Page 3 of 3 FirstFirst 123
Results 41 to 59 of 59

Thread: DirectSlave/GO 3 - public beta

  1. #41
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    Also, the "pass" script to create auths is no longer in use?
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  2. #42
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    Wtf?

    [m@regme]~/download$ file directslave-3.2-advanced-all.tar.gz
    directslave-3.2-advanced-all.tar.gz: gzip compressed data, was "directslave-3.2-advanced-all.tar", last modified: Mon Jun 4 12:24:03 2018, from Unix

  3. #43
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    Quote Originally Posted by SeLLeRoNe View Post
    Also, the "pass" script to create auths is no longer in use?
    Since 3.0-beta use
    Code:
    /usr/local/bin/directslave ----password user:password
    to create/update passwd file entries.

    But you able to use old `pass` utility to operate entries. Shure, if your still maintain perl in your system running DS.

  4. #44
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    Can you show me MD5 of directslave-3.2-advanced-all.tar.gz on your side ?

    MD5 (directslave-3.2-advanced-all.tar.gz) = 85088b77fa688b1bcf114c9fc895819c

  5. #45
    Join Date
    Apr 2006
    Location
    Netherlands
    Posts
    80
    Same here,

    # tar -zxvf directslave-3.2-advanced-all.tar.gz
    > gzip: stdin: not in gzip format
    > tar: Child returned status 1
    > tar: Error is not recoverable: exiting now

    # gunzip directslave-3.2-advanced-all.tar.gz
    > gzip: directslave-3.2-advanced-all.tar.gz: not in gzip format

    This works:
    tar -xf directslave-3.2-advanced-all.tar.gz

    md5
    6b79ba421065ab9dc4093ba3f548e524 directslave-3.2-advanced-all.tar.gz

  6. #46
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    I understand what's happening!

    I'm using nginx + gzip on, so all traffic from my server is gzipped out and sent to browser via HTTP/2 in compressed form.
    But if traffic contains archive stream in gzip format, browser unpacks it just like usual traffic stream (yes, including stream file)!

    Repacked bundle with tar+bzip2 and edited a link to bundle.

  7. #47
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    Sorry I was implementing SOLR on my Dovecot Server and I didn't realize I wasn't receiving emails :P

    Glad you found out and it wasn't me

    Thanks for the password tip, I completely forgot that (or probably I didn't use it since I already had my users created )

    Everything is working fine, and the web interface it is very very nice and useful

    I still didn't try the text storage but I guess it will simply work, if not I will post it here

    Thanks for the amazing job

    Best regards
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  8. #48
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    >Thanks for the password tip
    You're welcome

    >Everything is working fine, and the web interface it is very very nice and useful
    It's running for a week in my prod env.

    > text storage but I guess it will simply work
    It should! (also didn't test that)

    Enjoy

  9. #49
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    Okay the text option works perfectly on latest bind but doesn't work on old versions

    I have one of the NS which is an old CentOS 5.11 (cannot update due to the hardware) and use Bind 9.3.6 which doesn't support the masterfile-format option.

    Would be possible to have some sort of check for the bind version to define if to add that option or not? To help you out, that option has been introduced from Bind 9.4.0, before that it will not work

    Thanks
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  10. #50
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    If not, whoever might be interested, I created this crontab:

    Code:
    0 * * * * root if [ "`cat /var/named/slaves.conf | grep masterfile-format`" != "" ]; then sed -i "s/ masterfile-format text;//g" /var/named/slaves.conf; service named restart >/dev/null 2>&1; fi  >/dev/null 2>&1;
    This will check if any zone in the slave file (/var/named/slaves.conf , change all the references to it if different) have that option, if yes it will remove it and restart named, the crontab is set to run every hour.

    Best regards
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  11. #51
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    Sure, I know this and do a simple code trick:

    if you give "masterfile-format" option other than "text" in directslave.conf, it will conpletely remove "masterfile-format" from included template line, so generated line will not contain "masterfile-format". You can give it value of "none" or "nil", but dont' remove it from config conpletely -- DS won't start without it.

  12. #52
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    No it's fine, I keep a standard config file, it was just matter of the slaves.conf file

    Thanks
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  13. #53
    Join Date
    Jan 2007
    Posts
    12
    I;m just testing the product and with the new webinterface it is working really good.
    Only when making some changes at the same time it is taking the TTL before its beeining updated in bind/named.
    Is there an way to force it? So that an change in DA directly will be pushed to bind/named

    in the logging you can see directly the POST /CMD_API_DNS_ADMIN?action=rawsave&domain=

  14. #54
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    Quote Originally Posted by verkerkict View Post
    I;m just testing the product and with the new webinterface it is working really good.
    Only when making some changes at the same time it is taking the TTL before its beeining updated in bind/named.
    Is there an way to force it? So that an change in DA directly will be pushed to bind/named

    in the logging you can see directly the POST /CMD_API_DNS_ADMIN?action=rawsave&domain=
    When DS recv POST data, it triggers the internal queue manager that runs `rndc`.
    As you can see in logs "RNDC queue triggered with NUM events"

    I can move 'trigger' setting to config in next release, so you've be able to set it to 120 seconds or 60 seconds, as you want (now it's 30 seconds).

  15. #55
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115

    [b]!warning![/b]

    !WARNING!
    !WARNING!
    !WARNING!

    Today I discovered DirectSlave 3.2 have a bunch of security breaches in webinterface (XSS) since it have no filtration of data coming through web channel (I completely rely on user's sanity).
    And I really aplogise for that.

    So, I'm working on next release to beat all the bugs out and filter data as much as I can.

    HOTFIX: open /usr/local/directslave/www/templates/login.tpl in editor and remove {{.User}} and {{.Pass}} fields from template.
    Also, remove commented html code.

    OR

    Apply this fix - https://directslave.com/download/dir...-HOTFIX.tar.gz
    Extract directslave/www/templates/login.tpl from archive into /usr/local/directslave/www/templates/ and overwrite login.tpl with archive version.
    Last edited by roman_m; 07-17-2018 at 02:16 AM.

  16. #56
    Join Date
    Jan 2007
    Posts
    12
    Quote Originally Posted by roman_m View Post
    !WARNING!
    !WARNING!
    !WARNING!

    Today I discovered DirectSlave 3.2 have a bunch of security breaches in webinterface (XSS) since it have no filtration of data coming through web channel (I completely rely on user's sanity).
    And I really aplogise for that.

    So, I'm working on next release to beat all the bugs out and filter data as much as I can.
    We got an ip block on the webinterface because it's not necessary to access it from not trusted locations, guess then above problem wont exist?

  17. #57
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    It shouldn't unless you send malformed/malicious data
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  18. #58
    Join Date
    May 2005
    Location
    Ukraine, Kiev
    Posts
    115
    Quote Originally Posted by SeLLeRoNe View Post
    It shouldn't unless you send malformed/malicious data
    this is the sense of all attacks just send malicious data into the right [unsecured] place and yo'we pwn'it!

  19. #59
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,742
    Yes I know
    But he said that they've got an IP block so he is safe, that's what I meant
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •