Re: [CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread Fred Smith 
On Thu, Nov 14, 2019 at 04:09:36PM +0100, Ralf Prengel wrote:
> Hallo,
> 
> We are using centos 7 and samba in combination with Win10 1903.
> The problem:
> Some systems are able to map a share and some can t.
> Any ideas and hints?

Yes. Verify that selinux is not blocking the incoming connection from
windows. I've had that problem in the past and it's a pain.

For testing purposes only, on the linux system(s) that reject windows
SMB connection attempts, issue "setenforce 0" and see if it then works.

If it does then work, reset that setting to "setenforce 1" (you don't want
to leave selinux disabled) then look in /var/logs to see if you can find
a log of the failure. If you can find the selinux record for the failure
it should tell you how to apply a work-around for that specific issue,
so you do not need to totally disable selinux.

this page may prove helpful: 
https://www.serverlab.ca/tutorials/linux/administration-linux/troubleshooting-selinux-centos-red-hat/

Good luck!

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
 God made him who had no sin
  to be sin for us, so that in him
 we might become the righteousness of God."
--- Corinthians 5:21 -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-announce] CESA-2019:3878 Important CentOS 6 kernel Security Update

2019-11-14 Thread Johnny Hughes 


CentOS Errata and Security Advisory 2019:3878 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2019:3878

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
74e382987c88e8129c67e241213f60b77d8ef651bffade866c37f68ad12ffd46  
kernel-2.6.32-754.24.3.el6.i686.rpm
1632e36a238aa63d379af94ddb6263361298ff79a3023447cd22779f314915e7  
kernel-abi-whitelists-2.6.32-754.24.3.el6.noarch.rpm
4761e34361832785e82abb0ecbb7eb7b16fa082e873ade80dd99644eb12e7319  
kernel-debug-2.6.32-754.24.3.el6.i686.rpm
52eec2db126d0783ed1dbff26eabbcf4d9ebde751672fda3660fc2b5ea2c279e  
kernel-debug-devel-2.6.32-754.24.3.el6.i686.rpm
03f5b1f0741eba1c8018114f6a16cf6d686ee6247ba09c167431a6cb883f87a1  
kernel-devel-2.6.32-754.24.3.el6.i686.rpm
6a3fcfd8a7de433e57095c3bcc820d7227fde746c471efdb6efc5e63573fa53c  
kernel-doc-2.6.32-754.24.3.el6.noarch.rpm
90e5047bb0e95a9e86e3eeabb0de86e1e851de9d201aeb1d24fc094756c2f815  
kernel-firmware-2.6.32-754.24.3.el6.noarch.rpm
a2525e2f97df0466359483a86eb66890c5739bc3c78d989ef0ef22c7ef8f01b9  
kernel-headers-2.6.32-754.24.3.el6.i686.rpm
09c194b7f12d840ff96cd391d0cdec9c4cd19073293a895e84daf5526fb7c222  
perf-2.6.32-754.24.3.el6.i686.rpm
6c07228762e532fb6dc211854e7f860066032fac1ae543592ffc2a996e5417c0  
python-perf-2.6.32-754.24.3.el6.i686.rpm

x86_64:
830236afd11151e20473632958d521f9e67cd1ea47cc6011b33b8ce007a28d4b  
kernel-2.6.32-754.24.3.el6.x86_64.rpm
1632e36a238aa63d379af94ddb6263361298ff79a3023447cd22779f314915e7  
kernel-abi-whitelists-2.6.32-754.24.3.el6.noarch.rpm
fa8109821996aa378bed50a418c8da91face33eb32490ce6700a307f6e915671  
kernel-debug-2.6.32-754.24.3.el6.x86_64.rpm
52eec2db126d0783ed1dbff26eabbcf4d9ebde751672fda3660fc2b5ea2c279e  
kernel-debug-devel-2.6.32-754.24.3.el6.i686.rpm
84059678373e5910d689b9aee558ab9e94141f95366f6ecef8335f1768caba82  
kernel-debug-devel-2.6.32-754.24.3.el6.x86_64.rpm
794e2d138af774f85212508aac7e3957ce4afe9646603b5d367352adfed591d4  
kernel-devel-2.6.32-754.24.3.el6.x86_64.rpm
6a3fcfd8a7de433e57095c3bcc820d7227fde746c471efdb6efc5e63573fa53c  
kernel-doc-2.6.32-754.24.3.el6.noarch.rpm
90e5047bb0e95a9e86e3eeabb0de86e1e851de9d201aeb1d24fc094756c2f815  
kernel-firmware-2.6.32-754.24.3.el6.noarch.rpm
fbef28c9c1fc63c194d6e88f9d750de1f6627926415cd4101181bd98424a57a6  
kernel-headers-2.6.32-754.24.3.el6.x86_64.rpm
cfadce47bb963fe51366b9602ca15d969edffde08c194941cfb47f7359d89ee2  
perf-2.6.32-754.24.3.el6.x86_64.rpm
037e1912b41a3a6260d01c77b4d83d66807c3897f7ab0269eabb1d28cc50d6e3  
python-perf-2.6.32-754.24.3.el6.x86_64.rpm

Source:
2196dc7c22e7b95ad1481d8d24ff7f61df6990303b1e6a6cbe13b84f62b9b452  
kernel-2.6.32-754.24.3.el6.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2019:3872 Important CentOS 7 kernel Security Update

2019-11-14 Thread Johnny Hughes 


CentOS Errata and Security Advisory 2019:3872 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2019:3872

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
0dd106b71b5e9b4f794ed7d572d48c1c60cf26607c02e0088925da35804a9346  
bpftool-3.10.0-1062.4.3.el7.x86_64.rpm
6b4179029161d853db5bfbf8665f796a2dfbd53d39baaf95f855fc6be700d242  
kernel-3.10.0-1062.4.3.el7.x86_64.rpm
5e4f94a348ac1d88729f140a920df5e034b915e9c9d0c70638a3560418c268bf  
kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm
7f055f9fd7169cf3822ce2115d2b75c8e0aaf35f285cba0d6a8015e597e01108  
kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm
b2f78c36c4413e06a9131f91759175335ad66abc894b842850c01bcfe7812a4f  
kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm
81c9220caacf8051fc23737be40088af2927ec5df67c791557a505bcf705d7d3  
kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm
927088c887b88a4f89269e08b3e584501172807d17ddca35c87069960360bea7  
kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm
c906be5d39f8d72dade2760124c1cba294100bc8408f16c8a16b8de0aa05a579  
kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm
6e12cbd04a2c8a297aef260ba461e0b18cb3759a00f88ff30150dee807fdbcff  
kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm
492d5f8c8b908b2e17fbfdb4a37de4dd633a0d90f7e24db644982ae904ddc11d  
kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm
7b2cdcaf30855571d3a5fd6befda6b24cdfb82d3eeeb6bbd8337424b5cd7dd4a  
kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm
e068b8ee1be604e322393bb22ac21d02c854ccac25614aca6a75949f9ff7bd68  
perf-3.10.0-1062.4.3.el7.x86_64.rpm
13bd3a04da28e34516c871d505eda3baf1eb7a1a73a79657708482dbed9290f2  
python-perf-3.10.0-1062.4.3.el7.x86_64.rpm

Source:
cc13667d043ffb89b07003a4b92e1a4d09682d6b2e79c599825f58ce2f23ca86  
kernel-3.10.0-1062.4.3.el7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2019:3834 Important CentOS 7 kernel Security Update

2019-11-14 Thread Johnny Hughes 


CentOS Errata and Security Advisory 2019:3834 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2019:3834

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
10d30db40cd2cedd8bb0b01566dbe4176d51947e863f96f665fdf6118eb8  
bpftool-3.10.0-1062.4.2.el7.x86_64.rpm
00376efddaa740551db62578da3993b114d97b50d0caf6b196871549edc8eef4  
kernel-3.10.0-1062.4.2.el7.x86_64.rpm
bcbb823c93a43bd9bad3ba5ec69be62e6256db5826763ad10792f46c94156b85  
kernel-abi-whitelists-3.10.0-1062.4.2.el7.noarch.rpm
d5f43dae95c8a3884636686e1cdc5d0ea47d1c733cc9f5af5513d1fe413e5463  
kernel-debug-3.10.0-1062.4.2.el7.x86_64.rpm
9132dc11ed190261e7c3b56b3086207eef80c54869a6e3fcb0a26abf42240d15  
kernel-debug-devel-3.10.0-1062.4.2.el7.x86_64.rpm
3b933c975fa3c0c930b57af1e4794195c1e0b18e92eeadf72acfb188ddc46365  
kernel-devel-3.10.0-1062.4.2.el7.x86_64.rpm
f6f4054556d9e4bdb75daea65960103f62cd5e08a0099ea38a19cbc58a332fbb  
kernel-doc-3.10.0-1062.4.2.el7.noarch.rpm
387b670d0e17f42557ef8c61db8bdbb6e6177134872f00226d9892b7dea0e958  
kernel-headers-3.10.0-1062.4.2.el7.x86_64.rpm
5834b0d596dc84597c7223252cf97d8a7daca206d8a8cb8ef96a2737d12b385e  
kernel-tools-3.10.0-1062.4.2.el7.x86_64.rpm
3ee52d0a17b875ea1c458820af4ac75f15970e2f7a3474896d0e4117e091af5a  
kernel-tools-libs-3.10.0-1062.4.2.el7.x86_64.rpm
12dc9eb434edd88a36465c5eaef885964be5e6cd31248f1f19894cf24bd8604c  
kernel-tools-libs-devel-3.10.0-1062.4.2.el7.x86_64.rpm
0bf73bba89fd9d747f551b72cf5319db9bb880bff811966838667dc391d6dfe1  
perf-3.10.0-1062.4.2.el7.x86_64.rpm
550b7ce55dafe398a8b09160a413f3274f8a3518c12e741d7983f37b53e5740e  
python-perf-3.10.0-1062.4.2.el7.x86_64.rpm

Source:
d92ca6f95e26fdf1cd61277bb6ea633cf2378be309d5a0e0b61abc2a4ae713f6  
kernel-3.10.0-1062.4.2.el7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2019:3846 CentOS 7 microcode_ctl Enhancement Update

2019-11-14 Thread Johnny Hughes 


CentOS Errata and Enhancement Advisory 2019:3846 

Upstream details at : https://access.redhat.com/errata/RHEA-2019:3846

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
fd283c8c831e3034656b6d36578d5f029c846e093d8813c01b7abef8a797716b  
microcode_ctl-2.1-53.3.el7_7.x86_64.rpm

Source:
95ebb6cb3e95c4b709d81711632e7d1aee32ee739208ce597d0325c5ee7d53b2  
microcode_ctl-2.1-53.3.el7_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Phil Perry 

On 14/11/2019 16:57, Valeri Galtsev wrote:



On 2019-11-14 10:01, Christopher Wensink wrote:

I have not, I'll look into that one, thanks!

On 11/14/2019 9:48 AM, SternData wrote:

Do you run rkhunter?

On 11/14/19 9:40 AM, Christopher Wensink wrote:

How do you know when a Linux system has been compromised?


I'm sure you have followed the procedure how to install system and 
services so everything is secure.


If, in a longer run no matter that you have system set up and configured 
securely and keep updating, if still the system gets compromised, then 
you need:


1. compromise warming
2. forensic investigation
3. recovery from compromise.

I figure your is about 1. You probably will not get detailed description 
of actual setup people on this list have. Information about what the 
defense is is the first step in every attack. The best you may get are 
the advises of what to look for.


One of the things you can set up is [host based, maybe] system integrity 
checking system (or intrusion detection system). That only makes sense 
on freshly installed system in known good state. There were a variety of 
these: tripwire (which went commercial), eics, ... If you search for 
linux intrusion detection system you should find what you need.


I hope, this helps.

Valeri



I would add Trusted Path Execution (TPE) to any sysdamin's toolbox who 
cares about security. It's easy to install from elrepo.org (kmod-tpe). I 
wrote an overview (below) so won't repeat myself here, but I would 
strongly encourage people to try it out:


http://lists.elrepo.org/pipermail/elrepo/2017-June/003620.html

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Leroy Tennison 
 Thanks - I'll keep that in mind...

From: CentOS  on behalf of Chris Adams 

Sent: Thursday, November 14, 2019 10:57 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] how to know when a system is compromised

Once upon a time, Leroy Tennison  said:
>  The executable could be placed on mounted read-only media

That's not as secure as you think.  Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.

--
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread tbuchanan 
-"CentOS"  wrote: -

>To: centos@centos.org
>From: "Jonathan Billings"
>Sent by: "CentOS"
>Date: 11/14/2019 01:30PM
>Subject: Re: [CentOS] Centos 7 + samba / some win 10 systems can
>mount and some not
>
>On Thu, Nov 14, 2019 at 05:20:24PM +0100, Ralf Prengel wrote:
>> Firewalls are down and the share is configured for access without
>login.
>> Works fine with Win7 and some Win10 systems.
>> I m afraid that there is a mix of versions and patches active in
>the Win10
>> installations.
>> I need a solution that works without any changes on the Win10
>sytstems.
>
>Are you sure you have SMBv1 turned off?
>
>--
>Jonathan Billings 
>___
>CentOS mailing list
>CentOS@centos.org
>https://lists.centos.org/mailman/listinfo/centos
>


Could it be this?

In Windows 10, version 1709, Windows 10, version 1903, Windows Server, version 
1709, Windows Server, version 1903, and later versions of Windows, the SMB2 
client no longer allows the following actions:

Guest account access to a remote server
Fallback to the Guest account after invalid credentials are provided
https://support.microsoft.com/en-us/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser
https://www.claudiokuenzler.com/blog/879/windows-10-server-2016-access-samba-share-guest-account-analysis-workaround-event-31017
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread Jonathan Billings 
On Thu, Nov 14, 2019 at 05:20:24PM +0100, Ralf Prengel wrote:
> Firewalls are down and the share is configured for access without login.
> Works fine with Win7 and some Win10 systems.
> I m afraid that there is a mix of versions and patches active in the Win10
> installations.
> I need a solution that works without any changes on the Win10 sytstems.

Are you sure you have SMBv1 turned off?

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] About license at redistribution

2019-11-14 Thread sensor make 
Hi,
Your reply gave me a clue to understand about the license. thanks very much.

If I finally succeeded in developing and profiting, I'm going to donate
some of that profit, for this great project.

Best Regards


2019年11月14日(木) 18:39 Lange, Markus :

> Hi,
>
> at first I'm not part of the CentOS Project nor I'm a lawyer.
>
> But may I can answer your questions.
> According to the CentOS About page "CentOS Linux is no-cost and free to
> redistribute." [1]. So as you are planning to redistribute it should be
> fine to do. While redistributing you also need to consider the legal
> section [2]. However as you are planning a business you should involve
> a lawyer to make it clear to you in your special legal situation!
>
> To your second question: Yes you definitely should do that, as you make
> profit from the great work the maintainers do and can't make profit if
> they discontinue doing this great work. But no one can force you to,
> it's up to you to take what the community provides without giving
> anything back.
>
> Best Regards
> Markus
>
>
> [1] https://www.centos.org/about/
> [2] https://www.centos.org/legal/
>
> On Thu, 2019-11-14 at 18:08 +0900, sensor make wrote:
> >  Hello.
> >
> > I'd like to ask about license issue.
> > Now I'm planning to make and sell some measurement system controlled
> > by PC.
> > There is no technical issue but I don't have enough information about
> > license.
> >
> > I will do the following,
> >
> >  1) Install CentOS and my applications on the PC.
> >  2) Sell the PC as a measurement device.
> >  3) Distribute DVD made from CentOS iso image file to the user if
> > he/she
> > needs.
> >
> >  Question 1.
> >  Is there no problem from the view point of CentOS license ?
> >
> >  Question 2.
> >  Should I donate to CentOS community ?
> >
> >
> > Best Regards.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Chris Adams 
Once upon a time, Leroy Tennison  said:
>  The executable could be placed on mounted read-only media

That's not as secure as you think.  Linux bind mounts can mount a file
over another file (plus there's overlay filesystems), so it's possible
to replace a binary even on a read-only device.

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Valeri Galtsev 




On 2019-11-14 10:01, Christopher Wensink wrote:

I have not, I'll look into that one, thanks!

On 11/14/2019 9:48 AM, SternData wrote:

Do you run rkhunter?

On 11/14/19 9:40 AM, Christopher Wensink wrote:

How do you know when a Linux system has been compromised?


I'm sure you have followed the procedure how to install system and 
services so everything is secure.


If, in a longer run no matter that you have system set up and configured 
securely and keep updating, if still the system gets compromised, then 
you need:


1. compromise warming
2. forensic investigation
3. recovery from compromise.

I figure your is about 1. You probably will not get detailed description 
of actual setup people on this list have. Information about what the 
defense is is the first step in every attack. The best you may get are 
the advises of what to look for.


One of the things you can set up is [host based, maybe] system integrity 
checking system (or intrusion detection system). That only makes sense 
on freshly installed system in known good state. There were a variety of 
these: tripwire (which went commercial), eics, ... If you search for 
linux intrusion detection system you should find what you need.


I hope, this helps.

Valeri



Every day I watch our systems with all the typical tools, ps, top, who,
I watch firewall / IPS logs, I have logwatch setup and mailing daily
summaries to me and I dive deeper into logs if something looks suspicious.

What am I missing or not looking at that you security gurus are looking at?

I subscribe to the centos and SANS newsletters, and I try to keep
current on all technology with credible sources of articles online and
with the Lynda library.

What other sources of information do you use to stay current about the
latest threats and technology updates?

I appreciate the feedback.

Chris



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



--

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] how to know when a system is compromised

2019-11-14 Thread Leroy Tennison 
This is one where there's probably no limit to what you could do.  We have a 
high-security environment and are using Aide and OSSEC.

Aide has been good at reporting file system changes and is very granular, the 
dilemma is what to monitor and what to ignore (keep from being inundated with 
reports of innocuous changes at the risk of missing something).  However, it is 
not daemon-based so changes between runs which are undone go unnoticed.  Also, 
somehow you need to protect the executable and configuration file so that an 
attacker can't replace the executable or read the configuration and find a way 
around it.  The executable could be placed on mounted read-only media, last 
time I checked Netac and Kanguru still made USB sticks with write-protect 
switches.  Our best effort for protecting configuration is to deliver the 
configuration file just-in-time and delete it after the scheduled run, not a 
great solution, anybody have a better idea?

OSSEC is daemon-based and centrally-managed.  It is a HIDS rather than just a 
FIMS as Aide is.  Its log monitoring has surfaced operational issues in 
addition to security ones (Postfix got in an odd state and had to be restarted 
for example).  Unfortunately, false positives are common, especially if you use 
the "detect new files" feature.  They admit that dealing with software updates 
is problematic.

I've used auditd to trace down what ended up being a funny situation, Aide 
detected that /etc/hosts.deny would change timestamp but nothing else, turns 
out OSSEC has an active response feature to block attacks which involves 
updating that file to block a host for 10 minutes.

You could also look into inotify options and Samhain is another HIDS (I'd love 
to hear about anyone's experience with it).  A free variant of tripwire may 
still exist but is probably unsupported and Aide is a clone of it.

I noticed that rootkit detection has also been mentioned in another reply.

From: CentOS  on behalf of Christopher Wensink 

Sent: Thursday, November 14, 2019 9:40 AM
To: CentOS mailing list 
Subject: [EXTERNAL] [CentOS] how to know when a system is compromised

How do you know when a Linux system has been compromised?

Every day I watch our systems with all the typical tools, ps, top, who,
I watch firewall / IPS logs, I have logwatch setup and mailing daily
summaries to me and I dive deeper into logs if something looks suspicious.

What am I missing or not looking at that you security gurus are looking at?

I subscribe to the centos and SANS newsletters, and I try to keep
current on all technology with credible sources of articles online and
with the Lynda library.

What other sources of information do you use to stay current about the
latest threats and technology updates?

I appreciate the feedback.

Chris



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 68 jnlp files

2019-11-14 Thread James Pearson 

isdtor wrote:


It seems that firefox 68.x, as distributed with CentOS6 updates, no longer 
allows opening jnlp files with javaws

The "Choose Helper Application" window popping up after selecting "Open 
with/Other" has a predefined list of applications that cannot be customised.

I'm sure it must be a configuration issue as this works fine with the same 
browser on other distributions, but what to look for?

# alternatives --display javaws
javaws - status is auto.
  link currently points to /usr/java/latest/jre/bin/javaws
/usr/java/latest/jre/bin/javaws - priority 20
Current `best' version is /usr/java/latest/jre/bin/javaws.
# ll -L /etc/alternatives/javaws
-rwxr-xr-x 1 root root 140296 Dec 15  2018 /etc/alternatives/javaws
#


Don't know about CentOS6, but with CentOS7, the selection of apps that 
you can use appear to map to '.desktop' files?


If it is the same on CentOS6, then you might be able to set up a 
suitable .desktop file (e.g. in /usr/share/applications/ or similar) to 
do what you want ...


No idea if this is of any help

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread Ralf Prengel 




Am 14.11.2019 um 16:23 schrieb Christopher Wensink:

We have the same setup and have had no problems with clients mapping shares.

Some simple tips:

double check spelling of all usernames and that passwords on the clients
match that of the samba shares

try setting up a user that can connect on their pc with a login on one
that cannot, see if the problem follows the user or the pc

Check firewall rules on the windows clients to make sure there isn't a
block set up.

Best of luck.



Hallo,
thanks for the hints.
Firewalls are down and the share is configured for access without login.
Works fine with Win7 and some Win10 systems.
I m afraid that there is a mix of versions and patches active in the 
Win10 installations.

I need a solution that works without any changes on the Win10 sytstems.

Ralf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread Christopher Wensink 
I have not, I'll look into that one, thanks!

On 11/14/2019 9:48 AM, SternData wrote:
> Do you run rkhunter?
>
> On 11/14/19 9:40 AM, Christopher Wensink wrote:
>> How do you know when a Linux system has been compromised? 
>>
>> Every day I watch our systems with all the typical tools, ps, top, who,
>> I watch firewall / IPS logs, I have logwatch setup and mailing daily
>> summaries to me and I dive deeper into logs if something looks suspicious.
>>
>> What am I missing or not looking at that you security gurus are looking at?
>>
>> I subscribe to the centos and SANS newsletters, and I try to keep
>> current on all technology with credible sources of articles online and
>> with the Lynda library.
>>
>> What other sources of information do you use to stay current about the
>> latest threats and technology updates?
>>
>> I appreciate the feedback.
>>
>> Chris
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to know when a system is compromised

2019-11-14 Thread SternData 
Do you run rkhunter?

On 11/14/19 9:40 AM, Christopher Wensink wrote:
> How do you know when a Linux system has been compromised? 
> 
> Every day I watch our systems with all the typical tools, ps, top, who,
> I watch firewall / IPS logs, I have logwatch setup and mailing daily
> summaries to me and I dive deeper into logs if something looks suspicious.
> 
> What am I missing or not looking at that you security gurus are looking at?
> 
> I subscribe to the centos and SANS newsletters, and I try to keep
> current on all technology with credible sources of articles online and
> with the Lynda library.
> 
> What other sources of information do you use to stay current about the
> latest threats and technology updates?
> 
> I appreciate the feedback.
> 
> Chris


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] how to know when a system is compromised

2019-11-14 Thread Christopher Wensink 
How do you know when a Linux system has been compromised? 

Every day I watch our systems with all the typical tools, ps, top, who,
I watch firewall / IPS logs, I have logwatch setup and mailing daily
summaries to me and I dive deeper into logs if something looks suspicious.

What am I missing or not looking at that you security gurus are looking at?

I subscribe to the centos and SANS newsletters, and I try to keep
current on all technology with credible sources of articles online and
with the Lynda library.

What other sources of information do you use to stay current about the
latest threats and technology updates?

I appreciate the feedback.

Chris



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread isdtor 
Ralf Prengel writes:
> Hallo,
> 
> We are using centos 7 and samba in combination with Win10 1903.
> The problem:
> Some systems are able to map a share and some can t.
> Any ideas and hints?

Make sure server and all clients are on the same page wrt smb protocol 
versions. Clients should have SMBv1 disabled. The server should enforce SMBv2 
minimum. What you describe sounds like the server uses v1 and some clients, 
i.e. the ones that can't map shares, require v2.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] unintall Kannel

2019-11-14 Thread Jonathan Billings 
On Wed, Nov 13, 2019 at 12:52:18AM +, Godwin Adade wrote:
> how do i uninstall the gateway completely?

Could you please give more detail in what you're asking?

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread Christopher Wensink 
We have the same setup and have had no problems with clients mapping shares.

Some simple tips:

double check spelling of all usernames and that passwords on the clients
match that of the samba shares

try setting up a user that can connect on their pc with a login on one
that cannot, see if the problem follows the user or the pc

Check firewall rules on the windows clients to make sure there isn't a
block set up.

Best of luck.

Chris

On 11/14/2019 9:09 AM, Ralf Prengel wrote:
> Hallo,
>
> We are using centos 7 and samba in combination with Win10 1903.
> The problem:
> Some systems are able to map a share and some can t.
> Any ideas and hints?
>
> Thanks
>
> Ralf
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 7 + samba / some win 10 systems can mount and some not

2019-11-14 Thread Ralf Prengel 

Hallo,

We are using centos 7 and samba in combination with Win10 1903.
The problem:
Some systems are able to map a share and some can t.
Any ideas and hints?

Thanks

Ralf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 68 jnlp files

2019-11-14 Thread isdtor 
Leroy Tennison writes:
> Not knowing what kind of server management you're looking for I can only make 
> general suggestions.  We found that the removal of Java support (actually 
> NSAPI in favor of the Pepper API which Oracle has stated they won't support) 
> left us with limited IPMI (iLO, DRAC, whatever) functionality.  And, looking 
> at https://en.wikipedia.org/wiki/Java_Web_Start, Oracle has stopped 
> supporting javaws.  In our case (SuperMicro) we found two things: their newer 
> hardware had switched to HTML5/iKVM which didn't require Java and SuperMicro 
> had supplied non-browser-based (but Java-based) programs which supplied 
> equivalent functionality for the legacy hardware.  My recommendation would be 
> to look into those alternatives.
> Java Web Start - Wikipedia
> In computing, Java Web Start (also known as JavaWS, javaws or JAWS) is a 
> framework developed by Sun Microsystems (now Oracle) that allows users to 
> start application software for the Java Platform directly from the Internet 
> using a web browser.Some key benefits of this technology include seamless 
> version updating for globally distributed applications and greater control of 
> memory allocation to ...
> en.wikipedia.org

This is about firefox. I was able to add custom helper applications on previous 
versions, or pick an executable from the filesystem tree to achieve this. This 
version of firefox doesn't allow that, it has a predefined list of helper apps 
taht cannot be updated. If it somehow generates that list from OS config files, 
I am wondering which those are.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 68 jnlp files

2019-11-14 Thread Leroy Tennison 
Not knowing what kind of server management you're looking for I can only make 
general suggestions.  We found that the removal of Java support (actually NSAPI 
in favor of the Pepper API which Oracle has stated they won't support) left us 
with limited IPMI (iLO, DRAC, whatever) functionality.  And, looking at 
https://en.wikipedia.org/wiki/Java_Web_Start, Oracle has stopped supporting 
javaws.  In our case (SuperMicro) we found two things: their newer hardware had 
switched to HTML5/iKVM which didn't require Java and SuperMicro had supplied 
non-browser-based (but Java-based) programs which supplied equivalent 
functionality for the legacy hardware.  My recommendation would be to look into 
those alternatives.
Java Web Start - Wikipedia
In computing, Java Web Start (also known as JavaWS, javaws or JAWS) is a 
framework developed by Sun Microsystems (now Oracle) that allows users to start 
application software for the Java Platform directly from the Internet using a 
web browser.Some key benefits of this technology include seamless version 
updating for globally distributed applications and greater control of memory 
allocation to ...
en.wikipedia.org




From: CentOS  on behalf of isdtor 
Sent: Thursday, November 14, 2019 8:17 AM
To: centos@centos.org 
Subject: [EXTERNAL] Re: [CentOS] Firefox 68 jnlp files

isdtor writes:
> It seems that firefox 68.x, as distributed with CentOS6 updates, no longer 
> allows opening jnlp files with javaws
>
> The "Choose Helper Application" window popping up after selecting "Open 
> with/Other" has a predefined list of applications that cannot be customised.
>
> I'm sure it must be a configuration issue as this works fine with the same 
> browser on other distributions, but what to look for?
>
> # alternatives --display javaws
> javaws - status is auto.
>  link currently points to /usr/java/latest/jre/bin/javaws
> /usr/java/latest/jre/bin/javaws - priority 20
> Current `best' version is /usr/java/latest/jre/bin/javaws.
> # ll -L /etc/alternatives/javaws
> -rwxr-xr-x 1 root root 140296 Dec 15  2018 /etc/alternatives/javaws
> #

No replies, really? Lack of this facility makes browser and platform unusable 
for server management.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com


This message has been sent on behalf of a company that is part of the Harris 
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify 
us.



This message is intended exclusively for the individual or entity to which it 
is addressed. This communication may contain information that is proprietary, 
privileged or confidential or otherwise legally exempt from disclosure. If you 
are not the named addressee, you are not authorized to read, print, retain, 
copy or disseminate this message or any part of it. If you have received this 
message in error, please notify the sender immediately by e-mail and delete all 
copies of the message.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 68 jnlp files

2019-11-14 Thread isdtor 
isdtor writes:
> It seems that firefox 68.x, as distributed with CentOS6 updates, no longer 
> allows opening jnlp files with javaws
> 
> The "Choose Helper Application" window popping up after selecting "Open 
> with/Other" has a predefined list of applications that cannot be customised.
> 
> I'm sure it must be a configuration issue as this works fine with the same 
> browser on other distributions, but what to look for?
> 
> # alternatives --display javaws  
> javaws - status is auto.
>  link currently points to /usr/java/latest/jre/bin/javaws
> /usr/java/latest/jre/bin/javaws - priority 20
> Current `best' version is /usr/java/latest/jre/bin/javaws.
> # ll -L /etc/alternatives/javaws
> -rwxr-xr-x 1 root root 140296 Dec 15  2018 /etc/alternatives/javaws
> # 

No replies, really? Lack of this facility makes browser and platform unusable 
for server management.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 177, Issue 3

2019-11-14 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEEA-2019:3847 CentOS 6 microcode_ctl Enhancement Update
  (Johnny Hughes)
   2. CEBA-2019:3855  CentOS 6 cluster BugFix Update (Johnny Hughes)
   3. CEBA-2019:3859  CentOS 6 adcli BugFix Update (Johnny Hughes)
   4. CESA-2019:3755 Important CentOS 6 sudo Security   Update
  (Johnny Hughes)
   5. CEBA-2019:3858  CentOS 6 samba BugFix Update (Johnny Hughes)
   6. CESA-2019:3836 Important CentOS 6 kernel Security Update
  (Johnny Hughes)
   7. CEBA-2019:3857  CentOS 6 sos BugFix Update (Johnny Hughes)
   8. CESA-2019:3756 Important CentOS 6 thunderbird Security Update
  (Johnny Hughes)


--

Message: 1
Date: Thu, 14 Nov 2019 01:16:44 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEEA-2019:3847 CentOS 6 microcode_ctl
Enhancement Update
Message-ID: <20191114011644.ga25...@bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Enhancement Advisory 2019:3847 

Upstream details at : https://access.redhat.com/errata/RHEA-2019:3847

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b5d190ce4935b47b5c4fbc414b31113a3b7d24ee0d1d1218b4c9de4f668a96db  
microcode_ctl-1.17-33.19.el6_10.i686.rpm

x86_64:
8c9172dfd84c363fa01cd43796a25a879f9abce568bb9de84d200b4f3c930cc8  
microcode_ctl-1.17-33.19.el6_10.x86_64.rpm

Source:
2907a7c6074f79bcb193913b611ed4a7b3dda9987e601682ba070fa5c83b4c51  
microcode_ctl-1.17-33.19.el6_10.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

Message: 2
Date: Thu, 14 Nov 2019 01:17:07 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2019:3855  CentOS 6 cluster BugFix
Update
Message-ID: <20191114011707.ga26...@bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2019:3855 

Upstream details at : https://access.redhat.com/errata/RHBA-2019:3855

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a84580725fadd504c74fc80df77ee92d1aee50d7a159b91813738d2100f5a8d2  
clusterlib-3.0.12.1-84.el6_10.1.i686.rpm
1f5d9dfae0c2f14936ed334103c6278e0742d9f5e9ebec212bf00a26b711be95  
clusterlib-devel-3.0.12.1-84.el6_10.1.i686.rpm
912390b35e11e993060c2b09f05fe6d57281d163403623a676eda2f5217cd70b  
cman-3.0.12.1-84.el6_10.1.i686.rpm
c34451e85ff2e477afea55f0478ff79d4ddc375c77f1dfae3ef1ef80214776d1  
gfs2-utils-3.0.12.1-84.el6_10.1.i686.rpm

x86_64:
a84580725fadd504c74fc80df77ee92d1aee50d7a159b91813738d2100f5a8d2  
clusterlib-3.0.12.1-84.el6_10.1.i686.rpm
e38ac08cc7be7ce516411b8f273ab7600829fc4749b9a3bf7fab68bc230bc8bf  
clusterlib-3.0.12.1-84.el6_10.1.x86_64.rpm
1f5d9dfae0c2f14936ed334103c6278e0742d9f5e9ebec212bf00a26b711be95  
clusterlib-devel-3.0.12.1-84.el6_10.1.i686.rpm
dd151045f89b889ce536c43a6e8fe54e384123c3ecccdd7868b00edeab087f83  
clusterlib-devel-3.0.12.1-84.el6_10.1.x86_64.rpm
5cdfe12c575dda21609013986adb3eea37871fc97536925ec7a9a3181af415d6  
cman-3.0.12.1-84.el6_10.1.x86_64.rpm
d2673dba1f6d8bd9bc6ee22c70e93c1e11e6d3498f1fa501daeab262dc765263  
gfs2-utils-3.0.12.1-84.el6_10.1.x86_64.rpm

Source:
80443dc911fa99b57b5690bc75cc8098a5692aae70eeb6e6b2eba1169ffb88fc  
cluster-3.0.12.1-84.el6_10.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

Message: 3
Date: Thu, 14 Nov 2019 01:17:17 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2019:3859  CentOS 6 adcli BugFix
Update
Message-ID: <20191114011717.ga26...@bstore1.rdu2.centos.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2019:3859 

Upstream details at : https://access.redhat.com/errata/RHBA-2019:3859

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
d733f4d93d9d24190d9e2a31cb408014de312651814d58bd1ecd072af7726fb7  
adcli-0.8.1-3.el6_10.i686.rpm

x86_64:
523b2744f8f6117fc7d8ffe06c98c757080114130470e40711b266cebe1f83f7  
adcli-0.8.1-3.el6_10.x86_64.rpm

Source:
dabbf8ea7c5793c0f9dc5597ce77f87678c7a9935c8af220a7afcfa74654c103

Re: [CentOS] About license at redistribution

2019-11-14 Thread Lange, Markus 
Hi,

at first I'm not part of the CentOS Project nor I'm a lawyer.

But may I can answer your questions.
According to the CentOS About page "CentOS Linux is no-cost and free to
redistribute." [1]. So as you are planning to redistribute it should be
fine to do. While redistributing you also need to consider the legal
section [2]. However as you are planning a business you should involve
a lawyer to make it clear to you in your special legal situation!

To your second question: Yes you definitely should do that, as you make
profit from the great work the maintainers do and can't make profit if
they discontinue doing this great work. But no one can force you to,
it's up to you to take what the community provides without giving
anything back.

Best Regards
Markus


[1] https://www.centos.org/about/
[2] https://www.centos.org/legal/

On Thu, 2019-11-14 at 18:08 +0900, sensor make wrote:
>  Hello.
> 
> I'd like to ask about license issue.
> Now I'm planning to make and sell some measurement system controlled
> by PC.
> There is no technical issue but I don't have enough information about
> license.
> 
> I will do the following,
> 
>  1) Install CentOS and my applications on the PC.
>  2) Sell the PC as a measurement device.
>  3) Distribute DVD made from CentOS iso image file to the user if
> he/she
> needs.
> 
>  Question 1.
>  Is there no problem from the view point of CentOS license ?
> 
>  Question 2.
>  Should I donate to CentOS community ?
> 
> 
> Best Regards.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] About license at redistribution

2019-11-14 Thread sensor make 
 Hello.

I'd like to ask about license issue.
Now I'm planning to make and sell some measurement system controlled by PC.
There is no technical issue but I don't have enough information about
license.

I will do the following,

 1) Install CentOS and my applications on the PC.
 2) Sell the PC as a measurement device.
 3) Distribute DVD made from CentOS iso image file to the user if he/she
needs.

 Question 1.
 Is there no problem from the view point of CentOS license ?

 Question 2.
 Should I donate to CentOS community ?


Best Regards.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos