On Monday 19 May 2003 14:39, Rebecca Pakish Crum wrote:
>> You might have to reverse that rule too.  If there is a timeout
>> in the firewall, then the client is blocked from making its
>> reply as that socket has been torn down.  The client should be
>> able to re-open it in that case.
>
>Yeah, I did...just in case, forgot to mention it, tho...
>
>> Then you go back to the debug logs as someone else suggested and
>> see how long it takes, then give it another 50% in time cushion
>> for all conditions.
>
>My /tmp dir has apparently cleared since my last good backup of
> this client. The only thing I have are all of my debug files from
> failed attempts. ?? All I have is several amandad.*.debug files
> that don't last any more than a minute or so. I can see my
> dumper/taper stats from previous successful backups...but that's
> about it.

How about reconfguring it to put those files someplace a bit more 
permanent long enough to troubleshoot this?

>> As far as "not being big enough to worry about that", scuse me,
>> but is it exposed to the internet at all?  If so, you need that
>> stuff. I'd much rather read about failed attempts in the logs
>> than have to clean up after some script kiddie by doing a fresh
>> install.  Who knows, maybe the problem is that you've already
>> been rooted, and amanda is the only visible casualty.  However,
>> I do tend to let the router and the firewall have all the
>> responsibility in that somebody has to get thru both to get into
>> things here, but these two machines have carte blanche with each
>> other, with iptables doing the connections between 2 seperate
>> ethernet cards, and  a dsl router between that and the dsl
>> modem.
>
>When I say "not big enough" I mean that we don't have these big
> huge departments where only certain people at certain
> workstations have rights to certain servers and whatnot. These
> two servers do have carte blanche to each other...as far as the
> firewall routing goes, one as the web server...one as the backup
> server. We harden these boxes pursuant to their jobs, so there
> aren't any more services than necessary available and we kill
> everyone else at the firewall. My fw logs and server logs are
> clean of any signs of compromise.

I was "Just checkin", girl.  One tries not to leave too many stones 
unturned when looking for clues :)

>> However that sol6 install might be Jon's area of expertise too.
>
>Hate that this box is running sol6, hate that's it's running
> outdated NGfw...we technically sold this company last year so my
> hands are tied until the new owners take this dinosaur off of my
> hands. Just trying to keep it backed up.

Yeah, 'tis kinda ancient, and I notice Jon's being quiet, too quiet, 
he is letting me hang my self by my own petard here. :-)

OTOH, conversation that might bring up the problem is always good.  
Me, I know diddly about solaris other than what little has soaked 
in thru osmosis from this group.  And thats not a lot...

>> --
>> Cheers, Gene
>> AMD K6-III@500mhz 320M
>> Athlon1600XP@1400mhz  512M
>> 99.26% setiathome rank, not too shabby for a WV hillbilly
>> Yahoo.com attornies please note, additions to this message by
>> Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett,
>> all rights reserved.

-- 
Cheers, Gene
AMD K6-III@500mhz 320M
Athlon1600XP@1400mhz  512M
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attornies please note, additions to this message
by Gene Heskett are:
Copyright 2003 by Maurice Eugene Heskett, all rights reserved.