On Tue, Jun 10, 2003 at 04:36:23AM -0400, Gene Heskett wrote:
> >> 1: Are the 3 utilities named in the file I sent present and
> >> accounted for, or are we playing mix-n-match here between an rpm
> >> install, and a home built install? rpm doesn't put them in the
> >> above location IIRC, but its been better than 2 years since I last
> >> tried to make the rpm's work, lifes too short for that
> >> harrassment.
> >
> >the machine in question is running gentoo.
> >
> >xinetd was installed from an ebuild. amanda was installed from
> > source.
> >
> >by "3 utilities", i am assuming you are referring to the amandad,
> >amindexd, and amidxtaped binaries. if this is correct, then yes, of
> >course the binaries are accounted for and in the correct place. not
> > all three services are enabled, however, as it is my understanding
> > that the amandaidx and amidxtape services are only required on the
> > tape server host for indexing purposes.
>
> I cannot confirm that as I haven't tried disabling them on my one lone
> client, I'm using that same '/etc/xinetd.d/amanda' file on both
> machines. Someone else with more experience with linux client
> machines may be able to comment on this, and are welcome to. My one
> client is a k6-III rh7.3 with all up2dates installed.
from docs/INSTALL:
E. If you are going to use the indexing capabilities of Amanda,
then add these to your inetd.conf on the tape server host:
amandaidx stream tcp nowait USER AMINDEXD_PATH amindexd
amidxtape stream tcp nowait USER AMIDXTAPED_PATH amidxtaped
> >i am just going to reinstall xinetd. if that does not help, i am
> > just going to trash xinetd (since it's a pos anyways).
>
> xinetd isn't a pos, its quite a bit more secure, and less wastefull of
> system resources than inetd because things don't get started at boot
> time and left around in case they are needed, they are started on
> demand, and killed when the demand is gone. Its also had a couple of
> security related updates fairly recently and the version I have
> installed is now 2.3.11 IIRC. If yours is older, I'd get the latest
> before I re-installed it.
care to back up your statements about how xinetd is "more secure" than
inetd? perhaps its design was intended to fix a few points of concern,
but inetd has been around quite a while. there is no possible way that
a reimplementation can be declared to be more secure than the veteran.
iirc, since xinetd was released, it's been found to have at least one
vulnerability, while i don't recall any vulnerabilities in inetd being
disclosed in that time frame.
i'm puzzled about the "things don't get started at boot time and left
around in case they are needed" bit. [x]?inetd is a superserver. it
creates sockets for particular services and listens on them. when data
is received (udp) or a connection is established (tcp), it executes a
process and uses a pair of pipes for data to and from the process's
stdin/stdout.
> There has to be some reason the services won't start, so please post
> an 'ls -l' of the /usr/local/libexec directory. Also an 'ls -l' of
> the amanda src directory, and a 'cat' of your configuration script.
/usr/local/libexec:
-rwxr-xr-x 1 root disk 53526 May 31 20:29 amandad
-rwsr-x--- 1 root disk 43360 May 31 20:29 calcsize
-rwsr-x--- 1 root disk 37539 May 31 20:29 killpgrp
-rwxr-xr-x 1 root disk 4855 May 31 20:29 patch-system
-rwsr-x--- 1 root disk 34567 May 31 20:29 rundump
-rwsr-x--- 1 root disk 35854 May 31 20:29 runtar
-rwxr-xr-x 1 root disk 59150 May 31 20:29 selfcheck
-rwxr-xr-x 1 root disk 115915 May 31 20:29 sendbackup
-rwxr-xr-x 1 root disk 73858 May 31 20:29 sendsize
-rwxr-xr-x 1 root disk 33725 May 31 20:29 versionsuffix
~/src/amanda-2.4.4:
-rw-r--r-- 1 mike mike 1451 Nov 4 2002 AUTHORS
-rw-r--r-- 1 mike mike 1381 Nov 4 2002 COPYRIGHT
-rw-r--r-- 1 mike mike 2910 Nov 4 2002 COPYRIGHT-APACHE
-rw-r--r-- 1 mike mike 525 Nov 4 2002 COPYRIGHT-REGEX
-rw-r--r-- 1 mike mike 348597 Feb 24 20:39 ChangeLog
-rw-r--r-- 1 mike mike 7463 Nov 4 2002 INSTALL
-rw-r--r-- 1 mike mike 17977 May 31 20:24 Makefile
-rw-r--r-- 1 mike mike 2452 Jan 30 20:38 Makefile.am
-rw-r--r-- 1 mike mike 18088 Feb 24 20:43 Makefile.in
-rw-r--r-- 1 mike mike 15812 Feb 11 20:10 NEWS
-rw-r--r-- 1 mike mike 8186 Nov 4 2002 README
-rw-r--r-- 1 mike mike 133146 Feb 24 20:40 acinclude.m4
-rw-r--r-- 1 mike mike 162914 Feb 24 20:43 aclocal.m4
drwxr-xr-x 2 mike mike 320 May 31 20:24 amplot
drwxr-xr-x 4 mike mike 1920 May 31 20:24 changer-src
drwxr-xr-x 4 mike mike 2096 May 31 20:27 client-src
drwxr-xr-x 4 mike mike 3296 May 31 20:26 common-src
drwxr-xr-x 2 mike mike 104 Apr 14 12:38 conf
drwxr-xr-x 2 mike mike 488 May 31 20:24 config
-rw-r--r-- 1 mike mike 143914 May 31 20:24 config.log
-rwxr-xr-x 1 mike mike 81950 May 31 20:24 config.status
-rwxr-xr-x 1 mike mike 864915 Feb 24 20:43 configure
-rw-r--r-- 1 mike mike 79588 Feb 24 20:41 configure.in
drwxr-xr-x 3 mike mike 256 Feb 24 20:48 contrib
drwxr-xr-x 2 mike mike 808 Jun 10 13:26 docs
drwxr-xr-x 2 mike mike 816 May 31 20:24 example
-rwxr-xr-x 1 mike mike 151369 May 31 20:22 libtool
drwxr-xr-x 2 mike mike 1392 May 31 20:24 man
drwxr-xr-x 2 mike mike 160 Feb 24 20:48 patches
drwxr-xr-x 4 mike mike 736 May 31 20:27 recover-src
drwxr-xr-x 3 mike mike 592 Feb 24 20:48 regex-src
drwxr-xr-x 4 mike mike 376 May 31 20:24 restore-src
drwxr-xr-x 4 mike mike 4240 May 31 20:24 server-src
drwxr-xr-x 4 mike mike 1072 May 31 20:24 tape-src
/usr/local/etc/amanda/normal/amanda.conf:
# amanda configuration file
# configuration name
org "DailyBackup"
# general options
mailto "diz AT hiphopanonymous DOT org"
dumpuser "amanda"
logdir "/var/log/amanda"
tapelist "/var/lib/amanda/tapelist"
# cycle information
dumpcycle 7
tapecycle 1
# tape information
tapedev "/dev/nst0"
tapetype AIT1-SDX-D400C
# resource utiliziation
netusage 300 kbps
inparallel 10
ctimeout 180
# sony SDX-D400C AIT-1 tape definition
define tapetype AIT1-SDX-D400C {
comment "Sony AIT-1 SDX-D400C"
length 35 gb
filemark 100 kbytes
speed 4 mbps
}
# dump type definition for use in archiving the local machine's drive
define dumptype normal-local {
comment "local, normal backup, no software compression"
dumpcycle 7
compress none # never use software compression
holdingdisk no # this is local, don't use the holding disk
}
# dump type definition for use in archiving the local machine's drive using
tar
define dumptype normal-local-tar {
comment "local, normal backup, no software compression"
program "GNUTAR"
dumpcycle 7
compress none # never use software compression
holdingdisk no # this is local, don't use the holding disk
}
# dump type definition for use with network clients on a private (and thus,
# quasi-secure) network
define dumptype normal-net-secure {
comment "secure network, normal backup, no software compression"
dumpcycle 7
compress none
holdingdisk yes
}
# dump type definition for use with network clients over a public (and thus,
# insecure) network
define dumptype normal-net-insecure {
comment "insecure network, normal backup, no software compression,
encryption"
dumpcycle 7
compress none
holdingdisk yes
sencrypt yes
}
# local holding disk
holdingdisk hd1 {
comment "default holding disk"
directory "/var/spool/amanda"
use -10 mb # use all of the disk, leaving 10 MB to spare
chunksize 0
}
# local interface
define interface lo {
comment "local ethernet interface"
use 1000 kbps
}
# network interface
define interface eth0 {
comment "local ethernet interface"
use 300 kbps
}
-mike
------------------------------------------------------------------------
/~\ the ascii 100 buckets of bits on the bus
\ / ribbon campaign 100 buckets of bits
X against html take one down, short it to ground
/ \ email! FF buckets of bits on the bus
|