[CentOS-announce] CESA-2012:0080 Critical CentOS 6 thunderbird Update
CentOS Errata and Security Advisory 2012:0080 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0080.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1a2681ea3959534092537138c2279f17c8b1208ac36e8e5ca681a4aabceb42b2 thunderbird-3.1.18-1.el6.centos.i686.rpm x86_64: 4bac01fccd5c95efdd359b85e18f4a9513e7071dfb3db898ea0ddbd900de853f thunderbird-3.1.18-1.el6.centos.x86_64.rpm Source: 80a44822d95e4369092cba960b7e835d97224a438dd011d27c923d629e625ebb thunderbird-3.1.18-1.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:0079 Critical CentOS 6 firefox Update
CentOS Errata and Security Advisory 2012:0079 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0079.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 616dfcd73837cd45a5e808ef6128c4014bf0f281f1dcea836755bb537ff8ff79 firefox-3.6.26-1.el6.centos.i686.rpm 1989efe37d539d0bcba42fbeb94669989832fb5d78efea2f6d6ed4cecaa1f331 xulrunner-1.9.2.26-1.el6.centos.i686.rpm 6f696b4197eceebaf3b3a0ac986c73c29d84d3a9b1013c6eee463b74918b83e2 xulrunner-devel-1.9.2.26-1.el6.centos.i686.rpm x86_64: 616dfcd73837cd45a5e808ef6128c4014bf0f281f1dcea836755bb537ff8ff79 firefox-3.6.26-1.el6.centos.i686.rpm 1afab7767951b359f0d2aac690735e6c16eb9892974e774119e08f1ceddcac84 firefox-3.6.26-1.el6.centos.x86_64.rpm 1989efe37d539d0bcba42fbeb94669989832fb5d78efea2f6d6ed4cecaa1f331 xulrunner-1.9.2.26-1.el6.centos.i686.rpm 6ef8802c42366a074752d9578f7cc36248316579bcff3be16747c618e6b4f4e0 xulrunner-1.9.2.26-1.el6.centos.x86_64.rpm 6f696b4197eceebaf3b3a0ac986c73c29d84d3a9b1013c6eee463b74918b83e2 xulrunner-devel-1.9.2.26-1.el6.centos.i686.rpm 391b5d94101ba5d84d03cd2edc90ddc36c8e51a30bdd371c3e57898b4fe20d6e xulrunner-devel-1.9.2.26-1.el6.centos.x86_64.rpm Source: a3fc6efbd488e792eccb8c0f30a0c769dfa9f7f03620b0092f62c739c7dabb19 firefox-3.6.26-1.el6.centos.src.rpm d8e575843c70d50ec2fd83d4ba2957e67db940137a0f2f565b873da7f0b2f1f8 xulrunner-1.9.2.26-1.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:0085 Critical CentOS 4 thunderbird Update
CentOS Errata and Security Advisory 2012:0085 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0085.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b7bd0203780041e56bfdacd133910fb7bf6645e92e16fc9a142a60462140077d thunderbird-1.5.0.12-46.el4.centos.i386.rpm x86_64: c2822364f15810c152b38dfe8ade511c898e0274edf92d6827dcf06413644049 thunderbird-1.5.0.12-46.el4.centos.x86_64.rpm Source: cfa54105337e24af952a122a4686143008f4653d445a0a4207b11afe2a5d031c thunderbird-1.5.0.12-46.el4.centos.src.rpm -- Tru Huynh CentOS Project { http://www.centos.org/ } irc: tru_tru, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:0084 Critical CentOS 4 seamonkey Update
CentOS Errata and Security Advisory 2012:0084 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0084.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8e65499901a4e966feeec3d86852ab83732a2b6009e6c31381ccc7920976540e seamonkey-1.0.9-78.el4.centos.i386.rpm 318bf549a716396ea0fb8d08cf9d2f7ffaa580f88918dea7244253254f27c397 seamonkey-chat-1.0.9-78.el4.centos.i386.rpm 07e9e163568b647fb3503fcbab617b5e8389d2623941c1a59dd95f0224ae1f1e seamonkey-devel-1.0.9-78.el4.centos.i386.rpm 9fa735849fae91e0c73b7cf27a0b7b18e8754f18dccd67860ba6fcb00909efc1 seamonkey-dom-inspector-1.0.9-78.el4.centos.i386.rpm 2c232290e73a77235f32e5cfaae86fd2be2e442e766bc235867c15957d993e7c seamonkey-js-debugger-1.0.9-78.el4.centos.i386.rpm 72911bed37422497d53ebb0811371b7b80ebf8aebbcc41b24d81e7cc9c19e050 seamonkey-mail-1.0.9-78.el4.centos.i386.rpm x86_64: 82753ad1ced5ca9200efc4eb70376876e99792a3cdef3fa34f38255015b8edd7 seamonkey-1.0.9-78.el4.centos.x86_64.rpm a4a3dd836ed9fdbc49fd00906711b655a3322d4592271466025a8d72f75bfd10 seamonkey-chat-1.0.9-78.el4.centos.x86_64.rpm aba6cb81a4e0fe2e24a2dbe10cc658b9a3d10eb87fa343606edd2badff9aab5c seamonkey-devel-1.0.9-78.el4.centos.x86_64.rpm e2c14df6c085267411e692236731b255bf1358dea6fe566e78bb1091674ed419 seamonkey-dom-inspector-1.0.9-78.el4.centos.x86_64.rpm 8236ac456608828e7307185c6b9c0c8b04fbedbc8a3165d1af5b618e23c7e681 seamonkey-js-debugger-1.0.9-78.el4.centos.x86_64.rpm 4883d260e5b4ac920b33e0ffec16d42755405be6bd164f28bcdd6fbf6363d4fa seamonkey-mail-1.0.9-78.el4.centos.x86_64.rpm Source: f9f45fbde78317d254cd0ee83a3a2c04387b32d8be0e54d5773b16272f2b614c seamonkey-1.0.9-78.el4.centos.src.rpm -- Tru Huynh CentOS Project { http://www.centos.org/ } irc: tru_tru, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:0085 Critical CentOS 5 thunderbird Update
CentOS Errata and Security Advisory 2012:0085 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0085.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 0c180639016c20b992c9b387046579604437c6a560abd5fb724561822dd91e4b thunderbird-2.0.0.24-28.el5.centos.i386.rpm x86_64: 1976954a67981d4d44bed14775d83eb6cf1d9ee67098f31f9edee57ef92da70d thunderbird-2.0.0.24-28.el5.centos.x86_64.rpm Source: de13ae1ca189677e67a955e98e7d78623943f21440276d8de4a42046d399f04a thunderbird-2.0.0.24-28.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:0086 Moderate CentOS 4 openssl Update
CentOS Errata and Security Advisory 2012:0086 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0086.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d4fa42294b698cd8aaa87f4ec25fddc7d0a5c2d73dce9359ad3dec7b0598679d openssl-0.9.7a-43.18.el4.i386.rpm 51f2bff72ebece544abce0b2f8011fd8ea06f6e6d2892ffc1338f8b0c6472d33 openssl-0.9.7a-43.18.el4.i586.rpm 7393bc427484b8193c15c29682c5a9310c06de2ea0659ed78d684c0390e2fe34 openssl-0.9.7a-43.18.el4.i686.rpm 8961d9591e4459caa351fd121072065b9daa8b5fe7627c4f82aa3dfdbeedd768 openssl-devel-0.9.7a-43.18.el4.i386.rpm 21ad59a320f9474a7e2a4cf66d757602c144336c3540f77a2e9135155e5088d3 openssl-devel-0.9.7a-43.18.el4.i586.rpm 4cc71135a0f70a225efa6a7ddbeda9077c6e17cf908b7268ed336e9e19170eff openssl-perl-0.9.7a-43.18.el4.i386.rpm 790224367954fb3a8372917b40629f8a818f2712b0608a0c6c585016250e6f23 openssl-perl-0.9.7a-43.18.el4.i586.rpm x86_64: 7393bc427484b8193c15c29682c5a9310c06de2ea0659ed78d684c0390e2fe34 openssl-0.9.7a-43.18.el4.i686.rpm ce06078bb4af51e619c9b79ef32c0e8123c25047ff745372f797f9778a739aa1 openssl-0.9.7a-43.18.el4.x86_64.rpm 8961d9591e4459caa351fd121072065b9daa8b5fe7627c4f82aa3dfdbeedd768 openssl-devel-0.9.7a-43.18.el4.i386.rpm 3e06f7b8628d216c10f17be7cf14a0f10cf40d71e72cf730529b3c9f0d2453b0 openssl-devel-0.9.7a-43.18.el4.x86_64.rpm 4cc71135a0f70a225efa6a7ddbeda9077c6e17cf908b7268ed336e9e19170eff openssl-perl-0.9.7a-43.18.el4.i386.rpm 9ea2118dc5a1b2ece627189dcdc42e3e5ed3f6428a13366d137a8ca90ef6bed2 openssl-perl-0.9.7a-43.18.el4.x86_64.rpm Source: d65c37417f26fc83627b9c997946baa91a3ba7cc09347e47f0349f2460358346 openssl-0.9.7a-43.18.el4.src.rpm -- Tru Huynh CentOS Project { http://www.centos.org/ } irc: tru_tru, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-virt] CentOS6 virtio?
In this very extensive guide for setting op a 2-node KVM cluster in RH6 he also sets up a Windows 2008 server using the virtio drivers. You need to scroll down a fair bit. Here is the link for the part where he explains how to provision a Windows 2008 server. https://alteeve.com/w/2-Node_Red_Hat_KVM_Cluster_Tutorial#Provisioning_vm0004-ms Maybe this is of use for you. Thanks, Hans. After looking at all the options, I started from scratch and am now installing with virt-manager following the RHEL Virtualization Host Configuration and Guest Installation Guide, 10.1.2. Installing drivers during the Windows installation. The emphasis being on *during*. I did manage to install the balloon drivers onto the previous image, but just them, and no idea how to add the other virtio drivers. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] Yes another I can't open port 53 for Bind DNS
Hi, It's just past 3am and for the past 6 hours I've been configuring a secondary name server to replace one that just crashed. My problem appears to be that port 53 is not open for some reason on my server even though I have this: [root@tribe etc]# netstat -an | grep :53 tcp0 0 205.211.154.3:53 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:53 0.0.0.0:* LISTEN udp0 0 205.211.154.3:530.0.0.0:* udp0 0 127.0.0.1:530.0.0.0:* udp0 0 205.211.154.3:530.0.0.0:* udp0 0 127.0.0.1:530.0.0.0:* udp0 0 205.211.154.3:530.0.0.0:* udp0 0 127.0.0.1:530.0.0.0:* udp0 0 205.211.154.3:530.0.0.0:* udp0 0 127.0.0.1:530.0.0.0:* udp0 0 205.211.154.3:530.0.0.0:* udp0 0 127.0.0.1:530.0.0.0:* udp0 0 205.211.154.3:530.0.0.0:* udp0 0 127.0.0.1:530.0.0.0:* But with a test from http://www.yougetsignal.com/tools/open-ports/ it says port 53 is closed. I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 I'm not using iptables (well I didn't configure any) [root@tribe log]# iptables --line-numbers -n -L Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 2ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 3ACCEPT all -- 0.0.0.0/00.0.0.0/0 4ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 5REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination Currently this server is not behind any type of firewall. Can someone suggest something I have forgotten? TIA, Shane ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yes another I can't open port 53 for Bind DNS
Shane Bywater wrote: Hi, It's just past 3am and for the past 6 hours I've been configuring a secondary name server to replace one that just crashed. My problem appears to be that port 53 is not open for some reason on my server even though I have this: [root@tribe etc]# netstat -an | grep :53 tcp0 0 205.211.154.3:53 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:53 0.0.0.0:* LISTEN udp0 0 205.211.154.3:530.0.0.0:* {snip} But with a test from http://www.yougetsignal.com/tools/open-ports/ it says port 53 is closed. I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 I'm not using iptables (well I didn't configure any) {snip} 5REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited {snip} Can someone suggest something I have forgotten? TIA, Shane I think iptables rule 5 is stopping DNS. I can 'see' your ICMP (ping) and SSH are open from here. I've not used Centos 6 in production yet but try entering:- iptables -I INPUT 4 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -I INPUT 4 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT hopefully that will fix it YMMV Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yes another I can't open port 53 for Bind DNS
Ken Smith wrote: Shane Bywater wrote: Hi, It's just past 3am and for the past 6 hours I've been iptables -I INPUT 4 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -I INPUT 4 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Ken Obviously those commands are all on one line so the '--state' is followed by 'NEW,' and not line wrapped as in this e-mail :-) Ken -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mod_rails under Apache under Ceontos 6
On Mon, Jan 30, 2012 at 7:00 PM, Craig White craig.wh...@ttiltd.com wrote: On Jan 30, 2012, at 10:12 AM, Boris Epstein wrote: Hello listmates, For some reason we don't seem to be able to launch a Ruby-on-rails application ( http://www.redmine.org/ ) on a CentOS 6 machine under Apache. Nor can I find a mod_rails as a separate package for it. Would anyone have any idea what we might be doing wrong? mod rails is 'passenger' which is typically installed as a gem and then finished by executing the bind code (as root) gem install passenger passenger-install-apache2-module but CentOS 6 might have a package that does this but it is certain to be out of date at any given time which makes the gem more suitable. I think you will find this a good resource: http://blog.phusion.nl/2011/01/04/phusion-passenger-native-packages-for-redhatfedoracentos/ http://passenger.stealthymonkeys.com/ -- Mikael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Double Copies Double Copies
On 02/01/2012 02:16 AM, Mark LaPierre wrote: Hey Y'all, why am I getting double copies of every email on this list today when it wasn't happening yesterday? Isn't happening on any of my other email. I still get only one mail, as it should be. Maybe your server-client connection is getting berserk. do you have webmail access so you can check if duplicate mails are on the server also? -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GUI login issues over NFS
On Tue, Jan 31, 2012 at 03:10:15PM -0500, Michael Weiner wrote: On Fri, Jan 27, 2012 at 9:28 AM, Tru Huynh t...@centos.org wrote: no other idea for the moment. Tru - I think i *MAY* have this figured out. When you do 'ibrix_fs -i' is compatibility set to no? If so, are you a 64-bit client only shop? I am wondering if our having the 64-bit mode set is causing the problems. I did my tests on c5/c6 x86_64 only. [root@lri-brix01 temp]# ibrix_fs -i FileSystem: ibrix = Total Segments: 24 STATE : Mounted Mirrored? : No Compatible? : No [root@xx2 ~]# ibrix_fs -i FileSystem: ibfs1 = Total Segments: 4 STATE : Mounted Mirrored? : No Compatible? : Yes,MaxSegments=63 I don't have account on the ibrix machine. imho: this should be fixed by HP/ibrix support team. Good luck, Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpc9ZU06zpco.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] first steps in selinux: cron.daily and postfix
Hello, my CentOS 6.2 server sends the daily messages correct e.g. today at Feb 1 03:31:14 At the beginning of work hours (9:00 am local time): Feb 1 10:06:17 server postfix/sendmail[27125]: fatal: chdir /var/spool/postfix: Permission denied Solution: restorecon -R /var/spool/postfix/ Afterwards, postfix is OK again. My own cron jobs will be run latest 1 am What daily cron job destroys the selinux permissions? -- Viele Grüße Helmut Drodofsky Internet XS Service GmbH Heßbrühlstraße 15 70565 Stuttgart Geschäftsführung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774 Tel. 0711 781941 0 Fax: 0711 781941 79 Mail:i...@internet-xs.de www.internet-xs.de ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] timeconfig
On Tuesday 31 January 2012 14:08:20 Roberto Alvarado wrote: cp -f /usr/share/zoneinfo/YOURTIMEZONE /etc/localtime And you have to do that every time you update the glibc package. Any better way to configure time properly? Regards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yes another I can't open port 53 for Bind DNS
On 02/01/2012 10:01 AM, Ken Smith wrote: Shane Bywater wrote: Hi, It's just past 3am and for the past 6 hours I've been configuring a secondary name server to replace one that just crashed. My problem appears to be that port 53 is not open for some reason on my server even though I have this: [root@tribe etc]# netstat -an | grep :53 tcp0 0 205.211.154.3:53 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:53 0.0.0.0:* LISTEN udp0 0 205.211.154.3:530.0.0.0:* {snip} But with a test from http://www.yougetsignal.com/tools/open-ports/ it says port 53 is closed. I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 I'm not using iptables (well I didn't configure any) {snip} 5REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited {snip} Can someone suggest something I have forgotten? TIA, Shane I think iptables rule 5 is stopping DNS. I can 'see' your ICMP (ping) and SSH are open from here. I've not used Centos 6 in production yet but try entering:- iptables -I INPUT 4 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -I INPUT 4 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT You only want --state NEW. The related/established bit is handled by rule 1 in the INPUT chain. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] squirrelmail for 6.2
Hello list. I have install centos-release-6-2.el6.centos.7.x86_64 and I cant find squirrelmail. Does any know why? -- *Γατσής Νίκος - Gatsis Nikos* Web developer tel.: 2108256721 - 2108256722 fax: 2108256712 email: ngat...@qbit.gr http://www.qbit.gr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] apache 2.2.22 on CentOS 5...
Hi, while the brand new apache 2.2.22 compiles fine on CentOS 6, it fails on CentOS 5 unless you tell him to use its internal apr lib...I saw in the 2.2.22 release notes: This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3. On CentOS 6, we have apr 1.3.9 On CentOS 5, apr 1.2.7 Anyone knows if it will be backported to the packaged apr...? Thx, JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squirrelmail for 6.2
On Wed, 2012-02-01 at 15:09 +0200, Nikos Gatsis - Qbit wrote: Hello list. I have install centos-release-6-2.el6.centos.7.x86_64 and I cant find squirrelmail. Does any know why? Check epel repo. squirrelmail-1.4.22-2.el6.noarch : webmail client written in php Regards, B.J. CentOS release 6.2 (Final) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] gtar compression achieved
Hey folks, I looked at the man page and don't see any way to do this - maybe it is a function of the compression program used I dunno. Is there any way to get gtar to report on the compression it achieved? I can't just check file sizes because I'm writing data to tape. The basic problem is that I know how much data is there to begin with but I don't know how much room it took up on the tape so I have no idea how much room is left on the tape. thanks, -Alan -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squirrelmail for 6.2
On 2012-02-01 13:21, B.J. McClure wrote: On Wed, 2012-02-01 at 15:09 +0200, Nikos Gatsis - Qbit wrote: Hello list. I have install centos-release-6-2.el6.centos.7.x86_64 and I cant find squirrelmail. Does any know why? Check epel repo. squirrelmail-1.4.22-2.el6.noarch : webmail client written in php It may be available on the epel repo, but as it is just a bunch of php's put into a webfile I tend to just get the tarball and configure Apache/PHP to run it. Does the rpm have any features beyond that? Patches / Plugins? Squirrelmail has been fraught with issues in the past that allowed spammers to use it to relay email. It may have been the fault of PHP, I can't honestly remember. In any case 1.4.22 is the latest stable version, so you should be ok to use the rpm in that repo for the time being. -- Message sent via my webmail account. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squirrelmail for 6.2
Le 01/02/2012 15:24, Giles Coochey a écrit : Hello list. I have install centos-release-6-2.el6.centos.7.x86_64 and I cant find squirrelmail. Does any know why? Check epel repo. squirrelmail-1.4.22-2.el6.noarch : webmail client written in php It may be available on the epel repo, but as it is just a bunch of php's put into a webfile I tend to just get the tarball and configure Apache/PHP to run it. Does the rpm have any features beyond that? Patches / Plugins? It is perhaps better to use the EPEL repository to get security updates (if there are) ? Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squirrelmail for 6.2
On 2012-02-01 14:40, Alain Péan wrote: Le 01/02/2012 15:24, Giles Coochey a écrit : Hello list. I have install centos-release-6-2.el6.centos.7.x86_64 and I cant find squirrelmail. Does any know why? Check epel repo. squirrelmail-1.4.22-2.el6.noarch : webmail client written in php It may be available on the epel repo, but as it is just a bunch of php's put into a webfile I tend to just get the tarball and configure Apache/PHP to run it. Does the rpm have any features beyond that? Patches / Plugins? It is perhaps better to use the EPEL repository to get security updates (if there are) ? Is there a guarantee that a package is being actively maintained if it is in the EPEL repository? I checked the FAQ and can't pin down what they do in those instances. I only say, as I have stated off-list, the reason I've not been using a repo for some php packages is that I've found that they were sometimes lagging behind with the current stable version, and that security issues existed that had not been patched by the repo in question. -- Message sent via my webmail account. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 8:18 AM, Alan McKay alan.mc...@gmail.com wrote: Hey folks, I looked at the man page and don't see any way to do this - maybe it is a function of the compression program used I dunno. Is there any way to get gtar to report on the compression it achieved? I can't just check file sizes because I'm writing data to tape. The basic problem is that I know how much data is there to begin with but I don't know how much room it took up on the tape so I have no idea how much room is left on the tape. There is a --totals option, but that is before compression. I don't think there is a way to do it. You can use -f /dev/null and --totals to get a quick estimate of the uncompressed size of what matches the tar arguments (for full/incremental). Gnu tar 'special cases' output to /dev/null and doesn't bother actually reading the data but it adds up the sizes from the directory. That was added so amanda can do estimates that let it decide how to mix the fulls and incrementals each day to fill a tape. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
There is a --totals option, but that is before compression. I don't think there is a way to do it. Dang. THere is a tell command on mt which tells you what block number you are on, but according to the man page only exists for some types of drive. And evidently not mine :-( That would have worked with some simple math. -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 9:59 AM, Alan McKay alan.mc...@gmail.com wrote: There is a --totals option, but that is before compression. I don't think there is a way to do it. Dang. THere is a tell command on mt which tells you what block number you are on, but according to the man page only exists for some types of drive. And evidently not mine :-( That would have worked with some simple math. Is there some reason you aren't using amanda? Give it some holding disk space and it will run multiple backups at once, buffering on disk, and figure out how they should go on the tape for you. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
Is there some reason you aren't using amanda? Give it some holding disk space and it will run multiple backups at once, buffering on disk, and figure out how they should go on the tape for you. I'm archiving, not backing up. I looked at Amanda for a few days and it would be really clunky to do what I want. Anyway I found this : [root@solexa-db tmp]# export GZIP=-v [root@solexa-db tmp]# tar czf files.tar.gz file{1,2,3,4,5} 98.4% So I'm golden :-) -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 10:10 AM, Alan McKay alan.mc...@gmail.com wrote: Is there some reason you aren't using amanda? Give it some holding disk space and it will run multiple backups at once, buffering on disk, and figure out how they should go on the tape for you. I'm archiving, not backing up. Is there some limit to the number of tapes it will track or the length of a cycle? I looked at Amanda for a few days and it would be really clunky to do what I want. I haven't used it for a while, but I thought it had an indexing mechanism that would let you tell it what you want and it would tell you the tapes you need and the order to restore them (for full + incremental cases). And it could re-index the tapes if you lost the disk copy. Maybe that doesn't fit your use, but it seemed handy. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
I haven't used it for a while, but I thought it had an indexing mechanism that would let you tell it what you want and it would tell you the tapes you need and the order to restore them (for full + incremental cases). And it could re-index the tapes if you lost the disk copy. Maybe that doesn't fit your use, but it seemed handy. In general it is massive overkill for what Im doing. Even if I wanted to switch backup solutions and move my backups to Amanda it would not be worthwhile to get this as an add-on because of the nature of the data I am dealing with. Case in point I have about 300G of data that one of the scientists copied over to my server from a piece of scientific equipment. That 300G was never in my backups and I never want it to be. But he needs it archived. Amanda is just way, way too too big for this. In 2 weeks I've got a program written that is tailored exactly to our needs. THat's probably less time than it would have taken me to deploy Amanda. And it would not have been tailored precisely to our needs. -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 10:22 AM, Alan McKay alan.mc...@gmail.com wrote: I haven't used it for a while, but I thought it had an indexing mechanism that would let you tell it what you want and it would tell you the tapes you need and the order to restore them (for full + incremental cases). And it could re-index the tapes if you lost the disk copy. Maybe that doesn't fit your use, but it seemed handy. In general it is massive overkill for what Im doing. Even if I wanted to switch backup solutions and move my backups to Amanda it would not be worthwhile to get this as an add-on because of the nature of the data I am dealing with. Case in point I have about 300G of data that one of the scientists copied over to my server from a piece of scientific equipment. That 300G was never in my backups and I never want it to be. But he needs it archived. Amanda is just way, way too too big for this. In 2 weeks I've got a program written that is tailored exactly to our needs. THat's probably less time than it would have taken me to deploy Amanda. And it would not have been tailored precisely to our needs. 'Deploying' amanda is a matter of installing the rpm and editing a couple of config files about the tape drive, tapes, targets, and holding space. And maybe some firewall tweaking - but nothing really complicated. You get a lot of coverage of 'real-world' problems already built in that will be hard to match in a new program, but you do have to think the way it does... -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
From: Les Mikesell lesmikes...@gmail.com 'Deploying' amanda is a matter of installing the rpm and editing a couple of config files about the tape drive, tapes, targets, and holding space. And maybe some firewall tweaking - but nothing really complicated. You get a lot of coverage of 'real-world' problems already built in that will be hard to match in a new program, but you do have to think the way it does... An issue with tar is that if you have an error somewhere in the tar... it is bad news... afio compress files individually and has other nice things... Maybe star does it too. JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 10:47 AM, John Doe jd...@yahoo.com wrote: 'Deploying' amanda is a matter of installing the rpm and editing a couple of config files about the tape drive, tapes, targets, and holding space. And maybe some firewall tweaking - but nothing really complicated. You get a lot of coverage of 'real-world' problems already built in that will be hard to match in a new program, but you do have to think the way it does... An issue with tar is that if you have an error somewhere in the tar... it is bad news... afio compress files individually and has other nice things... Maybe star does it too. In a practical sense, I don't know if that even matters. I've never seen a tape drive that could recover and read past an error in the input anyway. Maybe back in floppy disk days... -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 84, Issue 1
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2012:0069 Moderate CentOS 6 ruby Update (Johnny Hughes) 2. CESA-2012:0079 Critical CentOS 4 firefox Update (Johnny Hughes) 3. CESA-2012:0079 Critical CentOS 5 firefox Update (Johnny Hughes) 4. CESA-2012:0080 Critical CentOS 6 thunderbird Update (Johnny Hughes) 5. CESA-2012:0079 Critical CentOS 6 firefox Update (Johnny Hughes) 6. CESA-2012:0085 Critical CentOS 4 thunderbird Update (Johnny Hughes) 7. CESA-2012:0084 Critical CentOS 4 seamonkey Update (Johnny Hughes) 8. CESA-2012:0085 Critical CentOS 5 thunderbird Update (Johnny Hughes) -- Message: 1 Date: Tue, 31 Jan 2012 10:23:57 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0069 Moderate CentOS 6 ruby Update To: centos-annou...@centos.org Message-ID: 20120131102357.ga32...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2012:0069 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0069.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Wed, 1 Feb 2012 03:34:27 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0079 Critical CentOS 4 firefox Update To: centos-annou...@centos.org Message-ID: 20120201033427.ga21...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2012:0079 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0079.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 340967d551b8656011eda2d0b0a973e245f50df6d4d6990f503bb96245dc firefox-3.6.26-2.el4.centos.i386.rpm x86_64: 99885db8f385d695b86374eb49cd8c5c5a3bc3d9d0cc0ec3ab5731a7d05bebdd firefox-3.6.26-2.el4.centos.x86_64.rpm Source: ffb691f17da49f5645ac6e0b5f6581b8de0ef9edbbe1f02ff91353404eeef435 firefox-3.6.26-2.el4.centos.src.rpm -- Tru Huynh CentOS Project { http://www.centos.org/ } irc: tru_tru, #cen...@irc.freenode.net -- Message: 3 Date: Wed, 1 Feb 2012 03:47:51 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0079 Critical CentOS 5 firefox Update To: centos-annou...@centos.org Message-ID: 20120201034751.ga22...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2012:0079 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0079.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 3d2fd820790a0362cd0907ef95c0d87f9eeafa4aae1019e90c3657240f24abfa firefox-3.6.26-1.el5.centos.i386.rpm 16cc826aa34dd9c02ffe6e5dffeeacf81944af3d69e437aab05d0665928e2e9c xulrunner-1.9.2.26-1.el5_7.i386.rpm 8b77f64c807523795a6572e18daddf391fec5ea22e4776738406be6305d1b2b4 xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm x86_64: 3d2fd820790a0362cd0907ef95c0d87f9eeafa4aae1019e90c3657240f24abfa firefox-3.6.26-1.el5.centos.i386.rpm 4ad673dbff843b6822f582f69cb64f6a1b5378082d8bfc564b90d874895b1a6a firefox-3.6.26-1.el5.centos.x86_64.rpm 16cc826aa34dd9c02ffe6e5dffeeacf81944af3d69e437aab05d0665928e2e9c xulrunner-1.9.2.26-1.el5_7.i386.rpm 94ee10e7d68c82c58cab76dea506a4e904a4f1e8709bc8b749e27faee07cfa9f xulrunner-1.9.2.26-1.el5_7.x86_64.rpm 8b77f64c807523795a6572e18daddf391fec5ea22e4776738406be6305d1b2b4 xulrunner-devel-1.9.2.26-1.el5_7.i386.rpm 3493a44418017d86723e996b2bc0c36598c30478edb31d2cc403daa35af7d529 xulrunner-devel-1.9.2.26-1.el5_7.x86_64.rpm Source: 607486a79971d75a9d2c60e2565386f477bcf0e3039cdead93e6f2708e71f4cb firefox-3.6.26-1.el5.centos.src.rpm 9f18f5016d14d0cc1188238631850dc2fb07be8791dcd9f78ed871e263e1e898 xulrunner-1.9.2.26-1.el5_7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 4 Date: Wed, 1 Feb 2012 11:56:07 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CESA-2012:0080 Critical CentOS 6 thunderbird Update To: centos-annou...@centos.org Message-ID:
[CentOS] CentOS 6.2 Autofs stopped working
Seems that autofs in 6.2 stopped working like it used to. We use NIS and automount maps. Primary map auto.sf ssdt-fstype=autofs,rw auto_ssdt auto.ssdt map scratch-fstype=nfs,hard,intr gold:/vol/ssdt/scratch So finding a path such as /sf/ssdt/scratch has always worked and continues to work on non CentOS 6.2 machines. This ability stopped with CentOS 6.2 CentOS 6.0 uses autofs-5.0.5-23.el6.x86_64.rpm CentOS 6.2 uses autofs-5.0.5-39.el6.x86_64.rpm The work around seems to be to remove autofs in CentOS 6.2 And do an rpm install of autofs from CentOS 6.0. I presume it is a flaw upstream. Anyone else observing this behavior? Ed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Updating/Backing Up Server
I am slowly migrating the data etc off an old CentOS32 4.x server to a new CentOS64 5.x server. The old server only has 15Gbyte of its hard drive in use. Is there an easy/safe way to copy the entire contents of old server root directory to a directory on the new server for future reference? Most of the data is various test files, perl scripts, etc. scattered all over. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ip route and nexthop: the CentOS way
Hi, I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface. Given: - eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1 - eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1 Where eth0's network is a back door to the internet, and eth1's is the front door, I believe I can configure the routing table manually like this: ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2 However, I've re-read the RHEL6 documents for configuring static routes here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-static-routes.html This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't for any single interface. Is there a RHEL/CentOS way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere? And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)? Cheers, Nick ps. Hints about this obtained from http://lkml.indiana.edu/hypermail/linux/net/0201.0/.html http://lartc.org/lartc.html#AEN298 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wednesday, February 01, 2012 09:18:08 AM Alan McKay wrote: The basic problem is that I know how much data is there to begin with but I don't know how much room it took up on the tape so I have no idea how much room is left on the tape. What I would do is use the '-' special filename to pipe the uncompressed tar to stdout, pipe to the compressor of choice, then pipe to tee, and have one branch of the tee go to the tape and the other branch go to a program to count bytes. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updating/Backing Up Server
On Wed, 1 Feb 2012 12:50:00 -0600 Matt wrote: I am slowly migrating the data etc off an old CentOS32 4.x server to a new CentOS64 5.x server. The old server only has 15Gbyte of its hard drive in use. Is there an easy/safe way to copy the entire contents of old server root directory to a directory on the new server for future reference? Most of the data is various test files, perl scripts, etc. scattered all over. tar? -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updating/Backing Up Server
Matt wrote: I am slowly migrating the data etc off an old CentOS32 4.x server to a new CentOS64 5.x server. The old server only has 15Gbyte of its hard drive in use. Is there an easy/safe way to copy the entire contents of old server root directory to a directory on the new server for future reference? Most of the data is various test files, perl scripts, etc. scattered all over. tar? If possible, save and install old drive into new server and mount when/if you need something. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the CentOS way
On 02/01/2012 02:03 PM, Nick wrote: Hi, I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface. Given: - eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1 - eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1 Where eth0's network is a back door to the internet, and eth1's is the front door, I believe I can configure the routing table manually like this: ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2 However, I've re-read the RHEL6 documents for configuring static routes here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-static-routes.html This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't for any single interface. Is there a RHEL/CentOS way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere? And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)? Hmm... I just tried this and besides needing ip route add default It does not seem to work when I unplug the cable on my primary link. -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. * Long(er) Version* Current Situation.. I have a client with many (200x) CentOS 5.x servers deployed in various web, mail, database and file server roles, and these boxes have been variously administrated to a lessor or greater degree. All the boxes have EPEL repository included as part of their base-install, and all boxes have cron jobs for yum -y update running frequently, and are rebooted when kernels are available. (so they are not in a terrible state) For network, local and external vulnerabilities - We use a 3rd party firm, who use WebInspect to monitor for external facing ports and vulnerable services and produce various regular reports to my boss. (hence am not looking at Nessus, OpenVAS or network based scanning tools right now, or indeed any vulnerability tools) However we now have a New Big Boss in Town - who is an ex security compliance dude. The new rules are; that if its not being regularly tested, then its not in compliance, even if it is in compliance etc. (to be honest, I quite like that rule) So now I am looking for a way to generate a report of server compliance with some compliance standard for all the boxes regularly. We have a basic list of configuration settings, that is a weaker form of various compliance recommendations, so I am confident that most compliance benchmarks like CIS, EAL3 or the linux web STIG level would be sufficient. We have chef installed on the CentOS instances, hence I can push out yum based packages, (and I can install from source tarballs, but it will make me cry, on these instances) I Would like to have... a tool that runs locally on each CentOS box and produces a reasonably comprehensive html report regarding configuration compliance (and a massive bonus would be to send email alert for severe problems, but I can script that if required) Ideally I could generate a weekly report that indicates compliance with 1 or more of the recognised linux server benchmarks. I am happy to pay for a subscription for the checklist, but I suspect the kind per instance 100 USD licenses I see are going to blow my budget. Current progress is... I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such as OpenSCAP-utils ovaldi - oval reference interpreter Which can be used to create reports. However they seem a little unrefined. For SCAP and OVAL content I have found the following. 1. NIST provide SCAP content for RHEL desktop, which is kinda close; 2. http://usgcb.nist.gov/usgcb/rhel_content.html 3. There is a tool called sectool in the fedora repos, but I can't get it to run on CentOS due to a missing python-slip module. Any suggestions on functioning stacks for this problem would be helpful. Thanks, Tom ps SORRY FOR THE LONG EMAIL ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updating/Backing Up Server
On Wed, Feb 1, 2012 at 12:50 PM, Matt matt.mailingli...@gmail.com wrote: I am slowly migrating the data etc off an old CentOS32 4.x server to a new CentOS64 5.x server. The old server only has 15Gbyte of its hard drive in use. Is there an easy/safe way to copy the entire contents of old server root directory to a directory on the new server for future reference? Most of the data is various test files, perl scripts, etc. scattered all over. Yes, with new machines typically having many orders of magnitudes more storage than old ones it is easier to keep a backup of old stuff online than to sort through it. If both machines are still running, on the old one, cd to /, then rsync -av . new_machine:/path/to/save perhaps using --exclude to avoid the /proc and /sys directories. Rsync will create the last directory in the target path if it doesn't exist, but only the last one. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mod_rails under Apache under Ceontos 6
I think you will find this a good resource: http://blog.phusion.nl/2011/01/04/phusion-passenger-native-packages-for-redhatfedoracentos/ http://passenger.stealthymonkeys.com/ -- Mikael ___ Mikael, This looks very useful indeed, thanks! Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 1:10 PM, Lamar Owen lo...@pari.edu wrote: On Wednesday, February 01, 2012 09:18:08 AM Alan McKay wrote: The basic problem is that I know how much data is there to begin with but I don't know how much room it took up on the tape so I have no idea how much room is left on the tape. What I would do is use the '-' special filename to pipe the uncompressed tar to stdout, pipe to the compressor of choice, then pipe to tee, and have one branch of the tee go to the tape and the other branch go to a program to count bytes. Or unless you are talking about many TB per run, decouple the compression from the tape run by sending the output to a disk file that you can sweep to tape later. There are lots of advantages, like not slowing down the tape streaming waiting for compression, being able to do multiple targets at once, and not only knowing the size of what is on the tape so far, but also the total compressed size of what you are going to start to write. Plus, of course, being able to do the tar runs at night when no one is there to swap tapes. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 11:32 AM, Les Mikesell lesmikes...@gmail.com wrote: 'Deploying' amanda is a matter of installing the rpm and editing a couple of config files about the tape drive, tapes, targets, and holding space. And maybe some firewall tweaking - but nothing really complicated. You get a lot of coverage of 'real-world' problems already built in that will be hard to match in a new program, but you do have to think the way it does... Well then I guess thinking the way it does is what I was having issues with. I did have trouble wrapping my head around it. And after a fair bit of googling (and if I'm not mistaken asking on this list) I really could find no examples of a configuration as simple as the one I was looking for. I'm happy where I am. It is all very basic stuff (knock on wood - hee, hee). And I've got stuff that Amanda cannot possibly have since it is very specific to our environment. -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 2:10 PM, Lamar Owen lo...@pari.edu wrote: What I would do is use the '-' special filename to pipe the uncompressed tar to stdout, pipe to the compressor of choice, then pipe to tee, and have one branch of the tee go to the tape and the other branch go to a program to count bytes. The GZIP environment variable is working really well. It tells me the compression ratio and even send it to STDERR for me so I can easily separate that from the gtar output. -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wednesday, February 01, 2012 04:00:06 PM Alan McKay wrote: The GZIP environment variable is working really well. It tells me the compression ratio and even send it to STDERR for me so I can easily separate that from the gtar output. Cool. That's useful information. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the CentOS way
On Wed, Feb 1, 2012 at 1:35 PM, Steve Clark scl...@netwolves.com wrote: I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface. Given: - eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1 - eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1 Where eth0's network is a back door to the internet, and eth1's is the front door, I believe I can configure the routing table manually like this: ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2 However, I've re-read the RHEL6 documents for configuring static routes here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-static-routes.html This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't for any single interface. Is there a RHEL/CentOS way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere? And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)? Hmm... I just tried this and besides needing ip route add default It does not seem to work when I unplug the cable on my primary link. I don't think CentOS is smart enough to automatically drop routes associated with a NIC that is down like a Cisco would. If you put routes in /etc/sysconfig/network-scripts/routes-eth? to match the device names, the ifup and ifdown scripts will add/remove routes when you manually run time to enable/disable a particular NIC, but that doesn't get you automatic failover. And with ethernet type devices it is pretty rare for the link to go away at the same time the packets stop getting through anyway. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Bash scripting - Remotely ran commands break while loop
I have two CentOS5 systems server1 and server2. There is user peter on server1 who can ssh to server2 using public ssh keys and no password is needed. What I noticed is that running remote ssh commands in bash script breaks while loops. == #!/bin/sh for i in server2 server2; do echo -- Start ssh peter@$i ls echo -- END done echo server2 server2 | \ while read confLine; do echo -- $confLine ssh peter@$confLine ls echo -- END $confLine done The for loop in the script above will run twice but the while loop below it will run only once. This is very simple to test and I've tried it on different systems including CentOS6 and OpenSolaris with the same result. Any idea what would cause the ssh command to break the while loop? Thanks Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtar compression achieved
On Wed, Feb 1, 2012 at 2:58 PM, Alan McKay alan.mc...@gmail.com wrote: On Wed, Feb 1, 2012 at 11:32 AM, Les Mikesell lesmikes...@gmail.com wrote: 'Deploying' amanda is a matter of installing the rpm and editing a couple of config files about the tape drive, tapes, targets, and holding space. And maybe some firewall tweaking - but nothing really complicated. You get a lot of coverage of 'real-world' problems already built in that will be hard to match in a new program, but you do have to think the way it does... Well then I guess thinking the way it does is what I was having issues with. I did have trouble wrapping my head around it. And after a fair bit of googling (and if I'm not mistaken asking on this list) I really could find no examples of a configuration as simple as the one I was looking for. I always thought that was why it had a woman's name. You are better off just letting her do things her own way. It really does do a good job of automating and tracking everything and is exceptionally good at the case where you have one tape a day and you want to get at least an incremental of every machine every night and a full at least within the cycle where you start re-using tapes but preferably more often if there is space. It is probably adaptable to other scenarios but it may not fit yours very well. Once it is set up, all you have to do is swap the tape sometime during the day. It takes so little attention I let my setup run even after setting up backuppc until our last tape drive died. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip route and nexthop: the CentOS way
On 02/01/2012 04:06 PM, Les Mikesell wrote: On Wed, Feb 1, 2012 at 1:35 PM, Steve Clarkscl...@netwolves.com wrote: I'm wanting to configure a CentOS 6 server to have a fall-back default route via a second network interface. Given: - eth0 with 192.168.0.10 on subnet 192.168.0.0/24 gateway 192.168.0.1 - eth1 with 192.168.1.10 on subnet 192.168.1.0/24 gateway 192.168.1.1 Where eth0's network is a back door to the internet, and eth1's is the front door, I believe I can configure the routing table manually like this: ip route default scope global \ nexthop via 192.168.1.1 dev eth1 weight 1 \ nexthop via 192.168.0.1 dev eth0 weight 2 However, I've re-read the RHEL6 documents for configuring static routes here: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-static-routes.html This kind of thing doesn't seem to fit into the scheme of /etc/sysconfig/network-scripts/route-eth? described there, since the route isn't for any single interface. Is there a RHEL/CentOS way to do this, or do I need to resort to some sort of script containing the above ip route command inserted somewhere? And how do I stop CentOS from trying to pick its own default gateway settings (since /etc/sysconfig/network likely won't have a GATEWAY parameter)? Hmm... I just tried this and besides needing ip route add default It does not seem to work when I unplug the cable on my primary link. I don't think CentOS is smart enough to automatically drop routes associated with a NIC that is down like a Cisco would. If you put routes in /etc/sysconfig/network-scripts/routes-eth? to match the device names, the ifup and ifdown scripts will add/remove routes when you manually run time to enable/disable a particular NIC, but that doesn't get you automatic failover. And with ethernet type devices it is pretty rare for the link to go away at the same time the packets stop getting through anyway. I got it sort of work - but even with the weights and flushing the routing cache sometimes it seemed to want to go on the higher weighted route. Could be something in my setup. I did onetime have if fail from the lower weight to the higher weighted route when I pulled the cable on the preferred route. -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bash scripting - Remotely ran commands break while loop
Am 01.02.2012 22:07, schrieb Peter Blajev: I have two CentOS5 systems server1 and server2. There is user peter on server1 who can ssh to server2 using public ssh keys and no password is needed. What I noticed is that running remote ssh commands in bash script breaks while loops. == #!/bin/sh for i in server2 server2; do echo -- Start ssh peter@$i ls echo -- END done echo server2 server2 | \ while read confLine; do echo -- $confLine ssh peter@$confLine ls echo -- END $confLine done The for loop in the script above will run twice but the while loop below it will run only once. This is very simple to test and I've tried it on different systems including CentOS6 and OpenSolaris with the same result. Any idea what would cause the ssh command to break the while loop? Thanks Peter That has simply nothing to do with SSH. Compare following: echo foo bar | while read LINE; do echo $LINE; done and echo -e foo\nbar | while read $LINE; do echo $LINE; done Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bash scripting - Remotely ran commands break while loop
On Wed, Feb 1, 2012 at 3:46 PM, Alexander Dalloz ad+li...@uni-x.org wrote: That has simply nothing to do with SSH. Compare following: echo foo bar | while read LINE; do echo $LINE; done and echo -e foo\nbar | while read $LINE; do echo $LINE; done No, (a) that read $LINE should be read LINE and (b) echo foo bar | something should preserve the quoted newline. Ssh does seem to be consuming stuff from the inherited piped stdin even though it isn't obvious what it does with it in a non-interactive scenario. But anything that reads stdin inside the loop would cause that (throw a 'cat dev/null' in...). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bash scripting - Remotely ran commands break while loop
On Wed, Feb 01, 2012 at 01:07:31PM -0800, Peter Blajev wrote: echo server2 server2 | \ while read confLine; do echo -- $confLine ssh peter@$confLine ls echo -- END $confLine done The for loop in the script above will run twice but the while loop below it will run only once. Any idea what would cause the ssh command to break the while loop? ssh is reading from stdin and passing the data over to the remote machine. You can test this with ssh peter@$confLine 'read x ; echo we got $x' To stop it doing this, use the -n flag ssh -n peter@$confLine ls -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On Feb 1, 2012, at 2:54 PM, Tom H t...@limepepper.co.uk wrote: Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. * You could have a weekly cron job on all boxes that does a rpm for all package config files, diff against a snapshot copy contained under /var somewhere, email those diffs to a change management system,then save the current files in the snapshot directory. First run will send the complete configs, all subsequent runs will send the diffs. Of course you need a change management system that will hold an inventory of systems, those systems' hardware/software inventories and configurations, and track those changes with alerts and reports and such. I don't know of a good system for doing all that unfortunately, but if you do find one let me know. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On Wed, Feb 1, 2012 at 2:54 PM, Tom H t...@limepepper.co.uk wrote: Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. [snip] I'm in a similar situation. We have a growing infrastructure of over 300 instances of RHEL4/5/6. Though not specifically CentOS the tools are the same. My focus has been on PCI compliance. As of yet we don't have any SOX systems on Linux, but I expect that will change in the near future. For PCI compliance there are a few things that we do. The first thing was to get a handle on the buildout process which we did via kickstart. This ensured consistency in the builds which previously was done by different engineers/operators with different skill levels. We validated the standard image and then used Satellite/Spacewalk to keep track of the versions. The next step was the daily bit rot and the damage from the application folks whose sole experience was on desktop or laptop systems (i.e., they never had to comply with any industry standards). We started by separating OS from application. This meant not only separate volume groups and mount points for application files, but also things like ensuring that apps did not run as root (you'd be amazed how many developers insist that builds must occur as root). In just about every case where we allowed application developers to have root access we ended up with systems that were wildly out of compliance. In one case a developer installed an entire desktop suite, including MP3 player and video editing tools, in order to satisfy a dependency on a single widget library. We don't do that any more. :/ Next was auditing, which I think may apply to your question. For the basic package setup, Spacewalk or Satellite can track the versions and allow you to lock the package set. There are also existing scripts that wrap variations of an 'rpm -qVa' and send the reports back. Tools such as tripwire are also useful for this. If you have deployed SELinux, you can effectively even lock the root user from installing or modifying system packages. For the configurations, we are experimenting with cfengine and puppet. They allow you to track configuration changes, reset changes, etc.. I've also used CVS to track configuration files directly. I.e., checkin the changes onto a logged administration server then have the production servers checkout the changes on an on-demand or scheduled basis. This minimizes on-the-fly configurations that accumulate and take the server out of compliance. There are tools to generate reports from cfengine/puppet that show which configurations have changed, etc.. We are also using the perl test harness to run validations. It's pretty coding intensive so you'd possibly need a Perl developer initially to create and to maintain the scripts. The idea is to create the test scripts in lock step with changes to the kickstart. The harness generates a PASS or FAIL response depending on the Perl test. For example, for PCI compliance we have a standard login banner. The test does an MD5 sum against the target machine's /etc/issue.net and checks it against the stored hash. If the hashes correspond it passes the test (barring hash collisions of course :D ). We are still looking at other methods. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updating/Backing Up Server
I am slowly migrating the data etc off an old CentOS32 4.x server to a new CentOS64 5.x server. The old server only has 15Gbyte of its hard drive in use. Is there an easy/safe way to copy the entire contents of old server root directory to a directory on the new server for future reference? Most of the data is various test files, perl scripts, etc. scattered all over. Yes, with new machines typically having many orders of magnitudes more storage than old ones it is easier to keep a backup of old stuff online than to sort through it. If both machines are still running, on the old one, cd to /, then rsync -av . new_machine:/path/to/save perhaps using --exclude to avoid the /proc and /sys directories. Rsync will create the last directory in the target path if it doesn't exist, but only the last one. That worked great. Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On Wed, Feb 1, 2012 at 6:04 PM, Kwan Lowe kwan.l...@gmail.com wrote: For the basic package setup, Spacewalk or Satellite can track the versions and allow you to lock the package set. There are also existing scripts that wrap variations of an 'rpm -qVa' and send the reports back. Ocsinventory-ng will send a hardware and software inventory to a central server daily - with agents for both Linux and windows. It will pick up the installed rpms but you'd have to extend it to look for local config changes. For the configurations, we are experimenting with cfengine and puppet. They allow you to track configuration changes, reset changes, etc.. Is anyone looking at salt instead of puppet yet? http://saltstack.org/ -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On 02/02/12 00:04, Kwan Lowe wrote: Next was auditing, which I think may apply to your question. For the configurations, we are experimenting with cfengine and puppet. They allow you to track configuration changes, reset changes, etc.. I've also used CVS to track configuration files directly. I.e., checkin the changes onto a logged administration server then have the production servers checkout the changes on an on-demand or scheduled basis. This minimizes on-the-fly configurations that accumulate and take the server out of compliance. There are tools to generate reports from cfengine/puppet that show which configurations have changed, etc.. I noticed that a bunch of projects are using puppet to remediate the problems detected in the auditing, eg changing file permissions and adding/removing packages. fedora aqueduct is on, and fedora secstate is another, also the NIST rhel STIG has a puppet script to apply the changes. We are also using the perl test harness to run validations. It's pretty coding intensive so you'd possibly need a Perl developer initially to At the moment, custom probes are more likely to be nagios for me, than compliance, I would be happy with most of the basic benchmarks... We are still looking at other methods. ___ OK, well if you are interested, then I have created a question on serverfault.com to track my progress, I will keep it updated. http://serverfault.com/questions/355680/configuration-compliance-auditing-for-many-centos-5-x-boxes If you have any great ideas then I will bung some points on your account there... Cheers, Tom ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On 02/02/12 00:26, Les Mikesell wrote: Is anyone looking at salt instead of puppet yet? http://saltstack.org/ I had such a bad experience with puppet, that I ran like a jilted teenage lover on a rebound into the arms of chef... unfortunately I may not have reviewed all the options (including salt) when making that decision. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Double Copies Double Copies [SOLVED] it's self
On 01/31/2012 08:16 PM, Mark LaPierre wrote: Hey Y'all, why am I getting double copies of every email on this list today when it wasn't happening yesterday? Isn't happening on any of my other email. I didn't change anything since I wrote the last time. It's working fine now. Only one copy of each email. Hmmm? Must be an AOL issue that they fixed. Funny that it only affected the CentOS mail. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registerd Linux user No #267004 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
On Wed, Feb 1, 2012 at 6:43 PM, Tom H t...@limepepper.co.uk wrote: On 02/02/12 00:26, Les Mikesell wrote: Is anyone looking at salt instead of puppet yet? http://saltstack.org/ I had such a bad experience with puppet, that I ran like a jilted teenage lover on a rebound into the arms of chef... unfortunately I may not have reviewed all the options (including salt) when making that decision. Not sure salt is quite ready for prime time, but it should be close for linux anyway. The zeromq over ssl connectivity is the first thing I've seen that looks like it would scale. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] tftp in 6.2
Seems to only write the first block, or with some clients only a zero length file. Perms are obviously not an issue if at least one block can be written? Anyone know what might give? Thanks, jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bash scripting - Remotely ran commands break while loop
On Wed, Feb 1, 2012 at 2:53 PM, Stephen Harris li...@spuddy.org wrote: On Wed, Feb 01, 2012 at 01:07:31PM -0800, Peter Blajev wrote: echo server2 server2 | \ while read confLine; do echo -- $confLine ssh peter@$confLine ls echo -- END $confLine done The for loop in the script above will run twice but the while loop below it will run only once. Any idea what would cause the ssh command to break the while loop? ssh is reading from stdin and passing the data over to the remote machine. You can test this with ssh peter@$confLine 'read x ; echo we got $x' To stop it doing this, use the -n flag ssh -n peter@$confLine ls This is it. Right on Stephen. Thank you very much. I can't believe I've gone so long without knowing it. This works for me. I still don't have full understanding of it but I'll do some more reading. Unfortunately I can't always use the (-n) option. If I wan't to send data through the pipe then the (-n) won't work. For example (on top of my head): mysqldump dB | ssh peter@remoteServer mysql dB In my script I ended up using ssh -n when I want to work on the output of remotely ran command and ssh without (-n) when I want to send data over ssh to a remote command. This so far is not breaking the while loop and it seems to be working but it makes me nervous. Any note will be appreciated. Thanks again. -- Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tftp in 6.2
On 02/01/2012 09:59 PM, Joseph L. Casale wrote: Seems to only write the first block, or with some clients only a zero length file. Perms are obviously not an issue if at least one block can be written? Anyone know what might give? Thanks, jlc I use tftp + pxe booting routinely on EL6.2. To get help, you're going to need to share much more information about your setup, the errors/log messages, and what you've tried to do thus far. -- Digimer E-Mail: digi...@alteeve.com Papers and Projects: https://alteeve.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bash scripting - Remotely ran commands break while loop
On Wed, Feb 01, 2012 at 07:03:33PM -0800, Peter Blajev wrote: On Wed, Feb 1, 2012 at 2:53 PM, Stephen Harris li...@spuddy.org wrote: On Wed, Feb 01, 2012 at 01:07:31PM -0800, Peter Blajev wrote: echo server2 server2 | \ while read confLine; do echo -- $confLine ssh peter@$confLine ls echo -- END $confLine done Any idea what would cause the ssh command to break the while loop? ssh is reading from stdin and passing the data over to the remote machine. You can test this with ssh peter@$confLine 'read x ; echo we got $x' To stop it doing this, use the -n flag ssh -n peter@$confLine ls Unfortunately I can't always use the (-n) option. If I wan't to send data through the pipe then the (-n) won't work. For example (on top of my head): mysqldump dB | ssh peter@remoteServer mysql dB In this situation, ssh will read from the pipe and not from the echo statement and so it won't break your while loop. The thing you need to understand is how redirection works. echo foo | while read do ... done Everything from the while to the done will have stdin configured to read from the pipe (the output of echo). Here's an example: % echo a b c d | while read a do echo We have $a read b echo And $b done We have a And b We have c And d You can see that the read statement inside the loop is reading from the pipe and so draining input. An ssh on its own, in this situation, would drain _all_ the input. The -n flag tells ssh to not do this. But, equally, when you do sqldump | ssh then you've told ssh to take input from the output of sqldump, and so it's no longer reading the from outer loop. Instead of ssh -n you could do ssh /dev/null or echo | ssh or other options, and get the same sort of effect; you're setting up the stdin to ssh to be from somewhere _other_ than your main echo. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yes another I can't open port 53 for Bind DNS
On 02/01/2012 12:14 AM, Shane Bywater wrote: I'm not using iptables (well I didn't configure any) [root@tribe log]# iptables --line-numbers -n -L Chain INPUT (policy ACCEPT) num target prot opt source destination 1ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED You should figure out who/what did, then. Those rules don't look like they were created by Red Hat's tools (where you'd see RH-Firewall...), and won't be present by default. Something created rules and the rules don't allow access to TCP or UDP 53 (you need both). For now, just flush the rules: iptables -F INPUT ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bash scripting - Remotely ran commands break while loop
On Wed, Feb 1, 2012 at 7:13 PM, Stephen Harris li...@spuddy.org wrote: On Wed, Feb 01, 2012 at 07:03:33PM -0800, Peter Blajev wrote: On Wed, Feb 1, 2012 at 2:53 PM, Stephen Harris li...@spuddy.org wrote: On Wed, Feb 01, 2012 at 01:07:31PM -0800, Peter Blajev wrote: echo server2 server2 | \ while read confLine; do echo -- $confLine ssh peter@$confLine ls echo -- END $confLine done Any idea what would cause the ssh command to break the while loop? ssh is reading from stdin and passing the data over to the remote machine. You can test this with ssh peter@$confLine 'read x ; echo we got $x' To stop it doing this, use the -n flag ssh -n peter@$confLine ls Unfortunately I can't always use the (-n) option. If I wan't to send data through the pipe then the (-n) won't work. For example (on top of my head): mysqldump dB | ssh peter@remoteServer mysql dB In this situation, ssh will read from the pipe and not from the echo statement and so it won't break your while loop. The thing you need to understand is how redirection works. echo foo | while read do ... done Everything from the while to the done will have stdin configured to read from the pipe (the output of echo). Here's an example: % echo a b c d | while read a do echo We have $a read b echo And $b done We have a And b We have c And d You can see that the read statement inside the loop is reading from the pipe and so draining input. An ssh on its own, in this situation, would drain _all_ the input. The -n flag tells ssh to not do this. But, equally, when you do sqldump | ssh then you've told ssh to take input from the output of sqldump, and so it's no longer reading the from outer loop. Instead of ssh -n you could do ssh /dev/null or echo | ssh or other options, and get the same sort of effect; you're setting up the stdin to ssh to be from somewhere _other_ than your main echo. Wow. Great lesson. Thank you Stephen. It makes more sense now. I'll save this email for sure. -- Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] some notes on setting up vsftp on centos6
I was not sure why vsftp (or any other ftp software) was installed as part of the webserver. some quick notes, hope it helps anyone else having an issue. So I yum installed it. I had a bear of a time. But I finally got it to work doing the following. I had to add ip_conntrack_ftp to my iptables-config file or it would not work IPTABLES_MODULES=ip_conntrack_ftp I had to add this line to my iptables file -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT NOTE: I tried using other non standard ports, but this caused a problem upon connection with no way to fix it. I believe it has something to do with port 20 part of vsftp which short of rewriting source code seemed too much. So stick with the default port 21 to avoid any issues. in etc/vsftpd/vsftp.conf I left everything pretty much the way it was (after hours of fudging it around). I only changed anonymous_enable=YES to ' NO ' instead. ( I do not want anonymous users, just the few users on the system). This does not address virtual hosts as this is a virtual machine, thus just one website will be on it. The user/pass from a normal user was able to access the /var/www/html/ folder and modify it. That was all I wanted. I did not set up secure ftp yet (meaning I did not add a ssl cert of anything yet for it). I certainly hope this helps others. I was surprised I had to modify what I had to. I was surprised I was unable to change the port number and still want to give that a try. good luck. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos