• Nanook
    Nanook

    New Links

    Post by Nanook » Mon Nov 12, 2018 5:35 pm
    New Links
    Posted on November 12, 2018

    I’ve added a couple of links to our links pull down on our web site. One is to something called “Tech Rights” which deal with things like copyrights, patents, and particularly how they affect the open source and technological user community.

    The second link that I have added is to “Open Source“, a website that has many good technical articles including many good tutorials regarding how to utilize Linux and Open Source software. These will help you make better use of many of the facilities here.

  • Nanook
    Nanook
  • Nanook
    Nanook

    Reboots Completed
    Posted on November 7, 2018

    Reboots to make active security patches have been completed. Sorry it took me somewhat longer than anticipated owing to I had a couple of machines that were stubborn and did not want to go down for reboot.

  • Nanook
    Nanook

    Reboots – Nov 7th 01:30-02:00
    Posted on November 7, 2018

    I will be rebooting all of the Intel based machines between 1:30AM – 2:00AM November 7th to make active several security updates that patch serious issues with openssl, systemd, and DNS.

    Downtime for any given machine should not exceed about 15 minutes. Most will be less.

  • Nanook
    Nanook

    Name Service Issues Early Morning November 3rd

    Post by Nanook » Sat Nov 03, 2018 2:58 pm
    Posted on November 3, 2018

    I did not expect last night to be a maintenance night but it had other ideas. Around 3AM name service for our own hosts failed although our name servers were still resolving external hosts fine.

    The issue was caused by an update that replaced the named apparmor profile on the master name server. We use a hidden master (a master which is not reachable from the outside world) for security reasons. I use a file system layout for named that is different from the default Ubuntu layout. I had to modify the apparmor profile accordingly. When the update replaced my modified profile, it resulted in named not being able to read some of it’s configuration files and then failing to resolve local host names as a result.

    This has been corrected.

  • Nanook
    Nanook

    Upgrades Completed
    Posted on October 27, 2018

    All of the physical hosts have now been upgraded to Ubuntu 18.10. There were a couple of issues, the upgrade replaced /etc/defaults/nis and turned the NIS servers off. It took me several hours to find and correct that.

    Second problem was that some of the old kvm machine types, including the one that our web server used, were no longer supported on the i7-6850 platform. Finally found that and changed the virtual machines to currently supported machine types which actually improve security.

    I did not expect to use the entire midnight – 6AM time frame but as it happened got everything back online at 5:50AM so almost went over. If you encounter any problems please use Support->Tickets to generate a ticket. Thank you.

  • Nanook
    Nanook

    Since we recently upgraded the mail servers, it comes with a newer postfix that supports more rules aimed at stopping spam and forgery and I’ve added some of those. Hopefully they will not break any legitimate mail, but if you do get reports of mail bounced, if you can get copies of the bounced messages to me with full headers, this will be very helpful in diagnosing any problems that may result. Hopefully this will not happen, but if it does please know I need to have full headers to diagnose this kind of problem.

  • Nanook
    Nanook

    We upgraded our main web server to Ubuntu 18.10 Cosmic Cuttlefish early this morning. I did not become aware until later this morning that the upgrade broke NIS which is how the system propagates information about users between machines. This has been corrected as of about 10:45 AM this morning the 22nd of October, 2018.

  • Nanook
    Nanook

    Incoming Mail Servers Upgraded
    Posted on October 21, 2018

    I managed to get everything working on new mail servers based upon Ubuntu 18.04 and for me at least spam filtering is working much better. Prior to the upgrade I was getting between 1/3rd and 1/4th of spam in my INBOX rather than spam box, now I am getting 1/25 spams in my INBOX the rest to the spam box and so far no false positives.

    The new servers bring new versions of just about all of the spam control facilities, new versions of spamassassin, postgres, dkim, spf milter, clamav, etc. It’s still older version of postfix, procmail, and smartlist because I can not get the newer versions to play together well owing to the fact that they each want to operate in their own chroot jail which unfortunately doesn’t give them access to each other which they need to function. I think eventually I will be able to get the newer version of postfix working but the new procmail is too broken.

  • Nanook
    Nanook

    Julinux.Yellow-Snow.Net Fixed
    Posted on October 20, 2018

    The shell server julinux.yellow-snow.net is now back in operation. After going down a lot of rabbit holes, I thought to ask systemd the status of nis, and low and behold it was disabled. I re-enabled it and now all is well. So when you do an upgrade of ubuntu or a Ubuntu-derived distribution that is something to lookout for.