[CentOS] Is ATRPMs dead?

[Cal Sawyer]

Haven't been able to reach atrpms.net for over a week from London, UK, 
when i last looked for it after a couple of intervening months. Did i 
miss something?


And if atrpms is truly defunct, where's a good place to obtain updated 
versions of vlc and mplayer now?


thanks!

- cal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is ATRPMs dead?

[Earl A Ramirez]

On 14 Sep 2015 14:12, "Cal Sawyer"  wrote:
>
> Haven't been able to reach atrpms.net for over a week from London, UK,
when i last looked for it after a couple of intervening months. Did i miss
something?
>
> And if atrpms is truly defunct, where's a good place to obtain updated
versions of vlc and mplayer now?
>
> thanks!
>
> - cal
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

Have never used ATRPMS but a good alternative for at least VLC is Nux repo;
I have been using it since EL 6 and it works just as good on EL 7.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] libvirt, xen PV, qemu-system-i386, root user

[Karel Hendrych]

Good test, non-buffered dom0 dd write speed is similar with tap2.

I'll likely stay with the QEMU backend. Are there any best practises 
regarding security, at least if QEMU can operate under non-root account?


Cheers
--
Karel

On 12.9.2015 10:51, Pasi Kärkkäinen wrote:

On Sat, Sep 12, 2015 at 01:35:48AM +0200, Karel Hendrych wrote:

Comparing simple dd bs=1M count=1 on dom0 vs domU. Qemu driver
is achieving pretty much the same like dom0.



So you're measuring buffered speed. Try measuring non-buffered (iflag=direct or 
oflag=direct, depending if you're reading or writing).

-- Pasi


Thanks
--
Karel

On 7.9.2015 21:45, Pasi Kärkkäinen wrote:

On Mon, Sep 07, 2015 at 05:47:39PM +0200, Karel Hendrych wrote:

...

changing from:  to:  makes
the domain start without QEMU.

However I see much better performance with QEMU (close to dom0,
tested using simple dd writes) than with tap2 driver. Is that
expected?



How did you measure it? buffered or direct io?


-- Pasi



What's best practise to file based storage on latest CentOS6-xen
(Kernel 3.18.17, Xen 4.4.2-7)

Are there any guides around running QEMU on CentOS6-xen as non-root user?

Cheers
--
Karel

On 7.9.2015 17:42, Karel Hendrych wrote:

Hi, spot on!


On 6.9.2015 12:56, Pasi Kärkkäinen wrote:

On Sun, Sep 06, 2015 at 09:08:50AM +0200, Karel Hendrych wrote:

Hi, after migrating to libvirt/libxl according to:



Hi,


https://wiki.centos.org/HowTos/Xen/Xen4QuickStart/Xen4Libvirt

I've noticed that my Xen PV domains are being launched by
qemu-system-i386 running under root privileges.

I am wondering why is this? Previously no qemu process was used.

If qemu is needed for some reason, are there any guidelines for
non-root operation?



In general qemu is used for the following purposes:

- for certain domU disk backend types (image files), and/or if there's
no blktap driver in dom0 kernel.
- domU graphical console (PVFB) VNC server, if it's enabled for the domU.



--
Karel Hendrych



-- Pasi

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] centos 7 on older macbook pro

[qui]

Does anyone else run a CentOS (not necessarily 7) on Apple hardware,
particularly laptops (and not in a VM)?  If so, any pointers on making
life easier?  TBH I don't really know exactly what I want to use it for
yet, so suggestions there would be helpful too.

--keith


Hi,
I tried CentOS on a late 2008 MB, but quickly uninstalled it due to 
wifi/ethernet issues.
I switched to Fedora 22 which installed nicely. I had to fiddle a bit 
for wifi, but I don't recall

the necessary steps...

q
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is ATRPMs dead?

[m . roth]

Earl A Ramirez wrote:
> On 14 Sep 2015 14:12, "Cal Sawyer"  wrote:
>>
>> Haven't been able to reach atrpms.net for over a week from London, UK,
> when i last looked for it after a couple of intervening months. Did i miss
> something?
>>
>> And if atrpms is truly defunct, where's a good place to obtain updated
> versions of vlc and mplayer now?
>>
mplayer is in the rpm fusion repo, which is one of the std. repos, and has
always been compatible with base.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is ATRPMs dead?

[John Hodrien]

On Mon, 14 Sep 2015, m.r...@5-cent.us wrote:


mplayer is in the rpm fusion repo, which is one of the std. repos, and has
always been compatible with base.


I'd make sure you cast an eye in the direction of nux-dextop.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 yum search giving Could not retrieve mirrorlist

[Shawn Parks - CMAC]

Centos main list,
  I am working on a Centos 7 system and trying to do the following.

 yum search cups-lpd

I am getting the following


Could not retrieve mirrorlist 
http://mirrorlist.centos.org/?release=7=x86_64=os=stock 
error was
12: Timeout on 
http://mirrorlist.centos.org/?release=7=x86_64=os=stock: 
(28, 'Resolving timed out after 30382 milliseconds')



 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the 
only

 safe thing yum can do is fail. There are a few ways to work "fix" this:

 1. Contact the upstream for the repository and get them to fix the 
problem.


 2. Reconfigure the baseurl/etc. for the repository, to point to a 
working

upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and 
the

packages for the previous distribution release still work).

 3. Disable the repository, so yum won't use it by default. Yum will 
then
just ignore the repository until you permanently enable it again 
or use

--enablerepo for temporary usage:

yum-config-manager --disable 

 4. Configure the failing repository to be skipped, if it is 
unavailable.
Note that yum will try to contact the repo. when it runs most 
commands,
so will have to try and fail each time (and thus. yum will be be 
much
slower). If it is a very temporary problem though, this is often 
a nice

compromise:

yum-config-manager --save 
--setopt=.skip_if_unavailable=true


Cannot find a valid baseurl for repo: base/7/x86_64




I am using cups on this Centos 7 machine.  Which prints fine from the 
Centos to my

print queue's

However I have an Sco Unix system using lpd printing that I am trying to 
send print
jobs to the Centos 7 system and those are not even getting to the 
system.

  I get message: waiting on queue to be enabled


QUESTION FOR main list:
Is the Centos 7 "yum" commands being worked on?
When might this be fixed?

Thanks,
Shawn ( CMAC )
phone 618 / 242 - 4020  ext 21
  fax 618 / 242 - 3383
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 yum search giving Could not retrieve mirrorlist

[Eero Volotinen]

Is your dns working correctly? (for example get hostname for
mirrorlist.centos.org, try using command 'host mirrorlist.centos.org)

--
Eero

2015-09-14 18:59 GMT+03:00 Shawn Parks - CMAC :

> Centos main list,
>   I am working on a Centos 7 system and trying to do the following.
>
>  yum search cups-lpd
>
> I am getting the following
> 
>
> Could not retrieve mirrorlist
> http://mirrorlist.centos.org/?release=7=x86_64=os=stock
> error was
> 12: Timeout on
> http://mirrorlist.centos.org/?release=7=x86_64=os=stock:
> (28, 'Resolving timed out after 30382 milliseconds')
>
>
>  One of the configured repositories failed (Unknown),
>  and yum doesn't have enough cached data to continue. At this point the
> only
>  safe thing yum can do is fail. There are a few ways to work "fix" this:
>
>  1. Contact the upstream for the repository and get them to fix the
> problem.
>
>  2. Reconfigure the baseurl/etc. for the repository, to point to a
> working
> upstream. This is most often useful if you are using a newer
> distribution release than is supported by the repository (and the
> packages for the previous distribution release still work).
>
>  3. Disable the repository, so yum won't use it by default. Yum will
> then
> just ignore the repository until you permanently enable it again
> or use
> --enablerepo for temporary usage:
>
> yum-config-manager --disable 
>
>  4. Configure the failing repository to be skipped, if it is
> unavailable.
> Note that yum will try to contact the repo. when it runs most
> commands,
> so will have to try and fail each time (and thus. yum will be be
> much
> slower). If it is a very temporary problem though, this is often a
> nice
> compromise:
>
> yum-config-manager --save
> --setopt=.skip_if_unavailable=true
>
> Cannot find a valid baseurl for repo: base/7/x86_64
>
> 
>
>
> I am using cups on this Centos 7 machine.  Which prints fine from the
> Centos to my
> print queue's
>
> However I have an Sco Unix system using lpd printing that I am trying to
> send print
> jobs to the Centos 7 system and those are not even getting to the system.
>   I get message: waiting on queue to be enabled
>
>
> QUESTION FOR main list:
> Is the Centos 7 "yum" commands being worked on?
> When might this be fixed?
>
> Thanks,
> Shawn ( CMAC )
> phone 618 / 242 - 4020  ext 21
>   fax 618 / 242 - 3383
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 7 on older macbook pro

[Johnny Hughes]

On 09/13/2015 09:25 PM, Keith Keller wrote:
> On 2015-09-14, Hal Wigoda wrote:
>> Use Oracles VM VirtualBox.
> 
> Well, I explicitly don't want to do that, since it uses even more
> resources than OS X by itself.  Having linux run on the bare metal
> without OS X should be much more efficient.
> 
>> On Sun, Sep 13, 2015 at 9:33 PM, Keith Keller wrote:
>>> Then I got to the point of configuring wifi, and of course being a MBP,
>>> it has a proprietary Broadcom interface.  I followed the instructions on
>>> the wiki (https://wiki.centos.org/HowTos/Laptops/Wireless/Broadcom), but
>>> had some trouble with it coming back up after a sleep.  That plus some
>>> other issues (it ran hot just running a browser, for example) are making
>>> me question whether this is a good idea.
> 
> As sometimes happens, I wrote too soon.  I think the wifi issue may have
> been a misconfiguration on my part, and so far Firefox has been fine.
> It could have been a transient issue that I unintentionally resolved.
> 
> I was really surprised to see that streaming video and audio worked
> without having to do anything.  And even KDE has not been too much of a
> dog so far, though I'm still thinking to install something like fluxbox
> or blackbox.  I actually haven't had a linux desktop in a long time so
> I'm very much out of practice.
> 
> So far, after the first hiccups, CentOS 7 has been much faster on the
> old MBP than OS X is.  I'm optimistic that I can find a use for it, even
> if it's just having a laptop I can use if my family wants the new MBP.
> 
> --keith
> 
> 

I think xfce is part of EPEL .. I use MATE from EPEL and there is also
Cinnamon there.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 yum search giving Could not retrieve mirrorlist

[John Hodrien]

On Mon, 14 Sep 2015, Shawn Parks - CMAC wrote:


Is the Centos 7 "yum" commands being worked on?
When might this be fixed?


That URL works just fine for me right now.

http://mirrorlist.centos.org/?release=7=x86_64=os=stock

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 7 on older macbook pro

[Keith Keller]

On 2015-09-14, Johnny Hughes  wrote:
>
> I think xfce is part of EPEL .. I use MATE from EPEL and there is also
> Cinnamon there.

I believe you're right about xfce.  I'm so out of it I hadn't even heard
of MATE or Cinnamon.  :)  They seem more like DEs, what are folks using
as straight window managers?

I showed my son, who's only really used OS X, focus follows mouse and
autoraise.  He was not as impressed as I was hoping.  ;-)

--keith

-- 
kkel...@wombat.san-francisco.ca.us


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 7 on older macbook pro

[Scott Robbins]

On Mon, Sep 14, 2015 at 10:27:32AM -0700, Keith Keller wrote:
> On 2015-09-14, Johnny Hughes  wrote:
> >
> > I think xfce is part of EPEL .. I use MATE from EPEL and there is also
> > Cinnamon there.
> 
> I believe you're right about xfce.  I'm so out of it I hadn't even heard
> of MATE or Cinnamon.  :)  They seem more like DEs, what are folks using
> as straight window managers?
Yes, they're DE's.  Openbox has probably replaced fluxbox as everyone's
favorite stacking window manager, and dwm is one of the better tiling ones.  
As mentioned, blackbox is no longer developed at all--I know it's still
available in FreeBSD ports, but haven't installed it in years.

I believe XFCE counts as a DE too. There's also LXDE, which, as the DE
indicates, is a desktop environment, but somewhat lighter. 


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LUKS encypted partition using --key-file can only be decrypted with --key-file

[Digimer]

On 04/03/15 06:33 PM, Robert Nichols wrote:
> On 03/04/2015 03:16 PM, Digimer wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hi all,
>>
>>I created a LUKS encrypted partition via a udev-triggered script on
>> 6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the
>> LUKS partition via script and manually using --key-file with luksOpen.
>>
>>The odd problem is that I can't decrypt the partition using the
>> prompt. If I manually create a file with the passphrase in it and then
>> point to it with --key-file, it decrypts fine. I used 'cat -A
>> /tmp/foo' to verify that there was no '\n' at the end of the phrase.
>>
>>Is this expected behaviour? That is; If you create an encrypted
>> partition using --key-file, you always decrypt with the same? If so, I
>> can't understand the logic... If not, then I am not sure what I am
>> doing wrong.
> 
> Try again including "--hash plain" on the command line.  When the
> key is read from a keyfile, no hash is used and the key is simply
> truncated to the correct length (too short is an error). A key read
> from the terminal or from stdin is hashed, then truncated or padded
> to the proper length.
> 
> See "NOTES ON PASSWORD PROCESSING" in the cryptsetup manpage.
> Presumably, if you stored the hashed key phrase in the keyfile
> (DAMHTDT) it would work from the terminal without "--hash -plain".

Reviving a very old thread...

I tried this (cryptsetup --hash plain luksOpen /dev/sdb1 sdb1) but it
fails to recognize the passphrase at the command line still. When I
tried to use '--hash plain' on luksFormat, I get:

[root@dashboard1 ~]# echo YES | cryptsetup --hash plain luksFormat
/dev/sdb1 /tmp/password
Requested LUKS hash plain is not supported.

I suspect I'm misunderstanding something. I've read "NOTES ON PASSWORD
PROCESSING" and as best I can figure, the root of the problem is the
padding. I'm not so strong on security, so when I look at /proc/crypto,
I get lost.

Is there a "for dummies" document that I could look at to do what it is
I am trying to do? That is; create the encrypted device from a script
(which is why I am using --key-file) and then decrypt it later with
normal STDIN via cryptsetup luksOpen?

Thanks!

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 7 on older macbook pro

[Scott Robbins]

On Mon, Sep 14, 2015 at 09:18:56AM -0600, Johnny Hughes wrote:


> > 
> > I was really surprised to see that streaming video and audio worked
> > without having to do anything.  And even KDE has not been too much of a
> > dog so far, though I'm still thinking to install something like fluxbox
> > or blackbox.  I actually haven't had a linux desktop in a long time so
> > I'm very much out of practice.

Blackbox hasn't been developed in years.  Fluxbox is still being developed
though, and is still a nice desktop.


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsyslog for chrooted sftp users has stopped working -- Centos 6.6

[Jeff Cours]

And no sooner do I send the email than I spot the problem. Oops! Sorry
about that.

The sshd_config needed to contain a different internal-sftp line:

Match User test-sftp-only
  ChrootDirectory /home/sftp/mcsosftp
  ForceCommand internal-sftp -f AUTHPRIV -l INFO
  PasswordAuthentication no
  AuthorizedKeysCommand /usr/local/bin/get_sftp_key

That's gotten the test server working.

Unfortunately, the production server already has that setting, so it's back
to eliminating differences.

Jeff


On Mon, Sep 14, 2015 at 6:32 PM, Jeff Cours  wrote:

> Hello everyone,
>
> We have some chrooted sftp-only users on a CentOS release 6.6 server. The
> server had been logging their actions, but after recent updates the logs
> have stopped.
>
> The server correctly logs non-chrooted users:
>
> Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours
> from 192.168.10.166 port 42545 ssh2
> Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session): session
> opened for user jcours by (uid=0)
> Sep 14 17:47:24 vsecure4 sshd[1983]: subsystem request for sftp
> Sep 14 17:47:24 vsecure4 internal-sftp[1984]: session opened for local
> user jcours from [192.168.10.166]
> Sep 14 17:47:24 vsecure4 internal-sftp[1984]: opendir "/home/jcours"
> Sep 14 17:47:24 vsecure4 internal-sftp[1984]: closedir "/home/jcours"
> Sep 14 17:47:49 vsecure4 internal-sftp[1984]: session closed for local
> user jcours from [192.168.10.166]
> Sep 14 17:47:19 vsecure4 sshd[1977]: pam_unix(sshd:session): session
> closed for user jcours
>
> but log messages for chrooted users do not appear:
>
> Sep 14 17:08:11 vsecure4 sshd[1730]: Accepted publickey for
> test-sftp-only from 192.168.10.166 port 41723 ssh2
> Sep 14 17:08:11 vsecure4 sshd[1730]: pam_unix(sshd:session): session
> opened for user test-sftp-only by (uid=0)
> Sep 14 17:08:11 vsecure4 sshd[1734]: subsystem request for sftp
> Sep 14 17:08:22 vsecure4 sshd[1730]: pam_unix(sshd:session): session
> closed for user test-sftp-only
>
> Notice that there are no "opendir" or "closedir" messages for the chrooted
> user, or anything else from the internal-sftp system, for that matter.
>
> /etc/sshd_config contains these settings:
>
> Subsystem sftp internal-sftp -f AUTHPRIV -l INFO
>
> Match User test-sftp-only
>   ChrootDirectory /home/sftp/mcsosftp
>   ForceCommand internal-sftp
>   PasswordAuthentication no
>   AuthorizedKeysCommand /usr/local/bin/get_sftp_key
>
> We've been setting up chrooted logging using this sequence:
>
> sudo mkdir /home/sftp/mcsosftp/dev
> sudo touch /home/sftp/mcsosftp/dev/log
> sudo chattr +i /home/sftp/mcsosftp/dev
> sudo mount --bind /dev/log /home/sftp/mcsosftp/dev/log
>
> /etc/rsyslog.conf includes the standard stuff for authpriv:
>
> # The authpriv file has restricted access.
> authpriv.*  /var/log/secure
>
> I've tried forcing rsyslog.conf to listen to /dev/log:
>
> # We should be listening here.
> $SystemLogSocketName /dev/log
>
> I've also tried removing the hard-mounted /home/sftp/mcsosftp/dev/log and
> instead using this in /etc/rsyslog.conf:
>
> # For chrooted users, generally sftp-only users.
> $AddUnixListenSocket /home/sftp/mcsosftp/dev/log
>
> Neither approach seemed to help the problem, though rsyslogd does appear
> to be listening to the sockets:
>
> $ sudo lsof -c rsyslogd | grep dev/log
> lsof: WARNING: can't stat() devtmpfs file system /home/sftp/dev/log
> (deleted)
>   Output information may be incomplete.
> rsyslogd 1963 root0u  unix 0xdc100040  0t0  15419 /dev/log
> rsyslogd 1963 root3u  unix 0xdbd27dc0  0t0  15421
> /home/sftp/mcsosftp/dev/log
>
> and file identifies both as sockets:
>
> $ file /dev/log
> /dev/log: socket
>
> $ sudo file /home/sftp/mcsosftp/dev/log
> /home/sftp/mcsosftp/dev/log: socket
>
> Here's additional system info for the development server I'm using to
> debug the problem:
>
> $ ls -l /dev/log
> srw-rw-rw- 1 root root 0 Sep 14 17:43 /dev/log
>
> $ sudo ls -l /home/sftp/mcsosftp/dev/log
> srw-rw-rw- 1 root root 0 Sep 14 17:43 /home/sftp/mcsosftp/dev/log
>
> $ ls -l /dev | grep log
> srw-rw-rw- 1 root root   0 Sep 14 17:43 log
> crw-rw 1 root root 10, 227 Sep 14 15:23 mcelog
>
> $ sudo ls -l /home/sftp/mcsosftp/dev | grep log
> srw-rw-rw- 1 root root 0 Sep 14 17:43 log
>
> $ cat /etc/redhat-release
> CentOS release 6.6 (Final)
>
> $ sestatus
> SELinux status: disabled
>
> $ grep test-sftp-only /etc/passwd
> test-sftp-only:x:507:507:Test SFTP
> Only:/home/sftp/mcsosftp:/sbin/nologin
>
> $ sudo yum list installed | egrep -E 'rsyslog|ssh|sftp'
> libssh2.i686   1.4.2-1.el6_6.1@updates
> openssh.i686   

Re: [CentOS] CentOS-6 - LogWatch

[Always Learning]

On Mon, 2015-09-14 at 14:51 -0400, James B. Byrne wrote:

> The Logwatch imapd service script distributed with CentOS-6 does not
> generate anything when I run logwatch --service all on a cyrus-imapd
> host.  Is this expected behaviour?  Is there a separate script for
> cyrus-imapd or are their configuration options required to get the
> existing script to work.

1. Check there is data in the log file(s).

2. Ensure Logwatch has the correct location and names of your log files.

Check:  /usr/share/logwatch/default.conf/logfiles/ - there should be a
'imapd' file there. I don't use imapd and there is no such file on my
instances of C6.

Using my /usr/share/logwatch/default.conf/logfiles/exim.conf as an
example (I don't use any of these entries):-

> # Which logfile group...
> LogFile = exim/main.log
> LogFile = exim/mainlog
> LogFile = exim4/mainlog
> Archive = exim/main.log.*
> Archive = archiv/exim/main.log.*
> Archive = exim/mainlog.*
> Archive = exim4/mainlog.*
> Archive = exim/main.log-*
> Archive = archiv/exim/main.log-*
> Archive = exim/mainlog-*
> Archive = exim4/mainlog-*

User changes should be in: /etc/logwatch/conf/logfiles

My /etc/logwatch/conf/logfiles/eximlog.conf has:-

> # Server 4
> # This is : /etc/logwatch/conf/logfiles/eximlog.conf
> # Referenced by : /etc/logwatch/conf/services/exim.conf
> 
> LogFile = exim/m4.main
> Archive = /data/logs.old/exim/m4.main.*


3. The name I use 'eximlog.conf' is defined
in /etc/logwatch/conf/services/exim.conf


4. Check for a script in: /usr/share/logwatch/scripts/services/imapd

5. Put modifications (whole replacement scripts)
in /etc/logwatch/scripts/services/imapd


6. You can then test Logwatch by logging-on to the server and typing

logwatch --print --service imapd  --range today

The range can also be: yesterday or even '-21 days' (with apostrophes)

The problem with log watch is far too many names identical or almost
identical.

Good Luck.


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] rsyslog for chrooted sftp users has stopped working -- Centos 6.6

[Jeff Cours]

Hello everyone,

We have some chrooted sftp-only users on a CentOS release 6.6 server. The
server had been logging their actions, but after recent updates the logs
have stopped.

The server correctly logs non-chrooted users:

Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from
192.168.10.166 port 42545 ssh2
Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session): session
opened for user jcours by (uid=0)
Sep 14 17:47:24 vsecure4 sshd[1983]: subsystem request for sftp
Sep 14 17:47:24 vsecure4 internal-sftp[1984]: session opened for local
user jcours from [192.168.10.166]
Sep 14 17:47:24 vsecure4 internal-sftp[1984]: opendir "/home/jcours"
Sep 14 17:47:24 vsecure4 internal-sftp[1984]: closedir "/home/jcours"
Sep 14 17:47:49 vsecure4 internal-sftp[1984]: session closed for local
user jcours from [192.168.10.166]
Sep 14 17:47:19 vsecure4 sshd[1977]: pam_unix(sshd:session): session
closed for user jcours

but log messages for chrooted users do not appear:

Sep 14 17:08:11 vsecure4 sshd[1730]: Accepted publickey for
test-sftp-only from 192.168.10.166 port 41723 ssh2
Sep 14 17:08:11 vsecure4 sshd[1730]: pam_unix(sshd:session): session
opened for user test-sftp-only by (uid=0)
Sep 14 17:08:11 vsecure4 sshd[1734]: subsystem request for sftp
Sep 14 17:08:22 vsecure4 sshd[1730]: pam_unix(sshd:session): session
closed for user test-sftp-only

Notice that there are no "opendir" or "closedir" messages for the chrooted
user, or anything else from the internal-sftp system, for that matter.

/etc/sshd_config contains these settings:

Subsystem sftp internal-sftp -f AUTHPRIV -l INFO

Match User test-sftp-only
  ChrootDirectory /home/sftp/mcsosftp
  ForceCommand internal-sftp
  PasswordAuthentication no
  AuthorizedKeysCommand /usr/local/bin/get_sftp_key

We've been setting up chrooted logging using this sequence:

sudo mkdir /home/sftp/mcsosftp/dev
sudo touch /home/sftp/mcsosftp/dev/log
sudo chattr +i /home/sftp/mcsosftp/dev
sudo mount --bind /dev/log /home/sftp/mcsosftp/dev/log

/etc/rsyslog.conf includes the standard stuff for authpriv:

# The authpriv file has restricted access.
authpriv.*  /var/log/secure

I've tried forcing rsyslog.conf to listen to /dev/log:

# We should be listening here.
$SystemLogSocketName /dev/log

I've also tried removing the hard-mounted /home/sftp/mcsosftp/dev/log and
instead using this in /etc/rsyslog.conf:

# For chrooted users, generally sftp-only users.
$AddUnixListenSocket /home/sftp/mcsosftp/dev/log

Neither approach seemed to help the problem, though rsyslogd does appear to
be listening to the sockets:

$ sudo lsof -c rsyslogd | grep dev/log
lsof: WARNING: can't stat() devtmpfs file system /home/sftp/dev/log
(deleted)
  Output information may be incomplete.
rsyslogd 1963 root0u  unix 0xdc100040  0t0  15419 /dev/log
rsyslogd 1963 root3u  unix 0xdbd27dc0  0t0  15421
/home/sftp/mcsosftp/dev/log

and file identifies both as sockets:

$ file /dev/log
/dev/log: socket

$ sudo file /home/sftp/mcsosftp/dev/log
/home/sftp/mcsosftp/dev/log: socket

Here's additional system info for the development server I'm using to debug
the problem:

$ ls -l /dev/log
srw-rw-rw- 1 root root 0 Sep 14 17:43 /dev/log

$ sudo ls -l /home/sftp/mcsosftp/dev/log
srw-rw-rw- 1 root root 0 Sep 14 17:43 /home/sftp/mcsosftp/dev/log

$ ls -l /dev | grep log
srw-rw-rw- 1 root root   0 Sep 14 17:43 log
crw-rw 1 root root 10, 227 Sep 14 15:23 mcelog

$ sudo ls -l /home/sftp/mcsosftp/dev | grep log
srw-rw-rw- 1 root root 0 Sep 14 17:43 log

$ cat /etc/redhat-release
CentOS release 6.6 (Final)

$ sestatus
SELinux status: disabled

$ grep test-sftp-only /etc/passwd
test-sftp-only:x:507:507:Test SFTP
Only:/home/sftp/mcsosftp:/sbin/nologin

$ sudo yum list installed | egrep -E 'rsyslog|ssh|sftp'
libssh2.i686   1.4.2-1.el6_6.1@updates
openssh.i686   5.3p1-104.el6_6.1  @updates
openssh-clients.i686   5.3p1-104.el6_6.1  @updates
openssh-server.i6865.3p1-104.el6_6.1  @updates
rsyslog.i686   5.8.10-10.el6_6@updates
vsftpd.i6862.2.2-14.el6   @base

Corresponding packages on the production server showing the same problem:

$ sudo yum list installed | egrep -E 'rsyslog|ssh|sftp'
libssh2.x86_64 1.4.2-1.el6_6.1
@system-updates
openssh.x86_64 5.3p1-112.el6_7
@system-updates
openssh-clients.x86_64 5.3p1-112.el6_7
@system-updates
openssh-server.x86_64  5.3p1-112.el6_7
@system-updates
rsyslog.x86_64 5.8.10-10.el6_6
@system-updates
rsyslog-gnutls.x86_64  5.8.10-10.el6_6

[CentOS] CentOS-6 - LogWatch

[James B. Byrne]

The Logwatch imapd service script distributed with CentOS-6 does not
generate anything when I run logwatch --service all on a cyrus-imapd
host.  Is this expected behaviour?  Is there a separate script for
cyrus-imapd or are their configuration options required to get the
existing script to work.

I have found an ancient (2004) logwatch service script for cyrus-imapd
but I was sort of hoping that there was a more up-to-date and
officially supported version available somewhere.

Is there?


-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 firefox esr h.264 support on youtube

[Nicolas Thierry-Mieg]

On 09/12/2015 07:49 PM, Robert Arkiletian wrote:

On Fri, Sep 11, 2015 at 2:36 AM, Nicolas Thierry-Mieg <
nicolas.thierry-m...@imag.fr> wrote:


On 09/11/2015 08:11 AM, Robert Arkiletian wrote:


On Tue, Sep 8, 2015 at 3:46 PM, Richard <
lists-cen...@listmail.innovate.net>
wrote:







does anyone running C6 have h.264 check box on www.youtube.com/html5 ?

if yes, can you please post the output of

rpm -qa | grep -i 'gst\|libva'



Yes I do in seamonkey, the browser I use.
Strangely the box is not checked in firefox although FF and SM are very
similar, but I never use FF on this system so maybe it's just not
configured correctly.




which repo did you get seamonkey for EL6?


These days I grab the Linux/x86_64 tar.bz2 from seamonkey-project.org , 
tar xfvj, and symlink /usr/lib64/mozilla/plugins/ in the resulting subdir.

But I see there's now an ESR version in EPEL.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 firefox esr h.264 support on youtube

[John Hodrien]

On Sat, 12 Sep 2015, Robert Arkiletian wrote:


Thanks for that tip about building it with that tweak. I will try it. BTW
how are you running google-chrome on EL6?


Note the nux-dextop has chrome-deps-stable, which is the only package you need
to be able to use the upstream chrome rpms.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos