[CentOS-announce] CESA-2013:0144 Critical CentOS 6 xulrunner Update
CentOS Errata and Security Advisory 2013:0144 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0144.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9f3603456d717b8388fa9d2110eba020cc5fbae52544df5dccd7fa00e8998613 xulrunner-10.0.12-1.el6.centos.i686.rpm 337f3aeb2ec34d8a93f692c2d1449322ff46fe51a22bc14fb57d321b26c73d63 xulrunner-devel-10.0.12-1.el6.centos.i686.rpm x86_64: 9f3603456d717b8388fa9d2110eba020cc5fbae52544df5dccd7fa00e8998613 xulrunner-10.0.12-1.el6.centos.i686.rpm 6f933ce6d8b4d94608372cff4ca57bce0db3f9527c7396c8e5e2211beb8ed161 xulrunner-10.0.12-1.el6.centos.x86_64.rpm 337f3aeb2ec34d8a93f692c2d1449322ff46fe51a22bc14fb57d321b26c73d63 xulrunner-devel-10.0.12-1.el6.centos.i686.rpm 1cc893d14dec6907c398657cfd0e9dd9e7abbe0c031b086d0f03b1a269903fe7 xulrunner-devel-10.0.12-1.el6.centos.x86_64.rpm Source: 99e761733846f716428482b62f4a0127bfcdee0d23b15157c81b340526b2e58a xulrunner-10.0.12-1.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0145 Critical CentOS 6 thunderbird Update
CentOS Errata and Security Advisory 2013:0145 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0145.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d2887a5cf7c3c29e21e015049cbae422362919b080b64e091bc30b6b8719e61a thunderbird-10.0.12-3.el6.centos.i686.rpm x86_64: b24183d7577fd7bfd95baf1f190ce354c4ff34a2568e2040e843f0d8b43dcad5 thunderbird-10.0.12-3.el6.centos.x86_64.rpm Source: 235a142f1ddc76e52e26149c6ff513275a3abe65379ff34a67d2fe877fe84a98 thunderbird-10.0.12-3.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0144 Critical CentOS 6 firefox Update
CentOS Errata and Security Advisory 2013:0144 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0144.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 63f2516783d907abb2f2756ecac9830754c52a0de8a5890a13b254a3cd55e961 firefox-10.0.12-1.el6.centos.i686.rpm x86_64: 63f2516783d907abb2f2756ecac9830754c52a0de8a5890a13b254a3cd55e961 firefox-10.0.12-1.el6.centos.i686.rpm 30818e72b4fed3a9fc097cb2066e3649e24fb0848e53072e83a232b91a6caf30 firefox-10.0.12-1.el6.centos.x86_64.rpm Source: 44402026369fdf62ba0239482f50fb919ed5a3c7124fab13b1425bfe8867bc2f firefox-10.0.12-1.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] ntop
hola gente, ¿algunos de ustedes tendra el rpm para instalar ntop en centos6 de 32 bits? gracias ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] ntop
RPMFusion? No está ahi? Y en EPEL? No recuerdo en cuál de los 2 está, pero sé que en uno de ellos se encuentra ntop 2013/1/8 César C. arvega...@hotmail.com hola gente, ¿algunos de ustedes tendra el rpm para instalar ntop en centos6 de 32 bits? gracias ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos *Héctor Herrera Anabalón* Egresado ICCI UNAP Servicio Arquitectura Galatea - Oficina Técnica http://www.galatea.cl Miembro USoLIX Victoria Registered User #548600 (LinuxCounter.net) ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] ntop
ok gracias, es que tenia otros repos Date: Tue, 8 Jan 2013 15:00:08 -0300 From: hherre...@gmail.com To: centos-es@centos.org Subject: Re: [CentOS-es] ntop RPMFusion? No está ahi? Y en EPEL? No recuerdo en cuál de los 2 está, pero sé que en uno de ellos se encuentra ntop 2013/1/8 César C. arvega...@hotmail.com hola gente, ¿algunos de ustedes tendra el rpm para instalar ntop en centos6 de 32 bits? gracias ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos *Héctor Herrera Anabalón* Egresado ICCI UNAP Servicio Arquitectura Galatea - Oficina Técnica http://www.galatea.cl Miembro USoLIX Victoria Registered User #548600 (LinuxCounter.net) ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] sysctl -p at startup?
On 2 January 2013 17:54, Emmett Culley emm...@webengineer.com wrote: I understand that the contents of /etc/sysctl.conf should be read and executed at system startup. However that never happens and I have to run sysctl -p after every reboot to get the settings I want. This is happening on every CentOS machine and VM I have. I can see in the startup scripts that sysctl -e -p /etc/sysctl.conf /dev/null 21 is run at start up by the apply_sysctl function, yet the settings are never correct unless I run sysctl -p on the command line. Anybody know why that would be? It depends on whether the changes you are making using sysctl are being affected by other processes later on in the startup sequence I have to run sysctl -p manually in order to stop kernel messages being printed to the console as even though i have them configured off in my sysctl this is overridden at some other point and i get to find out all about SoftMAC and its scanning ways https://bugzilla.redhat.com/show_bug.cgi?id=760497 mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync and selinux
Seemed to be worthy of a blog http://danwalsh.livejournal.com/61646.html Thanks, Dan - the unconfined domain method is the ticket! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 95, Issue 2
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2013:0136 CentOS 5 bind Update (Johnny Hughes) 2. CEBA-2013:0138 CentOS 6 biosdevname Update (Johnny Hughes) 3. CEBA-2013:0137 CentOS 6 tomcat6 Update (Johnny Hughes) -- Message: 1 Date: Mon, 7 Jan 2013 13:22:14 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CEBA-2013:0136 CentOS 5 bind Update To: centos-annou...@centos.org Message-ID: 20130107132214.ga32...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2013:0136 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0136.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 40fac2e993877328c566ba57246c33b0b9bbcd29a08c7e405ed903c171b3c992 bind-9.3.6-20.P1.el5_8.6.i386.rpm 73379d4dfff47de2d8cc6dfae0e713bc3727708b76f62966775eb67fd9f4efb4 bind-chroot-9.3.6-20.P1.el5_8.6.i386.rpm 11719a1f759e5d98f700f0bd314705956736c3cab0f360c8ecd6bf4a3ca4b001 bind-devel-9.3.6-20.P1.el5_8.6.i386.rpm 2cf1694633dc8503ec601fdf3e7cbdd25c33c3a7d8f3e8a81b5e1d23d8118bc3 bind-libbind-devel-9.3.6-20.P1.el5_8.6.i386.rpm d260b2ba92cf06e58e79509225ad399b4714c321ad496776c913883c0ac09149 bind-libs-9.3.6-20.P1.el5_8.6.i386.rpm 7f1b9e543953776fabc3a3e34ee39e25491bf1b03f389b94c4a51fb9e8717e8a bind-sdb-9.3.6-20.P1.el5_8.6.i386.rpm ccc82d4d8ee1d7bb9282d2da2ed8838a3cba2086c8973506b7814384e6dcb856 bind-utils-9.3.6-20.P1.el5_8.6.i386.rpm 8592a57047db340f21695c6a722181cde81874e27122723844e4a28c2ab99ed3 caching-nameserver-9.3.6-20.P1.el5_8.6.i386.rpm x86_64: 562b9850da0301d447399dc544af3d261ea2cc63e9127ba6f17452796c05026a bind-9.3.6-20.P1.el5_8.6.x86_64.rpm f47c35cc148a9768e694652266e954b5b6ef4553f0618997a8d1423569076fcd bind-chroot-9.3.6-20.P1.el5_8.6.x86_64.rpm 11719a1f759e5d98f700f0bd314705956736c3cab0f360c8ecd6bf4a3ca4b001 bind-devel-9.3.6-20.P1.el5_8.6.i386.rpm 259dbd28bb991d3226d2cc33dc8a1e4f324d9a8e2413f902454587d6f136de18 bind-devel-9.3.6-20.P1.el5_8.6.x86_64.rpm 2cf1694633dc8503ec601fdf3e7cbdd25c33c3a7d8f3e8a81b5e1d23d8118bc3 bind-libbind-devel-9.3.6-20.P1.el5_8.6.i386.rpm a8e43752999deaa5eafef084588c13e5af88477300a2d40dc1a70efa45003030 bind-libbind-devel-9.3.6-20.P1.el5_8.6.x86_64.rpm d260b2ba92cf06e58e79509225ad399b4714c321ad496776c913883c0ac09149 bind-libs-9.3.6-20.P1.el5_8.6.i386.rpm 1f4a495fa32bf2df56f3246862b9137584b70147184e788433a9bda8c97c1202 bind-libs-9.3.6-20.P1.el5_8.6.x86_64.rpm dbce5f540a23e60d9a4983750a9b71ceaf1e83e69c46dd03a5289d3acea3c8ed bind-sdb-9.3.6-20.P1.el5_8.6.x86_64.rpm 82e8317a5c423be7d3f9fa6062aeeab5ce3bbf17c58b6be680eeb4d15337b14f bind-utils-9.3.6-20.P1.el5_8.6.x86_64.rpm d5b94ab5961f2f8e5e3eebf385d306d5a222d7857940e2cf94d324fd5c715711 caching-nameserver-9.3.6-20.P1.el5_8.6.x86_64.rpm Source: be82b584aa7f04cfca033bb0c7f312d032934f4931f51ac1793dbf79bd2ed1a3 bind-9.3.6-20.P1.el5_8.6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Mon, 7 Jan 2013 17:10:09 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CEBA-2013:0138 CentOS 6 biosdevname Update To: centos-annou...@centos.org Message-ID: 20130107171009.ga11...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2013:0138 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0138.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ca57b7da61afdaabffd43fb0ee319e16586ff0c40a1bbad1ea229eeba0c311ed biosdevname-0.3.11-1.el6_3.1.i686.rpm x86_64: fd1bd265033694aa12264416e6836f950cb004e08ef82293db850ef3ded3880f biosdevname-0.3.11-1.el6_3.1.x86_64.rpm Source: a4cb2eebd0c298bac1d173eddab9c746c9bc228d17f93c2a3921209bf489f44b biosdevname-0.3.11-1.el6_3.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 3 Date: Mon, 7 Jan 2013 17:10:21 + From: Johnny Hughes joh...@centos.org Subject: [CentOS-announce] CEBA-2013:0137 CentOS 6 tomcat6 Update To: centos-annou...@centos.org Message-ID: 20130107171021.ga11...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2013:0137 Upstream details at :
Re: [CentOS] CentOS 6.3 as Firewall/Router
On 05/01/2013 15:25, Ryan Wagoner wrote: Or don't use CentOS at all and try OpenBSD PF. The syntax is much cleaner and easier to maintain than Netfilter/IPTables and it works pretty darn well. ;) If you want to stick with linux look at Vyatta. I have 5 production installs (3 physical and 3 VMs) and upgrades have been flawless. The config resides in one file and the console has a Juniper style syntax. On a similar vein, I use pfsense as a Firewall (FreeBSD derivative) Has many features and Web GUI configuration. Seems to really do the trick for me. I tend to only use the iptables firewall in Centos for host based firewalling (basically I only edit the INPUT table), for multi-homed dedicated firewalls (i.e. using the FORWARD'ing table) something like pfsense really does it nicely. -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gigantic memory leak in Clock Applet...
On 2013-01-06 23:18, fred smith wrote: On Sun, Jan 06, 2013 at 02:43:09PM -0500, ken wrote: On 01/06/2013 09:55 AM fred smith wrote: On Sun, Jan 06, 2013 at 06:33:07AM -0500, ken wrote: Fred, Also running an up-to-date 5.8 but with just 2G of RAM, clock-applet consumes the following: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 4133 me 15 0 29568 3748 2944 S 0.0 0.2 190:51.33 clock-applet My uptime at the moment is coming on 68 days. Over time the %CPU field may flicker up to 0.3 or even 0.7, but the RES column and others are steady at the numbers you see. I should add that all Preferences which we'd expect to consume more resources (e.g., display seconds, 12-hour time) are on. [...] here's what top reports today (clock-applet has not been restarted since the event mentioned in my original posting): PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 11159 fredex16 0 263m 149m 10m S 0.3 3.8 1:36.87 clock-applet in which I note it is now up to 149m. I had that problem also a few years back (CentOS 5.1, 5.2 or so). When Googling for it, I had found several bug reports about it. While some of those bug reports had some fixes in a future version mentioned, other bugreports mentioned that the problem disappeared all by itself. And indeed, for me too, some upgrades later, the problem disappeared for me too. Then I fell over: https://blogs.oracle.com/bnitz/entry/thanks_for_the_memories https://live.gnome.org/MemoryReduction which seems to imply that the shared libraries of all stuff used by Gnome gets measured in one of the gnome programs, frequently the clock-applet apparently. That implies that this problem is a red herring. I just means that during the lifetime of Gnome, there were lots of shared libraries loaded, and that memory shows up for 1 applet only. And, yes indeed, looking carefully I notice that now the black sheep getting all the blame is the wnck-applet for me currently, instead of the clock-applet. It's using 342m memory now (68 days uptime, without logout of gnome). And yes, googling for wnck-applet memory instead of clock-applet memory brings up a very similar list of bug reports, also telling sometimes it the problem disappeared all by itself. To find out which libraries all get counted for the clock-applet, run pmap -x PID-of-clock-applet on regular times, and see where the increase in memory is coming from. -- Paul Bijnens *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., * * stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, * * ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, * * Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... * * ... Are you sure? ... YES ... Phew ... I'm out * *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sysctl -p at startup?
On 2 January 2013 17:54, Emmett Culley emm...@webengineer.com wrote: I understand that the contents of /etc/sysctl.conf should be read and executed at system startup. However that never happens and I have to run sysctl -p after every reboot to get the settings I want. This is happening on every CentOS machine and VM I have. I can see in the startup scripts that sysctl -e -p /etc/sysctl.conf /dev/null 21 is run at start up by the apply_sysctl function, yet the settings are never correct unless I run sysctl -p on the command line. Anybody know why that would be? It depends on whether the changes you are making using sysctl are being affected by other processes later on in the startup sequence I have to run sysctl -p manually in order to stop kernel messages being printed to the console as even though i have them configured off in my sysctl this is overridden at some other point and i get to find out all about SoftMAC and its scanning ways https://bugzilla.redhat.com/show_bug.cgi?id=760497 Mike: Just on a hunch, check your /etc/rsyslog.conf file and look for: # Log all kernel messages to the console. # Logging much else clutters up the screen. kern.* /dev/console If you see that, comment it out, reload rsyslog and that should take care of it. You can also play with some rules in rsyslog that can redirect the kernel output to wherever you like...or even specific kernel output (iptables, etc.) to various logs or even /dev/null :-) -- Mike Burger http://www.bubbanfriends.org It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore. --Colonel Jack O'Neill, SG1 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sysctl -p at startup?
Mike: Just on a hunch, check your /etc/rsyslog.conf file and look for: # Log all kernel messages to the console. # Logging much else clutters up the screen. kern.* /dev/console If you see that, comment it out, reload rsyslog and that should take care of it. Hi Mike yep What i did was set up a dedicated syslog server with a big /var and redirected everything below crit to that instead. Needed to run a lot of debug from a cisco router after experiencing an odd/intermittent pppoA problem so it made sense. mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gigantic memory leak in Clock Applet...
Maybe try valgrind... But after testing it on a few basic utilities like ls, find xclock, it seems that many of them do have leaks... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gigantic memory leak in Clock Applet...
John Doe wrote: Maybe try valgrind... But after testing it on a few basic utilities like ls, find xclock, it seems that many of them do have leaks... More reason to dislike gnome mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gigantic memory leak in Clock Applet...
Am 08.01.2013 um 16:19 schrieb m.r...@5-cent.us: John Doe wrote: Maybe try valgrind... But after testing it on a few basic utilities like ls, find xclock, it seems that many of them do have leaks... More reason to dislike gnome mark confirmation bias - you only see what you want to see :-) -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] After performing a reboot in VM (Virtualbox), log user on gnome not display the desktop.
After performing a reboot in VM (Virtualbox) which had been stopped, the User logs in but does not display the desktop leaving only the background image. The services are all active, can access and use the VM via ssh, but the Desktop died. I do not know where to begin to solve this problem. Any idea? Thanks - Rudinei Dias ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gigantic memory leak in Clock Applet...
Leon Fauster wrote: Am 08.01.2013 um 16:19 schrieb m.r...@5-cent.us: John Doe wrote: Maybe try valgrind... But after testing it on a few basic utilities like ls, find xclock, it seems that many of them do have leaks... More reason to dislike gnome confirmation bias - you only see what you want to see :-) Along with bloat, and then there's things like trying to configure it *bleah*. And I used to complain that to run kde, you needed a dozen things running... at least kde acts the way I expect a GUI on a -UNIX--derived o/s to work. Gnome, with its k3wl interface (don't start - I just installed the latest fc17 on someone's workstation), and its menus that wave, or the one on ubuntu that my stepson was using for a while, that exploded when they went away If you really, really want an o/s with a GUI accepted, make it acceptable by businesses, where non-computerphiles learn to use 'em. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sysctl -p at startup?
On 01/08/2013 02:58 AM, Michael Simpson wrote: On 2 January 2013 17:54, Emmett Culley emm...@webengineer.com wrote: I understand that the contents of /etc/sysctl.conf should be read and executed at system startup. However that never happens and I have to run sysctl -p after every reboot to get the settings I want. This is happening on every CentOS machine and VM I have. I can see in the startup scripts that sysctl -e -p /etc/sysctl.conf /dev/null 21 is run at start up by the apply_sysctl function, yet the settings are never correct unless I run sysctl -p on the command line. Anybody know why that would be? It depends on whether the changes you are making using sysctl are being affected by other processes later on in the startup sequence I have to run sysctl -p manually in order to stop kernel messages being printed to the console as even though i have them configured off in my sysctl this is overridden at some other point and i get to find out all about SoftMAC and its scanning ways https://bugzilla.redhat.com/show_bug.cgi?id=760497 mike I ended up putting sysctl -p in to /etc/rc.local, which fixed the problem. I thought I'd read the rc.local is deprecated, so I resisted using it. Oh well... Emmett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fencing a Dell T110 II
I think I know the answer to this question based on all of the research I've done, but figured I'd ask anyway. I needed a couple of servers for an HA cluster, and our order guy here ordered me a couple of Dell PowerEdge T110 II. I'd planned on using IPMI to fence these things with, but later found out that this model is only one of two PE servers Dell sells that has a stripped down BMC on it, and allows only local access. It's my fault for not looking closer at the specs, but I figured a PowerEdge server would have the stuff I needed. So now I'm looking for a way to fence these without purchasing more equipment. I thought maybe IF-MIB, but I can't discover enough about that to determine whether that'll work for me. I find it strange that using Conga (luci) from a third administration server I can reboot these two Dell nodes, and wonder why that works, how it's done, and why that wouldn't work as a fence method. Any one dealt with this particular Dell PE and fencing in any form other than using something like an APC fence? Thanks for any suggests. I've pretty much wore Google out, and I'm now in that round-robin mode of results where everything leads back to the same pages on different servers. steve campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Why is localhost self-signed cert a CA cert?
I am building a mail server on Centos 6.3 and working with OpenSSL to create a self-signed certificate for mail use. Along the line of learning the 'best' options to use for OpenSSL and dealing with the default SSL virtual host for Apache, I discovered that the localhost cert created (I believe) during firstboot has the X509v3 extensions set as a CA cert (eg basicConstraint CA:TRUE). I was once very involved in PKIX and legal issues on certificate policy. Having the localhost cert being a CA cert, thus allowed to sign other certs, MAY have legal implications in the USofA and EU. Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Oh you can see this for yourself with: openssl x509 -in /etc/pki/certs/localhost.crt -text -nameopt multiline -noout|more ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sysctl -p at startup?
Am 08.01.2013 um 20:25 schrieb Emmett Culley: On 01/08/2013 02:58 AM, Michael Simpson wrote: On 2 January 2013 17:54, Emmett Culley emm...@webengineer.com wrote: I understand that the contents of /etc/sysctl.conf should be read and executed at system startup. However that never happens and I have to run sysctl -p after every reboot to get the settings I want. This is happening on every CentOS machine and VM I have. I can see in the startup scripts that sysctl -e -p /etc/sysctl.conf /dev/null 21 is run at start up by the apply_sysctl function, yet the settings are never correct unless I run sysctl -p on the command line. Anybody know why that would be? It depends on whether the changes you are making using sysctl are being affected by other processes later on in the startup sequence I have to run sysctl -p manually in order to stop kernel messages being printed to the console as even though i have them configured off in my sysctl this is overridden at some other point and i get to find out all about SoftMAC and its scanning ways https://bugzilla.redhat.com/show_bug.cgi?id=760497 mike I ended up putting sysctl -p in to /etc/rc.local, which fixed the problem. I thought I'd read the rc.local is deprecated, so I resisted using it. Oh well... for sysctl configs i suggest the /etc/sysctl.d directory (create it if ...) for example: $ cat /etc/sysctl.d/vpn.conf net.ipv4.ip_forward = 1 -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fencing a Dell T110 II
Greetings, On Wed, Jan 9, 2013 at 1:08 AM, Steve Campbell campb...@cnpapers.comwrote: Any one dealt with this particular Dell PE and fencing in any form other than using something like an APC fence? IMHO, I am afraid that is the only choice you have. -- Regards, Rajagopal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 11:49 AM, Robert Moskowitz wrote: Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Because it has to be able to sign itself? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] wiping out data on a disk (no physical acess to the machine)
Hi, I need to securely wipe out a disk on a remote machine, but I don't have access to that machine. Therefore I cannot use the LiveCD+shred (or dd) combination. Besides manually shreding known data files, I am wondering if there is a (free) tool that can be used in my case. Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] wiping out data on a disk (no physical acess to the machine)
On 01/08/2013 05:06 PM, Yungwei Chen wrote: I need to securely wipe out a disk on a remote machine, but I don't have access to that machine. Therefore I cannot use the LiveCD+shred (or dd) combination. Besides manually shreding known data files, I am wondering if there is a (free) tool that can be used in my case. Thanks. I hoping that you mean to physical access but you can make an ssh connection. If so, here are the steps. Note that you'll need to replace /dev/sdXX with the device of your swap part- ition and /dev/sdX with the device of the hard drive. It will run for several hours and leave you with a blank hard drive. 1) connect using ssh and stop all services 2) swapoff /dev/sdXX 3) shred -n5 -z -v /dev/sdX 4) echo 1 /proc/sys/kernel/sysrq 6) echo o /proc/sysrq-trigger c ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fencing a Dell T110 II
On 1/8/2013 11:38 AM, Steve Campbell wrote: Any one dealt with this particular Dell PE and fencing in any form other than using something like an APC fence? what about fencing via your storage switch? thats the way I've setup several clusters. the standby server is warm and running, but has no access to the shared storage as its ports on the SAN switch are disabled. this can be done with ethernet or fiberchannel attached storage. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 05:07 PM, Gordon Messmer wrote: On 01/08/2013 11:49 AM, Robert Moskowitz wrote: Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Because it has to be able to sign itself? No. A self-signed cert need not and actually SHOULD not be a CA cert according to PKIX standards. CA is for signing other certs. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 05:07 PM, Gordon Messmer wrote: On 01/08/2013 11:49 AM, Robert Moskowitz wrote: Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Because it has to be able to sign itself? I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition. But a self-signed server cert is not a CA root cert ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On Jan 8, 2013, at 4:27 PM, Robert Moskowitz wrote: On 01/08/2013 05:07 PM, Gordon Messmer wrote: On 01/08/2013 11:49 AM, Robert Moskowitz wrote: Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Because it has to be able to sign itself? I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition. But a self-signed server cert is not a CA root cert it is a CA root certificate if I say it is. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 03:27 PM, Robert Moskowitz wrote: I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition. Yes. But a self-signed server cert is not a CA root cert Yes, it is. A certificate is a root cert unless some other certificate has signed it. x509 creates a chain of trust. The root of that chain is the certificate which has no other certificate's signature on it. A self-signed cert is its own root, and all root certificates are self-signed. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] wiping out data on a disk (no physical acess to the machine)
Thanks. Is it possible that shred exit abnormally in any case (for example, some files that it relies on have been shreded)? -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Carl T. Miller Sent: Tuesday, January 08, 2013 4:36 PM To: CentOS mailing list Subject: Re: [CentOS] wiping out data on a disk (no physical acess to the machine) On 01/08/2013 05:06 PM, Yungwei Chen wrote: I need to securely wipe out a disk on a remote machine, but I don't have access to that machine. Therefore I cannot use the LiveCD+shred (or dd) combination. Besides manually shreding known data files, I am wondering if there is a (free) tool that can be used in my case. Thanks. I hoping that you mean to physical access but you can make an ssh connection. If so, here are the steps. Note that you'll need to replace /dev/sdXX with the device of your swap part- ition and /dev/sdX with the device of the hard drive. It will run for several hours and leave you with a blank hard drive. 1) connect using ssh and stop all services 2) swapoff /dev/sdXX 3) shred -n5 -z -v /dev/sdX 4) echo 1 /proc/sys/kernel/sysrq 6) echo o /proc/sysrq-trigger c ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] wiping out data on a disk (no physical acess to the machine)
On Tue, 8 Jan 2013 18:57:03 -0500 Yungwei Chen wrote: Thanks. Is it possible that shred exit abnormally in any case (for example, some files that it relies on have been shreded)? Without physical access to the machine so you can see (and control) what is actually going on, there is no way to 100% guarantee that the data is completely destroyed. Many things could theoretically cause the process to end before completion, including someone on the other end simply disconnecting the power. If it absolutely has to be destroyed, then the only completely reliable way is to physically take control of the machine and carry on from there. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 06:31 PM, Craig White wrote: On Jan 8, 2013, at 4:27 PM, Robert Moskowitz wrote: On 01/08/2013 05:07 PM, Gordon Messmer wrote: On 01/08/2013 11:49 AM, Robert Moskowitz wrote: Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Because it has to be able to sign itself? I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition. But a self-signed server cert is not a CA root cert it is a CA root certificate if I say it is. Fine. Be that way. But then you still need a server cert to use in the SSL default virtual host. Root certs are for signing other certs, not for using directly in applications. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 06:38 PM, Gordon Messmer wrote: On 01/08/2013 03:27 PM, Robert Moskowitz wrote: I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition. Yes. But a self-signed server cert is not a CA root cert Yes, it is. A certificate is a root cert unless some other certificate has signed it. x509 creates a chain of trust. The root of that chain is the certificate which has no other certificate's signature on it. A self-signed cert is its own root, and all root certificates are self-signed. CA:TRUE means it is a signing cert. In RFC 5280, app C.2 end-entity cert: (g) the certificate is an end entity certificate, as the basic constraints extension is not present; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 04:42 PM, Robert Moskowitz wrote: CA:TRUE means it is a signing cert. In RFC 5280, app C.2 end-entity cert: (g) the certificate is an end entity certificate, as the basic constraints extension is not present; OK. If you want to suggest to Red Hat use -extensions v3_req, you'll probably need to do so as a paying customer, in bugzilla. why probably isn't a question for this list. CentOS simply rebuilds the source that Red Hat provides. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 06:31 PM, Craig White wrote: On Jan 8, 2013, at 4:27 PM, Robert Moskowitz wrote: On 01/08/2013 05:07 PM, Gordon Messmer wrote: On 01/08/2013 11:49 AM, Robert Moskowitz wrote: Why was this chosen? Why is not -extensions v3_req used in the certificate creation? Because it has to be able to sign itself? I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition. But a self-signed server cert is not a CA root cert it is a CA root certificate if I say it is. On further review there is a /etc/pki/CA/certs (and .../CA/private) for the placement of CA certs. /etc/pki/tls is for end-entity certs. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is localhost self-signed cert a CA cert?
On 01/08/2013 08:15 PM, Gordon Messmer wrote: On 01/08/2013 04:42 PM, Robert Moskowitz wrote: CA:TRUE means it is a signing cert. In RFC 5280, app C.2 end-entity cert: (g) the certificate is an end entity certificate, as the basic constraints extension is not present; OK. If you want to suggest to Red Hat use -extensions v3_req, you'll probably need to do so as a paying customer, in bugzilla. why probably isn't a question for this list. CentOS simply rebuilds the source that Red Hat provides. I know that I would have to take this to bugzilla if my reading was correct. And on further review, I am holding more that way. So I will put in the bug report even without being a paying customer. Just my cred on working on PKIX back a decade ago and being the architect of the Bridge CA model for the US Federal and BioPharma PKIs... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] video capture
On Mon, Jan 7, 2013 at 2:28 AM, Rajagopal Swaminathan wrote: On Sun, Jan 6, 2013 at 11:01 PM, Mark LaPierre wrote: Hey all, I'm looking for a application that I can use to capture video from a USB web camera. I have Cheese Webcam Booth 2.28.1 installed but it leaves a lot to be desired in the video capture field. Things like actually working. It does an adequate job of snagging a batch of single images in burst mode. Any suggestions? Not sure if zonemider will help you. http://www.zoneminder.com/ MythTV or a combination of zoneminder and mythtv (as suggested in ref. below) Ref: http://www.mythtv.org/pipermail/mythtv-users/2011-January/308646.html Ref. http://www.gossamer-threads.com/lists/mythtv/users/420901 Keep us posted on how your project works out. I suggest mythbuntu 12.04.1 if you decide to go with MythTV. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Cloud freeware suggestion
Hi, Is someone has some experience with a nice freeware tool like DropBox that I can use on CentOS apache server. I see owncloud, it's a nice tool that I can use with my AD server. Some experience with other freeware tool ? Regards. __ Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing ! Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message. __ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos