Re: [CentOS] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2

2017-04-09 Thread Robert Moskowitz 
Too busy getting ready for Passover, and not looking carefully enough at 
the numbers.


I better get back to what I should be doing right now.

See you all Thursday.

On 04/09/2017 08:13 PM, Peter wrote:

On 10/04/17 12:08, Robert Moskowitz wrote:

This was just posted on the Postfix list.  Centos 7 ships with:
postfix-2.10.1-6.el7

Has this cert advisory been applied to the Centos build of Postfix?

This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
11 years ago in Postfix 2.2.11 and later.

2.10.1 is way later than 2.2.11, this bug was never in any version of
postfix that shipped after CentOS 4.


Peter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2

2017-04-09 Thread Peter 
On 10/04/17 12:08, Robert Moskowitz wrote:
> This was just posted on the Postfix list.  Centos 7 ships with:
> postfix-2.10.1-6.el7
> 
> Has this cert advisory been applied to the Centos build of Postfix?
> 
> This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
> 11 years ago in Postfix 2.2.11 and later.

2.10.1 is way later than 2.2.11, this bug was never in any version of
postfix that shipped after CentOS 4.


Peter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2

2017-04-09 Thread Robert Moskowitz 
This was just posted on the Postfix list.  Centos 7 ships with: 
postfix-2.10.1-6.el7


Has this cert advisory been applied to the Centos build of Postfix?

thank you


 Forwarded Message 
Subject:Obsolete NSA exploit for Postfix 2.0 - 2.2
Date:   Sun, 9 Apr 2017 16:18:06 -0400 (EDT)
From:   Wietse Venema 
To: Postfix users 
CC: Postfix announce 



A recent twitter post reveals the existence of an exploit for Postfix,
in a collection of what appear to be NSA tools.

https://twitter.com/JulianAssange/status/850870683831648256

This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
11 years ago in Postfix 2.2.11 and later.

There was a memory corruption bug in a Postfix workaround for a
Sendmail bug (CERT advisory CA-2003-07, remote buffer overflow when
message headers contain lots of comment text before an email address).

Technical details: the Postfix strip_address() function, which
removes large comments from a mail header, called the printable()
function on a string that wasn't null-terminated. This caused the
printable() function to scribble past the end of malloc()ed memory,
corrupting the memory heap.

Running the exploit against Postfix versions less than 11 years old
results in odd-looking email messages in the super-user's mailbox,
and warning messages in the maillog file (warning: stripping too
many comments from address: ).

Wietse

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

2017-04-09 Thread ken 

On 04/09/2017 04:30 AM, J Martin Rushton wrote:

On 09/04/17 05:39, Anthony K wrote:

According to "Arthur Schopenhauer":

"All truth passes through three stages.
 First, it is ridiculed.
 Second, it is violently opposed.
 Third, it is accepted as being self-evident."

All ideas, true or false, follow those stages, but one hopes that the
false ones are eventually derided and toppled.



I must admit that I skipped through the first and second stages - I
never found creating init scripts a joy and instead opted to write my
own scripts that I launched via inittab.  As such, I welcomed the
simplicity systemd's service files without fuss.

So, at which stage are you in w/ regards to adopting systemd?  Are you
still ridiculing it, violently opposed to it, or have you mellowed to it?


Accepting it as a fait accompli.  It makes life much harder for no
obvious gain, but short of creating one's own distro we seem to be stuck
with it.  To answer your question, a combination of proposition 1 and
the first part of proposition 3.

For those of us with (in my case) over 30 years in the industry, reading
init scripts is trivial and at least we can see what is going on and fix
problems quickly.  Some vague, poorly documented, data file which is
interpreted by a black box is the sort of joy one expects from the
murkier regions of Redmond not the sunnier climes of Carolina.



I agree.  I never had a problem with init scripts.  Anyone who 
understood bash/sh could fairly easily come to grips with init scripts.  
I have no idea where to look for whatever starts up services with 
systemd.  What language is systemd written in...?  no idea.  Yes, I 
tried reading docs, but they're so vague and inscrutable that I gave 
up.  E.g., what is a "unit"?  Could they have picked a word more vague?  
What does "unit" tell us which "thing" doesn't?  Basically, a service is 
either running or stopped... so what is "static"?  "Static" means the 
opposite of "moving" or "dynamic".  How does "static" describe a service?


In short, although computer geeks generally aren't known for being good 
at documentation, in the commercial world at any rate.  But this is 
GNU/Linux.  We rely on online documentation and the open source 
community to figure out problems and make improvements. Lacking sensible 
documentation, it's hard to figure out problems. If problems can't be 
figured out, we're faced with problematic systems.  And who's going to 
tolerate that for long?  How is that an improvement over Redmondware?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

2017-04-09 Thread Kay Schenk 
On Sun, Apr 9, 2017 at 2:20 AM, John R Pierce  wrote:

> On 4/8/2017 9:39 PM, Anthony K wrote:
>
>>
>> So, at which stage are you in w/ regards to adopting systemd?  Are you
>> still ridiculing it, violently opposed to it, or have you mellowed to it?
>>
>
> I wish the documentation was a bit better.   systemd and networkmanager
> definitely change the rules...  I had a minimal C7 VM where I had a heck of
> a time getting it to use the right DNS servers, only way I got it set up
> was to use nmtui, my attempts at using nmcli were an exercise in
> frustration.maybe this is more of a networkmanager problem more than
> systemd, but they are both tied together in my mind.
>

​Yes, lack of documentation is a big bug-a-boo in my mind also. However, I
do think working with systemd is a bit like working with udev​

​ hooks. My first experience with systemd was probably back in late 2011.
In any case, the RH documentation on it may be beneficial at this point:

​
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html

or maybe take a look at the Fedora projects info:

https://www.freedesktop.org/wiki/Software/systemd/


>
> --
> john r pierce, recycling bits in santa cruz
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
--
MzK

"Every time you hear a bell ring,
 it means that some angel's just got his wings."
  -- Clarence, "It's a Wonderful Life"
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] logwatch customization question

2017-04-09 Thread Robert Moskowitz 



On 04/09/2017 09:42 AM, Richard wrote:

Date: Sunday, April 09, 2017 08:36:17 -0400
From: Robert Moskowitz 

Logwatch is installed, and I am assuming by how empty /etc/logwatch
is that it is running from defaults, which I find in
/usr/share/logwatch/default.conf/services

I want to customize ONE service.  dovecot.

Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf

to

/etc/logwatch/conf/services

and edit it there,

or do I have to copy ALL default.conf/services/* there and modify
/etc/logwatch/conf/logwatch.conf to look there?

The README is rather not helpful on this.

How do I modify ONE service (and not just make the changes in
default.conf that I have seen in a couple howtos.


I think that the HOWTO, referenced in the logwatch man page, has a
fairly complete explanation of approaches to customization.


centos-6/logwatch-7.3.6

MORE INFORMATION
  The directory /usr/share/doc/logwatch-* contains several
  files with additional documentation:
HOWTO-Customize-LogWatch
  Documents the directory structure of Logwatch
  configuration and executable files,  and describes how
  to customize Logwatch by overriding these default files.


thanks.  I think I got it from the sendmail example.

"   For example, if file /etc/logwatch/conf/services/sendmail.conf has the
   single entry:
$sendmail_unknownusersthreshold = 5
   then the threshold for unknown users is set to five instead of the
   default of one.  All other parameters are not modified.  "

thus:

cat > /etc/logwatch/conf/services/dovecot.conf
# Override the default Detail level. This will only affect dovecot's report.
$dovecot_detail = 10

I will see how it goes after tonight!


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] logwatch customization question

2017-04-09 Thread Richard 

> Date: Sunday, April 09, 2017 08:36:17 -0400
> From: Robert Moskowitz 
>
> Logwatch is installed, and I am assuming by how empty /etc/logwatch
> is that it is running from defaults, which I find in
> /usr/share/logwatch/default.conf/services
> 
> I want to customize ONE service.  dovecot.
> 
> Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf
> 
> to
> 
> /etc/logwatch/conf/services
> 
> and edit it there,
> 
> or do I have to copy ALL default.conf/services/* there and modify
> /etc/logwatch/conf/logwatch.conf to look there?
> 
> The README is rather not helpful on this.
> 
> How do I modify ONE service (and not just make the changes in
> default.conf that I have seen in a couple howtos.
> 

I think that the HOWTO, referenced in the logwatch man page, has a
fairly complete explanation of approaches to customization.


centos-6/logwatch-7.3.6

   MORE INFORMATION
 The directory /usr/share/doc/logwatch-* contains several
 files with additional documentation:
   HOWTO-Customize-LogWatch
 Documents the directory structure of Logwatch
 configuration and executable files,  and describes how
 to customize Logwatch by overriding these default files.


centos-7/logwatch-7.4.0

In addition to the HOWTO, as in -6, there's also a logwatch.conf man
page, which includes:

   override.conf - ( /etc/logwatch/conf/override.conf ) contains
   the settings which overrides the standard configuration of
   specific log files or services. The syntax is the same as in
   log/service files.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] logwatch customization question

2017-04-09 Thread Robert Moskowitz 
Logwatch is installed, and I am assuming by how empty /etc/logwatch is 
that it is running from defaults, which I find in 
/usr/share/logwatch/default.conf/services


I want to customize ONE service.  dovecot.

Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf

to

/etc/logwatch/conf/services

and edit it there,

or do I have to copy ALL default.conf/services/* there and modify 
/etc/logwatch/conf/logwatch.conf to look there?


The README is rather not helpful on this.

How do I modify ONE service (and not just make the changes in 
default.conf that I have seen in a couple howtos.


thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

2017-04-09 Thread John R Pierce 

On 4/8/2017 9:39 PM, Anthony K wrote:


So, at which stage are you in w/ regards to adopting systemd?  Are you 
still ridiculing it, violently opposed to it, or have you mellowed to it? 


I wish the documentation was a bit better.   systemd and networkmanager 
definitely change the rules...  I had a minimal C7 VM where I had a heck 
of a time getting it to use the right DNS servers, only way I got it set 
up was to use nmtui, my attempts at using nmcli were an exercise in 
frustration.maybe this is more of a networkmanager problem more than 
systemd, but they are both tied together in my mind.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network configuration: desktop vs. laptop

2017-04-09 Thread Nicolas Kovacs 
Le 09/04/2017 à 10:29, Nux! a écrit :
> On CentOS it's normal for both wireless and wired to be connected at
> the same time, maybe what you are seeing is just the icon's being
> confusing or not being replaced with the right thing?
> 
> This is easy to check, just issue an "ip route". On My system I can
> see something like this:
> 
> default via 192.168.0.1 dev eth0  proto static 192.168.0.0/24 dev
> eth0  proto kernel  scope link  src 192.168.0.16  metric 1 
> 192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.13
> metric 2
> 
> Routing will prefer eth0 (wired), with the smaller metric, giving you
> the better performance.
> 
> I found this quite handy a couple of times, say you remove the laptop
> from the desk and go in the garden or something, you won't lose your
> connections.

Thanks, Lucian.

I just found the culprit, though. Apparently the ifcfg- files
(except ifcfg-lo) were interfering with NetworkManager, so I just
deleted them, and now everything runs perfectly.

Cheers,

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

2017-04-09 Thread Nux! 
I'm ok with it as a init system, not much enthused by its ancillary components.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Anthony K" 
> To: "CentOS mailing list" 
> Sent: Sunday, 9 April, 2017 05:39:59
> Subject: [CentOS] OT: systemd Poll

> According to "Arthur Schopenhauer":
> 
> "All truth passes through three stages.
> First, it is ridiculed.
> Second, it is violently opposed.
> Third, it is accepted as being self-evident."
> 
> I must admit that I skipped through the first and second stages - I
> never found creating init scripts a joy and instead opted to write my
> own scripts that I launched via inittab.  As such, I welcomed the
> simplicity systemd's service files without fuss.
> 
> So, at which stage are you in w/ regards to adopting systemd?  Are you
> still ridiculing it, violently opposed to it, or have you mellowed to it?
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: systemd Poll

2017-04-09 Thread J Martin Rushton 
On 09/04/17 05:39, Anthony K wrote:
> According to "Arthur Schopenhauer":
> 
> "All truth passes through three stages.
> First, it is ridiculed.
> Second, it is violently opposed.
> Third, it is accepted as being self-evident."
All ideas, true or false, follow those stages, but one hopes that the
false ones are eventually derided and toppled.


> I must admit that I skipped through the first and second stages - I
> never found creating init scripts a joy and instead opted to write my
> own scripts that I launched via inittab.  As such, I welcomed the
> simplicity systemd's service files without fuss.
> 
> So, at which stage are you in w/ regards to adopting systemd?  Are you
> still ridiculing it, violently opposed to it, or have you mellowed to it?
> 
Accepting it as a fait accompli.  It makes life much harder for no
obvious gain, but short of creating one's own distro we seem to be stuck
with it.  To answer your question, a combination of proposition 1 and
the first part of proposition 3.

For those of us with (in my case) over 30 years in the industry, reading
init scripts is trivial and at least we can see what is going on and fix
problems quickly.  Some vague, poorly documented, data file which is
interpreted by a black box is the sort of joy one expects from the
murkier regions of Redmond not the sunnier climes of Carolina.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network configuration: desktop vs. laptop

2017-04-09 Thread Nux! 
Hi Niki,

On CentOS it's normal for both wireless and wired to be connected at the same 
time, maybe what you are seeing is just the icon's being confusing or not being 
replaced with the right thing?

This is easy to check, just issue an "ip route". On My system I can see 
something like this:

default via 192.168.0.1 dev eth0  proto static 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.16  metric 1 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.13  metric 2

Routing will prefer eth0 (wired), with the smaller metric, giving you the 
better performance.

I found this quite handy a couple of times, say you remove the laptop from the 
desk and go in the garden or something, you won't lose your connections.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "info" 
> To: "CentOS mailing list" 
> Sent: Saturday, 8 April, 2017 21:57:18
> Subject: [CentOS] Network configuration: desktop vs. laptop

> Hi,
> 
> I'm just migrating some stuff from Slackware Linux to CentOS, and I have
> a question about the orthodox way of configuring a network connection.
> 
> On a desktop or workstation, I usually get rid of NetworkManager:
> 
>  # systemctl stop NetworkManager
>  # yum remove NetworkManager
> 
> Then I edit the /etc/sysconfig/network-scripts/ifcfg-X file
> corresponding to my network interface. Here's a working example:
> 
>  # /etc/sysconfig/network-scripts/ifcfg-enp2s0
>  DEVICE=enp2s0
>  TYPE=Ethernet
>  ONBOOT=yes
>  BOOTPROTO=dhcp
> 
> Now I wonder how I should configure things on a laptop, where I usually
> keep NetworkManager. On a Slackware system, it's usually just a matter
> of leaving a pristine /etc/rc.d/rc.inet1.conf file, and then activate
> /etc/rc.d/rc.networkmanager. Starting from there, when there's a
> wireless connection available, I can connect using the little
> NetworkManager applet on the desktop. And when I switch to cable,
> NetworkManager will prefer that connection automagically.
> 
> On a default installation (I went for the KDE version), NetworkManager
> is active, so I'll keep that. 'ifconfig' shows me that the cabled
> connection is up and running via enp3s0 on the laptop. Wireless doesn't
> seem to work, but 'ifconfig -a' shows me a wlp2s0 interface, which means
> there's a chance it will work.
> 
> First thing I did was edit ifcfg-enp3s0 like this:
> 
>  DEVICE="enp3s0"
>  TYPE="Ethernet"
>  NM_CONTROLLED="yes"
> 
> Then I edited ifcfg-wlp2s0 from scratch, since there's nothing present:
> 
>  DEVICE="wlp2s0"
>  TYPE="Wireless"
>  NM_CONTROLLED="yes"
> 
> I rebooted (just to be on the safe side), and I have a partial success.
> I can connect via KDE's NetworkManager applet. But when I plug in an
> Ethernet cable, the wireless connection stays up and is not replaced by
> the cabled connection.
> 
> Any suggestions?
> 
> Niki Kovacs
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Web  : http://www.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos