RE: [CentOS-es] Configurar ip estática en Centos5
Estimado Edita el archivo /etc/sysconfig/network-script/icfg-la interfaz en cuestion y cambias BOOTPROTO=dhcp por BOOTPROTO=static. Saludos cordiales, HAMR -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Diego Antonio Lucena Pumar Enviado el: martes, 29 de enero de 2008 12:47 Para: centos-es@centos.org Asunto: [CentOS-es] Configurar ip estática en Centos5 Hola lista: Perdonen que le moleste para una asunto tan elemental pero lo cierto es que no alcanzo a encontrar respuesta en un breve periodo de tiempo, por eso recurro a vosotros. ¿Como cambiar de dhcp a ip estática en Centos5? He ojeado un poco unos scripts de configuración de red pero no me he atrevido a tocar en ellos. Un saludo, Diego Antonio Lucena Pumar Nota. No me sirve ifconfig porque al reiniciar se pierden los valores. La información contenida en esta transmisión es confidencial y no puede ser usada o difundida por personas distintas a su(s) destinatario(s). El uso no autorizado de la información contenida en este correo puede ser sancionado criminalmente de conformidad con la Ley Chilena. Si ha recibido un correo por error, por favor destrúyalo y notifique al remitente. El Departamento de Informática del Ministerio de Educación le recomienda, para el buen desempeño de su correo, lo siguiente: - Revise su correo diariamente - Pida confirmación de los correos que envía - Oriéntese de las buenas practicas en el uso del correo ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
RE: [CentOS-es] Configurar ip estática en Centos5
Hola Diego, Lo mas facil es usar la consola de administracion Como root ejecuta: 1.- setup 2.- vas a network configuration y ahí editas los datos de interfaces Otra Opcion es: Como root edita: 1.- /etc/sysconfig/network-scripts/ifcfg-eth0 (o puede ser eth1, eth2, etc) 2.- Verifica que tengas algo asi: DEVICE=eth0 (la interface) HWADDR=12:34:56:f0:ed:00 (esta es la mac de tu tarjeta. Puedes eliminar esta linea) ONBOOT=yes (para arrancar la tarjeta en cada reinicio) DHCP_HOSTNAME=hermes2.corporacion.cl (esta linea tambien la puedes eliminar, pues el hostname esta escrito en otro archivo) IPADDR=192.168.0.22 (de aquí para abajo, son las importantes) NETMASK=255.255.248.0 GATEWAY=192.168.1.1 TYPE=Ethernet Saludos Alex -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Diego Antonio Lucena Pumar Enviado el: Martes, 29 de Enero de 2008 12:47 Para: centos-es@centos.org Asunto: [CentOS-es] Configurar ip estática en Centos5 Hola lista: Perdonen que le moleste para una asunto tan elemental pero lo cierto es que no alcanzo a encontrar respuesta en un breve periodo de tiempo, por eso recurro a vosotros. ¿Como cambiar de dhcp a ip estática en Centos5? He ojeado un poco unos scripts de configuración de red pero no me he atrevido a tocar en ellos. Un saludo, Diego Antonio Lucena Pumar Nota. No me sirve ifconfig porque al reiniciar se pierden los valores. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] postfix con dominios virtuales+mailman
Hola, os muestro mis avances, ya he logrado crear listas en mailman y hacer que estas puedan recibir y enviar mails a los usuarios, pero para esto he tenido que habilitar un subdominio para las listas, ej: [EMAIL PROTECTED], de esta forma todo trabaja ok, pero yo deseaba que las listas de mailman tengan el mismo dominio, cabe decir [EMAIL PROTECTED] Alguna sugerencia para resolver esto? Fernanda ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas para instalar el plugin de java en CentOS 5.1 x86_64
En esta pagina esta correctamente como instalarlo http://www.alcancelibre.org/staticpages/index.php/como-java-linux - Mensaje original De: Sergio Belkin [EMAIL PROTECTED] Para: centos-es@centos.org Enviado: martes, 29 de enero, 2008 21:23:07 Asunto: [CentOS-es] Problemas para instalar el plugin de java en CentOS 5.1 x86_64 Hola, Tengo problemas para instalar el plugin de java, he seguido al pié de la letra, las instrucciones en: http://www.howtoforge.com/installation-guide-centos5.1-desktop-p7 pero sin éxito, si hago about:plugins en Firefox, me dice que no tengo ningún plugin instalado :( Alguien ha podido hacerlo, y si es así, cómo? Gracias de antemano -- Sergio Belkin http://www.sergiobelkin.com -Sigue archivo adjunto en el mensaje- ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ¡Capacidad ilimitada de almacenamiento en tu correo! No te preocupes más por el espacio de tu cuenta con Correo Yahoo!: http://correo.espanol.yahoo.com/___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] postfix con dominios virtuales+mailman
--- Fernanda Boronat [EMAIL PROTECTED] wrote: Hola, os muestro mis avances, ya he logrado crear listas en mailman y hacer que estas puedan recibir y enviar mails a los usuarios, pero para esto he tenido que habilitar un subdominio para las listas, ej: [EMAIL PROTECTED], de esta forma todo trabaja ok, pero yo deseaba que las listas de mailman tengan el mismo dominio, cabe decir [EMAIL PROTECTED] Alguna sugerencia para resolver esto? definitivamente tienes un problema con las alias virtuales para que te funcionara con el dominio listas.xxx.yyy tuviste que agregar a este dominio en la lista de dominios virtuales, no? o lo agregaste a la lista de local destinations ? es decir, el nuevo dominio es virtual o es local para el postfix? cu roger __ RedHat Certified ( RHCE ) Cisco Certified ( CCNA CCDA ) Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Unknown rootkit causes compromised servers
Jim Perrin wrote: Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) why isn't this the default? 2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su) same question here. 4. Make sure root is the only one with a uid of 0. ( awk -F: '($3 == 0) {print}' /etc/passwd ) 5. Use pam to require strong passwords. (install/use pam_passwdqc which is part of the base distro, modify /etc/pam.d/system-auth ) 6. Use denyhosts or pam.tally2 to restrict login attempts. 7. use ssh keys. [snip] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rebuilding PHP: how do I manage updates?
Niki Kovacs a écrit : Hi, Our public library management software (PMB) runs on Apache/PHP/MySQL. It requires some additional PHP modules to run correctly, namely: 1) php-gd 2) php-yaz 3) php-xslt Post Scriptum: I just wonder if the required php-xslt module is not identical with the CentOS 5 php-xml module. Here's what 'yum info php-xml' returns: Summary: A module for PHP applications which use XML Description: The php-xml package contains dynamic shared objects which add support to PHP for manipulating XML documents using the DOM tree, and performing XSL transformations on XML documents. Can anyone confirm/infirm this? Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rebuilding PHP: how do I manage updates?
Hi, Our public library management software (PMB) runs on Apache/PHP/MySQL. It requires some additional PHP modules to run correctly, namely: 1) php-gd 2) php-yaz 3) php-xslt I've googled and fiddled around quite a bit, and come to the following conclusions: 1) php-gd can be installed from extra repos (rpmforge IIRC), so this one's no problem. 2) To install php-yaz, I have to install the yaz library first. To do this, I download the FC6 SRPM for yaz from www.indexdata.dk, it builds without any problem, and I install the resulting libyaz3 and libyaz3-devel. Then, I can install the according PHP module with a simple 'pecl install yaz'. 3) Apparently, there's no php-xslt module around. AFAIK, the only way to have it is to build it into PHP. So I went and downloaded the PHP SRPM from one of the CentOS mirrors. I edited php.spec and added the following configure option in php.spec: --with-xslt-sablot After installing a myriad of build dependencies, I launched 'rpmbuild -bb --clean php.spec', and after a while, I got my /usr/src/redhat/RPMS/i386 directory chock-full with resulting PHP packages. I uninstalled everything I already had PHP-wise, like this: yum remove `rpm qa | grep php` Then I simply installed my resulting RPMS like this: rpm -ivh php-*.rpm I checked the PHP information page (with phpinfo()), and every module needed by my application was there. Now I wonder: how will I manage security and/or bugfix updates for PHP and its modules in the future? When simply issuing 'yum update', any update to php will squash my rebuilt version, and PMB will become dysfunctional. My first idea would be: see if there are available updates, and in that case, download the according SRPM, rebuild and reinstall the whole thing. But that sounds a bit tedious. Or simply put a line in /etc/yum.conf: exclude=php php-* ??? Any suggestions? Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
On Jan 29, 2008 5:52 AM, mouss [EMAIL PROTECTED] wrote: Jim Perrin wrote: Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) why isn't this the default? Taking an educated guess on this one, I'd say to allow configuration after a remote install. 2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su) same question here. For this one I'd guess that it's because by default folks don't get added to wheel. So if an admin forgets to add his own user account, he can no longer gain root with 'su'. He has to walk his happy ass to the console to log in. Everything about the *nix culture points to not walking anywhere except possibly to a pub :-P -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
Scott Ehrlich wrote: I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. Thanks for insights. Scott What you could do is to dump from the remote machine to the main backup machine. For this to work I work with ssh keys (no password needed). The example assumes the backup is started from the remote host. But in principle it can also be initiated from the backup server using ssh. SRC_SERVER=this_hostname BAK_SERVER=backup_server DATE=$(date +%Y%m%d) dumplevel=0 export RSH=ssh ssh $BAK_SERVER mkdir -p /backup/${SRC_SERVER}/${DATE}_${dumplevel} # file needs to exist backup_file=/backup/somefile ssh $BAK_SERVER touch ${backup_file} dump -${dumplevel} -u -z -f $BAK_SERVER:${backup_file} /dev/VolGroup00/VolGroup00 Theo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Resizing a fat filesystem on a USB partition
Hi All, I feel this is the most simple question but I am currently going around and round in circles and searches keep bringing me up Windows tools!! :-( I have a 512MB USB drive that has a 12MB FAT16 partition on it. How can I resize this 12MB partition to grow and fill the whole 512MB drive? Just in case I am being stupid, here is what I am doing... :-) I would like a quick USB drive that a machine can boot from but will then load and run some custom tools we have. I have done a... dd if=/mirrors/centos/5/os/i386/images/diskboot.img of=/dev/sda ... which gives the 12MB partition but now I want to grow it so I can then add my own apps. Thank you very much in advance Regards, Dan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unknown rootkit causes compromised servers
on 1/29/2008 3:50 AM Jim Perrin spake the following: On Jan 29, 2008 5:52 AM, mouss [EMAIL PROTECTED] wrote: Jim Perrin wrote: Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) why isn't this the default? Taking an educated guess on this one, I'd say to allow configuration after a remote install. 2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su) same question here. For this one I'd guess that it's because by default folks don't get added to wheel. So if an admin forgets to add his own user account, he can no longer gain root with 'su'. He has to walk his happy ass to the console to log in. Everything about the *nix culture points to not walking anywhere except possibly to a pub :-P You mean I have to walk to the pub, too? ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
Chris Mauritz wrote: Milton Calnek wrote: If you don't like the defaults, get anaconda to change them for you. Or write a script that you run shortly after install to make the changes for you. That would be pretty amazing if at the end (or at the beginning) of the install there was some checkbox that said something to the effect of: Would you like to maintain compatibility with upstream security defaults or would you like to follow our more sensible recommendations instead? And if the user chooses the latter, a much more secure default configuration could be applied. That might go a long way towards helping non-wizard folks to enjoy some measure of additional protection by default. Just a thought. Or, package the more sensible configuration (according to your expert judgement...) in centosplus for easy addition later. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache: User and Group
On Jan 29, 2008 11:25 AM, Niki Kovacs [EMAIL PROTECTED] wrote: As far as I understand, I have to chown all my web content accordingly, so that everything below /var/www/html belongs to apache:apache. Right? You can, but but I would only recommend doing that where the webserver itself will be responsible for changing files. If apache owns everything in that directory, then it can modify them. This can potentially be undesirable. Depending on what you're doing, you'll have to mix and match permissions as needed. Mostly apache just needs to be able to read stuff, so having root own it with 644 is fine. If you're using a CMS which allows folks to edit things via the webserver, then those will have to be owned by apache, or apache will otherwise need rights to modify them. Have I made that muddled and complex enough? -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.0/5.1 nfs kickstart
Les Mikesell wrote: Doesn't this take a considerable amount of setup work on the server side per-distro/per-version? For NFS you only have to download images into directories under an nfs export. It takes a bit of work, mount the iso image, copy contents to a directory, repeat for the rest. I like the contents of the images exposed, so if I need to find stuff later it's pretty easy. Initial setup time is about 15 minutes. The work needed pales in consideration to the work needed to customize a new distro or version, and test it, which today is a solid week or two. For a new major version(e.g. I recently deployed CentOS 5 vs CentOS 4), I had to compile custom RPMS for about 80 packages, two thirds of which(mostly support files for Ruby on Rails), don't come in SRPMS. Then there are about 6 different kickstart configs for each distro/version depending on the features(which console, software raid(if any), virtualized(or not). And prior to CentOS 4.5 for example, there was a significant amount more work as we had to hack the kickstart image itself, build custom driver modules and insert them into the installation images. Fortunately since 4.5, all of the drivers we need have been included in the stock kernel/install images. So yeah, takes some time, but for me it's peanuts in comparison to what else has to be done to make the distribution perfect. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rpm spec file
Hello any one has spec file for cgicc and pyperl. or any good and quick document that shows how to create spec file. I don't want to compile it on our servers. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Apache: User and Group
Hi, I'm currently setting up a simple web server. So far, everything (PHP, MySQL) works very well, but I admit I never gave security that much thought. Time to change that habit. First things first. The RHEL Deployment Guide lists Apache's configuration directives alphabetically. Instead of going through them from A to Z, I'll try to start with what seems more important, and then advance step by step. User apache Group apache As far as I understand, I have to chown all my web content accordingly, so that everything below /var/www/html belongs to apache:apache. Right? cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
Michael A. Peters wrote: I have never understood this. If I have a good, strong password that nobody knows, how is changing it to another one an improvement over what I already have? I agree with you. For user accounts, changing one strong password for another gains you nothing, and may cause people to start writing things down, or choosing trivial passwords which still meet the password strength criteria, or whatever, actually weakening security. However, if you have admins who come into or leave employment, changing privileged account passwords (read: root or equiv) is a necessary activity. Cheers, Dave Thompson UW-Madison ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
Scott Ehrlich wrote: On Tue, 29 Jan 2008, Tom Brown wrote: I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. use amanda, www.amanda.org it rocks My fundamental question is why dump claims it cannot access what I want it to back up. What's to say other solutions - Amanda, etc, will work any better? I want to know how to resolve the source problem before looking into other products. How will BackupPC or Amanda do any better? I've never had dump try to access anything other than the physical or logical partition. So if you ran dump 0avf /dev/null / on your machine(s), it tries to backup remote mounted filesystems? Something's not right . . . . -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
My fundamental question is why dump claims it cannot access what I want it to back up. What's to say other solutions - Amanda, etc, will work any better? I want to know how to resolve the source problem before looking into other products. How will BackupPC or Amanda do any better? well i have not come accross the error(s) you listed when using amanda to do the backup - You posted the quetion to ask for advice and the advice that i would give to solve your problem would be to use amanda to run the backup, which may or may not call dump, as for me this is a known good configuration. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
On Tuesday 29 January 2008 12:43:48 Tom Brown wrote: I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. use amanda, www.amanda.org it rocks Or have a look at BackupPC http://backuppc.sourceforge.net/ Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
Alfredo Perez wrote: I will add to that list, change ssh port 22 to somthing else Why? Most of the script kiddies now check all the higher ports for ssh too. Moving ssh's port around solves nothing. Cheers, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
On Mon, Jan 28, 2008 at 10:36:03PM -0500, Jim Perrin wrote: Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) 2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su) 4. Make sure root is the only one with a uid of 0. ( awk -F: '($3 == 0) {print}' /etc/passwd ) 5. Use pam to require strong passwords. (install/use pam_passwdqc which is part of the base distro, modify /etc/pam.d/system-auth ) 6. Use denyhosts or pam.tally2 to restrict login attempts. 7. use ssh keys. And above all, because I know many admins slack on this, and I'm guilty of it as well if it's not forced... ROTATE your passwords periodically The recommended password requirements for root: at least 10 characters with a mix of upper/lower case, special characters, and numbers. Discussion, and alternate suggestions welcome. I will add to that list, change ssh port 22 to somthing else Regards Alfredo The Sauce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Dump on remote filesystems?
I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. Thanks for insights. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Command limiting with SSH keys and password auth ...
Hi all, I'm trying to do a setup (Centos 4.4), with ssh keys. Ideal is that remote you can enter a limited set of commands with no password or you can ssh in with password and get a normal bash prompt. At the moment I have from=:::x.x.x.x,command=/usr/local/bin/allowedcommands.sh ssh-rsa restofkey (allowed commands I do checks for which ones are allowed and will add anything dodgy to check for) in authorized_keys2. This all works with the keys I have, I can do an ssh server ls for example (ls being allowed), which works, otherwise it returns nothing if not allowed command is given. Main problem I have is if you enter no command (simply ssh server) it also kicks you out, I'd like it to ask for a password if no command is given, and then if correct pass you onto a normal shell. Is such a thing possible, or other avenues to get to the same point ? Thanks in advance, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pygtk2 bug fix update
Heiko Adams wrote: Am Samstag, den 26.01.2008, 20:22 +0100 schrieb Ralph Angenendt: Heiko Adams wrote: Hello, when will this upstream update be available? http://rhn.redhat.com/errata/RHBA-2008-0079.html That's Fastrack - true, we're missing that for 5 at the moment. Please file a bug about tracking the fastrack repository. Done http://bugs.centos.org/view.php?id=2632 This pygtk is broken, which is why it is yet to be released: https://bugzilla.redhat.com/show_bug.cgi?id=430347 Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.0/5.1 nfs kickstart
Les Mikesell wrote: But what's the point, when the installer knows how to deal with images directly and if you want a package later you'll probably let yum get a current version from the repositories anyway? Actually I almost never use yum. Thought about it on occasion, RPMS are installed via cfengine so I can ensure all of the versions are the same on all systems. Bulk upgrades I run yum update on a test system, collect the rpms, and push out a script via cfengine which does a bulk upgrade with rpm. We tried setting up our own repository for stuff but it seemed more difficult to manage than it was worth at the time. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum update change kernel auto rebuild drivers centos 5.1
Is there any formal mechanizism by which after a yum update , and kernel change that drivers can automatically be recompiled and a service restarted? Do I need to make my own? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
Johnny Hughes wrote: Jim Perrin wrote: The real reason is that RHEL does not ship that way, so CentOS does not either. The bottom line for this and all other questions like it is this: We clone the configuration of the upstream system on purpose so that CentOS performs as much as possible like the upstream product ... if/when they change the defaults, so will we. Thanks, Johnny Hughes If you don't like the defaults, get anaconda to change them for you. Or write a script that you run shortly after install to make the changes for you. -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
Scott Ehrlich wrote: I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. use amanda, www.amanda.org it rocks My fundamental question is why dump claims it cannot access what I want it to back up. What's to say other solutions - Amanda, etc, will work any better? I want to know how to resolve the source problem before looking into other products. How will BackupPC or Amanda do any better? Dump is file-system oriented and won't handle remote-mounted directories. You can use file-oriented tar on remote mounts - or smbtar on remote samba/windows shares without mounting them, or use ssh to run some command like tar or dump remotely and return the output. Amanda works by having a remote client do the work and return the backup data and can use tar or dump. Backuppc uses ssh with tar or rsync, or smbtar or rsync against a remote copy in daemon mode, thus not needing a dedicated remote agent. Amanda is more tape-oriented, but can also archive to disk. Backuppc is best at archiving to disk (with some clever tricks to reduce the space needed) but can also write to tape. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
On 29/01/2008 13:35, Scott Ehrlich wrote: On Tue, 29 Jan 2008, Tom Brown wrote: I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. use amanda, www.amanda.org it rocks My fundamental question is why dump claims it cannot access what I want it to back up. What's to say other solutions - Amanda, etc, will work any better? I want to know how to resolve the source problem before looking into other products. How will BackupPC or Amanda do any better? Thanks. Scott I've never used dump before but reading the manpage seems to indicate that it's a tool for backing up an ext2/3 filesystem, not a CIFS filesystem which is essentialy how a Samba mount is seen by the kernel on your office machine. If I am correct here then I doubt it would work over NFS either. I can put my vote in for amanda as a good alternative. cheers Luke ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
Jim Perrin wrote: On Jan 29, 2008 5:52 AM, mouss [EMAIL PROTECTED] wrote: Jim Perrin wrote: Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) why isn't this the default? Taking an educated guess on this one, I'd say to allow configuration after a remote install. 2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su) same question here. For this one I'd guess that it's because by default folks don't get added to wheel. So if an admin forgets to add his own user account, he can no longer gain root with 'su'. He has to walk his happy ass to the console to log in. Everything about the *nix culture points to not walking anywhere except possibly to a pub :-P Well ... not to say anything bad about beer, BUT The real reason is that RHEL does not ship that way, so CentOS does not either. The bottom line for this and all other questions like it is this: We clone the configuration of the upstream system on purpose so that CentOS performs as much as possible like the upstream product ... if/when they change the defaults, so will we. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
Chris Mauritz wrote: Alfredo Perez wrote: I will add to that list, change ssh port 22 to somthing else Why? Most of the script kiddies now check all the higher ports for ssh too. Moving ssh's port around solves nothing. Actually, I have to disagree. SOME of the script kiddies check higher ports for SSH *_BUT_* I only see 4% of the brute force attempts to login on ports other than 22. I would say that dropping brute force login attempts by 96% is quite a good reason to move the SSH port from 22 to something else. It is certainly not the only thing you need to do, but it is nonetheless a good thing to do. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dump on remote filesystems?
I have a couple C5 systems I want to back up. My plan is to, one way or another, back them up to a C5 machine in my office. I have samba installed on the systems to back up, the machines are mounted on the system in my office, and a tape library hanging of the system in my office. I was hoping to perform a simple /sbin/dump of the remote systems. I put together a script for another successful backup I have going on a system with local filesystems. But for remote filesystems, I get errors of File Cannot Be Accessed (//remote_system/subdir) which does exist as an smb mounted filesystem. I'd use NFS, but I would like a bit more control and some level of encryption for the user authentication and data being transferred. If a direct dump of remote smb filesystems isn't possible, I may opt to have each system perform their own local dumps, then run a script locally on the tape-connected machine to dump those local dumps, or copy the dumps locally then dump them to tape. If nothing else works, I can always install Windows XP and use Windows backup program, but I'd really like to try and get this going under Linux before going that route. use amanda, www.amanda.org it rocks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unknown rootkit causes compromised servers
on 1/29/2008 8:39 AM Chris Mauritz spake the following: Scott Silva wrote: You mean I have to walk to the pub, too? ;-D I'm sure somebody somewhere has written a 1 line perl script (and printed it on a T-shirt) that can magically make beer appear in your hands upon execution. :) I tried grep beer and the system went off looking for some. I had to send a break before it would quit looking! I guess I taught it right! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Dump answer thanks
Thanks to everyone who pointed out (and, had I read the man page, would have discovered) dump is for ext2/3, not cifs. And to those who gave insightful, brief summaries of how backuppc and amanda work. Much appreciated to all. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplex Printing
On Tue, 29 Jan 2008 at 7:57pm, Clint Dilks wrote The only successful Duplex Job I have been able to print was by using * enscript -DDuplex:true -P mfd_scmsoffice test.txt *Otherwise I have been trying *lp -d mfd_scmsoffice -o sides=two-sided-long-edge test.txt* As long as it's supported in the PPD, duplex printing isn't an issue at all. What does 'lpoptions -l | grep -i duplex' say for the relevant printers? -- Joshua Baker-LePain QB3 Shared Cluster Sysadmin UCSF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.0/5.1 nfs kickstart
not when using cobbler is doesn't http://cobbler.et.redhat.com/ Cobbler doesn't take any setup? not a 'considerable amount' nope - its quick, easy and very good at simplifying things so that additional builds are very easy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unknown rootkit causes compromised servers
on 1/29/2008 8:00 AM Chris Mauritz spake the following: Milton Calnek wrote: If you don't like the defaults, get anaconda to change them for you. Or write a script that you run shortly after install to make the changes for you. That would be pretty amazing if at the end (or at the beginning) of the install there was some checkbox that said something to the effect of: Would you like to maintain compatibility with upstream security defaults or would you like to follow our more sensible recommendations instead? And if the user chooses the latter, a much more secure default configuration could be applied. That might go a long way towards helping non-wizard folks to enjoy some measure of additional protection by default. Just a thought. But again, that breaks upstream compatibility. Besides, all of you know that there are people that click yes on every dialog box without reading them. I swear that if you added a dialog box that stated their firstborn would be sacrificed to the IT gods, and recorded the answers, you would get a large percentage of yes clicks. And most of those would be unintentional. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.0/5.1 nfs kickstart
nate wrote: But what's the point, when the installer knows how to deal with images directly and if you want a package later you'll probably let yum get a current version from the repositories anyway? Actually I almost never use yum. Thought about it on occasion, RPMS are installed via cfengine so I can ensure all of the versions are the same on all systems. I've never had any particular problem with this, but I usually start with disk image copies of an initial setup, followed by subsequent yum updates. I haven't had any surprises from the Centos repositories. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rebuilding PHP: how do I manage updates?
Johnny Hughes a écrit : If you had to add a switch to the configure file (you said --with-xslt-sablot) then it probably not the same. So, in short, the only way to update rebuilt packages (since they figure in yum.conf's exclude= line) is to track the presence of updates, then download the updated SRPM, rebuild it and then rpm -Uvh the result? Correct me if I'm wrong. Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache: User and Group
On Tue, Jan 29, 2008 at 11:25 AM, Niki Kovacs [EMAIL PROTECTED] wrote: Hi, I'm currently setting up a simple web server. So far, everything (PHP, MySQL) works very well, but I admit I never gave security that much thought. Time to change that habit. First things first. The RHEL Deployment Guide lists Apache's configuration directives alphabetically. Instead of going through them from A to Z, I'll try to start with what seems more important, and then advance step by step. User apache Group apache As far as I understand, I have to chown all my web content accordingly, so that everything below /var/www/html belongs to apache:apache. Right? cheers, Niki Apache needs to be able to read web files, but in most cases it should NOT own them. If it owns them, there is a potential for the apache server process to change them, which you don't want. If someone were to compromise the apache server, they would be able to embed whatever they want into the web page files. There are some cases when you might want apache to be able to write to files, but those are less frequent, so you should only change those specific files to apache ownership, or change the group permissions to allow writing from the group, and add apache to that group. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rebuilding PHP: how do I manage updates?
Niki Kovacs wrote: Hi, Our public library management software (PMB) runs on Apache/PHP/MySQL. It requires some additional PHP modules to run correctly, namely: 1) php-gd 2) php-yaz 3) php-xslt I've googled and fiddled around quite a bit, and come to the following conclusions: 1) php-gd can be installed from extra repos (rpmforge IIRC), so this one's no problem. There is a php-gd already in centos-5 ... so no RPMForge RPM is necessary. 2) To install php-yaz, I have to install the yaz library first. To do this, I download the FC6 SRPM for yaz from www.indexdata.dk, it builds without any problem, and I install the resulting libyaz3 and libyaz3-devel. Then, I can install the according PHP module with a simple 'pecl install yaz'. I do not recommend that ... it can get overwritten on php upgrades, instead, build a php-pecl RPM. Use the SRPMS from c5 centosplus as an example ... like php-pecl-memcache-2.1.2-1.el5.centos.src.rpm or php-pecl-Fileinfo-1.0.4-3.el5.centos.src.rpm 3) Apparently, there's no php-xslt module around. AFAIK, the only way to have it is to build it into PHP. So I went and downloaded the PHP SRPM from one of the CentOS mirrors. I edited php.spec and added the following configure option in php.spec: --with-xslt-sablot After installing a myriad of build dependencies, I launched 'rpmbuild -bb --clean php.spec', and after a while, I got my /usr/src/redhat/RPMS/i386 directory chock-full with resulting PHP packages. I uninstalled everything I already had PHP-wise, like this: yum remove `rpm qa | grep php` Then I simply installed my resulting RPMS like this: rpm -ivh php-*.rpm I checked the PHP information page (with phpinfo()), and every module needed by my application was there. Now I wonder: how will I manage security and/or bugfix updates for PHP and its modules in the future? When simply issuing 'yum update', any update to php will squash my rebuilt version, and PMB will become dysfunctional. My first idea would be: see if there are available updates, and in that case, download the according SRPM, rebuild and reinstall the whole thing. But that sounds a bit tedious. Or simply put a line in /etc/yum.conf: exclude=php php-* Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
On Jan 28, 2008 9:19 PM, Michael A. Peters [EMAIL PROTECTED] wrote: Frank Cox wrote: On Mon, 28 Jan 2008 22:36:03 -0500 Jim Perrin [EMAIL PROTECTED] wrote: And above all, because I know many admins slack on this, and I'm guilty of it as well if it's not forced... ROTATE your passwords periodically I have never understood this. If I have a good, strong password that nobody knows, how is changing it to another one an improvement over what I already have? I agree with you. A company I worked for required rotation of passwords and strong passwords. We fired one of the sysadmins because he had a problem coming in to work late. Take a wild guess at what we found taped to the bottom of his keyboard. Requiring password rotation increases the occurrences of that issue. I am sorry but that is a logical fallacy if I have ever seen. I have seen lots of people who come in on time and stay late who have passwords taped to the bottom of their keyboards... and they never had to change their passwords. And I know lots of people who do not do this who have to change their passwords every 90 days. Rotating passwords comes from the following theories: 1) As in cryptography, you must assume that the attacker knows everything you know and probably something more. 2) You do not know where the attacker is. Thus for a networked system or a system with multiple users, you must assume that within a certain amount of time, your hashes have been seen. Then you multiply it by the amount of time it would take to 'crack' that hash with precomputed hash tables and/or multi-system hacks. With the price of a cluster of 10,000 botted computers being pretty low.. you can assume that multi-system hacks are possible. Then you look at the value of your data. From that you can come up with how long before your password needs to be rotated. Using 2-3 factor authentication lowers this risk, and using 1 time passwords also does. However the cost of doing so in training, materials, etc may be more than what you wish to look for. Rotating passwords IMHO should only be done when their is a possibility that the shadow file has been compromised or an employee with root access is dismissed on bad terms. A better thing to do is disable remote root login, be extremely careful with sudo (it should not be allowed to spawn a shell for any user), and log to a log server rather than local filesystem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. The Merchant of Venice ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing a fat filesystem on a USB partition
On Jan 29, 2008 7:57 AM, Dogsbody [EMAIL PROTECTED] wrote: Hi All, I feel this is the most simple question but I am currently going around and round in circles and searches keep bringing me up Windows tools!! :-( I have a 512MB USB drive that has a 12MB FAT16 partition on it. How can I resize this 12MB partition to grow and fill the whole 512MB drive? AFAIK, there is no way to resize any FAT partition. You have to delete both partitions and then create a new one. That's all. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
Les Mikesell wrote: Johnny Hughes wrote: Overall ... unless you really, Really, REALLY need a newer kernel, it is best to use the one provided by the distribution. Is there a difference in the way kernel modules are managed between CentOS4 and 5? I thought that under CentOS4 after a kernel update VMware would insist that you run vmware-config.pl but it would always say that the existing module loads perfectly, where under CentOS5 it always compiles a new version for each updated kernel. I run CentOS 4 and 5 under VMWare ESX 3.x, I hacked up the VMware tools into two different RPMS - core rpm (everything but drivers) - driver rpm When I want to deploy a new kernel I build a special RPM with the vmware modules compiled against that kernel(never accepting the built in ones for no real reason other than I don't want to). And install the updated drivers at the same time as I install the new kernel. So far it's worked every time, no need to run vmware-config after kernel updates. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cyrus-Imapd Sieve Unable to connect to server
Alain Reguera Delgado schrieb: On 1/28/08, Alexander Dalloz [EMAIL PROTECTED] wrote: Again no SASL offering. Please check your cyrus-sasl installs. $ rpm -qa | grep cyrus cyrus-sasl-2.1.22-4 - see here cyrus-imapd-2.3.7-1.1.el5 cyrus-sasl-lib-2.1.22-4- and here cyrus-imapd-perl-2.3.7-1.1.el5 cyrus-imapd-utils-2.3.7-1.1.el5 Hm. You shouldn't be able to SASL auth at all! You are missing the cyrus-sasl-plain RPM to have both the liblogin.so* and libplain.so* libraries. Very certainly installing this RPM will solve your problem. Yes. I installed those RPMs and things start working!!! ... I am very happy :D Congratulations. And test following: Run openssl s_client -connect localhost:2000 -starttls smtp CONNECTED(0003) 22760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567: Hm, that command works for me this way. Instead of -starttls smtp you may try -starttls pop3 or -tls1. Well, that return the same error with -starttls pop3 but a different one with -tls1 CONNECTED(0003) 30901:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284 Not so important. If `sivtest ... -t ' shows a working STARTTLS you are on the save side. Even your SSL/TLS setup seems to be broken. Are the certificate files in place. I looked at /etc/pki/cyrus-imapd/ and that directory is empty. Took a look at /etc/pki/tls/certs/ and there is a cyrus-imapd.pem file like that mentioned in imapd.conf file. I tried to copy/linking it into /etc/pki/cyrus-imapd/ and restart cyrus-imapd but that error is still there when the openssl command is run. I have created a .crt and .key file to apache, related to my domain ... with the command: /usr/bin/openssl req -newkey rsa:1024 -keyout /etc/pki/tls/private/example.com.key -nodes -x509 -days 365 -out /etc/pki/tls/certs/example.com.crt (that taken from /etc/pki/tls/certs/make-dummy-cert bash script) Tried to use them but still no success. Don't know, how this error could affect cyrus-imapd-sieve? The question is whether a possible lack of TLS/SSL encryption is causing the transmission of authentication data in plaintext over the wire. If you use sieve just locally I feel you can ignore that. What does the cyrus-imapd service start report in the maillog? When run the command (the openssl s_client one), none ... just: ... sieve[30807]: executed sieve[30807]: accepted connection master[28736]: process 30807 exited, status 0 Any errors? Not this time .. I think :) S: IMPLEMENTATION Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5 S: SASL CRAM-MD5 DIGEST-MD5 LOGIN PLAIN S: SIEVE comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy S: STARTTLS S: OK C: AUTHENTICATE DIGEST-MD5 S: {264} S: bm9uY2U9IkNpRTF5c0x2NllwcHNwQjhXVUo4TlRiakxFM3FBbDJPUzZVK1paNi9EbGM9IixyZWFsbT0ib3Jpb24uY2lnZXQuY2llbmZ1ZWdvcy5jdSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= Please enter your password: {416+} C: dXNlcm5hbWU9ImFsQGNpZ2V0LmNpZW5mdWVnb3MuY3UiLHJlYWxtPSJvcmlvbi5jaWdldC5jaWVuZnVlZ29zLmN1Iixub25jZT0iQ2lFMXlzTHY2WXBwc3BCOFdVSjhOVGJqTEUzcUFsMk9TNlUrWlo2L0RsYz0iLGNub25jZT0id0Y2TktJQ0VRRitnZ2N4N21Xb3MvL0ptclVlK2pCNWloZDJBd3d2ZXhNND0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS9vcmlvbi5jaWdldC5jaWVuZnVlZ29zLmN1IixyZXNwb25zZT1jNTg2OWJkYTEzNDlhYTNhNTQ4YTA3NWZlYjU2OTZjMw== S: OK (SASL cnNwYXV0aD1mMTg5YzEzYjFmMzk5Y2NhYjcyZmI0NDJkMmQzNTZmNw==) Authenticated. Security strength factor: 128 C: LOGOUT Connection closed. Fine. As MD5 mechs do not cause transmission of passwords there is no risk they could be sniffed. or to avoid plaintext passwords over the wire sasl_mech_list: CRAM-MD5 DIGEST-MD5 In this configuration, we have a webmail (squirrelmail) with ssl available in the same machine. Do you think it would work without PLAIN mech available ? I assume you have squirrelmail talking to your Cyrus-Imapd over localhost. Limited risc when using PLAIN or LOGIN. Of course you can use MD5 mechs either on localhost only or through networks. In general it is advised to protect passwords whereever you can. Thank you very much for this Tremendous Help. I uploaded some sieve scripts using sieveshell, took a look at maillog and enjoyed to see what happened .. that worked pretty nice!!! Cheers, al. Glad that I could help. Have fun with your powerful Cyrus-Imapd :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
On Jan 29, 2008 1:24 PM, nate [EMAIL PROTECTED] wrote: Les Mikesell wrote: I run CentOS 4 and 5 under VMWare ESX 3.x, I hacked up the VMware tools into two different RPMS - core rpm (everything but drivers) - driver rpm When I want to deploy a new kernel I build a special RPM with the vmware modules compiled against that kernel(never accepting the built in ones for no real reason other than I don't want to). And install the updated drivers at the same time as I install the new kernel. So far it's worked every time, no need to run vmware-config after kernel updates. nate I hope you are interested in contributing to the CentOS community by sharing your driver: https://projects.centos.org/trac/dasha/ Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
On Jan 29, 2008 3:18 PM, Les Mikesell [EMAIL PROTECTED] wrote: Johnny Hughes wrote: Overall ... unless you really, Really, REALLY need a newer kernel, it is best to use the one provided by the distribution. Is there a difference in the way kernel modules are managed between CentOS4 and 5? I thought that under CentOS4 after a kernel update VMware would insist that you run vmware-config.pl but it would always say that the existing module loads perfectly, where under CentOS5 it always compiles a new version for each updated kernel. If we are talking about VMWare Server, RHEL4 is a supported OS, but RHEL5 isn't. If your not on a supported OS, it won't have a pre-configured set of modules. It does look like RHEL5 support was added in VMWare Workstation 6, but I haven't used that version. -- William Hooper ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
Johnny Hughes wrote: Overall ... unless you really, Really, REALLY need a newer kernel, it is best to use the one provided by the distribution. Is there a difference in the way kernel modules are managed between CentOS4 and 5? I thought that under CentOS4 after a kernel update VMware would insist that you run vmware-config.pl but it would always say that the existing module loads perfectly, where under CentOS5 it always compiles a new version for each updated kernel. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: CentOS plus mysql server
on 1/29/2008 11:45 AM Johnny Tan spake the following: Johnny Hughes wrote: There is an enterprise version and a community version of mysql ... even numbered versions are enterprise ... odd numbered versions are community versions. The 5.0.54 version is the latest released enterprise version: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0.html (Well there is a 54a now, but I am testing that) Johnny: Where do you keep the RPMs for the CentOS versions? I looked here, but don't see it: http://mirror.centos.org/centos/5/centosplus/x86_64/ And also, do you have a 5.1 version as well for centosplus? johnn It is currently only in CentOS 4 AFAIR. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS plus mysql server
Johnny Tan wrote: Johnny Hughes wrote: There is an enterprise version and a community version of mysql ... even numbered versions are enterprise ... odd numbered versions are community versions. The 5.0.54 version is the latest released enterprise version: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0.html (Well there is a 54a now, but I am testing that) Johnny: Where do you keep the RPMs for the CentOS versions? I looked here, but don't see it: http://mirror.centos.org/centos/5/centosplus/x86_64/ And also, do you have a 5.1 version as well for centosplus? mysql-5.1 is an RC and not released ... not for enterprise distro (hell ... it (mysql-5.1) is NOT even in fedora rawhide yet :D) there is a testing version of mysql-5.0 here for centos-5, BUT there is version-5.0 in the main distro (5.0.22 with bugfixes and patches) so I am not sure there is a need for a newer mysql-5.0 in centosplus for c5: http://dev.centos.org/centos/5/testing/i386/RPMS/ I can build the latest mysql-5.0 version for centos-5 and put it into centosplus if there is a real need out there for it. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unknown rootkit causes compromised servers
on 1/29/2008 10:41 AM Johnny Hughes spake the following: David Thompson wrote: Michael A. Peters wrote: I have never understood this. If I have a good, strong password that nobody knows, how is changing it to another one an improvement over what I already have? I agree with you. For user accounts, changing one strong password for another gains you nothing, and may cause people to start writing things down, or choosing trivial passwords which still meet the password strength criteria, or whatever, actually weakening security. However, if you have admins who come into or leave employment, changing privileged account passwords (read: root or equiv) is a necessary activity. I disagree with this too, changing one strong password for another gains you plenty if someone has compromised the initial one. The purpose of changing strong passwords is so that if someone has been fortunate enough to use some kind of method to get a password, they loose access again after the new password change and have to start over at the beginning to get back in. This gains you plenty if someone who is unauthorized losses access. If you are dealing with regular users, Bill will give Ted a password for one item when Bill goes on vacation since it is much easier than getting the IT weenies to change the access that Ted has ... besides he only needs to login one time while Bill is on vacation. However, if Bill never has to change his password then Ted has Bill's access forever. Then of course there is the brute force guessing, etc. Changing passwords at regular intervals is more secure than keeping the same passwords. If I ever need to give root access to somebody else, I change the password before I give it out, and change it again after. Just in case I got lazy and used it somewhere else. Sometimes you get busy or just plain forget. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS plus mysql server
Johnny Hughes wrote: There is an enterprise version and a community version of mysql ... even numbered versions are enterprise ... odd numbered versions are community versions. The 5.0.54 version is the latest released enterprise version: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0.html (Well there is a 54a now, but I am testing that) Johnny: Where do you keep the RPMs for the CentOS versions? I looked here, but don't see it: http://mirror.centos.org/centos/5/centosplus/x86_64/ And also, do you have a 5.1 version as well for centosplus? johnn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS plus mysql server
Hi, a few days there was thread about Centos Plus mysql. Today Mysql released mysql-5.0.51a. Where does Centos Plus mysql-5.0.54 come from? Thanks, David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rebuilding PHP: how do I manage updates?
Niki Kovacs wrote: Johnny Hughes a écrit : If you had to add a switch to the configure file (you said --with-xslt-sablot) then it probably not the same. So, in short, the only way to update rebuilt packages (since they figure in yum.conf's exclude= line) is to track the presence of updates, then download the updated SRPM, rebuild it and then rpm -Uvh the result? Correct me if I'm wrong. That is correct. If the libraries/files that are produced are separate when using that option, you can split them out as a separate rpm ... and maybe you can continue to use the base RPMS from centos and keep yours separately. If it modifies the (or compiles differently) the files in existing packages, then yes you will have to track and rebuild them every time. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unknown rootkit causes compromised servers
David Thompson wrote: Michael A. Peters wrote: I have never understood this. If I have a good, strong password that nobody knows, how is changing it to another one an improvement over what I already have? I agree with you. For user accounts, changing one strong password for another gains you nothing, and may cause people to start writing things down, or choosing trivial passwords which still meet the password strength criteria, or whatever, actually weakening security. However, if you have admins who come into or leave employment, changing privileged account passwords (read: root or equiv) is a necessary activity. I disagree with this too, changing one strong password for another gains you plenty if someone has compromised the initial one. The purpose of changing strong passwords is so that if someone has been fortunate enough to use some kind of method to get a password, they loose access again after the new password change and have to start over at the beginning to get back in. This gains you plenty if someone who is unauthorized losses access. If you are dealing with regular users, Bill will give Ted a password for one item when Bill goes on vacation since it is much easier than getting the IT weenies to change the access that Ted has ... besides he only needs to login one time while Bill is on vacation. However, if Bill never has to change his password then Ted has Bill's access forever. Then of course there is the brute force guessing, etc. Changing passwords at regular intervals is more secure than keeping the same passwords. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
Manish Kathuria wrote: How are the updated kernels released by Red Hat / Cent OS related to the latest vanilla kernels ? Are the changes, new features and drivers, etc. available in the newer kernels also ported to the updated kernels released by Red Hat in their entirety ? If your comparing RHEL/CentOS kernels to kernel.org kernels they are similar but Red Hat adds a ton of patches(v4 is upwards of 100+ patches). New features are typically not backported to current versions of the kernel, newer drivers are often back ported, assuming the driver existed in the RHEL kernel. If the driver did not exist then it's much less likely to get included. For the lifetime of a distribution like RHEL 4 or RHEL 5, Red Hat would stick to the same major and minor number of the kernel and would just change release numbers. What is the relation, if any, between the new kernels and the updates released by Red Hat ? They make their systems ABI compatible throughout the lifetime of the major version(4.x, 5.x). If your looking to stay on the leading edge with kernel updates your best off using another distro maybe Fedora or something. If your looking for a stable system that you don't have to worry about even if it means you have to be more careful about picking what hardware you run it on, RHEL and CentOS are good choices. You can always build your own kernels on RHEL/CentOS if you wanted, or rebuild Fedora kernels and install them on RHEL/CentOS, in most cases it should work. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum update change kernel auto rebuild drivers centos 5.1
On Jan 29, 2008 10:14 AM, Jim Perrin [EMAIL PROTECTED] wrote: On Jan 29, 2008 12:55 PM, Jerry Geis [EMAIL PROTECTED] wrote: Is there any formal mechanizism by which after a yum update , and kernel change that drivers can automatically be recompiled and a service restarted? Do I need to make my own? DKMS works for this. see dag's repo and how the nvidia drivers and others are handled. Depending on the driver, use of weak-updates is possible ,and if so, maybe an easier method. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS plus mysql server
On Jan 29, 2008 11:10 AM, David Hrbáč [EMAIL PROTECTED] wrote: Hi, a few days there was thread about Centos Plus mysql. Today Mysql released mysql-5.0.51a. Where does Centos Plus mysql-5.0.54 come from? Thanks, David I understand it is from MySQL Enterprise. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
nate wrote: Manish Kathuria wrote: How are the updated kernels released by Red Hat / Cent OS related to the latest vanilla kernels ? Are the changes, new features and drivers, etc. available in the newer kernels also ported to the updated kernels released by Red Hat in their entirety ? If your comparing RHEL/CentOS kernels to kernel.org kernels they are similar but Red Hat adds a ton of patches(v4 is upwards of 100+ patches). Actually for CentOS-5: [EMAIL PROTECTED] SOURCES]$ ls *.patch | wc -l 1102 So ... there are 1102 patches in the CentOS-5 kernel For the CentOS-4 kernel, that number is very similar at 1115. New features are typically not backported to current versions of the kernel, newer drivers are often back ported, assuming the driver existed in the RHEL kernel. If the driver did not exist then it's much less likely to get included. For the lifetime of a distribution like RHEL 4 or RHEL 5, Red Hat would stick to the same major and minor number of the kernel and would just change release numbers. What is the relation, if any, between the new kernels and the updates released by Red Hat ? They make their systems ABI compatible throughout the lifetime of the major version(4.x, 5.x). If your looking to stay on the leading edge with kernel updates your best off using another distro maybe Fedora or something. If your looking for a stable system that you don't have to worry about even if it means you have to be more careful about picking what hardware you run it on, RHEL and CentOS are good choices. You can always build your own kernels on RHEL/CentOS if you wanted, or rebuild Fedora kernels and install them on RHEL/CentOS, in most cases it should work. All the rest of what you said is true though ... drivers get backported much more frequently than other features. One thing to consider about new kernels is abi changes ... and things (like sar, top, system monitoring tools, etc.) not working because of the differences unless they are also upgraded. Also, /proc changes considerably in newer kernels as well ... as will the things that you include in /etc/sysctl.conf Also many times newer things like binutils, mkinitrd and module-init-tools will be required with a newer kernel. Overall ... unless you really, Really, REALLY need a newer kernel, it is best to use the one provided by the distribution. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS plus mysql server
David Hrbáč wrote: Hi, a few days there was thread about Centos Plus mysql. Today Mysql released mysql-5.0.51a. Where does Centos Plus mysql-5.0.54 come from? Thanks, David There is an enterprise version and a community version of mysql ... even numbered versions are enterprise ... odd numbered versions are community versions. The 5.0.54 version is the latest released enterprise version: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0.html (Well there is a 54a now, but I am testing that) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: yum update change kernel auto rebuild drivers centos 5.1
on 1/29/2008 9:55 AM Jerry Geis spake the following: Is there any formal mechanizism by which after a yum update , and kernel change that drivers can automatically be recompiled and a service restarted? Do I need to make my own? Thanks, Jerry Dkms is one option. It can re-compile modules and reinstall them, but it takes some initial work to get it started. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS plus mysql server
Johnny Hughes napsal(a): There is an enterprise version and a community version of mysql ... even numbered versions are enterprise ... odd numbered versions are community versions. The 5.0.54 version is the latest released enterprise version: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0.html (Well there is a 54a now, but I am testing that) Thanks for the info. David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Network routes
I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 TIA -jason -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplex Printing
Joshua Baker-LePain wrote: On Tue, 29 Jan 2008 at 7:57pm, Clint Dilks wrote The only successful Duplex Job I have been able to print was by using * enscript -DDuplex:true -P mfd_scmsoffice test.txt *Otherwise I have been trying *lp -d mfd_scmsoffice -o sides=two-sided-long-edge test.txt* As long as it's supported in the PPD, duplex printing isn't an issue at all. What does 'lpoptions -l | grep -i duplex' say for the relevant printers? Hi lpoptions -p mfd_scmsoffice -l | grep -i duplex OptionalDuplexer/OptionalDuplexer: False *True Duplex/Duplex: None DuplexNoTumble *DuplexTumble This makes me think it should be duplexing by default ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
On Jan 29, 2008 12:25 PM, William Hooper [EMAIL PROTECTED] wrote: On Jan 29, 2008 3:18 PM, Les Mikesell [EMAIL PROTECTED] wrote: Johnny Hughes wrote: Overall ... unless you really, Really, REALLY need a newer kernel, it is best to use the one provided by the distribution. Is there a difference in the way kernel modules are managed between CentOS4 and 5? I thought that under CentOS4 after a kernel update VMware would insist that you run vmware-config.pl but it would always say that the existing module loads perfectly, where under CentOS5 it always compiles a new version for each updated kernel. If we are talking about VMWare Server, RHEL4 is a supported OS, but RHEL5 isn't. If your not on a supported OS, it won't have a pre-configured set of modules. It does look like RHEL5 support was added in VMWare Workstation 6, but I haven't used that version. With VMWare Workstation 6 under CentOS-5, you run vmware-config.pl for each kernel update, but you do not need to compile the modules each time. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Network routes
Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing a fat filesystem on a USB partition
AFAIK, there is no way to resize any FAT partition. You have to delete both partitions and then create a new one. I thought the CD installer came with a utility to resize FAT partitions (albeit in MS DOS)? And this isn't possible in CentOS it self? :-/ Ho hum, thank you very much for the quick answer :-) Dan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Network routes
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross But I have 2 physical network cards, on 2 different networks. Should they not both have default routes? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Network routes
on 1/29/2008 2:53 PM Jason Pyeron spake the following: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross But I have 2 physical network cards, on 2 different networks. Should they not both have default routes? You would think so, but it will confuse the system so bad that traffic won't know where to go. The default route is the route that packets need to take to leave your network to enter the outside world. Every thing under your control should have static routes of some kind, or a routing daemon. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing a fat filesystem on a USB partition
Look for gnu parted. There are a couple of live cds out there with it, like Parted Magic and others. Parted can resize fat and ntfs file systems among others. -Ross - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: CentOS mailing list centos@centos.org Sent: Tue Jan 29 17:53:07 2008 Subject: Re: [CentOS] Resizing a fat filesystem on a USB partition AFAIK, there is no way to resize any FAT partition. You have to delete both partitions and then create a new one. I thought the CD installer came with a utility to resize FAT partitions (albeit in MS DOS)? And this isn't possible in CentOS it self? :-/ Ho hum, thank you very much for the quick answer :-) Dan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network routes
Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.KB.1 or there is an outage. You probably want to remove the default route through NE.TW.KB.1 and add routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address without regard to the route of a packet you might be replying to. As for an 'outage', how do you define/detect the outage? Normally if you want routes to be determined dynamically you would set up a routing protocol with the next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default gateway address. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Network routes
Sorry for the top post. The default route is the route applied when no other route matches the destination IP. From that how would you figure out which default route to pick, only if the routes were weighted could you pick between two. If you had two routes with equal weight and the traffic went round robin between them then the originating host will discard half the returning traffic because it's not coming from the same ip it sent it to. No your best bet is probably to do reverse NAT'ing as it is simple to setup and you don't have to worry about default routes and weight. Traffic initiates on 1 gateway and sticks with it for the duration of the session. You can use BGP on the gateways outside interface to load balance or fail-over the default gateway or use round-robin DNS, MX records for mail, etc. -Ross - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: centos@centos.org centos@centos.org Sent: Tue Jan 29 18:03:13 2008 Subject: [CentOS] Re: Network routes on 1/29/2008 2:53 PM Jason Pyeron spake the following: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross But I have 2 physical network cards, on 2 different networks. Should they not both have default routes? You would think so, but it will confuse the system so bad that traffic won't know where to go. The default route is the route that packets need to take to leave your network to enter the outside world. Every thing under your control should have static routes of some kind, or a routing daemon. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum fails with invalid dependency on sqlite
Hi, I am using Centos 4.6 on x86-64. recently when I tried to do a yum -y check-update this is the output I get [EMAIL PROTECTED] ~]# yum check-update Setting up repositories update100% |=| 951 B00:00 base 100% |=| 1.1 kB00:00 addons100% |=| 951 B00:00 Reading repository metadata in from local files primary.xml.gz100% |=| 74 kB00:01 (process:1999): GLib-CRITICAL **: file gtimer.c: line 106 (g_timer_stop): assertion `timer != NULL' failed (process:1999): GLib-CRITICAL **: file gtimer.c: line 88 (g_timer_destroy): assertion `timer != NULL' failed Traceback (most recent call last): File /usr/bin/yum, line 29, in ? yummain.main(sys.argv[1:]) File /usr/share/yum-cli/yummain.py, line 97, in main result, resultmsgs = do() File /usr/share/yum-cli/cli.py, line 534, in doCommands ypl = self.returnPkgLists() File /usr/share/yum-cli/cli.py, line 1176, in returnPkgLists ypl = self.doPackageLists(pkgnarrow=pkgnarrow) File __init__.py, line 904, in doPackageLists File /usr/share/yum-cli/cli.py, line 75, in doRepoSetup self.doSackSetup(thisrepo=thisrepo) File __init__.py, line 260, in doSackSetup File repos.py, line 277, in populateSack File /usr/lib64/python2.3/site-packages/sqlitecachec.py, line 40, in getPrimary self.repoid)) TypeError: Can not create index on requires table: near NOT: syntax error This is the output of rpm -qa | grep sqlite [EMAIL PROTECTED] ~]# rpm -qa | grep sqlite python-sqlite-1.1.7-1.2.1 sqlite-3.3.6-2 sqlite-devel-3.3.6-2 any suggestions ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing a fat filesystem on a USB partition
Look for gnu parted. There are a couple of live cds out there with it, like Parted Magic and others. Parted can resize fat and ntfs file systems among others. Unfortunately `parted` doesn't work with this setup where the partition size is different to the filesystem size and throws up lots of errors. I even tried downloading the latest version of parted but still no go :-/ Dan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resizing a fat filesystem on a USB partition
Ross S. W. Walker wrote: Look for gnu parted. There are a couple of live cds out there with it, like Parted Magic and others. Parted can resize fat and ntfs file systems among others. And Gparted provides a very partition-magic like X11 interface to parted(?), I don't see it part of the standard CentOS 5.1 distribution, I've only used it under Ubuntu, and it can resize FAT32/NTFS etc no problem(not sure about FAT16). $ apt-cache show gparted Package: gparted [..] Description: GNOME partition editor GParted uses libparted to detect and manipulate devices and partition tables while several (optional) filesystem tools provide support for filesystems not included in libparted. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bonding two network cards
Joseph L. Casale wrote: I am searching the net for instructions on how to do this in CentOS 5.1 but am not 100% sure I am finding a reliable doc. I am doing this remotely and don't have much room for error:) Can anyone point me along here? Thanks! jlc Try the wiki: http://wiki.centos.org/TipsAndTricks/BondingInterfaces -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Bonding two network cards
Try the wiki: http://wiki.centos.org/TipsAndTricks/BondingInterfaces Sorry guys, changed my Google search and went straight to it! It's fairly elaborate, exactly what I was looking for! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Network routes
_ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 18:22 To: centos@centos.org Subject: Re: [CentOS] Re: Network routes Sorry for the top post. The default route is the route applied when no other route matches the destination IP. From that how would you figure out which default route to pick, only if the routes were weighted could you pick between two. If you had two routes with equal weight and the traffic went round robin between them then the originating host will discard half the returning traffic because it's not coming from the same ip it sent it to. No your best bet is probably to do reverse NAT'ing as it is simple to setup and you don't have to worry about default routes and weight. Traffic initiates on 1 gateway and sticks with it for the duration of the session. You can use BGP on the gateways outside interface to load balance or fail-over the default gateway or use round-robin DNS, MX records for mail, etc. -Ross Okay, they were weighted primay at 0 and it worked. Secondary at 20, it would never be chosen as a default. But how does a reply get out to the net on the same route it came in on? - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: centos@centos.org centos@centos.org Sent: Tue Jan 29 18:03:13 2008 Subject: [CentOS] Re: Network routes on 1/29/2008 2:53 PM Jason Pyeron spake the following: -Original Message- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] On Behalf Of Ross S. W. Walker Sent: Tuesday, January 29, 2008 17:38 To: CentOS mailing list Subject: RE: [CentOS] Network routes Jason Pyeron wrote: I am unable to ping NE.TW.RKB.IP1 from an outside network. Other machines which do not have access or routes for NET.WOR.KA.0 respond just fine. How do I get it to respond on both NET.WOR.KA.0 and NE.TW.RKB.0 given all default traffic should go through NET.WOR.KA.1 unless it is in reply to traffic from NE.TW.RKB.1 or there is an outage. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 0.0.0.0 NE.TW.RKB.1 0.0.0.0 UG20 00 eth0 [EMAIL PROTECTED] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:NE.TW.RKB.IP1 Bcast:NE.TW.RKB.255 Mask:255.255.255.0 eth0:pn Link encap:Ethernet HWaddr 00:17:31:0F:04:AE inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:01:03:E9:42:D0 inet addr:NET.WOR.KA.IP2 Bcast:NET.WOR.KA.255 Mask:255.255.255.0 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 You can have only 1 default route. You can use RIP or some other routing protocol to advertise defualt routes to the host from the gateways based upon route availability or weight, or you can deploy reverse NAT'ing on the gateways so external IPs will be masqueraded as the internal IP of the gateway and thus be routed to the appropriate gateway based on which IP they arrived on. -Ross But I have 2 physical network cards, on 2 different networks. Should they not both have default routes? You would think so, but it will confuse the system so bad that traffic won't know where to go. The default route is the route that packets need to take to leave your network to enter the outside world. Every thing under your control should have static routes of some kind, or a routing daemon. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us/ http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Network routes
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Les Mikesell Sent: Tuesday, January 29, 2008 18:25 To: CentOS mailing list Subject: Re: [CentOS] Network routes You probably want to remove the default route through NE.TW.KB.1 and add routes for the specific networks that you can reach though it. Normally routing is done toward a destination network/address without regard to the route of a packet you might be replying to. As for an 'outage', how do you define/detect the outage? Normally if you want routes to be determined dynamically you would set up a routing protocol with the next-hop routers - or for simple failover the alternative gateway routers might be configured via hsrp or vrrp to have a floating IP address that the rest of the LAN uses as the default gateway address. Droping the failover requirements, pings still do not respond off the local subnet. [EMAIL PROTECTED] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface NET.WOR.KA.00.0.0.0 255.255.255.0 U 0 00 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 NE.TW.RKB.0 0.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 00 eth1 0.0.0.0 NET.WOR.KA.10.0.0.0 UG0 00 eth1 [EMAIL PROTECTED] ~]# tcpdump -n 'icmp[0] = 8 or icmp[0] = 0' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 20:27:02.789177 IP 192.168.1.114 192.168.1.20: icmp 64: echo request seq 0 20:27:02.789277 IP 192.168.1.20 192.168.1.114: icmp 64: echo reply seq 0 20:27:03.786470 IP 192.168.1.114 192.168.1.20: icmp 64: echo request seq 256 20:27:03.786509 IP 192.168.1.20 192.168.1.114: icmp 64: echo reply seq 256 20:27:04.778574 IP 192.168.1.114 192.168.1.20: icmp 64: echo request seq 512 20:27:04.778612 IP 192.168.1.20 192.168.1.114: icmp 64: echo reply seq 512 20:27:05.778262 IP 192.168.1.114 192.168.1.20: icmp 64: echo request seq 768 20:27:05.778299 IP 192.168.1.20 192.168.1.114: icmp 64: echo reply seq 768 20:27:08.032006 IP CO.MC.A.ST NE.TW.RKB.IP1: icmp 64: echo request seq 0 20:27:09.026055 IP CO.MC.A.ST NE.TW.RKB.IP1: icmp 64: echo request seq 256 20:27:10.032333 IP CO.MC.A.ST NE.TW.RKB.IP1: icmp 64: echo request seq 512 20:27:11.025881 IP CO.MC.A.ST NE.TW.RKB.IP1: icmp 64: echo request seq 768 20:27:13.022155 IP CO.MC.A.ST NE.TW.RKB.IP1: icmp 64: echo request seq 1280 13 packets captured 13 packets received by filter 0 packets dropped by kernel Why are there no replies being sent? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: Network routes
Jason Pyeron wrote: Ross S. W. Walker wrote: Sorry for the top post. The default route is the route applied when no other route matches the destination IP. From that how would you figure out which default route to pick, only if the routes were weighted could you pick between two. If you had two routes with equal weight and the traffic went round robin between them then the originating host will discard half the returning traffic because it's not coming from the same ip it sent it to. No your best bet is probably to do reverse NAT'ing as it is simple to setup and you don't have to worry about default routes and weight. Traffic initiates on 1 gateway and sticks with it for the duration of the session. You can use BGP on the gateways outside interface to load balance or fail-over the default gateway or use round-robin DNS, MX records for mail, etc. -Ross Okay, they were weighted primay at 0 and it worked. Secondary at 20, it would never be chosen as a default. But how does a reply get out to the net on the same route it came in on? snip Ah, but it doesn't if you don't masquerade the IP as coming from the originating gateway or you make sure you have only 1 gateway functioning at a time with some routing protocol telling your internal hosts which route is active. For multiple gateways active at once you will need to masquerade so the traffic can use the internal network routing tables to assure traffic goes back out the way it came in. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Bonding two network cards
Try the wiki: http://wiki.centos.org/TipsAndTricks/BondingInterfaces Is it ok to leave the hwaddress in the eth(n) files to make sure they are used explicitely as intended in the event other cards are added? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problems to install java plugin in CentOS 5.1 x86_64
Hi! I've tried to install java plugin as is in http://www.howtoforge.com/installation-guide-centos5.1-desktop-p7 but with no success. All steps seems to go well, with no error messages, but Firefox says that there is no java plugin. Please, tell me what could be wrong? Thanks in advance!! -- Sergio Belkin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL / CentOS Kernel Updates
On 1/30/08, Johnny Hughes [EMAIL PROTECTED] wrote: nate wrote: Manish Kathuria wrote: New features are typically not backported to current versions of the kernel, newer drivers are often back ported, assuming the driver existed in the RHEL kernel. If the driver did not exist then it's much less likely to get included. For the lifetime of a distribution like RHEL 4 or RHEL 5, Red Hat would stick to the same major and minor number of the kernel and would just change release numbers. What is the relation, if any, between the new kernels and the updates released by Red Hat ? They make their systems ABI compatible throughout the lifetime of the major version(4.x, 5.x). If your looking to stay on the leading edge with kernel updates your best off using another distro maybe Fedora or something. If your looking for a stable system that you don't have to worry about even if it means you have to be more careful about picking what hardware you run it on, RHEL and CentOS are good choices. You can always build your own kernels on RHEL/CentOS if you wanted, or rebuild Fedora kernels and install them on RHEL/CentOS, in most cases it should work. All the rest of what you said is true though ... drivers get backported much more frequently than other features. In this connection, I have an example. I have a Netgear WG111 v2 USB Wireless Adapter which does not get detected by CentOS 5.1 updated with the latest 2.6.18 kernel released. This particular adapter has the Realtek 8187 chip. However, Fedora 8 running on 2.6.23 detects the adapter and also loads the correct module for it. This leaves me wondering whether the adapter will ever be supported by the current Cent OS 5.x kernel or the subsequent updates. Thanks, -- Manish Kathuria ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos