Securing PreLogin Internal Commands
Paul Green and I were discussing a new command he’s working on called check_module_security. The subject of unnecessary commands available at the login prompt came up. Jon Schmidt of Transaction Design...
View ArticleVOS Release Information, Now On The Web
You may now find Operating System Release Information for VOS and OpenVOS Systems on the Stratus web site (www.stratus.com). Look for it in the left navigation bar on many of the pages. One such...
View ArticleApache Web Server with PHP and MySQL for OpenVOS
I thought you might be interested to know that Stratus has updated our VOS Apache release to a newer code base. While we had the port open we added support for PHP. That new product is called Apache...
View ArticleWhy Do I See Log Messages Lost in My syserr_log?
When system log messages (all of them: hardware, security, syserr, etc) are generated in OpenVOS, they are sent to the syserr partition, and an event is notified. A process named TheOverseer is waiting...
View ArticleTest Monday (or: Are Your Network Connections Really Fault Tolerant?)
Starting in release 13.2 VOS has offered the ability to configure a fault tolerant IP interface by configuring active/standby Ethernet adapters. The active adapter is given one Ethernet MAC address and...
View ArticleSSH Tunneling
An SSH tunnel can be used to secure communication between a client and server that cannot otherwise be secured; for example, when all or part of the application source is not available or it is deemed...
View ArticleA Host-based Firewall for VOS
When people think of IPsec they think of data encryption but it can also be used to drop packets or allow them without any encryption. It can do this based on the source and destination IP address and...
View ArticleWhither TCP Statistitics
Something that people moving from TCP_OS to STCP notice right off the bat is that the set of TCP statistics displayed by the TCP_OS netstat command is quite a bit richer than that displayed by STCP....
View ArticleWhen Sockets Go Bad
Sometimes netstat will show a socket that appears to be stuck. The remote application has been terminated, sometimes even the OpenVOS application has been terminated but netstat is still showing the...
View ArticleHow to Reserve a Port Number for Your Application
Every now and then someone asks the following question “We added our application port to the services file and now some other application is using it – why”. The answer is because the services file...
View Article“SSH 2″ Versus “OpenSSL and OpenSSH Release 2”
In speaking with people about SSH I have discovered that there is significant confusion between the release and protocol versions. Stratus has released two versions of OpenSSL/SSH. Release 1 runs on...
View ArticleTelnet: Can’t Live With It, Can’t Live Without It
More and more security and network administrators are prohibiting the use of telnet. Unfortunately, the Stratus RSN requires that the Stratus module run a telnet server. That, however, does not mean...
View ArticleAre These Processes Really Needed?
I was recently asked if it was OK to not run the snmpd process. The answer is yes. If you are not using an SNMP manager to monitor the availability of the system there is no reason to run the snmpd...
View ArticleGetting the Most out of packet_monitor
Someone sent me the following trace and asked if it represented retransmissions because the “packet numbers” were duplicated T 0536 TCP host.subdomain.domain.com host2.sub2.dom2.com 49957 4000 A T 0536...
View ArticleNetwork Related Performace Problems? Check for Low Level Ethernet Problems...
FTP transfer times painfully high, interactive login response time way too long, getting 1 mbps out of your 100 mbps network. While I always prefer to blame the network I have to admit that sometimes...
View ArticleDo You Know Your Network Neighbors?
As the system administrator for a VOS system you typically could care less about what other hosts are on the local subnet. You care about the gateways that are configured and of course any local hosts...
View ArticleThings To Consider on a Multihomed OpenVOS Module
A multihomed system is a system with multiple IP interfaces. These interfaces can be on the same or on different subnets. Today I want to consider protocols like FTP and NDMP. In both protocols the...
View ArticleAn Easy Way To Improve TCP Throughput Across Subnets
First a little background, TCP has a concept called maximum segment size (MSS). This is the largest segment (of data) that the TCP stack will accept. It is advertized to the remote peer in the SYN...
View ArticleCan You Improve Fault Tolerance with Multiple IP Interfaces on the Same Subnet?
Having two interfaces in a module on the same subnet does not give you two interfaces into and out of the module. While you do get two interfaces into the module, STCP will use just one interface when...
View ArticleIs Your Pre-production Network Testing Effective?
I would like to expand on Paul’s recent blog “Is your pre-production testing effective?”. Paul covered CPU utilization and code paths but there is another very important aspect of many applications –...
View Article