Re: [CentOS] SSD disk and SMART errors

[Robert Nichols]

On 04/01/2016 06:55 PM, Miguel Medalha wrote:

Two days ago I installed a brand new SSDNow E50 series (Enterprise) disk on a 
server. I intend to move the OS there. I just did the physical install and 
copied a few files to and from it just to see if it was OK. I left it there, 
waiting for an opportunity to configure it to do real work.

Now I have looked at it with smartctl -a and it gives me the following info:
198 Offline_Uncorrectable   0x0010   120   120   000Old_age Offline  -  
 75479755259904

Just look at the number under "198 Offline_Uncorrectable". Is this normal for 
this type of disk? Is smartctl misinterpreting the disk's features? The disk has been 
there essentially doing nothing and it presents such enormous numbers of errors. Why?


That raw parameter is holding something other than a raw count, and
smartctl doesn't know how to interpret the high-order bits.

75479755259904 = 0x44a6

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] SSD disk and SMART errors

[Miguel Medalha]

Two days ago I installed a brand new SSDNow E50 series (Enterprise) disk 
on a server. I intend to move the OS there. I just did the physical 
install and copied a few files to and from it just to see if it was OK. 
I left it there, waiting for an opportunity to configure it to do real work.


Now I have looked at it with smartctl -a and it gives me the following info:

  1 Raw_Read_Error_Rate 0x0033   104   104   050Pre-fail 
Always   -   9127078
  5 Reallocated_Sector_Ct   0x0033   100   100   003Pre-fail 
Always   -   0
  9 Power_On_Hours  0x0032   100   100   000Old_age 
Always   -   55 (241 12 0)
 12 Power_Cycle_Count   0x0032   100   100   000Old_age 
Always   -   7
 13 Read_Soft_Error_Rate0x0032   104   104   000Old_age 
Always   -   9127078
100 Unknown_Attribute   0x0032   000   000   000Old_age 
Always   -   4
170 Unknown_Attribute   0x0032   000   000   000Old_age 
Always   -   8480
171 Unknown_Attribute   0x000a   100   100   000Old_age 
Always   -   0
172 Unknown_Attribute   0x0032   100   100   000Old_age 
Always   -   0
174 Unknown_Attribute   0x0030   000   000   000Old_age 
Offline  -   6
177 Wear_Leveling_Count 0x   000   000   000Old_age 
Offline  -   0
181 Program_Fail_Cnt_Total  0x000a   100   100   000Old_age 
Always   -   0
182 Erase_Fail_Count_Total  0x0032   100   100   000Old_age 
Always   -   0
184 End-to-End_Error0x0032   100   100   090Old_age 
Always   -   0
187 Reported_Uncorrect  0x0012   100   100   000Old_age 
Always   -   0
194 Temperature_Celsius 0x0022   028   033   000Old_age 
Always   -   28 (Min/Max 20/33)
195 Hardware_ECC_Recovered  0x001c   120   120   000Old_age 
Offline  -   9127078
196 Reallocated_Event_Count 0x0033   100   100   003Pre-fail 
Always   -   0
198 Offline_Uncorrectable   0x0010   120   120   000Old_age 
Offline  -   75479755259904
199 UDMA_CRC_Error_Count0x0032   200   200   000Old_age 
Always   -   0
201 Unknown_SSD_Attribute   0x001c   120   120   000Old_age 
Offline  -   9127078
204 Soft_ECC_Correction 0x001c   120   120   000Old_age 
Offline  -   9127078
230 Unknown_SSD_Attribute   0x0013   100   100   000Pre-fail 
Always   -   0
231 Temperature_Celsius 0x   100   100   011Old_age 
Offline  -   0
232 Available_Reservd_Space 0x0032   000   000   000Old_age 
Always   -   33
233 Media_Wearout_Indicator 0x0032   000   000   000Old_age 
Always   -   6
234 Unknown_Attribute   0x0032   000   000   000Old_age 
Always   -   7
235 Unknown_Attribute   0x0033   100   100   002Pre-fail 
Always   -   0
241 Total_LBAs_Written  0x0032   000   000   000Old_age 
Always   -   7
242 Total_LBAs_Read 0x0032   000   000   000Old_age 
Always   -   5



Just look at the number under "198 Offline_Uncorrectable". Is this 
normal for this type of disk? Is smartctl misinterpreting the disk's 
features? The disk has been there essentially doing nothing and it 
presents such enormous numbers of errors. Why?


This is under CentOS 7 (1511).
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a way to detect/validate DHCP static IP assignment?

[David Copperfield]

Wow, it works perfectly! all solved. Thanks. -- David


 

On Thursday, March 31, 2016 11:46 AM, David Copperfield  
wrote:
 

 Hi tris,
 Many thanks, I'll give the perl script a try shortly
Best,David 

On Thursday, March 31, 2016 6:00 AM, Tris Hoar  wrote:
 

 On 30/03/2016 18:08, David Copperfield wrote:
> Hi,
>  We have tens of networks(VLANs) in data center with a central Linux DHCP 
>server. each network has their router to do the DHCP relay. So, the DHCP 
>server's configuration files has tens 'subnet' statements.
> Because PXE booting is standard in whole data center, there are also 
> thousands of static MAC-IP mapping 'host' statements in dhcp configuration.
> The big challenge with a central dhcp server is how to detect typo in the 
> thousands of MAC-IP 'host' statements? -- a single char/digit typo here will 
> fail a PXE booting or download wrong post-installation snippets.
>
>  Is there a tool to validate all 'host' statements from another Linux box?
>
> I tried nagios check-dhcp plugin, with a series of real MAC addresses(for 
> hosts in other different networks). Surprisingly, the IP address came back 
> were not the static IP addresses in 'host' statement, but dynamic addresses 
> in the pool defined for this particular network (where I ran check-dhcp from).
> check_dhcp was run with the following arguments:
>
> /usr/lib64/nagios/plugins/check_dhcp --verbose --server= 
> --interface=eth0 --mac= --unicast
> remove --unicast doesn't help but just see more DHCP replys.
> Interestingly, with a same MAC address, and the above same command, from two 
> Centos boxes on different network there will be different dynamic IPs! 
> instead the static IP defined with 'host' statement.
>
> So, how can we validate static IP assignment? Thanks.
> Best,David,
>

Hi David,

You need to use check_dhcp_relayed.pl 
(https://github.com/timb07/check_dhcp_relayed) if you wish to test for a 
reservation outside of the servers subnet, otherwise the DHCP server 
will assume you are on the local range and issue from that subnet.

Also as an FYI Forman (http://theforeman.org) can do things like 
building VM's and Physical servers and integrates with DHCP to create 
static DHCP reservations for PXE booting servers which should eliminate 
typos.

Tris





*
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmas...@bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation
*
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


   

  
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 5 EOL

[Alice Wonder]

On 04/01/2016 03:57 AM, Tris Hoar wrote:

Hi List,

As an FYI Red Hat have announced the 1 year EOL notice for RHEL 5.
Anyone still using CentOS 5 would do well to start planning on upgrading
to 6 or 7.

Tris


I would recommend 7 unless you have an application that just won't run 
on it. And then, I would to find a way.


CentOS 7 really is a beautiful distribution, I switched all my CentOS 5 
and 6 servers to it once I had been using it for a few weeks.


Yeah yeah systemd but systemd isn't that hard to get use to.

--
-=-
Sent my from my laptop, may not be able to respond timely
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

I did :)
I'm all for an easy life.

I got a very similar error
instead of but no connection has been authorized with policy RSASIG+IKEV1_ALLOW
I got
but no connection has been authorized with policy PSK+IKEV1_ALLOW

I did read somewhere though errors are re herrings which is helpful.

Thanks


On 1 April 2016 at 18:39, Eero Volotinen  wrote:
> IPSec is very complex with certificates. try first with PSK authentication
> and then with certificates
>
> --
> Eero
>
> 2016-04-01 20:21 GMT+03:00 Glenn Pierce :
>
>> I generated according to the docs . Which produced
>> my server.secrets as below
>>
>> used the command
>>
>>  ipsec newhostkey --configdir /etc/ipsec.d --output
>> /etc/ipsec.d/www.example.com.secrets
>>
>>
>> : RSA   {
>> # RSA 3328 bits   ***.**.net   Fri Apr  1 15:39:32 2016
>> # for signatures only, UNSAFE FOR ENCRYPTION
>>
>> #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>> Modulus:
>>
>> 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33
>> PublicExponent: 0x03
>> # everything after this point is CKA_ID in hex format - not
>> the real values
>> PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> }
>> # do not change the indenting of that "}"
>>
>> On 1 April 2016 at 18:04, Eero Volotinen  wrote:
>> > You must define connection address and key in ipsec.secrets.
>> >
>> > --
>> > Eero
>> >
>> >
>> > 2016-04-01 19:38 GMT+03:00 Glenn Pierce :
>> >
>> >> Just trying to follow the instructions here
>> >>
>> >>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
>> >>
>> >> I don't think I am doing anything special.
>> >>
>> >> At the point where there is some communication going on
>> >>
>> >> Getting this error
>> >>
>> >> packet from *:1024: received Vendor ID payload [Cisco-Unity]
>> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
>> >> ***:1024: received Vendor ID payload [Dead Peer Detection]
>> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
>> >> :1024: initial Main Mode message received on :500 but no
>> >> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>> >>
>> >> The errors are so vague.
>> >> Not sure what the problem is now
>> >>
>> >>
>> >>
>> >> My conf
>> >>
>> >>
>> >>
>> >> conn tunnel
>> >> #phase2alg=aes256-sha1;modp1024
>> >> keyexchange=ike
>> >> #ike=aes256-sha1;modp1024
>> >> left=192.168.1.122
>> >> leftnexthop=81.129.247.152   # My ISP assigned external ip adresss
>> >>  (I am testing at home)
>> >>
>> >>
>> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>> >> 

Re: [CentOS] Libreswan PEM format

[Eero Volotinen]

IPSec is very complex with certificates. try first with PSK authentication
and then with certificates

--
Eero

2016-04-01 20:21 GMT+03:00 Glenn Pierce :

> I generated according to the docs . Which produced
> my server.secrets as below
>
> used the command
>
>  ipsec newhostkey --configdir /etc/ipsec.d --output
> /etc/ipsec.d/www.example.com.secrets
>
>
> : RSA   {
> # RSA 3328 bits   ***.**.net   Fri Apr  1 15:39:32 2016
> # for signatures only, UNSAFE FOR ENCRYPTION
>
> #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
> Modulus:
>
> 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33
> PublicExponent: 0x03
> # everything after this point is CKA_ID in hex format - not
> the real values
> PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
> }
> # do not change the indenting of that "}"
>
> On 1 April 2016 at 18:04, Eero Volotinen  wrote:
> > You must define connection address and key in ipsec.secrets.
> >
> > --
> > Eero
> >
> >
> > 2016-04-01 19:38 GMT+03:00 Glenn Pierce :
> >
> >> Just trying to follow the instructions here
> >>
> >>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
> >>
> >> I don't think I am doing anything special.
> >>
> >> At the point where there is some communication going on
> >>
> >> Getting this error
> >>
> >> packet from *:1024: received Vendor ID payload [Cisco-Unity]
> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
> >> ***:1024: received Vendor ID payload [Dead Peer Detection]
> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
> >> :1024: initial Main Mode message received on :500 but no
> >> connection has been authorized with policy RSASIG+IKEV1_ALLOW
> >>
> >> The errors are so vague.
> >> Not sure what the problem is now
> >>
> >>
> >>
> >> My conf
> >>
> >>
> >>
> >> conn tunnel
> >> #phase2alg=aes256-sha1;modp1024
> >> keyexchange=ike
> >> #ike=aes256-sha1;modp1024
> >> left=192.168.1.122
> >> leftnexthop=81.129.247.152   # My ISP assigned external ip adresss
> >>  (I am testing at home)
> >>
> >>
> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
> >> right=89.200.134.211
> >>
> >>
> 

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

I generated according to the docs . Which produced
my server.secrets as below

used the command

 ipsec newhostkey --configdir /etc/ipsec.d --output
/etc/ipsec.d/www.example.com.secrets


: RSA   {
# RSA 3328 bits   ***.**.net   Fri Apr  1 15:39:32 2016
# for signatures only, UNSAFE FOR ENCRYPTION

#pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
Modulus:
0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33
PublicExponent: 0x03
# everything after this point is CKA_ID in hex format - not
the real values
PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
}
# do not change the indenting of that "}"

On 1 April 2016 at 18:04, Eero Volotinen  wrote:
> You must define connection address and key in ipsec.secrets.
>
> --
> Eero
>
>
> 2016-04-01 19:38 GMT+03:00 Glenn Pierce :
>
>> Just trying to follow the instructions here
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
>>
>> I don't think I am doing anything special.
>>
>> At the point where there is some communication going on
>>
>> Getting this error
>>
>> packet from *:1024: received Vendor ID payload [Cisco-Unity]
>> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
>> ***:1024: received Vendor ID payload [Dead Peer Detection]
>> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
>> :1024: initial Main Mode message received on :500 but no
>> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>>
>> The errors are so vague.
>> Not sure what the problem is now
>>
>>
>>
>> My conf
>>
>>
>>
>> conn tunnel
>> #phase2alg=aes256-sha1;modp1024
>> keyexchange=ike
>> #ike=aes256-sha1;modp1024
>> left=192.168.1.122
>> leftnexthop=81.129.247.152   # My ISP assigned external ip adresss
>>  (I am testing at home)
>>
>> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>> right=89.200.134.211
>>
>> rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>> authby=secret|rsasig
>> # load and initiate automatically
>> auto=start
>>
>> conn site1
>> also=tunnel
>> leftsubnet=10.0.128.0/22
>> 

Re: [CentOS] Libreswan PEM format

[Eero Volotinen]

You must define connection address and key in ipsec.secrets.

--
Eero


2016-04-01 19:38 GMT+03:00 Glenn Pierce :

> Just trying to follow the instructions here
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
>
> I don't think I am doing anything special.
>
> At the point where there is some communication going on
>
> Getting this error
>
> packet from *:1024: received Vendor ID payload [Cisco-Unity]
> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
> ***:1024: received Vendor ID payload [Dead Peer Detection]
> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
> :1024: initial Main Mode message received on :500 but no
> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>
> The errors are so vague.
> Not sure what the problem is now
>
>
>
> My conf
>
>
>
> conn tunnel
> #phase2alg=aes256-sha1;modp1024
> keyexchange=ike
> #ike=aes256-sha1;modp1024
> left=192.168.1.122
> leftnexthop=81.129.247.152   # My ISP assigned external ip adresss
>  (I am testing at home)
>
> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
> right=89.200.134.211
>
> rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
> authby=secret|rsasig
> # load and initiate automatically
> auto=start
>
> conn site1
> also=tunnel
> leftsubnet=10.0.128.0/22
> rightsubnet=192.168.1.222/32
>
> conn site2
> also=tunnel
>
>
>
>
>
>
>
>
> On 1 April 2016 at 15:58, Eero Volotinen  wrote:
> > So you are using pkcs12 on centos:
> >
> > https://www.sslshopper.com/article-most-common-openssl-commands.html
> > --
> > Eero
> >
> > 2016-04-01 17:44 GMT+03:00 Glenn Pierce :
> >
> >> Sorry but I have looked for over two days. Trying every command I could
> >> find.
> >>
> >> There is obviously a misunderstanding somewhere.
> >>
> >> After generating a key pair with
> >> ipsec newhostkey --configdir /etc/ipsec.d --output
> /etc/ipsec.d/my.secrets
> >>
> >> I exported to a file with
> >> ipsec showhostkey --ipseckey > file
> >>
> >> The man pages says
> >> ipsec showhostkey outputs in ipsec.conf(5) format,
> >>
> >> Ie
> >>
> >>
> >> ***.server.net.INIPSECKEY  10 0 2 .
> >>
> >>
> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
> >>
> >>
> >> is this the format openssl is meant to beable to convert ? or is the
> >> an intermediate step I am missing as like I said not command I found
> >> seems to work.
> >>
> >>
> >> On 1 April 2016 at 14:35, Eero Volotinen  wrote:
> >> > It works, try googling for openssl pem conversion
> >> > 1.4.2016 4.32 ip. "Glenn Pierce"  kirjoitti:
> >> >
> >> >> I have tried
> >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
> >> >>
> >> >> I get
> >> >> unable to load Private Key
> >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
> >> >>
> >> >>
> >> >>
> >> >> On 1 April 2016 at 13:59, Eero Volotinen 
> wrote:
> >> >> > You can do any kind of format conversions with openssl commandline
> >> >> client.
> >> >> >
> >> >> > Eero
> >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" 
> kirjoitti:
> >> >> >
> >> >> >> Hi I am trying to setup a libreswan vpn 

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

Just trying to follow the instructions here
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html

I don't think I am doing anything special.

At the point where there is some communication going on

Getting this error

packet from *:1024: received Vendor ID payload [Cisco-Unity]
Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
***:1024: received Vendor ID payload [Dead Peer Detection]
Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
:1024: initial Main Mode message received on :500 but no
connection has been authorized with policy RSASIG+IKEV1_ALLOW

The errors are so vague.
Not sure what the problem is now



My conf



conn tunnel
#phase2alg=aes256-sha1;modp1024
keyexchange=ike
#ike=aes256-sha1;modp1024
left=192.168.1.122
leftnexthop=81.129.247.152   # My ISP assigned external ip adresss
 (I am testing at home)

leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
right=89.200.134.211

rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
authby=secret|rsasig
# load and initiate automatically
auto=start

conn site1
also=tunnel
leftsubnet=10.0.128.0/22
rightsubnet=192.168.1.222/32

conn site2
also=tunnel








On 1 April 2016 at 15:58, Eero Volotinen  wrote:
> So you are using pkcs12 on centos:
>
> https://www.sslshopper.com/article-most-common-openssl-commands.html
> --
> Eero
>
> 2016-04-01 17:44 GMT+03:00 Glenn Pierce :
>
>> Sorry but I have looked for over two days. Trying every command I could
>> find.
>>
>> There is obviously a misunderstanding somewhere.
>>
>> After generating a key pair with
>> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets
>>
>> I exported to a file with
>> ipsec showhostkey --ipseckey > file
>>
>> The man pages says
>> ipsec showhostkey outputs in ipsec.conf(5) format,
>>
>> Ie
>>
>>
>> ***.server.net.INIPSECKEY  10 0 2 .
>>
>> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>>
>>
>> is this the format openssl is meant to beable to convert ? or is the
>> an intermediate step I am missing as like I said not command I found
>> seems to work.
>>
>>
>> On 1 April 2016 at 14:35, Eero Volotinen  wrote:
>> > It works, try googling for openssl pem conversion
>> > 1.4.2016 4.32 ip. "Glenn Pierce"  kirjoitti:
>> >
>> >> I have tried
>> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
>> >>
>> >> I get
>> >> unable to load Private Key
>> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
>> >>
>> >>
>> >>
>> >> On 1 April 2016 at 13:59, Eero Volotinen  wrote:
>> >> > You can do any kind of format conversions with openssl commandline
>> >> client.
>> >> >
>> >> > Eero
>> >> > 1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:
>> >> >
>> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a
>> Mikrotik
>> >> >> router.
>> >> >>
>> >> >> I am try to get the keys working. My problem is the Mikrotik router
>> >> >> wants the key in PEM format
>> >> >>
>> >> >> How do I export the keys generated with ipsec newhostkey
>> >> >> into PEM format ?
>> >> >>
>> >> >>
>> >> >> Thanks
>> >> >> 

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

I just removed the name. I will be regenerating again.
To be honest if an attacker to get this to work I would buy then a drink :)

On 1 April 2016 at 17:01, Gordon Messmer  wrote:
> On 04/01/2016 07:44 AM, Glenn Pierce wrote:
>>
>> Ie
>> ***.server.net.INIPSECKEY  10 0 2 .
>
>
> Was that a key that you generated as an example, or your actual VPN key?
> The fact that you obscured part of it makes me think it might be the latter,
> but if that's the case, you really should generate a new key for your
> server.  The part you obscured isn't the sensitive part.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Gordon Messmer]

On 04/01/2016 07:44 AM, Glenn Pierce wrote:

Ie
***.server.net.INIPSECKEY  10 0 2 .


Was that a key that you generated as an example, or your actual VPN 
key?  The fact that you obscured part of it makes me think it might be 
the latter, but if that's the case, you really should generate a new key 
for your server.  The part you obscured isn't the sensitive part.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

Typical I think I just did it .

I downloaded a perl script to do it at

https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl


First I did
ipsec showhostkey --right > right.pub

I then edited the file to remove the ipsec key = line

Then I converted with

perl pubkey-converter.pl -p < right.pub > /home/glenn/right.pub


On 1 April 2016 at 15:44, Glenn Pierce  wrote:
> Sorry but I have looked for over two days. Trying every command I could find.
>
> There is obviously a misunderstanding somewhere.
>
> After generating a key pair with
> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets
>
> I exported to a file with
> ipsec showhostkey --ipseckey > file
>
> The man pages says
> ipsec showhostkey outputs in ipsec.conf(5) format,
>
> Ie
>
>
> ***.server.net.INIPSECKEY  10 0 2 .
> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>
>
> is this the format openssl is meant to beable to convert ? or is the
> an intermediate step I am missing as like I said not command I found
> seems to work.
>
>
> On 1 April 2016 at 14:35, Eero Volotinen  wrote:
>> It works, try googling for openssl pem conversion
>> 1.4.2016 4.32 ip. "Glenn Pierce"  kirjoitti:
>>
>>> I have tried
>>> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
>>>
>>> I get
>>> unable to load Private Key
>>> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
>>> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
>>>
>>>
>>>
>>> On 1 April 2016 at 13:59, Eero Volotinen  wrote:
>>> > You can do any kind of format conversions with openssl commandline
>>> client.
>>> >
>>> > Eero
>>> > 1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:
>>> >
>>> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik
>>> >> router.
>>> >>
>>> >> I am try to get the keys working. My problem is the Mikrotik router
>>> >> wants the key in PEM format
>>> >>
>>> >> How do I export the keys generated with ipsec newhostkey
>>> >> into PEM format ?
>>> >>
>>> >>
>>> >> Thanks
>>> >> ___
>>> >> CentOS mailing list
>>> >> CentOS@centos.org
>>> >> https://lists.centos.org/mailman/listinfo/centos
>>> >>
>>> > ___
>>> > CentOS mailing list
>>> > CentOS@centos.org
>>> > https://lists.centos.org/mailman/listinfo/centos
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Eero Volotinen]

So you are using pkcs12 on centos:

https://www.sslshopper.com/article-most-common-openssl-commands.html
--
Eero

2016-04-01 17:44 GMT+03:00 Glenn Pierce :

> Sorry but I have looked for over two days. Trying every command I could
> find.
>
> There is obviously a misunderstanding somewhere.
>
> After generating a key pair with
> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets
>
> I exported to a file with
> ipsec showhostkey --ipseckey > file
>
> The man pages says
> ipsec showhostkey outputs in ipsec.conf(5) format,
>
> Ie
>
>
> ***.server.net.INIPSECKEY  10 0 2 .
>
> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>
>
> is this the format openssl is meant to beable to convert ? or is the
> an intermediate step I am missing as like I said not command I found
> seems to work.
>
>
> On 1 April 2016 at 14:35, Eero Volotinen  wrote:
> > It works, try googling for openssl pem conversion
> > 1.4.2016 4.32 ip. "Glenn Pierce"  kirjoitti:
> >
> >> I have tried
> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
> >>
> >> I get
> >> unable to load Private Key
> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
> >>
> >>
> >>
> >> On 1 April 2016 at 13:59, Eero Volotinen  wrote:
> >> > You can do any kind of format conversions with openssl commandline
> >> client.
> >> >
> >> > Eero
> >> > 1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:
> >> >
> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a
> Mikrotik
> >> >> router.
> >> >>
> >> >> I am try to get the keys working. My problem is the Mikrotik router
> >> >> wants the key in PEM format
> >> >>
> >> >> How do I export the keys generated with ipsec newhostkey
> >> >> into PEM format ?
> >> >>
> >> >>
> >> >> Thanks
> >> >> ___
> >> >> CentOS mailing list
> >> >> CentOS@centos.org
> >> >> https://lists.centos.org/mailman/listinfo/centos
> >> >>
> >> > ___
> >> > CentOS mailing list
> >> > CentOS@centos.org
> >> > https://lists.centos.org/mailman/listinfo/centos
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

Sorry but I have looked for over two days. Trying every command I could find.

There is obviously a misunderstanding somewhere.

After generating a key pair with
ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets

I exported to a file with
ipsec showhostkey --ipseckey > file

The man pages says
ipsec showhostkey outputs in ipsec.conf(5) format,

Ie


***.server.net.INIPSECKEY  10 0 2 .
AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==


is this the format openssl is meant to beable to convert ? or is the
an intermediate step I am missing as like I said not command I found
seems to work.


On 1 April 2016 at 14:35, Eero Volotinen  wrote:
> It works, try googling for openssl pem conversion
> 1.4.2016 4.32 ip. "Glenn Pierce"  kirjoitti:
>
>> I have tried
>> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
>>
>> I get
>> unable to load Private Key
>> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
>>
>>
>>
>> On 1 April 2016 at 13:59, Eero Volotinen  wrote:
>> > You can do any kind of format conversions with openssl commandline
>> client.
>> >
>> > Eero
>> > 1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:
>> >
>> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik
>> >> router.
>> >>
>> >> I am try to get the keys working. My problem is the Mikrotik router
>> >> wants the key in PEM format
>> >>
>> >> How do I export the keys generated with ipsec newhostkey
>> >> into PEM format ?
>> >>
>> >>
>> >> Thanks
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Eero Volotinen]

It works, try googling for openssl pem conversion
1.4.2016 4.32 ip. "Glenn Pierce"  kirjoitti:

> I have tried
> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
>
> I get
> unable to load Private Key
> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
>
>
>
> On 1 April 2016 at 13:59, Eero Volotinen  wrote:
> > You can do any kind of format conversions with openssl commandline
> client.
> >
> > Eero
> > 1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:
> >
> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik
> >> router.
> >>
> >> I am try to get the keys working. My problem is the Mikrotik router
> >> wants the key in PEM format
> >>
> >> How do I export the keys generated with ipsec newhostkey
> >> into PEM format ?
> >>
> >>
> >> Thanks
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Libreswan PEM format

[Glenn Pierce]

I have tried
openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem

I get
unable to load Private Key
140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:701:Expecting: ANY PRIVATE KEY



On 1 April 2016 at 13:59, Eero Volotinen  wrote:
> You can do any kind of format conversions with openssl commandline client.
>
> Eero
> 1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:
>
>> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik
>> router.
>>
>> I am try to get the keys working. My problem is the Mikrotik router
>> wants the key in PEM format
>>
>> How do I export the keys generated with ipsec newhostkey
>> into PEM format ?
>>
>>
>> Thanks
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-announce] Announcing release for Developer Toolset 4 on CentOS Linux 6 x86_64 SCL

[Honza Horak]

I am pleased to announce the immediate availability of Developer Toolset 
4 on CentOS Linux 6 x86_64, delivered via a Software Collection (SCL) 
built by the SCLo Special Interest Group 
(https://wiki.centos.org/SpecialInterestGroup/SCLo).


QuickStart
--
You can get started in three easy steps:
$ sudo yum install centos-release-scl
$ sudo yum install devtoolset-4-toolchain
$ scl enable devtoolset-4 bash

At this point you should be able to use gcc and other tools just as a 
normal application. Examples of commands run might be:

$ gcc hello.c
$ sudo yum install devtoolset-4-valgrind
$ valgrind ./a.out
$ gdb ./a.out

In order to view the individual components included in this collection, 
including additional development tools, you can run:

$ sudo yum list devtoolset-4\*

About Software Collections
--
Software Collections give you the power to build, install, and use 
multiple versions of software on the same system, without affecting 
system-wide installed packages. Each collection is delivered as a group 
of RPMs, with the grouping being done using the name of the collection 
as a prefix of all packages that are part of the software collection.


The collection devtoolset-4 delivers version 5.2.1 of the GNU Compiler 
Collection, GNU Debugger, and other development, debugging, and 
performance monitoring tools as RPMs.


The SCLo SIG in CentOS
--
The Software Collections SIG group is an open community group 
co-ordinating the development of the SCL technology, and helping curate 
a reference set of collections. In addition to the Developer Toolset 
collection being released here, we also build and deliver databases, web 
servers, and language stacks including multiple versions of PostgreSQL, 
MariaDB, Apache HTTP Server, NodeJS, Ruby, Python and others.


Software Collections SIG release was announced at 
https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html


You can learn more about Software Collections concepts at: 
http://softwarecollections.org
You can find information on the SIG at 
https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto 
get involved and help with the effort.


We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: 
https://www.centos.org/community/calendar), for an informal open forum 
open to anyone who might have comments, concerns or wants to get started 
with SCL's in CentOS.


Enjoy!

Honza
SCLo SIG member
___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] Notice of Service Outage and followup LON1/UK Facility

[Karanbir Singh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

== What happened ==

On Wednesday February 24th, at  6pm UTC time, the DC hosting some of
the CentOS equipments used for various roles had suffered from
multiple electricity power outages. The facility was completely dark
for just under 2 hrs, and we were able to start recovering services by
8pm UTC. By midnight we had most services restored, by 2:00AM UTC Feb
25th we had all services restored.

That meant that the machines in those racks were running on batteries
(ups in the racks) but finally went down in an uncontrolled way due to
lack ot communication with that UPS.

Subsequent on Monday March 14th, we suffered another power outage in
the racks, this time due to a overload on the rack power circuits.

== Services that were impacted ==
 - severity critical : mirrorlist.centos.org node (IPv6) went down
(while multiple mirrorlist.centos.org nodes for IPv4 nodes were still
online). That means that machines with only IPV6 connectivity couldn't
get yum to work to retrieve the list of nearest mirrors.
 - severity medium : Our main buildservices queue management services
were down; note: this did not impact our ability to build, test and
deliver updates.
 - severity medium : www.centos.org and www.centos.org/forums weren't
reachable through IPv6 : at the moment, those services are natively
reachable through IPv4, but proxied through nodes in that DC for IPv6
users. Most tested browsers were falling back to IPv4 during that period
 - severity medium : CentOS DevCloud
(https://wiki.centos.org/DevCloud) : that means that CentOS Developers
weren't able to instantiate new CentOS test VMs for their work, but
also weren't able to reach the existing ones.
 - severity low : several publicly facing small services like
http://planet.centos.org , http://seven.centos.org (not critical and
could be restored quickly to other VMs elsewhere)
 - severity low : the server leading the armv7hl builds for the Plague
build farm was also offline, meaning no armhfp build during that
timeframe (but not updates were to be built, so mitigated issue)

= Followup actions and notes
   Over the years, the baseline recovery model we've used and tried to
enforce is one of 'restore in place', take a downtime hit if needed -
and ensure we have service continuity for the user facing components (
the mirrorlist service, the centos update and content distribution
services). For other resources, like the main website etc, we ensure
there are good backups available in multiple places, usable to restore
services should there be a need. This model has worked well for us
over the years, and we've had very little, if any, service outages
that had a user impact. The restore in place/restore outside HA also
meant we were able to better utilise the exclusively sponsored
machines we rely on.

   However, as the project grows, with a lot more infrastructure being
consolidated into a few locations for non CDN services, our exposure
to service downtime has dramatically increased. Its clear that we need
to expand the scope of where  we backup to, how we backup, how we
anticipate failure and our ability to restore services in a timely
manner should there be facilities outages. In the coming weeks, we are
going to undertake a deep dive into our Infrastructure design and
delivery and try to first come up with a consolidated set of risks we
need to manage against, and then work towards reducing the risk,
spreading the availability as needed.

   Our backend storage platform for the DevCloud and persistent
storage for other nodes in the facility is run from a distributed,
replicated Gluster setup. Inspite of the sudden loss of power, in a
production environment with hundreds of running VMs and dozens of
running data jobs, we were able to trivially recover our entire data
set with minimum data loss. Some of the running VMs inside the
DevCloud did see local filesystem issues, but we dont think that was a
backing storage issue. This event has dramatically increased out
confidence in the gluster technology stack and we will certainly be
looking at extending deployments for it internally.

== Comments about hosting facility ==

   Their Status post about this
http://status.uk2.net/2016/02/24/london-power-outage/

   We have multiple racks at this facility, and have a long standing
relationship with them going back to late Summer 2012. Over this
period we have had a near perfect uptime record for our equipment
there. And above all we have been consistently impressed with the
speed of and the knowledgeable support we've recieved at the DC. In
many cases, how the facility reacts to outage defines the real service
value - and in this case, we can only commend the fantastic support we
had through the outage hours. We do however feel there could be better
monitoring and reporting of some of the facilities information and
will be working with them to improve in those regards.

Fabian Arrotin and Karanbir Singh
The CentOS Project

Re: [CentOS] Libreswan PEM format

[Eero Volotinen]

You can do any kind of format conversions with openssl commandline client.

Eero
1.4.2016 3.56 ip. "Glenn Pierce"  kirjoitti:

> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik
> router.
>
> I am try to get the keys working. My problem is the Mikrotik router
> wants the key in PEM format
>
> How do I export the keys generated with ipsec newhostkey
> into PEM format ?
>
>
> Thanks
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Libreswan PEM format

[Glenn Pierce]

Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik router.

I am try to get the keys working. My problem is the Mikrotik router
wants the key in PEM format

How do I export the keys generated with ipsec newhostkey
into PEM format ?


Thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos7: Mount problem (Unit mnt-bk\x2dbenvet\x2d01.mount is bound to inactive unit dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device. Stopping, too.

[Dario Lesca]

On a server Centos 7.2  I insert my 1Tb usb disk and run

sudo mount LABEL=bk-benvet-01 /mnt/bk-benvet-01

the command seem to work but nothing is mounted

Into log I see this issue:

> apr 01 13:49:06 s-virt.dom.loc kernel: XFS (sdb1): Mounting V4 Filesystem
> apr 01 13:49:06 s-virt.dom.loc kernel: XFS (sdb1): Ending clean mount
> apr 01 13:49:06 s-virt.dom.loc systemd[1]: Unit mnt-bk\x2dbenvet\x2d01.mount 
> is bound to inactive unit dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device. 
> Stopping, too.
> apr 01 13:49:06 s-virt.dom.loc systemd[1]: Unmounting /mnt/bk-benvet-01...
> apr 01 13:49:06 s-virt.dom.loc kernel: XFS (sdb1): Unmounting Filesystem
> apr 01 13:49:06 s-virt.dom.loc systemd[1]: Unmounted /mnt/bk-benvet-01.

I have try this:

> [root@s-virt ~]# systemctl start 
> dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device
> Job for dev-disk-byx2dlabel-bkx2dbenvetx2d01.device timed out.
> [root@s-virt ~]# systemctl status 
> dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device
> ● dev-disk-byx2dlabel-bkx2dbenvetx2d01.device
>    Loaded: loaded
>    Active: inactive (dead)
> 
> apr 01 13:52:36 s-virt.vettorello.loc systemd[1]: Job 
> dev-disk-byx2dlabel-bkx2dbenvetx2d01.device/start timed out.
> apr 01 13:52:36 s-virt.vettorello.loc systemd[1]: Timed out waiting for 
> device dev-disk-byx2dlabel-bkx2dbenvetx2d...ice.
> apr 01 13:52:36 s-virt.vettorello.loc systemd[1]: Job 
> dev-disk-byx2dlabel-bkx2dbenvetx2d01.device/start failed wi...ut'.
> Hint: Some lines were ellipsized, use -l to show in full.
> [root@s-virt ~]# systemctl status 
> dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device -l
> ● dev-disk-byx2dlabel-bkx2dbenvetx2d01.device
>    Loaded: loaded
>    Active: inactive (dead)

But nothing is changed

How to resolve this problem?

Many thanks

-- 
Dario Lesca
(inviato dal mio Linux Fedora 23 Workstation)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 134, Issue 1

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2016:0534 Moderate CentOS 7 mariadb Security Update
  (Johnny Hughes)
   2. CEBA-2016:0535  CentOS 7 cronie BugFix Update (Johnny Hughes)
   3. CEBA-2016:0553  CentOS 7 vsftpd BugFix Update (Johnny Hughes)
   4. CEBA-2016:0529 CentOS 7 device-mapper-multipath   BugFix Update
  (Johnny Hughes)
   5. CEBA-2016:0530  CentOS 7 openldap BugFix Update (Johnny Hughes)
   6. CEBA-2016:0556 CentOS 7 resource-agents BugFixUpdate
  (Johnny Hughes)
   7. CEBA-2016:0541  CentOS 7 sanlock BugFix Update (Johnny Hughes)
   8. CEBA-2016:0552  CentOS 7 sssd BugFix Update (Johnny Hughes)
   9. CESA-2016:0532 Moderate CentOS 7 krb5 SecurityUpdate
  (Johnny Hughes)
  10. CEBA-2016:0545  CentOS 7 tuned BugFix Update (Johnny Hughes)
  11. CEBA-2016:0544  CentOS 7 libteam BugFix Update (Johnny Hughes)
  12. CEBA-2016:0542  CentOS 7 kdelibs BugFix Update (Johnny Hughes)
  13. CEBA-2016:0543  CentOS 7 tigervnc BugFix Update (Johnny Hughes)
  14. CEBA-2016:0181  CentOS 7 systemd BugFix Update (Johnny Hughes)
  15. CEBA-2016:0555  CentOS 7 libvirt BugFix Update (Johnny Hughes)
  16. CEBA-2016:0550 CentOS 7 389-ds-base BugFix Update (Johnny Hughes)
  17. CEBA-2016:0548  CentOS 7 sudo BugFix Update (Johnny Hughes)
  18. CEBA-2016:0557  CentOS 7 quota BugFix Update (Johnny Hughes)
  19. CEBA-2016:0546 CentOS 7 ImageMagick BugFix Update (Johnny Hughes)
  20. CEBA-2016:0533 CentOS 7 util-linux BugFix Update (Johnny Hughes)
  21. CEBA-2016:0526 CentOS 7 initscripts BugFix Update (Johnny Hughes)
  22. CEBA-2016:0551  CentOS 7 kernel BugFix Update (Johnny Hughes)
  23. CEBA-2016:0547 CentOS 7 NetworkManager BugFix Update
  (Johnny Hughes)


--

Message: 1
Date: Thu, 31 Mar 2016 20:53:35 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2016:0534 Moderate CentOS 7 mariadb
SecurityUpdate
Message-ID: <20160331205335.ga39...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2016:0534 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0534.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
c01db8b118b3e59621a66e96500394af902549b75fe14e65e322d592b2c0ef04  
mariadb-5.5.47-1.el7_2.x86_64.rpm
a01e21102e496b2fd0f43a2a42e3a52fbe6be3ff9a1f9735af6ba33e8f62271a  
mariadb-bench-5.5.47-1.el7_2.x86_64.rpm
4bd9e39cca84b859b56c987e406f56059de07184c3282794712ee22be50d36be  
mariadb-devel-5.5.47-1.el7_2.i686.rpm
9d6c6b54ec4ad6840e276b3577eef03b2d87a2877a5a79de4865b74a2636ab06  
mariadb-devel-5.5.47-1.el7_2.x86_64.rpm
d0692319b0a84a16ed8bbec7259a5fa4c4c8be40f3c3e6767f07e1b628a3cd08  
mariadb-embedded-5.5.47-1.el7_2.i686.rpm
7b8ac0c33a44eb597e71a4516e9c1300c0d8cbf2c014d1a9de7d08b4c562793a  
mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm
0d173b25265cdc3fe078dc6ba4d03a34f8dcd355fc02146b7ab6bedf3d4e5930  
mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm
f865617ecb03fab6ee3a3b4b7dd8f214136dd571d410e291c5e34c4e69bde36f  
mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm
a65118325f134af83f6e3d6c8b8f319b735158fa82a7ee01403cc33f81c66b0c  
mariadb-libs-5.5.47-1.el7_2.i686.rpm
b18a582dc3bb5423ac7ac36ee8a3df75c647df69fec361b207db1b3c59695bbb  
mariadb-libs-5.5.47-1.el7_2.x86_64.rpm
fca7d47e6e4a7839f2a319589b09e2140fc5e3c87dc9fd41457d5cbe9e0b48bb  
mariadb-server-5.5.47-1.el7_2.x86_64.rpm
8264196ee234079505c8cbdbc477acbbcdd60de30fe897e6daf99d72e1b00ede  
mariadb-test-5.5.47-1.el7_2.x86_64.rpm

Source:
6c526f0c743b13e33d8c5a47778b71ca2447244d4d7d844f993e7fd64180b44a  
mariadb-5.5.47-1.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

Message: 2
Date: Thu, 31 Mar 2016 20:53:52 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2016:0535  CentOS 7 cronie BugFix
Update
Message-ID: <20160331205352.ga39...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2016:0535 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0535.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:

[CentOS] RHEL 5 EOL

[Tris Hoar]

Hi List,

As an FYI Red Hat have announced the 1 year EOL notice for RHEL 5. 
Anyone still using CentOS 5 would do well to start planning on upgrading 
to 6 or 7.


Tris


*
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmas...@bgfl.org


The views expressed within this email are those of the 
individual, and not necessarily those of the organisation

*
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] test - please ignore

[Pawel Eljasz]

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 in HP Blade BL620c Gen 7

[Johnny Hughes]

On 03/29/2016 05:51 AM, ☼ Francis wrote:
> Anyone running CentOS 7 here in HP Blade BL620c Gen 7 when I use the live
> DVD the network card can detect and I can use without issue however when I
> install the CentOS 7 with Server GUI. The network card can no longer
> detect. I tried to google the driver for this hardware machine but No luck.
> 
> 

The liveCD might be using a newer kernel and your install DVD may have
on older one without the correct driver.

What is the kernel when you complete the install?

Use the command:

uname -r

The current latest kernel in an installer is:  3.10.0-327.10.1.el7

If yours is older than that, maybe try a newer spin of the install DVD
.. or install a kernel upgrade from the latest DVD.

You can download the current latest install DVD here:

http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-DVD-1603-01.iso

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos