[CentOS] Is ATRPMs dead?
Haven't been able to reach atrpms.net for over a week from London, UK, when i last looked for it after a couple of intervening months. Did i miss something? And if atrpms is truly defunct, where's a good place to obtain updated versions of vlc and mplayer now? thanks! - cal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is ATRPMs dead?
On 14 Sep 2015 14:12, "Cal Sawyer"wrote: > > Haven't been able to reach atrpms.net for over a week from London, UK, when i last looked for it after a couple of intervening months. Did i miss something? > > And if atrpms is truly defunct, where's a good place to obtain updated versions of vlc and mplayer now? > > thanks! > > - cal > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Have never used ATRPMS but a good alternative for at least VLC is Nux repo; I have been using it since EL 6 and it works just as good on EL 7. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] libvirt, xen PV, qemu-system-i386, root user
Good test, non-buffered dom0 dd write speed is similar with tap2. I'll likely stay with the QEMU backend. Are there any best practises regarding security, at least if QEMU can operate under non-root account? Cheers -- Karel On 12.9.2015 10:51, Pasi Kärkkäinen wrote: On Sat, Sep 12, 2015 at 01:35:48AM +0200, Karel Hendrych wrote: Comparing simple dd bs=1M count=1 on dom0 vs domU. Qemu driver is achieving pretty much the same like dom0. So you're measuring buffered speed. Try measuring non-buffered (iflag=direct or oflag=direct, depending if you're reading or writing). -- Pasi Thanks -- Karel On 7.9.2015 21:45, Pasi Kärkkäinen wrote: On Mon, Sep 07, 2015 at 05:47:39PM +0200, Karel Hendrych wrote: ... changing from: to: makes the domain start without QEMU. However I see much better performance with QEMU (close to dom0, tested using simple dd writes) than with tap2 driver. Is that expected? How did you measure it? buffered or direct io? -- Pasi What's best practise to file based storage on latest CentOS6-xen (Kernel 3.18.17, Xen 4.4.2-7) Are there any guides around running QEMU on CentOS6-xen as non-root user? Cheers -- Karel On 7.9.2015 17:42, Karel Hendrych wrote: Hi, spot on! On 6.9.2015 12:56, Pasi Kärkkäinen wrote: On Sun, Sep 06, 2015 at 09:08:50AM +0200, Karel Hendrych wrote: Hi, after migrating to libvirt/libxl according to: Hi, https://wiki.centos.org/HowTos/Xen/Xen4QuickStart/Xen4Libvirt I've noticed that my Xen PV domains are being launched by qemu-system-i386 running under root privileges. I am wondering why is this? Previously no qemu process was used. If qemu is needed for some reason, are there any guidelines for non-root operation? In general qemu is used for the following purposes: - for certain domU disk backend types (image files), and/or if there's no blktap driver in dom0 kernel. - domU graphical console (PVFB) VNC server, if it's enabled for the domU. -- Karel Hendrych -- Pasi ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] centos 7 on older macbook pro
Does anyone else run a CentOS (not necessarily 7) on Apple hardware, particularly laptops (and not in a VM)? If so, any pointers on making life easier? TBH I don't really know exactly what I want to use it for yet, so suggestions there would be helpful too. --keith Hi, I tried CentOS on a late 2008 MB, but quickly uninstalled it due to wifi/ethernet issues. I switched to Fedora 22 which installed nicely. I had to fiddle a bit for wifi, but I don't recall the necessary steps... q ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is ATRPMs dead?
Earl A Ramirez wrote: > On 14 Sep 2015 14:12, "Cal Sawyer"wrote: >> >> Haven't been able to reach atrpms.net for over a week from London, UK, > when i last looked for it after a couple of intervening months. Did i miss > something? >> >> And if atrpms is truly defunct, where's a good place to obtain updated > versions of vlc and mplayer now? >> mplayer is in the rpm fusion repo, which is one of the std. repos, and has always been compatible with base. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is ATRPMs dead?
On Mon, 14 Sep 2015, m.r...@5-cent.us wrote: mplayer is in the rpm fusion repo, which is one of the std. repos, and has always been compatible with base. I'd make sure you cast an eye in the direction of nux-dextop. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 yum search giving Could not retrieve mirrorlist
Centos main list, I am working on a Centos 7 system and trying to do the following. yum search cups-lpd I am getting the following Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7=x86_64=os=stock error was 12: Timeout on http://mirrorlist.centos.org/?release=7=x86_64=os=stock: (28, 'Resolving timed out after 30382 milliseconds') One of the configured repositories failed (Unknown), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Disable the repository, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable 4. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=.skip_if_unavailable=true Cannot find a valid baseurl for repo: base/7/x86_64 I am using cups on this Centos 7 machine. Which prints fine from the Centos to my print queue's However I have an Sco Unix system using lpd printing that I am trying to send print jobs to the Centos 7 system and those are not even getting to the system. I get message: waiting on queue to be enabled QUESTION FOR main list: Is the Centos 7 "yum" commands being worked on? When might this be fixed? Thanks, Shawn ( CMAC ) phone 618 / 242 - 4020 ext 21 fax 618 / 242 - 3383 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 yum search giving Could not retrieve mirrorlist
Is your dns working correctly? (for example get hostname for mirrorlist.centos.org, try using command 'host mirrorlist.centos.org) -- Eero 2015-09-14 18:59 GMT+03:00 Shawn Parks - CMAC: > Centos main list, > I am working on a Centos 7 system and trying to do the following. > > yum search cups-lpd > > I am getting the following > > > Could not retrieve mirrorlist > http://mirrorlist.centos.org/?release=7=x86_64=os=stock > error was > 12: Timeout on > http://mirrorlist.centos.org/?release=7=x86_64=os=stock: > (28, 'Resolving timed out after 30382 milliseconds') > > > One of the configured repositories failed (Unknown), > and yum doesn't have enough cached data to continue. At this point the > only > safe thing yum can do is fail. There are a few ways to work "fix" this: > > 1. Contact the upstream for the repository and get them to fix the > problem. > > 2. Reconfigure the baseurl/etc. for the repository, to point to a > working > upstream. This is most often useful if you are using a newer > distribution release than is supported by the repository (and the > packages for the previous distribution release still work). > > 3. Disable the repository, so yum won't use it by default. Yum will > then > just ignore the repository until you permanently enable it again > or use > --enablerepo for temporary usage: > > yum-config-manager --disable > > 4. Configure the failing repository to be skipped, if it is > unavailable. > Note that yum will try to contact the repo. when it runs most > commands, > so will have to try and fail each time (and thus. yum will be be > much > slower). If it is a very temporary problem though, this is often a > nice > compromise: > > yum-config-manager --save > --setopt=.skip_if_unavailable=true > > Cannot find a valid baseurl for repo: base/7/x86_64 > > > > > I am using cups on this Centos 7 machine. Which prints fine from the > Centos to my > print queue's > > However I have an Sco Unix system using lpd printing that I am trying to > send print > jobs to the Centos 7 system and those are not even getting to the system. > I get message: waiting on queue to be enabled > > > QUESTION FOR main list: > Is the Centos 7 "yum" commands being worked on? > When might this be fixed? > > Thanks, > Shawn ( CMAC ) > phone 618 / 242 - 4020 ext 21 > fax 618 / 242 - 3383 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 7 on older macbook pro
On 09/13/2015 09:25 PM, Keith Keller wrote: > On 2015-09-14, Hal Wigoda wrote: >> Use Oracles VM VirtualBox. > > Well, I explicitly don't want to do that, since it uses even more > resources than OS X by itself. Having linux run on the bare metal > without OS X should be much more efficient. > >> On Sun, Sep 13, 2015 at 9:33 PM, Keith Keller wrote: >>> Then I got to the point of configuring wifi, and of course being a MBP, >>> it has a proprietary Broadcom interface. I followed the instructions on >>> the wiki (https://wiki.centos.org/HowTos/Laptops/Wireless/Broadcom), but >>> had some trouble with it coming back up after a sleep. That plus some >>> other issues (it ran hot just running a browser, for example) are making >>> me question whether this is a good idea. > > As sometimes happens, I wrote too soon. I think the wifi issue may have > been a misconfiguration on my part, and so far Firefox has been fine. > It could have been a transient issue that I unintentionally resolved. > > I was really surprised to see that streaming video and audio worked > without having to do anything. And even KDE has not been too much of a > dog so far, though I'm still thinking to install something like fluxbox > or blackbox. I actually haven't had a linux desktop in a long time so > I'm very much out of practice. > > So far, after the first hiccups, CentOS 7 has been much faster on the > old MBP than OS X is. I'm optimistic that I can find a use for it, even > if it's just having a laptop I can use if my family wants the new MBP. > > --keith > > I think xfce is part of EPEL .. I use MATE from EPEL and there is also Cinnamon there. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 yum search giving Could not retrieve mirrorlist
On Mon, 14 Sep 2015, Shawn Parks - CMAC wrote: Is the Centos 7 "yum" commands being worked on? When might this be fixed? That URL works just fine for me right now. http://mirrorlist.centos.org/?release=7=x86_64=os=stock jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 7 on older macbook pro
On 2015-09-14, Johnny Hugheswrote: > > I think xfce is part of EPEL .. I use MATE from EPEL and there is also > Cinnamon there. I believe you're right about xfce. I'm so out of it I hadn't even heard of MATE or Cinnamon. :) They seem more like DEs, what are folks using as straight window managers? I showed my son, who's only really used OS X, focus follows mouse and autoraise. He was not as impressed as I was hoping. ;-) --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 7 on older macbook pro
On Mon, Sep 14, 2015 at 10:27:32AM -0700, Keith Keller wrote: > On 2015-09-14, Johnny Hugheswrote: > > > > I think xfce is part of EPEL .. I use MATE from EPEL and there is also > > Cinnamon there. > > I believe you're right about xfce. I'm so out of it I hadn't even heard > of MATE or Cinnamon. :) They seem more like DEs, what are folks using > as straight window managers? Yes, they're DE's. Openbox has probably replaced fluxbox as everyone's favorite stacking window manager, and dwm is one of the better tiling ones. As mentioned, blackbox is no longer developed at all--I know it's still available in FreeBSD ports, but haven't installed it in years. I believe XFCE counts as a DE too. There's also LXDE, which, as the DE indicates, is a desktop environment, but somewhat lighter. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LUKS encypted partition using --key-file can only be decrypted with --key-file
On 04/03/15 06:33 PM, Robert Nichols wrote: > On 03/04/2015 03:16 PM, Digimer wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi all, >> >>I created a LUKS encrypted partition via a udev-triggered script on >> 6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the >> LUKS partition via script and manually using --key-file with luksOpen. >> >>The odd problem is that I can't decrypt the partition using the >> prompt. If I manually create a file with the passphrase in it and then >> point to it with --key-file, it decrypts fine. I used 'cat -A >> /tmp/foo' to verify that there was no '\n' at the end of the phrase. >> >>Is this expected behaviour? That is; If you create an encrypted >> partition using --key-file, you always decrypt with the same? If so, I >> can't understand the logic... If not, then I am not sure what I am >> doing wrong. > > Try again including "--hash plain" on the command line. When the > key is read from a keyfile, no hash is used and the key is simply > truncated to the correct length (too short is an error). A key read > from the terminal or from stdin is hashed, then truncated or padded > to the proper length. > > See "NOTES ON PASSWORD PROCESSING" in the cryptsetup manpage. > Presumably, if you stored the hashed key phrase in the keyfile > (DAMHTDT) it would work from the terminal without "--hash -plain". Reviving a very old thread... I tried this (cryptsetup --hash plain luksOpen /dev/sdb1 sdb1) but it fails to recognize the passphrase at the command line still. When I tried to use '--hash plain' on luksFormat, I get: [root@dashboard1 ~]# echo YES | cryptsetup --hash plain luksFormat /dev/sdb1 /tmp/password Requested LUKS hash plain is not supported. I suspect I'm misunderstanding something. I've read "NOTES ON PASSWORD PROCESSING" and as best I can figure, the root of the problem is the padding. I'm not so strong on security, so when I look at /proc/crypto, I get lost. Is there a "for dummies" document that I could look at to do what it is I am trying to do? That is; create the encrypted device from a script (which is why I am using --key-file) and then decrypt it later with normal STDIN via cryptsetup luksOpen? Thanks! -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 7 on older macbook pro
On Mon, Sep 14, 2015 at 09:18:56AM -0600, Johnny Hughes wrote: > > > > I was really surprised to see that streaming video and audio worked > > without having to do anything. And even KDE has not been too much of a > > dog so far, though I'm still thinking to install something like fluxbox > > or blackbox. I actually haven't had a linux desktop in a long time so > > I'm very much out of practice. Blackbox hasn't been developed in years. Fluxbox is still being developed though, and is still a nice desktop. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog for chrooted sftp users has stopped working -- Centos 6.6
And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten the test server working. Unfortunately, the production server already has that setting, so it's back to eliminating differences. Jeff On Mon, Sep 14, 2015 at 6:32 PM, Jeff Courswrote: > Hello everyone, > > We have some chrooted sftp-only users on a CentOS release 6.6 server. The > server had been logging their actions, but after recent updates the logs > have stopped. > > The server correctly logs non-chrooted users: > > Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours > from 192.168.10.166 port 42545 ssh2 > Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session): session > opened for user jcours by (uid=0) > Sep 14 17:47:24 vsecure4 sshd[1983]: subsystem request for sftp > Sep 14 17:47:24 vsecure4 internal-sftp[1984]: session opened for local > user jcours from [192.168.10.166] > Sep 14 17:47:24 vsecure4 internal-sftp[1984]: opendir "/home/jcours" > Sep 14 17:47:24 vsecure4 internal-sftp[1984]: closedir "/home/jcours" > Sep 14 17:47:49 vsecure4 internal-sftp[1984]: session closed for local > user jcours from [192.168.10.166] > Sep 14 17:47:19 vsecure4 sshd[1977]: pam_unix(sshd:session): session > closed for user jcours > > but log messages for chrooted users do not appear: > > Sep 14 17:08:11 vsecure4 sshd[1730]: Accepted publickey for > test-sftp-only from 192.168.10.166 port 41723 ssh2 > Sep 14 17:08:11 vsecure4 sshd[1730]: pam_unix(sshd:session): session > opened for user test-sftp-only by (uid=0) > Sep 14 17:08:11 vsecure4 sshd[1734]: subsystem request for sftp > Sep 14 17:08:22 vsecure4 sshd[1730]: pam_unix(sshd:session): session > closed for user test-sftp-only > > Notice that there are no "opendir" or "closedir" messages for the chrooted > user, or anything else from the internal-sftp system, for that matter. > > /etc/sshd_config contains these settings: > > Subsystem sftp internal-sftp -f AUTHPRIV -l INFO > > Match User test-sftp-only > ChrootDirectory /home/sftp/mcsosftp > ForceCommand internal-sftp > PasswordAuthentication no > AuthorizedKeysCommand /usr/local/bin/get_sftp_key > > We've been setting up chrooted logging using this sequence: > > sudo mkdir /home/sftp/mcsosftp/dev > sudo touch /home/sftp/mcsosftp/dev/log > sudo chattr +i /home/sftp/mcsosftp/dev > sudo mount --bind /dev/log /home/sftp/mcsosftp/dev/log > > /etc/rsyslog.conf includes the standard stuff for authpriv: > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > > I've tried forcing rsyslog.conf to listen to /dev/log: > > # We should be listening here. > $SystemLogSocketName /dev/log > > I've also tried removing the hard-mounted /home/sftp/mcsosftp/dev/log and > instead using this in /etc/rsyslog.conf: > > # For chrooted users, generally sftp-only users. > $AddUnixListenSocket /home/sftp/mcsosftp/dev/log > > Neither approach seemed to help the problem, though rsyslogd does appear > to be listening to the sockets: > > $ sudo lsof -c rsyslogd | grep dev/log > lsof: WARNING: can't stat() devtmpfs file system /home/sftp/dev/log > (deleted) > Output information may be incomplete. > rsyslogd 1963 root0u unix 0xdc100040 0t0 15419 /dev/log > rsyslogd 1963 root3u unix 0xdbd27dc0 0t0 15421 > /home/sftp/mcsosftp/dev/log > > and file identifies both as sockets: > > $ file /dev/log > /dev/log: socket > > $ sudo file /home/sftp/mcsosftp/dev/log > /home/sftp/mcsosftp/dev/log: socket > > Here's additional system info for the development server I'm using to > debug the problem: > > $ ls -l /dev/log > srw-rw-rw- 1 root root 0 Sep 14 17:43 /dev/log > > $ sudo ls -l /home/sftp/mcsosftp/dev/log > srw-rw-rw- 1 root root 0 Sep 14 17:43 /home/sftp/mcsosftp/dev/log > > $ ls -l /dev | grep log > srw-rw-rw- 1 root root 0 Sep 14 17:43 log > crw-rw 1 root root 10, 227 Sep 14 15:23 mcelog > > $ sudo ls -l /home/sftp/mcsosftp/dev | grep log > srw-rw-rw- 1 root root 0 Sep 14 17:43 log > > $ cat /etc/redhat-release > CentOS release 6.6 (Final) > > $ sestatus > SELinux status: disabled > > $ grep test-sftp-only /etc/passwd > test-sftp-only:x:507:507:Test SFTP > Only:/home/sftp/mcsosftp:/sbin/nologin > > $ sudo yum list installed | egrep -E 'rsyslog|ssh|sftp' > libssh2.i686 1.4.2-1.el6_6.1@updates > openssh.i686
Re: [CentOS] CentOS-6 - LogWatch
On Mon, 2015-09-14 at 14:51 -0400, James B. Byrne wrote: > The Logwatch imapd service script distributed with CentOS-6 does not > generate anything when I run logwatch --service all on a cyrus-imapd > host. Is this expected behaviour? Is there a separate script for > cyrus-imapd or are their configuration options required to get the > existing script to work. 1. Check there is data in the log file(s). 2. Ensure Logwatch has the correct location and names of your log files. Check: /usr/share/logwatch/default.conf/logfiles/ - there should be a 'imapd' file there. I don't use imapd and there is no such file on my instances of C6. Using my /usr/share/logwatch/default.conf/logfiles/exim.conf as an example (I don't use any of these entries):- > # Which logfile group... > LogFile = exim/main.log > LogFile = exim/mainlog > LogFile = exim4/mainlog > Archive = exim/main.log.* > Archive = archiv/exim/main.log.* > Archive = exim/mainlog.* > Archive = exim4/mainlog.* > Archive = exim/main.log-* > Archive = archiv/exim/main.log-* > Archive = exim/mainlog-* > Archive = exim4/mainlog-* User changes should be in: /etc/logwatch/conf/logfiles My /etc/logwatch/conf/logfiles/eximlog.conf has:- > # Server 4 > # This is : /etc/logwatch/conf/logfiles/eximlog.conf > # Referenced by : /etc/logwatch/conf/services/exim.conf > > LogFile = exim/m4.main > Archive = /data/logs.old/exim/m4.main.* 3. The name I use 'eximlog.conf' is defined in /etc/logwatch/conf/services/exim.conf 4. Check for a script in: /usr/share/logwatch/scripts/services/imapd 5. Put modifications (whole replacement scripts) in /etc/logwatch/scripts/services/imapd 6. You can then test Logwatch by logging-on to the server and typing logwatch --print --service imapd --range today The range can also be: yesterday or even '-21 days' (with apostrophes) The problem with log watch is far too many names identical or almost identical. Good Luck. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] rsyslog for chrooted sftp users has stopped working -- Centos 6.6
Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session): session opened for user jcours by (uid=0) Sep 14 17:47:24 vsecure4 sshd[1983]: subsystem request for sftp Sep 14 17:47:24 vsecure4 internal-sftp[1984]: session opened for local user jcours from [192.168.10.166] Sep 14 17:47:24 vsecure4 internal-sftp[1984]: opendir "/home/jcours" Sep 14 17:47:24 vsecure4 internal-sftp[1984]: closedir "/home/jcours" Sep 14 17:47:49 vsecure4 internal-sftp[1984]: session closed for local user jcours from [192.168.10.166] Sep 14 17:47:19 vsecure4 sshd[1977]: pam_unix(sshd:session): session closed for user jcours but log messages for chrooted users do not appear: Sep 14 17:08:11 vsecure4 sshd[1730]: Accepted publickey for test-sftp-only from 192.168.10.166 port 41723 ssh2 Sep 14 17:08:11 vsecure4 sshd[1730]: pam_unix(sshd:session): session opened for user test-sftp-only by (uid=0) Sep 14 17:08:11 vsecure4 sshd[1734]: subsystem request for sftp Sep 14 17:08:22 vsecure4 sshd[1730]: pam_unix(sshd:session): session closed for user test-sftp-only Notice that there are no "opendir" or "closedir" messages for the chrooted user, or anything else from the internal-sftp system, for that matter. /etc/sshd_config contains these settings: Subsystem sftp internal-sftp -f AUTHPRIV -l INFO Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key We've been setting up chrooted logging using this sequence: sudo mkdir /home/sftp/mcsosftp/dev sudo touch /home/sftp/mcsosftp/dev/log sudo chattr +i /home/sftp/mcsosftp/dev sudo mount --bind /dev/log /home/sftp/mcsosftp/dev/log /etc/rsyslog.conf includes the standard stuff for authpriv: # The authpriv file has restricted access. authpriv.* /var/log/secure I've tried forcing rsyslog.conf to listen to /dev/log: # We should be listening here. $SystemLogSocketName /dev/log I've also tried removing the hard-mounted /home/sftp/mcsosftp/dev/log and instead using this in /etc/rsyslog.conf: # For chrooted users, generally sftp-only users. $AddUnixListenSocket /home/sftp/mcsosftp/dev/log Neither approach seemed to help the problem, though rsyslogd does appear to be listening to the sockets: $ sudo lsof -c rsyslogd | grep dev/log lsof: WARNING: can't stat() devtmpfs file system /home/sftp/dev/log (deleted) Output information may be incomplete. rsyslogd 1963 root0u unix 0xdc100040 0t0 15419 /dev/log rsyslogd 1963 root3u unix 0xdbd27dc0 0t0 15421 /home/sftp/mcsosftp/dev/log and file identifies both as sockets: $ file /dev/log /dev/log: socket $ sudo file /home/sftp/mcsosftp/dev/log /home/sftp/mcsosftp/dev/log: socket Here's additional system info for the development server I'm using to debug the problem: $ ls -l /dev/log srw-rw-rw- 1 root root 0 Sep 14 17:43 /dev/log $ sudo ls -l /home/sftp/mcsosftp/dev/log srw-rw-rw- 1 root root 0 Sep 14 17:43 /home/sftp/mcsosftp/dev/log $ ls -l /dev | grep log srw-rw-rw- 1 root root 0 Sep 14 17:43 log crw-rw 1 root root 10, 227 Sep 14 15:23 mcelog $ sudo ls -l /home/sftp/mcsosftp/dev | grep log srw-rw-rw- 1 root root 0 Sep 14 17:43 log $ cat /etc/redhat-release CentOS release 6.6 (Final) $ sestatus SELinux status: disabled $ grep test-sftp-only /etc/passwd test-sftp-only:x:507:507:Test SFTP Only:/home/sftp/mcsosftp:/sbin/nologin $ sudo yum list installed | egrep -E 'rsyslog|ssh|sftp' libssh2.i686 1.4.2-1.el6_6.1@updates openssh.i686 5.3p1-104.el6_6.1 @updates openssh-clients.i686 5.3p1-104.el6_6.1 @updates openssh-server.i6865.3p1-104.el6_6.1 @updates rsyslog.i686 5.8.10-10.el6_6@updates vsftpd.i6862.2.2-14.el6 @base Corresponding packages on the production server showing the same problem: $ sudo yum list installed | egrep -E 'rsyslog|ssh|sftp' libssh2.x86_64 1.4.2-1.el6_6.1 @system-updates openssh.x86_64 5.3p1-112.el6_7 @system-updates openssh-clients.x86_64 5.3p1-112.el6_7 @system-updates openssh-server.x86_64 5.3p1-112.el6_7 @system-updates rsyslog.x86_64 5.8.10-10.el6_6 @system-updates rsyslog-gnutls.x86_64 5.8.10-10.el6_6
[CentOS] CentOS-6 - LogWatch
The Logwatch imapd service script distributed with CentOS-6 does not generate anything when I run logwatch --service all on a cyrus-imapd host. Is this expected behaviour? Is there a separate script for cyrus-imapd or are their configuration options required to get the existing script to work. I have found an ancient (2004) logwatch service script for cyrus-imapd but I was sort of hoping that there was a more up-to-date and officially supported version available somewhere. Is there? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6 firefox esr h.264 support on youtube
On 09/12/2015 07:49 PM, Robert Arkiletian wrote: On Fri, Sep 11, 2015 at 2:36 AM, Nicolas Thierry-Mieg < nicolas.thierry-m...@imag.fr> wrote: On 09/11/2015 08:11 AM, Robert Arkiletian wrote: On Tue, Sep 8, 2015 at 3:46 PM, Richard < lists-cen...@listmail.innovate.net> wrote: does anyone running C6 have h.264 check box on www.youtube.com/html5 ? if yes, can you please post the output of rpm -qa | grep -i 'gst\|libva' Yes I do in seamonkey, the browser I use. Strangely the box is not checked in firefox although FF and SM are very similar, but I never use FF on this system so maybe it's just not configured correctly. which repo did you get seamonkey for EL6? These days I grab the Linux/x86_64 tar.bz2 from seamonkey-project.org , tar xfvj, and symlink /usr/lib64/mozilla/plugins/ in the resulting subdir. But I see there's now an ESR version in EPEL. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6 firefox esr h.264 support on youtube
On Sat, 12 Sep 2015, Robert Arkiletian wrote: Thanks for that tip about building it with that tweak. I will try it. BTW how are you running google-chrome on EL6? Note the nux-dextop has chrome-deps-stable, which is the only package you need to be able to use the upstream chrome rpms. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos