[SYSTEMS ADMINS & IT MONKEYS] TrackPoint is trademarked. Call it a clit mouse instead.

End

I have not, although you might check to see if something is actually running on the other side of that ssh connection or not

Apothe0sis

Are the processes waiting for input Mike? what happens if you run the scripts manually?

Apothe0sis

FORUMS

Mike Danger

I ran the rsync command manually with -v last night. I unfortunately shut down my computer, so I don't have the exact error message, but it gave me something about "rsync was unable to sync some files" and took me back to the command line. The process exited normally (it didn't hang around like the ones scheduled in cron do, although echo $? gave me a 26 or something weird like that)

Apothe0sis

Would it be hugely problematic to install SQL Server 2005 on a DC? The DC isn't very taxed or high traffic (it's more or less a BDC) and the SQL requirements wouldn't be particularly cumbersome.

Apothe0sis

Mike Danger wrote:

I ran the rsync command manually with -v last night. I unfortunately shut down my computer, so I don't have the exact error message, but it gave me something about "rsync was unable to sync some files" and took me back to the command line. The process exited normally (it didn't hang around like the ones scheduled in cron do, although echo $? gave me a 26 or something weird like that)

Is rsync doing kind of logging? Can you make it do some logging?

Mike Danger

No, but I just discovered how to do it. I'm in the middle of testing out running the command with -v again; once I've done that I'll run it again and get the logfile.

Mike Danger

On second thought, that'd be a colossal waste of time, considering how long it takes this sucker to run. I'm going to kill it and restart it with a logfile now. Will probably have results sometime tomorrow afternoon.

Edit: Not that it takes that long, but I have my other job before that.

Mike Danger

Couldn't sleep. Here's the message that shows up at the end of the log.

2012/02/15 01:31:58 [28460] sent 19715382154 bytes  received 7398902 bytes  3016869.00 bytes/sec
2012/02/15 01:31:58 [28460] total size is 73631586277  speedup is 3.73
2012/02/15 01:31:58 [28460] rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1060) [sender=3.0.7]

The errors seem to be mostly like this one:

2012/02/15 01:22:37 [28460] rsync: readlink_stat("/old_spears/home/www/web/htdocs/text_2005/resources/testtest.php") failed: Input/output error (5)

electricitylikesme

Mike Danger wrote:

Couldn't sleep. Here's the message that shows up at the end of the log.

2012/02/15 01:31:58 [28460] sent 19715382154 bytes  received 7398902 bytes  3016869.00 bytes/sec
2012/02/15 01:31:58 [28460] total size is 73631586277  speedup is 3.73
2012/02/15 01:31:58 [28460] rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1060) [sender=3.0.7]

The errors seem to be mostly like this one:

2012/02/15 01:22:37 [28460] rsync: readlink_stat("/old_spears/home/www/web/htdocs/text_2005/resources/testtest.php") failed: Input/output error (5)

Those are disk/filesystem errors. You need to fsck, and possibly replace your disk.

Mike Danger

Thanks! Man, we have been having disk problems around here left and right.

Feral

Apothe0sis wrote:

Would it be hugely problematic to install SQL Server 2005 on a DC? The DC isn't very taxed or high traffic (it's more or less a BDC) and the SQL requirements wouldn't be particularly cumbersome.

Should be okay. It might throw an error during the part where it checks your server for readiness, but you should be able to click past that.

bowen

I remember getting an error for installing something on the DC, maybe remote desktop server.

Yeah fuck you if you think I'm managing domain controllers on site, or not at my desk.

ghost_master2000

What DC wouldn't have a remote desktop server on it already?

Can anybody suggest a good way to keep an eye on the security of a Web server, and maybe test against possible attacks? I've got a webserver/FTP server, and I'm unfortunately clueless on how to protect that outside of only allowing in the specific ports/protocols for Http/https/ftp.

bowen

Well, obviously you should have an appropriate hardware firewall between your network and the external ones.

Port forwarding would take care of 99% of the attacks you'll come across, so, if you only port forward 80 to the webserver, after that, there are probably no active tools to diagnose remote access, other than antivirus software?

Feral

You can find white papers online about hardening Apache or IIS.

bowen

Feral wrote:

You can find white papers online about hardening Apache or IIS.

I kid.

god I hated the IIS server we used to have, piece of shit that was.

ghost_master2000

Yeah, I've got a hardware firewall, and that's where the port forwarding is set up.

It is unfortunately an IIS server due to requirements by a certain piece of software running on it. i'll take a look for those white papers, but it's good to know I've got most problems covered.

What about the situations like where a websites database got hacked and data was pulled? How do they even know it happened?

bowen

ghost_master2000 wrote:

Yeah, I've got a hardware firewall, and that's where the port forwarding is set up.

It is unfortunately an IIS server due to requirements by a certain piece of software running on it. i'll take a look for those white papers, but it's good to know I've got most problems covered.

What about the situations like where a websites database got hacked and data was pulled? How do they even know it happened?

Googling their company's name? As far as I'm aware most people don't know they've been hacked until someone defaces the website or it is extremely obvious (DDoS).

ghost_master2000

Ok, I guess I have most of the bases covered then. I appreciate your help.

Apothe0sis

ghost_master2000 wrote:

What DC wouldn't have a remote desktop server on it already?

Can anybody suggest a good way to keep an eye on the security of a Web server, and maybe test against possible attacks? I've got a webserver/FTP server, and I'm unfortunately clueless on how to protect that outside of only allowing in the specific ports/protocols for Http/https/ftp.

To test against possible attacks i.e. pen/vuln testing you're looking at something like Acunetix, or Metasploit (Acunetix is super cheap compared to its competition and super good). For actually monitoring you're looking at a few different strategies, but they range from the expensive (i.e. general monitoring solution), to the expensive and complicated (IPS).

Apothe0sis

bowen wrote:

I remember getting an error for installing something on the DC, maybe remote desktop server.

Yeah fuck you if you think I'm managing domain controllers on site, or not at my desk.

Exchange definitely complains.

I saw SQL done in a few production environments recently and I think it would help prevent some sprawl, which I would like.

EDIT: Remote Desktop connectivity is included for up to 2 users in all server installs. You don't need to install Terminal Services or Remote Desktop Services.

bowen

Maybe it was exchange then. Fuck you exchange. Imma install you on the domain controller anyways you pieces of shits.

Djeet

ghost_master2000 wrote:

What about the situations like where a websites database got hacked and data was pulled? How do they even know it happened?

You'd be surprised how much data gets compromised by people not doing basic due diligence (e.g. not hardening servers by disabling unneeded services, not blocking basic port access, using default passwords). This one impatient fellow really wanted a VoIP server provisioned fast for a proof of concept. I was swamped and told him it'd be a week before I could do it. He decided to do it himself. At the time I washed my hands of it and told him I wasn't going to be responsible for it as I'd have to puzzle out how he configured it because he couldn't tell me what he'd done. Hacked after a couple of weeks cause he used default passwords on the web admin interface and DB server. Thankfully our SIP provider decided to halt services when they saw hundreds of calls to satellite phones.

Feral

bowen wrote:

Maybe it was exchange then. Fuck you exchange. Imma install you on the domain controller anyways you pieces of shits.

Yeah, Exchange on an Active Directory server is a bad idea, even a low-traffic AD server. A lot of Exchange techs at Microsoft treat Small Business Server like some kind of black magic because of this.

A low-traffic SQL server install is fine.

bowen

Feral wrote:

bowen wrote:

Maybe it was exchange then. Fuck you exchange. Imma install you on the domain controller anyways you pieces of shits.

Yeah, Exchange on an Active Directory server is a bad idea, even a low-traffic AD server. A lot of Exchange techs at Microsoft treat Small Business Server like some kind of black magic because of this.

A low-traffic SQL server install is fine.

Oh? SBS is just shit, but, installing exchange on the AD server seems fine.

Apothe0sis

The SQL has installed fine, but it threw a warning. No problems encountered.

lwt1973

I install a new computer and find out from the user that the monitors go into sleep mode after 20-30 minutes usually.

I check out the settings and change it to never sleep, I swap the cords, update the drivers, and the bios, and it still does it so I crack open the box. The video card is blazing hot because stupid dell didn't secure all the loose power cords and one of the cords was resting on the video card's fan jamming it. Heat + Video card = shutdown.

Thanks Dell.

TL DR

Oh, speaking of Dell...!

I've been working a warranty case that began when a client's server failed to reboot properly after installing updates, giving the error 'OS not found'. Dell OpenManage reports that the RAID is degraded, although the physical disks all check out OK. It also reports a missing non-RAID disk that was never shipped with the system.

Dell's support has been stellar here, trying such innovative solutions as "have you tried reinstalling OpenManage". When replacing the motherboard and RAID controller failed to resolve the issue and I speculated that perhaps it was configured improperly before shipment, my Dell contact's response was I guess you'll just have to reinstall Windows.

bowen

Oh did you get Vajramani or maybe Surajit ? They're usually pretty not helpful.

GnomeTank

Dell's server department has gone down the shitter in the last few years. They used to be pretty good systems if you couldn't afford a top end HP or IBM...now they're just shit. We ordered a development server from there that within six months had two failing disks in it's SAS array. Sure, it could just be random coincidence, or it could be that Dell's manufacturing standards have plummeted and they are causing hardware damage at the factory. In any case, the post-sell support was terrible. Trying to get to a real person who could actually help us get new drives took several hours.

We ended up having to order the drives from another source, because it was going to take Dell several weeks to get us new ones. Not because they were out of stock, but because all the ones they had were allocated to new systems, and selling a new system was far more important to them than supporting an old one.

bowen

What gets me is the huge ass turnaround on support. I basically have to prove to them that Zeus himself shot a lightning bolt at my hard drives in order for them to not spend 5 days approving the need to send a replacement drive. Let alone the extra week it'll take to get here. This is with next day shipping support.

Or I could take that same $2,000 and pocket it and buy a drive off newegg and have it here next day. Fuck it I almost want to start my own server business because fuck these huge companies and their shitty policies.

bowen

Alternatively: There really needs to be a linux active desktop alternative to windows and exchange. Something that doesn't require weeks to set up and a team of specialists to support. And also 0 config exchange alternative (IMAP) that uses current permissions/user to log in with.

GnomeTank

Even if it existed, places that are Microsoft shops wouldn't use it. Everything you described is completely possible today, using an IMAP server with LDAP integration...but no one is going to stick a Linux mail server in to their Windows AD network...too much unknown.

bowen

I know. If there was plug and play OS shit like MS had I'd be all over that, and then just attach an MS RDP server to it and call it a day.

GnomeTank

I actually refused to run our source control on a Windows machine at my last position. I just setup Subversion on FreeBSD and tied it in to our AD LDAP system for authentication and permissions. Worked like a charm, and that FreeBSD server was the only one that never gave us problems.

bowen

Yeah I piss way too much of my time on windows "oh it needs a reboot" issues. Granted that's like twice a year but still.

TL DR

bowen wrote:

Oh did you get Vajramani or maybe Surajit ? They're usually pretty not helpful.

No, I'm thinking this issue is systemic and not racial.

GnomeTank

TL DR wrote:

bowen wrote:

Oh did you get Vajramani or maybe Surajit ? They're usually pretty not helpful.

No, I'm thinking this issue is systemic and not racial.

Except that the race and English speaking skills of the techs tends to be part of the system, and can't be flippantly ignored because it's an uncomfortable reality. A lot of companies use customer service centers in that part of the world, and a lot of those same companies have terrible customer service. It can't be an ignored correlation, though it's surely not causation.

TyrantCow

we always get the 24x5 support from dell, and it's never been anything short of spectacular.

never on hold for more than a couple minutes, next day parts.

i fought with some hardware problems on a server they sent me, next day got the parts that we deduced had failed. didn't work, next day a tech came out worked on it for a couple hours, no luck. two days later i had a completely new machine waiting for me when i got in.