From: Tommi R. <wi...@ak...> - 2004-02-21 11:38:24
|
On Fri, 20 Feb 2004, Joshua Delahunty wrote: > Tommi, please let me know how and when we can proceed with this (one is > up now, the other will take some weeks for me to get configured). Great! First i must warn that i am almost sure, that the weak spot was gccg-server itself. I am investigating it further. Soon after the intrusion date i made a fix, which prevented the crash i suspect was used to launch local shell. I don't have my CVS up yet, i can't examine the code before and after the fix. I'd like to do that before proceeding the temporary server project. I must say that i was very naive, since my security policy was approximately "local holes aren't urgent, since people with account are nice and all services are updated 4 times a day. Gccg is open, but nobody wants to attack it, since it is GOOD THING." The code review is actually much faster than i thought. Every page of the code is imprinted to my brains and i can scan pages rather quickly. I have already checked few files and they were ok. Unfortunately, i decided to make full reengineering to my whole computing set up (moving disks around, new backup systems, rethinking firewalls, moving to modern kernel features, etc.) and that requires lot of time. I wanted to do it long time ago, but i was unable to do it due to gccg (requires lot of downtime). Complete reinstall wasn't bad either, since the system was installed as Debian ~1.0 and living in 3rd hardware generation (copying always from old disks to new). The OS has been upgraded to the next major version 3 times IIRC. The system had tons of obsolete files and useless crap made during my Linux-newbie era. Never had enough time to clean it up manually. Now i am bringing services back one by one bringing only "good stuff" back from the old configurations. The server transfer is easy. Just launch server system. There is half-made configuration metw_system.conf which works, but lot of features could be added. After checking that simple config, the system is up by ./ServerLaunch metw_system.conf One important feature missing is the configuration of the meta server for tables. ServerLaunch needs to suppport feature server=something.else.com to be generally usable. Localhost does not work, since tables must connect to the public ip even if running on the same machine. Even better meta server fix would be automatic address translation for tables connecting from localhost, but i haven't done that yet. Now tables from localhost are offered as 127.0.0.1 to clients and that is not very good thing :) After test launch, the server creates directory structures needed. Then just shut down the system and replace the content of save/Metw/ directory with the copy from my server. Then relaunch and everything is as it was before including savegames. Well, i must build the system first and check that data is ok. I saved everything when my 2nd processor started heatening, but the system didn't shutdown properly. BIOS took the system off power during shutdown, since the processor heatened over the limit. The server data looks ok, though. If you need to transfer savegames, just move files save/Metw/savegame.* to the another game server. The meta server took around 80M RAM at max. Perhaps less, i don't remember if the metw server was running my new code which is a bit more economical than the old one. I used to test new code in mtg, since it isn't as frustrating to lose a quick mtg duel due to a server bug as it would be to lose 2-3 hour metw game in the last rounds. (Now talking first real world tests, naturally i test everything at Lotr currently before use.) Each game server eats 5-10M, i don't remeber for sure. |