Re: [CentOS] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2
Too busy getting ready for Passover, and not looking carefully enough at the numbers. I better get back to what I should be doing right now. See you all Thursday. On 04/09/2017 08:13 PM, Peter wrote: On 10/04/17 12:08, Robert Moskowitz wrote: This was just posted on the Postfix list. Centos 7 ships with: postfix-2.10.1-6.el7 Has this cert advisory been applied to the Centos build of Postfix? This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed 11 years ago in Postfix 2.2.11 and later. 2.10.1 is way later than 2.2.11, this bug was never in any version of postfix that shipped after CentOS 4. Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2
On 10/04/17 12:08, Robert Moskowitz wrote: > This was just posted on the Postfix list. Centos 7 ships with: > postfix-2.10.1-6.el7 > > Has this cert advisory been applied to the Centos build of Postfix? > > This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed > 11 years ago in Postfix 2.2.11 and later. 2.10.1 is way later than 2.2.11, this bug was never in any version of postfix that shipped after CentOS 4. Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2
This was just posted on the Postfix list. Centos 7 ships with: postfix-2.10.1-6.el7 Has this cert advisory been applied to the Centos build of Postfix? thank you Forwarded Message Subject:Obsolete NSA exploit for Postfix 2.0 - 2.2 Date: Sun, 9 Apr 2017 16:18:06 -0400 (EDT) From: Wietse VenemaTo: Postfix users CC: Postfix announce A recent twitter post reveals the existence of an exploit for Postfix, in a collection of what appear to be NSA tools. https://twitter.com/JulianAssange/status/850870683831648256 This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed 11 years ago in Postfix 2.2.11 and later. There was a memory corruption bug in a Postfix workaround for a Sendmail bug (CERT advisory CA-2003-07, remote buffer overflow when message headers contain lots of comment text before an email address). Technical details: the Postfix strip_address() function, which removes large comments from a mail header, called the printable() function on a string that wasn't null-terminated. This caused the printable() function to scribble past the end of malloc()ed memory, corrupting the memory heap. Running the exploit against Postfix versions less than 11 years old results in odd-looking email messages in the super-user's mailbox, and warning messages in the maillog file (warning: stripping too many comments from address: ). Wietse ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
On 04/09/2017 04:30 AM, J Martin Rushton wrote: On 09/04/17 05:39, Anthony K wrote: According to "Arthur Schopenhauer": "All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident." All ideas, true or false, follow those stages, but one hopes that the false ones are eventually derided and toppled. I must admit that I skipped through the first and second stages - I never found creating init scripts a joy and instead opted to write my own scripts that I launched via inittab. As such, I welcomed the simplicity systemd's service files without fuss. So, at which stage are you in w/ regards to adopting systemd? Are you still ridiculing it, violently opposed to it, or have you mellowed to it? Accepting it as a fait accompli. It makes life much harder for no obvious gain, but short of creating one's own distro we seem to be stuck with it. To answer your question, a combination of proposition 1 and the first part of proposition 3. For those of us with (in my case) over 30 years in the industry, reading init scripts is trivial and at least we can see what is going on and fix problems quickly. Some vague, poorly documented, data file which is interpreted by a black box is the sort of joy one expects from the murkier regions of Redmond not the sunnier climes of Carolina. I agree. I never had a problem with init scripts. Anyone who understood bash/sh could fairly easily come to grips with init scripts. I have no idea where to look for whatever starts up services with systemd. What language is systemd written in...? no idea. Yes, I tried reading docs, but they're so vague and inscrutable that I gave up. E.g., what is a "unit"? Could they have picked a word more vague? What does "unit" tell us which "thing" doesn't? Basically, a service is either running or stopped... so what is "static"? "Static" means the opposite of "moving" or "dynamic". How does "static" describe a service? In short, although computer geeks generally aren't known for being good at documentation, in the commercial world at any rate. But this is GNU/Linux. We rely on online documentation and the open source community to figure out problems and make improvements. Lacking sensible documentation, it's hard to figure out problems. If problems can't be figured out, we're faced with problematic systems. And who's going to tolerate that for long? How is that an improvement over Redmondware? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
On Sun, Apr 9, 2017 at 2:20 AM, John R Piercewrote: > On 4/8/2017 9:39 PM, Anthony K wrote: > >> >> So, at which stage are you in w/ regards to adopting systemd? Are you >> still ridiculing it, violently opposed to it, or have you mellowed to it? >> > > I wish the documentation was a bit better. systemd and networkmanager > definitely change the rules... I had a minimal C7 VM where I had a heck of > a time getting it to use the right DNS servers, only way I got it set up > was to use nmtui, my attempts at using nmcli were an exercise in > frustration.maybe this is more of a networkmanager problem more than > systemd, but they are both tied together in my mind. > Yes, lack of documentation is a big bug-a-boo in my mind also. However, I do think working with systemd is a bit like working with udev hooks. My first experience with systemd was probably back in late 2011. In any case, the RH documentation on it may be beneficial at this point: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html or maybe take a look at the Fedora projects info: https://www.freedesktop.org/wiki/Software/systemd/ > > -- > john r pierce, recycling bits in santa cruz > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- -- MzK "Every time you hear a bell ring, it means that some angel's just got his wings." -- Clarence, "It's a Wonderful Life" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logwatch customization question
On 04/09/2017 09:42 AM, Richard wrote: Date: Sunday, April 09, 2017 08:36:17 -0400 From: Robert MoskowitzLogwatch is installed, and I am assuming by how empty /etc/logwatch is that it is running from defaults, which I find in /usr/share/logwatch/default.conf/services I want to customize ONE service. dovecot. Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf to /etc/logwatch/conf/services and edit it there, or do I have to copy ALL default.conf/services/* there and modify /etc/logwatch/conf/logwatch.conf to look there? The README is rather not helpful on this. How do I modify ONE service (and not just make the changes in default.conf that I have seen in a couple howtos. I think that the HOWTO, referenced in the logwatch man page, has a fairly complete explanation of approaches to customization. centos-6/logwatch-7.3.6 MORE INFORMATION The directory /usr/share/doc/logwatch-* contains several files with additional documentation: HOWTO-Customize-LogWatch Documents the directory structure of Logwatch configuration and executable files, and describes how to customize Logwatch by overriding these default files. thanks. I think I got it from the sendmail example. " For example, if file /etc/logwatch/conf/services/sendmail.conf has the single entry: $sendmail_unknownusersthreshold = 5 then the threshold for unknown users is set to five instead of the default of one. All other parameters are not modified. " thus: cat > /etc/logwatch/conf/services/dovecot.conf # Override the default Detail level. This will only affect dovecot's report. $dovecot_detail = 10 I will see how it goes after tonight! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logwatch customization question
> Date: Sunday, April 09, 2017 08:36:17 -0400 > From: Robert Moskowitz> > Logwatch is installed, and I am assuming by how empty /etc/logwatch > is that it is running from defaults, which I find in > /usr/share/logwatch/default.conf/services > > I want to customize ONE service. dovecot. > > Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf > > to > > /etc/logwatch/conf/services > > and edit it there, > > or do I have to copy ALL default.conf/services/* there and modify > /etc/logwatch/conf/logwatch.conf to look there? > > The README is rather not helpful on this. > > How do I modify ONE service (and not just make the changes in > default.conf that I have seen in a couple howtos. > I think that the HOWTO, referenced in the logwatch man page, has a fairly complete explanation of approaches to customization. centos-6/logwatch-7.3.6 MORE INFORMATION The directory /usr/share/doc/logwatch-* contains several files with additional documentation: HOWTO-Customize-LogWatch Documents the directory structure of Logwatch configuration and executable files, and describes how to customize Logwatch by overriding these default files. centos-7/logwatch-7.4.0 In addition to the HOWTO, as in -6, there's also a logwatch.conf man page, which includes: override.conf - ( /etc/logwatch/conf/override.conf ) contains the settings which overrides the standard configuration of specific log files or services. The syntax is the same as in log/service files. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] logwatch customization question
Logwatch is installed, and I am assuming by how empty /etc/logwatch is that it is running from defaults, which I find in /usr/share/logwatch/default.conf/services I want to customize ONE service. dovecot. Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf to /etc/logwatch/conf/services and edit it there, or do I have to copy ALL default.conf/services/* there and modify /etc/logwatch/conf/logwatch.conf to look there? The README is rather not helpful on this. How do I modify ONE service (and not just make the changes in default.conf that I have seen in a couple howtos. thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
On 4/8/2017 9:39 PM, Anthony K wrote: So, at which stage are you in w/ regards to adopting systemd? Are you still ridiculing it, violently opposed to it, or have you mellowed to it? I wish the documentation was a bit better. systemd and networkmanager definitely change the rules... I had a minimal C7 VM where I had a heck of a time getting it to use the right DNS servers, only way I got it set up was to use nmtui, my attempts at using nmcli were an exercise in frustration.maybe this is more of a networkmanager problem more than systemd, but they are both tied together in my mind. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network configuration: desktop vs. laptop
Le 09/04/2017 à 10:29, Nux! a écrit : > On CentOS it's normal for both wireless and wired to be connected at > the same time, maybe what you are seeing is just the icon's being > confusing or not being replaced with the right thing? > > This is easy to check, just issue an "ip route". On My system I can > see something like this: > > default via 192.168.0.1 dev eth0 proto static 192.168.0.0/24 dev > eth0 proto kernel scope link src 192.168.0.16 metric 1 > 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.13 > metric 2 > > Routing will prefer eth0 (wired), with the smaller metric, giving you > the better performance. > > I found this quite handy a couple of times, say you remove the laptop > from the desk and go in the garden or something, you won't lose your > connections. Thanks, Lucian. I just found the culprit, though. Apparently the ifcfg- files (except ifcfg-lo) were interfering with NetworkManager, so I just deleted them, and now everything runs perfectly. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
I'm ok with it as a init system, not much enthused by its ancillary components. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Anthony K"> To: "CentOS mailing list" > Sent: Sunday, 9 April, 2017 05:39:59 > Subject: [CentOS] OT: systemd Poll > According to "Arthur Schopenhauer": > > "All truth passes through three stages. > First, it is ridiculed. > Second, it is violently opposed. > Third, it is accepted as being self-evident." > > I must admit that I skipped through the first and second stages - I > never found creating init scripts a joy and instead opted to write my > own scripts that I launched via inittab. As such, I welcomed the > simplicity systemd's service files without fuss. > > So, at which stage are you in w/ regards to adopting systemd? Are you > still ridiculing it, violently opposed to it, or have you mellowed to it? > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: systemd Poll
On 09/04/17 05:39, Anthony K wrote: > According to "Arthur Schopenhauer": > > "All truth passes through three stages. > First, it is ridiculed. > Second, it is violently opposed. > Third, it is accepted as being self-evident." All ideas, true or false, follow those stages, but one hopes that the false ones are eventually derided and toppled. > I must admit that I skipped through the first and second stages - I > never found creating init scripts a joy and instead opted to write my > own scripts that I launched via inittab. As such, I welcomed the > simplicity systemd's service files without fuss. > > So, at which stage are you in w/ regards to adopting systemd? Are you > still ridiculing it, violently opposed to it, or have you mellowed to it? > Accepting it as a fait accompli. It makes life much harder for no obvious gain, but short of creating one's own distro we seem to be stuck with it. To answer your question, a combination of proposition 1 and the first part of proposition 3. For those of us with (in my case) over 30 years in the industry, reading init scripts is trivial and at least we can see what is going on and fix problems quickly. Some vague, poorly documented, data file which is interpreted by a black box is the sort of joy one expects from the murkier regions of Redmond not the sunnier climes of Carolina. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network configuration: desktop vs. laptop
Hi Niki, On CentOS it's normal for both wireless and wired to be connected at the same time, maybe what you are seeing is just the icon's being confusing or not being replaced with the right thing? This is easy to check, just issue an "ip route". On My system I can see something like this: default via 192.168.0.1 dev eth0 proto static 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.16 metric 1 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.13 metric 2 Routing will prefer eth0 (wired), with the smaller metric, giving you the better performance. I found this quite handy a couple of times, say you remove the laptop from the desk and go in the garden or something, you won't lose your connections. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "info"> To: "CentOS mailing list" > Sent: Saturday, 8 April, 2017 21:57:18 > Subject: [CentOS] Network configuration: desktop vs. laptop > Hi, > > I'm just migrating some stuff from Slackware Linux to CentOS, and I have > a question about the orthodox way of configuring a network connection. > > On a desktop or workstation, I usually get rid of NetworkManager: > > # systemctl stop NetworkManager > # yum remove NetworkManager > > Then I edit the /etc/sysconfig/network-scripts/ifcfg-X file > corresponding to my network interface. Here's a working example: > > # /etc/sysconfig/network-scripts/ifcfg-enp2s0 > DEVICE=enp2s0 > TYPE=Ethernet > ONBOOT=yes > BOOTPROTO=dhcp > > Now I wonder how I should configure things on a laptop, where I usually > keep NetworkManager. On a Slackware system, it's usually just a matter > of leaving a pristine /etc/rc.d/rc.inet1.conf file, and then activate > /etc/rc.d/rc.networkmanager. Starting from there, when there's a > wireless connection available, I can connect using the little > NetworkManager applet on the desktop. And when I switch to cable, > NetworkManager will prefer that connection automagically. > > On a default installation (I went for the KDE version), NetworkManager > is active, so I'll keep that. 'ifconfig' shows me that the cabled > connection is up and running via enp3s0 on the laptop. Wireless doesn't > seem to work, but 'ifconfig -a' shows me a wlp2s0 interface, which means > there's a chance it will work. > > First thing I did was edit ifcfg-enp3s0 like this: > > DEVICE="enp3s0" > TYPE="Ethernet" > NM_CONTROLLED="yes" > > Then I edited ifcfg-wlp2s0 from scratch, since there's nothing present: > > DEVICE="wlp2s0" > TYPE="Wireless" > NM_CONTROLLED="yes" > > I rebooted (just to be on the safe side), and I have a partial success. > I can connect via KDE's NetworkManager applet. But when I plug in an > Ethernet cable, the wireless connection stays up and is not replaced by > the cabled connection. > > Any suggestions? > > Niki Kovacs > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Web : http://www.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos