Re: [CentOS-docs] doco bug as to http://wiki.centos.org/HowTos/Custom_Kernel
On 28 August 2010 03:59, R P Herrold herr...@owlriver.com wrote: On Sat, 28 Aug 2010, Alan Bartlett wrote: I wish to make a minor correction of the last sentence, above. It was not built for CentOS but for EL5, explicitly RHEL 5. This discussion of my private work has *no relevance* to articles in the CentOS wiki or the centos-docs m/l. I would appreciate it ending, now. Silly me. Earlier this week I heard: If a 2.6.35.3 kernel is required for testing, then yes, the most recent packages that can be found under http://www.centos.toracat.org/ajb/kernel/mainline/ can be used with an RHEL 5 / SL 5 / CentOS 5 system Obviously a forgery, in hindsight. Thank you for the correction Thanks for the explanation, Russ. The correction was, however, to Akemi's message. ;-) No, not a forgery but a statement of fact. At the time it was written (I suppress the internal pedant who wishes to know how one may hear a written word -- apart, of course, when using text-to-audio device designed for the visually impaired), the current bcat kernel was then based on the LKA 2.6.35.3 source tarball. (Now current: kernel-2.6.35-4.bcat) I'm ready to be corrected if the above statement was made on a CentOS wiki page or within a centos-docs m/l thread . . . Silly me. Yes, I agree with you self-analysis. The silliness is noted when one observes that the bcat kernel source package (for which I am entirely and solely responsible) was attempted to be operated on by following the tried and well-tested method that is documented within the CentOS wiki, which is for use with the CentOS kernel source package only. (A document of which I am, coincidentally, the co-maintainer.) However, no harm has been done. And I am pleased to see that other members of my generation are also prone to moments of silliness and can subsequently recognise when it has occurred. :-) Regards, Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-es] SSH
On 27/08/10 12:35, darias wrote: [...] Pensado asi a futuro seria posible hacer un script y atraves de una llamada telefonica reiniciar el servidor, o aun mejor, haciendo la llamada y eligiendo una u otra opcion reiniciar un determinado servicio? esto es posible o estoy hablando de mas? ¿Porque las cosas se deben hacer siempre tan complicadas? Basta agregar al cron del root algo como esto. Si se ejecuta cada 10 minutos. Estarías como máximos 10 minutos sin servicio ssh cuando lo mates. if [ ! -f /var/run/sshd.pid ]; then /etc/init.d/sshd start; fi Ahora bien... más cuidado al meter los dedos... que para eso no hay sistemas que te ayuden. Saludos! -- Renato Covarrubias Romero counter.li.org #399677 listas [at] rnt.clhttp://rnt.cl https://fedoraproject.org/wiki/User:Rcovarru ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Se reinicia pc
On 27/08/10 08:33, Carlitos Moreira wrote: Les cuento que levante el servicio rsyslog, para que me dejara registros el log cuando se reinician los servicios. Lo que me deja cada una hora en el messages, es el siguiente mensaje: 2010-08-27T09:28:46.772830-03:00 pbx03 rsyslogd: [origin software=rsyslogd swVersion=3.22.1 x-pid=2428 x-info=http://www.rsyslog.com;] (re)start 2010-08-27T09:28:46.689956-03:00 pbx03 rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c3 as the first rsyslogd option. 2010-08-27T09:28:46.752291-03:00 pbx03 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock Ese log no muestra problemas. Cuando syslog recibe la llamada de reboot ACPI, se baja solo y obviamente cuando el equipo enciende este se levanta de nuevo. Mira por otro lado. syslog no es tu problema. -- Renato Covarrubias Romero counter.li.org #399677 listas [at] rnt.clhttp://rnt.cl https://fedoraproject.org/wiki/User:Rcovarru ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Se reinicia pc
Pienso que la respuesta la diste tu mismo cuando dices que el problema empezó después de haberle agregado unas memorias que funcionaban bien en otro equipo, creo que si las quitas se solucionará tu problema. En muchos casos el daño se produce a raíz de lo último que hacemos. From: spad...@gmail.com To: centos-es@centos.org; ad...@probajio.com.mx Date: Fri, 27 Aug 2010 14:35:58 -0400 Subject: Re: [CentOS-es] Se reinicia pc No podría ser la temperatura del procesador? Fíjate en las mediciones desde el BIOS o si tu equipo dispone de logs de eventos a nivel de hardware mejor. -Mensaje original- De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de René Lara Alvarado Enviado el: viernes, 27 de agosto de 2010 02:26 p.m. Para: centos-es@centos.org Asunto: Re: [CentOS-es] Se reinicia pc Es a mi a quein sucedió eso. Pero mi servidor se reinciaba con peridodos variables, en este caso entendí que es cada hora. En mi caso, era una mala tierra fisica. - Original Message - From: Paúl Vizuete fpvizu...@gmail.com To: centos-es@centos.org Sent: Friday, August 27, 2010 9:56 AM Subject: Re: [CentOS-es] Se reinicia pc hola hace tiempos alguien de la lista tambien tuvo un problema similar al tuyo y lo que paso era que estaba funcionando mal las instalciones electricas donde estaban su servidores, seria que revises porsi acaso el amperaje, voltaje, etc con un ingenirio electronico Saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] IPTABLES puerto S
Hola javier pues mira que ya estuve haciendo algunas pruebas e incluso me recomendaron utilizar pfsense pero al estudiarlo un ratote(por eso no conteste rapido) me di cuenta que el problema sigue igual si quito la ip que me dices funciona igual de hecho no cambia nada mi red esta hecha un enredo total tengo una red lan con ips 192 otra 172 la dmz esta en esta subred con una ip 172.26.2.0 y la sub red es 172.26.1.0 hasta donde tengo entendido las tengo que poner en subredes diferentes algo muy curioso es que desde la red vpn funciona mas o menos rapida y cuando me conecto desde la sub red 192 es muy lenta y despues de un rato se cierra la conexion algo que me llamo mucho la atencion es que si ten conectas desde la sub red 192 al gw de la DMZ que es el 172.26.2.251 y despues a alguna maquina de la DMZ por ejemplo el 172.262.2.20 no es tan lenta la conexion aun haciendo tres conexion primero yo-192-gm172-DMZ172 asi que no es nada fisico, el problema debe ser el iptables pero no encuentro ningún modulo para mejorar la rapidez de la red ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Strange Apache log entry
On 08/27/2010 09:08 PM, Emmanuel Noobadmin wrote: However, you could possibly lock down PHP further to reduce the possibility of such apps working by using the disabled_function setting to disable the riskier functions which allow shell/command/file operations. Of course depending on how aggressive you are, it could lead to scripts breaking. You'd have to disable file include() and require(), which would break everything. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slightly OT: dban
On 27/08/2010 15:48, Peter Kjellstrom wrote: On Friday 27 August 2010, Kevin Thorpe wrote: On 27/08/2010 15:19, m.r...@5-cent.us wrote: I'm trying to nuke a Dell Optiplex GX620. I've got a perfectly good dban 1.0.4 that I've used a bunch of times... but on this machine, it says starting, then dies, saying dban has finished with non-fatal errors. Check the log for more information It never gets to the interactive menu. Now that I've disabled the non-existant floppy drive, at least it does say to save the log file again, press enter I usually use dban but if it's not handy use a liveCD (me usually Ubuntu) and use dd: Assuming the drive to kill is /dev/sda: dd if=/dev/random of=/dev/sda This command will take forever and ever and ever (reads against /dev/random blocks as the kernel runs out of entropy). /dev/urandom would be better but still not very fast. To get some speed you'd have to do something like: 1) save a megabyte of /dev/urandom in a file 2) while true ; do dd file to dev ; done Or run some dban-like program instead of dd. Times I've done this I've just set it off and walked away. Speed was never a consideration. didn't know about shred though... I'll try that next time (if there ever is one) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [OT] Label Printer Recommendations
Greetings Folks, I am after any recommendations or experiences using Label printers to print barcodes with CentOS, we currently using Star TSP700's but they're not clear enough for the scanners we have. There seems to be plenty of choice but not much Linux support going on, 'Never had anyone ask for Linux drivers before..' seems to be the most common answer when trying to buy. I have also tried a Brother P-Touch QL-550 but can't seem to get that to print at all using the Foomatic drivers available online. TIA Colin. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Label Printer Recommendations
On 28 August 2010 12:52, Colin Coles co...@wemoto.com wrote: I am after any recommendations or experiences using Label printers to print barcodes with CentOS, we currently using Star TSP700's but they're not clear enough for the scanners we have. There seems to be plenty of choice but not much Linux support going on, 'Never had anyone ask for Linux drivers before..' seems to be the most common answer when trying to buy. I have also tried a Brother P-Touch QL-550 but can't seem to get that to print at all using the Foomatic drivers available online. Zebra printers work for us but we generate ZPL output ourselves and a raw queue is good enough for our purposes. I have to say the CUPS in CentOS5/Upstream is not very good at printing to Zebra printers using ZPL. More upto date CUPS does a better job, I had more success with latest SLES and Ubuntu compared to CentOS/upstream. -- Hakan (m1fcj) - http://www.hititgunesi.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Apache log entry
On Sat, Aug 28, 2010 at 12:08:49PM +0800, Emmanuel Noobadmin wrote: On 8/24/10, Keith Roberts ke...@karsites.net wrote: So bolting down PHP really tight should address these hacks? As others have mentioned, this is trying to take advantage of a poorly written PHP script that doesn't sanitize/check the input before using. In general it's not just PHP; it could be perl, script.. anything eg this extremely bad and broken CGI program: % cat show-source.cgi #!/bin/sh #displays the source code for a page echo Content-Type: text/plain echo cat $QUERY_STRING Now http://example/show-source.cgi?mypage/example/code.cgi would show the source code to the CGI program. Neat! But http://example/show-source.cgi?../../../../../../../../etc/passwd would show the password file. Not so neat! Whenever you see sequences like ../../.. in http logs then there's an attempt against a CGI/php/mod-perl/whatever to attack poorly written scripts. You might sometimes see things like %2e%2e%2f%2e%2e instead to try and circumvent poorly designed protections. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Label Printer Recommendations
2010/8/28 Hakan Koseoglu ha...@koseoglu.org Zebra printers work for us but we generate ZPL output ourselves and a raw queue is good enough for our purposes. I have to say the CUPS in CentOS5/Upstream is not very good at printing to Zebra printers using ZPL. More upto date CUPS does a better job, I had more success with latest SLES and Ubuntu compared to CentOS/upstream. how do you generate the ZPL output please? i have at work some zebras and i'd like to experiment better ways to use them. -- Among the maxims on Lord Naoshige's wall, there was this one: Matters of great concern should be treated lightly. Master Ittei commented, Matters of small concern should be treated seriously. (Ghost Dog : The Way of The Samurai) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED?] PAM_shield locking me out?
I've tried that too and it was a good suggestion as su now crashes only if you enter a wrong password. I've also tried to rebuild rpmforge srpm with no luck. Could you really make this thing work? I mean did it actually block anything after a series of failed logins? As I said, we use it for various services on all Internet-bound systems. And yes it works fine. Example: /etc/pam.d/sshd -- #%PAM-1.0 auth optional pam_shield.so auth include system-auth accountrequired pam_nologin.so accountinclude system-auth password include system-auth sessionoptional pam_keyinit.so force revoke sessioninclude system-auth sessionrequired pam_loginuid.so -- You don't want to add this to /etc/pam.d/system-auth simply because it makes no sense to enable pam_shield for things like su, screen, reboot, etc... If you understand what pam_shield does (eg. read the documentation), you'd never want to enable it for all PAM services that use system-auth. EVER. I'm in no way a pam expert, yes. So I have to rely on the documentation which comes with the package. # cat /usr/share/doc/pam_shield-0.9.3/INSTALL ... If you want to use pam_shield for all services, edit /etc/pam.d/common-auth. Add the line auth optional pam_shield.so and that's that. ... And that's about the only hint on how and where to enable pam_shield. I've tried to add this line to /etc/pam.d/sshd too. Fortunately it didn't crash anything but it didn't work either. Here's the story for those interested. With the default of allow_missing_dns no allow_missing_reverse no pam_shield DOESN'T BLOCK hosts with no or incomplete dns entries, which is a surprise. Should I say a big one? The reason it didn't work for me was that bind wasn't adding reverse maps for my local hosts because of screwed up zone file permissions. On a side note, when testing pam_shield with a recommended retention period of 60 secs you have to run /etc/cron.daily/pam-shield manually to release expired locks. HTH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Label Printer Recommendations
2010/8/28 Chris Geldenhuis chris.gel...@iafrica.com Read the printer's manual and work out the character strings required to genarate the label size, coding etc that you require and then code a program or script to produce that. I do not have the manual with me at present so cannot be more specific. ChrisG thank you very much! i'll start reading monday. -- Among the maxims on Lord Naoshige's wall, there was this one: Matters of great concern should be treated lightly. Master Ittei commented, Matters of small concern should be treated seriously. (Ghost Dog : The Way of The Samurai) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Apache log entry
Emmanuel Noobadmin wrote: On 8/24/10, Keith Roberts ke...@karsites.net wrote: So bolting down PHP really tight should address these hacks? As others have mentioned, this is trying to take advantage of a poorly written PHP script that doesn't sanitize/check the input before using. However, you could possibly lock down PHP further to reduce the possibility of such apps working by using the disabled_function setting to disable the riskier functions which allow shell/command/file operations. Of course depending on how aggressive you are, it could lead to scripts breaking. The best way to attack this problem is to take a close look at the known issues and make sure your code doesn't expose any of them. Start by reading the OWASP[1] web site. Their annual Top Ten[2] list of vulnerabilities is a good place to start. They also have sample code snippets in a variety of languages to sanitize and validate input. We utilize both their recommendations and code in a number of our sites. It gives us a good start toward PCI compliance. Another excellent resource is the SANS-CWE Top 25 Most Dangerous Programming Errors[3]. This applies to all applications that have network access, not just web pages. The press release[4] explains what the list contains. Bob McConnell N2SPP [1] http://www.owasp.org/index.php/Main_Page [2] http://www.owasp.org/index.php/OWASP_Top_Ten_Project [3] http://www.sans.org/top25-software-errors/ [4] http://www.sans.org/top25-software-errors/press-release.php ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS or other Linux Internet Router/Gateway
On Sun, Aug 22, 2010 at 5:48 PM, Ron Blizzard rb4cen...@gmail.com wrote: I've got kids who are growing older and I want to build a Linux box to filter Internet access. I've got six computers on the Internet, plus the laptops -- most run Windows. I'm not sure if it's called a Ron: We have IPCop running on an Intel 233 MMX box, with 64 MB of RAM. No problems with it during the past several years. I would also suggest that you contemplate using the free DNS service of OpenDNS and configure your web browsers, router, etc. to use their DNS services (8 cities in the USA and 2 in Europe). http://www.opendns.com/ I believe they also have a free filtering service families can use, however, I'm not sure it is free, because we are not using it HTH, Lanny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow domain resolution problem - kind of resolved
Hi everyone, I am answering this here as I found a workaround. I could not solve the solution when using the Juniper as the DNS server, so I reverted to using bind and that fixed the issue. Thanks for the help, everybody. Regards, Gabriel I've just joine the list as I am having an issue with our CentOS servers. The domain resolution is extremely slow from the application but doing an nslookup gives an immediate response. All the applications have the same issue, as do all the servers. I have been looking for the solution all over the web and all I have found are references to disabling ipv6. - By setting enable_ipv6 = no in /etc/sysconfig/network, which is already done on all the machines. - By blacklisting the ip6 module, which is not an option as it is used by the bonding module. Just for the sake of it, I tried it and, as expected, the bonding module did not come back up. If bad comes to worse, I could set up host entries for the main machines in /etc/hosts, but I really am trying to avoid that. Any suggestions? Thanks Gabriel Tabares ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow domain resolution problem
On 25/08/2010 17:44, Rajagopal Swaminathan wrote: Greetings, On Wed, Aug 25, 2010 at 9:08 PM, Les Mikeselllesmikes...@gmail.com wrote: On 8/23/2010 10:08 AM, Gabriel Tabares wrote: Some servers do, some don't. Have you tried google's DNS servers 8.8.8.8 IP and one more IP I can't recollect exactly External DNS is not available as the servers are firewalled from the outside. When I open DNS access to the outside, the issue does not seem to appear. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow domain resolution problem
On 25/08/2010 14:39, m.r...@5-cent.us wrote: Gabriel Tabares wrote: On 23/08/2010 21:25, Keith Roberts wrote: On Mon, 23 Aug 2010, Gabriel Tabares wrote: From: Gabriel Tabaresgabriel.taba...@roboreus.com On 23/08/2010 13:28, Joseph L. Casale wrote: Both files are the default ones from CentOS: snip Keith, the issue happens resolving internal IP addresses. The servers do not have DNS access to the outside world, so using this would mean that nothing is resolved ;) Really dumb question: do you have nisplus or nis running? mark There's not such a thing as a dumb question! No, I do not have NIS or NIS+ running. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On 27/08/2010 19:11, Ski Dawg wrote: Stefano Sasso wrote: 2010/8/27 Ski Dawgcen...@skidawg.org: After spending a little bit of time searching around today, I have run across 2 that seem like good options, cfengine and puppet. Does anyone have any thoughts about either of these tools? Is there snip Here's another two cents: first part of last year, I was working with Spacewalk, the released version of RedHat's satellite. While I was fighting it tooth and nail, it went from 0.4 to 0.5. With that experience, I'd say *don't* bother about it Thanks to everyone for the replies, and the links to articles for further research. I will definitely continue reading those. At this time, we are not interested in Spacewalk because of the Oracle db requirement, but I will investigate the other options as well. Have you looked into bcfg2? Of all the options have looked into, it looks like the best for what I want. My experience with Spacewalk is that is not ready yet and that it takes too much effort to set it up. It will probably be worth it but I can't dedicate the time it would take to set it up. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] why flash the terminal interface when loading the linux system?
I had set the initdefault as 5 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why flash the terminal interface when loading the linux system?
On 08/28/2010 05:29 PM, ganu MailList wrote: I had set the initdefault as 5 So, X11 should start up. Could you elaborate your question? What's happening (or not happening)? Timo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why flash the terminal interface when loading the linux system?
At Sat, 28 Aug 2010 17:38:41 +0200 CentOS mailing list centos@centos.org wrote: On 08/28/2010 05:29 PM, ganu MailList wrote: I had set the initdefault as 5 So, X11 should start up. Could you elaborate your question? What's happening (or not happening)? I think the OP is seeing the console login screen *briefly* between the end of the startup and the appearence of the GUI login screen. He probably has the (default) graphical startup (which shows a graphical progress bar screen instead of the 'Starting foo[OK]' lines on the system console. Once the startup finishes, the graphical progress bar screen goes away, the console login screen shows up (briefly) and then gdm starts the X server for its GUI login screen. This is normal (for UNIX/Linux systems). I know, it is not very 'Windowsy', which 'seamlessly' goes from its 'Windows is starting...' to its GUI login screen. This is due to these factors: 1) Even when you set the init level to 5, the console login screen(s) are still available -- Ctrl-Alt-F1...F6 are available for console logins, and Ctrl-Alt-F7 selects the GUI login screen. 2) The incarnation of the X server that is running during the graphical startup is not continious with the incarnation of the X server that is running (started by) gdm for GUI logins. Note: unlike MS-Windows, the X server (the GUI subsystem) is a user-mode process and is transient. It is actually re-started when one logs out. Timo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why flash the terminal interface when loading the linux system?
On 8/28/10 10:29 AM, ganu MailList wrote: I had set the initdefault as 5 5 comes after 1,2,3, etc. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow domain resolution problem
On 8/28/10 9:23 AM, Gabriel Tabares wrote: On 25/08/2010 17:44, Rajagopal Swaminathan wrote: Greetings, On Wed, Aug 25, 2010 at 9:08 PM, Les Mikeselllesmikes...@gmail.com wrote: On 8/23/2010 10:08 AM, Gabriel Tabares wrote: Some servers do, some don't. Have you tried google's DNS servers 8.8.8.8 IP and one more IP I can't recollect exactly External DNS is not available as the servers are firewalled from the outside. When I open DNS access to the outside, the issue does not seem to appear. That means something is looking up names in domains or addresses in reverse zones that your private server isn't answering. And that the attempts to contact the outside servers aren't being quickly answered by an ICMP 'no route' or 'administratively denied' response from your router or firewall - so you wait for the timeout. All of these can be fixed. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cfengine vs. puppet
On Sat, 28 Aug 2010, Gabriel Tabares wrote: Have you looked into bcfg2? Of all the options have looked into, it looks like the best for what I want. My experience with Spacewalk is that is not ready yet and that it takes too much effort to set it up. It will probably be worth it but I can't dedicate the time it would take to set it up. One should also note that it requires the use of the 'free beer' version of Oracle which has space limitations. From my experiments, I think it would top out in the low 100's of boxes (ie, 500). Course if you have more than that, you probably have an Oracle license anyway. -- Jim Wildman, CISSP, RHCE j...@rossberry.com http://www.rossberry.com Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one. Thomas Paine ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow domain resolution problem
Gabriel Tabares wrote: On 23/08/2010 13:28, Joseph L. Casale wrote: Both files are the default ones from CentOS: So what do the host names look like that the application attempts to resolve, fully qualified or not? What does your cli based query look like? My resolv.conf is: search mydomain.com nameserver 10.3.2.2 The hostname of the machines is set to a FQDN server.mydomain.com. The time it takes for the queries does not change whether we use the FQDN or just the hostname. See below for an example (I stopped the mail server so the connection was refused). #time telnet md-mail02.mydomain.com 25 (long wait) Trying 10.2.9.2... telnet: connect to address 10.2.9.2: Connection refused telnet: Unable to connect to remote host: Connection refused real0m20.005s user0m0.000s sys 0m0.005s #time telnet md-mail02 25 (long wait) Trying 10.2.9.2... telnet: connect to address 10.2.9.2: Connection refused telnet: Unable to connect to remote host: Connection refused real0m10.004s user0m0.001s sys 0m0.002s #time telnet 10.2.9.2 25 (no wait) Trying 10.2.9.2... telnet: connect to address 10.2.9.2: Connection refused telnet: Unable to connect to remote host: Connection refused real0m0.005s user0m0.001s sys 0m0.002s Nslookup responds immediately: #time nslookup my-mail02.mydomain.com Server: 10.2.2.254 Address:10.2.2.254#53 Non-authoritative answer: Name: my-mail02.mydomain.com Address: 10.2.9.2 real0m0.006s # Eclipse ISP nameserver 212.104.130.9 nameserver 212.104.130.65 # OpenDNS nameserver 208.67.222.222 nameserver 208.67.220.220user0m0.003s sys 0m0.003s #time nslookup my-mail02 Server: 10.2.2.254 Address:10.2.2.254#53 Non-authoritative answer: Name: my-mail02.mydomain.com Address: 10.2.9.2 real0m0.005s user0m0.001s sys 0m0.004s ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos If your resolv.conf has: nameserver 10.3.2.2 Why does nslookup say that it is querying server 10.2.2.254? Is your system multi-homed? Try changing resolv.conf to use 127.0.0.1, If your using bind, and you specifiy 127.0.0.1 I believe it will use local sockets instead of the IP stack for the query. I would try dig (from the bind-utils package) You want to make sure that either your local server is authoritative for mydomain.com and for the reverse domain. This is confirmed by the 'aa' flag from dig (not sure of nslookup can do this). If it is not authoritative, then it must delegate to another nameserver that is. You should also get back a proper SOA record for both. Lack of proper authoritative SOA records for both your forward (mydomain.com) and reverse domains will cause the server to try to go out to the Internet for further resolution. If there is no internet access, this will hang. Even if you don't populate the reverse domain with records, it must still be authoritative. Minimally, I suggest a simple script to generate reverse entries for all of the ip addresses in your address space. dig mydomain.com soa @127.0.0.1 dig 2.2.10.in-addr.arpa. soa @127.0.0.1 penguin dig 2.2.10.in-addr.arpa. soa ; DiG 9.5.2-RedHat-9.5.2-1.fc10 2.2.10.in-addr.arpa. soa ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 21666 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.2.10.in-addr.arpa.INSOA ;; AUTHORITY SECTION: 2.2.10.in-addr.arpa.14400INSOAns1.mydomain.com. me.mydomain.com. 2010082600 3600 600 15552000 14400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Aug 28 13:09:51 2010 ;; MSG SIZE rcvd: 91 Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Apache log entry
On Sat, 28 Aug 2010, Bob McConnell wrote: To: CentOS mailing list centos@centos.org From: Bob McConnell rmcco...@lightlink.com Subject: Re: [CentOS] Strange Apache log entry The best way to attack this problem is to take a close look at the known issues and make sure your code doesn't expose any of them. Start by reading the OWASP[1] web site. Their annual Top Ten[2] list of vulnerabilities is a good place to start. They also have sample code snippets in a variety of languages to sanitize and validate input. We utilize both their recommendations and code in a number of our sites. It gives us a good start toward PCI compliance. Another excellent resource is the SANS-CWE Top 25 Most Dangerous Programming Errors[3]. This applies to all applications that have network access, not just web pages. The press release[4] explains what the list contains. Bob McConnell N2SPP [1] http://www.owasp.org/index.php/Main_Page [2] http://www.owasp.org/index.php/OWASP_Top_Ten_Project [3] http://www.sans.org/top25-software-errors/ [4] http://www.sans.org/top25-software-errors/press-release.php Thanks Bob, and everybody else that made suggestions. I've saved this email for further reference. So if you are offering web hosting services, it's a fine balance between securing the server, and allowing users to write their own scripts (which may have vulnerabilities,) to host on your server? Keith ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] qemu
Hello again I playing litle with qemu and networking I have read how to do it but can't get it work I use this command Qemu -net nic -net=tap,if=tap0 But will not work Something with option if is not valid for net The command looks so here Qemu -m 256 vpostmaster.mvdk -curses -net nic -net=tap,=if=tap0,script=no This commands are from centos wiki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why flash the terminal interface when loading the linux system?
On 08/28/2010 12:50 PM, Les Mikesell wrote: On 8/28/10 10:29 AM, ganu MailList wrote: I had set the initdefault as 5 5 comes after 1,2,3, etc. I do hope you were making a joke and not really claiming that the system progresses through runlevels 2, 3, and 4 on its way to runlevel 5. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] qemu
On Sun, Aug 29, 2010 at 01:29:02AM +0200, mattias wrote: Hello again I playing litle with qemu and networking I have read how to do it but can't get it work I use this command Qemu -net nic -net=tap,if=tap0 But will not work Something with option if is not valid for net Did you create tap0? The article was written over a year ago, I think (I'm the main author), and I haven't tested it in some time. However, on my version of qemu (0.9.1-1.el5.rf), the man page does show the if= as a valid option. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Oz: Sometimes when I'm sitting in class...you know, I'm not thinking about class 'cause that would never happen... I think about kissing you. And it's like everything stops, it's like, freeze frame: Willow kissage. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] qemu
On Sun, Aug 29, 2010 at 12:46:57AM -0400, Scott Robbins wrote: On Sun, Aug 29, 2010 at 01:29:02AM +0200, mattias wrote: Hello again I playing litle with qemu and networking I have read how to do it but can't get it work I use this command Qemu -net nic -net=tap,if=tap0 But will not work Something with option if is not valid for net Did you create tap0? The article was written over a year ago, I think (I'm the main author), and I haven't tested it in some time. However, on my version of qemu (0.9.1-1.el5.rf), the man page does show the if= as a valid option. Also, looking at the wiki article, I see there's a typo--the actual command (which is correct in the wiki) should be ifname=tap0, not if=tap0. In the description, afterwards, I see I did have if=, but it should have been ifname=. I've corrected it. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 (After finding Spike outside her house.) Buffy: What are you doing here, Spike? Five words or less! Spike: (counting on fingers) Out... for... a... walk... bitch. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
