[vox-tech] DNS issues, security, apache

Cylar Z cylarz at yahoo.com
Sat Aug 20 14:03:11 PDT 2005 

Hey all,

Thanks for the help. Yeah, the box is in a remote
location so if I can't SSH in, I'm kinda screwed. I
knew better than to turn off sshd (that's one of the
ones I left running) even before, but yeah, I had
killed network, so that screwed me over anyway.

Fortunately I was able to physically get to it
yesterday, log in at the console, and restore remote
access by re-enabling the services I'd shut off. It
seems to be letting me in remotely just fine now.

I made a note of your clarification about the
resolv.conf file, and so I edited it as suggested.
That seems to have done the trick. Thank you.

Another question. For some reason, httpd has stopped.
When I type 

/root>service httpd restart

Stopping httpd:            [FAILED]
Starting httpd: (98)Address already in use: make_sock:
could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
                                                      
    [FAILED]

What's this about? Why is it trying to listen on
0.0.0.0 instead of my actual IP?

Oddly enough, while the box is "up" now, it responds
only "intermittently." Sometimes it responds to pings,
HTTP requests, and SSH attempts; at other times I get
nothing on all three. I'm scratching my head.

I've made a note of the daemon list Mark has provided
and your notes on SCP. Thank you.

I do have an iptables firewall up, but it's configured
to allow SSH, HTTP, FTP, and Sendmail through. Those
are the exceptions I selected. 

I've been using the "setup" configuration tool
available at Fedora Core's command prompt to turn
services on/off and configure the firewall - is there
really a reason I need to go into rc.d and mess with
things in there directly?

Thanks again,
Matt

--- vox-tech-request at lists.lugod.org wrote:

> Send vox-tech mailing list submissions to
> 	vox-tech at lists.lugod.org
> 
> To subscribe or unsubscribe via the World Wide Web,
> visit
> 	http://lists.lugod.org/mailman/listinfo/vox-tech
> or, via email, send a message with subject or body
> 'help' to
> 	vox-tech-request at lists.lugod.org
> 
> You can reach the person managing the list at
> 	vox-tech-owner at lists.lugod.org
> 
> When replying, please edit your Subject line so it
> is more specific
> than "Re: Contents of vox-tech digest..."
> 
> 
> Today's Topics:
> 
>    1. re: DNS and security (Cylar Z)
>    2. Re: re: DNS and security (Rick Moen)
>    3. Re: DNS and security (Rick Moen)
>    4. Re: re: DNS and security (Mark K. Kim)
> 
> 
>
----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 19 Aug 2005 21:54:31 -0700 (PDT)
> From: Cylar Z <cylarz at yahoo.com>
> Subject: [vox-tech] re: DNS and security
> To: vox-tech at lists.lugod.org
> Message-ID:
> <20050820045431.3449.qmail at web52803.mail.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
> 
> Didn't you already post this on Thursday?
> 
> In response, I had already posted on Friday a set of
> follow-up questions that I needed answered. Let's
> recap:
> 
> 1. DNS. How will editing resolv.conf solve my DNS
> issue? My understanding is that that file is the
> configuration file for the named daemon. I'm not
> running named. Shouldn't need to. A previous install
> (Xandros/Debian) ran fine without it. It shouldn't
> be
> required, since my registrar handles incoming DNS,
> and
> outgoing lookups (websurfing) should be handled by
> my
> ISP's nameservers. What I need to know is how to
> tell
> my server where those nameservers are.
> 
> 2. FTP. Not running an anoymous server. Just need to
> upload files for my webpages. Is there a more secure
> method I can use (please specify how, don't just say
> "yes, there is")?
> 
> 3. Daemons. Where can I find a comprehensive guide
> (including non-free books) to what service does
> what?
> I don't mean a one-line description, I mean
> someplace
> that will really explain it to me in depth. Or, can
> someone at least identify the generic ones ESSENTIAL
> to my system? Remember, I use ssh to connect and am
> running http server. That's all my box does. What
> daemons are necessary besides cron, sshd and httpd? 
> 
> Thank you in advance.
> 
> Matt
> 
> > 
> > Message: 1
> > Date: Thu, 18 Aug 2005 14:56:40 -0700
> > From: Rick Moen <rick at linuxmafia.com>
> > Subject: Re: [vox-tech] DNS and security
> > To: Cylar Z <cylarz at yahoo.com>
> > Cc: vox-tech at lists.lugod.org
> > Message-ID:
> <20050818215640.GS25979 at linuxmafia.com>
> > Content-Type: text/plain; charset=us-ascii
> > 
> > Quoting Cylar Z (cylarz at yahoo.com):
> > 
> > > I'm a fairly new Linux admin, running Fedora
> Core
> > from
> > > Redhat. 
> > 
> > Hi, Matt.  For a good overview, please see Linux
> > Journal editor Don
> > Marti's overview, which I just saw him mention on
> a
> > different Linux
> > mailing list: 
> >
> http://zgp.org/~dmarti/blosxom/tips/new-server.html
> > 
> > > 1. Outgoing DNS isn't working properly on my
> > server.  The box will
> > > respond properly to incoming http requests (and
> > even allowed me to
> > > host 2 virtual domains, which also respond
> > properly). However, it does
> > > NOT surf the web from the console or ping by
> > domain name. It WILL ping
> > > by IP so I know the issue is DNS and not my
> actual
> > connection per se.
> > > How do I put in the DNS info in Fedora Core? I
> > tried logging on as
> > > root, typing "setup" and entering the IP's in
> the
> > designated spaces,
> > > but no luck. Is there another way?
> > 
> > The IP-address locations of the DNS servers your
> box
> > will be consulting
> > are always recorded in /etc/resolv.conf, the
> > configuration file of your
> > host's DNS resolver library (i.e., of the DNS
> client
> > software your box
> > uses to deal with DNS questions that must be
> > referred to a DNS daemon
> > running somewhere).
> > 
> > Here's my own server's /etc/resolv.conf:
> > 
> >   search linuxmafia.com deirdre.org
> >   nameserver 198.144.192.2
> >   nameserver 198.144.192.4
> >   nameserver 198.144.195.186
> > 


"Our nation has defended itself and served the freedom of all mankind. I'm proud to lead such an amazing country and I'm proud to lead it forward."   - President George W Bush, November 3 2004

God give wisdom to our leaders. God bless America.


		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

More information about the vox-tech mailing list