help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: error during copying files

From: Daniel Fong
Subject: RE: error during copying files
Date: Fri, 22 Jun 2001 09:08:39 -0700 
Thanks, but I don't believe that is the problem. If I just make minor
changes to the file
name or move some other file out it seems to work just fine, which seems to
tell me it isn't
timing out or hitting some kind limit value.

I am running perl-cfd on the server. When I run that in debug mode I get a
concatenated line
of all the files that should be copied in one long line. Which seems to be
wrong since when it
is working fine there is just one file copied at a time, but I have no idea
what is causing the
concatenation...

-Dan

-----Original Message-----
From: Avi Green [mailto:avi-cfengine@sputnik7.com]
Sent: Thursday, June 21, 2001 5:11 PM
To: Help-cfengine list
Subject: Re: error during copying files


Daniel,

"Multiple connections denied/spam shield" is a well-known warning
indicating that the activitiy of cfengine's spam control feature. 
According to the cfengine tutorial
(http://www.iu.hio.no/cfengine/docs/cfengine-Tutorial.html#Spamming%20and%20
security),
cfengine clients are normally allowed to connect to the server only one
session at a time, "i.e. they must terminate and reconnect in order to
establish a new session. This is to prevent a possible attacker from
opening multiple sockets and never closing them, resulting in a denial
of service attack."

Here are some things you might try:
1. Remove the associated locks on /etc/cfengine.
2. Check your "IfElapsed" and "ExpireAfter" settings.
3. Check your "AllowMultipleConnections" setting.*

* AllowMultipleConnectionsFrom 
This variable should contain a list of IP wildcards to hosts which are
allowed simultaneous sessions on the server. Hosts which are not in this
list are allowed to connect only once, i.e. they must terminate and
reconnect in order to establish a new session. This is to prevent a
possible attacker from opening multiple sockets and never closing them,
resulting in a denial of service attack. Hosts IP's can be placed here
if they could have overlapping copy sessions (e.g. long backup transfers
which can run over time). This prevents the error message "Multiple
connections denied/spam shield". 
This replaces the AllowMultipleConnections boolean variable which
existed in version 1.5.4 (only). 

--Avi

 ======================================================
 = Avi Green :-) avi at sputnik7.com (-: 212 217-1147 =
 ========  Unix SysAdmin & System Specialist  =========

 http://www.sputnik7.com - chronic online entertainment
  http://www.epitonic.com - Hi Quality Free MP3 Music
     http://www.res.com - The Future of Filmmaking
 http://www.we-deliver.tv - Log on, order in, smoke out
         the best grasses for the online masses

_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine
reply via email to
[Prev in Thread] Current Thread [Next in Thread]