Is there any reason why I would want to have iptables -A INPUT -j REJECT instead of iptables -A INPUT -j DROP Asked by Mike B As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see. Usually, all rules for connections inside your LAN should use REJECT. For the Internet, With the exception of ident [...]

I’ve been given by a company their FTP IP where I should connect to. I got also username and password. That is supposed to work with port 21, right? I tried to use FTP command-line but it didn’t work; I tried my chance with sftp command-line and, using their credentials, I am authorized and connect without any problem. SFTP is supposed to use port 22 (and I used wireshark to check that). Am I right [...]

Recent versions of RHEL/CentOS (EL6) brought some interesting changes to the XFS filesystem I’ve depended on heavily for over a decade. I spent part of last summer chasing down an XFS sparse file situation resulting from a poorly-documented kernel backport. Others have had unfortunate performance issues or inconsistent behavior since moving to EL6. XFS was my default filesystem for data and growth-partitions, as it offered stability, scalability and a good performance boost over the default [...]

I have this file in my linux machine: ———-9976723563nneh4_—–192.9.200.4 I try to delete this file but I cant as all see here: what need to add to rm in order to remove this file ? rm “———-9976723563nneh4_—–192.9.200.4″ rm: illegal option — ——–9976723563nneh4_—–192.9.200.4 usage: rm [-fiRr] file … . rm ‘———-9976723563nneh4_—–192.9.200.4′ rm: illegal option — ——–9976723563nneh4_—–192.9.200.4 usage: rm [-fiRr] file … Asked by yael rm — ———-9976723563nneh4_—–192.9.200.4 You need — in order to tell rm (and [...]

I want to monitor all user’s activity in my server. Even when the user executes a shell command from some editor like vim I want to see them in the log file. I have checked the tool acct but it is not listing the complete commands. (Please correct me if I have missed some options which does already). Which Linux tool I should be looking at to solve this problem? Asked by Supratik Add this [...]

Assuming hardware failure is not a factor, and the requirement of being able to update periodically, is it possible to never shutdown Linux? I typically do a full reboot after updates, especially kernel updates, but is there a way to keep my machine on and still do these? People always hear about incredible up-time, but how is that really possible if you must reboot after major updates. Maybe a different run level? But then how [...]

I know the linux command echo “- – -” > /sys/class/scsi_host/host0/scan is used to rescan scsi host. But what does “- – -” mean in the command? Asked by Harold Chan The three values stand for channel, SCSI target ID, and LUN. The dashes act as wildcards meaning “rescan everything” A quick google search turns up this RHEL doc (and dozens of other answers) This is the same command described in Section 7, “Adding a [...]

if i use any yum command, i get Loaded plugins: fastestmirror Traceback (most recent call last): File “/usr/bin/yum”, line 29, in <module> yummain.user_main(sys.argv[1:], exit_code=True) File “/usr/share/yum-cli/yummain.py”, line 285, in user_main errcode = main(args) File “/usr/share/yum-cli/yummain.py”, line 114, in main base.doLock() File “/usr/lib/python2.6/site-packages/yum/__init__.py”, line 1791, in doLock while not self._lock(lockfile, mypid, 0644): File “/usr/lib/python2.6/site-packages/yum/__init__.py”, line 1861, in _lock os.write(fd, contents) OSError: [Errno 28] No space left on device If i use the top command i see [...]

This is my specific problem I need to solve (But my question is different, so please read on even if you don’t know what fail2ban is): I’m trying to use fail2ban on a linux server to ban brute force attacks on multiple services (ssh, dovecot, apache, postfix, …). Now I stumbled over the problem that fail2ban seems to execute multiple iptables commands at the same time (with threads in Python) and this fails pretty often [...]

Assume puppet-managed cluster of different servers – hardware, software, operating systems, virtual/dedicated etc. Would you go for meaningful hostnames (mysqlmaster01..99, mysqlslave001..999, vpnprimary, vpnbackup, etc). Or would you prefer meaningless names like characters from some book or movie w/e? My problem with meaningfull servers is that names usually represent a single service and if server has more than 1 purpose – it gets really messy(especially when server roles change often). Isn’t mapping service name <-> ip [...]