Issues with net-snmp update on some boxes

On only two boxes I manage, I had problems updating net-snmp to net-snmp- During the compile I would receive the following failure message:

chmod 755 ../blib/arch/auto/NetSNMP/TrapReceiver/
cp ../blib/arch/auto/NetSNMP/TrapReceiver/
chmod 644 ../blib/arch/auto/NetSNMP/TrapReceiver/
Manifying ../blib/man3/NetSNMP::TrapReceiver.3pm
make[2]: Leaving directory `/var/tmp/portage/net-analyzer/net-snmp-'
make[1]: Leaving directory `/var/tmp/portage/net-analyzer/net-snmp-'
Traceback (most recent call last):
  File "", line 2, in <module>
    from setuptools import setup, Extension, find_packages
ImportError: No module named setuptools
make: *** [pythonmodules] Error 1

Dell PowerEdge SC Servers - great deals for linux servers

Over the years, I've set up multiple firewalls and fileservers for clients and my own office. What I require is a server platform that is Gentoo Linux friendly with quality components and at an affordable price. Early on, I was a big fan of the Dell PowerEdge 400SC. I remember picking those up (without operating system) for around $200! I stuck with them when they went to the 410SC, 420SC and the 430SC series. The 430SC series is when they changed their look to a sleaker design which is what is available in the new 440SC series.

Dell have been hit and miss when it comes to laptops and workstations, but their switches and SC series servers have been fantastic for me and my clients. If you plan on installing Gentoo on these, you will need to configure SATA in the kernel along with a few other 'gotchas'. If you're interested, I would be more than happy to provide a one of my kernel configs to get you up and running.

Configuring VSFTPD for secure connections (TLS/SSL)

I wanted to tighten up my FTP service. Currently, I use and love vsftpd. Unfortunately, as far as I know, it does not support SFTP protocol, but it does support TLS/SSL handling.

You will need to ensure that the vstpd has been compiled with ssl support. Here are my current USE flags for vsftpd:

net-ftp/vsftpd-2.0.6  USE="pam ssl tcpd -caps -logrotate (-selinux) -xinetd"

The first step is to create a self-signed certificate:

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Next, we need to add some additional configuration options to /etc/vsftpd/vsftpd.conf

Amavisd-new starting to segfault?

Starting Nov 8, I've been seeing fairly consistent segfaults from amavisd. I'm unable to determine what is causing it. Below is a listing of occurances in /var/log/messages. The server has been running fine (normal load - mail traffic is normal). Also I checked uptime (reboot was Nov.1) and recent emerges. The only emerges close Nov.8 was rrdtool and cacti (11/5 and 11/6). I posted this on the Gentoo forums to see if someone can point me in the right direction. I saw mention that this could be related to hardware. I'm hoping this is not the case, especially since it seems to point to perl5.8.8.

Dansguardian - Error connecting via ipc to log [SOLVED]

Earlier this year, I was receiving logs stating that dansguardian could not connect to IPC socket. I just recently upgraded dansguardian (2.10-r1) and finally found the problem. I originally posted this issue in February on the Gentoo forums and didn't receive any response. Today, I found the problem and the fix.

Below is an example of the logs:

Osiris Update - Went Smooth

I was bummed out when the Gentoo maintainers removed osiris from portage due to inactivity. Because of this I had to 'unmask' this package to keep my system somewhat happy. I've been a big fan of osirisd/osirismd for a long long time. I think it's the best file integrity checker out there. I always hated systems that kept the database on the host. These should be stored on a remote host. Samhain does something similar, but osiris is just so simple and clean. It's absolutely perfect.

Today, I saw that osiris is back in portage and with the latest version of 4.2.3. I do have a lot of client hosts, so I figured I would spend most of the day upgrading to this version, but the upgrade went extremely smooth. Simply emerging osiris on all boxes and restarting osirisd on the clients and osirismd on the host and I was back up and running in no time.

Thanks Gentoo for bringing it back!

MSN Featured Offer Spam - Spamassasin rule to stop it

Started seeing some MSN Featured Offer Spam on one of my mailservers. The annoying part is that has a forged 'from' value to match the recipient. On top of that, it's being sent from a secondary MX server which is allowing relaying to my domains. So I can't block that server from sending it, and we prevented spam filtering on that since users would not be able to retrieve messages if they are quarantined on that box.

The messages look like this:


So a buddy of mine told me about Synergy and I had to try it out for myself. Basically, Synergy allows you to manage keyboard, video and mouse across computers using a single host. Now, when I heard this, I didn't think it was a big deal. Just another KVM or something to that affect. But it's so much cooler than that. To help you understand, I'll break down my basic work station set up.

Currently, I have a little Dell work station with dual monitors and extended desktop running Windows. I also have another monitor next to it that is connected to my Gentoo development server. That server does alot of little things. It's my MP3 server, development server, backup server, gkrellm server, etc. So I usually need to know what's happening with that machine at all times. Normally, I have a KVM installed on that, and when I need to, I switch to that KVM to manage it. It's clunky, but I thought that was my only option.

Basically, here is the monitor line up

Quick fix for e2fsprogs, com_err, and ss blockers

Sometimes with Gentoo you'll run across some weird 'blocker' issues. Meaning that certain older packages/libraries/etc are blocked in order to do the update. Sometimes these are super easy to fix, usually by unmerging the blocked packages and emerging the new update package. Sometimes, it's a pain. The e2fsprogs and e2fsprogs-lib blocker problem is an example of a 'sticky' situation. richard.scott posted the solution at the Gentoo Forum, but I'll repost here. It worked like a charm for me.

# echo "<=app-crypt/mit-krb5-1.6.3-r2" >> /etc/portage/package.keywords
# emerge -f e2fsprogs e2fsprogs-libs
# emerge --unmerge ss com_err e2fsprogs
# emerge e2fsprogs

Dell PowerConnect 2708/2716 Gigabit Switches

Over the last couple of years, I had two cisco/linksys gigabit switches die on me. I've been around networking and computers for a long, long time, and I've never seen switches go out. They've always been rock solid and always reliable. I have seen a switch port go out, but that's about it. About two years ago I started using a small cisco/links gigabit 8 port switch (SD2008) for my network, and one day all the switch ports were dead. Power cycling, etc. did nothing for it so I had to replace it with an extra old switch I had laying around. I thought it was weird and that it was a fluke. Fast forward to last month, and a friend of mine has the same switch (SD2008) near the time I purchased mine, except it's now branded as linksys, and we started experiencing problems with the network.

Syndicate content