[CentOS-announce] CESA-2010:0936 Important CentOS 4 i386 kernel - security and bug fix update
CentOS Errata and Security Advisory CESA-2010:0936 kernel security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0936.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/kernel-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-smp-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-smp-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-smp-devel-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-xenU-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-doc-2.6.9-89.33.1.EL.noarch.rpm source: updates/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update kernel Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpHgAXTPmfBw.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0936 Important CentOS 4 x86_64 kernel - security and bug fix update
CentOS Errata and Security Advisory CESA-2010:0936 kernel security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0936.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/kernel-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-doc-2.6.9-89.33.1.EL.noarch.rpm updates/x86_64/RPMS/kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm updates/x86_64/RPMS/kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm source: updates/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update kernel Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpIZwlMSI3x7.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0950 Moderate CentOS 4 i386 apr-util - security update
CentOS Errata and Security Advisory CESA-2010:0950 apr-util security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0950.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/apr-util-0.9.4-22.el4_8.3.i386.rpm updates/i386/RPMS/apr-util-devel-0.9.4-22.el4_8.3.i386.rpm source: updates/SRPMS/apr-util-0.9.4-22.el4_8.3.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update apr-util Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpC0EzG60EAI.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0950 Moderate CentOS 4 x86_64 apr-util - security update
CentOS Errata and Security Advisory CESA-2010:0950 apr-util security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0950.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/apr-util-0.9.4-22.el4_8.3.x86_64.rpm updates/x86_64/RPMS/apr-util-devel-0.9.4-22.el4_8.3.x86_64.rpm source: updates/SRPMS/apr-util-0.9.4-22.el4_8.3.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update apr-util Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgphQKBOxuDPA.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0966 Critical CentOS 4 i386 firefox - security update
CentOS Errata and Security Advisory CESA-2010:0966 firefox security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0966.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/firefox-3.6.13-3.el4.centos.i386.rpm source: updates/SRPMS/firefox-3.6.13-3.el4.centos.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update firefox Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpbgSXfu5na6.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0966 Critical CentOS 4 x86_64 firefox - security update
CentOS Errata and Security Advisory CESA-2010:0966 firefox security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0966.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/firefox-3.6.13-3.el4.centos.x86_64.rpm source: updates/SRPMS/firefox-3.6.13-3.el4.centos.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update firefox Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpdISaHFEwod.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0967 Critical CentOS 4 i386 seamonkey - security update
CentOS Errata and Security Advisory CESA-2010:0967 seamonkey security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0967.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/seamonkey-1.0.9-66.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-chat-1.0.9-66.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-devel-1.0.9-66.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-dom-inspector-1.0.9-66.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-js-debugger-1.0.9-66.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-mail-1.0.9-66.el4.centos.i386.rpm source: updates/SRPMS/seamonkey-1.0.9-66.el4.centos.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update seamonkey Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpvSiyiKdZKa.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0967 Critical CentOS 4 x86_64 seamonkey - security update
CentOS Errata and Security Advisory CESA-2010:0967 seamonkey security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0967.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/seamonkey-1.0.9-66.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-chat-1.0.9-66.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-devel-1.0.9-66.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-dom-inspector-1.0.9-66.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-js-debugger-1.0.9-66.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-mail-1.0.9-66.el4.centos.x86_64.rpm source: updates/SRPMS/seamonkey-1.0.9-66.el4.centos.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update seamonkey Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgplueQrqtaeq.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0968 Moderate CentOS 4 i386 thunderbird - security update
CentOS Errata and Security Advisory CESA-2010:0968 thunderbird security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0968.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/thunderbird-1.5.0.12-34.el4.centos.i386.rpm source: updates/SRPMS/thunderbird-1.5.0.12-34.el4.centos.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update thunderbird Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpvGbEefRFel.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0968 Moderate CentOS 4 x86_64 thunderbird - security update
CentOS Errata and Security Advisory CESA-2010:0968 thunderbird security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0968.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/thunderbird-1.5.0.12-34.el4.centos.x86_64.rpm source: updates/SRPMS/thunderbird-1.5.0.12-34.el4.centos.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update thunderbird Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpnOcFkvOlPR.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0970 Critical CentOS 4 i386 exim - security update
CentOS Errata and Security Advisory CESA-2010:0970 exim security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0970.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/exim-4.43-1.RHEL4.5.el4_8.1.i386.rpm updates/i386/RPMS/exim-doc-4.43-1.RHEL4.5.el4_8.1.i386.rpm updates/i386/RPMS/exim-mon-4.43-1.RHEL4.5.el4_8.1.i386.rpm updates/i386/RPMS/exim-sa-4.43-1.RHEL4.5.el4_8.1.i386.rpm source: updates/SRPMS/exim-4.43-1.RHEL4.5.el4_8.1.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update exim Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpHnJ0aUhOSY.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0970 Critical CentOS 4 x86_64 exim - security update
CentOS Errata and Security Advisory CESA-2010:0970 exim security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0970.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/exim-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm updates/x86_64/RPMS/exim-doc-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm updates/x86_64/RPMS/exim-mon-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm updates/x86_64/RPMS/exim-sa-4.43-1.RHEL4.5.el4_8.1.x86_64.rpm source: updates/SRPMS/exim-4.43-1.RHEL4.5.el4_8.1.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update exim Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpKaCPywRiYn.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0977 Moderate CentOS 4 i386 openssl - security update
CentOS Errata and Security Advisory CESA-2010:0977 openssl security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0977.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/openssl-0.9.7a-43.17.el4_8.6.i386.rpm updates/i386/RPMS/openssl-0.9.7a-43.17.el4_8.6.i686.rpm updates/i386/RPMS/openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm updates/i386/RPMS/openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm source: updates/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update openssl Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpjECvgwR6dl.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0977 Moderate CentOS 4 x86_64 openssl - security update
CentOS Errata and Security Advisory CESA-2010:0977 openssl security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0977.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/openssl-0.9.7a-43.17.el4_8.6.i686.rpm updates/x86_64/RPMS/openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm updates/x86_64/RPMS/openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm updates/x86_64/RPMS/openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm updates/x86_64/RPMS/openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm source: updates/SRPMS/openssl-0.9.7a-43.17.el4_8.6.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update openssl Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpb1q1XtlDZN.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0981 Critical CentOS 4 i386 HelixPlayer removal
CentOS Errata and Security Advisory CESA-2010:0981 HelixPlayer removal security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0981.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm source: updates/SRPMS/HelixPlayer-1.0.6-3.el4_8.1.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update HelixPlayer Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpHCiDKlk18t.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:0981 Critical CentOS 4 x86_64 HelixPlayer removal
CentOS Errata and Security Advisory CESA-2010:0981 HelixPlayer removal security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0981.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/HelixPlayer-uninstall-1.0.6-3.el4_8.1.i386.rpm source: updates/SRPMS/HelixPlayer-1.0.6-3.el4_8.1.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update HelixPlayer Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpH6qbJjW0WV.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:1000 Important CentOS 4 i386 bind - security update
CentOS Errata and Security Advisory CESA-2010:1000 bind security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-1000.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/bind-9.2.4-30.el4_8.6.i386.rpm updates/i386/RPMS/bind-chroot-9.2.4-30.el4_8.6.i386.rpm updates/i386/RPMS/bind-devel-9.2.4-30.el4_8.6.i386.rpm updates/i386/RPMS/bind-libs-9.2.4-30.el4_8.6.i386.rpm updates/i386/RPMS/bind-utils-9.2.4-30.el4_8.6.i386.rpm source: updates/SRPMS/bind-9.2.4-30.el4_8.6.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update bind Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpfduBMsV1NR.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2010:1000 Important CentOS 4 x86_64 bind - security update
CentOS Errata and Security Advisory CESA-2010:1000 bind security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-1000.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/bind-9.2.4-30.el4_8.6.x86_64.rpm updates/x86_64/RPMS/bind-chroot-9.2.4-30.el4_8.6.x86_64.rpm updates/x86_64/RPMS/bind-devel-9.2.4-30.el4_8.6.x86_64.rpm updates/x86_64/RPMS/bind-libs-9.2.4-30.el4_8.6.i386.rpm updates/x86_64/RPMS/bind-libs-9.2.4-30.el4_8.6.x86_64.rpm updates/x86_64/RPMS/bind-utils-9.2.4-30.el4_8.6.x86_64.rpm source: updates/SRPMS/bind-9.2.4-30.el4_8.6.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update bind Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpDQeIGG0Ebd.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2011:0013 Moderate CentOS 4 i386 wireshark - security update
CentOS Errata and Security Advisory CESA-2011:0013 wireshark security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2011-0013.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/wireshark-1.0.15-1.el4_8.3.i386.rpm updates/i386/RPMS/wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm source: updates/SRPMS/wireshark-1.0.15-1.el4_8.3.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update wireshark Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpCzlA7snE29.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2011:0013 Moderate CentOS 4 x86_64 wireshark - security update
CentOS Errata and Security Advisory CESA-2011:0013 wireshark security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2011-0013.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/wireshark-1.0.15-1.el4_8.3.x86_64.rpm updates/x86_64/RPMS/wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm source: updates/SRPMS/wireshark-1.0.15-1.el4_8.3.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update wireshark Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpkIAi37wV6e.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2011:0153 Moderate CentOS 4 i386 exim - security update
CentOS Errata and Security Advisory CESA-2011:0153 exim security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2011-0153.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/exim-4.43-1.RHEL4.5.el4_8.3.i386.rpm updates/i386/RPMS/exim-doc-4.43-1.RHEL4.5.el4_8.3.i386.rpm updates/i386/RPMS/exim-mon-4.43-1.RHEL4.5.el4_8.3.i386.rpm updates/i386/RPMS/exim-sa-4.43-1.RHEL4.5.el4_8.3.i386.rpm source: updates/SRPMS/exim-4.43-1.RHEL4.5.el4_8.3.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update exim Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpoN8nwlXQcK.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Hello all, I've been reading this thread and have a question. I would like to set up passwordless ssh between two servers for some automated tasks but I don't like the paswordless key's option. How can I supply a passphrase when generating my keys but still have this process automated? --James. (This email was sent from a mobile device) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 27/01/2011, at 9:32 PM, James Bensley wrote: I've been reading this thread and have a question. I would like to set up passwordless ssh between two servers for some automated tasks but I don't like the paswordless key's option. How can I supply a passphrase when generating my keys but still have this process automated? I think 'keychain' is often used for this. It's a bit like ssh-agent, in that you unlock the key manually (eg. just after starting the system), but it can be accessed by other programs later. I've never used it myself. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 27/01/2011, at 8:48 PM, Nico Kadel-Garcia wrote: And the permissions of $HOME/.ssh should be 0700. Ah, yes. My mistake, sorry. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 27 January 2011 08:48, Cameron Kerr came...@humbledown.org wrote: I think 'keychain' is often used for this. It's a bit like ssh-agent, in that you unlock the key manually (eg. just after starting the system), but it can be accessed by other programs later. I've never used it myself. Ah yes, I see thats what Nico also suggested. Thanks you two, this is all up and working just great :D -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, Jan 27, 2011 at 02:39:29AM -0500, Nico Kadel-Garcia wrote: Wrong again. Never use public key access for root accounts, it simply compounds the security risks. Passphrase protected SSH keys can be That is 100% backwards. *NEVER* use password authentication for root (passwords are easier to brute force 'cos people choose bad passwords). Use ssh public key access for root, with appropriate restrictions (eg from=). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, Jan 27, 2011 at 12:33:31PM +0530, Indunil Jayasooriya wrote: # ssh-keygen -t rsa ( passphrase should be empty ) Don't use passphraseless keys unless you're using it for an automated tool (eg rsync kicked off from cron). If this is for human interactive work then learn how to use ssh-agent. (If it's for programmatic use then also learn the from= and command= options on the public key to restrict what the key can do) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, Jan 27, 2011 at 07:59:30AM +, John Hodrien wrote: On Thu, 27 Jan 2011, Nico Kadel-Garcia wrote: Wrong again. Never use public key access for root accounts, it simply compounds the security risks. Passphrase protected SSH keys can be Is this actually current doctrine for typical machines? I thought plenty of people advocated restricting ssh to AllowRoot without-password. What exactly Correct. PermitRootLogin without-password is the recommended approach if you must allow remote root login via ssh It's even better to deny remote root at all (login as normal user then sudo/su as necessary), but practicallity says it's needed, so without-password will stop you from being able to use the password and force you to use public keys or other non-password authentication. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package updates for 5.4?
On Jan 26, 2011, at 8:08 PM, John R Pierce wrote: On 01/26/11 5:51 PM, Mitch Patenaude wrote: On Wed, Jan 26, 2011 at 5:42 PM, Gene bran...@bellsouth.net mailto:bran...@bellsouth.net wrote: Can you tell us more about you cluster? Nodes? Purpose? I managed a small 90 node cluster for seismic work. 300+ nodes total, 200 in a hadoop cluster used for mapreduce, the rest in a variety of headless datacenter roles (web, mail, database, backup, etc.). They are somewhat sensitive to version updates, so I was hoping to find a way to find the security updates (patch level) without having to change versions. Upgrading to 5.6 would likely involve upgrading several core packages (mysql, ruby, python, bind, even glibc and the kernel). Is this a pipe dream? assuming the mysql, ruby, python, bind you are running are all the stock RHEL5/CentOS5 ones, the updates maintain the same x.y version as whatever was released with 5.0, the upstream vendor backports security fixes. the kernel is still 2.6.18, glibc is still 2.5, etc etc. 5.6 is not a new version, its just a snapshot of updates at that point in time. the version is 5. But still test, sometimes something can break. In point releases in the past, some things have broke like, recently, an ethernet card wouldn't work after the update. Gave weird errors. Replaced it with a newer revision of the card, and it worked fine. But generally things work fine. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package updates for 5.4?
As per the Redhat Virtualisation Expo yesterday... API/ABI compatibility is maintained within the point releases. If your stuff is certified on 5.4 it will run on 5.5/5.6. In addition there are compatibility libraries to get anything running on 5.X on 6.0... and when you move to 6.0 then anything running on 6.0 will run on 6.X. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package updates for 5.4?
On Thu, Jan 27, 2011 at 7:16 AM, James Hogarth james.hoga...@gmail.com wrote: As per the Redhat Virtualisation Expo yesterday... API/ABI compatibility is maintained within the point releases. If your stuff is certified on 5.4 it will run on 5.5/5.6. In addition there are compatibility libraries to get anything running on 5.X on 6.0... and when you move to 6.0 then anything running on 6.0 will run on 6.X. This... is theory. In practice, major architectural changes will break things and need to be tested. For example, the anaconda environment for RHEL 6 does not contain the dirname command. The environment for RHEL 5 did. I anticipate that CentOS 6 will also lack it. Who would know that without testing their kickstart scripts? And don't get me started on the NetworkManager related changes in /etc/sysconfig/network-scripts: the new NM_CONTROLLED option can cause enormous confusion. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
On 1/27/11 12:57 AM, Rudi Ahlers wrote: Actually, since the original question involved access to backups, I should have given my usual answer which is that backuppc is the thing to use for backups and it provides a web interface for restores (you pick the historical version you want and either tell it to put it back to the original host or you can download a tarball through the browser). Very nice for self-serve access. It does want to map complete hosts to owners that have permission to access them but with a little work you make different areas of a shared system look like separate hosts. BackupPC doesn't intergrate into cPanel. Why does it have to integrate? It runs on a different machine. Can't you make a remote apache authenticate the same way as a cpanel user would to access its web interface? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
If pw less access is something you prefer use a kerberos based service like FreeIPA/RedhatIPA. No need for ssh keys, and pw aren't stored locally. You can log in as a regular user and sudo su - to root, which can be done during ssh login: ssh -t user@host sudo su - David On Jan 27, 2011, at 1:35 AM, Cameron Kerr came...@humbledown.org wrote: On 27/01/2011, at 7:45 PM, Always Learning wrote: Hallo, I wanted to avoid typing-in my password every occasion I remotely logged-on to a server. I created my SSH keys and copied the public part to the server and renamed it authorized_keys. - server /root/.ssh id_rsa.authorized_keys -rw Your ~/.ssh/authorized_keys needs to be readable by sshd, your permissions on it are too restrictive (typically, this should be 0644) Also, it should be named authorized_keys, not id_rsa.authorized_keys PS. Coming from a background in other distributions, I find it disturbing that Centos ships with allow_root_login defaulting to yes. If you really need this, ensure that you also restrict access from where people can log in, consider employing dynamic banning, and harden your sshd_config (which, oddly enough, you didn't post). PPS. When diagnosing such faults, it can be useful to run the sshd (ie. the server process) in debugging mode, although this would generally require the server to be temporarily disabled so it can be started in debugging mode. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
On Thu, Jan 27, 2011 at 3:00 PM, Les Mikesell lesmikes...@gmail.com wrote: On 1/27/11 12:57 AM, Rudi Ahlers wrote: Actually, since the original question involved access to backups, I should have given my usual answer which is that backuppc is the thing to use for backups and it provides a web interface for restores (you pick the historical version you want and either tell it to put it back to the original host or you can download a tarball through the browser). Very nice for self-serve access. It does want to map complete hosts to owners that have permission to access them but with a little work you make different areas of a shared system look like separate hosts. BackupPC doesn't intergrate into cPanel. Why does it have to integrate? It runs on a different machine. Can't you make a remote apache authenticate the same way as a cpanel user would to access its web interface? -- Les Mikesell Sorry, I should have explained. cPanel is a web based control panel which allows end users to control every aspect of their domain (Web, stats, mail, files, databases, logs, DNS, etc) including backups. It currently backs up everything over FTP, and works fairly well but when a user wants to restore a broken website one of our techs needs to download the backup from the FTP server, to the cPanel server and then restore it on the client's behalf. Thus, mounting the NFS share basically added enough storage to the cPanel todo the backups locally, and then the users can restore the backups themselves by logging into cPanel. i.e. all the necessary security checks are performed automatically. But, If we use something like backupPC, then each user will need to be created on the BackupPC server (which will be a nightmare) and he then has to download the backup to his own PC first (some sites are several GB's, into the 10's of GB's), which then means the backup will take ages to restore. With cPanel, everything happens on the server directly so it's very quick. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 02:48 -0500, Nico Kadel-Garcia wrote: On 27/01/2011, at 7:45 PM, Always Learning wrote: server /root/.ssh id_rsa.authorized_keys -rw But, the name of the file with a copy of your public key should be $HOME/.ssh/authorized_keys. And the permissions of $HOME/.ssh should be 0700. 1. logging-on to the remote server as root. 2. server:- drwx-- 2 root root 4096 Jan 27 03:23 .ssh -rw--- 1 root root 404 Jan 27 03:23 id_rsa.authorized_keys OK ? -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 20:35 +1300, Cameron Kerr wrote: Also, it should be named authorized_keys, not id_rsa.authorized_keys B I N G O ** I can now log-in with just my home made command .s2 Thanks a lot. That cured it. Brilliant. Many thanks again. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 02:39 -0500, Nico Kadel-Garcia wrote: Also, there's a stack of reasons that DSA is preferred to RSA for SSH keys these days. When you generate your private keys, use ssh-keygen -t dsa, not rsa. RSA is the default if no cypher type is declared on the command line. I've taken your helpful advise and replaced the RSA key with a DSA key; put a passphrase on the key and then did a SSH-ADD which automatically recognised the new key and added it. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] centos 5.5: iptables: module recent
Hello, I have well performing iptables in centos 5.2 and 5.3 : -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix FW DROP IP Flood: Centos 5.5, updated today: Without -hitcount : iptables accept the line Including -hitcount : iptables brings an error message: Applying iptables firewall rules: iptables-restore: line 47 failed [FAILED] The Line Number is always the number of the COMMIT statement. Not the line number of the statement with the recent module. So I think, iptables is missing something, What? When I add the line interactive, the result is [root@host sysconfig]# iptables -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix FW DROP IP Flood: iptables: Unknown error 18446744073709551615 The man page describes the parameter: [!] --seconds seconds This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in the list and was seen within the last given number of seconds. [!] --hitcount hits This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in the list and packets had been received greater than or equal to the given value. This option may be used along with --seconds to create an even nar- rower match requiring a certain number of hits within a specific time frame. Without -hitcount the rule is worthless. Suggestions? Many Thanks Helmut ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 12:33 +0530, Indunil Jayasooriya wrote: you expect Passwordless SSH. If so, I wanted a quick effortless automated log-on. # ssh-keygen -t rsa ( passphrase should be empty ) Yes I did exactly that but following advice from this mailing list have changed to DSA and imposed a passphrase. # cd /root/.ssh/ Pls scp id_rsa.pub to the Server # scp id_rsa.pub root@server:/root/.ssh/authorized_keys I used Nautilus to transfer the files. Copied the file from my machine and pasted it into the server's directory. I have the servers as bookmarks in Nautilus. After entering the password for my machine's keyring, only once per session, entering the remote server is instant and easy. However terminal access is still needed sometimes for re-starting services, iptables and changing ownership - hence my need for SSH command line access to the servers. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package updates for 5.4?
This... is theory. In practice, major architectural changes will break things and need to be tested. For example, the anaconda environment for RHEL 6 does not contain the dirname command. The environment for RHEL 5 did. I anticipate that CentOS 6 will also lack it. Who would know that without testing their kickstart scripts? And don't get me started on the NetworkManager related changes in /etc/sysconfig/network-scripts: the new NM_CONTROLLED option can cause enormous confusion. I was referring to certified applications with regards to compatibility rather than kickstarting boxes and then you'll want to test out to see if you need any of the compatibility libaries With fresh package lists and so on of course you'll want to test out kickstarts... On any server I'd recommend disabling the networkmanager service and enabling the old network one... In fact on a server no point even installing the networkmanager packages... However that is pretty much OT from the original question and point of this thread which is that from 5.4 to 5.6 (and onwards) there will be no API/ABI breakages staying with the official channels. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 06:40 -0500, Stephen Harris wrote: *NEVER* use password authentication for root (passwords are easier to brute force 'cos people choose bad passwords). Use ssh public key access for root, with appropriate restrictions (eg from=). You haven't seen my long and difficult (for others) password (uppercase, lowercase, and digits). It is unlikely ever to succumb to brute force. :-) -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help - Seeking recommendations-script to install on CENT OS web server for backup to Network Attached Storage
rsync Krishna On Thu, Jan 27, 2011 at 7:27 AM, Steve Eisenberg steve.eisenb...@gmail.comwrote: Hello: I wanted to know if anyone on the list can recommend one or more scripts to install on a CENT OS web server that allows you to back up the entire box to network attached storage? Many thanks, Steve Eisenberg steve.eisenb...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
Rudi Ahlers wrote: On Thu, Jan 27, 2011 at 3:00 PM, Les Mikesell lesmikes...@gmail.com wrote: On 1/27/11 12:57 AM, Rudi Ahlers wrote: Actually, since the original question involved access to backups, I should have given my usual answer which is that backuppc is the thing snip It currently backs up everything over FTP, and works fairly well but when a user wants to restore a broken website one of our techs needs to download the backup from the FTP server, to the cPanel server and then restore it on the client's behalf. Thus, mounting the NFS share basically added enough storage to the cPanel todo the backups locally, and then the users can restore the backups themselves by logging into cPanel. i.e. all the necessary security checks are performed automatically. snip Well, I wouldn't be running ftp, anyway, but may I offer an alternative? How 'bout either rsync or scp; have the users' backups in their own directories, and set up ssh keys, and then give them a canned script to run, so that a) they say, AUGH! Website bad! Gotta restore! b) they go to cPanel, to the, what's it called, system maintenance? page, then are offered an icon that brings of a page that allows them to select one or more directories, or the whole site, c) clicking a restore button rcyncs or sftp's it over, from the backup directory that's owned by them to their site, with no passwords needed? mark ftp bad, *so* 1980's/early '90s, when the 'Net was a better place ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
On Wed, 2011-01-26 at 23:05 -0800, John R Pierce wrote: cpanel is pure crap. It is a ghastly and frustrating nightmare. Command line, even for a Linux beginner like me, is far superior. It is amazing that people pay lots of money to use it. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 06:57 -0600, David Christensen wrote: If pw less access is something you prefer use a kerberos based service like FreeIPA/RedhatIPA. No need for ssh keys, and pw aren't stored locally. You can log in as a regular user and sudo su - to root, which can be done during ssh login: ssh -t user@host sudo su - Thanks David. My problem happened because I wrong prefixed the server's key with id_rsa. Have since changed to DSA keys and everything works well. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Always Learning wrote: On Thu, 2011-01-27 at 06:40 -0500, Stephen Harris wrote: *NEVER* use password authentication for root (passwords are easier to brute force 'cos people choose bad passwords). Use ssh public key access for root, with appropriate restrictions (eg from=). You haven't seen my long and difficult (for others) password (uppercase, lowercase, and digits). It is unlikely ever to succumb to brute force. :-) Ah, no. Where can you log in as root from? If it's anywhere outside the intranet, bad, bad, bad. Thre's been reports that the serious encryption keys can be cracked in a very short time, thanks to an account on Amazon's cloud. Here at work, you can only log in as root *from* *the* *console*; anything else, it's either via ssh keys, or as yourself, then sudo (or sudo -s). When I have more than one machine at home, I *only* allow ssh from the internal net, and *never* from outside. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] setting up icecast
Hi all, I am new at setting up icecastand was wondering if someone cold point me to a guide on how to do so on cent 5.5 or give my instructions Best mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
Always Learning wrote: On Wed, 2011-01-26 at 23:05 -0800, John R Pierce wrote: cpanel is pure crap. It is a ghastly and frustrating nightmare. Command line, even for a Linux beginner like me, is far superior. It is amazing that people pay lots of money to use it. It may be crap, but a) I haven't seen any ISPs that offer shell access for the better part of a decade, at least, and b) consider the enTHUsistic folks who build so many websites who have no clue about computers, security, and get the cooties if they were to see a command line. *shrug* I live with it from my hosting provider. But then, I do everything on my own system (CentOS, of course), and hardly do more with cPanel than I would/could with Ye Olde Ftp. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Ext4 on CentOS 5.5 x64
Hi all, For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. Thanks. -- BW, Sorin --- # Sorin Srbu[Sysadmin, Systems Engineer] # Dept of Medicinal Chemistry, Phone: +46 (0)18-4714482 3 signals GSM # Div of Org Pharm Chem,Mobile: +46 (0)701-718023 # Box 574, Uppsala University, Fax: +46 (0)18-4714482 # SE-751 23 Uppsala, Sweden Visit: BMC, Husargatan 3, D5:512b # Web: http://www.orgfarm.uu.se --- # () ASCII ribbon campaign - Against html E-mail # /\ # # MotD follows: # Legacy MS Tag: Windows has crashed more systems than Michelangelo. smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Access to a Power6/Power7 machine?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, is there anybody here who has access to such a machine and could test e... 'some software' there? Please mail me privately. Thanks best, Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNQYqAfg746kcGBOwRArE2AJ4+qtS3i0V6a0Y6WocbpGZfne7Q/wCgsphj 1JcOBKH2RuleIQ3X80XFfT4= =AEdz -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 10:01 -0500, m.r...@5-cent.us wrote: Always Learning wrote: You haven't seen my long and difficult (for others) password (uppercase, lowercase, and digits). It is unlikely ever to succumb to brute force. :-) Ah, no. Where can you log in as root from? If it's anywhere outside the intranet, bad, bad, bad. Blush, blush access is on a non-standard port and then restricted to a few IP addresses. I don't want my servers taken over by others. As a basic policy everything that can be changed from a default port is. That means I have open 25 and 80. Everything else has a none-standard port number of 4 or 5 digits. Definitely no 443. Every secure web application has https and a different port and IP restrictions (in the .htaccess). I'm planning to experiment with mod_auth_mysql. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
On Thu, 2011-01-27 at 10:05 -0500, m.r...@5-cent.us wrote: On Wed, 2011-01-26 at 23:05 -0800, John R Pierce wrote: cpanel is pure crap. It may be crap, but a) I haven't seen any ISPs that offer shell access for the better part of a decade, at least, and b) consider the enTHUsistic folks who build so many websites who have no clue about computers, security, and get the cooties if they were to see a command line. *shrug* I live with it from my hosting provider. But then, I do everything on my own system (CentOS, of course), and hardly do more with cPanel than I would/could with Ye Olde Ftp. I moved to VPSs and got root access and a choice. Top of the list was Centos so I chose it. I have been happy ever since. Centos evokes cherished memories of 'real computing' in different countries. Personally M$ Windoze and Cpanel are unpleasant memories. Perhaps they are suitable for those lacking good computer skills but I really don't want that crap especially at my non-young age. I want quality and a professional operating system. Centos gives it to me. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Always Learning wrote: On Thu, 2011-01-27 at 10:01 -0500, m.r...@5-cent.us wrote: Always Learning wrote: You haven't seen my long and difficult (for others) password (uppercase, lowercase, and digits). It is unlikely ever to succumb to brute force. :-) Ah, no. Where can you log in as root from? If it's anywhere outside the intranet, bad, bad, bad. Blush, blush access is on a non-standard port and then restricted to a few IP addresses. I don't want my servers taken over by others. Security through obscurity doesn't work. Are you familiar with nmap? Restricted to a few IP addresses is good; the fewer the better. snip mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.5: iptables: module recent
Hi, Helmut Drodofsky wrote: When I add the line interactive, the result is [root@host sysconfig]# iptables -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix FW DROP IP Flood: iptables: Unknown error 18446744073709551615 IIRC, you may be hitting a hard limit on the --hitcount value. I was bitten by something similar a few months ago and ended up reducing both the --hitcount and the --seconds value to achieve roughly the same math. HTH, Mario ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 10:27 -0500, m.r...@5-cent.us wrote: Security through obscurity doesn't work. It certainly helps defeat most potential intruders but not the most determined. IPtables does help too. Are you familiar with nmap? Yes. I used to read the bloke's circulars when I was on Windoze. Have it installed. Knowing I use Centos is not necessary going to assist anyone breaking-in if I have everything screwed firmly down. Restricted to a few IP addresses is good; the fewer the better. Currently 3 static IPs. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 01/27/11 5:46 AM, Always Learning wrote: -rw--- 1 root root 404 Jan 27 03:23 id_rsa.authorized_keys how many times do you have to be told that the filename is authorized_keys, NOT id_rsa.authorized_keys for someone who claims to have been in IT since the 1960s, you don't seem to pay much attention, and waste 100 messages on something generic and trivial for which there are 100s of 'HOWTOs' online. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
On Thu, Jan 27, 2011 at 10:05:35AM -0500, m.r...@5-cent.us wrote: It may be crap, but a) I haven't seen any ISPs that offer shell access for the better part of a decade, at least, and b) consider the enTHUsistic www.panix.com - Your $HOME away from home. Of course many people who want shell access just get their own VMs now (eg linode, Panix v-colo). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext4 on CentOS 5.5 x64
On 27 January 2011 15:06, Sorin Srbu sorin.s...@orgfarm.uu.se wrote: Hi all, For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. Well for what it's worth it worked out well enough for Redhat that it is a fully supported filesystem in 5.6 and the default in 6.0... same admin tools as ext3 so not much to learn as it were... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext4 on CentOS 5.5 x64
On Thu, Jan 27, 2011 at 5:37 PM, James Hogarth james.hoga...@gmail.com wrote: On 27 January 2011 15:06, Sorin Srbu sorin.s...@orgfarm.uu.se wrote: Hi all, For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. Well for what it's worth it worked out well enough for Redhat that it is a fully supported filesystem in 5.6 and the default in 6.0... same admin tools as ext3 so not much to learn as it were... ___ Is there an upgrade path, or do we need to reinstall completely ? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Always Learning wrote: On Thu, 2011-01-27 at 10:27 -0500, m.r...@5-cent.us wrote: Security through obscurity doesn't work. It certainly helps defeat most potential intruders but not the most determined. IPtables does help too. We also run fail2ban at work. Very nice, installs (along with shorewall), and creates a temporary blacklist, blocking an IP that's tried five, I think, times to break in. All configurable, btw. snip Restricted to a few IP addresses is good; the fewer the better. Currently 3 static IPs. G mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
Stephen Harris wrote: On Thu, Jan 27, 2011 at 10:05:35AM -0500, m.r...@5-cent.us wrote: It may be crap, but a) I haven't seen any ISPs that offer shell access for the better part of a decade, at least, and b) consider the enTHUsistic www.panix.com - Your $HOME away from home. Of course many people who want shell access just get their own VMs now (eg linode, Panix v-colo). *shrug*. I've got paid-up hosting with bluehost/hostmonster. It's cheap, I've had very few problems, and it's not like I've got a big, high traffic site. mark and I do everything on my own system, anyway ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Security through obscurity doesn't work. It certainly helps defeat most potential intruders but not the most determined. IPtables does help too. We also run fail2ban at work. Very nice, installs (along with shorewall), and creates a temporary blacklist, blocking an IP that's tried five, I think, times to break in. All configurable, btw. Here too and from my own systems those 'scriptkiddies' are exposed to the world using http://twitter.com/fail2ban :) Regards, Michel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
On 1/27/2011 7:30 AM, Rudi Ahlers wrote: BackupPC doesn't intergrate into cPanel. Why does it have to integrate? It runs on a different machine. Can't you make a remote apache authenticate the same way as a cpanel user would to access its web interface? Sorry, I should have explained. cPanel is a web based control panel which allows end users to control every aspect of their domain (Web, stats, mail, files, databases, logs, DNS, etc) including backups. It currently backs up everything over FTP, and works fairly well but when a user wants to restore a broken website one of our techs needs to download the backup from the FTP server, to the cPanel server and then restore it on the client's behalf. Thus, mounting the NFS share basically added enough storage to the cPanel todo the backups locally, and then the users can restore the backups themselves by logging into cPanel. i.e. all the necessary security checks are performed automatically. If you are going this route, the obvious thing would be to make the automounter mount the user's copy into his own space when/if he accesses it and unmount the rest of the time. But, If we use something like backupPC, then each user will need to be created on the BackupPC server (which will be a nightmare) It's not that complicated. You only need an authentication method that would set apache's REMOTE_USER which probably already exists on the server and wouldn't be hard to copy elsewhere in whatever way it works now - or you can run the server locally with nfs-mounted storage. and he then has to download the backup to his own PC first (some sites are several GB's, into the 10's of GB's), which then means the backup will take ages to restore. No, downloading from the browser is an option, but the server can also put files back directly over the same transport that was used for the backup. The only issue that might be a problem would be controlling where each user could restore to. Typically each target host has an 'owner' and access to the web side is limited to the hosts you own - and you can map subdirectory targets to look like separate hosts. But when you restore, the commands run as the backuppc user which would typically have full root ssh access to the whole target host. There's probably some way to work around this - maybe using the ftp transport and controlling where the logins can go. Anyway the big advantage of backuppc is that all identical files are pooled so you can keep a much longer history on line. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 07:35 -0800, John R Pierce wrote: On 01/27/11 5:46 AM, Always Learning wrote: -rw--- 1 root root 404 Jan 27 03:23 id_rsa.authorized_keys how many times do you have to be told that the filename is authorized_keys, NOT id_rsa.authorized_keys Once. How many times do you have to be told things ? My posting was made, if you look at the headers, before I read a posting from another informing me the file name was incorrectly prefixed. As soon as I read the second posting I altered the file name, discovered everything worked perfectly and posted a very grateful response - you may have read it. (hint: *** BINGO * ) for someone who claims to have been in IT since the 1960s, you don't seem to pay much attention, and waste 100 messages on something generic and trivial for which there are 100s of 'HOWTOs' online. Have a nice day. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 10:40 -0500, m.r...@5-cent.us wrote: We also run fail2ban at work. Very nice, installs (along with shorewall), and creates a temporary blacklist, blocking an IP that's tried five, I think, times to break in. All configurable, btw. Thanks. I'll add that to the list to do. Restricted to a few IP addresses is good; the fewer the better. Currently 3 static IPs. G I'm definitely not going to let the b get in easily :-) The Russians appear the worse with their port 445 scanning. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Michel van Deventer wrote: Security through obscurity doesn't work. It certainly helps defeat most potential intruders but not the most determined. IPtables does help too. We also run fail2ban at work. Very nice, installs (along with shorewall), and creates a temporary blacklist, blocking an IP that's tried five, I think, times to break in. All configurable, btw. Here too and from my own systems those 'scriptkiddies' are exposed to the world using http://twitter.com/fail2ban :) So, where's most of your hits from? The most I see is China, followed by Brazil, then Korea (not sure which), then, a lot lower, Russia, Italy, and various others. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.5: iptables: module recent
Helmut Drodofsky wrote on Thu, 27 Jan 2011 15:41:15 +0100: The man page describes the parameter well, did you google before asking? I'm pretty sure that this topic has already been raised here (and probably elsewhere) a few times and as far as I recall it there must be a bug. I don't know if it is on the RH bugzilla. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 01/27/2011 09:00 AM, Always Learning wrote: On Thu, 2011-01-27 at 06:57 -0600, David Christensen wrote: If pw less access is something you prefer use a kerberos based service like FreeIPA/RedhatIPA. No need for ssh keys, and pw aren't stored locally. You can log in as a regular user and sudo su - to root, which can be done during ssh login: ssh -t user@host sudo su - Thanks David. My problem happened because I wrong prefixed the server's key with id_rsa. Have since changed to DSA keys and everything works well. Ya sorry I was jumping on the band wagon about not using ssh-keys with the root login or allowing root login at all. Its usually a dir/file permissions thing when it comes to using keys. You should look into getting away from using ssh-keys unless absolutely necessary and look at centralized authentication/authorization; of course if your env is large enough to warrant it. Kerberos can provide the same sort of password less access as ssh-keys. Anyway good luck. David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext4 on CentOS 5.5 x64
For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. I've recently been using ext4 because I have servers with large(ish) storage volumes, and because I know that the next version of centos will support it better than 5.5. I only use it for storage, where I use rsync to copy terabytes of data to and from the servers. It works fine - it's been set and forget so far. Very fast read/write speeds. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote: Also, there's a stack of reasons that DSA is preferred to RSA for SSH keys these days. When you generate your private keys, use ssh-keygen -t dsa, not rsa. Care to elaborate on that? Searching, I find mostly a stack of reasons for preferring RSA now that its patent has expired, e.g.: * DSA is critically dependent on the quality of your random number generator. Each DSA signature requires a secret random number. If you use the same number twice, or if your weak random number generator allows someone to figure it out, the entire secret key is exposed. * DSA keys are exactly 1024 bits, which is quite possibly inadequate today. RSA keys default to 2048 bits, and can be up to 4096 bits. Reasons for preferring DSA for signatures are less compelling: * RSA can also be used for encryption, making it possible for misguided users to employ the same key for both signing and encryption. * While RSA and DSA with the same key length are believed to be just about identical in difficulty to crack, a mathematical solution for the DSA discrete logarithm problem would imply a solution for the RSA factoring problem, whereas the reverse is not true. (A solution for either problem would be HUGE news in the crypto world.) -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext4 on CentOS 5.5 x64
Original Message Subject: Re: [CentOS] Ext4 on CentOS 5.5 x64 From: compdoc comp...@hotrodpc.com To: 'CentOS mailing list' centos@centos.org Date: Thursday, January 27, 2011 10:08:46 AM For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. I've recently been using ext4 because I have servers with large(ish) storage volumes, and because I know that the next version of centos will support it better than 5.5. I only use it for storage, where I use rsync to copy terabytes of data to and from the servers. It works fine - it's been set and forget so far. Very fast read/write speeds. I've been using it for the same purpose on a volume that is ~2.4TB, rsyncing a few 100's of GB/day. Works better than tape. No issues so far (maybe 6 months or so). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext4 on CentOS 5.5 x64
On 01/27/2011 07:37 AM, James Hogarth wrote: On 27 January 2011 15:06, Sorin Srbusorin.s...@orgfarm.uu.se wrote: Hi all, For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. Well for what it's worth it worked out well enough for Redhat that it is a fully supported filesystem in 5.6 and the default in 6.0... same admin tools as ext3 so not much to learn as it were... However, be very, ah, *cautious* about trying any ext4 options beyond the RH defaults. I tried creating some with extents and other non-default options yesterday and it immediately triggered kernel panics when I tried to mount the resulting file systems. On the other side, I've been running default ext4 options on CentOS5 on some machines for years now with no hiccups at all. -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up icecast
I run the CreekFM streaming audio server on icecast and ices. (You can find it at www.creekfm.com.) It runs on Centos 5. Do you have any specific questions? On Thu, 27 Jan 2011 09:02:56 -0600 mike cutie and maia wrote: Hi all, I am new at setting up icecastand was wondering if someone cold point me to a guide on how to do so on cent 5.5 or give my instructions Best mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- MELVILLE THEATRE ~ Melville Sask ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 71, Issue 2
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2010:0936 Important CentOS 4 i386 kernel - security and bug fix update (Tru Huynh) 2. CESA-2010:0936 Important CentOS 4 x86_64 kernel - security and bug fix update (Tru Huynh) 3. CESA-2010:0950 Moderate CentOS 4 i386 apr-util - security update (Tru Huynh) 4. CESA-2010:0950 Moderate CentOS 4 x86_64 apr-util - security update (Tru Huynh) 5. CESA-2010:0966 Critical CentOS 4 i386 firefox - security update (Tru Huynh) 6. CESA-2010:0966 Critical CentOS 4 x86_64 firefox - security update (Tru Huynh) 7. CESA-2010:0967 Critical CentOS 4 i386 seamonkey - security update (Tru Huynh) 8. CESA-2010:0967 Critical CentOS 4 x86_64 seamonkey - security update (Tru Huynh) 9. CESA-2010:0968 Moderate CentOS 4 i386 thunderbird - security update (Tru Huynh) 10. CESA-2010:0968 Moderate CentOS 4 x86_64 thunderbird - security update (Tru Huynh) 11. CESA-2010:0970 Critical CentOS 4 i386 exim - security update (Tru Huynh) 12. CESA-2010:0970 Critical CentOS 4 x86_64 exim -security update (Tru Huynh) 13. CESA-2010:0977 Moderate CentOS 4 i386 openssl - security update (Tru Huynh) 14. CESA-2010:0977 Moderate CentOS 4 x86_64 openssl - security update (Tru Huynh) 15. CESA-2010:0981 Critical CentOS 4 i386 HelixPlayer removal (Tru Huynh) 16. CESA-2010:0981 Critical CentOS 4 x86_64 HelixPlayer removal (Tru Huynh) 17. CESA-2010:1000 Important CentOS 4 i386 bind - security update (Tru Huynh) 18. CESA-2010:1000 Important CentOS 4 x86_64 bind - security update (Tru Huynh) 19. CESA-2011:0013 Moderate CentOS 4 i386 wireshark - security update (Tru Huynh) 20. CESA-2011:0013 Moderate CentOS 4 x86_64 wireshark - security update (Tru Huynh) 21. CESA-2011:0153 Moderate CentOS 4 i386 exim - security update (Tru Huynh) 22. CESA-2011:0153 Moderate CentOS 4 x86_64 exim -security update (Tru Huynh) 23. CESA-2011:0162 Important CentOS 4 i386 kernel - security and bug fix update (Tru Huynh) 24. CESA-2011:0162 Important CentOS 4 x86_64 kernel - security and bug fix update (Tru Huynh) -- Message: 1 Date: Thu, 27 Jan 2011 09:44:20 +0100 From: Tru Huynh t...@centos.org Subject: [CentOS-announce] CESA-2010:0936 Important CentOS 4 i386 kernel - security and bug fix update To: centos-annou...@centos.org Message-ID: 20110127084420.ga24...@sillage.bis.pasteur.fr Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2010:0936 kernel security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0936.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/kernel-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-smp-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-smp-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-smp-devel-2.6.9-89.33.1.EL.i586.rpm updates/i386/RPMS/kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-xenU-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm updates/i386/RPMS/kernel-doc-2.6.9-89.33.1.EL.noarch.rpm source: updates/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update kernel Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20110127/8235005f/attachment-0001.bin -- Message: 2 Date: Thu, 27 Jan 2011 09:45:04 +0100 From: Tru Huynh t...@centos.org Subject: [CentOS-announce] CESA-2010:0936 Important CentOS 4 x86_64 kernel - security and bug fix update To: centos-annou...@centos.org Message-ID: 20110127084504.gb24...@sillage.bis.pasteur.fr
Re: [CentOS] setting up icecast
Please do not hijack threads. If you want to send a new message to the list then do NOT reply to a message. Also, I ask that you first try to install icecast and *then* come to the list if you encounter problems. This is not an all-purpose support list. Thanks. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 01/27/2011 04:57 PM, m.r...@5-cent.us wrote: [snip] Here too and from my own systems those 'scriptkiddies' are exposed to the world using http://twitter.com/fail2ban :) So, where's most of your hits from? The most I see is China, followed by Brazil, then Korea (not sure which), then, a lot lower, Russia, Italy, and various others. I see most hits come from India and China (218.0.0.0/16 - 223.0.0.0/16 seems rather popular) followed at quite a distance by the likes of Brazil, South Korea, Russia, Romania and Bulgaria. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, Jan 27, 2011 at 10:40:14AM -0500, m.r...@5-cent.us wrote: We also run fail2ban at work. Very nice, installs (along with shorewall), and creates a temporary blacklist, blocking an IP that's tried five, I think, times to break in. All configurable, btw. There is also denyhosts, which performs a very similar function. I believe both are available from the rpmforge repository (and probably in EPEL too if you prefer that repo). --keith -- kkel...@wombat.san-francisco.ca.us pgpdNQOEplUY6.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
Hi, On Thu, 2011-01-27 at 10:57 -0500, m.r...@5-cent.us wrote: Here too and from my own systems those 'scriptkiddies' are exposed to the world using http://twitter.com/fail2ban :) So, where's most of your hits from? The most I see is China, followed by Brazil, then Korea (not sure which), then, a lot lower, Russia, Italy, and various others. Lots from China, Russia and some South American countries. Sometimes even from my own country ! (Netherlands). Regards, Michel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] #!/bin/csh -v not work on CENTOS 5.5
Cameron Kerr cameron@... writes: On 27/01/2011, at 7:27 AM, David G. Miller wrote: chmod -R g+rx,o+rx Nelson/ cd What is the result of 'cd' (a shell-internal command) in this version of tcsh? It is the same as in sh? As expected, cd with no directory is the same as cd ~/ Cheers, Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Static assignment of SCSI device names?
Hello list members, In CentOS-5.5 I'm trying to achieve static assignment of SCSI device names for a bunch of RAID-60 drives on a Supermicro motherboard. The scsi_id command identifies all drives ok. The board has one SATA controller and three SAS/SATA controllers ... standard on-board ICH-10 ATA channels, an on-board LSI SAS/SATA controller, and two add-on SAS/SATA contoller cards. There are 13 drives in all, spread across the four controllers, all configured for Linux software RAID. The problem is in management of the drive names and figuring out which drive to pull in case of failure. Unfortunately the BIOS scan detects only the three drives connected to the ICH-10 SATA controller. That's ok because that's where the RAID-1 boot drives are. However, when the kernel starts it assigns those drives last, not first. For this reason I want to use a set of udev rules to assign specific names to the drives plugged into specific ports (to maintain my sanity :-) ). Identifying drives by their ID string (which includes the drive's serial number) and assigning names in the rules works ok. BUT, what happens when I have to swap out a failed drive? The serial number (and possibly model number) changes, and the udev assignment should fail, probably assigning an unexpected /dev/sd? name. RAID rebuild would choke until I change the MD device assignment. Is it possible to assign SCSI drive names by hardware path instead? I especially want the three RAID1+spare boot drives to always be assigned sda/sdb/sdc, because that sorts out other issues I'm having in CentOS-5. In the udev rules file I tried piping the output of scsi_id -g -i -u -s /block/... through cut to extract the path, but I get no match string when I run udevtest against that block device. Does the PROGRAM==. clause not recognize the pipe symbol? I tried a little shellscript to provide the RESULT match string, but udevtest didn't like that. Is there a supported way to predictably assign a drive name according to the hardware port it's plugged into ... it would make swapping drives a lot easier, since it becomes 'drive-id-string' agnostic. Better yet, is there any way to tell the kernel the order in which to scan the controllers? I'm also hoping the problem doesn't radically change when I install CentOS-6 on this box. I'm using CentOS-5 just to get practice in using KVM and RAID-60. Thanks for any advice you can offer. Chuck ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Static assignment of SCSI device names?
On 1/27/2011 2:41 PM, Chuck Munro wrote: Identifying drives by their ID string (which includes the drive's serial number) and assigning names in the rules works ok. BUT, what happens when I have to swap out a failed drive? The serial number (and possibly model number) changes, and the udev assignment should fail, probably assigning an unexpected /dev/sd? name. RAID rebuild would choke until I change the MD device assignment. If you can figure things out for the initial md device creation, subsequent assembly uses the uuid to match up the members and doesn't care if the disks have been moved around either physically or by detection order. And if you are hot-swapping drives and rebuilding manually, you should be able to find the just-assigned name with 'dmesg'. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to unmount an NFS share when the NFS server is unavailable?
on 07:54 Thu 27 Jan, John Hodrien (j.h.hodr...@leeds.ac.uk) wrote: On Wed, 26 Jan 2011, Dr. Ed Morbius wrote: I'd suggest the automount route as well (you're only open to NFS issues while the filesystem is mounted), but you then have to maintain automount maps and run the risk of issues with the automounter (I've seen large production environments in which the OOM killer would arbitrarily select processes to kill ). Once you're into an OOM state, you're screwed anyway. Is turning off overcommit a sane option these days or not? Our suggested fix was to dramtically reduce overcommit, or disable it. I don't recall what was ultimately decided. Frankly, bouncing the box would generally be better than letting it get in some weird wedge state (and was what we usually ended up doing in this instance anyway). Environment was a distributed batch-process server farm. Engineers were disciplined to either improve memory management or request host resources appropriately. Now, if you were to run monit, out of init, and restart critical services as they failed, you might get around some of the borkage, but yeah, generally, what OOM is trying to tell you is that you're Doing It Wrong[tm]. -- Dr. Ed Morbius Chief Scientist Krell Power Systems Unlimited ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 2011-01-27 at 20:30 +0100, Michel van Deventer wrote: Lots from China, Russia and some South American countries. Sometimes even from my own country ! (Netherlands). Attempts from Holland always, in my experience, come from Leaseweb IPs but complaining to them produces no results. Mvg, Paul. P.S. 'Een brug te ver' I saw in Deventer when it was first released. Een mooi stad met een leuke binnenstad. I hope it is still the same. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, 27 Jan 2011 21:23:51 + Always Learning wrote: Attempts from Holland always, in my experience, come from Leaseweb IPs but complaining to them produces no results. The appropriate entries in /etc/hosts.deny does produce results -- MELVILLE THEATRE ~ Melville Sask ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
on 10:15 Thu 27 Jan, Robert Nichols (rnicholsnos...@comcast.net) wrote: On 01/27/2011 01:39 AM, Nico Kadel-Garcia wrote: Also, there's a stack of reasons that DSA is preferred to RSA for SSH keys these days. When you generate your private keys, use ssh-keygen -t dsa, not rsa. Care to elaborate on that? Searching, I find mostly a stack of reasons for preferring RSA now that its patent has expired, e.g.: * DSA is critically dependent on the quality of your random number generator. Each DSA signature requires a secret random number. If you use the same number twice, or if your weak random number generator allows someone to figure it out, the entire secret key is exposed. * DSA keys are exactly 1024 bits, which is quite possibly inadequate today. RSA keys default to 2048 bits, and can be up to 4096 bits. Reasons for preferring DSA for signatures are less compelling: * RSA can also be used for encryption, making it possible for misguided users to employ the same key for both signing and encryption. * While RSA and DSA with the same key length are believed to be just about identical in difficulty to crack, a mathematical solution for the DSA discrete logarithm problem would imply a solution for the RSA factoring problem, whereas the reverse is not true. (A solution for either problem would be HUGE news in the crypto world.) The main argument against RSA keys was the RSA patent. It's expired. Go RSA. -- Dr. Ed Morbius Chief Scientist Krell Power Systems Unlimited ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
on 14:50 Thu 27 Jan, Always Learning (cen...@g7.u22.net) wrote: On Thu, 2011-01-27 at 12:33 +0530, Indunil Jayasooriya wrote: you expect Passwordless SSH. If so, I wanted a quick effortless automated log-on. That's what ssh-agent gives you. If you invoke a command under ssh-agent, that comamnd (and all its children) inherit ssh-agent's environment, which includes the SSH_AUTH_SOCK variable, pointing to the authentication socket. Only that user (or root, and you trust root, right) can access this socket. For convenience (and some risk), you can also enable agent-forwarding (I prefer doing this to a limted set of hosts or domains). This would enable you to say: ssh from localhost to adminbox.datacenter.example.com ssh from adminbox.datacenter.example.com to other hosts within the DC. Very handy if you need to run quick commands, git pulls/pushes, scp, rsync, etc., within the DC, without having to constantly re-type your password. Of course, the more often you type your password, the more memorable it becomes. # ssh-keygen -t rsa ( passphrase should be empty ) Yes I did exactly that but following advice from this mailing list have changed to DSA and imposed a passphrase. Either works. RSA takes merits. Password SHOULD be provided. -- Dr. Ed Morbius Chief Scientist Krell Power Systems Unlimited ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Static assignment of SCSI device names?
on 12:41 Thu 27 Jan, Chuck Munro (chu...@seafoam.net) wrote: Hello list members, In CentOS-5.5 I'm trying to achieve static assignment of SCSI device names for a bunch of RAID-60 drives on a Supermicro motherboard. The scsi_id command identifies all drives ok. The board has one SATA controller and three SAS/SATA controllers ... standard on-board ICH-10 ATA channels, an on-board LSI SAS/SATA controller, and two add-on SAS/SATA contoller cards. There are 13 drives in all, spread across the four controllers, all configured for Linux software RAID. The problem is in management of the drive names and figuring out which drive to pull in case of failure. Unfortunately the BIOS scan detects only the three drives connected to the ICH-10 SATA controller. That's ok because that's where the RAID-1 boot drives are. However, when the kernel starts it assigns those drives last, not first. For this reason I want to use a set of udev rules to assign specific names to the drives plugged into specific ports (to maintain my sanity :-) ). Identifying drives by their ID string (which includes the drive's serial number) and assigning names in the rules works ok. BUT, what happens when I have to swap out a failed drive? The serial number (and possibly model number) changes, and the udev assignment should fail, probably assigning an unexpected /dev/sd? name. RAID rebuild would choke until I change the MD device assignment. Is it possible to assign SCSI drive names by hardware path instead? I especially want the three RAID1+spare boot drives to always be assigned sda/sdb/sdc, because that sorts out other issues I'm having in CentOS-5. In the udev rules file I tried piping the output of scsi_id -g -i -u -s /block/... through cut to extract the path, but I get no match string when I run udevtest against that block device. Does the PROGRAM==. clause not recognize the pipe symbol? I tried a little shellscript to provide the RESULT match string, but udevtest didn't like that. Is there a supported way to predictably assign a drive name according to the hardware port it's plugged into ... it would make swapping drives a lot easier, since it becomes 'drive-id-string' agnostic. Better yet, is there any way to tell the kernel the order in which to scan the controllers? I'm also hoping the problem doesn't radically change when I install CentOS-6 on this box. I'm using CentOS-5 just to get practice in using KVM and RAID-60. Though I don't swear to understand it well, it's possible that multipath (device-mapper-multipath) may work in your situation. I've been using it for iSCSI storage, where it provides multipathing capabilities, including performance improvements, HA, and persistent device naming. Whether this applies to hotplugged SCSI devices I'm not so sure, and udev would be my first choice. The multipath documentation is unfortunately atrocious. -- Dr. Ed Morbius Chief Scientist Krell Power Systems Unlimited ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
m.r...@5-cent.us wrote: Always Learning wrote: ... Blush, blush access is on a non-standard port and then restricted to a few IP addresses. I don't want my servers taken over by others. Security through obscurity doesn't work. Are you familiar with nmap? If port scanning is a concern, how about implementing port-knocking? (Granted, it's not always practical.) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On Thu, Jan 27, 2011 at 6:40 AM, Stephen Harris li...@spuddy.org wrote: On Thu, Jan 27, 2011 at 02:39:29AM -0500, Nico Kadel-Garcia wrote: Wrong again. Never use public key access for root accounts, it simply compounds the security risks. Passphrase protected SSH keys can be That is 100% backwards. *NEVER* use password authentication for root (passwords are easier to brute force 'cos people choose bad passwords). Use ssh public key access for root, with appropriate restrictions (eg from=). Nope. Ideally, use *neither* for root. Allow root access only from the local console or a local shell with su, or sudo if you want to share access. That provides much superior tracking of the root access and whose account was used for the inappropriate access. Remote root access in SSH should be avoided altogether, but if necessary, the SSH keys can be a big issue becuase of people who give exactly the advice we just saw. Generate an unprotected key and publish it to the root account! is, unfortunately, far too common, and we just saw someone suggest *exactly* that. Root does not, generally, need password-free access. If it does, SSH keys can provide some restrictions on it, as can sudo for other accounts to allow them only specific root activities. But root access without making you actually put in a password and think about what you're doing is *begging* for pain. In fact, the likely pain is only partially from stolen keys. It's also from people doing things as root without thinking about them, and making mistakes. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ext4 on CentOS 5.5 x64
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of compdoc Sent: Thursday, January 27, 2011 5:09 PM To: 'CentOS mailing list' Subject: Re: [CentOS] Ext4 on CentOS 5.5 x64 For those of you that have been using the ext4 technology preview on CentOS 5.5, how has it panned out? Does it perform as expected? How do you feel the stability, creation of the FS and the administration of it is? Ideas and comments welcome. I've recently been using ext4 because I have servers with large(ish) storage volumes, and because I know that the next version of centos will support it better than 5.5. I only use it for storage, where I use rsync to copy terabytes of data to and from the servers. It works fine - it's been set and forget so far. Very fast read/write speeds. Same story here. I'm building a new backup server from scratch (with no old data on it), and while ext3 is nice and stable it's also pretty slow when we start talking sevenish terabytes. My main concern is all the writing on the interweb regarding running an fsck and a tune2fs after having formatted the filesystem to ext4; some say you should while some say it isn't necessary. Anyway, I get a bad block message when running fsck, and am not sure whether this is a interface problem between the chair and the monitor or something with the tech preview. -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos