 0 bash
Jan 2 21:37:38 : [ 5344] 500 5344 36335 148 1 0 0 su

Jan 2 21:37:38 : [ 5361] 0 5361 27074 350 0 0 0 bash
Jan 2 21:37:38 : [18529] 500 18529 26514 227 0 0 0 mysql-workbench
Jan 2 21:37:38 : [18534] 500 18534 26514 226 1 0 0 catchsegv
Jan 2 21:37:38 : [18536] 500 18536 26514 77 2 0 0 catchsegv
Jan 2 21:37:38 : [18537] 500 18537 227088 7571 2 0 0 mysql-workbench
Jan 2 21:37:38 : [ 409] 0 409 131527 1556 1 0 0 geany
Jan 2 21:37:38 : [ 410] 0 410 2054 92 2 0 0 gnome-pty-helpe
Jan 2 21:37:38 : [ 411] 0 411 27074 238 1 0 0 bash
Jan 2 21:37:38 : [ 5750] 0 5750 2672 92 0 -17 -1000 udevd
Jan 2 21:37:38 : [ 5753] 0 5753 2672 87 0 -17 -1000 udevd

Jan 2 21:37:38 : [ 5788] 0 5788 10640 594 3 0 0 openvpn
Jan 2 21:37:38 : [ 5792] 0 5792 10640 598 3 0 0 openvpn
Jan 2 21:37:38 : [ 5800] 99 5800 11135 587 3 0 0 openvpn
Jan 2 21:37:38 : [21552] 0 21552 110137 2111 1 0 0 httpd
Jan 2 21:37:38 : [21555] 48 21555 139593 7684 3 0 0 httpd
Jan 2 21:37:38 : [21558] 48 21558 140002 8513 3 0 0 httpd
Jan 2 21:37:38 : [23283] 497 23283 9846 193 1 0 0 dkim-filter
Jan 2 21:37:38 : [23284] 497 23284 33979 524 1 0 0 dkim-filter
Jan 2 21:37:38 : [ 6819] 0 6819 2070 152 3 0 0 pptpctrl
Jan 2 21:37:38 : [ 6820] 0 6820 5544 237 1 0 0 pppd

Jan 2 21:37:39 : [17208] 48 17208 112903 4566 0 0 0 httpd
Jan 2 21:37:39 : [17209] 48 17209 138359 5895 0 0 0 httpd
Jan 2 21:37:39 : [17210] 48 17210 138693 7341 3 0 0 httpd
Jan 2 21:37:39 : [ 1255] 0 1255 24571 713 0 0 0 sshd
Jan 2 21:37:39 : [ 1278] 0 1278 13874 396 1 0 0 sftp-server
Jan 2 21:37:39 : [14064] 48 14064 138202 6622 3 0 0 httpd
Jan 2 21:37:39 : [14065] 48 14065 139625 7776 1 0 0 httpd
Jan 2 21:37:39 : [16899] 48 16899 138543 7523 3 0 0 httpd
Jan 2 21:37:39 : [32639] 89 32639 19924 722 0 0 0 pickup
Jan 2 21:37:39 : [ 4973] 48 4973 136179 4973 3 0 0 httpd

Jan 2 21:37:39 : [ 4976] 48 4976 138478 7371 0 0 0 httpd
Jan 2 21:37:39 : [ 4977] 48 4977 136173 4777 3 0 0 httpd
Jan 2 21:37:39 : [ 5662] 0 5662 35030 336 0 0 0 crond
Jan 2 21:37:39 : [ 5663] 0 5663 2297 282 2 0 0 sh
Jan 2 21:37:39 : [ 5664] 0 5664 2298 302 0 0 0 bash
Jan 2 21:37:39 : [ 5665] 0 5665 15910 437 0 0 0 mutt
Jan 2 21:37:39 : [ 5947] 0 5947 2298 337 1 0 0 bash
Jan 2 21:37:39 : [ 6416] 48 6416 110170 2070 3 0 0 httpd
Jan 2 21:37:39 : [ 6625] 48 6625 110170 1895 0 0 0 httpd
Jan 2 21:37:39 : [ 6642] 0 6642 32679 1632 2 0 0 mysqldump

Jan 2 21:37:39 : Out of memory: Kill process 19635 (vmware-vmx) score 199 or sacrifice child
Jan 2 21:37:39 : Killed process 19635, UID 501, (vmware-vmx) total-vm:6774496kB, anon-rss:74020kB, file-rss:3099352kB


linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...