Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About cyris

  • Rank
  1. cyris

    WSUS question

    Hey everyone, We have about 14 computers that VPN in from various locations around the city. I would like to keep track of what updates are install on each of these computers so I though about using WSUS on our win2k3 server. I've setup some local office machines to pull updates from our WSUS server and it seems to work fine, however I'm wondering if it's possible for the VPN clients to just report what updates they have to our WSUS but download the updates from microsoft, not over our VPN connection :/ Any ideas?
  2. Thanks anyweb, I'll Image the machine before I do so.
  3. Hey everyone, I'd like to upgrade our old FC4 server to FC7, however this machine is our production mail server/web server. I can have a few hours of down time but I'd rather not rebuild from scratch. Can I upgrade from yum or the install DVD ?
  4. Hey everyone! I've reconfigured our dns server (bind9) with views so that it can serve our internal and external clients. I've been able to get our external zone file working fine, however my internal zone file doesn't seem to be working as none of my clients when querying my dns server seem to be able to resolve anything in my internal view :/ tux (our dns server) can't even rese any clients in this internal zone file. Magikman on #linux-noob has been helping me with the issue but we haven't been able to find out why this setup isn't working. He did recommend that I move my zones outside of my named.conf but this should be working regardless :/ Named.conf // Default named.conf generated by install of bind-9.3.1-14_FC4 options { directory "/var/named"; allow-recursion { localhost; internals;}; allow-query { any;}; }; acl internals {;;;; }; view "external" { match-clients { any; }; zone "iainc.ca" { type master; file "data/zone.iainc.ca"; }; zone "." { type hint; file "named.ca"; }; }; view "internal" { match-clients { internals; }; zone "iainc.local" { type master; file "data/zone.iainc.local"; }; }; internal zone $TTL 1D @ IN SOA ns1.iainc.local. support.iainc.local. ( 2007072610; Serial 604800 ; Refresh 86400 ; Retry 2419200; Expire 604800 ); Minimum ;name server IN NS ns1.iainc.local. ;office hosts ns1 IN A fred IN A
  5. Hey everyone, First off I'd like to say thanks to everyone in #linux-noob on efnet for helping with my day-to-day linux admin questions, znx has helped me a few times with some (id call nasty) shell scripting. I work for a company who has 150+ staff spread out around the city in about 12 locations. Each location has 1-3 windows xp pro workstations. These 12 locations are setup with the same network topologies, all have broadband connections (2 cable, the rest ADSL) and all are behind a dlink router. My co-worker and I are finding administration to be a bit of a pain now as desktop configurations are not standardized and its getting harder to maintain patching and anti-virus updates, not to mention that staff share a public account on each machine they use (just not secure anymore as staff turnover is high). so I have been given the ok to setup a VPN and a PDC. The VPN setup was a breeze with IPCOP and I found an excellent guide on howtoforge for setting up a PDC. My problem is that we only have a 1MB upstream at our office and Windows XP profiles are about 2-3MB in size. I think roaming profiles are out of the question, as downloading and then uploading the profile on logoff would make things slow for the user. Mandatory profiles seem like a better way to go, as the profile never gets updated when the user logs off but its still requires a download of the profile. I was looking for something more suited to my situation that would use the least amount of traffic and i came back to local profiles :S. Is it possible for me to load a mandatory profile on all our machines, setup the machines to auth against our DC but load the mandatory profile from the local machine? I'm also asking for any TIPS or TRICKS or what not. Thanks!
  6. Hello everyone. Over the next few days I would like to do a security review on my FC4 server at home. I was wondering if anyone could recommend any hardening applications that would assist me in this process?
  7. Fedora/Mandrake/Ubuntu are good choices for noobies. With my limited experience so far with Linux, I find for keeping your system up-to-date, yum works very nicely and is very easy to setup. http://stanton-finley.net/fedora_core_4_in...tion_notes.html That site above should help you get started off if you choose Fedora.
  8. cyris

    Bind9 ACLs

    I'm trying to setup Bind9 so that people cant point their dns server addresses to my box and do lookups off my server, but still have them able to query my dns server for the domains its authoritive for. My named.conf acl bogusnets {;;;;;;;;}; options { directory "/var/named"; version ""; blackhole { bogusnets; }; allow-recursion { none; }; }; zone "xyz.ca" { type master; file "data/named.xyz.ca"; allow-query { any; }; }; The only way I've been able to stop people from doing lookups off my server is by setting recursion to none. I would like to have my localnet to have the option of doing lookups off my box so I need a more suited way of controling who does lookups off my box. I have read about views and I wont be serving different content to my localnet so I dont think I require them. Version info bind-utils-9.3.1-4 bind-chroot-9.3.1-4 bind-libs-9.3.1-4 ypbind-1.17.2-5 2.6.11-1.1369_FC4 Thanks
  9. The RPM worked. Thanks.
  10. hello. im trying to build daemontools 0.76 on fedora core 4 and i am having some issues. [root@atari daemontools-0.76]# package/install Linking ./src/* into ./compile... Compiling everything in ./compile... ./load svscan unix.a byte.a /usr/bin/ld: cannot open output file svscan: Is a directory collect2: ld returned 1 exit status make: *** [svscan] Error 1 Copying commands into ./command... cp: omitting directory `compile/svscan' [root@atari daemontools-0.76]# Thanks for taking the time to read this and hopfully someone can help me
  11. I should of mentioned this before, I'm behind an IPCOP transparent proxy with just UDP 53 forwarded to my fedora box. I was under the impression that TCP 53 was reserved for seconday name server transfers, is that true? the lookup was successful. <{POST_SNAPBACK}> got it working. thought I forwarded UDP 53 when it was actually TCP 53
  12. I should of mentioned this before, I'm behind an IPCOP transparent proxy with just UDP 53 forwarded to my fedora box. I was under the impression that TCP 53 was reserved for seconday name server transfers, is that true? the lookup was successful.
  13. IP Address = Domain = thewildgoose.ca. Forwarding port 53 UDP to #cat /var/log/message Oct 16 13:47:53 localhost named[9525]: starting BIND 9.3.1 Oct 16 13:47:53 localhost named[9525]: loading configuration from '/etc/named.conf' Oct 16 13:47:53 localhost named[9525]: listening on IPv4 interface lo, Oct 16 13:47:53 localhost named[9525]: listening on IPv4 interface eth0, Oct 16 13:47:53 localhost named[9525]: command channel listening on Oct 16 13:47:53 localhost named[9525]: command channel listening on ::1#953 Oct 16 13:47:53 localhost named[9525]: zone thewildgoose.ca/IN: loaded serial 2005101601 Oct 16 13:47:53 localhost named[9525]: running Oct 16 13:47:53 localhost named[9525]: zone thewildgoose.ca/IN: sending notifies (serial 2005081001)
  14. Hello all. I am attempting to run BIND on fedora core 4 and having some issues. I have added my zone file to /etc/named.conf. Here is a copy of my named.conf... options { directory "/var/named"; version "xxx"; }; zone "thewildgoose.ca" { type master; file "data/named.xxxx.ca"; }; I am just trying to get forward dns working, I will take care of reverse after. This is my zone file... $TTL 1d @ IN SOA xxxxx.ca. xxxx.xxxx.ca. ( 2005081001;serial 3600 ;refresh 300 ;retry 3600000 ;expire 3600 ) ;minimum IN NS ns1.xxxx.ca. $ORIGIN xxxx.ca. ;A Records ns1 IN A xx.xx.xx.xx mail IN A @ IN A ;CNAME Records www IN CNAME ns1 webmail IN CNAME ns1 xxxx.ca. IN MX 1 mail /var/log/messages seems to indicate named starts fine but i cant seem to connect to any of my hosts. thanks for reading this and i look forward to any advice.
  • Create New...