Thanks for all the input.<BR><BR>I have still not resolved this.?? 3.2 million in the mailq.<BR><BR>It appears that this attack is intended on crashing the server/sendmail? VAR at 100% is generally not good.<BR><BR>Almost no email is going out.?? And SMPT AUTH is not on. I had POP before SMTP, however I turned this off, and have instructed my users (on this box) not to send mail out from here but use their local ISP, which blocks most port 25's any way.<BR><BR>Still the problem persists, and from so many IP's now.<BR><BR>I have never been able to tell who's account is being used. Its like there is a back door, but, rkhunter says no.<BR><BR>Trying to inplment a SMTP incoming from my Barracuda only, that should help, but the process is going slowly.<BR><BR>Steve<BR><BR><BR>-----------------------------------<BR>Stephen Davis<BR>1519 Toney Drive<BR>Huntsville Alabama 35802<BR>Office 256.513-6760<BR>-----------------------------------<BR>I like the dreams of the future better than the history of the past.<BR>When you were born, you cried and the world rejoiced. <BR>Live your life so that when you die, the world cries and you rejoice.<BR><BR><B>----- Original Message -----</B><BR><B>From:</B> blueonyx-request@blueonyx.it [mailto:blueonyx-request@blueonyx.it]<BR><B>To:</B> blueonyx@blueonyx.it<BR><B>Sent:</B> Wed, 15 Jul 2009 12:00:02 -0400<BR><B>Subject:</B> Blueonyx Digest, Vol 7, Issue 28<BR><BR><FONT face='courier new,courier,arial,helvetica,sans-serif'>Send Blueonyx mailing list submissions to<BR><A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=2775
77257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx@blueonyx.it</A><BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR><A href='http://www.blueonyx.it/mailman/listinfo/blueonyx' target='_blank'>http://www.blueonyx.it/mailman/listinfo/blueonyx</A><BR>or, via email, send a message with subject or body 'help' to<BR><A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-request@blueonyx.it</A><BR><BR>You can reach the person managing the list at<BR><A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-owner@blueonyx.it</A><BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Blueonyx digest..."<BR><BR><BR>Today's Topics:<BR><BR>? 1. [BlueOnyx:01695] Re: running with HP ProLiant DL360 G4 Server<BR>? ?
? series (TUNC ERESEN Skype: eresen)<BR>? 2. [BlueOnyx:01696] Re: Sendmail attack, again (Michael Stauber)<BR>? 3. [BlueOnyx:01697] Re: running with HP ProLiant DL360 G4 Server<BR>? ? ? series (Darrell D. Mobley)<BR>? 4. [BlueOnyx:01698] Re: Users have too many priveledges<BR>? ? ? (Darrell D. Mobley)<BR>? 5. [BlueOnyx:01699] Re: Users have too many priveledges<BR>? ? ? (Michael Stauber)<BR>? 6. [BlueOnyx:01700] Re: Sendmail attack, again (Gerald Waugh)<BR>? 7. [BlueOnyx:01701] Re: running with HP ProLiant DL360 G4 Server<BR>? ? ? series (Rob Taylor)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Wed, 15 Jul 2009 15:10:13 +0100<BR>From: "TUNC ERESEN Skype: eresen" tunc@eresen.com</A>><BR>Subject: [BlueOnyx:01695] Re: running with HP ProLiant DL360 G4 Server<BR>series<BR>To: tunc@eresen.com</A>>, "'BlueOnyx General Mailing List'"<BR>blueonyx@blueonyx.it</A>><BR>Message-ID: <BR>Content-Type: text/plain; charset="us-ascii"<BR><BR><BR>Tried this here is the error!<BR>--<BR>[root@ns2 tmp]# rpm -ivh cpq_cciss-3.6.20-20.rhel5.i686.rpm<BR>Preparing...? ? ? ? ? ? ? ? ###########################################<BR>[100%]<BR>The currently running kernel (2.6.18-128.1.16.el5) is not<BR>supported by this rpm.? The supported kernels are:<BR><BR>2.6.18-128.el5<BR>2.6.18-128.el5PAE<BR>2.6.18-128.el5xen<BR>2.6.18-53.1.13.el5<BR>2.6.18-53.1.13.el5PAE<BR>2.6.18-53.1.13.el5xen<BR>2.6.18-53.1.14.el5<BR>2.6.18-53.1.14.el5PAE<BR>2.6.18-53.1.14.el5xen<BR>2.6.18-53.1.19.el5<BR>2.6.18-53.1.19.el5PAE<BR>2.6.18-53.1.19.el5xen<BR>2.6.18-53.1.21.el5<BR>2.6.18-53.1.21.el5PAE<BR>2.6.18-53.1.21.el5xen<BR>2.6.18-53.1.4.el5<BR>2.6.18-53.1.4.el5PAE<BR>2.6.18-53.1.4.el5xen<BR>2.6.18-53.1.6.el5<BR>2.6.18-53.1.6.el5PAE<BR>2.6.18-53.1.6.el5xen<BR>2.6.18-53.el5<BR>2.6.18-53.el5PAE<BR>2.6.18-53.el5xen<BR>2.6.18-8.1.14.el5<BR>2.6.18-8.1.14.el5PAE<BR>2.6.18-8.1.14.el5xen<BR>2.6.18-8.1.15.el5<BR>2.6.18-8.1.15.el5PAE<BR>2.6.18-8.1.15.el5xe
n<BR>2.6.18-8.el5<BR>2.6.18-8.el5PAE<BR>2.6.18-8.el5xen<BR>2.6.18-92.1.13.el5<BR>2.6.18-92.1.13.el5PAE<BR>2.6.18-92.1.13.el5xen<BR>2.6.18-92.1.18.el5<BR>2.6.18-92.1.18.el5PAE<BR>2.6.18-92.1.18.el5xen<BR>2.6.18-92.1.1.el5<BR>2.6.18-92.1.1.el5PAE<BR>2.6.18-92.1.1.el5xen<BR>2.6.18-92.el5<BR>2.6.18-92.el5PAE<BR>2.6.18-92.el5xen<BR><BR>Please boot into a supported kernel before installing this rpm<BR>error: %pre(cpq_cciss-3.6.20-20.i686) scriptlet failed, exit status 1<BR>error:? install: %pre scriptlet failed (2), skipping cpq_cciss-3.6.20-20<BR><BR><BR><BR>Regards<BR>Tunc<BR><BR>-----Original Message-----<BR>From: <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A> [mailto:<A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A>] On<BR>Behalf Of TUNC ERESEN Skype: eresen<BR>Sent: Wednesday, July 15, 2009
8:31 AM<BR>To: 'BlueOnyx General Mailing List'<BR>Subject: [BlueOnyx:01691] running with HP ProLiant DL360 G4 Server series<BR><BR>Everything running ok except!<BR>I am running it with DL360, I can not monitor Disk Integrity and Network<BR>Status, How can I monitor these Status on the server?<BR><BR>Regards<BR>Tunc<BR><BR><BR>_______________________________________________<BR>Blueonyx mailing list<BR><A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>Blueonyx@blueonyx.it</A><BR><A href='http://www.blueonyx.it/mailman/listinfo/blueonyx' target='_blank'>http://www.blueonyx.it/mailman/listinfo/blueonyx</A><BR><BR><BR><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Wed, 15 Jul 2009 16:20:08 +0200<BR>From: Michael Stauber mstauber@blueonyx.it</A>><BR>Subject: [BlueOnyx:01696] Re: Sendmail attack, again<BR>To: Gerald Waugh gwaugh@frontstreetnetworks.com</A>>, BlueOnyx General<BR>Mailing List blueonyx@blueonyx.it</A>><BR>Message-ID: 200907151620.08830.mstauber@blueonyx.it</A>><BR>Content-Type: text/plain;? charset="utf-8"<BR><BR>Hi Gerald,<BR><BR>> I see things like this in the maillog, how do they do this, and how to stop<BR>> Note that all the email's? 18333 had one from<BR><BR>Ok, let us take a look at the first logged line:<BR><BR>> Jul 15 08:08:49 msi1 sendmail[18333]: n6FD4mxh018333:<BR>> from=vitaly@ihome.net.ua</A>>, size=2749, class=0, nrcpts=49,<BR>> msgid=200907151305.n6FD4mxh018333@msi1.por
tage.net</A>>, proto=ESMTP,<BR>> daemon=MTA, relay=[82.128.35.90]<BR><BR>We have the sender vitaly@ihome.net.ua</A>> (probably faked) comming from? the IP <BR>82.128.35.90.<BR><BR>The line " size=2749, class=0, nrcpts=49" tells us that the email was 2749 <BR>bytes long and "nrcpts=49" means: This email had 49 individual recipients (To, <BR>CC or BCC). So once this email got accepted by your mailserver, your Sendmail <BR>attempted to deliver it to all 49 recipients - regardless if they were local <BR>accounts or not.<BR><BR>Now the question is: Why was this box relaying for 82.128.35.90? <BR><BR>Is that IP in the Sendmail access list and allowed to relay? It is probably <BR>not, but it's worth checking.<BR><BR>Did the sender use SMTP-Auth? If *that* is the case, check the log entry right <BR>before that line in question. There should be something like this there:<BR><BR>sendmail[5204]: AUTH=server, relay=ihome.net.ua [82.128.35.90], authid=tom, <BR>mech=PLAIN, bits=0<BR><BR>In that case the "authid=tom" would tell us that user "tom" used SMTP-Auth to <BR>authenticate against SMTP.<BR><BR>That would then point the blame to user tom either being the spammer, or him <BR>having used a weak and guesable password that got exploited by a spammer.<BR><BR>-- <BR>With best regards<BR><BR>Michael Stauber<BR><BR><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Wed, 15 Jul 2009 10:22:58 -0400<BR>From: "Darrell D. Mobley" dmobley@uhostme.com</A>><BR>Subject: [BlueOnyx:01697] Re: running with HP ProLiant DL360 G4 Server<BR>series<BR>To: tunc@eresen.com</A>>, "'BlueOnyx General Mailing List'"<BR>blueonyx@blueonyx.it</A>><BR>Message-ID: <BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>Try this instead:<BR><BR>> If you go to HP's website:<BR>> <BR>> -> Support and Drivers<BR>> -> Search for your server type<BR>> -> Select corresponding version of CentOS (Redhat)<BR>> -> Will give you a list of all available software / drivers / firmware<BR>> -> You will need to look for '
HP Array Diagnostics Utility for Linux'<BR>> -> It is an RPM that has a few requirements / dependencies that you can<BR>> install via YUM<BR>> <BR>> They say this is a Web Based GUI that reports status of raid arrays /<BR>> controllers but you also get a command line version that spits out the<BR>> report, you may want to write a script that runs this on a periodic basis<BR>> (Using Cron), cuts out the relevant bits and emails it to you!<BR>> <BR>> Thanks<BR>> Rob<BR><BR><BR>> -----Original Message-----<BR>> From: <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A> [mailto:<A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A>]<BR>> On Behalf Of TUNC ERESEN Skype: eresen<BR>> Sent: Wednesday, July 15, 2009 10:10 AM<BR>> To: <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMai
l/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>tunc@eresen.com</A>; 'BlueOnyx General Mailing List'<BR>> Subject: [BlueOnyx:01695] Re: running with HP ProLiant DL360 G4 Server<BR>> series<BR>> <BR>> <BR>> Tried this here is the error!<BR>> --<BR>> [root@ns2 tmp]# rpm -ivh cpq_cciss-3.6.20-20.rhel5.i686.rpm<BR>> Preparing...? ? ? ? ? ? ? ? ###########################################<BR>> [100%]<BR>> The currently running kernel (2.6.18-128.1.16.el5) is not<BR>> supported by this rpm.? The supported kernels are:<BR>> <BR>> 2.6.18-128.el5<BR>> 2.6.18-128.el5PAE<BR>> 2.6.18-128.el5xen<BR>> 2.6.18-53.1.13.el5<BR>> 2.6.18-53.1.13.el5PAE<BR>> 2.6.18-53.1.13.el5xen<BR>> 2.6.18-53.1.14.el5<BR>> 2.6.18-53.1.14.el5PAE<BR>> 2.6.18-53.1.14.el5xen<BR>> 2.6.18-53.1.19.el5<BR>> 2.6.18-53.1.19.el5PAE<BR>> 2.6.18-53.1.19.el5xen<BR>> 2.6.18-53.1.21.el5<BR>> 2.6.18-53.1.21.el5PAE<BR>> 2.6.18-53.1.21.el5xen<BR>> 2.6.18-53.1.4.el5<BR>> 2.6.18-53.1.4.el5PAE<BR>> 2.6.18-53.1.4.el5xen<BR>> 2.6.18-53.1.6.el5<BR>> 2.6.18-53.1.6.el5PAE<BR>> 2.6.18-53.1.6.el5xen<BR>> 2.6.18-53.el5<BR>> 2.6.18-53.el5PAE<BR>> 2.6.18-53.el5xen<BR>> 2.6.18-8.1.14.el5<BR>> 2.6.18-8.1.14.el5PAE<BR>> 2.6.18-8.1.14.el5xen<BR>> 2.6.18-8.1.15.el5<BR>> 2.6.18-8.1.15.el5PAE<BR>> 2.6.18-8.1.15.el5xen<BR>> 2.6.18-8.el5<BR>> 2.6.18-8.el5PAE<BR>> 2.6.18-8.el5xen<BR>> 2.6.18-92.1.13.el5<BR>> 2.6.18-92.1.13.el5PAE<BR>> 2.6.18-92.1.13.el5xen<BR>> 2.6.18-92.1.18.el5<BR>> 2.6.18-92.1.18.el5PAE<BR>> 2.6.18-92.1.18.el5xen<BR>> 2.6.18-92.1.1.el5<BR>> 2.6.18-92
.1.1.el5PAE<BR>> 2.6.18-92.1.1.el5xen<BR>> 2.6.18-92.el5<BR>> 2.6.18-92.el5PAE<BR>> 2.6.18-92.el5xen<BR>> <BR>> Please boot into a supported kernel before installing this rpm<BR>> error: %pre(cpq_cciss-3.6.20-20.i686) scriptlet failed, exit status 1<BR>> error:? install: %pre scriptlet failed (2), skipping cpq_cciss-3.6.20-20<BR>> <BR>> <BR>> <BR>> Regards<BR>> Tunc<BR>> <BR>> -----Original Message-----<BR>> From: <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A> [mailto:<A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A>]<BR>> On<BR>> Behalf Of TUNC ERESEN Skype: eresen<BR>> Sent: Wednesday, July 15, 2009 8:31 AM<BR>> To: 'BlueOnyx General Mailing List'<BR>> Subject: [BlueOnyx:01691] running with HP ProLiant DL360 G4 Server series<BR>> <BR>> Everything running ok except!<BR>> I am running it w
ith DL360, I can not monitor Disk Integrity and Network<BR>> Status, How can I monitor these Status on the server?<BR>> <BR>> Regards<BR>> Tunc<BR>> <BR>> <BR>> _______________________________________________<BR>> Blueonyx mailing list<BR>> <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>Blueonyx@blueonyx.it</A><BR>> <A href='http://www.blueonyx.it/mailman/listinfo/blueonyx' target='_blank'>http://www.blueonyx.it/mailman/listinfo/blueonyx</A><BR>> <BR>> <BR>> _______________________________________________<BR>> Blueonyx mailing list<BR>> <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>Blueonyx@blueonyx.it</A><BR>> <A href='http://www.blueonyx.it/mailman/listinfo/blueonyx' target='_blank'>http://www.blueonyx.it/mailman/listinfo/blueonyx</A><BR><BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Wed, 15 Jul 2009 10:26:52 -0400<
BR>From: "Darrell D. Mobley" dmobley@uhostme.com</A>><BR>Subject: [BlueOnyx:01698] Re: Users have too many priveledges<BR>To: jeffrey@px2co.net</A>>, "'BlueOnyx General Mailing List'"<BR>blueonyx@blueonyx.it</A>><BR>Message-ID: <BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>> -----Original Message-----<BR>> From: <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A> [mailto:<A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx-bounces@blueonyx.it</A>]<BR>> On Behalf Of Jeffrey Pellin<BR>> Sent: Wednesday, July 15, 2009 4:12 AM<BR>> To: <A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/bin/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T562021222324252
6SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>blueonyx@blueonyx.it</A><BR>> Subject: [BlueOnyx:01693] Users have too many priveledges<BR>> <BR>> Hi,<BR>> <BR>> Don't know if anyone can help, but when we set up a new BO site and set up<BR>> a site administrator he gets shell access to all the sites - ie he becomes<BR>> a server wide admin.<BR>> <BR>> Which is bad, I guess.<BR><BR>I think they can see, but can they write to other directories?<BR><BR><BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Wed, 15 Jul 2009 16:36:59 +0200<BR>From: Michael Stauber mstauber@blueonyx.it</A>><BR>Subject: [BlueOnyx:01699] Re: Users have too many priveledges<BR>To: BlueOnyx General Mailing List blueonyx@blueonyx.it</A>><BR>Message-ID: 200907151636.59370.mstauber@blueonyx.it</A>><BR>Content-Type: text/plain;? charset="utf-8"<BR><BR>Hi Jeffrey,<BR><BR>> Don't know if anyone can help, but when we set up a new BO site and set up<BR>> a site administrator he gets shell access to all the sites - ie he becomes<BR>> a server wide admin.<BR><BR>How do they "get to see" this? By SSH? If so, enabling shell access for users <BR>causes that. The SSH in CentOS uses no chrooted jails. Meaning: Anyone with <BR>shell access can see a lot more than good for you or others. That is why most <BR>people do the sensible thing and don't grant shell access to anyone.<BR><BR>By FTP siteAdmins only see what they're supposed to see and that's basically <BR>all they really need.<BR><BR>-- <BR>With best regards<BR><BR>Michael Stauber<BR><BR><BR><BR>------------------------------<BR><BR>Message: 6<BR>Date: Wed, 15 Jul 2009 10:36:29 -0500<BR>From: "Gerald Waugh" gwaugh@frontstreetnetworks.com</A>><BR>Subject: [BlueOnyx:01700] Re: Se
ndmail attack, again<BR>To: "BlueOnyx General Mailing List" blueonyx@blueonyx.it</A>><BR>Message-ID: <BR>Content-Type: text/plain; format=flowed; charset="UTF-8";<BR>reply-type=original<BR><BR>Michael Stauber wrote<BR>> Hi Gerald,<BR>><BR>>> I see things like this in the maillog, how do they do this, and how to <BR>>> stop<BR>>> Note that all the email's? 18333 had one from<BR>><BR>> Ok, let us take a look at the first logged line:<BR>><BR>>> Jul 15 08:08:49 msi1 sendmail[18333]: n6FD4mxh018333:<BR>>> from=vitaly@ihome.net.ua</A>>, size=2749, class=0, nrcpts=49,<BR>>> msgid=200907151305.n6FD4mxh018333@msi1.portage.net</A>>, proto=ESMTP,<BR>>> daemon=MTA, relay=[82.128.35.90]<BR>><BR>> We have the sender vitaly@ihome.net.ua</A>> (probably faked) comming from <BR>> the IP<BR>> 82.128.35.90.<BR>><BR>> The line " size=2749, class=0, nrcpts=49" tells us that the email was 2749<BR>> bytes long and "nrcpts=49" means: This email had 49 individual recipients <BR>> (To,<BR>> CC or BCC). So once this email got accepted by your mailserver, your <BR>> Sendmail<BR>> attempted to deliver it to all 49 recipients - regardless if they were <BR>> local<BR>> accounts or not.<BR>><BR>> Now the question is: Why was this box relaying for 82.128.35.90?<BR>><BR>> Is that IP in the Sendmail access list and allowed to relay? It is <BR>> probably<BR>> not, but it's worth checking.<BR>><BR>> Did the sender use SMTP-Auth? If *that* is the case, check the log entry <BR>> right<BR>> before that line in question. There should be something like this there:<BR>><BR>> sendmail[5204]: AUTH=server, relay=ihome.net.ua [82.128.35.90], <BR>> authid=tom,<BR>> mech=PLAIN, bits=0<BR>><BR>> In that case the "authid=tom" would tell us that user "tom" used SMTP-Auth <BR>> to<BR>> authenticate against SMTP.<BR>><BR>> That would then point the blame to user tom either being the spammer, or <BR>> him<BR>> having used a weak and guesable password that got exploited by a spammer.<BR>><BR>Yep, found the culprit,<BR
>? user info<BR>I suggest not having a user info, maybe OK as an alias.<BR>Else give user info a strong password<BR><BR>Thanks for the help, I'll remember this one!<BR><BR>Gerald <BR><BR><BR><BR>------------------------------<BR><BR>Message: 7<BR>Date: Wed, 15 Jul 2009 16:47:30 +0100<BR>From: Rob Taylor blueonyx@uspec.co.uk</A>><BR>Subject: [BlueOnyx:01701] Re: running with HP ProLiant DL360 G4 Server<BR>series<BR>To: BlueOnyx General Mailing List blueonyx@blueonyx.it</A>><BR>Message-ID: 71DC5E03E7F052FCDD3B82C4@hawk2.dmpriest.net.uk</A>><BR>Content-Type: text/plain; charset=us-ascii<BR><BR><BR><BR>--On 15 July 2009 10:22 -0400 "Darrell D. Mobley" dmobley@uhostme.com</A>> wrote:<BR><BR>> Try this instead:<BR>> <BR>>> If you go to HP's website:<BR>>> <BR>>> -> Support and Drivers<BR>>> -> Search for your server type<BR>>> -> Select corresponding version of CentOS (Redhat)<BR>>> -> Will give you a list of all available software / drivers / firmware<BR>>> -> You will need to look for 'HP Array Diagnostics Utility for Linux'<BR>>> -> It is an RPM that has a few requirements / dependencies that you can<BR>>> install via YUM<BR>>> <BR>>> They say this is a Web Based GUI that reports status of raid arrays /<BR>>> controllers but you also get a command line version that spits out the<BR>>> report, you may want to write a script that runs this on a periodic basis<BR>>> (Using Cron), cuts out the relevant bits and emails it to you!<BR>>> <BR>>> Thanks<BR>>> Rob<BR><BR>Thats the same thing, I had just re-wrote it a different way, I thought I had sent that before but it didn't to go to my Outbox!! :-)<BR><BR>Will try and have a look at that, haven't got BO in production yet but sure I had installed / tested it!<BR><BR>Sorry Tunc!<BR><BR>Rob<BR><BR><BR>------------------------------<BR><BR>_______________________________________________<BR>Blueonyx mailing list<BR><A href='http://mail.zio.com/MEWebMail/editor/pinEdit.html?eu=/MEWebMail/editor/&cu=http://mail.zio.com/MEWebMail/&cp=C:/Program Files/Mail Enable/b
in/NETWebMail/&af=0&lng=EN&style=Office2003&tb=T01SE04SE0576SE64SE060708SE0910SE11601213141516175767;T5620212223242526SE27282930SE31323334SE18SE3536;T48686958&rm=1&me=0&hb=0&dfd=htm;html;txt;&dfi=gif;jpg;jpeg;png;&dfl=htm;html;pdf;doc;&pfo=1&dp=C:/Program Files/Mail Enable/CONFIG/dictionaries/US-English/us-english.dict&spk=277577257E7D7B217D2A7B7B51514D4F243B3B3B393D3F413D4343434145474943592C2B5F6C7E295A20263B2E5B2575406&dbm=1#' target='_blank'>Blueonyx@blueonyx.it</A><BR><A href='http://www.blueonyx.it/mailman/listinfo/blueonyx' target='_blank'>http://www.blueonyx.it/mailman/listinfo/blueonyx</A><BR><BR><BR>End of Blueonyx Digest, Vol 7, Issue 28<BR>***************************************<BR></FONT>