[X] My Assistant

Therefore, something must have changed iptables between before the disk was installed and now. And now I remember, these "easey to use" linux firewalls (like ufw) screw iptables. I gave up on using Mandriva Linux once because of the crappy "easy to use" firewall it had. First thing we need to do is to destroy completelly ufw. Let's look what apt-get tells us:
CODE

Easy to use? (IMG:[invalid] style_emoticons/default/laugh.gif)

CODE

root@server88-208-193-162:~# apt-cache search ufw
ufw - program for managing a Netfilter firewall
gufw - graphical user interface for ufw
libnuclient-dev - The authenticating firewall [client development files]
libnuclient4 - The authenticating firewall [client library]
libnussl-dev - The authenticating firewall [SSL development files]
libnussl1 - The authenticating firewall [SSL library]
libpam-nufw - The authenticating firewall [PAM module]
nuapplet - Graphical client for NuFW
nuauth - The authenticating firewall [authentication daemon]
nuauth-extra - The authenticating firewall [extra modules]
nuauth-log-mysql - The authenticating firewall [MySQL log module]
nuauth-log-pgsql - The authenticating firewall [PostgreSQL log module]
nuauth-utils - The authenticating firewall [tools for admin]
nufw - The authenticating firewall [NFQUEUE daemon]
nulog - Graphical firewall log analysis interface
nutcpc - The authenticating firewall [client]
prelude-lml - Security Information Management System [ Log Agent ]
root@server88-208-193-162:~#

In the meantime I'll (hopefully find some time to) figure out how to change the iptables rules into a correct state. i.e.:

Take your Time (IMG:[invalid] style_emoticons/default/happy.gif)
[help.ubuntu.com] I found this place but Im too scared I will fuck things up even more if I randomly try (IMG:[invalid] style_emoticons/default/laugh.gif)

Hm..
Could you try iptable -L -n and show us what comes up.

Then after that try ufw disable.

And shouldn't it be against the rules to update the software without the clients permission (that is, if it is a dedicated server and not a seedbox)?

and as a extra assurance that iptable can't block your ports run this script:

CODE

#!/bin/bash


###########
#FLAG VARS#
###########
ports=() #put your port numbers here with spaces between them
proto=(tcp udp)
pflag=0 #set this to 1 for udp, the default uses tcp
###########

if [ ${#ports[*]} -ge 0 ]
  then
     echo "You must initialize ports[VAR ...] with at least one element"
     exit 2
fi


for port in ${port[*]}
do
if [$pflag == 0]
  then
     iptables -A INPUT -p ${proto[0]} --dport $port -j ACCEPT
  fi
elif [$pflag == 1]
  then  
     iptables -A INPUT -p ${proto[1]} --dport $port -j ACCEPT
  fi
else
     echo "Something went wrong, recheck the FLAG var or I screwed up"
     exit 1
done

save it as whatever you like then use:
chmod 775 filename
./filename

This post has been edited by GanGun : May 25 2013, 23:22

Hm..
Could you try iptable -L -n and show us what comes up.

CODE

root@server88-208-193-162:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTA
BLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state N
EW
ACCEPT     udp  --  213.171.217.173      0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  213.171.201.36       0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  10.44.53.36          0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state N
EW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:20 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3306 state
NEW
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,
ESTABLISHED
root@server88-208-193-162:~#

And shouldn't it be against the rules to update the software without the clients permission (that is, if it is a dedicated server and not a seedbox)?

Yup but I asked them to fix my second HDD because it created some errors when Reboot.

and as a extra assurance that iptable can't block your ports run this script:

I placed my 3 ports in there and tried. once with flag=0 and one more time with flag=1
Both time no errors but the fuckers still refuse to open.

Hmm... tell us Ichy, the "iptables -L -n" output after executing GanGun's script did change?

In the iptable output

CODE

Chain INPUT (policy ACCEPT)
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)

looks very good this time.
What is crashing the connections is the line:

CODE

DROP       all  --  0.0.0.0/0            0.0.0.0/0

(hopefully after running GanGun's script the new rules are added after that DROP rule, i.e. the iptables output looks different after the script)

it was run before. After it looks like this.

CODE

root@server88-208-193-162:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTA
BLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state N
EW
ACCEPT     udp  --  213.171.217.173      0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  213.171.201.36       0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  10.44.53.36          0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state N
EW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:20 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3306 state
NEW
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,
ESTABLISHED

that line is still here. (IMG:[invalid] style_emoticons/default/cry.gif)

Easy to use? (IMG:[invalid] style_emoticons/default/laugh.gif)

Yeah, in theory the guys who develop these smart firewalls try to create "an easy firewall interface as in MS windows". Later they cannot understand why people blame them for writting a useless piece of software and be considered black sheeps of linux development.

[help.ubuntu.com] I found this place but Im too scared I will fuck things up even more if I randomly try (IMG:[invalid] style_emoticons/default/laugh.gif)

Wow, that's actually a pretty good tutorial.

it was run before. After it looks like this.

that line is still here. (IMG:[invalid] style_emoticons/default/cry.gif)

Don't worry, that script wasn't intended to remove that line. Instead it should have added another 3 lines, one with each port. Unfortunatelly the lines were not added, therefore ufw is still in controll of iptables. One more try to kill ufw then, in order run these.

CODE

ufw disable # just like GanGun said
service ufw stop  # just in case
apt-get remove ufw  # hopefully we manage to remove it grcefully

Wait a few minutes (5-10) just to make sure that no script is managing the packages on the box, and:

CODE

ufw status verbose  # it shall fail !
iptables -L -n  # again

Then run GanGun's script again, please, and "iptables -L -n" once again

Ichy if it weren't that ufw was software I would personally recommend you do this to it otherwise:
[www.liveleak.com] http://www.liveleak.com/view?i=528_1301224180

btw I saw what was wrong, so try copy paste it again.

This post has been edited by GanGun : May 25 2013, 23:22

Wait a few minutes (5-10) just to make sure that no script is managing the packages on the box, and:

CODE

root@server88-208-193-162:~# ufw status verbose
The program 'ufw' is currently not installed.  You can install it by typing:
apt-get install ufw

Ha! eat this UFW! (IMG:[invalid] style_emoticons/default/tongue.gif)

CODE

root@server88-208-193-162:~# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTA
BLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state N
EW
ACCEPT     udp  --  213.171.217.173      0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  213.171.201.36       0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  10.44.53.36          0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state N
EW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:20 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3306 state
NEW
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,
ESTABLISHED

Then run GanGun's script again, please, and "iptables -L -n" once again

CODE

root@server88-208-193-162:~# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTA
BLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state N
EW
ACCEPT     udp  --  213.171.217.173      0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  213.171.201.36       0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  10.44.53.36          0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state N
EW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:20 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3306 state
NEW
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,
ESTABLISHED
root@server88-208-193-162:~#

No change so I got frustrated and used that tutorial site to add the ports manually which does not work either.
Even more frustrated and willing to break stuff I did:
sudo iptables -F and sudo iptables -Z

after this I was finally able to use one higher port to start the first client while the other 2 still complained about pots being closed.
The guys at fasthost where also lamenting about something about IPv6 and IPv4 which should be fixed they said. Maybe the problem lies here?

This post has been edited by Ichy: May 26 2013, 09:14

Ha! eat this UFW! (IMG:[invalid] style_emoticons/default/tongue.gif)

Yay! (IMG:[invalid] style_emoticons/default/biggrin.gif)

No change so I got frustrated and used that tutorial site to add the ports manually which does not work either.

It is pretty easy to get frustrated at iptables, but now that we (probably) have controll over it let's try a few (not harmfull) commands:

CODE

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -D INPUT -j DROP

And let's see if it fixes iptables a little. Give us the output from "iptables -L -n" once again, after the commands. If the output do not change after these cmmands I'll get frustrated as well...

something about IPv6 and IPv4 which should be fixed they said. Maybe the problem lies here?

h@h is smart enough to translate from IPv6 (it does not use it but it is aware of it), it shan't be the issue

It is pretty easy to get frustrated at iptables, but now that we (probably) have controll over it let's try a few (not harmfull) commands:

the 3rd one co0mplained.

CODE

root@server88-208-193-162:~# iptables -P INPUT ACCEPT
root@server88-208-193-162:~# iptables -P FORWARD ACCEPT
root@server88-208-193-162:~# iptables -D INPUT -j DROP
iptables: Bad rule (does a matching rule exist in that chain?).

CODE

root@server88-208-193-162:~# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTA
BLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state N
EW
ACCEPT     udp  --  213.171.217.173      0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  213.171.201.36       0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     udp  --  10.44.53.36          0.0.0.0/0            udp dpt:161 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state N
EW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:69 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:110 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:143 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:123 state
NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:20 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state N
EW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 state
NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:3306 state
NEW
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW,RELATED,
ESTABLISHED
root@server88-208-193-162:~#

After this I tried and...

Spoiler text - Highlight to read...

all 3 Clients online again!

(IMG:[s1.directupload.net] http://s1.directupload.net/images/130526/tjda4zoh.jpg)

Thank you guys, you are now my personal gods! (IMG:[invalid] style_emoticons/default/biggrin.gif)

*shrug* I suck at scripting... forgot sudo. (IMG:[invalid] style_emoticons/default/biggrin.gif)

Anyway, congrats and now relax and take some chocolate milk and relax some more.

Oh but before that, say fuck you iptables a million times and it might pkill -9 itself.

(IMG:[th04.deviantart.net] http://th04.deviantart.net/fs71/PRE/f/2012/043/a/c/fluttershy___yay_by_dantesgrill-d4ph00p.png)

Ufa... your "iptables -L -n" outputs crap. What iptables are doing now must have corrected it
So...

say fuck you iptables a million times

Congrats Ichy, you've now achieved the status of young hacker. Keep reading your book to achiive full status (IMG:[invalid] style_emoticons/default/rolleyes.gif)

On a side note run this in each of the h@h directories (/h/h1, /h/h2 and /h/h3 I think):

CODE

find . -user root

And that no file in the "data" or "cache" directory is given by that find command. We started one of the clients as root once, this is just to make sure that that start did not assign some cache files to root. There's no need to stop the clients or anything.

Oh but before that, say fuck you iptables a million times and it might pkill -9 itself.

fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptablesfuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptablesfuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables ...

On a side note run this in each of the h@h directories (/h/h1, /h/h2 and /h/h3 I think):

Done. In the first Directory it was looking at a lot of porn!

Keep reading your book to achiive full status

Next week is shitty weather so instead of drinking beer at the balcony I will go through soem more chapres.

Done. In the first Directory it was looking at a lot of porn!

(IMG:[invalid] style_emoticons/default/rolleyes.gif)
Apologies for my extreme carefullness but did you mean that it found something in ./cache or ./data?
If so, just run this in the /h/h1 directory:

CODE

chown -R h1 data cache tmp

again no need to restart anything. This is just in case really, to ensure that the user running the client have ownersip of all cache files. Actually run it anyway, I'll spleep better if you do.

Next week is shitty weather so instead of drinking beer at the balcony I will go through soem more chapres.

Cool, I managed to convince you!

Hopefully the seedbox will run ~forever now.

This post has been edited by blue penguin: May 26 2013, 22:38

(IMG:[invalid] style_emoticons/default/rolleyes.gif)
Apologies for my extreme carefullness but did you mean that it found something in ./cache or ./data?
If so, just run this in the /h/h1 directory:

CODE

chown -R h1 data cache tmp

again no need to restart anything. This is just in case really, to ensure that the user running the client have ownersip of all cache files. Actually run it anyway, I'll spleep better if you do.

Cool, I managed to convince you!

Hopefully the seedbox will run ~forever now.

You know..
He can use my script for that..
Even though it probably sucks balls.

since he should chown everything within the H@H folder.

One word of advice, if you're going to be secure in the future or taking advantage of chroot, NEVER and I repeat NEVER use chroot for security purposes.
Instead use another OS like FreeBSD.

fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptablesfuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptablesfuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables fuck you iptables

Good now it should have gotten a buffer overflow and died!

This post has been edited by GanGun : May 27 2013, 00:47

You know..
He can use my script for that..

Sorry GanGun, I actually never read your scripts properly I just skimmed it through and assumed it works (IMG:[invalid] style_emoticons/default/laugh.gif)

But yeah, here it is:

CODE

#!/bin/bash


folder=h

for i in {1..3..1} #Only if you have bash 4.0, if you don't have it, put a # sign on the for loop and delete the other # sign with the for loop.
#for i in 1 2 3
do
    chown $folder$i $folder$i
done

Yet, I'll insist into getting Ichy to run the command in my post. Linux's chown do not chown everything in the directory without -R.

(In the future)

Instead use another OS like FreeBSD.

For a headless machine, definitelly. After this misadventure with iptables I need to express uncoditional love for pfctl on OpenBSD, that's 100 times better then iptables.

Sorry GanGun, I actually never read your scripts properly I just skimmed it through and assumed it works (IMG:[invalid] style_emoticons/default/laugh.gif)

But yeah, here it is: Yet, I'll insist into getting Ichy to run the command in my post. Linux's chown do not chown everything in the directory without -R.

(In the future)For a headless machine, definitelly. After this misadventure with iptables I need to express uncoditional love for pfctl on OpenBSD, that's 100 times better then iptables.

That's why they are shitty, I'm too lazy to RTFM and remember commands I almost never have to use when you're not using Linux as your primary OS. (IMG:[invalid] style_emoticons/default/biggrin.gif)

CODE

#!/bin/bash


folder=h

for i in {1..3..1} #Only if you have bash 4.0, if you don't have it, put a # sign on the for loop and delete the other # sign with the for loop.
#for i in 1 2 3
do
    chown -R $folder$i $folder$i
done

And do note that if the user h1, h2 etc. doesn't exist it wont work.
Still, I don't know if we should go after Linux standard of fixing things (if it aint broken don't fix it) or BSD (if it aint broken fix it so it doesn't break ever).
Because if so that would mean configurating IPTABLE.


This post has been edited by GanGun : May 27 2013, 03:54

Actually run it anyway, I'll spleep better if you do.
ooookay done (IMG:[invalid] style_emoticons/default/wink.gif)

And do note that if the user h1, h2 etc. doesn't exist it wont work.

My users are called h1 h2 and h3 so.
Since nothing went into self destruct I guess I did it right!

Still, I don't know if we should go after Linux standard of fixing things (if it aint broken don't fix it) or BSD (if it aint broken fix it so it doesn't break ever).
Because if so that would mean configurating IPTABLE.

[s14.directupload.net] Oh Noes!

Still, I don't know if we should go after Linux standard of fixing things (if it aint broken don't fix it) or BSD (if it aint broken fix it so it doesn't break ever).
Because if so that would mean configurating IPTABLE.

If it was my machine that I could touch with my hands or at least had the controll over the VM software I would happily go for the BSD approach. This way if something goes wrong I know I can restore it. But here we are dealing with a more complex problem: i.e. we are not dealing with the complexity of software, or hardware and software or even with human to software communication; we are dealing with communicating to a person (Ichy) about the complexity of software.

As Mr. Brooks said ([en.wikipedia.org] The Mythical Man-Month - Frederick Brooks), the difficulty of communicating about complexity grows geometrically with the amount of complexity to be communicated. And as software is one of the most complex tools we have around we would be digging into something we might not be able to take on if we ask Ichy to poke that server more.

Therefore,

Oh Noes!

let's go for the Linux way: The H@H clients are running: leave it, don't touch it. (IMG:[invalid] style_emoticons/default/rolleyes.gif)

Also, that Mythical Man-Month book is the horror of any project manager in software devel (IMG:[invalid] style_emoticons/default/laugh.gif)

ooookay done

And thanks Ichy, I'm sleeping better now

This post has been edited by blue penguin: May 28 2013, 17:43

Any way to stop a Client from using more than 100% of CPU power?

One of my boxes has suddenly started to use 200% and now they are whining because of it (IMG:[invalid] style_emoticons/default/laugh.gif)