SeLLeRoNe
Super Moderator
Also, the "pass" script to create auths is no longer in use?
DirectSlave/GO 3 - public beta
- Thread starter roman_m
- Start date
roman_m
Verified User
Wtf?
[m@regme]~/download$ file directslave-3.2-advanced-all.tar.gz
directslave-3.2-advanced-all.tar.gz: gzip compressed data, was "directslave-3.2-advanced-all.tar", last modified: Mon Jun 4 12:24:03 2018, from Unix
[m@regme]~/download$ file directslave-3.2-advanced-all.tar.gz
directslave-3.2-advanced-all.tar.gz: gzip compressed data, was "directslave-3.2-advanced-all.tar", last modified: Mon Jun 4 12:24:03 2018, from Unix
roman_m
Verified User
Since 3.0-beta use
Code:
/usr/local/bin/directslave ----password user:passwordBut you able to use old `pass` utility to operate entries. Shure, if your still maintain perl in your system running DS.
roman_m
Verified User
Can you show me MD5 of directslave-3.2-advanced-all.tar.gz on your side ?
MD5 (directslave-3.2-advanced-all.tar.gz) = 85088b77fa688b1bcf114c9fc895819c
MD5 (directslave-3.2-advanced-all.tar.gz) = 85088b77fa688b1bcf114c9fc895819c
DhoTjai
Verified User
Same here,
# tar -zxvf directslave-3.2-advanced-all.tar.gz
> gzip: stdin: not in gzip format
> tar: Child returned status 1
> tar: Error is not recoverable: exiting now
# gunzip directslave-3.2-advanced-all.tar.gz
> gzip: directslave-3.2-advanced-all.tar.gz: not in gzip format
This works:
tar -xf directslave-3.2-advanced-all.tar.gz
md5
6b79ba421065ab9dc4093ba3f548e524 directslave-3.2-advanced-all.tar.gz
# tar -zxvf directslave-3.2-advanced-all.tar.gz
> gzip: stdin: not in gzip format
> tar: Child returned status 1
> tar: Error is not recoverable: exiting now
# gunzip directslave-3.2-advanced-all.tar.gz
> gzip: directslave-3.2-advanced-all.tar.gz: not in gzip format
This works:
tar -xf directslave-3.2-advanced-all.tar.gz
md5
6b79ba421065ab9dc4093ba3f548e524 directslave-3.2-advanced-all.tar.gz
roman_m
Verified User
I understand what's happening!
I'm using nginx + gzip on, so all traffic from my server is gzipped out and sent to browser via HTTP/2 in compressed form.
But if traffic contains archive stream in gzip format, browser unpacks it just like usual traffic stream (yes, including stream file)!
Repacked bundle with tar+bzip2 and edited a link to bundle.
I'm using nginx + gzip on, so all traffic from my server is gzipped out and sent to browser via HTTP/2 in compressed form.
But if traffic contains archive stream in gzip format, browser unpacks it just like usual traffic stream (yes, including stream file)!
Repacked bundle with tar+bzip2 and edited a link to bundle.
SeLLeRoNe
Super Moderator
Sorry I was implementing SOLR on my Dovecot Server and I didn't realize I wasn't receiving emails 
Glad you found out and it wasn't me
Thanks for the password tip, I completely forgot that (or probably I didn't use it since I already had my users created)
Everything is working fine, and the web interface it is very very nice and useful
I still didn't try the text storage but I guess it will simply work, if not I will post it here
Thanks for the amazing job
Best regards
Glad you found out and it wasn't me
Thanks for the password tip, I completely forgot that (or probably I didn't use it since I already had my users created
)Everything is working fine, and the web interface it is very very nice and useful
I still didn't try the text storage but I guess it will simply work, if not I will post it here
Thanks for the amazing job
Best regards
roman_m
Verified User
>Thanks for the password tip
You're welcome
>Everything is working fine, and the web interface it is very very nice and useful
It's running for a week in my prod env.
> text storage but I guess it will simply work
It should! (also didn't test that)
Enjoy
You're welcome
>Everything is working fine, and the web interface it is very very nice and useful
It's running for a week in my prod env.
> text storage but I guess it will simply work
It should! (also didn't test that)
Enjoy
SeLLeRoNe
Super Moderator
Okay the text option works perfectly on latest bind but doesn't work on old versions
I have one of the NS which is an old CentOS 5.11 (cannot update due to the hardware) and use Bind 9.3.6 which doesn't support the masterfile-format option.
Would be possible to have some sort of check for the bind version to define if to add that option or not? To help you out, that option has been introduced from Bind 9.4.0, before that it will not work
Thanks
I have one of the NS which is an old CentOS 5.11 (cannot update due to the hardware) and use Bind 9.3.6 which doesn't support the masterfile-format option.
Would be possible to have some sort of check for the bind version to define if to add that option or not? To help you out, that option has been introduced from Bind 9.4.0, before that it will not work
Thanks
SeLLeRoNe
Super Moderator
If not, whoever might be interested, I created this crontab:
This will check if any zone in the slave file (/var/named/slaves.conf , change all the references to it if different) have that option, if yes it will remove it and restart named, the crontab is set to run every hour.
Best regards
Code:
0 * * * * root if [ "`cat /var/named/slaves.conf | grep masterfile-format`" != "" ]; then sed -i "s/ masterfile-format text;//g" /var/named/slaves.conf; service named restart >/dev/null 2>&1; fi >/dev/null 2>&1;This will check if any zone in the slave file (/var/named/slaves.conf , change all the references to it if different) have that option, if yes it will remove it and restart named, the crontab is set to run every hour.
Best regards
roman_m
Verified User
Sure, I know this and do a simple code trick:
if you give "masterfile-format" option other than "text" in directslave.conf, it will conpletely remove "masterfile-format" from included template line, so generated line will not contain "masterfile-format". You can give it value of "none" or "nil", but dont' remove it from config conpletely -- DS won't start without it.
if you give "masterfile-format" option other than "text" in directslave.conf, it will conpletely remove "masterfile-format" from included template line, so generated line will not contain "masterfile-format". You can give it value of "none" or "nil", but dont' remove it from config conpletely -- DS won't start without it.
SeLLeRoNe
Super Moderator
No it's fine, I keep a standard config file, it was just matter of the slaves.conf file
Thanks
Thanks
verkerkict
Verified User
- Joined
- Jan 19, 2007
- Messages
- 13
I;m just testing the product and with the new webinterface it is working really good.
Only when making some changes at the same time it is taking the TTL before its beeining updated in bind/named.
Is there an way to force it? So that an change in DA directly will be pushed to bind/named
in the logging you can see directly the POST /CMD_API_DNS_ADMIN?action=rawsave&domain=
Only when making some changes at the same time it is taking the TTL before its beeining updated in bind/named.
Is there an way to force it? So that an change in DA directly will be pushed to bind/named
in the logging you can see directly the POST /CMD_API_DNS_ADMIN?action=rawsave&domain=
roman_m
Verified User
When DS recv POST data, it triggers the internal queue manager that runs `rndc`.
As you can see in logs "RNDC queue triggered with NUM events"
I can move 'trigger' setting to config in next release, so you've be able to set it to 120 seconds or 60 seconds, as you want (now it's 30 seconds).
roman_m
Verified User
[b]!warning![/b]
!WARNING!
!WARNING!
!WARNING!
Today I discovered DirectSlave 3.2 have a bunch of security breaches in webinterface (XSS) since it have no filtration of data coming through web channel (I completely rely on user's sanity).
And I really aplogise for that.
So, I'm working on next release to beat all the bugs out and filter data as much as I can.
HOTFIX: open /usr/local/directslave/www/templates/login.tpl in editor and remove {{.User}} and {{.Pass}} fields from template.
Also, remove commented html code.
OR
Apply this fix - https://directslave.com/download/directslave-3.2-login-XSS-HOTFIX.tar.gz
Extract directslave/www/templates/login.tpl from archive into /usr/local/directslave/www/templates/ and overwrite login.tpl with archive version.
!WARNING!
!WARNING!
!WARNING!
Today I discovered DirectSlave 3.2 have a bunch of security breaches in webinterface (XSS) since it have no filtration of data coming through web channel (I completely rely on user's sanity).
And I really aplogise for that.
So, I'm working on next release to beat all the bugs out and filter data as much as I can.
HOTFIX: open /usr/local/directslave/www/templates/login.tpl in editor and remove {{.User}} and {{.Pass}} fields from template.
Also, remove commented html code.
OR
Apply this fix - https://directslave.com/download/directslave-3.2-login-XSS-HOTFIX.tar.gz
Extract directslave/www/templates/login.tpl from archive into /usr/local/directslave/www/templates/ and overwrite login.tpl with archive version.
Last edited:
verkerkict
Verified User
- Joined
- Jan 19, 2007
- Messages
- 13
We got an ip block on the webinterface because it's not necessary to access it from not trusted locations, guess then above problem wont exist?
SeLLeRoNe
Super Moderator
It shouldn't unless you send malformed/malicious data
roman_m
Verified User
It shouldn't unless you send malformed/malicious data
this is the sense of all attacks
just send malicious data into the right [unsecured] place and yo'we pwn'it!
SeLLeRoNe
Super Moderator
Yes I know
But he said that they've got an IP block so he is safe, that's what I meant
But he said that they've got an IP block so he is safe, that's what I meant