Saturday, November 27, 2004
Domain status codes
For many administrators there are some problems about Domain Registration Status.I was conusing about unless read such this article ...
Below are the various domain status codes and a brief description of each (from RFC2832).
ACTIVE
This is the default status of a domain at registration time. The registry sets the domain to this status. The domain is modifiable by the registrar. The domain can be renewed. The domain SHALL be included in the zone file when in this status if the domain has at least one associated name server.
REGISTRY-LOCK
The registry sets the domain to this status. The domain cannot be modified or deleted by the registrar. The registry MUST remove the REGISTRY-LOCK status for the registrar to modify the domain. The domain can be renewed. The domain SHALL be included in the zone file when in this status if the domain has at least one associated name server.
REGISTRY-HOLD
The registry sets the domain to this status. The domain cannot be modified or deleted by the registrar. The registry MUST remove the REGISTRY-HOLD status for the registrar to modify the domain. The domain can be renewed. The domain SHALL NOT be included in the zone file when in this status.
REGISTRAR-HOLD
The registrar of the domain sets the domain to this status. The domain can not be modified or deleted when in this status. The registrar MUST remove REGISTRAR-HOLD status to modify the domain. The domain can be renewed. The domain SHALL NOT be included in the zone file when in this status.
REGISTRAR-LOCK
The registrar of the domain sets the domain to this status. The domain cannot be modified or deleted when in this status. The registrar MUST remove REGISTRAR-LOCK status to modify the domain. The domain can be renewed. The domain SHALL be included in the zone file when in this status.
REGISTRY-DELETE-NOTIFY
A domain is set on this status if it has expired and has child name servers that are hosting other domains. Only the registry may set this status. The domain SHALL be included in the zone file when in this status if the domain has at least one associated name server.
The domain deletion progresses through the following statuses:
REDEMPTIONPERIOD
A domain name is placed in REDEMPTIONPERIOD status when a registrar requests the deletion of a name that is not within the Add Grace Period. A name that is in REDEMPTIONPERIOD status will not be included in the zone file. A registrar can not modify or purge a name in REDEMPTIONPERIOD status. The only action a registrar can take on a name in REDEMPTIONPERIOD is to request that it be restored. Any other registrar requests to modify or otherwise update the domain will be rejected. Unless restored, the domain will be held in REDEMPTIONPERIOD status for a specified number of calendar days. The current length of this Redemption Period is thirty calendar days.
PENDINGDELETE
A domain name is placed in PENDINGDELETE status if it has not been restored during the Redemption Period. A name that is in PENDINGDELETE status will not be included in the zone file. All registrar requests to modify or otherwise update a domain in PENDINGDELETE status will be rejected. A domain name is purged from the registry database a specified number of calendar days after it is placed in PENDINGDELETE status. The current length of this Pending Delete Period is five calendar days.
PENDINGRESTORE
A domain name is placed in PENDINGRESTORE status when a registrar requests restoration of a domain that is in REDEMPTIONPERIOD status. A name that is in PENDINGRESTORE status will be included in the zone file. Registrar requests to modify or otherwise update a domain in REDEMPTIONPERIOD status will be rejected. A domain name is returned to REDEMPTIONPERIOD status a specified number of calendar days after it is placed in PENDINGRESTORE unless the registrar submits a complete Registrar Restore Report to the Registry Operator. The current length of this Pending Restore Period is seven calendar days.
References
ICANN General Counsel's Briefing
RFC 2832
Domain Status Reporter: Lookup registry status of global top level domains (freeware for Windows
Below are the various domain status codes and a brief description of each (from RFC2832).
ACTIVE
This is the default status of a domain at registration time. The registry sets the domain to this status. The domain is modifiable by the registrar. The domain can be renewed. The domain SHALL be included in the zone file when in this status if the domain has at least one associated name server.
REGISTRY-LOCK
The registry sets the domain to this status. The domain cannot be modified or deleted by the registrar. The registry MUST remove the REGISTRY-LOCK status for the registrar to modify the domain. The domain can be renewed. The domain SHALL be included in the zone file when in this status if the domain has at least one associated name server.
REGISTRY-HOLD
The registry sets the domain to this status. The domain cannot be modified or deleted by the registrar. The registry MUST remove the REGISTRY-HOLD status for the registrar to modify the domain. The domain can be renewed. The domain SHALL NOT be included in the zone file when in this status.
REGISTRAR-HOLD
The registrar of the domain sets the domain to this status. The domain can not be modified or deleted when in this status. The registrar MUST remove REGISTRAR-HOLD status to modify the domain. The domain can be renewed. The domain SHALL NOT be included in the zone file when in this status.
REGISTRAR-LOCK
The registrar of the domain sets the domain to this status. The domain cannot be modified or deleted when in this status. The registrar MUST remove REGISTRAR-LOCK status to modify the domain. The domain can be renewed. The domain SHALL be included in the zone file when in this status.
REGISTRY-DELETE-NOTIFY
A domain is set on this status if it has expired and has child name servers that are hosting other domains. Only the registry may set this status. The domain SHALL be included in the zone file when in this status if the domain has at least one associated name server.
The domain deletion progresses through the following statuses:
REDEMPTIONPERIOD
A domain name is placed in REDEMPTIONPERIOD status when a registrar requests the deletion of a name that is not within the Add Grace Period. A name that is in REDEMPTIONPERIOD status will not be included in the zone file. A registrar can not modify or purge a name in REDEMPTIONPERIOD status. The only action a registrar can take on a name in REDEMPTIONPERIOD is to request that it be restored. Any other registrar requests to modify or otherwise update the domain will be rejected. Unless restored, the domain will be held in REDEMPTIONPERIOD status for a specified number of calendar days. The current length of this Redemption Period is thirty calendar days.
PENDINGDELETE
A domain name is placed in PENDINGDELETE status if it has not been restored during the Redemption Period. A name that is in PENDINGDELETE status will not be included in the zone file. All registrar requests to modify or otherwise update a domain in PENDINGDELETE status will be rejected. A domain name is purged from the registry database a specified number of calendar days after it is placed in PENDINGDELETE status. The current length of this Pending Delete Period is five calendar days.
PENDINGRESTORE
A domain name is placed in PENDINGRESTORE status when a registrar requests restoration of a domain that is in REDEMPTIONPERIOD status. A name that is in PENDINGRESTORE status will be included in the zone file. Registrar requests to modify or otherwise update a domain in REDEMPTIONPERIOD status will be rejected. A domain name is returned to REDEMPTIONPERIOD status a specified number of calendar days after it is placed in PENDINGRESTORE unless the registrar submits a complete Registrar Restore Report to the Registry Operator. The current length of this Pending Restore Period is seven calendar days.
References
ICANN General Counsel's Briefing
RFC 2832
Domain Status Reporter: Lookup registry status of global top level domains (freeware for Windows
How to Compile 2.6 kernel for RedHat 8/9
STEP 1:
Download the latest version of the kernel and any patches. This documentation is done with linux-2.6.3, but look for later versions :
http://www.kernel.org/pub/linux/kernel/v2.6/
Download the latest version of the kernel and any patches. This documentation is done with linux-2.6.3, but look for later versions :
Also take a look at http://www.codemonkey.org.uk/post-halloween-2.5.txt
This has some useful hints on some of the changes needed.
STEP 2:
Download the latest version of module-init-tools "module-init-tools-3.0.tar.gz" and "modutils-2.4.21-23.src.rpm"
http://www.kernel.org/pub/linux/kernel/people/rusty/modules/module-init-tools-3.0.tar.gz http://www.kernel.org/pub/linux/kernel/people/rusty/modules/modutils-2.4.21-23.src.rpm
STEP 3:
Install module-init-tools. This will replace depmod [/sbin/depmod] and other tools.
tar -zxvf module-init-tools-3.0.tar.gz cd module-init-tools-3.0 ./configure --prefix=/sbin make make install ./generate-modprobe.conf /etc/modprobe.conf
STEP 4:
Install modutils-2.4.21-23.src.rpm. You may get warnings about user rusty and group rusty not existing. Also, yes, you'll have to force the install. If you don't do these steps for both Redhat 9 and Redhat 8, you'll have problems with the make modules_install.
rpm -i modutils-2.4.21-23.src.rpm rpmbuild -bb /usr/src/redhat/SPECS/modutils.spec rpm -Fi /usr/src/redhat/RPMS/i386/modutils-2.4.21-23.i386.rpm
STEP 5:
Install and configure the kernel. Do NOT use the /usr/src/linux area! Reference the README. I put my files in /home/src/kernel/
gunzip linux-2.6.3.tar.gz tar -xvf linux-2.6.3.tar cd linux-2.6.3
If you have patches install these now:
bzip2 -dc ../patch-2.6.xx.bz2 patch -p1
STEP 6:
Copy the appropriate /usr/src/linux-2.4/configs [kernel-2.4.20-i686.config, kernel-2.4.20-i686-smp.config] to .config in whatever directory you are installing. In my case it's /home/src/kernel/linux-2.6.3
cp /usr/src/linux-2.4/configs/kernel-2.4.20-i686.config \ /home/src/kernel/linux-2.6.3/.config
If you don't have the source configs, you can download them from here:
https://sourceforge.net/project/showfiles.php?group_id=79320&package_id=109944
I've also included a file config2.6-chirico which was a 2.6 version for some of my systems. This isn't a bad reference if you run into trouble.
STEP 7:
Assuming you copied the appropriate kernel-2.4 config to .config, run the following which will run through necessary questions for the 2.6 kernel. Or, you might want to use the config2.6-chirico...this has already been run through make oldconfig on my system, and I've answered the necessary questions for a general system.
make oldconfig
STEP 8:
This is very important. Make sure you're .config has the following in it CONFIG_EXT3_FS=y You'll run into the following error if you leave this =m instead of =y:
pivotroot: pivot_root(/sysroot,/sysroot/initrd) failed
This is because Redhat 9.0 and 8.0 use the ext3 filesystem for /boot ...
STEP 9:
Edit the Makefile and add changes to the Extraversion as desired. Patches will update these values as well.
VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 3 EXTRAVERSION = -skim-ch6
STEP 10:
make bzImage
STEP 11:
make modules
STEP 12:
make modules_install
STEP 13:
make install
If you come across errors here, what version of "depmod" is being picked up in your path?
Also, if you get a module not found, say the following: No module aic7xxx found for kernel 2.6.x Then, in /lib/modules/2.6.x/kernel/drivers/scsi/aic7xxx/ cp aic7xxx.ko aic7xxx.o
insmod should look for aic7xxx.ko ;but , it looks for aic7xxx.o
If you still have trouble, make the following change in the .config CONFIG_BLK_DEV_SD=y and go back to STEP 10.
You also may want to ref kernel-2.6.3-i686-smp-chirico-aic7xxx.config inhttp://prdownloads.sourceforge.net/souptonuts/configs-0.3.tar.gz?download
STEP 14:
mkdir /sys
STEP 15:
/etc/rc.sysinit needs to be modified. Look for the following line:
action $"Mounting proc filesystem: " mount -n -t proc /proc /proc
and after this line enter the following:
action $"Mounting sysfs filesystem: " mount -t sysfs none /sys
Here's my /etc/rc.sysinit for reference:
http://prdownloads.sourceforge.net/souptonuts/rc.sysinit.txt?download
Be very careful at this step. Backup the /etc/rc.sysinit file.
Thomer [http://thomer.com/linux/migrate-to-2.6.html ] also added changes to /etc/fstab. I only had to do STEP 16 below.
STEP 16:
Add the following to /etc/fstab for usb support.
/proc/bus/usb /proc/bus/usb usbdevfs defaults 0 0
STEP 17 (CHECKING EVERYTHING):
Check the following:
a. The new image file should be installed on boot and there should be sym link to it. My latest kernel is 2.6.3-skim-ch6, and I got the "-skim-ch6" from the values I put in the Makefile, so I see the following:
/boot vmlinuz -> vmlinuz-2.6.3-skim-ch6 System.map -> System.map-2.6.3-skim-ch6
/boot/grub/grub.conf Should have been automatically updated from make.
In /boot/grub/grub.conf change "default=0" to boot with the new kernel. Here's an example of my grub.conf:
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to # root (hd0,2) # kernel /vmlinuz-version ro root=/dev/hda6 # initrd /initrd-version.img #boot=/dev/hda default=0 timeout=10 splashimage=(hd0,2)/grub/splash.xpm.gz title Red Hat Linux (2.6.3-skim-ch6) root (hd0,2) kernel /vmlinuz-2.6.3-skim-ch6 ro root=LABEL=/ initrd /initrd-2.6.3-skim-ch6.img
b. The directory /sys exists
c. You added the mount command for sys in /etc/rc.sysinit
d. CONFIG_EXT3_FS=y was used in the .config
e. Run /sbin/lsmod or cat /proc/modules to make sure a 2.4 kernel module wasn't forgotten. Also look at "$cat /proc/iomem"
STEP 18 (DEVELOP YOUR OWN 2.6 MODULES):
You're done with the 2.6 build. So learn how to develop 2.6 kernel modules. First, checkout the following article
http://lwn.net/Articles/driver-porting/
Then, take a look at the following sample code, which shows how to create /proc entries for communicating with the kernel and writing out to any available tty device.
http://prdownloads.sourceforge.net/souptonuts/procreadwrite.0.0.1a.tar.gz?download
REFERENCES:
http://www.codemonkey.org.uk/post-halloween-2.5.txthttp://kerneltrap.org/node/view/799http://thomer.com/linux/migrate-to-2.6.html http://www.kernel.org/
http://bugzilla.kernel.org/http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&group=linux.kernelhttp://linuxdevices.com/articles/AT3855888078.html
http://prdownloads.sourceforge.net/souptonuts/README_26.txt?downloadhttp://prdownloads.sourceforge.net/souptonuts/rc.sysinit.txt?downloadhttp://prdownloads.sourceforge.net/souptonuts/configs-0.3.tar.gz?downloadhttps://sourceforge.net/forum/forum.php?forum_id=353715
http://www.redhat.com/software/rhel/kernel26/http://www.tldp.org/HOWTO/KernelAnalysis-HOWTO.htmlhttp://www-124.ibm.com/linux/projects/?topic_id=2
KERNEL DRIVER DEVELOPMENT IN 2.6:
Excellent (series of articles): http://lwn.net/Articles/driver-porting/
Here's my sample program: http://prdownloads.sourceforge.net/cpearls/procreadwrite.0.0.1a.tar.gz?download
Good but dated for 2.4 kernel: http://www.oreilly.com/catalog/linuxdrive2/
http://linuxdevices.com/articles/AT4389927951.html http://linuxdevices.com/articles/AT5793467888.html
Wednesday, November 24, 2004
Top 10 Linux/UNIX threats
The SANS Institute in cooperation with the FBI's National Infrastructure Protection Center just published its listing of the most common IT security exploits for Linux/Unix systems. Leading the pack: BIND (Berkeley Internet Name Domain) exploits, which succeed because administrators fail to upgrade BIND to more secure versions or are running the BIND daemon ("named"). Here are the most recent 10 Windows exploits...
Sunday, November 21, 2004
Linux Phishing Attack Circulates on Net
A fake security bulletin purporting to be from Red Hat resurfaced, warning Linux users of a "critical-critical" security hole.
A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users.According to the fake security bulletin, the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.
A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users.According to the fake security bulletin, the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.
Subscribe to:
Posts (Atom)