[CentOS-announce] CESA-2009:0297-03: Low CentOS 2 i386 end of life notice
As per the upstream vendors errata support policy, updates for CentOS 2 will also end on May 31, 2009. It is recommended that any system still running CentOS 2 should be upgraded to a more recent version of CentOS before this date to ensure continued security and bug fix support. More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html -- John Newbigin ITS Senior Analyst / Programmer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:0459 Important CentOS 4 x86_64 kernel security update
CentOS Errata and Security Advisory 2009:0459 Important https://rhn.redhat.com/errata/RHSA-2009-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: kernel-2.6.9-78.0.22.EL.x86_64.rpm kernel-devel-2.6.9-78.0.22.EL.x86_64.rpm kernel-doc-2.6.9-78.0.22.EL.noarch.rpm kernel-largesmp-2.6.9-78.0.22.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.22.EL.x86_64.rpm kernel-smp-2.6.9-78.0.22.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.22.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.22.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.22.EL.x86_64.rpm src: kernel-2.6.9-78.0.22.EL.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos @irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:0459 Important CentOS 4 i386 kernel security update
CentOS Errata and Security Advisory 2009:0459 Important https://rhn.redhat.com/errata/RHSA-2009-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: kernel-2.6.9-78.0.22.EL.i586.rpm kernel-2.6.9-78.0.22.EL.i686.rpm kernel-devel-2.6.9-78.0.22.EL.i586.rpm kernel-devel-2.6.9-78.0.22.EL.i686.rpm kernel-doc-2.6.9-78.0.22.EL.noarch.rpm kernel-hugemem-2.6.9-78.0.22.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.22.EL.i686.rpm kernel-smp-2.6.9-78.0.22.EL.i586.rpm kernel-smp-2.6.9-78.0.22.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.22.EL.i586.rpm kernel-smp-devel-2.6.9-78.0.22.EL.i686.rpm kernel-xenU-2.6.9-78.0.22.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.22.EL.i686.rpm src: kernel-2.6.9-78.0.22.EL.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos @irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-es] Rv: monitor de ancho de banda
El mas facil y rapido de usar que conosco es iftop es tipo iptraf pero te ordena la lista de ip por consumo saludos El Thursday 30 April 2009 16:24:36 Freddy Angulo escribió: el tema es q tengo mi fw con politica en DROP la cual impide cualquier red p2p, pero a veces obervo que mi ancho de banda se satura y no se como ver que ip de mi lan esta realizando tantas consultas a la internet. --- El jue 30-abr-09, Freddy Angulo samilo...@yahoo.com escribió: De: Freddy Angulo samilo...@yahoo.com Asunto: [CentOS-es] monitor de ancho de banda A: centos-es@centos.org Fecha: jueves, 30 abril, 2009, 12:37 pm amigos necesito de su ayuda, me podrian decir de algun software en linux que me indicque en linea que ip de mi lan satura mi ancho de banda, por mas q el firewall este en drop veo mucha saturacion dentro de mi red. gracias por sus respuestas. ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=e1 -Adjunto en línea a continuación- ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ _ ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] compilar el kernel para crear un bridge
Alguien me podría dar una guía de como compilar el kernel de linux para crear un bridge, estoy utilizando la versión de centos 5.0. Todo esto para crear un servidor proxy ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Rsync/SSH automation problem?
Gordon Messmer wrote on Thu, 30 Apr 2009 14:19:04 -0700: I have a win2k3 server that its backing up to a CentOS 5.3 server. On the Win2k3 machine I plan to have rsync back up nightly to the CentOS server through ssh. The command I am using is as follows: rsync -vrPtz -e ssh myu...@myserver:/remote/backup/folder/ /local/backup/folder/ The first thing I'm sure you noticed was that this syntax copies data from a remote system to the local one, which is the opposite of what you described doing, above. No. He just tells he wants to backup win2k to CentOS. He doesn't say on which site he starts the operation. So, going from the command line one assumes he's working on the CentoS box. That may be incorrect, but that's what fits to the whole paragraph nicely. The second thing you will notice, eventually, is that rsync over ssh under Cygwin is unreliable. You mean *starting* an rsync operation on that side? Using rsync over ssh essentially uses rsync on *both* ends. So, it's running under Cygwin, anyway, which makes your statement a bit confusing. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] esata
Trying to get my esata working... I ubuntu thread talked about a command scsiadd? yum provides */scsiadd did not result in anything. The esata is on the motherboard. Is there something special I have to do to get esata to come alive? dmesg does not report anything when I turn on my disk. Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] esata
Jerry Geis wrote: I am trying to get esata working. my lspci is below. When I plug in the disk an turn it on - dmesg reports nothing. Is it supposed to report anything like a usb disk does? Is there a module to load? My motherboard is GA-MA78GM-US2H. I've had problems with certain eSATA drives not being seen at all - where as other types of eSATA drives work fine. I guess if your eSATA drive also has a USB interface, then try that and see if at least the drive can be seen. Although, just because a drive can be seen over USB, doesn't mean that the drive will be seen over the eSATA port ... James Pearson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] esata
Jerry Geis wrote: / I am trying to get esata working. my lspci is below. // // When I plug in the disk an turn it on - dmesg reports nothing. // Is it supposed to report anything like a usb disk does? // // Is there a module to load? // // My motherboard is GA-MA78GM-US2H. / I've had problems with certain eSATA drives not being seen at all - where as other types of eSATA drives work fine. I guess if your eSATA drive also has a USB interface, then try that and see if at least the drive can be seen. Although, just because a drive can be seen over USB, doesn't mean that the drive will be seen over the eSATA port ... James Pearson James, In fact it does work under USB. Was hoping to get esata working for extra speed. I tried rebooting with everything attached and that did not help either. Anything else to try? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] esata
Jerry Geis wrote: James, In fact it does work under USB. Was hoping to get esata working for extra speed. I tried rebooting with everything attached and that did not help either. Anything else to try? Try another make of drive? As I mentioned previously, we've found some makes of eSATA drives are not 'seen' ... I have no idea if this is a problem with SATA on the host, drive or at the OS level. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] .htaccess
I use the following .htaccess file to restrict access to certain web folders to only my IP pool. Options +Indexes order allow,deny allow from x.x.x. Is there anyway to allow a user right in if there in that IP pool but require a password if there not? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .htaccess
Matt wrote: I use the following .htaccess file to restrict access to certain web folders to only my IP pool. Options +Indexes order allow,deny allow from x.x.x. Is there anyway to allow a user right in if there in that IP pool but require a password if there not?\ I'm not sure if it can be done in .htaccess but a rewrite rule should be able to do the trick http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync/SSH automation problem?
Les Mikesell wrote: You have always been able to initiate the command over ssh from a windows box with the answering copy under sshd on linux. Very recent versions may even work the other way. My understanding was that rsync will used non-blocking pipes to communicate with ssh, regardless of which system initiates the connections, and is subject to the bug. It may work for you, but that doesn't mean the bug is gone; it only means that your system doesn't trigger it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 51, Issue 1
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2009:0297-03: Low CentOS 2 i386 end of life notice (John Newbigin) 2. CESA-2009:0459 Important CentOS 4 x86_64 kernel security update (Karanbir Singh) 3. CESA-2009:0459 Important CentOS 4 i386 kernel security update (Karanbir Singh) -- Message: 1 Date: Fri, 01 May 2009 10:02:18 +1000 From: John Newbigin jnewbi...@ict.swin.edu.au Subject: [CentOS-announce] CESA-2009:0297-03: Low CentOS 2 i386 end of lifenotice To: centos-annou...@centos.org Message-ID: 49fa3c0a.6030...@ict.swin.edu.au Content-Type: text/plain; charset=ISO-8859-1; format=flowed As per the upstream vendors errata support policy, updates for CentOS 2 will also end on May 31, 2009. It is recommended that any system still running CentOS 2 should be upgraded to a more recent version of CentOS before this date to ensure continued security and bug fix support. More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html -- John Newbigin ITS Senior Analyst / Programmer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin -- Message: 2 Date: Fri, 1 May 2009 06:39:18 -0400 From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2009:0459 Important CentOS 4 x86_64 kernel security update To: centos-annou...@centos.org Message-ID: 20090501103918.ga12...@tantra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2009:0459 Important https://rhn.redhat.com/errata/RHSA-2009-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: kernel-2.6.9-78.0.22.EL.x86_64.rpm kernel-devel-2.6.9-78.0.22.EL.x86_64.rpm kernel-doc-2.6.9-78.0.22.EL.noarch.rpm kernel-largesmp-2.6.9-78.0.22.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.22.EL.x86_64.rpm kernel-smp-2.6.9-78.0.22.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.22.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.22.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.22.EL.x86_64.rpm src: kernel-2.6.9-78.0.22.EL.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos @irc.freenode.net -- Message: 3 Date: Fri, 1 May 2009 06:39:17 -0400 From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2009:0459 Important CentOS 4 i386 kernel security update To: centos-annou...@centos.org Message-ID: 20090501103917.ga12...@tantra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2009:0459 Important https://rhn.redhat.com/errata/RHSA-2009-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: kernel-2.6.9-78.0.22.EL.i586.rpm kernel-2.6.9-78.0.22.EL.i686.rpm kernel-devel-2.6.9-78.0.22.EL.i586.rpm kernel-devel-2.6.9-78.0.22.EL.i686.rpm kernel-doc-2.6.9-78.0.22.EL.noarch.rpm kernel-hugemem-2.6.9-78.0.22.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.22.EL.i686.rpm kernel-smp-2.6.9-78.0.22.EL.i586.rpm kernel-smp-2.6.9-78.0.22.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.22.EL.i586.rpm kernel-smp-devel-2.6.9-78.0.22.EL.i686.rpm kernel-xenU-2.6.9-78.0.22.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.22.EL.i686.rpm src: kernel-2.6.9-78.0.22.EL.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos @irc.freenode.net -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 51, Issue 1 ** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync/SSH automation problem?
Kai Schaetzl wrote: The second thing you will notice, eventually, is that rsync over ssh under Cygwin is unreliable. You mean *starting* an rsync operation on that side? Using rsync over ssh essentially uses rsync on *both* ends. So, it's running under Cygwin, anyway, which makes your statement a bit confusing. What I mean is that if you launch rsync with something like: rsync -e ssh server:/path /path then rsync uses a non-blocking (I said blocking earlier, which was a mistake) socket pair to communicate with ssh. This may trigger a bug in cygwin which can cause the application to hang. If, instead, you run rsync as a daemon on Windows, you can reliably communicate with the daemon over TCP. This remains true if you use ssh to forward a port. Thus, I recommend that anyone running rsync on Windows set up rsync as a daemon that listens for connections on localhost only and use ssh port forwards to reach it from remote systems. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth0 killed when adding virtual interface and multiple NICs are present
On Thu, 2009-04-30 at 13:31 +0200, Kai Schaetzl wrote: JohnS wrote on Thu, 30 Apr 2009 02:17:13 -0400: Kai, I read the Xen list and the way your doing it (the last option) looks like something I may try for testing in VMs. It works fine, I'm converting all my setups to that now. Indeed also I when I installed Xen I had to manually take out peth0 when I uninstalled it. How did you manually take it down? The problem seems to be that peth0 is the physical interface now. But I'm not able to take it down as a bridge nor as a physical interface. And not without breaking the network connection, anyway. Kai Correction, the install above should be uninstalled. Typo error sorry. But that is right peth0 becomes the interface. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Hardening
Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync/SSH automation problem?
Gordon Messmer wrote: Kai Schaetzl wrote: The second thing you will notice, eventually, is that rsync over ssh under Cygwin is unreliable. You mean *starting* an rsync operation on that side? Using rsync over ssh essentially uses rsync on *both* ends. So, it's running under Cygwin, anyway, which makes your statement a bit confusing. What I mean is that if you launch rsync with something like: rsync -e ssh server:/path /path then rsync uses a non-blocking (I said blocking earlier, which was a mistake) socket pair to communicate with ssh. This may trigger a bug in cygwin which can cause the application to hang. It's been 7 years since I use rsync over ssh to backup windows boxes though it worked pretty well for me back then. One thing to try if rsync hangs on you is the --timeout option, which should cause rsync to abort if no data is transferred within X seconds. I wrote up a fairly big rsync log retrieval system that has about 90 systems uploading more than a TB of data a day to a NFS cluster, sometimes the system is really busy, so rather then have rsync hang for a really long period of time I just have it abort after 10 minutes of no activity. Also put retry logic in the rsync scripts themselves, so they attempt to send data up to 20 times per hour per system(new data is made available to upload once an hour). Of course this is entirely linux based, and I am using rsync over HPN-SSH with encryption disabled for higher performance. Sample rsync command line that I use: rsync -ae /usr/bin/hpnssh -v -o TcpRcvBufPoll=yes -o NoneEnabled=yes -o NoneSwitch=yes --timeout=600 --log-format=[%p] %t %o %f (%l/%b) --files-from=/home/logrsync/conf/rsync_log_file_list.20090501_090201 /local_dir/ 10.254.213.203:/remote/dir/ 1/home/logrsync/logs/server_name_rsync_log_transfer_20090501_090201.log 21 Just finished another rsync deployment system that downloads data to those same servers, with built in parallelism for increased throughput over the WAN. I currently have 6 rsync/ssh systems that do the file serving which are load balanced behind a BigIP. Main bottleneck is the cisco firewall which can only do 1.2Gbps of throughput. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? NSA hardening guidelines would be a good start. The CIS hardening guidelines would be also good. After that you want to look at specific hardening guidelines for apache -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. The Merchant of Venice ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Server test suite
Hi, I have an interest in software that will allow me to define test suites for servers. We have several thousand Linux systems, and after we build or rebuild each one, we have a checklist. I am trying to automate this checklist, and ideally have it run against all of our servers on a regular basis and report inconsistencies. Is anyone aware of open-source software that will do this, or do I need to write my own? --Russell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Server test suite
Russell Miller wrote: Hi, I have an interest in software that will allow me to define test suites for servers. We have several thousand Linux systems, and after we build or rebuild each one, we have a checklist. I am trying to automate this checklist, and ideally have it run against all of our servers on a regular basis and report inconsistencies. Is anyone aware of open-source software that will do this, or do I need to write my own? What kinds of things are on the checklist? Perhaps you can use something like cfengine or puppet to do this. cfengine essentially runs a checklist for me every hour on every system and enforces the rules I have set in it(roughly 15,000 lines of configuration). puppet seems to be the new hot thing though I've not had any time or interest to look into it myself cfengine does everything I need. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Server test suite
On Fri, May 1, 2009 at 9:32 AM, nate cen...@linuxpowered.net wrote: What kinds of things are on the checklist? Perhaps you can use something like cfengine or puppet to do this. cfengine essentially runs a checklist for me every hour on every system and enforces the rules I have set in it(roughly 15,000 lines of configuration). puppet seems to be the new hot thing though I've not had any time or interest to look into it myself cfengine does everything I need. We do use puppet to configure the systems. Problem is that there's an institutional reluctance to run it in that way - it's done right now as a push configuration. So I would like to find something that can validate in a read-only way and send alerts when things are a little off. While I'm at it, I'd also like something that can keep a database of all of the packages installed on all of the servers and let me do queries against it... don't want to write it if there's already something out there. --Russell nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Server test suite
Russell Miller wrote: On Fri, May 1, 2009 at 9:32 AM, nate cen...@linuxpowered.net wrote: What kinds of things are on the checklist? Perhaps you can use something like cfengine or puppet to do this. cfengine essentially runs a checklist for me every hour on every system and enforces the rules I have set in it(roughly 15,000 lines of configuration). puppet seems to be the new hot thing though I've not had any time or interest to look into it myself cfengine does everything I need. We do use puppet to configure the systems. Problem is that there's an institutional reluctance to run it in that way - it's done right now as a push configuration. So I would like to find something that can validate in a read-only way and send alerts when things are a little off. Not sure if puppet has something similar but in cfengine I could do this: [r...@us-cfe002:~]# cfagent -v -q -n 21 | grep -i need Need: Update of image /var/cfengine/inputs/common/openmq_base.conf from master /nfs/exnas/root/cfengine/configs/common/openmq_base.conf on localhost Need: Update of image /etc/sudoers from master /nfs/exnas/root/cfengine/files/common/redhat/etc/sudoers on localhost Need this: /usr/lib/nagios/plugins/check_openmq wasn't at destination (copying) Need this: /usr/lib/nagios/plugins/check_openmq_sudo wasn't at destination (copying) Need this: /usr/lib/nagios/plugins/check_derby wasn't at destination (copying) Need this: /usr/lib/nagios/plugins/check_derby_sudo wasn't at destination (copying) Need this: /etc/nagios/nrpe.d/check_openmq.cfg wasn't at destination (copying) Need this: /etc/nagios/nrpe.d/check_derby.cfg wasn't at destination (copying) cfagent -v -q -n 21 | grep -i need /tmp/cfe.check cat /tmp/cfe.check | mail -s Alert on `hostname` u...@host Of course you could make a little bigger script to send something more descriptive in the email. While I'm at it, I'd also like something that can keep a database of all of the packages installed on all of the servers and let me do queries against it... don't want to write it if there's already something out there. I think red hat satellite server can do this(I think, it uses an Oracle DB to store data so you could query that), I think they released an open source version of it - http://www.redhat.com/spacewalk/ I have not used either personally. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .htaccess
Matt wrote: I use the following .htaccess file to restrict access to certain web folders to only my IP pool. Options +Indexes order allow,deny allow from x.x.x. Is there anyway to allow a user right in if there in that IP pool but require a password if there not? Yes, see the 'Satisify' directive http://httpd.apache.org/docs/2.2/mod/core.html#satisfy -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync/SSH automation problem?
Gordon Messmer wrote: The second thing you will notice, eventually, is that rsync over ssh under Cygwin is unreliable. You mean *starting* an rsync operation on that side? Using rsync over ssh essentially uses rsync on *both* ends. So, it's running under Cygwin, anyway, which makes your statement a bit confusing. What I mean is that if you launch rsync with something like: rsync -e ssh server:/path /path then rsync uses a non-blocking (I said blocking earlier, which was a mistake) socket pair to communicate with ssh. This may trigger a bug in cygwin which can cause the application to hang. It always seemed to work when you execute the command on the windows side but had a bug that would hang when windows was on the answering side and started rsync under sshd. If, instead, you run rsync as a daemon on Windows, you can reliably communicate with the daemon over TCP. This remains true if you use ssh to forward a port. Thus, I recommend that anyone running rsync on Windows set up rsync as a daemon that listens for connections on localhost only and use ssh port forwards to reach it from remote systems. I think the sshd issue is fixed in the current cygwin but another bug in rsync can cause problems with certain windows paths unless both ends are newer than 2.6.9 and support protocol 30 (Centos ships a 2.6.8). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
On Fri, May 1, 2009 at 12:22 PM, Stephen John Smoogen smo...@gmail.com wrote: On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? NSA hardening guidelines would be a good start. The CIS hardening guidelines would be also good. After that you want to look at specific hardening guidelines for apache The NSA guide is a very good start, and http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf compliments it rather well. You might also want to have a look at the DoD STIG guidelines, though reading them will make your eyes bleed. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
Stephen John Smoogen wrote: On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? NSA hardening guidelines would be a good start. The CIS hardening guidelines would be also good. After that you want to look at specific hardening guidelines for apache And we have our very own Wiki guide for hardening SSH: http://wiki.centos.org/HowTos/Network/SecuringSSH As for ftp - disable it IMHO :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Inotify or equivalent
I installed inotify and incrond to watch a directory and set the job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well except that as expected, IN_ATTRIB is to broad of a watch class as it caused an enormous amount of contention with the filemonitor and/or db server and the client side app was less than happy. Not to mention top showed it working away like mad... Is there any way to look for permission changes only, or something else that might work? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
On Fri, May 01, 2009, Joseph L. Casale wrote: I installed inotify and incrond to watch a directory and set the job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well except that as expected, IN_ATTRIB is to broad of a watch class as it caused an enormous amount of contention with the filemonitor and/or db server and the client side app was less than happy. Not to mention top showed it working away like mad... Is there any way to look for permission changes only, or something else that might work? Are you looking for real-time changes, or would an intrusion detection system such as aide or tripwire be sufficient? Bill -- INTERNET: b...@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 Skype: jwccsllc (206) 855-5792 Only government can take perfectly good paper, cover it with perfectly good ink and make the combination worthless. -- Milton Friedman ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
On Fri, 2009-05-01 at 12:08 -0700, Bill Campbell wrote: On Fri, May 01, 2009, Joseph L. Casale wrote: I installed inotify and incrond to watch a directory and set the job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well except that as expected, IN_ATTRIB is to broad of a watch class as it caused an enormous amount of contention with the filemonitor and/or db server and the client side app was less than happy. Not to mention top showed it working away like mad... Is there any way to look for permission changes only, or something else that might work? Are you looking for real-time changes, or would an intrusion detection system such as aide or tripwire be sufficient? Bill --- I think tripwire would give him the results he needs. A real time app would be better to monitor the file change process while the client access the QB database. After the client exits the data base with the QB client the files are changed and the client can't work with them. The changes are being done on the Linux side by gamin (filemon). I do question what would happen if you stopped the qbmonitord daemon?? JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
Jason Todd Slack-Moehrle wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? -Jason Linux Server Security is one I'm reading through right now. Covers most of the bases. http://www.amazon.com/Linux-Server-Security-Michael-Bauer/dp/0596006705 -- Ryan Duff web: http://www.ryanduff.net aim: ryancduff twitter: ryancduff signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
Stephen John Smoogen wrote: On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? NSA hardening guidelines would be a good start. extremely good start, 2 useful documents here specific to RHEL5 here - http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
After the client exits the data base with the QB client the files are changed and the client can't work with them. Actually, they can but they can't delete files when they make test companies for example. The changes are being done on the Linux side by gamin (filemon). I do question what would happen if you stopped the qbmonitord daemon?? Well, then the two qb daemons are needed for the Enterprise version to run in multi user mode, so it would break if I stopped it, files set to multi user are no longer accessible iirc. Realtime is not needed, I could just script it manually but I was hoping for a prettier solution. jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
Joseph L. Casale wrote: I installed inotify and incrond to watch a directory and set the job as '/mnt/dir IN_ATTRIB chmod 0660 $@/$#' which worked very well except that as expected, IN_ATTRIB is to broad of a watch class as it caused an enormous amount of contention with the filemonitor and/or db server and the client side app was less than happy. Not to mention top showed it working away like mad... Is there any way to look for permission changes only, or something else that might work? I used the example 2 in the inotifywait manpage as the starting point for my script. Using the close_write, create move events worked well for me. Looked at incrond - seemed overkill/overcomplicated - chose not to use it. But if it's fighting with something else in the background trying to do the same thing - it going to be a circular battle. -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
On Fri, May 1, 2009 at 11:14 AM, Jim Perrin jper...@gmail.com wrote: On Fri, May 1, 2009 at 12:22 PM, Stephen John Smoogen smo...@gmail.com wrote: On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? NSA hardening guidelines would be a good start. The CIS hardening guidelines would be also good. After that you want to look at specific hardening guidelines for apache The NSA guide is a very good start, and http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf compliments it rather well. You might also want to have a look at the DoD STIG guidelines, though reading them will make your eyes bleed. Bah the STIGS are wonderful things... they make my heart sing. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. The Merchant of Venice ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
On Fri, 2009-05-01 at 20:07 +, Joseph L. Casale wrote: After the client exits the data base with the QB client the files are changed and the client can't work with them. Actually, they can but they can't delete files when they make test companies for example. Ahh now you say! They are not supposed to be able to delete it? I would just assuming here, would think there is a QB Administrator to do that job and not a regular user. Although I took the time to read the Canadian and US docs for the linux side I did not see anything pertaining to that. Maybe there is something in the Windows side Client Application? BUT: As long as your AD authenticated user can wr,they should be able to delete a file from the mapped share. But in essence what is happening is QBs Daemons are taking over and changing perms on the files. I really think you need to have a heart to heart with Intuit. Here is another but. All the docs I read support SUSE EntL. RHEL and CentOS uses gamin and Suse uses fam-server. All the docs refer to fam-server and not gamin. The changes are being done on the Linux side by gamin (filemon). I do question what would happen if you stopped the qbmonitord daemon?? Well, then the two qb daemons are needed for the Enterprise version to run in multi user mode, so it would break if I stopped it, files set to multi user are no longer accessible iirc. Realtime is not needed, I could just script it manually but I was hoping for a prettier solution. jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
I used the example 2 in the inotifywait manpage as the starting point for my script. Using the close_write, create move events worked well for me. Looked at incrond - seemed overkill/overcomplicated - chose not to use it. But if it's fighting with something else in the background trying to do the same thing - it going to be a circular battle. Well incrond was as easy as easy gets, but didn't seem to provide the level of control I need. Taking your suggestion, I read that man page and setup a couple consoles with one running this: inotifywait -m --exclude lost\+found --exclude qbdir\.dat -e close --format %:e %w /mnt/Intuit_Data/*.* And made some files, and used the client to access/edit/close a company file. Well, qbdbfilemon polls the directory endlessly and not mention there is a bloody myriad of close_write/close_nowrite that take place. /me Throwing hands in the air... Aside from a manual cron job, or explicit admin intervention each time a company is made, I'm at a loss. Thanks everyone! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] list of packages with dual licenses
On Fri, May 1, 2009 at 5:15 PM, Jerry Geis ge...@pagestation.com wrote: Hi all, There are many packages in centos. Does there exist a listing of packages that have the dual licensing? By dual license I mean packages not just GPL licensing in a commercial setting. Some are dual licensed, though none are dual gpl/commercial. A little investigating on your part would be easy to do here. Simply cd to your local mirror of packages, and use a little rpm magic from --qf to output the licenses from each package. Then you can see for yourself. If you don't have a local mirror, the same thing can be accomplished via repoquery on a remote repo. It'll just be slower. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inotify or equivalent
Gamin is a drop in replacement for FAM (with far less bugs). You should be able to build and install FAM with a added virtual provide for Gamin and it should just work. -- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239 -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of JohnS Sent: Friday, May 01, 2009 2:38 PM To: CentOS mailing list Subject: Re: [CentOS] Inotify or equivalent On Fri, 2009-05-01 at 20:07 +, Joseph L. Casale wrote: After the client exits the data base with the QB client the files are changed and the client can't work with them. Actually, they can but they can't delete files when they make test companies for example. Ahh now you say! They are not supposed to be able to delete it? I would just assuming here, would think there is a QB Administrator to do that job and not a regular user. Although I took the time to read the Canadian and US docs for the linux side I did not see anything pertaining to that. Maybe there is something in the Windows side Client Application? BUT: As long as your AD authenticated user can wr,they should be able to delete a file from the mapped share. But in essence what is happening is QBs Daemons are taking over and changing perms on the files. I really think you need to have a heart to heart with Intuit. Here is another but. All the docs I read support SUSE EntL. RHEL and CentOS uses gamin and Suse uses fam-server. All the docs refer to fam-server and not gamin. The changes are being done on the Linux side by gamin (filemon). I do question what would happen if you stopped the qbmonitord daemon?? Well, then the two qb daemons are needed for the Enterprise version to run in multi user mode, so it would break if I stopped it, files set to multi user are no longer accessible iirc. Realtime is not needed, I could just script it manually but I was hoping for a prettier solution. jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
On May 1, 2009, at 12:22 PM, Stephen John Smoogen smo...@gmail.com wrote: On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle mailingli...@mailnewsrss.com wrote: Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? NSA hardening guidelines would be a good start. The CIS hardening guidelines would be also good. After that you want to look at specific hardening guidelines for apache Also using Xen to build out a CentOS guest PV host for the separate functions while hardening the main dom0 host to the teeth would allow you to zone the risks between the virtual hosts. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix Questions
Hi All, I am working on setting up Postfix and I have a few questions: 1. mynetworks = Do I put my public static IP here? So I am hosting at another provider on my own dedicated hardware. Do I put that machines IP or the IP of my apartment where I want to access from? Second, do I have to know the Ip information for my BlackBerry to work as well? 2. relaying: Obviously I dont want to be an open relay, but I do what to send mail from my apartment and from my Blackberry. Ideas? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rosewill RSV-S8 Storage Enclosure Support
I'm trying to get RSV-S8 working with Citrix XenServer 5 update 3 (which I believe runs CentOS 5.something). I have the Rosewill card that comes with it in there (sil3132 based). It's seeing the card, and seeing all my drives. I fdisk the drives and I can create the partitions, but I am unable to set up either software raid or create filesystems. I keep getting errors saying that the volumes are in use (although they do not appear to be mounted anywhere). # mkfs.ext3 /dev/sdc1 mke2fs 1.39 (29-May-2006) /dev/sdc1 is apparently in use by the system; will not make a filesystem here! # mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb1 /dev/sdc1 mdadm: Cannot open /dev/sdb1: Device or resource busy mdadm: Cannot open /dev/sdc1: Device or resource busy mdadm: create aborted Am I doing something wrong or is it possibly an issue with the driver? I had no problems using this under windows. Russ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix Questions
Jason Todd Slack-Moehrle wrote: Hi All, I am working on setting up Postfix and I have a few questions: 1. mynetworks = Do I put my public static IP here? So I am hosting at another provider on my own dedicated hardware. Do I put that machines IP or the IP of my apartment where I want to access from? Second, do I have to know the Ip information for my BlackBerry to work as well? 2. relaying: Obviously I dont want to be an open relay, but I do what to send mail from my apartment and from my Blackberry. Ideas? -Jason See here: http://wiki.centos.org/HowTos/postfix http://wiki.centos.org/HowTos/postfix_sasl ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] c5-webstack: where can I get it (to test)
Hi, Where can I find the test (or final) version of the c5-webstack? Regards. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Web Serving
Hi All, My quest is going slowly but surely and I am learning a lot. I use ColdFusion. I installed in on My CentOS 5.3 instance and all was well. I added: DirectoryIndex index.html index.html.var index.php index.cfm index.cfml to httpd.conf and restarted. I put an index.cfm page in /var/www/html and removed the standard index.html and I can see when I hit my IP it works. I then created virtual hosts for a few coldfusion websites in httpd.conf and added the directories to /var/www/html One thing I notice is the owner/group is 501 and games like: drwxr-xr-x 5 501 games 4096 Apr 25 23:57 www_sheldony_com Is this normal? I just did a simply mkdir statement. Did I screw something up? And when I try to hit an index.cfm page Firefox prompts me to download binary data. When I try to hit the CF Administrator I get the same 'binary' data file download. I am running CF on port 80 as I need to. Examples that works: http://67.23.34.37/ Does not work: http://67.23.34.37/cfide/administrator Ideas? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix Questions
Hi Ned, I am working on setting up Postfix and I have a few questions: 1. mynetworks = Do I put my public static IP here? So I am hosting at another provider on my own dedicated hardware. Do I put that machines IP or the IP of my apartment where I want to access from? Second, do I have to know the Ip information for my BlackBerry to work as well? 2. relaying: Obviously I dont want to be an open relay, but I do what to send mail from my apartment and from my Blackberry. See here: http://wiki.centos.org/HowTos/postfix This is what I am working with in section 3.1, but I am confused as t what the right answer is. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix Questions
Jason Todd Slack-Moehrle wrote: 1. mynetworks = Do I put my public static IP here? So I am hosting at another provider on my own dedicated hardware. Do I put that machines IP or the IP of my apartment where I want to access from? Second, do I have to know the Ip information for my BlackBerry to work as well See here: http://wiki.centos.org/HowTos/postfix This is what I am working with in section 3.1, but I am confused as t what the right answer is. -Jason Only put your private IP network addresses here, not public ones. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] eSATA controller that supports Centos 4.4
Hi, I'm looking for SATA controller with a eSATA port that is supported by Centos 4.4 ( rhel 4.4) Do you have any suggestions for a eSATA controller with good Linux support ? How can I list the sata controllers supported by Centos 4.4 ? Thanks JF Leblond Jean-François Leblond jfleblon...@hotmail.com _ Découvrez toutes les nouvelles fonctions et reconnectez-vous à votre vie. http://go.microsoft.com/?linkid=9650738___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eSATA controller that supports Centos 4.4
Jean-Francois Leblond wrote: Hi, I'm looking for SATA controller with a eSATA port that is supported by Centos 4.4 ( rhel 4.4) Do you have any suggestions for a eSATA controller with good Linux support ? How can I list the sata controllers supported by Centos 4.4 ? RHEL4 update 4 was released in August 2006, and CentOS 4.4 is derived from that.. You haven't run yum update since august 2006?!? update 7 aka 4.7 was released on July 2008, and there have been 100s of patches since then. eSATA was still pretty new and relatively untested and undeveloped in 2006, I'd expect a current update to have somewhat more support. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] apache slow on lan transfers?
When I download a file from apache on the lan (gigabit lan), I only get 3-4mbps of download speed, opposed to accessing the file via FTP or SMB which results in 500+ mbps of transfer speed. As far as I know, I'm running the stock apache (httpd) that is distributed with centos 5.3, and haven't changed anything in the config file with the exception of setting up various virtual directories. I'm hoping someone can give me pointers on what I need to search for to research this problem. Apache + slow + lan isn't really getting me anywhere. The apache process itself on the server doesn't even register 1% of cpu usage, and iowait is 0% All suggestions are appreciated, Gordon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache slow on lan transfers?
Gordon McLellan wrote: All suggestions are appreciated, Kind of a strange problem ... what http client are you using? If you haven't already try wget and send the output to /dev/null wget http://server/file -O /dev/null Just for maximum client performance.. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos