[CentOS] Panic on boot with 7.3 kernels when decrypting hard drive
I was excited to update my system to CentOS 7.3/1611 yesterday when the release announcement came through, but since then I've been running into some serious kernel issues. I've been successfully running 7.2 on a Thinkpad X301 for about 6 months now, with an encrypted disk that unlocks with a password at boot time. I think that's LUKS on LVM? I didn't tinker with the default encryption options so it's nothing too exotic: unencrypted /boot on sda1, encrypted system/home on sda2. I've used both the standard 3.10 kernels and 4.4 kernels from the kernel-lt package from ELrepo with no problems so far. When performing the update to 7.3 yesterday, the packages kernel-lt-4.4.38-1.el7.elrepo.x86_64 and kernel-3.10.0-514.2.2.el7.x86_64 were installed. With both of those, my system comes to a complete, frozen halt on boot, after I've entered my disk decryption key and before I see a login screen. The little progress spinner freezes, and the caps lock light on my keyboard starts blinking, which I've been told indicates a kernel panic. Any manner of key combinations, even the "magic SysRq" combinations do nothing to recover the system--the only way out is to cut the power. I was able to fall back to the still-installed 4.4.36-1.el7.elrepo.x86_64 kernel with no problems. On a whim, I tried installing the latest mainline kernel from ELrepo as well (kernel-ml-4.9.0-1.el7.elrepo.x86_64) and encountered a similar hard lock, minus the blinkenlight in the caps lock key. Has anyone else had a similar issue? Is there anything in what I've described that sounds obvious to what the solution is? It really just seems like the problems are with kernels that have come through following the 7.3 release. I'm still somewhat new at getting into the inner workings of Linux, but is there a log that might shed some light on what went wrong? Thanks in advance, --C ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On Wed, 2016-12-14 at 00:25 +, Phil Wyett wrote: > On Tue, 2016-12-13 at 16:14 -0800, Alice Wonder wrote: > > On 12/13/2016 03:57 PM, Phil Wyett wrote: > > > On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote: > > >> On 12/13/2016 03:34 PM, Phil Wyett wrote: > > >>> On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote: > > I'm getting spec files from centos git which is really convenient when > > the related source is easy to find. But some things - e.g. from a spec > > file > > > > # How to create the source tarball: > > # > > # git clone git://git.fedorahosted.org/git/python-rhsm.git/ > > # cd client/python-rhsm > > # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz > > > > Never used tito before, so I install it and try, and rather than giving > > me the source package I need - it gives me a python traceback > > complaining that I haven't configured some things properly. > > > > Seems a lot of the software distribution world is getting overly > > complex > > with an expectation that the end user who needs to exercise his FLOSS > > rights has to use git or nodejs or for php composer or whatever just to > > get what use to be available with no more complexity than choosing > > tar.gz or tar.bz2 or .zip if the dev was Windows. > > > > Whatever happened to KISS and why can't source tarballs be distributed > > as source tarballs? > > > > Back when I was a Fedora packager - the packaging guidelines would > > reject a package of the Source tarball wasn't a URL and if the > > timestamp > > on the tarball in the src.rpm didn't match upstream even if the > > checksum > > was identical. > > > > Guess those days are gone. > > > > /rant > > >>> > > >>> Hi, > > >>> > > >>> Not seen this one before, but don't play with much python. The SPEC > > >>> really should just refer too a URL too a compressed archive as the > > >>> packages home site supplies them. > > >>> > > >>> https://github.com/candlepin/python-rhsm/releases > > >>> > > >>> Regards > > >>> > > >>> Phil > > >> > > >> I went to the github and it doesn't have a packaged release that matches > > >> the version. I managed to find it in the build system logs, but its just > > >> weird. > > >> > > >> If I recall, formerly for a tarball to be different than what was on > > >> upstream, it had to have a legal reason (e.g. patents) and a script in > > >> the sources that could turn upstream tarball into the version used. > > >> > > > > > > Hi, > > > > > > Out of interest, which version do you refer to? > > > > > > Regards > > > > > > Phil > > > > > > > > > > 1.17.9 is the version in CentOS 7.3 and what I needed (and found on a > > build server) > > Hi, > > To get source for a package in CentOS, you follow the get_sources.sh' > section and 'Example workflow' section in: > > https://wiki.centos.org/Sources > > For your package... > > * Setup 'centos-git-common' i.e. clone it to your system. > > * Do the clone and checkout for your package. > > git clone https://git.centos.org/summary/rpms!python-rhsm.git > cd python-rhsm > git checkout c7 > sh /get_sources.sh > > You should then have the spec, any patches and tarball(s). > > Regards > > Phil > Sorry rushed that. Should be: git clone https://git.centos.org/git/rpms/python-rhsm.git Regards Phil -- Google+: https://plus.google.com/+PhilWyett Blog: https://philwyett-hemi.blogspot.co.uk/ GitLab: https://gitlab.com/philwyett_hemi/ signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On Tue, 2016-12-13 at 16:14 -0800, Alice Wonder wrote: > On 12/13/2016 03:57 PM, Phil Wyett wrote: > > On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote: > >> On 12/13/2016 03:34 PM, Phil Wyett wrote: > >>> On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote: > I'm getting spec files from centos git which is really convenient when > the related source is easy to find. But some things - e.g. from a spec > file > > # How to create the source tarball: > # > # git clone git://git.fedorahosted.org/git/python-rhsm.git/ > # cd client/python-rhsm > # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz > > Never used tito before, so I install it and try, and rather than giving > me the source package I need - it gives me a python traceback > complaining that I haven't configured some things properly. > > Seems a lot of the software distribution world is getting overly complex > with an expectation that the end user who needs to exercise his FLOSS > rights has to use git or nodejs or for php composer or whatever just to > get what use to be available with no more complexity than choosing > tar.gz or tar.bz2 or .zip if the dev was Windows. > > Whatever happened to KISS and why can't source tarballs be distributed > as source tarballs? > > Back when I was a Fedora packager - the packaging guidelines would > reject a package of the Source tarball wasn't a URL and if the timestamp > on the tarball in the src.rpm didn't match upstream even if the checksum > was identical. > > Guess those days are gone. > > /rant > >>> > >>> Hi, > >>> > >>> Not seen this one before, but don't play with much python. The SPEC > >>> really should just refer too a URL too a compressed archive as the > >>> packages home site supplies them. > >>> > >>> https://github.com/candlepin/python-rhsm/releases > >>> > >>> Regards > >>> > >>> Phil > >> > >> I went to the github and it doesn't have a packaged release that matches > >> the version. I managed to find it in the build system logs, but its just > >> weird. > >> > >> If I recall, formerly for a tarball to be different than what was on > >> upstream, it had to have a legal reason (e.g. patents) and a script in > >> the sources that could turn upstream tarball into the version used. > >> > > > > Hi, > > > > Out of interest, which version do you refer to? > > > > Regards > > > > Phil > > > > > > 1.17.9 is the version in CentOS 7.3 and what I needed (and found on a > build server) Hi, To get source for a package in CentOS, you follow the get_sources.sh' section and 'Example workflow' section in: https://wiki.centos.org/Sources For your package... * Setup 'centos-git-common' i.e. clone it to your system. * Do the clone and checkout for your package. git clone https://git.centos.org/summary/rpms!python-rhsm.git cd python-rhsm git checkout c7 sh /get_sources.sh You should then have the spec, any patches and tarball(s). Regards Phil -- Google+: https://plus.google.com/+PhilWyett Blog: https://philwyett-hemi.blogspot.co.uk/ GitLab: https://gitlab.com/philwyett_hemi/ signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On 12/13/2016 03:57 PM, Phil Wyett wrote: On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote: On 12/13/2016 03:34 PM, Phil Wyett wrote: On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote: I'm getting spec files from centos git which is really convenient when the related source is easy to find. But some things - e.g. from a spec file # How to create the source tarball: # # git clone git://git.fedorahosted.org/git/python-rhsm.git/ # cd client/python-rhsm # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz Never used tito before, so I install it and try, and rather than giving me the source package I need - it gives me a python traceback complaining that I haven't configured some things properly. Seems a lot of the software distribution world is getting overly complex with an expectation that the end user who needs to exercise his FLOSS rights has to use git or nodejs or for php composer or whatever just to get what use to be available with no more complexity than choosing tar.gz or tar.bz2 or .zip if the dev was Windows. Whatever happened to KISS and why can't source tarballs be distributed as source tarballs? Back when I was a Fedora packager - the packaging guidelines would reject a package of the Source tarball wasn't a URL and if the timestamp on the tarball in the src.rpm didn't match upstream even if the checksum was identical. Guess those days are gone. /rant Hi, Not seen this one before, but don't play with much python. The SPEC really should just refer too a URL too a compressed archive as the packages home site supplies them. https://github.com/candlepin/python-rhsm/releases Regards Phil I went to the github and it doesn't have a packaged release that matches the version. I managed to find it in the build system logs, but its just weird. If I recall, formerly for a tarball to be different than what was on upstream, it had to have a legal reason (e.g. patents) and a script in the sources that could turn upstream tarball into the version used. Hi, Out of interest, which version do you refer to? Regards Phil 1.17.9 is the version in CentOS 7.3 and what I needed (and found on a build server) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote: > On 12/13/2016 03:34 PM, Phil Wyett wrote: > > On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote: > >> I'm getting spec files from centos git which is really convenient when > >> the related source is easy to find. But some things - e.g. from a spec file > >> > >> # How to create the source tarball: > >> # > >> # git clone git://git.fedorahosted.org/git/python-rhsm.git/ > >> # cd client/python-rhsm > >> # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz > >> > >> Never used tito before, so I install it and try, and rather than giving > >> me the source package I need - it gives me a python traceback > >> complaining that I haven't configured some things properly. > >> > >> Seems a lot of the software distribution world is getting overly complex > >> with an expectation that the end user who needs to exercise his FLOSS > >> rights has to use git or nodejs or for php composer or whatever just to > >> get what use to be available with no more complexity than choosing > >> tar.gz or tar.bz2 or .zip if the dev was Windows. > >> > >> Whatever happened to KISS and why can't source tarballs be distributed > >> as source tarballs? > >> > >> Back when I was a Fedora packager - the packaging guidelines would > >> reject a package of the Source tarball wasn't a URL and if the timestamp > >> on the tarball in the src.rpm didn't match upstream even if the checksum > >> was identical. > >> > >> Guess those days are gone. > >> > >> /rant > > > > Hi, > > > > Not seen this one before, but don't play with much python. The SPEC > > really should just refer too a URL too a compressed archive as the > > packages home site supplies them. > > > > https://github.com/candlepin/python-rhsm/releases > > > > Regards > > > > Phil > > I went to the github and it doesn't have a packaged release that matches > the version. I managed to find it in the build system logs, but its just > weird. > > If I recall, formerly for a tarball to be different than what was on > upstream, it had to have a legal reason (e.g. patents) and a script in > the sources that could turn upstream tarball into the version used. > Hi, Out of interest, which version do you refer to? Regards Phil -- Google+: https://plus.google.com/+PhilWyett Blog: https://philwyett-hemi.blogspot.co.uk/ GitLab: https://gitlab.com/philwyett_hemi/ signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On 12/13/2016 03:34 PM, Phil Wyett wrote: On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote: I'm getting spec files from centos git which is really convenient when the related source is easy to find. But some things - e.g. from a spec file # How to create the source tarball: # # git clone git://git.fedorahosted.org/git/python-rhsm.git/ # cd client/python-rhsm # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz Never used tito before, so I install it and try, and rather than giving me the source package I need - it gives me a python traceback complaining that I haven't configured some things properly. Seems a lot of the software distribution world is getting overly complex with an expectation that the end user who needs to exercise his FLOSS rights has to use git or nodejs or for php composer or whatever just to get what use to be available with no more complexity than choosing tar.gz or tar.bz2 or .zip if the dev was Windows. Whatever happened to KISS and why can't source tarballs be distributed as source tarballs? Back when I was a Fedora packager - the packaging guidelines would reject a package of the Source tarball wasn't a URL and if the timestamp on the tarball in the src.rpm didn't match upstream even if the checksum was identical. Guess those days are gone. /rant Hi, Not seen this one before, but don't play with much python. The SPEC really should just refer too a URL too a compressed archive as the packages home site supplies them. https://github.com/candlepin/python-rhsm/releases Regards Phil I went to the github and it doesn't have a packaged release that matches the version. I managed to find it in the build system logs, but its just weird. If I recall, formerly for a tarball to be different than what was on upstream, it had to have a legal reason (e.g. patents) and a script in the sources that could turn upstream tarball into the version used. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote: > I'm getting spec files from centos git which is really convenient when > the related source is easy to find. But some things - e.g. from a spec file > > # How to create the source tarball: > # > # git clone git://git.fedorahosted.org/git/python-rhsm.git/ > # cd client/python-rhsm > # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz > > Never used tito before, so I install it and try, and rather than giving > me the source package I need - it gives me a python traceback > complaining that I haven't configured some things properly. > > Seems a lot of the software distribution world is getting overly complex > with an expectation that the end user who needs to exercise his FLOSS > rights has to use git or nodejs or for php composer or whatever just to > get what use to be available with no more complexity than choosing > tar.gz or tar.bz2 or .zip if the dev was Windows. > > Whatever happened to KISS and why can't source tarballs be distributed > as source tarballs? > > Back when I was a Fedora packager - the packaging guidelines would > reject a package of the Source tarball wasn't a URL and if the timestamp > on the tarball in the src.rpm didn't match upstream even if the checksum > was identical. > > Guess those days are gone. > > /rant Hi, Not seen this one before, but don't play with much python. The SPEC really should just refer too a URL too a compressed archive as the packages home site supplies them. https://github.com/candlepin/python-rhsm/releases Regards Phil -- Google+: https://plus.google.com/+PhilWyett Blog: https://philwyett-hemi.blogspot.co.uk/ GitLab: https://gitlab.com/philwyett_hemi/ signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On 12/13/2016 03:21 PM, Valeri Galtsev wrote: Another thing is: when building of the project (libraries, binaries, etc) requires sophisticated infrastructure that is not necessary after you built it. Yes, that's why I mentioned nodejs. A rather cool JavaScript project didn't do quite what I wanted, but to modify it I had to install some nodejs environment that was used to "build" the JavaScript and had to be re-run for any tweak to the components and always built a rather large JavaScript file even minified. I ended up just scrapping it any writing my own even though its not as flexible, and I'm still trying to figure out how requiring a node setup is a good idea to require for generating a static file. But that's the trend. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On Tue, December 13, 2016 5:09 pm, John R Pierce wrote: > On 12/13/2016 2:35 PM, Nicolas Kovacs wrote: >> That's why I'm running Slackware on most of my systems. > > that doesn't solve the issue of various FOSS projects using all kinda > whacky build toolkits and requirements. > > one tool I wanted to build a few weeks ago depended on common lisp. > > another package I wanted to play with required this whole complex python > infrastructure which I'd never seen or heard of before (Im not a python > dev although I can follow bits of code, and even make minor changes), > and the build commands in that infrastructure were pulling in source > packages from various servers all over the world, which kinda scared me > from a security standpoint. That is inevitable: some of the tools/projects to work may require you to bring a huge external infrastructure if you want to use them. This has no way around. Another thing is: when building of the project (libraries, binaries, etc) requires sophisticated infrastructure that is not necessary after you built it. This and only this is what I meant when mentioned FreeBSD pkg and poudriere for building custom configured packages - you only need that infrastructure when building (on build box in build jail...). But in general, yes, the world seems to have gone the way "why simple, when you can do it complex way". I guess I should have added rant tags... Valeri > > > > -- > john r pierce, recycling bits in santa cruz > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On 12/13/2016 2:35 PM, Nicolas Kovacs wrote: That's why I'm running Slackware on most of my systems. that doesn't solve the issue of various FOSS projects using all kinda whacky build toolkits and requirements. one tool I wanted to build a few weeks ago depended on common lisp. another package I wanted to play with required this whole complex python infrastructure which I'd never seen or heard of before (Im not a python dev although I can follow bits of code, and even make minor changes), and the build commands in that infrastructure were pulling in source packages from various servers all over the world, which kinda scared me from a security standpoint. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
Le 13/12/2016 à 23:16, Alice Wonder a écrit : > Seems a lot of the software distribution world is getting overly complex > with an expectation that the end user who needs to exercise his FLOSS > rights has to use git or nodejs or for php composer or whatever just to > get what use to be available with no more complexity than choosing > tar.gz or tar.bz2 or .zip if the dev was Windows. > > Whatever happened to KISS That's why I'm running Slackware on most of my systems. -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] spec file frustration (rant)
On Tue, December 13, 2016 4:16 pm, Alice Wonder wrote: > I'm getting spec files from centos git which is really convenient when > the related source is easy to find. But some things - e.g. from a spec > file > > # How to create the source tarball: > # > # git clone git://git.fedorahosted.org/git/python-rhsm.git/ > # cd client/python-rhsm > # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz > > Never used tito before, so I install it and try, and rather than giving > me the source package I need - it gives me a python traceback > complaining that I haven't configured some things properly. > > Seems a lot of the software distribution world is getting overly complex > with an expectation that the end user who needs to exercise his FLOSS > rights has to use git or nodejs or for php composer or whatever just to > get what use to be available with no more complexity than choosing > tar.gz or tar.bz2 or .zip if the dev was Windows. > > Whatever happened to KISS and why can't source tarballs be distributed > as source tarballs? > > Back when I was a Fedora packager - the packaging guidelines would > reject a package of the Source tarball wasn't a URL and if the timestamp > on the tarball in the src.rpm didn't match upstream even if the checksum > was identical. > > Guess those days are gone. Not exactly. I'm pretty happy with FreeBSD pkg system, and with poudriere whenever I need custom configs different from what package maintainers choice. No unneeded complication crap. Of course, this is only rant from point of view of mentioning our rival: FreeBSD on our list ;-) Valeri > > /rant > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] spec file frustration (rant)
I'm getting spec files from centos git which is really convenient when the related source is easy to find. But some things - e.g. from a spec file # How to create the source tarball: # # git clone git://git.fedorahosted.org/git/python-rhsm.git/ # cd client/python-rhsm # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz Never used tito before, so I install it and try, and rather than giving me the source package I need - it gives me a python traceback complaining that I haven't configured some things properly. Seems a lot of the software distribution world is getting overly complex with an expectation that the end user who needs to exercise his FLOSS rights has to use git or nodejs or for php composer or whatever just to get what use to be available with no more complexity than choosing tar.gz or tar.bz2 or .zip if the dev was Windows. Whatever happened to KISS and why can't source tarballs be distributed as source tarballs? Back when I was a Fedora packager - the packaging guidelines would reject a package of the Source tarball wasn't a URL and if the timestamp on the tarball in the src.rpm didn't match upstream even if the checksum was identical. Guess those days are gone. /rant ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bottom panel on new C7.3
On 2016-12-13, Jerry Geiswrote: > Hi All, > > I run these commands for previous 7.2 to hide the bottom panel. > gconftool-2 -t int --list-type int --set > /apps/panel/toplevels/bottom_panel/auto_hide_size 0 gconftool-2 -t > bool --list-type bool --set > /apps/panel/toplevels/bottom_panel/auto_hide true > > It does not seem to be working any more... I am seeing the panel. > > Thoughts? > > Jerry Those commands are for the GNOME 2 (and possibly MATE) desktop environments. In GNOME 3 you use gnome-tweak-tool to disable the "Window list" extension. Assuming you are running GNOME 3, of course. -- Liam ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disable gnome-initial-setup
On 2016-12-13, Gordon Messmerwrote: > Prior to 7.3, I could disable the post-first-boot GNOME initial setup > window by turning off the "initial-setup-graphical" systemd service. > That service no longer exists, so I no longer know how to disable the > setup window. I know that I can remove the "gnome-initial-setup" > package, but I expect that at some point, it'll be brought in by > dependencies or group membership, so I'd like to find a way to turn it > off regardless of that package's presence. Does anyone know how, in > the new version? The package puts some files in /etc/xdg/autostart/. You could edit those to prevent autostart.[1] Another option is to place the file .config/gnome-initial-setup-done in the user's home directory, containing the text "yes". 1: https://standards.freedesktop.org/autostart-spec/autostart-spec-latest.html -- Liam ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] libreoffice 5 slow after 7.3 update
El 13/12/16 a las 20:01, Alexandru Chiscan escribió: Hello all, After the update to 7.3 libreoffice (5.0.6.2-3.el7.x86_64) became unusable slow. For an excel file with 250 rows even a simple scroll takes a few seconds, during that time the Xorg server is 100% working and the GPU utilization is at about 77% (from NVIDIA server settings). I have tried disabling the hardware acceleration (options->view) and OpenCL (options) but the problem and the high usage for Xorg and GPU persisted. I have seen the the same bug (probably) was present in Fedora 23 (libreoffice version 5.0.5.2-1.fc23.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1308700) Does anyone had the same problem and if yes what was the fix? Does RedHat 7.3 has the same problem? I have searched the bugzilla database and found only the Fedora bug. System info: Intel I3-6098P, 8GB ram, NVIDIA GT 240 with all the packages updated. libreoffice-ure-5.0.6.2-3.el7.x86_64 libreoffice-opensymbol-fonts-5.0.6.2-3.el7.noarch libreoffice-core-5.0.6.2-3.el7.x86_64 libreoffice-pyuno-5.0.6.2-3.el7.x86_64 libreoffice-calc-5.0.6.2-3.el7.x86_64 libreoffice-writer-5.0.6.2-3.el7.x86_64 libreoffice-emailmerge-5.0.6.2-3.el7.x86_64 libreoffice-base-5.0.6.2-3.el7.x86_64 libreoffice-math-5.0.6.2-3.el7.x86_64 libreoffice-impress-5.0.6.2-3.el7.x86_64 libreoffice-graphicfilter-5.0.6.2-3.el7.x86_64 libreoffice-pdfimport-5.0.6.2-3.el7.x86_64 libreoffice-draw-5.0.6.2-3.el7.x86_64 libreoffice-5.0.6.2-3.el7.x86_64 libreoffice-langpack-ro-5.0.6.2-3.el7.x86_64 libreoffice-langpack-en-5.0.6.2-3.el7.x86_64 nvidia-x11-drv-340xx-32bit-340.98-1.el7.elrepo.x86_64 nvidia-x11-drv-340xx-340.98-1.el7.elrepo.x86_64 kmod-nvidia-340xx-340.98-1.el7.elrepo.x86_64 OpenGL version string: 3.3.0 NVIDIA 340.98 server glx version string: 1.4 Best regards, Alexandru Chiscan Hello I had this problem in Fedora 22/23? and the solution was install LibreOffice 5.1 from the LibreOffice site. Best ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] libreoffice 5 slow after 7.3 update
Hello all, After the update to 7.3 libreoffice (5.0.6.2-3.el7.x86_64) became unusable slow. For an excel file with 250 rows even a simple scroll takes a few seconds, during that time the Xorg server is 100% working and the GPU utilization is at about 77% (from NVIDIA server settings). I have tried disabling the hardware acceleration (options->view) and OpenCL (options) but the problem and the high usage for Xorg and GPU persisted. I have seen the the same bug (probably) was present in Fedora 23 (libreoffice version 5.0.5.2-1.fc23.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1308700) Does anyone had the same problem and if yes what was the fix? Does RedHat 7.3 has the same problem? I have searched the bugzilla database and found only the Fedora bug. System info: Intel I3-6098P, 8GB ram, NVIDIA GT 240 with all the packages updated. libreoffice-ure-5.0.6.2-3.el7.x86_64 libreoffice-opensymbol-fonts-5.0.6.2-3.el7.noarch libreoffice-core-5.0.6.2-3.el7.x86_64 libreoffice-pyuno-5.0.6.2-3.el7.x86_64 libreoffice-calc-5.0.6.2-3.el7.x86_64 libreoffice-writer-5.0.6.2-3.el7.x86_64 libreoffice-emailmerge-5.0.6.2-3.el7.x86_64 libreoffice-base-5.0.6.2-3.el7.x86_64 libreoffice-math-5.0.6.2-3.el7.x86_64 libreoffice-impress-5.0.6.2-3.el7.x86_64 libreoffice-graphicfilter-5.0.6.2-3.el7.x86_64 libreoffice-pdfimport-5.0.6.2-3.el7.x86_64 libreoffice-draw-5.0.6.2-3.el7.x86_64 libreoffice-5.0.6.2-3.el7.x86_64 libreoffice-langpack-ro-5.0.6.2-3.el7.x86_64 libreoffice-langpack-en-5.0.6.2-3.el7.x86_64 nvidia-x11-drv-340xx-32bit-340.98-1.el7.elrepo.x86_64 nvidia-x11-drv-340xx-340.98-1.el7.elrepo.x86_64 kmod-nvidia-340xx-340.98-1.el7.elrepo.x86_64 OpenGL version string: 3.3.0 NVIDIA 340.98 server glx version string: 1.4 Best regards, Alexandru Chiscan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Namespace en postfix / dovecot
On 12/13/2016 12:39 PM, Alex ( Servtelecom ) wrote: > Me aconsejas que pase el clamav en todo el servidor? > descarto mala configuración de dovecot o postfix? ya apareció el correo. podrías usar clamav, también hay scripts que permiten ver si hay contenido malicioso alojado en tus sitios (hay muchas variantes) signature.asc Description: OpenPGP digital signature ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Namespace en postfix / dovecot
On 12/13/2016 12:49 PM, Alex ( Servtelecom ) wrote: > Esta claro que esto solo puede venir por aplicaciones web instaladas en > mi servidor no? del exterior no porque lo vería en mis log's de mail.log > pero allí no veo nada inusual. Me centro exclusivamente en las web's y > solo en ellas no? Digamos que alguien se hace pasar por ti desde un servidor de un tercero... quizá los rebotes te llegarían a tí o te bloquearían injustamente. Es una posibilidad.. quizá en este caso lo que debes hacer es configurar SPF y _dmarc en cada dominio. SPF para que le permita a los demás conocer que es una farsa el intento de un tercero, y el _dmarc para que te ayude a recibir reportes y conocer quién envía cosas a tu nombre... no sé, se me ocurre. Pero me oriento a que sea algo interno, en las web, un script. Podría ser un script levantado de otra forma (entraron por ssh por ejemplo)... podría ser... no se puede descartar. > > Igualmente lo de que solo direcciones validas puedan enviar y > direcciones que no estén creadas en mi sistema de postfix no puedan, hay > algún manual para que lo pueda aplicar a mi configuración actual? me > interesa por si roban un password de alguien no me utilicen para enviar > spam que alguna vez me ha pasado... Eso no me convence tanto, porque el atacante está usando un script, no se apoya en el postfix, sino que el script accede directo al puerto 25/tcp de un servidor remoto... saludos epe > > Gracias por tu ayuda!! > > Firma Alexandre Andreu Cases - Servtelecom > El 13/12/16 a las 18:44, Miguel González escribió: >> On 12/13/16 6:34 PM, Ernesto Pérez Estévez wrote: >>> On 13/12/16 07:09, Ernesto Pérez Estévez wrote: On 13/12/16 07:00, Ernesto Pérez Estévez wrote: > En mi caso cuando lo he tenido lo he logrado controlar a través del > uso > de iptables, pero te cuento luego porque no es tan fácil. > >>> Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena >>> idea que lo tengas para evitar que te hagan el mismo tipo de ataques de >>> diccionario al servidor, busca y activa las jaulas para el servidor de >>> pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y >>> para otros tipos de ataques que buscan claves débiles, etc. >>> >>> Pero eso no evita que un script ya estè siendo activamente explotado en >>> tu servidor. >>> >>> >>> >>> >> >> Si tienes Wordpress, te recomiendo que instales Wordfence y/o Sucuri y >> hagas una escaneo de tu Wordpress. Además te sirven para securizarlo. >> >> Saludos >> >> Miguel >> ___ >> CentOS-es mailing list >> CentOS-es@centos.org >> https://lists.centos.org/mailman/listinfo/centos-es > > ___ > CentOS-es mailing list > CentOS-es@centos.org > https://lists.centos.org/mailman/listinfo/centos-es -- CEDIA La principal herramienta de Investigación en el Ecuador. Calle La Condamine 12-109 "Casa Rivera". Cuenca - Ecuador Telf: (593) 7405 1000 Ext. 4220/4223 i...@cedia.org.ec www.cedia.org.ec signature.asc Description: OpenPGP digital signature ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS] Disable gnome-initial-setup
Prior to 7.3, I could disable the post-first-boot GNOME initial setup window by turning off the "initial-setup-graphical" systemd service. That service no longer exists, so I no longer know how to disable the setup window. I know that I can remove the "gnome-initial-setup" package, but I expect that at some point, it'll be brought in by dependencies or group membership, so I'd like to find a way to turn it off regardless of that package's presence. Does anyone know how, in the new version? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipa rpm conflicts
On Tue, Dec 13, 2016 at 04:44:06PM +, lejeczek wrote: > does anybody see this: > > unning transaction > Warning: RPMDB altered outside of yum. > ** Found 8 pre-existing rpmdb problem(s), 'yum check' output > follows: > ipa-admintools-4.4.0-14.el7.centos.noarch has installed conflicts > freeipa-admintools: ipa-admintools-4.4.0-14.el7.centos.noarch > ipa-client-4.4.0-14.el7.centos.x86_64 has installed conflicts > freeipa-client: ipa-client-4.4.0-14.el7.centos.x86_64 > ipa-client-common-4.4.0-14.el7.centos.noarch has installed conflicts > freeipa-client-common: ipa-client-common-4.4.0-14.el7.centos.noarch > ipa-common-4.4.0-14.el7.centos.noarch has installed conflicts > freeipa-common: ipa-common-4.4.0-14.el7.centos.noarch > ipa-python-compat-4.4.0-14.el7.centos.noarch has installed conflicts > freeipa-python-compat: ipa-python-compat-4.4.0-14.el7.centos.noarch > ipa-server-4.4.0-14.el7.centos.x86_64 has installed conflicts > freeipa-server: ipa-server-4.4.0-14.el7.centos.x86_64 > ipa-server-common-4.4.0-14.el7.centos.noarch has installed conflicts > freeipa-server-common: ipa-server-common-4.4.0-14.el7.centos.noarch > ipa-server-dns-4.4.0-14.el7.centos.noarch has installed conflicts > freeipa-server-dns: ipa-server-dns-4.4.0-14.el7.centos.noarch > > this in .rpm I guess and started appearing after upg to 7.3. > *freeipa* is naming convention Fedora uses, right? Some remnants > rebase did not take care of? upstream issue https://bugzilla.redhat.com/show_bug.cgi?id=1370134 Cheers Tru -- Tru Huynh http://pgp.mit.edu:11371/pks/lookup?op=get=0xBEFA581B pgp2avCdTOVv7.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Namespace en postfix / dovecot
Esta claro que esto solo puede venir por aplicaciones web instaladas en mi servidor no? del exterior no porque lo vería en mis log's de mail.log pero allí no veo nada inusual. Me centro exclusivamente en las web's y solo en ellas no? Igualmente lo de que solo direcciones validas puedan enviar y direcciones que no estén creadas en mi sistema de postfix no puedan, hay algún manual para que lo pueda aplicar a mi configuración actual? me interesa por si roban un password de alguien no me utilicen para enviar spam que alguna vez me ha pasado... Gracias por tu ayuda!! Firma Alexandre Andreu Cases - Servtelecom El 13/12/16 a las 18:44, Miguel González escribió: On 12/13/16 6:34 PM, Ernesto Pérez Estévez wrote: On 13/12/16 07:09, Ernesto Pérez Estévez wrote: On 13/12/16 07:00, Ernesto Pérez Estévez wrote: En mi caso cuando lo he tenido lo he logrado controlar a través del uso de iptables, pero te cuento luego porque no es tan fácil. Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena idea que lo tengas para evitar que te hagan el mismo tipo de ataques de diccionario al servidor, busca y activa las jaulas para el servidor de pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y para otros tipos de ataques que buscan claves débiles, etc. Pero eso no evita que un script ya estè siendo activamente explotado en tu servidor. Si tienes Wordpress, te recomiendo que instales Wordfence y/o Sucuri y hagas una escaneo de tu Wordpress. Además te sirven para securizarlo. Saludos Miguel ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Namespace en postfix / dovecot
On 12/13/16 6:34 PM, Ernesto Pérez Estévez wrote: > On 13/12/16 07:09, Ernesto Pérez Estévez wrote: >> On 13/12/16 07:00, Ernesto Pérez Estévez wrote: >>> En mi caso cuando lo he tenido lo he logrado controlar a través del uso >>> de iptables, pero te cuento luego porque no es tan fácil. >>> > > Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena > idea que lo tengas para evitar que te hagan el mismo tipo de ataques de > diccionario al servidor, busca y activa las jaulas para el servidor de > pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y > para otros tipos de ataques que buscan claves débiles, etc. > > Pero eso no evita que un script ya estè siendo activamente explotado en > tu servidor. > > > > Si tienes Wordpress, te recomiendo que instales Wordfence y/o Sucuri y hagas una escaneo de tu Wordpress. Además te sirven para securizarlo. Saludos Miguel ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Namespace en postfix / dovecot
Me aconsejas que pase el clamav en todo el servidor? descarto mala configuración de dovecot o postfix? he mirado el erro exacto, os lo pongo aquí: 550 SC-002 - Correo rechazado por Outlook.com en virtud de sus directivas. La IP del servidor de correo que está conectando con Outlook.com ha mostrado un comportamiento de minería de espacio de nombres. Si no eres administrador de correo o de red, ponte en contacto con tu proveedor de acceso a correo o Internet para obtener ayuda. Existe alguna web o algún aplicativo para ver si ya no persiste mi problema? por más que miro con el antivirus no me detecta nada y necesito que hotmail me vuelva a admitir También te he preguntado en que parte de la configuración fuerzas a postfix y dovecot que solo los usuarios y dominios que existan puedan mandar correo, solo direcciones reales , no se puedan mandar desde direcciones inexistentes por mucho que la validación sea correcta ( se suele utilizar en web's que tienes un usuario pero la dirección de salida de la web pones w...@dominio.com ) Firma Alexandre Andreu Cases - Servtelecom El 13/12/16 a las 18:34, Ernesto Pérez Estévez escribió: On 13/12/16 07:09, Ernesto Pérez Estévez wrote: On 13/12/16 07:00, Ernesto Pérez Estévez wrote: En mi caso cuando lo he tenido lo he logrado controlar a través del uso de iptables, pero te cuento luego porque no es tan fácil. Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena idea que lo tengas para evitar que te hagan el mismo tipo de ataques de diccionario al servidor, busca y activa las jaulas para el servidor de pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y para otros tipos de ataques que buscan claves débiles, etc. Pero eso no evita que un script ya estè siendo activamente explotado en tu servidor. ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Namespace en postfix / dovecot
On 13/12/16 07:09, Ernesto Pérez Estévez wrote: > On 13/12/16 07:00, Ernesto Pérez Estévez wrote: >> En mi caso cuando lo he tenido lo he logrado controlar a través del uso >> de iptables, pero te cuento luego porque no es tan fácil. >> Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena idea que lo tengas para evitar que te hagan el mismo tipo de ataques de diccionario al servidor, busca y activa las jaulas para el servidor de pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y para otros tipos de ataques que buscan claves débiles, etc. Pero eso no evita que un script ya estè siendo activamente explotado en tu servidor. -- CEDIA La principal herramienta de Investigación en el Ecuador. Calle La Condamine 12-109 "Casa Rivera". Cuenca - Ecuador Telf: (593) 7405 1000 Ext. 4220/4223 i...@cedia.org.ec www.cedia.org.ec Email secured by Check Point ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS-announce] CEBA-2016:2929 CentOS 7 resource-agents BugFix Update
CentOS Errata and Bugfix Advisory 2016:2929 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-2929.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: b62de7ea7fce3c77d95f138d093130a7dba978b11eca69ea807857f6c8027a96 resource-agents-3.9.5-82.el7_3.3.x86_64.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS ___ CentOS-announce mailing list CentOS-announce@centos.org https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2016:2930 CentOS 7 fence-agents BugFix Update
CentOS Errata and Bugfix Advisory 2016:2930 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-2930.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 6cd757278013ee4a4727be81533a94cdc9bdbb4b426896353c643bf503135b8a fence-agents-all-4.0.11-47.el7_3.2.x86_64.rpm 07decfab5c58f519814878a2bbe0d1fae2b4beb913fc785775ae123574fb864d fence-agents-apc-4.0.11-47.el7_3.2.x86_64.rpm e1e70e7f5dc67dafd7f86bd50842a5a13facb6e0bf06ea1651e36f5ad09cc7b7 fence-agents-apc-snmp-4.0.11-47.el7_3.2.x86_64.rpm 52cdf41a2c9e9f27b3972ea7347b2dd3b9076215ef7f6e4418ae6e932c542b1a fence-agents-bladecenter-4.0.11-47.el7_3.2.x86_64.rpm 30aeabcbb84b4de310664c5b9624dc12da326109435e47c83d5f2dfa207cae02 fence-agents-brocade-4.0.11-47.el7_3.2.x86_64.rpm e2495a379c5d69e80f1c48f40243d482baba464438e32c1755aba6b55ee773b0 fence-agents-cisco-mds-4.0.11-47.el7_3.2.x86_64.rpm ac2230747fafc587f6131c26c14235916faea13124c1074cec14a9ea607679b8 fence-agents-cisco-ucs-4.0.11-47.el7_3.2.x86_64.rpm d67df7ef3cfc1cadd2f796d593ed9114221c42ae227806deb4e41b66c8925ed1 fence-agents-common-4.0.11-47.el7_3.2.x86_64.rpm 5536079c8975e0d032ffa408e055720e884372c2f7875ae6cd1d18802d73eaed fence-agents-compute-4.0.11-47.el7_3.2.x86_64.rpm 29ebd0e0e76e99eb5b5e04ba05562c30cb72bc49308a269260c15c17da06b35c fence-agents-drac5-4.0.11-47.el7_3.2.x86_64.rpm ba0987513ed143c267f6627620f635f6cce5b15e6f4e7d97b78a15fc613d0b7c fence-agents-eaton-snmp-4.0.11-47.el7_3.2.x86_64.rpm 4342cd2d93b835b66a98721a6ac177fd19959c494f0ffed15276b05bfa0f95e7 fence-agents-emerson-4.0.11-47.el7_3.2.x86_64.rpm b18398cf3655f79df0a8ff0ce22003bd31fa99ad99f92b7711e1f5fce79d0c4b fence-agents-eps-4.0.11-47.el7_3.2.x86_64.rpm c954731caad2b3635caea48404d0c49c6bf6ea7e883ee4e348198d14142295b2 fence-agents-hpblade-4.0.11-47.el7_3.2.x86_64.rpm 6a953e0ba0e1693a649e0e90bf707cc9def496ad8cf33cc1fc2e36d3701a487c fence-agents-ibmblade-4.0.11-47.el7_3.2.x86_64.rpm ec6b2d7259a33a1c0b07869ecf290559cb4ef164af82efda99ffdd465713cc3c fence-agents-ifmib-4.0.11-47.el7_3.2.x86_64.rpm dbb07b8690ad182d08545b4ffc377ee63f33bcd5f62105894d3841126cd83243 fence-agents-ilo2-4.0.11-47.el7_3.2.x86_64.rpm 46ef3ca55f4e0362ee5b1acba0a58e851124bba683bbb1bbc740e6b1589b3f21 fence-agents-ilo-moonshot-4.0.11-47.el7_3.2.x86_64.rpm 833aaf098d2785fb0931f1bd8a24231c788d77fed53296bf94cb67381cbdbfb3 fence-agents-ilo-mp-4.0.11-47.el7_3.2.x86_64.rpm 340de23651940ee26bbd73c4238734edd3cc652e64cce9590ff23282d7779d29 fence-agents-ilo-ssh-4.0.11-47.el7_3.2.x86_64.rpm f66ddafdabb279f729e7fb93d07feadbcf488a123bb980ac8a45f22b44a99615 fence-agents-intelmodular-4.0.11-47.el7_3.2.x86_64.rpm ecdc91a83e9f64061ffe66ef4163d638685d86ac253dd419243301dd63cae254 fence-agents-ipdu-4.0.11-47.el7_3.2.x86_64.rpm 79f2604ff6e61b55d9569259fb87220ec05d49624995b076fa087db0cab573a2 fence-agents-ipmilan-4.0.11-47.el7_3.2.x86_64.rpm 2a365bcf0309c7d703325d5cad06b91549e407dff18159fc56ff602060721cfc fence-agents-kdump-4.0.11-47.el7_3.2.x86_64.rpm 54bde3daf5a9f94fb73c2779e8545eb31b3a9eaf652e3234da0486b0275a1a57 fence-agents-mpath-4.0.11-47.el7_3.2.x86_64.rpm f377095a1653bec746717aac73800d595b6ad92275989bf86020aeb98e99c1b8 fence-agents-rhevm-4.0.11-47.el7_3.2.x86_64.rpm 9f63f2e4561638c58d8d6d93fcdac48637d86824b6bbd24426d4422c0f5a10c5 fence-agents-rsa-4.0.11-47.el7_3.2.x86_64.rpm 5d3976d715102a7486758240eed747e561a7101757ce76f5f4d682a9ff6cef04 fence-agents-rsb-4.0.11-47.el7_3.2.x86_64.rpm 3f299f88cf209abec7f7ccc93aa3f537653348d0ab9b764b4de5d6f15d42548c fence-agents-scsi-4.0.11-47.el7_3.2.x86_64.rpm 0bd93f4c83e5e683c75959c3105896a4f28780620ab6ad30af22ac9d4b72197d fence-agents-virsh-4.0.11-47.el7_3.2.x86_64.rpm 8e0e2358904fd842c913742e2db671dba7ad305946dcc45e1b7bcabd389a98e0 fence-agents-vmware-soap-4.0.11-47.el7_3.2.x86_64.rpm 8b41dbc7e1d57e3008f2ef67ca12fffe0b67d74c3ade626875b1a67301a53c10 fence-agents-wti-4.0.11-47.el7_3.2.x86_64.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS ___ CentOS-announce mailing list CentOS-announce@centos.org https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS] disk selection with ks file in 7.3
My existing ks files leave the disk selection unset in 7.3. Checking the manual, I do not see changes in that area so performing a manual installation and comparing the resulting config to mine yields little difference. Taking the anaconda generated disk config section and deploying a new ks with this halts at disk selection unset still? Anyone seeing this? jlc ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ipa rpm conflicts
does anybody see this: unning transaction Warning: RPMDB altered outside of yum. ** Found 8 pre-existing rpmdb problem(s), 'yum check' output follows: ipa-admintools-4.4.0-14.el7.centos.noarch has installed conflicts freeipa-admintools: ipa-admintools-4.4.0-14.el7.centos.noarch ipa-client-4.4.0-14.el7.centos.x86_64 has installed conflicts freeipa-client: ipa-client-4.4.0-14.el7.centos.x86_64 ipa-client-common-4.4.0-14.el7.centos.noarch has installed conflicts freeipa-client-common: ipa-client-common-4.4.0-14.el7.centos.noarch ipa-common-4.4.0-14.el7.centos.noarch has installed conflicts freeipa-common: ipa-common-4.4.0-14.el7.centos.noarch ipa-python-compat-4.4.0-14.el7.centos.noarch has installed conflicts freeipa-python-compat: ipa-python-compat-4.4.0-14.el7.centos.noarch ipa-server-4.4.0-14.el7.centos.x86_64 has installed conflicts freeipa-server: ipa-server-4.4.0-14.el7.centos.x86_64 ipa-server-common-4.4.0-14.el7.centos.noarch has installed conflicts freeipa-server-common: ipa-server-common-4.4.0-14.el7.centos.noarch ipa-server-dns-4.4.0-14.el7.centos.noarch has installed conflicts freeipa-server-dns: ipa-server-dns-4.4.0-14.el7.centos.noarch this in .rpm I guess and started appearing after upg to 7.3. *freeipa* is naming convention Fedora uses, right? Some remnants rebase did not take care of? regards, L. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-announce] CEBA-2016:2944 CentOS 6 chrony BugFix Update
CentOS Errata and Bugfix Advisory 2016:2944 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-2944.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6f4d532fc7a8ab23f587710326aece921b51145ed01fd3c9e865969d86291d32 chrony-2.1.1-2.el6_8.i686.rpm x86_64: 62e49cb71efcfd7e0a542208fb217514ee1bb31dcc6d2b1332b4dccdfffca1d0 chrony-2.1.1-2.el6_8.x86_64.rpm Source: 5c43a53158f77ad26650688c9fbf1f569d4a220edbff6a56101ef2c98c875d8e chrony-2.1.1-2.el6_8.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS ___ CentOS-announce mailing list CentOS-announce@centos.org https://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] yum update pulls in lvm-cluster on 7.3
On Tue, Dec 13, 2016 at 2:16 PM,wrote: > Hi, > > I ran "yum update" this morning on a 7.2 machine with all of the cr updates > applied to it and yum wants to install lvm-cluster and a bunch of deps. > > Dependencies Resolved > > == > Package Arch VersionRepository Size > == > Installing for group upgrade "Resilient Storage": > lvm2-cluster x86_647:2.02.166-1.el7_3.1updates 663 k > Hello, which command did you execute, exactly? I have only experience with RHEL and not CentOS for what regards lvm2-cluster; in my opinion it is correct that it is included in "Resilient Storage" group. So that if you already had this group installed but not lvm2-cluster rpm package, it was a problem before, not now Eg, in a CentOS 7.2 vm of mine I have: [root@manageiq ~]# rpm -q lvm2-cluster package lvm2-cluster is not installed [root@manageiq ~]# [root@manageiq ~]# rpm -q lvm2 lvm2-2.02.130-5.el7.x86_64 [root@manageiq ~]# [root@manageiq ~]# yum update . . . centos-releasex86_64 7-3.1611.el7.centos base 23 k . . . lvm2 x86_64 7:2.02.166-1.el7_3.1 updates 1.1 M . . . but no lvm2-cluster package proposed but correctly if I run [root@manageiq ~]# yum groupinstall "Resilient Storage" ... Dependencies Resolved Package Arch Version Repository Size Installing for group install "Resilient Storage": dlm x86_64 4.0.6-1.el7 base 89 k gfs2-utils x86_64 3.1.9-3.el7 base 302 k lvm2-clusterx86_64 7:2.02.166-1.el7_3.1 updates 663 k Installing for dependencies: corosyncx86_64 2.4.0-4.el7 base 213 k corosynclib x86_64 2.4.0-4.el7 base 125 k dlm-lib x86_64 4.0.6-1.el7 base 24 k libqb x86_64 1.0-1.el7 base 92 k resource-agents x86_64 3.9.5-82.el7_3.1 updates 360 k Updating for dependencies: device-mapper x86_64 7:1.02.135-1.el7_3.1 updates 269 k device-mapper-event x86_64 7:1.02.135-1.el7_3.1 updates 177 k device-mapper-event-libsx86_64 7:1.02.135-1.el7_3.1 updates 177 k device-mapper-libs x86_64 7:1.02.135-1.el7_3.1 updates 333 k device-mapper-persistent-data x86_64 0.6.3-1.el7 base 368 k lvm2x86_64 7:2.02.166-1.el7_3.1 updates 1.1 M lvm2-libs x86_64 7:2.02.166-1.el7_3.1 updates 984 k Transaction Summary Install 3 Packages (+5 Dependent packages) Upgrade ( 7 Dependent packages) So it seems ok to me. It pulls the update of lvm2 package itself and also the lvm2-cluster package (correctly pulled from the "updates" repo) HIH, Gianluca ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 7.3 sources ???
On Mon, December 12, 2016 9:03 pm, Alice Wonder wrote: > On 12/12/2016 06:49 PM, Frank Cox wrote: >> On Mon, 12 Dec 2016 18:36:03 -0800 >> Alice Wonder wrote: >> >>> Looking at http://vault.centos.org/ and not seeing them. >> >> 7.3 is current, so check your friendly local mirror. The same place you >> download your updated from. >> > > Sources aren't in kernel.org mirror, I think most mirrors don't have > them because of the size but vault traditionally has them. If one is going to pull a lot from vault, it would be nicer to not go to central place, but use one of vault mirrors instead. I forgot how one can pull the list of vault mirrors (thanks for reminding me - if anyone does!). I know my mirror server has centos vault: http://bay.uchicago.edu/centos-vault/ Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Namespace en postfix / dovecot
Hola todo es comprado y actualizado, no suelo utilizar cosas no originales Igualmente estoy pasando el clamav a ver que encuentra y actualizado todos los wordpress a la ultima. Como puedo saber si mi problema se ha solucionado Quedo pendiente de respuestas del correo anterior Firma Alexandre Andreu Cases - Servtelecom El 13/12/16 a las 16:17, Wilmer Arambula escribió: Si solo usas WordPress, has instalado una plantilla no original o algún modulo no original, por allí creo que debes empezar, Saludos, Wilmer. El 13/12/2016 9:50, "Alex ( Servtelecom )"escribió: Acabo de aplicar esta regla en mi iptables a ver que pasa, en este servidor solo tengo wordpress instalado y actualizado a la ultima, igualmente lo revisare por si acaso. Me aconsejas que pase el clamav en todo el servidor? descarto mala configuración de dovecot o postfix? he mirado el erro exacto, os lo pongo aquí: 550 SC-002 - Correo rechazado por Outlook.com en virtud de sus directivas. La IP del servidor de correo que está conectando con Outlook.com ha mostrado un comportamiento de minería de espacio de nombres. Si no eres administrador de correo o de red, ponte en contacto con tu proveedor de acceso a correo o Internet para obtener ayuda. Utilizo fail2ban como complemento, crees que se puede aplicar algun extra para que lo detecte y lo frene fail2ban? También he visto que se puede proteger para que solo los dominios que hay registrados en postfix y los usuarios validos puedan mandar correos, si estas autentificado pero tratas de que se envie con una dirección que no es la que hay registradas en postfix entonces no lo enviá. (ejemplo, tienes dominio.com y quieres que se envie, desde una web como dominio2.com). Esto como se puede hacer ya que creo que en mi configuración no lo he visto y si que alguna vez he tenido problemas de este tipo. Gracias por tu ayuda! --- Firma Alexandre Andreu Cases - Servtelecom El 13/12/16 a las 13:09, Ernesto Pérez Estévez escribió: On 13/12/16 07:00, Ernesto Pérez Estévez wrote: En mi caso cuando lo he tenido lo he logrado controlar a través del uso de iptables, pero te cuento luego porque no es tan fácil. Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la opción de bloquear el acceso a los scripts al puerto 25/tcp saliente. Esto es en caso de que tus aplicaciones web corran bajo otro usuario que no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente, entonces puedes aplicar reglas de iptables para que, excepto tu servidor de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp saliente. iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable Claro, con esto no encontrarás al script malicioso, simplemente le bloquearás cualquier intento. Quizá debas usar LOG para guardar los intentos fallidos y tratar de encontrar el uid que está haciendo el intento. ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Namespace en postfix / dovecot
Si solo usas WordPress, has instalado una plantilla no original o algún modulo no original, por allí creo que debes empezar, Saludos, Wilmer. El 13/12/2016 9:50, "Alex ( Servtelecom )"escribió: > Acabo de aplicar esta regla en mi iptables a ver que pasa, en este > servidor solo tengo wordpress instalado y actualizado a la ultima, > igualmente lo revisare por si acaso. > > Me aconsejas que pase el clamav en todo el servidor? > descarto mala configuración de dovecot o postfix? > > he mirado el erro exacto, os lo pongo aquí: > > 550 SC-002 - Correo rechazado por Outlook.com en virtud de sus directivas. > La IP del servidor de correo que está conectando con Outlook.com ha > mostrado un comportamiento de minería de espacio de nombres. Si no eres > administrador de correo o de red, ponte en contacto con tu proveedor de > acceso a correo o Internet para obtener ayuda. > > Utilizo fail2ban como complemento, crees que se puede aplicar algun extra > para que lo detecte y lo frene fail2ban? > > También he visto que se puede proteger para que solo los dominios que hay > registrados en postfix y los usuarios validos puedan mandar correos, si > estas autentificado pero tratas de que se envie con una dirección que no es > la que hay registradas en postfix entonces no lo enviá. (ejemplo, tienes > dominio.com y quieres que se envie, desde una web como dominio2.com). > Esto como se puede hacer ya que creo que en mi configuración no lo he visto > y si que alguna vez he tenido problemas de este tipo. > > > Gracias por tu ayuda! > > --- > > > Firma Alexandre Andreu Cases - Servtelecom > El 13/12/16 a las 13:09, Ernesto Pérez Estévez escribió: > >> On 13/12/16 07:00, Ernesto Pérez Estévez wrote: >> >>> En mi caso cuando lo he tenido lo he logrado controlar a través del uso >>> de iptables, pero te cuento luego porque no es tan fácil. >>> >>> Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la >> opción de bloquear el acceso a los scripts al puerto 25/tcp saliente. >> >> Esto es en caso de que tus aplicaciones web corran bajo otro usuario que >> no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente, >> entonces puedes aplicar reglas de iptables para que, excepto tu servidor >> de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp >> saliente. >> >> iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT >> iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix >> -j ACCEPT >> iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman >> -j ACCEPT >> iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j >> ACCEPT >> iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with >> icmp-port-unreachable >> >> Claro, con esto no encontrarás al script malicioso, simplemente le >> bloquearás cualquier intento. Quizá debas usar LOG para guardar los >> intentos fallidos y tratar de encontrar el uid que está haciendo el >> intento. >> >> > ___ > CentOS-es mailing list > CentOS-es@centos.org > https://lists.centos.org/mailman/listinfo/centos-es > ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS] Bottom panel on new C7.3
Hi All, I run these commands for previous 7.2 to hide the bottom panel. gconftool-2 -t int --list-type int --set /apps/panel/toplevels/bottom_panel/auto_hide_size 0 gconftool-2 -t bool --list-type bool --set /apps/panel/toplevels/bottom_panel/auto_hide true It does not seem to be working any more... I am seeing the panel. Thoughts? Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Namespace en postfix / dovecot
Acabo de aplicar esta regla en mi iptables a ver que pasa, en este servidor solo tengo wordpress instalado y actualizado a la ultima, igualmente lo revisare por si acaso. Me aconsejas que pase el clamav en todo el servidor? descarto mala configuración de dovecot o postfix? he mirado el erro exacto, os lo pongo aquí: 550 SC-002 - Correo rechazado por Outlook.com en virtud de sus directivas. La IP del servidor de correo que está conectando con Outlook.com ha mostrado un comportamiento de minería de espacio de nombres. Si no eres administrador de correo o de red, ponte en contacto con tu proveedor de acceso a correo o Internet para obtener ayuda. Utilizo fail2ban como complemento, crees que se puede aplicar algun extra para que lo detecte y lo frene fail2ban? También he visto que se puede proteger para que solo los dominios que hay registrados en postfix y los usuarios validos puedan mandar correos, si estas autentificado pero tratas de que se envie con una dirección que no es la que hay registradas en postfix entonces no lo enviá. (ejemplo, tienes dominio.com y quieres que se envie, desde una web como dominio2.com). Esto como se puede hacer ya que creo que en mi configuración no lo he visto y si que alguna vez he tenido problemas de este tipo. Gracias por tu ayuda! --- Firma Alexandre Andreu Cases - Servtelecom El 13/12/16 a las 13:09, Ernesto Pérez Estévez escribió: On 13/12/16 07:00, Ernesto Pérez Estévez wrote: En mi caso cuando lo he tenido lo he logrado controlar a través del uso de iptables, pero te cuento luego porque no es tan fácil. Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la opción de bloquear el acceso a los scripts al puerto 25/tcp saliente. Esto es en caso de que tus aplicaciones web corran bajo otro usuario que no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente, entonces puedes aplicar reglas de iptables para que, excepto tu servidor de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp saliente. iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable Claro, con esto no encontrarás al script malicioso, simplemente le bloquearás cualquier intento. Quizá debas usar LOG para guardar los intentos fallidos y tratar de encontrar el uid que está haciendo el intento. ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Namespace en postfix / dovecot
Estimados listeros, yo también les agradecería una ayuda al respecto, porque tampoco puedo mandar correos a esos dominios, al principio pensé que era porque mi proxi tenía su IP en listas negras (aunque la IP de mi servidor de correo no estaba en listas negras) ahora ya tengo dos meses que todas mis IP están limpias pero aun no se puede mandar correos a dichos dominios, muchas gracias El dic 13, 2016 6:49 AM, "Alex ( Servtelecom )"escribió: > Hola compañeros, hotmail y outlook.com me frenan mis correos y después de > mucho indagar me sueltan que mi servidor esta configurado para que se > puedan generar Namespace y no se como evitar esto, hasta ahora no me había > pasado nunca pero me gustaría saber por donde empiezo? > que información necesitáis para que me podáis ayudar? > > ___ > CentOS-es mailing list > CentOS-es@centos.org > https://lists.centos.org/mailman/listinfo/centos-es > ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS] yum update pulls in lvm-cluster on 7.3
Hi, I ran "yum update" this morning on a 7.2 machine with all of the cr updates applied to it and yum wants to install lvm-cluster and a bunch of deps. Dependencies Resolved == Package Arch VersionRepository Size == Installing for group upgrade "Resilient Storage": lvm2-cluster x86_647:2.02.166-1.el7_3.1updates 663 k Updating: centos-release x86_64 7-3.1611.el7.centos base 23 k Installing for dependencies: corosync x86_64 2.4.0-4.el7 base 213 k corosynclib x86_64 2.4.0-4.el7 base 125 k dlm x86_64 4.0.6-1.el7 base 89 k dlm-lib x86_64 4.0.6-1.el7 base 24 k libqbx86_64 1.0-1.el7 base 92 k resource-agents x86_64 3.9.5-82.el7_3.1updates 360 k Transaction Summary = Install 1 Package (+6 Dependent packages) Upgrade 1 Package Total download size: 1.6 M Is this ok [y/d/N]: Exiting on user command Your transaction was saved, rerun it with: yum load-transaction /tmp/yum_save_tx.2016-12-13.07-45.PcXumI.yumtx (shadow pts3) # I understand why the centos-release wants to be updated but can someone tell me why it wants to pull in lvm-cluster and friends? This machine is not part of a cluster. Regards, -- Tom m...@tdiehl.org Spamtrap address me...@tdiehl.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 7.3 srpms
On 12/13/2016 06:50 AM, m...@tdiehl.org wrote: > On 12/13/2016 joh...@centos.org wrote: > >> On 12/13/2016 06:25 AM, m...@tdiehl.org wrote: >>> Hi, >>> >>> Can someone tell me when the 7.3 srpms will be available? >>> >>> They are usually in vault but I do not see them at this time. >>> >>> I need the centos-release srpm ASAP. >> >> All the SRPMS are available from buildlogs. For centos-release >> specifically, look here: >> >> http://buildlogs.centos.org/c7.1611.01/centos-release/20161129181015/7-3.1611.el7.centos.x86_64/ >> > > Ok. Thanks Johnny. > > Does this mean that the SRPMS will no longer be put on vault.centos.org or > they just not there yet? > > Regards, > I am gathering them up to put them on vault now .. should be there sometime today. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 7.3 srpms
On 12/13/2016 joh...@centos.org wrote: On 12/13/2016 06:25 AM, m...@tdiehl.org wrote: Hi, Can someone tell me when the 7.3 srpms will be available? They are usually in vault but I do not see them at this time. I need the centos-release srpm ASAP. All the SRPMS are available from buildlogs. For centos-release specifically, look here: http://buildlogs.centos.org/c7.1611.01/centos-release/20161129181015/7-3.1611.el7.centos.x86_64/ Ok. Thanks Johnny. Does this mean that the SRPMS will no longer be put on vault.centos.org or they just not there yet? Regards, -- Tom m...@tdiehl.org Spamtrap address me...@tdiehl.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] firefox 45.5.1
On 12/08/2016 09:47 AM, geo.inbox.ignored wrote: > > > On 12/08/2016 08:04 AM, Jonathan Billings wrote: >> On Wed, Dec 07, 2016 at 12:46:43PM -0600, geo.inbox.ignored wrote: 2- where might i find earlier releases of 40.x? 3- if i install 40.x in path /var/lib/yum/plugins/local/, will i be able to roll back. >>> >>> any offers for questions 2 & 3? >> >> Short answer: Don't. >> >> Long answer: You're trying to install arbitrary versions of firefox >> with known vulnerabilities. You're also using something that isn't >> supported in CentOS and possibly built against a distro that doesn't >> have the same build environment and base libraries. It sounds like >> you've already got a bunch of local customizations that could possibly >> be preventing a working web browser. >> > }} > > understood and accepted in relation of firefox. > > was not asking for just 40.x, which used as above. > > to be more exacting, if should have need for some other package, > is there a site which archives centos packages? > > for example, in attempting to get vivaldi browser working, even with > latest of releases, there are early *.so files showing as missing. > > tried a web search, no hits. > > with moz devs futzing around with firefox as they have been lately, > it would be nice to have another browser handy for sites that > firefox does not handle. > > All old centos packages are in vault.centos.org: http://vault.centos.org/ However, running packages with known security issues is not recommended. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 7.3 srpms
On 12/13/2016 06:25 AM, m...@tdiehl.org wrote: > Hi, > > Can someone tell me when the 7.3 srpms will be available? > > They are usually in vault but I do not see them at this time. > > I need the centos-release srpm ASAP. > > Regards, > All the SRPMS are available from buildlogs. For centos-release specifically, look here: http://buildlogs.centos.org/c7.1611.01/centos-release/20161129181015/7-3.1611.el7.centos.x86_64/ signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] 7.3 srpms
Hi, Can someone tell me when the 7.3 srpms will be available? They are usually in vault but I do not see them at this time. I need the centos-release srpm ASAP. Regards, -- Tom m...@tdiehl.org Spamtrap address me...@tdiehl.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Namespace en postfix / dovecot
On 13/12/16 07:00, Ernesto Pérez Estévez wrote: > En mi caso cuando lo he tenido lo he logrado controlar a través del uso > de iptables, pero te cuento luego porque no es tan fácil. > Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la opción de bloquear el acceso a los scripts al puerto 25/tcp saliente. Esto es en caso de que tus aplicaciones web corran bajo otro usuario que no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente, entonces puedes aplicar reglas de iptables para que, excepto tu servidor de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp saliente. iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable Claro, con esto no encontrarás al script malicioso, simplemente le bloquearás cualquier intento. Quizá debas usar LOG para guardar los intentos fallidos y tratar de encontrar el uid que está haciendo el intento. -- CEDIA La principal herramienta de Investigación en el Ecuador. Calle La Condamine 12-109 "Casa Rivera". Cuenca - Ecuador Telf: (593) 7405 1000 Ext. 4220/4223 i...@cedia.org.ec www.cedia.org.ec Email secured by Check Point ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS] CentOS-announce Digest, Vol 142, Issue 4
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. Release for CentOS Linux 7 (1611) on x86_64 (Karanbir Singh) -- Message: 1 Date: Mon, 12 Dec 2016 17:42:53 + From: Karanbir SinghTo: CentOS Announcements List Subject: [CentOS-announce] Release for CentOS Linux 7 (1611) on x86_64 Message-ID: <57a573d2-7a27-9472-79d9-1733117c8...@centos.org> Content-Type: text/plain; charset=utf-8 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am pleased to announce the general availability of CentOS Linux 7 (1611) for 64 bit x86 compatible machines. Effectively immediately, this is the current release for CentOS Linux 7 and is tagged as 1611, derived from Red Hat Enterprise Linux 7.3 As always, read through the Release Notes at : http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 - these notes contain important information about the release and details about some of the content inside the release from the CentOS QA team. These notes are updated constantly to include issues and incorporate feedback from the users. - -- Updates, Sources, and DebugInfos Updates released since we froze the iso and install media content are posted in the updates repo along with the release. This will include content from late November 2016 and December 2016, therefore anyone running a new install is highly encouraged to run a 'yum update' operation immediate on install completion. You can apply all updates, including the content released today, on your existing CentOS Linux 7/x86_64 machine by just running 'yum update'. As with all CentOS Linux 7 components, this release was built from sources hosted at git.centos.org. In addition, SRPMs that are a byproduct of the build (and also considered critical in the code and buildsys process) are being published to match every binary RPM we release. Sources will be available from vault.centos.org in their own dedicated directories to match the corresponding binary RPMs. Since there is far less traffic to the CentOS source RPMs compared with the binary RPMs, we are not putting this content on the main mirror network. If users wish to mirror this content they can do so using the reposync command available in the yum-utils package. All CentOS source RPMs are signed with the same key used to sign their binary counterparts. Developers and end users looking at inspecting and contributing patches to the CentOS Linux distro will find the code hosted at git.centos.org far simpler to work against. Details on how to best consume those are documented along with a quick start at : http://wiki.centos.org/Sources Debuginfo packages are also being signed and pushed. Yum configs shipped in the new release file will have all the context required for debuginfo to be available on every CentOS Linux install. This release supersedes all previously released content for CentOS Linux 7, and therefore we highly encourage all users to upgrade their machines. Information on different upgrade strategies and how to handle stale content is included in the Release Notes. - -- Download In order to conserve donor bandwidth, and to make it possible to get the mirror content sync'd out as soon as possible, we recommend using torrents to get your initial installer images: Details on the images are available on the mirrors at http://mirror.centos.org/centos/7/isos/x86_64/0_README.txt - that file clearly highlights the difference in the images, and when one might be more suitable than the others. The sizes, sha256 sums and torrents for the ISO files: == * CentOS-7-x86_64-Minimal-1611.iso Size: 713031680 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-16 11.torrent Sha256Sum: 27bd866242ee058b7a5754e83d8ee8403e216b93d130d800852a96f41c34d86a * CentOS-7-x86_64-NetInstall-1611.iso Size: 395313152 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall - -1611.iso.torrent Sha256Sum: f2f7367deb90a25822947660c71638333ca0eceeabecc2d631be6cd508c24494 * CentOS-7-x86_64-DVD-1611.iso Size: 4379901952 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1611.i so.torrent Sha256Sum: c455ee948e872ad2194b39045b83634e8613249182b88f549bb2319d97eb * CentOS-7-x86_64-Everything-1611.iso Size: 8280604672 Torrent:
Re: [CentOS-es] Namespace en postfix / dovecot
On 13/12/16 06:49, Alex ( Servtelecom ) wrote: > Hola compañeros, hotmail y outlook.com me frenan mis correos y después > de mucho indagar me sueltan que mi servidor esta configurado para que se > puedan generar Namespace y no se como evitar esto, hasta ahora no me > había pasado nunca pero me gustaría saber por donde empiezo? > que información necesitáis para que me podáis ayudar? > Busquemos info sobre el namespace mining primero y enterémonos de lo que es: El problema es al revés, tu servidor está corriendo un script o malware intentando averiguar direcciones de correo válidas donde ellos. Eso es namespace mining. Es una técnica que tiene su edad y que ahora tratan de dispersar mandando a servidores comprometidos a realizar esta acción, cargando estos servidores con la culpa del ataque, quedando el atacante limpio de polvo y paja en sus propios servidores. http://serverfault.com/questions/625853/prevent-stop-namespace-mining Ahora sí, te toca buscar el script malicioso. Claro, esto se dice fácil pero posiblemente incluso no lo encuentres en el servidor pues el atacante puede mandarlo a descargar a través de un sistema desactualizado (típicamente joomla o wordpress o un módulo de ellos) o de un sistema que utiliza claves débiles.. y entonces ejecuta al script y luego de ejecutarlo un tiempo lo manda a borrar y luego de unas horas o días vuelve a hacer el mismo procedimiento. Inteligente verdad? Es una patada el encontrar el sistema con problemas.. esos son los días en que quieres echar todo a la basura y dedicarte a la ornitología o al cuidado de elefantes... te lo juro. En mi caso cuando lo he tenido lo he logrado controlar a través del uso de iptables, pero te cuento luego porque no es tan fácil. -- CEDIA La principal herramienta de Investigación en el Ecuador. Calle La Condamine 12-109 "Casa Rivera". Cuenca - Ecuador Telf: (593) 7405 1000 Ext. 4220/4223 i...@cedia.org.ec www.cedia.org.ec Email secured by Check Point ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Namespace en postfix / dovecot
Hola compañeros, hotmail y outlook.com me frenan mis correos y después de mucho indagar me sueltan que mi servidor esta configurado para que se puedan generar Namespace y no se como evitar esto, hasta ahora no me había pasado nunca pero me gustaría saber por donde empiezo? que información necesitáis para que me podáis ayudar? ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS] Network Manager - force activation of multiple connections
For each of my sites I have set up a server to act as AirPrint server. This requires the LAN connection that the servers have always had, plus a WIFI connection to give it a presence on the WIFI (The WIFI and LAN are on separate VLANS) I have finally dragged myself into the 21st century and used NetworkManager for the connection, using nmtui to do the work. The problem I have is that on most of these servers, thw WIFI connection doesn't always activate on bootup and I have to go into nmtui -> activate -> WIFI etc. to get it working again. Is there a way to force NetworkManager to always activate all interfaces on bootup? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] test builds on private server against 1611
Hello Guys, I only wanna you know that my private server builds works against centos version 1611. The messa private llmv on centos was never as mine. That’s all I also removed my old 12.04 mesa stuff, because of this behavior. Sincerely Andy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos