Re: [CentOS-es] sobre router por defecto y rutas estaticas.
2011/2/24 Mariano Cediel mariano.ced...@gmail.com El día 24 de febrero de 2011 04:13, Eduardo Grosclaude eduardo.groscla...@gmail.com escribió: 2011/2/23 Mariano Cediel mariano.ced...@gmail.com Hola Mariano El equipo X está en una red con direcciones privadas, y estas direcciones no se publican a través de Internet. Por lo tanto si el SSH al equipo X (desde el equipo Y) resulta posible, y el equipo Y no se encuentra en ninguna de las RED1 de tu ejemplo entonces es porque el routerB hace NAT o traducción de direcciones hacia adentro (a veces llamado port forwarding). Para cada paquete proveniente de Y por Internet, el routerB reemplazará la dirección origen por 192.168.1.B antes de entregarlo a la red local. Así le presentará a X las conexiones entrantes como si hubieran sido originadas en routerB. X generará las respuestas dirigidas a routerB. El routerB al recibir la respuesta cumplirá la segunda parte del mecanismo de NAT, devolviendo el paquete a Y con la dirección origen nuevamente modificada, para reflejar la dirección IP pública a la cual apuntó Y. X no ruteará la respuesta por routerA, su gateway por defecto, porque la entrega es local, ya que tanto 192.168.1.X como 192.168.1.B están en la misma red. Es que tengo un caso en el que esto no se cumple, y no entiendo muy bien por qué. Si puedes danos más detalles, posiblemente el caso es el de port forwarding? No, son dos cutre-routers adsl de ISP, que permiten la redirección de puertos, sin más. Y no hacen la traslación de IPs, ya que cuandomiramos quien esté conectado en el CENTOS (con w o con netstat), se ve la IP PUBLICA del usuario, no la IP privada del router Y durante esas sesiones aparece en el equipo X una ruta hacia Y a través de routerB? Si es así, posiblemente se trate de un caso de ICMP REDIRECT por parte de routerA... Acá http://www.networksorcery.com/enp/protocol/icmp/msg5.htm hay unas notas sobre REDIRECT con punteros a las RFCs correspondientes. -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] ls returns file doesn't exist, find finds it??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 23, 2011, at 10:26 PM, John R. Dennison wrote: On Thu, Feb 24, 2011 at 01:22:41AM -0500, Kwan Lowe wrote: Instead of piping to xargs, try: find . -type f -mtime +15 -exec ls {} \; Or get rid of child processes entirely: find . -type f -mtime +15 -ls Or don't depend on ls for such applications. Use stat or echo instead. - -- Corey / KB1JWQ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNZhC/AAoJEPmSS8816iBeFR4IALE7O3o9MogpWKJOipZTLc0i 2BrOpKhJP3+NzmhzPRW7P+6pzCAdZJbiBn748NXs6SBgkQnVrOsRwwOefFy2Ju/g bnQ/Sz7LnTW2pAxfRpk0/sxcU3+XczyHMj4zwCOOdOphbteE2g8KCK8I5ZbA2itv OnyIQjkKSqEOeWTsmypdNHwTBa58eiZ1Zbj0+0dYJKCr9xavVB3SnvEJl0Id+O9X h5iou2zeFUvizmdpPwkJw2h7LO7pjKGYG5PE+4LqJWpVy8SzMZzgLrLEnQUoaJ4q Vn5t/StTzkOZbuC8Tvw1b0/3glnJUTuSoCTPCMJRHl1vvgpLCqemJ/LLhDy0xMU= =kGlg -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Wed, Feb 23, 2011 at 10:45 PM, Ross Walker rswwal...@gmail.com wrote: Let's face it most auditors these days are just accountants with Infosys Mgmt text books. Or former sysadmins who didn't make it in the management track but still wanted to be able to lord it over others... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 24/02/2011 00:42, David Brian Chait wrote: From Larry's web site: http://www.texoma.net/it/contact_us.html ab...@texoma.net to report violations of netiquette To quote Rodney King..Can't we all just get along? __ Or, at least, can't you just distance yourself and ignore someone who obviously isn't ever going to agree with you? Be it by some obvious non-disposition to your own beliefs? This isn't a religion based discussion group... I saw someone ask for list moderation or banning of a user here... I don't think that is necessary, just don't rise to the bait of a troll - bite once if you really must, but remember they are just trying to add noise to an otherwise rational discussion group. So it is not worth getting into an elongated thread about it. -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
Am 24.02.2011 09:03, schrieb Corey Quinn: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 23, 2011, at 10:26 PM, John R. Dennison wrote: On Thu, Feb 24, 2011 at 01:22:41AM -0500, Kwan Lowe wrote: Instead of piping to xargs, try: find . -type f -mtime +15 -exec ls {} \; Or get rid of child processes entirely: find . -type f -mtime +15 -ls Or don't depend on ls for such applications. Use stat or echo instead. Why? And if you give good advice, why is the OP seeing the problem? Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Thu, Feb 24, 2011 at 3:55 AM, Garry Dale garry.d...@gmail.com wrote: Trutwin, Joshua wrote: Hello all, Hi, Josh. The CentOS lists are really not the appropriate place for this thread. No doubt there are many members of the CentOS community who can and will help. However, I'm quite certain that CentOS is wholly separate from the other, so threads on the CentOS lists should only pertain to CentOS. Perhaps those willing to assist you might contact you personally. Just a friendly suggestion from a user. Regards. ___ Garry, what the OP has asked has a lot todo with CentOS. He's looking for a web based management tool-set to manage his CentOS server, by the way. As per your definition, the list should have been much much quieter and stuff like Gnome, KDE, web cams, etc, etc, etc should then also be removed from the list? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 02/24/11 12:42 AM, Rudi Ahlers wrote: Garry, what the OP has asked has a lot todo with CentOS. He's looking for a web based management tool-set to manage his CentOS server, by the way. As per your definition, the list should have been much much quieter and stuff like Gnome, KDE, web cams, etc, etc, etc should then also be removed from the list? yes, in fact. this list is intended to be for things that are specific to CentOS and not generic to Linux, or even generic to RHEL. Now, if webmin worked in RHEL5 but didn't work in CentOS, that could be a good on topic discussion. My centos system runs apache and php and postgres, and on top of that I'm running drupal, and I'm having some problems with my theme template CSS. hey, its on centos, shouldn't I discuss that here? Most certainly NOT. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On Thu, Feb 24, 2011 at 8:56 AM, John R Pierce pie...@hogranch.com wrote: On 02/24/11 12:42 AM, Rudi Ahlers wrote: My centos system runs apache and php and postgres, and on top of that I'm running drupal, and I'm having some problems with my theme template CSS. hey, its on centos, shouldn't I discuss that here? Most certainly NOT. John, Agreed. The problem is the community around Centos is quite large and we need sometimes to ask for other's opinion regarding adjacent subjects. Who else are we going to ask? We need an offto...@centos.org list. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On 02/24/2011 02:24 AM, Nico Kadel-Garcia wrote: I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind The bind97 packages is in RHEL 5.6. ... and available in c5-testing, pending centos-5.6 release; so if you want to get it now, get it eary - thats a good place to grab it from. Also, if you do use the package from c5-testing; make sure to feedback comments to the centos-devel list so they can be incorporated into the CentOS-5.6 Release Notes; - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Wed, Feb 23, 2011 at 10:23 PM, John R Pierce pie...@hogranch.com wrote: On 02/23/11 6:08 PM, Machin, Greg wrote: Hi. I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to. to put it bluntly, your security guy is pretty much worthless as such if he thinks security is audited by checking version numbers. sadly, this is too common. No, it's actually useful. Backporting is painful, expensive, and often unreliable, and leaves various any unpublished zero-day exploits in the wild. It also indicates feature incompatibility with other tools that rely on the new features. I went through this last week with OpenSSH version 5.x (not currently available for RHEL or CentOS 5 except by third party provided software), and bash. Turns out that OpenSSH 5.x doesn't read your .bashrc for non-login sessions, OpenSSH 4.x did. RHEL 6 addressed this for normal use by updating bash so it gets handled more like people expect it to behave, but I had users very upset that the new OpenSSH with the new features did not handle their reset PATH settings from their .bashrc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 2/23/2011 9:49 AM, Trutwin, Joshua wrote: Hello all, I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the default packages (bind, postfix, etc) instead of the DJB stuff. Main requirements are fairly straightforward: 1. able to add/manage domains, ssl cert management, manage DNS records 2. able to manage email accounts and anti-spam settings 3. able to add/manage mysql and pgsql (nice to have) 4. user management - ftp/ssh accounts, password change, etc. 5. nice to have: add a wordpress blog / xcart store to a site 6. nice to have: users have own login to do some of the above for their domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to pay a license, but not a huge budget. I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive. Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I currently use virtualmin GPL. There are a few features that are kept in virtualmin pro...i have one server that runs pro..i have another that runs virtualmin gpl. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
Am 24.02.11 14:17, schrieb William Warren: On 2/23/2011 9:49 AM, Trutwin, Joshua wrote: Hello all, I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the default packages (bind, postfix, etc) instead of the DJB stuff. Main requirements are fairly straightforward: 1. able to add/manage domains, ssl cert management, manage DNS records 2. able to manage email accounts and anti-spam settings 3. able to add/manage mysql and pgsql (nice to have) 4. user management - ftp/ssh accounts, password change, etc. 5. nice to have: add a wordpress blog / xcart store to a site 6. nice to have: users have own login to do some of the above for their domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to pay a license, but not a huge budget. I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive. Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I currently use virtualmin GPL. There are a few features that are kept in virtualmin pro...i have one server that runs pro..i have another that runs virtualmin gpl. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos plesk *eg* scnr :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
Would appreciate some suggestions for ecommerce hosting. Depends on what you want. I use beanstream for the bit of stuff that I do. I think he meant web hosting for running an ecommerce oriented website. :-) +1 for BeanStream in any event. -- Drew Nothing in life is to be feared. It is only to be understood. --Marie Curie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [SOLVED] Re: LVM problem after adding new (md) PV
I solved this issue thanks to help on linux-lvm list from a guy from redhat. Initrd image had to be recreated so that new raid devices could be seen before root is mounted. Solution: # mkinitrd /boot/initrd-$(uname -r).img $(uname -r) -- Tomasz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternative to cPanel
On 2/24/11 2:42 AM, Rudi Ahlers wrote: Garry, what the OP has asked has a lot todo with CentOS. He's looking for a web based management tool-set to manage his CentOS server, by the way. If you just want to manage 'a server' through a web interface, you might like ClearOS, which is mostly Centos components under the covers. But I don't think it handles virtual servers underneath it. Webmin is OK for what it does and can keep you from making some stupid typos in the config files, but you still have to understand what each program and all of its options do. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
hi, On 02/24/2011 02:18 AM, Thomas Dukes wrote: Would appreciate some suggestions for ecommerce hosting. Been using, cough, A large majority of the .centos.org infrastructure comes from hosting companies who donate machines and bandwidth to the project. While some prefer to opt out of being mentioned, the rest are mentioned here : http://www.centos.org/mirrors I would highly recommend people looking for hosting, consider these people. Also worth noting here is that we dont endorse any of them ourselves - and the CentOS Project has no relationship beyond the fact that they donated resources to the project. Regards, - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
On 2/23/11 10:54 PM, neubyr wrote: Howdy, I am getting some errors with find and ls command - such that find is able to see a file whereas ls says the file doesn't exist. Initially I was trying find and ls together as: # find ./ -type f -mtime +15 | xargs ls Similar behavior is seen even when I execute both commands separately. Any thoughts on what might be wrong here? Can you give an example of a path that find returns and the output of ls -l 'that_path_in_quotes' My first guess is that you have shell metacharacters (like spaces) in the file or directory names that the shell parses/expands if you don't quote them. Using the GNU --print0 extension to find and the matching -0 option to xargs might fix it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
On 2/23/2011 6:42 PM, David Brian Chait wrote: To quote Rodney King..Can't we all just get along? Every time I see that quote, I hear Jack Nicholson as The Joker in Batman. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
centos-boun...@centos.org wrote: Howdy, I am getting some errors with find and ls command - such that find is able to see a file whereas ls says the file doesn't exist. Initially I was trying find and ls together as: # find ./ -type f -mtime +15 | xargs ls Similar behavior is seen even when I execute both commands separately. Any thoughts on what might be wrong here? Try: find ./ -type f -mtime +15 -print0 | xargs -0 ls Insert spiffy .sig here //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On 02/24/2011 07:12 AM, Nico Kadel-Garcia wrote: On Wed, Feb 23, 2011 at 10:23 PM, John R Pierce pie...@hogranch.com wrote: On 02/23/11 6:08 PM, Machin, Greg wrote: Hi. I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to. to put it bluntly, your security guy is pretty much worthless as such if he thinks security is audited by checking version numbers. sadly, this is too common. No, it's actually useful. Backporting is painful, expensive, and often unreliable, and leaves various any unpublished zero-day exploits in the wild. It also indicates feature incompatibility with other tools that rely on the new features. The above may or may not be true (I think red hat does a very good job of addressing security and stability with backporting) ... BUT ... if you do not like backports, then RHEL (and since we rebuild those sources, CentOS) is not the distribution that you want to be using. Backporting is what red hat does to fix most security issues. If you have a philosophical problem with backporting (many people do, that is their prerogative) then some other enterprise Linux version would be a much better choice. I am not saying this to be a smart a$$ or be negative ... just saying that other enterprise distributions exist that provide long term stability without backports ... Unbuntu LTS is a free example. They also provide integration of all their system libraries and audit their software for security compliance. I went through this last week with OpenSSH version 5.x (not currently available for RHEL or CentOS 5 except by third party provided software), and bash. Turns out that OpenSSH 5.x doesn't read your .bashrc for non-login sessions, OpenSSH 4.x did. RHEL 6 addressed this for normal use by updating bash so it gets handled more like people expect it to behave, but I had users very upset that the new OpenSSH with the new features did not handle their reset PATH settings from their .bashrc. I would think that using an enterprise distribution of Linux where several hundreds of developers are testing the integration would serve you better than building your own openssh, your own bind, your own everything else and trying to bolt it onto the backport model that red hat uses to keep your stuff secure. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued
Bowie Bailey wrote: On 2/23/2011 6:42 PM, David Brian Chait wrote: To quote Rodney King..Can't we all just get along? Every time I see that quote, I hear Jack Nicholson as The Joker in Batman. Back in the what, late seventies, early eighties? there was a real popular self-help book called I'm Ok, You're Ok. I saw news reports, and heard from folks, that they tried it in jails to help the prisoners rehabilitate themselves. Didn't work: the guards treated it as, I'm ok, you're in jail. And closer to on topic, recall? This isn't an intranet, but a mailing list on the 'Net. Recall doesn't work mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls returns file doesn't exist, find finds it??
Thanks for the replies everyone. Les, you were right about meta-characters. The file name contains double-quotes (bad log4j config) and that's causing the problem. e.g. /opt/apps/tomcat/logs/apache.log\.-2010-09-24\ The ls command works fine after escaping double quotes: \ . My objective was to delete files matching find-pattern using 'xargs rm'. I wanted to do 'ls' before I delete these files permanently. I guess I can use 'find -delete' action instead which is working fine. -- neubyr. On Thu, Feb 24, 2011 at 7:59 AM, Les Mikesell lesmikes...@gmail.com wrote: On 2/23/11 10:54 PM, neubyr wrote: Howdy, I am getting some errors with find and ls command - such that find is able to see a file whereas ls says the file doesn't exist. Initially I was trying find and ls together as: # find ./ -type f -mtime +15 | xargs ls Similar behavior is seen even when I execute both commands separately. Any thoughts on what might be wrong here? Can you give an example of a path that find returns and the output of ls -l 'that_path_in_quotes' My first guess is that you have shell metacharacters (like spaces) in the file or directory names that the shell parses/expands if you don't quote them. Using the GNU --print0 extension to find and the matching -0 option to xargs might fix it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On 02/23/2011 02:00 PM Les Mikesell wrote: On 2/23/2011 12:36 PM, John R Pierce wrote: On 02/23/11 10:16 AM, Keith Roberts wrote: Trendnet has some. You'd need to get the java plugin working to view them in a linux browser - not sure about full-time recording software. If you don't have enough to justify a POE switch, you can get individual power bricks that plug into the line to add power at a convenient place. Les, thanks for the pointer to Trendnet. They've got a *large* selection. I'm finding that there's a variety of video formats output by these various devices... which is a consideration for us non-Windows folks. I haven't come down to a decision on which yet. Of course it's going to depend upon which are supported by Linux. For some reason, on my system flashplayer is unreliable... sometimes it works, sometimes not. MPEG4 though works fine in Firefox. Due to past experience (many bad ones), I'm leery of Java-based software, so I'd be shy about using that plug-in. Hopefully there'd be other alternatives... anyone know about some? Les, you bring up a good question about full-time recording. I don't know at all how that might work on Linux. Someone earlier mentioned ftp'ing the video files. If that's all it takes, then great. Some of the IP cameras have an ftp client, but I haven't seen one yet with an ftp *server* on it, so how it's possible to fetch and save the video files is still a mystery to me. Anyone with experience doing this with Linux? Thanks to everyone for the comments and tips, the previous and future ones. Best, ken ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED] Re: LVM problem after adding new (md) PV
On Thu, Feb 24, 2011 at 3:31 PM, Tomasz Nowak tno...@netventure.pl wrote: I solved this issue thanks to help on linux-lvm list from a guy from redhat. Initrd image had to be recreated so that new raid devices could be seen before root is mounted. Solution: # mkinitrd /boot/initrd-$(uname -r).img $(uname -r) -- Tomasz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos thank you for the update. this might help new users. -- Best Regards, Yonatan Pingle RHCT | RHCSA | CCNA1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
On 02/23/2011 09:18 PM Thomas Dukes wrote: Would appreciate some suggestions for ecommerce hosting. Been using, cough, cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really suck. Did the hosting myself for a while prior to going with godaddy but I don't have time to babysit. Seems godaddy would rather spend millions advertising during the Super Bowl than put that money to good use. TIA!! It seems you're aware of the cost/quality issue on the provider side. So don't just pick the most inexpensive one yourself. Having hosted yourself, you understand that there's some effort and expense involved. Adjust your expectations accordingly. For instance, I'd stay away from Blue Host. They're inexpensive and have just one hosting package. And they don't make adjustments to it to fit your needs. They're fine for someone who just wants to have their own website. And they have lots of ports open, including for https. But they have a lot of ports open :) and it's part of the hosting package. On the other hand, 1and1.com has a variety of packages, all with different features. So you can select which you want/need. You can also up- and downgrade your selected hosting package anytime you want. I've found the guys who answer the phones there to be helpful and knowledgeable and willing to spend time with you. That's good to have when you need it. They're a German company working out of Pennsylvania and seem to get the expertise/cordiality mix pretty good. A buddy of mine did hosting out of his house for after-work pocket money. He charge $15/month, but for that price he couldn't offer any support. His thinking was if he spent a half hour on the phone with a customer in a month, effectively this wiped out his profit on that site. If you believe time is money, it's not hard to see his thinking. As you hunt, keep in mind what you need the hosting service to provide. And then be sure to ask if they provide it. hth, ken ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability- advisory-issued
On Wed, February 23, 2011 13:07, Markus Falb wrote: On 23.2.2011 18:27, Larry Vaden wrote: US-CERT encourages users and administrators using the affected versions of BIND to upgrade to BIND 9.7.3. Optionally, one can wait on a backport. Ahhh! Have a look at the relevant bugzilla ticket at https://bugzilla.redhat.com/show_bug.cgi?id=679496 and read ...snip This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6. snap... I guess this is what you you get when you settle for an 'enterprisey' distro. Dated software that somebody else got to find the bugs in. Poor chaps. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
ken wrote: On 02/23/2011 09:18 PM Thomas Dukes wrote: Would appreciate some suggestions for ecommerce hosting. Been using, cough, cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really suck. Did the hosting myself for a while prior to going with godaddy but I don't have time to babysit. Seems godaddy would rather spend millions advertising during the Super Bowl than put that money to good use. snip Adjust your expectations accordingly. For instance, I'd stay away from Blue Host. They're inexpensive and have just one hosting package. And they don't make adjustments to it to fit your needs. They're fine for someone who just wants to have their own website. And they have lots of ports open, including for https. But they have a lot of ports open :) and it's part of the hosting package. One hosting package? Dunno, I'm paying for Hostmonster/Bluehost (same thing), and a) have had very little trouble, and b) get reasonably knowledgable people. They do offer a choice of o/s, too. Admittedly, I have a very low-traffic website, and I don't have any of the commercial packages that don't come with the basic, but *shrug* they're ok. mark On the other hand, 1and1.com has a variety of packages, all with different features. So you can select which you want/need. You can also up- and downgrade your selected hosting package anytime you want. I've found the guys who answer the phones there to be helpful and knowledgeable and willing to spend time with you. That's good to have when you need it. They're a German company working out of Pennsylvania and seem to get the expertise/cordiality mix pretty good. A buddy of mine did hosting out of his house for after-work pocket money. He charge $15/month, but for that price he couldn't offer any support. His thinking was if he spent a half hour on the phone with a customer in a month, effectively this wiped out his profit on that site. If you believe time is money, it's not hard to see his thinking. As you hunt, keep in mind what you need the hosting service to provide. And then be sure to ask if they provide it. hth, ken ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5 Security Updates
Does anyone know the time-frame when security updates might be published for these applications in CentOS 5? wireshark postgresql krb5 java-1.6.0-openjdk java-1.6.0-sun The following security updates have been published upstream (after release of RHEL 5.6) to remedy the vulnerabilities described in their associated CVE reports. Remotely Exploitable: (R) RHSA-2011:0013: Moderate: wireshark security update 1/10/11 [CVE-2010-4538] (R) RHSA-2011:0197: Moderate: postgresql security update 2/3/11 [CVE-2010-4015] (R) RHSA-2011:0199: Important: krb5 security update 2/8/11 [CVE-2011-0281] (R) [CVE-2011-0282] (R) RHSA-2011:0281: Important: java-1.6.0-openjdk security update 2/17/11 CVE-2010-4448 (R) CVE-2010-4450 CVE-2010-4465 (R) CVE-2010-4469 (R) CVE-2010-4470 (R) CVE-2010-4472 (R) RHSA-2011:0282: Critical: java-1.6.0-sun security update 2/17/11 CVE-2010-4422 (R) CVE-2010-4447 (R) CVE-2010-4448 (R) CVE-2010-4450 CVE-2010-4451 (R) CVE-2010-4452 (R) CVE-2010-4454 (R) CVE-2010-4462 (R) CVE-2010-4463 (R) CVE-2010-4465 (R) CVE-2010-4466 (R) CVE-2010-4467 (R) CVE-2010-4468 (R) CVE-2010-4469 (R) CVE-2010-4470 (R) CVE-2010-4471 (R) CVE-2010-4472 (R) CVE-2010-4473 (R) CVE-2010-4475 (R) CVE-2010-4476 (R) I know the development team is furiously working to get 5.6 out the door so I understand that there will be delays. However, it was my understanding that Critical security updates and those that are remotely exploitable would be pushed out ahead of 5.6. If 5.6 is not forthcoming I think many of us would like to see at least the security updates to cover potential vulnerabilities. Many thanks to the development team for all their hard work! :-) Respectfully, Cal Webster ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, 2011-02-24 at 14:02 -0500, Cal Webster wrote: Does anyone know the time-frame when security updates might be published for these applications in CentOS 5? wireshark postgresql krb5 java-1.6.0-openjdk java-1.6.0-sun Don't use anyone of these privately (on desktop, laptop etc.) or publicly on any of the servers. -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
Always Learning wrote: On Thu, 2011-02-24 at 14:02 -0500, Cal Webster wrote: Does anyone know the time-frame when security updates might be published for these applications in CentOS 5? wireshark postgresql krb5 java-1.6.0-openjdk java-1.6.0-sun Don't use anyone of these privately (on desktop, laptop etc.) or publicly on any of the servers. Um, don't use kerberos? Or postgresql? Or Sun's, er, Oracle's java? I can't see that going over well. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
On 02/24/2011 01:03 PM m.r...@5-cent.us wrote: ken wrote: On 02/23/2011 09:18 PM Thomas Dukes wrote: Would appreciate some suggestions for ecommerce hosting. Been using, cough, cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really suck. Did the hosting myself for a while prior to going with godaddy but I don't have time to babysit. Seems godaddy would rather spend millions advertising during the Super Bowl than put that money to good use. snip Adjust your expectations accordingly. For instance, I'd stay away from Blue Host. They're inexpensive and have just one hosting package. And they don't make adjustments to it to fit your needs. They're fine for someone who just wants to have their own website. And they have lots of ports open, including for https. But they have a lot of ports open :) and it's part of the hosting package. One hosting package? Dunno, I'm paying for Hostmonster/Bluehost (same thing), and a) have had very little trouble, and b) get reasonably knowledgable people. They do offer a choice of o/s, too. Admittedly, I have a very low-traffic website, and I don't have any of the commercial packages that don't come with the basic, but *shrug* they're ok. mark I just talked with them on the phone a couple weeks ago and that's what I was told... just one hosting package. The guy I was talking with did seem like a ditz, so maybe he was giving me bad info. We are talking about http://www.bluehost.com/? I'm looking at that page right now and I see just one package offered. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
Trendnet has some. You'd need to get the java plugin working to view them in a linux browser - not sure about full-time recording software. If you don't have enough to justify a POE switch, you can get individual power bricks that plug into the line to add power at a convenient place. Les, thanks for the pointer to Trendnet. They've got a *large* selection. I'm finding that there's a variety of video formats output by these various devices... which is a consideration for us non-Windows folks. I haven't come down to a decision on which yet. Of course it's going to depend upon which are supported by Linux. For some reason, on my system flashplayer is unreliable... sometimes it works, sometimes not. MPEG4 though works fine in Firefox. Due to past experience (many bad ones), I'm leery of Java-based software, so I'd be shy about using that plug-in. Hopefully there'd be other alternatives... anyone know about some? Les, you bring up a good question about full-time recording. I don't know at all how that might work on Linux. Someone earlier mentioned ftp'ing the video files. If that's all it takes, then great. Some of the IP cameras have an ftp client, but I haven't seen one yet with an ftp *server* on it, so how it's possible to fetch and save the video files is still a mystery to me. Anyone with experience doing this with Linux? Thanks to everyone for the comments and tips, the previous and future ones. Best, ken Hello, We have had success ACTi cameras http://www.acti.com/home/index.asp and use ZoneMinder as a DVR and a console for viewing cameras http://www.zoneminder.com/ We have also used Axis cameras but the ACTi cameras are less expensive and better fit the schools budget. Brett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, 2011-02-24 at 14:10 -0500, m.r...@5-cent.us wrote: Um, don't use kerberos? Or postgresql? Or Sun's, er, Oracle's java? I can't see that going over well. Sorry to let everyone down. I can't get too excited about these outstanding security patches. After 5 hours of trying, I can still can't panic, moan or even begin to criticise anyone about anything. Guess I am no good as a Centos critic. I'm just t-o-o biased towards good 'old Centos. All my Centos stuff is boring: web with Apache, MySQL, PHP, CSS, HTML and the inevitable PHPmyAdmin, plus mail with Exim. Rsync, SSH, Vbox and other 'boring' bits too. Would like to add Asterisk but lack the time at present because of experimenting with something called Arduino, too small to run Centos but able to control CCTV and send data over the wider Ethernet. A lot more development work is needed. Never liked running Java and don't. Occasionally run OO's text processing. Still run the 1993 version of Ami Pro 3.1 but that hasn't had a security patch ever! -- With best regards, Paul. England, EU. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5 Security Updates
On Thu, 24 Feb 2011, Cal Webster wrote: java-1.6.0-sun non FOSS, non-source provided, no? This is in an addon channel in RHEL, and so far as I know we have never shipped such Of the others the wireshark update is a periodic update of some edge case dissectors [these developers are quite good about releasing time based 'fixes' for their tool -- a different model than upstream, but perfectly valid], and if nominally remotely exploitable, as a practical matter, not a material threat The kerberos update crossed vendor-sec, but seems again to be an edge case hole The pgsql update is nominally exploitable, but any sensible environment uses iptables and network segment isolation rather than adding a world listening daemon I have commented earlier on my distress at the openjdk update NOT crossing vendor-sec. This said, again, who in their right mind exposes an unprotected Java listener application to the wild? I saw that another in the project mentioned 'bypassing' the 5.6 respin and testing delays for truly exploitable matter. The potential 'bind' updates dos attack vector turned out not to affect anything CentOS has shipped in base and updates, and so was a 'false positive' as prior discusseio here has noted If one wants SLA and deterministic intervals between announcement and release, it is just not that hard to set up one off building and updates from released sources upstream, and so one can have it at the price of a little learning and experimentation. Alternatively, CentOS releases promptly on the usual norm, and during 'point' update times, falls back to trying to avoid 'dependency skew' problems by considering the potential disruption for millions of machines each needing manual depsolving intervention, vs. getting the nest update build and QA's and out the door in a durable fashion. If that is not 'quick enough', see the prior paragraph about self-building; or seek a vendor who will sell you the SLA you deem you require. This is a simple 'build vs buy' decision [I might note that I have seen NO filed bug in the CentOS tracker asserting a need for any of the listed updates on an expedited basis] -- Russ herrold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, Feb 24, 2011 at 11:02 AM, Cal Webster cwebs...@ec.rr.com wrote: I know the development team is furiously working to get 5.6 out the door so I understand that there will be delays. However, it was my understanding that Critical security updates and those that are remotely exploitable would be pushed out ahead of 5.6. That is my understanding, too. However, I see that the only Critical one on your list is java-1.6.0-sun. This is not included in CentOS... Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Ecommerce hosting
ken wrote: On 02/24/2011 01:03 PM m.r...@5-cent.us wrote: ken wrote: On 02/23/2011 09:18 PM Thomas Dukes wrote: Would appreciate some suggestions for ecommerce hosting. Been using, cough, cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really suck. Did the hosting myself for a while prior to going with godaddy but I don't have time to babysit. Seems godaddy would rather spend millions advertising during the Super Bowl than put that money to good use. snip Adjust your expectations accordingly. For instance, I'd stay away from Blue Host. They're inexpensive and have just one hosting package. And they don't make adjustments to it to fit your needs. They're fine for someone who just wants to have their own website. And they have lots of ports open, including for https. But they have a lot of ports open :) and it's part of the hosting package. One hosting package? Dunno, I'm paying for Hostmonster/Bluehost (same thing), and a) have had very little trouble, and b) get reasonably knowledgable people. They do offer a choice of o/s, too. Admittedly, I have a very low-traffic website, and I don't have any of the commercial packages that don't come with the basic, but *shrug* they're ok. I just talked with them on the phone a couple weeks ago and that's what I was told... just one hosting package. The guy I was talking with did seem like a ditz, so maybe he was giving me bad info. We are talking about http://www.bluehost.com/? I'm looking at that page right now and I see just one package offered. Just did a search, and they *are* from the same hosting co, but the review I saw said that bluehost is the professional (business) one. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
I know the development team is furiously working to get 5.6 out the door so I understand that there will be delays. However, it was my understanding that Critical security updates and those that are remotely exploitable would be pushed out ahead of 5.6. That is my understanding, too. However, I see that the only Critical one on your list is java-1.6.0-sun. This is not included in CentOS... As far as I understand this is a highly untrivial task and breaks the binary compatible rule. Nevertheless, this was attempted one or two dot releases ago, I think as an experiment as much as anything. I am not sure how the CentOS team thought of that exercise, in hindsight. I would be interested in knowing. From the explanation that Russ gave, it was a mighty effort, as far as I remember. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, 2011-02-24 at 14:28 -0500, R P Herrold wrote: On Thu, 24 Feb 2011, Cal Webster wrote: java-1.6.0-sun non FOSS, non-source provided, no? This is in an addon channel in RHEL, and so far as I know we have never shipped such You're right - shouldn't have listed that one. I manage both RHEL and CentOS machines so this came up on the radar. Of the others the wireshark update is a periodic update of some edge case dissectors [these developers are quite good about releasing time based 'fixes' for their tool -- a different model than upstream, but perfectly valid], and if nominally remotely exploitable, as a practical matter, not a material threat Agreed. We don't use most of the dissectors that get called out either and it's easy to disable them. However, our organizational directives require full IA compliance so I have to show due diligence in resolving every vulnerability. For those that cannot be resolved I must supply work-arounds to mitigate them and a plan of action to resolve it in the end. The kerberos update crossed vendor-sec, but seems again to be an edge case hole Not critical for us since none of our engineering networks touch the Internet. If I had a public facing server, though, I'd hate to have to wonder if I might be one of those edge cases. The pgsql update is nominally exploitable, but any sensible environment uses iptables and network segment isolation rather than adding a world listening daemon True. Any enterprise operation that doesn't take such basic security precautions is asking for trouble. Still, the IA Gestapo doesn't make such distinctions. I have commented earlier on my distress at the openjdk update NOT crossing vendor-sec. This said, again, who in their right mind exposes an unprotected Java listener application to the wild? I don't disagree with you. Those who evaluate CVE's for applicability to an enterprise don't often have the technical background to distinguish between a practical and theoretical threat. For them, and because of the way $#!+ rolls downhill, myself the vulnerability must be addressed. I saw that another in the project mentioned 'bypassing' the 5.6 respin and testing delays for truly exploitable matter. The potential 'bind' updates dos attack vector turned out not to affect anything CentOS has shipped in base and updates, and so was a 'false positive' as prior discusseio here has noted If one wants SLA and deterministic intervals between announcement and release, it is just not that hard to set up one off building and updates from released sources upstream, and so one can have it at the price of a little learning and experimentation. When things settle a bit in my org and CentOS I'd like to do just that, if for nothing else than the instructional value. Alternatively, CentOS releases promptly on the usual norm, and during 'point' update times, falls back to trying to avoid 'dependency skew' problems by considering the potential disruption for millions of machines each needing manual depsolving intervention, vs. getting the nest update build and QA's and out the door in a durable fashion. Until this 3-way, back-to-back release (4.9, 5.6, 6.0) updates were plenty prompt for me. I totally understand the issues behind the delays. If that is not 'quick enough', see the prior paragraph about self-building; or seek a vendor who will sell you the SLA you deem you require. This is a simple 'build vs buy' decision Thank you for your cordial, detailed reply. We do have a standby OSS support contract based on hourly rate but only intend to use it for true emergencies. [I might note that I have seen NO filed bug in the CentOS tracker asserting a need for any of the listed updates on an expedited basis] Is that how it's done? Until now I haven't paid much attention to the process. No need since updates were fairly swift after upstream release. I report bugs directly upstream via our RH Support entitlement. I'm not sure any such assertions from me would carry much weight anyway. Even if they did I'd imagine there wouldn't be much spare manpower to act on it at this point. -- Russ herrold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: non-Windows only training sites
rant Required training from my co is from skilport.com. Sometimes, I can use Firefox to view it... but can't get the completion. Yesterday, I launch the training, and a window pops up, and says loading, and nothing else ever happens. Oh, sorry, when I close the window, it crashes all three windows of FireFox. I'm told for folks with Macs, they have them come to the offices to take it... on WinCrap, of course, with Internet Exploder. /rant rant Oh, almost forgot: I tried clicking on the web accessability, which is W3C compliant... and go to log in, and it tells me the content isn't W3C compliant, so apparently only the login page is compliant. /rant So, does anyone know of a company that provides online training for companies - I gather the companies produce the training to go on the site, or at least they customize a boilerplate - that is *not* IE only? I'd really like to throw that at the person in charge (who I've actually had a good conversation with a few months ago). mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
In article 6182d300241c67c712c405d004e0b5ab.squir...@host290.hostmonster.com, m.r...@5-cent.us wrote: Always Learning wrote: On Thu, 2011-02-24 at 14:02 -0500, Cal Webster wrote: Does anyone know the time-frame when security updates might be published for these applications in CentOS 5? wireshark postgresql krb5 java-1.6.0-openjdk java-1.6.0-sun Don't use anyone of these privately (on desktop, laptop etc.) or publicly on any of the servers. Um, don't use kerberos? Or postgresql? Or Sun's, er, Oracle's java? I can't see that going over well. I think he meant *I* don't use any of these ..., not the imperative. Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, Feb 24, 2011 at 12:05 PM, Ian Murray murra...@yahoo.co.uk wrote: However, it was my understanding that Critical security updates and those that are remotely exploitable would be pushed out ahead of 5.6. That is my understanding, too. However, I see that the only Critical one on your list is java-1.6.0-sun. This is not included in CentOS... As far as I understand this is a highly untrivial task and breaks the binary compatible rule. Nevertheless, this was attempted one or two dot releases ago, I think as an experiment as much as anything. I am not sure how the CentOS team thought of that exercise, in hindsight. I would be interested in knowing. From the explanation that Russ gave, it was a mighty effort, as far as I remember. Right, it is not an easy task as we see from the past experience. I think Karanbir is trying to come up with the way CentOS can provide critical security updates ahead of the pending major release as we can see in his post [1] to the -devel mailing list: all updates to the /5/ tree are monitored and anything which has a remote or local exploit will get pushed into the /5/ tree; things in 5.6 and against 5.6 that dont meet that criteria wait for 5.6 release. build order, linking, inheriting upstream testing etc etc to blame. [1] http://lists.centos.org/pipermail/centos-devel/2011-February/006916.html Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On 02/24/2011 02:05 PM, Ian Murray wrote: I know the development team is furiously working to get 5.6 out the door so I understand that there will be delays. However, it was my understanding that Critical security updates and those that are remotely exploitable would be pushed out ahead of 5.6. That is my understanding, too. However, I see that the only Critical one on your list is java-1.6.0-sun. This is not included in CentOS... As far as I understand this is a highly untrivial task and breaks the binary compatible rule. Nevertheless, this was attempted one or two dot releases ago, I think as an experiment as much as anything. I am not sure how the CentOS team thought of that exercise, in hindsight. I would be interested in knowing. From the explanation that Russ gave, it was a mighty effort, as far as I remember. The issue is that these are BUILT on top of 5.6 by upstream ... so they have to be built on 5.6 from us too. That is just how is just how it is ... What we have done in the past, if a fix will run OK on 5.5 and 5.6, is release the fix early. But that caused issues and bugs the last time we did it on some installs. Regardless, I don't think 5.6 will be much longer. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
I wish people would read the list archives instead of posting the same kind of questione time and again. Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, 2011-02-24 at 11:30 -0800, Akemi Yagi wrote: On Thu, Feb 24, 2011 at 11:02 AM, Cal Webster cwebs...@ec.rr.com wrote: I know the development team is furiously working to get 5.6 out the door so I understand that there will be delays. However, it was my understanding that Critical security updates and those that are remotely exploitable would be pushed out ahead of 5.6. That is my understanding, too. However, I see that the only Critical one on your list is java-1.6.0-sun. This is not included in CentOS... Thank you for your input Akemi. As I said in my response to Russ, that one should not have been on my list. All, however, do have remote exploits. These I also discussed with Russ. Regards, Cal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On 2/24/2011 9:59 AM, ken wrote: Trendnet has some. You'd need to get the java plugin working to view them in a linux browser - not sure about full-time recording software. If you don't have enough to justify a POE switch, you can get individual power bricks that plug into the line to add power at a convenient place. Les, thanks for the pointer to Trendnet. They've got a *large* selection. Don't take this as a recommendation, but I did just get an email ad from buy.com with what looked like some good prices. I'm finding that there's a variety of video formats output by these various devices... which is a consideration for us non-Windows folks. I haven't come down to a decision on which yet. Of course it's going to depend upon which are supported by Linux. For some reason, on my system flashplayer is unreliable... sometimes it works, sometimes not. MPEG4 though works fine in Firefox. Due to past experience (many bad ones), I'm leery of Java-based software, so I'd be shy about using that plug-in. Hopefully there'd be other alternatives... anyone know about some? The older trendnet ones we have offer active X or java as viewing choices in the browser. They'll capture images but just as snapshots, not video. Les, you bring up a good question about full-time recording. I don't know at all how that might work on Linux. Someone earlier mentioned ftp'ing the video files. If that's all it takes, then great. Some of the IP cameras have an ftp client, but I haven't seen one yet with an ftp *server* on it, so how it's possible to fetch and save the video files is still a mystery to me. Anyone with experience doing this with Linux? If you need that, it might be better to get a bundled standalone system that includes the recording hardware. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Thu, Feb 24, 2011 at 9:31 AM, Johnny Hughes joh...@centos.org wrote: On 02/24/2011 07:12 AM, Nico Kadel-Garcia wrote: I went through this last week with OpenSSH version 5.x (not currently available for RHEL or CentOS 5 except by third party provided software), and bash. Turns out that OpenSSH 5.x doesn't read your .bashrc for non-login sessions, OpenSSH 4.x did. RHEL 6 addressed this for normal use by updating bash so it gets handled more like people expect it to behave, but I had users very upset that the new OpenSSH with the new features did not handle their reset PATH settings from their .bashrc. I would think that using an enterprise distribution of Linux where several hundreds of developers are testing the integration would serve you better than building your own openssh, your own bind, your own everything else and trying to bolt it onto the backport model that red hat uses to keep your stuff secure. Nice try. It was a commercially provided OpenSSH distribution, sold for RHEL users, with thousands of users. (I'll send you vendor name privately, if you're curious.) I agree it gets into serious pain: this is one of the many reasons that I try to dissuade people from inserting their own components, built directly from source, not under RPM. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Alternative to cPanel
On 02/24/11 12:42 AM, Rudi Ahlers wrote: My centos system runs apache and php and postgres, and on top of that I'm running drupal, and I'm having some problems with my theme template CSS. hey, its on centos, shouldn't I discuss that here? Most certainly NOT. John, Agreed. The problem is the community around Centos is quite large and we need sometimes to ask for other's opinion regarding adjacent subjects. Who else are we going to ask? We need an offto...@centos.org list. I dunno if Off Topic is really a good name for such a list cause I don't wanna join a list where there's traffic about current events, religion, politics, etc. Tough line to draw though cause I'd certainly be interested in people's opions about other tech topics. miscli...@centos.org? I actually posted this question originally to my local LUG (Linux User Group) mailing list last week and received a couple good suggestions and a personal email to try the CentOS lists because that was what the target OS was and likely would be people there who've had experience doing this. Realize it's kind of a grey area, anyway thanks for those that provided pointers. Josh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
On Thu, 2011-02-24 at 22:00 +0100, Kai Schaetzl wrote: I wish people would read the list archives instead of posting the same kind of questione time and again. Kai Thank you for your thoughts Kai. I have invested quite a bit of time reading the CentOS and CentOS-Devel archives, including this one from KB: http://lists.centos.org/pipermail/centos/2011-February/105486.html Seems to me that my post was both relevant and appropriate. All the vulnerabilities I cited were either Critical or remotely exploitable. If my specific query was answered elsewhere, off topic, or out of line I apologize. See my earlier response to Russ's kind, detailed reply for more. I've also read the FAQ: http://wiki.centos.org/FAQ/General ...as well as Eric and Rick's Smart Questions FAQ (all common sense): http://www.catb.org/~esr/faqs/smart-questions.html This is not my first time around the block Kai. As much as I hate wasting my own time, I will go out of my way to avoid wasting that of others... especially those who are working hard on their own time on my behalf. I only ask questions when I can't find answers using local or on-line resources. I always try to make my questions concise but with sufficient detail for others to answer, selecting the appropriate forum based upon community guidelines. I'm not easily offended so I welcome constructive criticism, even harsh critique. You'll find me to be considerate, respectful, and generous because I try to treat others the same way I expect to be treated. Please don't be offended if I do not respond to additional replies. I see no benefit to the list or myself in extended arguments. Cal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with timezone configuration
On Mon, Feb 21, 2011 at 1:41 AM, John Nash cen...@nikomachus.info wrote: Hello, I have a problem configuring the timezone on a CentOS 5.5 server. I would like the timezone to be Europe/Paris. I have followed the steps described here: http://www.wikihow.com/Change-the-Timezone-in-Linux I think I have changed the appropriate configuration files ( /etc/localtime, /etc/sysconfig/clock ), but the output of the ‘date’ command still indicates the timezone is EST. [root@xxx ~]# cat /etc/redhat-release CentOS release 5.5 (Final) [root@s15370074 ~]# ls -l /etc/localtime lrwxrwxrwx 1 root root 32 Feb 19 18:31 /etc/localtime - /usr/share/zoneinfo/Europe/Paris [root@xxx ~]# cat /etc/sysconfig/clock ZONE=Europe/Paris UTC=true ARC=false [root@xxx ~]# echo $TZ [root@xxx ~]# [root@xxx ~]# date Sun Feb 20 18:01:28 EST 2011 [root@xxx ~]# rdate -s time.mit.edu [root@xxx ~]# hwclock –systohc [root@xxx ~]# date Sun Feb 20 18:03:34 EST 2011 Note that I have even completely rebooted the server, with no effect. Am I missing something important ? Thank you in advance for your suggestions ! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos why work hard? yum install system-config-date system-config-date -- Best Regards, Yonatan Pingle RHCT | RHCSA | CCNA1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Security Updates
You don't seem to understand. ;-) I don't take your reply as an offense and I don't mean mine as an offense, but: If you did your research then you knew what answer you would get. And you indeed got that answer. And you were not the only one who asked that and who got that same answer. The specific package you ask about is irrelevant. The question comes up every so often and every so often they get the same answer. So, why do people think they have to ask the same stuff yet again? In case you (or any lurking soul) still don't know the answer: it is it comes when it comes. Good night, Kai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Feb 24, 2011, at 9:31 AM, Johnny Hughes joh...@centos.org wrote: I am not saying this to be a smart a$$ or be negative ... just saying that other enterprise distributions exist that provide long term stability without backports ... Unbuntu LTS is a free example. They also provide integration of all their system libraries and audit their software for security compliance. I think the primary driving factor for Redhat to employ the backport method is to maintain a stable ABI across a release, and the primary reason for that is for third party application support. Redhat wants to provide a platform for which commercial vendors can develop their wares such that they can say it supports RHEL 5 or 6 and it will actually run on said platform without loss of functionality or stability. I doubt the same can be said about Ubuntu LTS or even SLES where a change in a library can result in either the third party application not working or working with limited functionality. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security cameras
On 02/24/2011 09:00 AM, centos-requ...@centos.org wrote: On 02/23/2011 01:36 PM John R Pierce wrote: On 02/23/11 10:16 AM, Keith Roberts wrote: I think you will get far better video quality using CCTV cameras than a webcam on a USB port. you may think that, but those solutions you mentioned are all NTSC composite video, while even a $30 USB webcam now days is 2 megapixels or higher. anyways, the OP wants cameras that connect to the network and get their power off the ethernet cable, not a USB or a CCTV camera. Yes. True. I'm not interested in either USB or CCTV. Ethernet cams are much better and smarter technology and, from what I hear, easier to install and set up. From experience I can attest to the fact that PAL/NTSC CCTV cameras are significantly inferior to modern digital security cameras. I have used devices from Axis, who appear to be the largest and most diverse manufacturer (www.axis.com) but they're not the cheapest. As an aside, Axis cameras run embedded Linux. The newer Ethernet-enabled cameras can use POE (power over Ethernet) but you'll need either a power supply that you insert somewhere along the cable run, or a POE-enabled switch which supplies power to its Ethernet ports. Several brands are available. Using POE makes a lot of sense and saves a lot of trouble, but make sure your Ethernet cable installation is of high quality. Open-source software such as ZoneMinder works with cameras from several manufacturers, and runs on CentOS. I personally haven't tried it, but I understand it works well. Chuck ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] wicd questions
Hello I am trying to get wicd to work on Cent 5.5 it installs fine but when i run wicd-curses i get this error wicd-curses File /usr/share/wicd/curses/wicd-curses.py, line 505 class appGUI(): ^ SyntaxError: invalid syntax my versions of wicd and python-urwid are wicd-1.7.0-3.el5 python-urwid-0.9.8.4-3.el5 Has anyone been able to get wicd working ? Or does anyone know how to fix the python syntax error ? I would like to be able to control my wireless networks via command line. btw this is not a centos base package so flame away please thanks. LostSon CentOS - It's not just for servers ya know... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On 02/24/2011 05:43 PM, Ross Walker wrote: On Feb 24, 2011, at 9:31 AM, Johnny Hughes joh...@centos.org mailto:joh...@centos.org wrote: I am not saying this to be a smart a$$ or be negative ... just saying that other enterprise distributions exist that provide long term stability without backports ... Unbuntu LTS is a free example. They also provide integration of all their system libraries and audit their software for security compliance. I think the primary driving factor for Redhat to employ the backport method is to maintain a stable ABI across a release, and the primary reason for that is for third party application support. Redhat wants to provide a platform for which commercial vendors can develop their wares such that they can say it supports RHEL 5 or 6 and it will actually run on said platform without loss of functionality or stability. I doubt the same can be said about Ubuntu LTS or even SLES where a change in a library can result in either the third party application not working or working with limited functionality. That is absolutely true and I agree with you 100% ... I like the constant ABI across the release and the backport model, otherwise I would be building something else. But I also know that there are people who think backporting is the Devil. I was only trying to provide sane advise for those people ... I think it is much safer (and more stable) to use unbuntu than to try and build your own latest bind and your own latest ssh and your own latest apache and your own latest php and other stuff and then bolt that into CentOS. If you start breaking the constant ABI and introducing lots of new shared libs, etc, then you are totally negating the only 2 things (ABI and stability) that makes CentOS an enterprise OS. You are even likely better off using Fedora than trying to replace massive parts of CentOS with newer stuff. Now ... I have done some custom things myself (like roll in Samba 3.4.x for Windows 7 PDC support into c4 and c5 and CentOS 5 LDAP in CentOS 4 so I could add new C5 machines as Domain controllers in new offices with some older C4 machines as domain controllers in the old offices without having to replace the older OSes). So, with limited changes, it is possible. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On 2/24/11 7:37 PM, Johnny Hughes wrote: On 02/24/2011 05:43 PM, Ross Walker wrote: On Feb 24, 2011, at 9:31 AM, Johnny Hughesjoh...@centos.org mailto:joh...@centos.org wrote: I am not saying this to be a smart a$$ or be negative ... just saying that other enterprise distributions exist that provide long term stability without backports ... Unbuntu LTS is a free example. They also provide integration of all their system libraries and audit their software for security compliance. I think the primary driving factor for Redhat to employ the backport method is to maintain a stable ABI across a release, and the primary reason for that is for third party application support. Redhat wants to provide a platform for which commercial vendors can develop their wares such that they can say it supports RHEL 5 or 6 and it will actually run on said platform without loss of functionality or stability. I doubt the same can be said about Ubuntu LTS or even SLES where a change in a library can result in either the third party application not working or working with limited functionality. That is absolutely true and I agree with you 100% ... I like the constant ABI across the release and the backport model, otherwise I would be building something else. Can someone remind me why VMware server 2.x broke with a RHEL/CentOS 5.x glibc update? I switched back to 1.x which I like better anyway, but if the reason for putting up with oldness is to keep that from happening, it didn't work. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Detecting harddrive problem
Hi all, Recently I realize the filesystem became Read-only and there is media error message in the system log. It has passed several days without notice. I'm thinking of setting up a script to grep that media error and send email. Is there more elegant way of doing this? Thank you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] VMware (was Re: current bind version)
On Thu, Feb 24, 2011 at 08:04:08PM -0600, Les Mikesell wrote: Can someone remind me why VMware server 2.x broke with a RHEL/CentOS 5.x glibc update? I switched back to 1.x which I like better anyway, but if the reason for putting up with oldness is to keep that from happening, it didn't work. You may want to try VMware-player if you, (like almost everyone else) preferred 1.x to 2.x. The later versions of player are more like 1.x, allowing you to install an operating system from ISO or whatever, and work quite well with 64 bit CentOS. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Adam: You failed me. Spike: Let's not quibble about who failed who. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] current bind version
On Feb 24, 2011, at 8:37 PM, Johnny Hughes joh...@centos.org wrote: On 02/24/2011 05:43 PM, Ross Walker wrote: On Feb 24, 2011, at 9:31 AM, Johnny Hughes joh...@centos.org mailto:joh...@centos.org wrote: I am not saying this to be a smart a$$ or be negative ... just saying that other enterprise distributions exist that provide long term stability without backports ... Unbuntu LTS is a free example. They also provide integration of all their system libraries and audit their software for security compliance. I think the primary driving factor for Redhat to employ the backport method is to maintain a stable ABI across a release, and the primary reason for that is for third party application support. Redhat wants to provide a platform for which commercial vendors can develop their wares such that they can say it supports RHEL 5 or 6 and it will actually run on said platform without loss of functionality or stability. I doubt the same can be said about Ubuntu LTS or even SLES where a change in a library can result in either the third party application not working or working with limited functionality. That is absolutely true and I agree with you 100% ... I like the constant ABI across the release and the backport model, otherwise I would be building something else. But I also know that there are people who think backporting is the Devil. I was only trying to provide sane advise for those people ... I think it is much safer (and more stable) to use unbuntu than to try and build your own latest bind and your own latest ssh and your own latest apache and your own latest php and other stuff and then bolt that into CentOS. If you start breaking the constant ABI and introducing lots of new shared libs, etc, then you are totally negating the only 2 things (ABI and stability) that makes CentOS an enterprise OS. You are even likely better off using Fedora than trying to replace massive parts of CentOS with newer stuff. Now ... I have done some custom things myself (like roll in Samba 3.4.x for Windows 7 PDC support into c4 and c5 and CentOS 5 LDAP in CentOS 4 so I could add new C5 machines as Domain controllers in new offices with some older C4 machines as domain controllers in the old offices without having to replace the older OSes). So, with limited changes, it is possible. I was pretty sure you understood, it was more for the audience. Also to add, there is nothing wrong with adding custom builds of software, just make sure it goes in '/usr/local' for 'make install' builds and their updated libraries if they need updated libraries. If one is doing custom RPM builds it is still better to locate in '/usr/local' if possible, otherwise make damn sure it doesn't conflict with the base CentOS RPMs or one may find his/her self in dependency hell. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
I have always had issues with VMware server and compiling of kernel modules, normally ended up costing a couple of days effort .. I have found 2 is more resource intensive than 1. Rather use ESXi 4.1 and get up and running quickly. If your hardware is not on the supported list there are other lists of tested hardware where people have it running on Unsupported hardware. Player is not a solution if the Virtual machine needs to be running 24/7. It's more suited to testing and demo use. Greg Machin Systems Administrator - Linux Infrastructure Group, Information Services -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Scott Robbins Sent: Friday, 25 February 2011 3:14 p.m. To: CentOS mailing list Subject: [CentOS] VMware (was Re: current bind version) On Thu, Feb 24, 2011 at 08:04:08PM -0600, Les Mikesell wrote: Can someone remind me why VMware server 2.x broke with a RHEL/CentOS 5.x glibc update? I switched back to 1.x which I like better anyway, but if the reason for putting up with oldness is to keep that from happening, it didn't work. You may want to try VMware-player if you, (like almost everyone else) preferred 1.x to 2.x. The later versions of player are more like 1.x, allowing you to install an operating system from ISO or whatever, and work quite well with 64 bit CentOS. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Adam: You failed me. Spike: Let's not quibble about who failed who. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On Fri, Feb 25, 2011 at 03:44:32PM +1300, Machin, Greg wrote: snip of good information Rather use ESXi 4.1 and get up and running quickly. If your hardware is not on the supported list there are other lists of tested hardware where people have it running on Unsupported hardware. Player is not a solution if the Virtual machine needs to be running 24/7. It's more suited to testing and demo use. Agreed--I haven't really found server, however, to be all that great for 24/7, so I assumed (and we know what happens when one assumes), that it was being used for testing. For any sort of production use, ESXi 4.1 is quite good. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Spike: What's Big Blue doing anyway? The Judge: I am preparing. Spike: It's interesting to me that preparing looks a great bit like sitting on your ass. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [OT] building src rpm on RHEL5 using mock https://bugzilla.redhat.com/show_bug.cgi?id=680144
Does anyone have experience using mock on RHEL5 with the RHN? I use mock easily on Centos, I get errors like /bin/sh not found, useradd not found build failed? messages from it on RHEL w/ RHN. Any suggestions on where to start looking. -Jason Pyeron -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On 2/24/11 8:56 PM, Scott Robbins wrote: On Fri, Feb 25, 2011 at 03:44:32PM +1300, Machin, Greg wrote: snip of good information Rather use ESXi 4.1 and get up and running quickly. If your hardware is not on the supported list there are other lists of tested hardware where people have it running on Unsupported hardware. Player is not a solution if the Virtual machine needs to be running 24/7. It's more suited to testing and demo use. Agreed--I haven't really found server, however, to be all that great for 24/7, so I assumed (and we know what happens when one assumes), that it was being used for testing. For any sort of production use, ESXi 4.1 is quite good. Player isn't good for most of my usage because most of the time I don't want the console display at all - I just connect to the guests remotely with freenx/ssh/vnc when necessary. And I have Server 1.x setups that have run for years with no attention or downtime. I agree that ESXi is better, but it wasn't free when I built the VMs and I'm running some native Centos stuff on the host along with several guests. Anyway, my point was that the fabled library ABI stability of RHEL turned out not to work for VMware Server 2.0. But CentOS did come through with bug-for-bug compatibility as promised, causing the same crashing behavior after the same minor-rev update. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Detecting harddrive problem
On Fri, Feb 25, 2011 at 4:11 AM, Fajar Priyanto fajar...@arinet.org wrote: Hi all, Recently I realize the filesystem became Read-only and there is media error message in the system log. It has passed several days without notice. I'm thinking of setting up a script to grep that media error and send email. Is there more elegant way of doing this? Thank you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Actions needed to be done: Buy new disk Remove old disk Install OS on new disk Migrate data from old disk done. elegant way? but two new disks. configure mdadm to mail you if the array fails. -- Best Regards, Yonatan Pingle RHCT | RHCSA | CCNA1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On 25/02/2011 1:13 PM, Scott Robbins wrote: On Thu, Feb 24, 2011 at 08:04:08PM -0600, Les Mikesell wrote: Can someone remind me why VMware server 2.x broke with a RHEL/CentOS 5.x glibc update? I switched back to 1.x which I like better anyway, but if the reason for putting up with oldness is to keep that from happening, it didn't work. You may want to try VMware-player if you, (like almost everyone else) preferred 1.x to 2.x. The later versions of player are more like 1.x, allowing you to install an operating system from ISO or whatever, and work quite well with 64 bit CentOS. I have begun to switch all my hosts without hardware virtualization, so can't use ESXi, to VirtualBox. With the addition of an init.d script it works well as a headless virtual host. The VirtualBox commandline support is far superior to VMware Server. With the help of puppet I have automated the entire host install, configuration, guest vm creation and guest install and configuration. VirtualBox was far easier to wrap puppet around than VMware Server was too. Ben ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On 2/24/11 8:56 PM, Scott Robbins wrote: On Fri, Feb 25, 2011 at 03:44:32PM +1300, Machin, Greg wrote: snip of good information Rather use ESXi 4.1 and get up and running quickly. If your hardware is not on the supported list there are other lists of tested hardware where people have it running on Unsupported hardware. Player is not a solution if the Virtual machine needs to be running 24/7. It's more suited to testing and demo use. Agreed--I haven't really found server, however, to be all that great for 24/7, so I assumed (and we know what happens when one assumes), that it was being used for testing. For any sort of production use, ESXi 4.1 is quite good. Player isn't good for most of my usage because most of the time I don't want the console display at all - I just connect to the guests remotely with freenx/ssh/vnc when necessary. And I have Server 1.x setups that have run for years with no attention or downtime. I agree that ESXi is better, but it wasn't free when I built the VMs and I'm running some native Centos stuff on the host along with several guests. Anyway, my point was that the fabled library ABI stability of RHEL turned out not to work for VMware Server 2.0. But CentOS did come through with bug-for-bug compatibility as promised, causing the same crashing behavior after the same minor-rev update. Simple solution really, bring up an ESXi box and use Vmware's free converter tool to convert the old VMs to ESXi (in most cases while they are running). It is a pretty seamless changeover, and ESXi is far better from a supportability and performance standpoint. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On 02/24/11 9:18 PM, Ben wrote: I have begun to switch all my hosts without hardware virtualization, so can't use ESXi, to VirtualBox. ESXi only needs hardware virtualization support for 64bit guest VMs. as long as you can live with 32bit VMs, you're good with older CPUs. I have it running a dozen or more VMs on a quad Opteron 850 system (4 x single core 2.4Ghz) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
On 25/02/2011 4:51 PM, John R Pierce wrote: On 02/24/11 9:18 PM, Ben wrote: I have begun to switch all my hosts without hardware virtualization, so can't use ESXi, to VirtualBox. ESXi only needs hardware virtualization support for 64bit guest VMs. as long as you can live with 32bit VMs, you're good with older CPUs. I have it running a dozen or more VMs on a quad Opteron 850 system (4 x single core 2.4Ghz) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks, I did not know that. I could've swarn I had tested it on some old IBM x306. Will have to take a look into that. I still like that automation that I get with CentOS, puppet and VirtualBox. Ben ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VMware (was Re: current bind version)
Thanks, I did not know that. I could've swarn I had tested it on some old IBM x306. Will have to take a look into that. I still like that automation that I get with CentOS, puppet and VirtualBox. Ben I think you need to download the VI3 rather than 4.1 to use 32 bit support, but it does work. I have it in production on some older hardware and it has not let me down yet. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] wicd questions
lostson wrote: my versions of wicd and python-urwid are wicd-1.7.0-3.el5 python-urwid-0.9.8.4-3.el5 snip btw this is not a centos base package I have a broken piece of software, it's not from centos and I won't tell you where it's coming from but can you help me? wtf?? why don't you go ask whoever made that package then? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos