Re: [CentOS] Table *** is marked as crashed and should be repaired
OK. It turns out to be not such a big deal. The MyISAM table is declared crashed if the number of open file handles doesn't match the counter in the header. MySQL 5.1 doesn't care and doesn't write these warnings to the logs but it still can be detected and fixed with mysqlcheck: # mysqlcheck --all-databases ... wordpress-test.wp_actionscheduler_claims warning : 3 clients are using or haven't closed the table properly status : OK ... wordpress-test.wp_options warning : 3 clients are using or haven't closed the table properly status : OK So run mysqlcheck --databases ... before moving the DBs to a new location or import the data from a mysql dump. пн, 30 нояб. 2020 г. в 15:28, Александр Кириллов : > Hi, > > I've started migrating my sites to mariadb which is supposed to be a > drop-in replacement of mysql. Both run on the same C6 box. DB folders were > moved to a new location after both DB servers were stopped and properly > upgraded. There were no reboots or power failures. Nevertheless I see these > error messages in the logs: > > # cat /var/opt/rh/rh-mariadb102/log/mariadb/mariadb.log > ... > 2020-11-29 16:38:23 139882501732320 [Note] > /opt/rh/rh-mariadb102/root/usr/libexec/mysqld: ready for connections. > Version: '10.2.22-MariaDB' socket: > '/var/opt/rh/rh-mariadb102/lib/mysql/mysql.sock' port: 3307 MariaDB Server > 2020-11-29 16:38:23 139882394105600 [Warning] Access denied for user > 'UNKNOWN_MYSQL_USER'@'localhost' (using password: NO) > 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_wc_customer_lookup' is marked as crashed > and should be repaired > 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table > 'wp_wc_customer_lookup' is marked as crashed and should be repaired > 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_wc_customer_lookup' is marked as crashed > and should be repaired > 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table > 'wp_wc_customer_lookup' is marked as crashed and should be repaired > 2020-11-29 16:39:37 139882394105600 [Warning] Checking table: > './wordpress@002dstorefront/wp_wc_customer_lookup' > ... > 2020-11-29 17:16:17 140059421116384 [Note] > /opt/rh/rh-mariadb102/root/usr/libexec/mysqld: ready for connections. > Version: '10.2.22-MariaDB' socket: > '/var/opt/rh/rh-mariadb102/lib/mysql/mysql.sock' port: 3307 MariaDB Server > 2020-11-29 17:16:18 140059356550912 [Warning] Access denied for user > 'UNKNOWN_MYSQL_USER'@'localhost' (using password: NO) > 2020-11-29 17:20:01 140059356550912 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_options' is marked as crashed and should > be repaired > 2020-11-29 17:20:01 140059356550912 [ERROR] mysqld: Table 'wp_options' is > marked as crashed and should be repaired > 2020-11-29 17:20:01 140059356550912 [Warning] Checking table: > './wordpress@002dstorefront/wp_options' > 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_posts' is marked as crashed and should be > repaired > 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table 'wp_posts' is > marked as crashed and should be repaired > 2020-11-29 17:20:02 140059356550912 [Warning] Checking table: > './wordpress@002dstorefront/wp_posts' > 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_actionscheduler_claims' is marked as > crashed and should be repaired > 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table > 'wp_actionscheduler_claims' is marked as crashed and should be repaired > 2020-11-29 17:20:02 140059356550912 [Warning] Checking table: > './wordpress@002dstorefront/wp_actionscheduler_claims' > 2020-11-29 17:22:28 140059356550912 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_usermeta' is marked as crashed and should > be repaired > 2020-11-29 17:22:28 140059356550912 [ERROR] mysqld: Table 'wp_usermeta' is > marked as crashed and should be repaired > 2020-11-29 17:22:28 140059356550912 [Warning] Checking table: > './wordpress@002dstorefront/wp_usermeta' > 2020-11-29 17:22:31 140059356550912 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_woocommerce_sessions' is marked as crashed > and should be repaired > 2020-11-29 17:22:31 140059356550912 [ERROR] mysqld: Table > 'wp_woocommerce_sessions' is marked as crashed and should be repaired > 2020-11-29 17:22:31 140059356247808 [ERROR] mysqld: Table > './wordpress@002dstorefront/wp_woocommerce_sessions' is marked as crashed > and should be repaired > 2020-11-29 17:22:31 140059356247808 [ERROR] mysqld: Table > 'wp_woocommerce_sessions' is marked as crashed and should be repaired > 2020-11-29 17:22:31 140059356550912 [Warning] Checking table: > './wordpress@002dstorefront/wp_woocommerc
[CentOS] Table *** is marked as crashed and should be repaired
Hi, I've started migrating my sites to mariadb which is supposed to be a drop-in replacement of mysql. Both run on the same C6 box. DB folders were moved to a new location after both DB servers were stopped and properly upgraded. There were no reboots or power failures. Nevertheless I see these error messages in the logs: # cat /var/opt/rh/rh-mariadb102/log/mariadb/mariadb.log ... 2020-11-29 16:38:23 139882501732320 [Note] /opt/rh/rh-mariadb102/root/usr/libexec/mysqld: ready for connections. Version: '10.2.22-MariaDB' socket: '/var/opt/rh/rh-mariadb102/lib/mysql/mysql.sock' port: 3307 MariaDB Server 2020-11-29 16:38:23 139882394105600 [Warning] Access denied for user 'UNKNOWN_MYSQL_USER'@'localhost' (using password: NO) 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_wc_customer_lookup' is marked as crashed and should be repaired 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table 'wp_wc_customer_lookup' is marked as crashed and should be repaired 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_wc_customer_lookup' is marked as crashed and should be repaired 2020-11-29 16:39:37 139882394105600 [ERROR] mysqld: Table 'wp_wc_customer_lookup' is marked as crashed and should be repaired 2020-11-29 16:39:37 139882394105600 [Warning] Checking table: './wordpress@002dstorefront/wp_wc_customer_lookup' ... 2020-11-29 17:16:17 140059421116384 [Note] /opt/rh/rh-mariadb102/root/usr/libexec/mysqld: ready for connections. Version: '10.2.22-MariaDB' socket: '/var/opt/rh/rh-mariadb102/lib/mysql/mysql.sock' port: 3307 MariaDB Server 2020-11-29 17:16:18 140059356550912 [Warning] Access denied for user 'UNKNOWN_MYSQL_USER'@'localhost' (using password: NO) 2020-11-29 17:20:01 140059356550912 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_options' is marked as crashed and should be repaired 2020-11-29 17:20:01 140059356550912 [ERROR] mysqld: Table 'wp_options' is marked as crashed and should be repaired 2020-11-29 17:20:01 140059356550912 [Warning] Checking table: './wordpress@002dstorefront/wp_options' 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_posts' is marked as crashed and should be repaired 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table 'wp_posts' is marked as crashed and should be repaired 2020-11-29 17:20:02 140059356550912 [Warning] Checking table: './wordpress@002dstorefront/wp_posts' 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_actionscheduler_claims' is marked as crashed and should be repaired 2020-11-29 17:20:02 140059356550912 [ERROR] mysqld: Table 'wp_actionscheduler_claims' is marked as crashed and should be repaired 2020-11-29 17:20:02 140059356550912 [Warning] Checking table: './wordpress@002dstorefront/wp_actionscheduler_claims' 2020-11-29 17:22:28 140059356550912 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_usermeta' is marked as crashed and should be repaired 2020-11-29 17:22:28 140059356550912 [ERROR] mysqld: Table 'wp_usermeta' is marked as crashed and should be repaired 2020-11-29 17:22:28 140059356550912 [Warning] Checking table: './wordpress@002dstorefront/wp_usermeta' 2020-11-29 17:22:31 140059356550912 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_woocommerce_sessions' is marked as crashed and should be repaired 2020-11-29 17:22:31 140059356550912 [ERROR] mysqld: Table 'wp_woocommerce_sessions' is marked as crashed and should be repaired 2020-11-29 17:22:31 140059356247808 [ERROR] mysqld: Table './wordpress@002dstorefront/wp_woocommerce_sessions' is marked as crashed and should be repaired 2020-11-29 17:22:31 140059356247808 [ERROR] mysqld: Table 'wp_woocommerce_sessions' is marked as crashed and should be repaired 2020-11-29 17:22:31 140059356550912 [Warning] Checking table: './wordpress@002dstorefront/wp_woocommerce_sessions' ... Note that after the crashed table was repaired mariadb reported multiple crashed tables in the same DB after restart. Any pointers? Never had such problems with mysqld. Is mariadb reliable and stable at all? # cat /etc/centos-release CentOS release 6.10 (Final) # rpm -qa '*maria*' rh-mariadb102-mariadb-server-utils-10.2.22-1.el6.x86_64 rh-mariadb102-mariadb-common-10.2.22-1.el6.x86_64 rh-mariadb102-mariadb-10.2.22-1.el6.x86_64 rh-mariadb102-mariadb-server-10.2.22-1.el6.x86_64 rh-mariadb102-mariadb-config-10.2.22-1.el6.x86_64 rh-mariadb102-mariadb-errmsg-10.2.22-1.el6.x86_64 rh-mariadb102-runtime-3.0-5.el6.x86_64 TIA, AK ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to add an application icon?
> > > I use MATE exclusively. It is a GNOME 2 redezined for Gnome 3 base or > > something like that. It has ALL you need to work as fast as you can, > you > > can even see all your icons in traybar so you can see instantly if > you > > have messages or mail waiting for you, with just a eyeball movement > > without touching the mouse. For CentOS 7.7 it is in EPEL, we are > still > > waiting for CentOS 8 rebuilt (from Fedora 28). > > > > > > Yeah, I know. I use MATE on C7 too. But is this a viable option in the > > long run? I'm going to try GNOME 3 classic once again. I haven't touched > > GNOME 3 since C7 was released. Hopefully some useful features have been > > added since then. I mostly miss workspaces and ability to pin a lot of > > pics and documents to the desktop. > > Yeah, me too. As soon as I tried MATE I switched to it and never came > back to Gnome 3 Shell. > Biggest problems I hade with "Gnome 3 Shell" was it is/was hiding > traybar icons so I had to use a mouse to point to the coner to see if I > reciseved new message or mail. If I am not at PC to hear/see a popup I > have to remember to waste time to check if something new came up. That > and if I remember corectly placing documents on desktops was not possible. > MATE is an active project that I do not belive will die out. > We shall see. I still have a C6 box with GNOME 2. Relaxing. ) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to add an application icon?
> > >>> How to add an application icon to gnome 3 classic desktop on centos 8? > >>> TIA > >> Using firefox as an example, > >> > >> cp /usr/share/applications/firefox.desktop $(xdg-user-dir DESKTOP)/ > >> > >> or > >> > >> ln -s /usr/share/applications/firefox.desktop $(xdg-user-dir DESKTOP)/ > >> > > I've already tried something like this but the icon is that of a text > > document and it just opens as text when clicked. Do I have to install a > > shell extension for this to work? > I got the first approach to work for me, the cp command. That being > said, I'm on CentOS 7.7 with gnome 3.28. Supposedly you CAN INSTALL an > extension to get you back to a right mouse click to add an application > to your icon to your desktop, but this requires gnome 3.30. The lack of > something easier to do this is truly annoying. I feel your pain! > Finally. ln -s doesn't work. cp and then rightclick on the icon and select "Allow Launching". Easy as pie. I develop and do some admin work on Linux servers for some 20 years but GNOME 3 still baffles me. Thanks guys. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to add an application icon?
> > > How to add an application icon to gnome 3 classic desktop on centos 8? > > TIA > > Using firefox as an example, > > cp /usr/share/applications/firefox.desktop $(xdg-user-dir DESKTOP)/ > > or > > ln -s /usr/share/applications/firefox.desktop $(xdg-user-dir DESKTOP)/ > I've already tried something like this but the icon is that of a text document and it just opens as text when clicked. Do I have to install a shell extension for this to work? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to add an application icon?
How to add an application icon to gnome 3 classic desktop on centos 8? TIA ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing dependency
Those in need may grab the rpms from http://vault.centos.org/centos/6/sclo/x86_64/rh/rh-nodejs4. 2018-08-15 12:51 GMT+03:00 Александр Кириллов : > Hi. Can't install rh-ror42 on C6. Used to be working June 10th. Any ideas? > TIA. > > # yum install rh-ror42 > ... > Resolving Dependencies > --> Running transaction check > ---> Package rh-ror42.x86_64 0:2.2-7.el6 will be installed > ... > --> Finished Dependency Resolution > Error: Package: rh-ror42-2.2-7.el6.x86_64 (centos-sclo-rh) >Requires: rh-nodejs4-nodejs > You could try using --skip-broken to work around the problem > ... > > # yum list rh-nodejs4-nodejs > ... > Error: No matching Packages to list > > # cat /etc/centos-release > CentOS release 6.9 (Final) > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing dependency
Hi. Can't install rh-ror42 on C6. Used to be working June 10th. Any ideas? TIA. # yum install rh-ror42 ... Resolving Dependencies --> Running transaction check ---> Package rh-ror42.x86_64 0:2.2-7.el6 will be installed ... --> Finished Dependency Resolution Error: Package: rh-ror42-2.2-7.el6.x86_64 (centos-sclo-rh) Requires: rh-nodejs4-nodejs You could try using --skip-broken to work around the problem ... # yum list rh-nodejs4-nodejs ... Error: No matching Packages to list # cat /etc/centos-release CentOS release 6.9 (Final) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FireFox and Plugins
It is possible to rebuild the package ( for CentOS 7) and disable this plugin being built. Yes but then any update to rhythmbox would re-install it and it would become a pattern of build, rinse, repeat. You can place the rebuilt package to a higher priority local repo. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to have more than on SELinux context on a directory
If I understand well, I could add a type to another type?!?!?!
No.
The default targeted policy is mostly about Type Enforcement. Quote from
the manual:
"All files and processes are labeled with a type: types define a SELinux
domain for processes and a SELinux type for files. SELinux policy rules
define how types access each other, whether it be a domain accessing a
type, or a domain accessing another domain. Access is only allowed if a
specific SELinux policy rule exists that allows it."
You could have added a new type (eg tftpdir_rw_and_samba_share_t) to
label the files in your shared directory and defined necessary rules to
allow access to these files by processes running in certain confined
domains. These new rules would most likely include a subset of rules
already defined in the default policy for samba_share_t and tftpdir_rw_t
types.
I've never added a new type myself and cannot really elaborate any
further on the subject.
An easier approach would be to add missing access rules for already
existing file type (either samba_share_t or tftpdir_rw_t).
BTW have you really tried to access files labelled with tftpdir_rw_t via
samba or vise versa? There's already a number of rules in the default
policy which allow ftp access to samba shares and smb/nmb access to
files labelled with tftpdir_rw_t. Eg
# sesearch --allow -t samba_share_t | grep samba_share_t | grep ftp
allow ftpd_t samba_share_t : file { ioctl read write create getattr
setattr lock append unlink link rename open } ;
allow ftpd_t samba_share_t : dir { ioctl read write create getattr
setattr lock unlink link rename add_name remove_name reparent search
rmdir open } ;
allow ftpd_t samba_share_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ;
allow ftpd_t samba_share_t : sock_file { ioctl read write create
getattr setattr lock append unlink link rename open } ;
allow ftpd_t samba_share_t : fifo_file { ioctl read write create
getattr setattr lock append unlink link rename open } ;
May be the needed functionality is already there and all this discussion
is the equivalent of shooting a gun on sparrows.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to have more than on SELinux context on a directory
Александр Кириллов писал 2016-07-05 19:58: I need to have the tftpdir_rw_t and samba_share_t SELinux context on the same directory. How can we do this? Is it feasible to have more than one SELinux context? I don't think it's possible/feasible. You'd probably need to add a new type and necessary rules to your local policy. Or add missing allow rules to an existing type (tftpdir_rw_t or samba_share_t). Or use audit2allow to add necessary allow rules to an existing type. Any of the above could be a major PITA. Some links and commands which might be useful if you really need this done: http://fedoraproject.org/wiki/PackagingDrafts/SELinux#Creating_new_types # sesearch --help # sesearch --allow -t samba_share_t # sesearch --allow -t tftpdir_rw_t ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to have more than on SELinux context on a directory
I need to have the tftpdir_rw_t and samba_share_t SELinux context on the same directory. How can we do this? Is it feasible to have more than one SELinux context? I don't think it's possible/feasible. You'd probably need to add a new type and necessary rules to your local policy. Or add missing allow rules to an existing type (tftpdir_rw_t or samba_share_t). Or use audit2allow to add necessary allow rules to an existing type. Any of the above could be a major PITA. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to use python 2.7 by default instead python 2.6 on centos 6.8
centos 6.8 comes with python 2.6. But I want to use python 2.7 to build gstreamer sdk. I have built python 2.7 and installed it into my custom directory. How to set centos to use python 2.7 by default instead of python 2.6? You could have used python virtualenv. I'm not a python dev and only have vague memories and some short notes on the subject. FYI I have all my python 2.7 packages installed from PUIAS_6_computational repo which had a better selection of python packages at the time: python27-2.7.8 python27-virtualenv-1.10.1 ... When you have python27-virtualenv package you can create and activate a virtual environment with the following commands: $ mkdir ~/opt/python27 $ virtualenv-2.7 ~/opt/python27 $ . ~/opt/python27/bin/activate (python27) prefix will be added to the shell prompt and all subsequent python calls will use version from the virtual environment. (python27) $ python --version Python 2.7.8 ... (python27) $ deactivate HTH ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] netbook screen suddenly goes black
Can anyone of you provide further hints on what I should be looking for or at? Is it trying to hibernate? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Virtual Machine System Time
Is this a common time problem when running CentOS as a virtual machine? Any suggestions regarding the cause if this problem and how to keep the CentOS system time locked to the host platform time would be greatly appreciated. Thanks. Have you installed VBox Guest Additions? These will sync guest time with the host. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
for me I refuse it or in other words, when there is no OCSP response and I don't get a CRL from the CA the SSL-host is blocked; Forget it, Walter. If you feel it's more secure that way I'm not going to waste my time to convince you otherwise. ) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
yes and no, but faking a valid OCSP response that says good instead of revoked is also possible ... Could you please provide any proof for that statement? If it were true the whole PKI infrastructure should probably be thrown out of the window. ) the primary reason was to prevent problems for connection problems - or whatever problems - in connection with the OCSP Sure. I've never said privacy concerns were the main reason. Security concerns can probably be addressed with reducing update interval of issuer-signed OCSP responses. For my free wosign certificates ii's 4 days and my understanding is that interval matches CRL update policy of the CA. Per RFC2560 (see nextUpdate below): 2.4 Semantics of thisUpdate, nextUpdate and producedAt Responses can contain three times in them - thisUpdate, nextUpdate and producedAt. The semantics of these fields are: - thisUpdate: The time at which the status being indicated is known to be correct - nextUpdate: The time at or before which newer information will be available about the status of the certificate - producedAt: The time at which the OCSP responder signed this response. If nextUpdate is not set, the responder is indicating that newer revocation information is available all the time. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
Then OCSP stapling is the way to go but it could be a real PITA to setup for the first time and may not be supported by older browsers anyway. not really, because the same server tells the client that the SSL certificate is good, as the SSL certificate itself; these must be independent; Says who? Yes, the OCSP response comes from the same server but it's still signed by the issuer CA. OCSP stapling has been developed for a number of reasons including user privacy concerns and I find those reasons quite convincing. The need to revoke an issued certificate before its expiration date is rare. CA error, transfer of the domain ownership, loss of a private key... What else? Yet the origial OCSP implementation gives the interested third parties the ability to track browsing habits of unsuspecting visitors of the sites which do not implement OCSP stapling. This is not to mention much higher traffic the CAs will have to shoulder with the proliferation of secure sites. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
Walter H. писал 2016-06-16 22:54: On 16.06.2016 21:42, Александр Кириллов wrote: that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks of the used SSL certificate very probable fail, it is worse than not using SSL ... I don't think OCSP is critical for free certificates suitable for small businesses and personal sites. this is philosophy; I'd say when you do it then do it good, else don't do it; Then OCSP stapling is the way to go but it could be a real PITA to setup for the first time and may not be supported by older browsers anyway. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks of the used SSL certificate very probable fail, it is worse than not using SSL ... I don't think OCSP is critical for free certificates suitable for small businesses and personal sites. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
Nowadays it's quite easy to get normal ssl certificates for free. E.g. http://www.startssl.com http://buy.wosign.com/free ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question on 7.2 and weird characters
How do I get back to the normal characters ? Have you tried "reset"? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DOS line ends on /var/log/boot.log on CentOS 6.7 ?
Recently, I'm seeing DOS line ends, ^M, on my /var/log/boot.log file. Honestly, I don't check this very often so I can't say exactly when this occurred. Is this just MY experience or are others seeing this also. I checked a C6 /var/log/boot.log from 5 years ago and ^M chars are there all right. You can easily spot them with less -R /var/log/boot.log. This is a surprise indeed and it's not configurable. Try to comment out echo -ne "\r" lines in /etc/rc.d/init.d/functions if you hate the output so much. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] one-shot yum command to match rpms between systems?
Jonathan Billings писал 2016-05-18 20:16:
On Wed, May 18, 2016 at 12:54:51AM -0600, Frank Cox wrote:
Given a list of rpms on one system (rpm -qa > list.txt), is there a
one-shot command that I can run on another system to remove all of
the rpms not listed and add any that are on the list and not present
on the second system?
I'd probably turn it into a puppet manifest or ansible playbook, and
use that to install the packages. I'd not use rpm -qa unadorned,
though, but rpm -qa --qf "%{NAME}.%{ARCH}\n".
You can either use the tools suggested or write a simple helper script.
Diff sorted list of packages on these two systems (using
"%{NAME}.%{ARCH}" format).
Add the packages in lines starting with "<", remove the packages in
lines starting with ">".
Sort of.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 as DNS-Server
how can I influence the time between the .jnl file is created/updated and the zone file is updated? more than 10 minutes is quite a bit long ... AFAIK rndc freeze/thaw will do that but you may try other rndc commands too. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 as DNS-Server
if a host has IPv4 only or IPv6 only this works fine, but when a host has both - DualStack somethimes it works sometimes only one - can be IPv4 or can be IPv6 works; and in /var/log/messages I get something like May 10 18:51:30 dnssrvr named[2526]: client 192.168.1.2#38618: view wkst: updating zone 'ddns.local/IN': update unsuccessful: WIN7HOST.ddns.local: 'name not in use' prerequisite not satisfied (YXDOMAIN) for several times; Which probably means that the name for the host has already been added to dns with an IPv6 address or vice versa. Have a look at https://deepthought.isc.org/article/AA-01091/0/ISC-DHCP-support-for-Standard-DDNS.html. It might be relevant. I don't know. 'ddns-update-style standard' didn't even exist when I fiddled with this. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 as DNS-Server
I'm also using ddns and have my zone files in /var/named/chroot/var/named/dynamic. are you using DDNS in DualStack (IPv4 and IPv6 together) or do you have only DHCP or DHCPv6 and not both? IPv4 only. By default, SELinux prevents any role from modifying named_zone_t files; this means that files in the zone database directory cannot be modified by dynamic DNS (DDNS) updates or zone transfers. The Red Hat BIND distribution and SELinux policy creates three directories where named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic /var/named/data. By placing files you want named to modify, such as slave or DDNS updateable zone files and database / statistics dump files in these directories, named will work normally and no further operator action is required. Files in these directories are automatically assigned the ’named_cache_t’ file context, which SELinux allows named to write." That's probably why I have updateable zone files in chrooted /var/named/dynamic. Default targeted policy comes with necessary rules for chrooted bind. See # semanage fcontext -l | grep named_ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 as DNS-Server
this seems to be relevant in chroot environments; as I noticed when configuring the DDNS-feature, that this is a little bit weired, when running in a chroot environment; I saw the recommendation not to use a chroot in the man-page and removed bind-chroot and then the zone updates worked perfekt; so this file /etc/named.root.key isn't really used; or am I missing something? These files are included in both my /etc/named.conf and /usr/share/doc/bind-x.x.x/named.conf.default which I probably used as a template years ago. I'm no dns expert but you'd probably need these files when accessing root servers directly without use of forwarders. I'm also using ddns and have my zone files in /var/named/chroot/var/named/dynamic. Selinux is enabled and I don't see any additional bind-related rules in my local policy or /etc/selinux/targeted/contexts/files/file_contexts.local. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 as DNS-Server
in no file neither in /etc/named.conf nor in any other file that is included by the main config I can find a reference to /etc/named.root.key is this file really needed or did it become obsolete? (as seen on the URL above, /etc/named.root.key is part of /etc/named.iscdlv.key) # cat /etc/rc.d/init.d/named ... ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /etc/named.root.key' mount_chroot_conf() ... # rpm -qf /etc/named.root.key /etc/named.iscdlv.key bind-9.8.2-0.37.rc1.el6_7.7.x86_64 bind-9.8.2-0.37.rc1.el6_7.7.x86_64 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache logs missing
Adrian Jenzer писал 2016-04-28 11:04: It looks like logrotate changed behaviour and started to delete old logs instead of compressing them. As you can see it just wiped away the one from 20160327, and that with all configs on default. Does someone know how to fix this?? https://bugzilla.redhat.com/show_bug.cgi?id=1171865 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 MySQL injection attack ("Union Select")
Indeed. There are several flaws in how mysql handles data. This is why to the best of my ability I am trying to avoid mysql, and use postgresql if whatever chunk of software I need is designed to work also with postgresql. And I recommend developers I work with/for the same (to use postgresql). These are good examples: https://www.youtube.com/watch?v=1PoFIohBSM4 http://dev.mysql.com/doc/refman/5.1/en/sql-mode.html#sql-mode-strict ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 MySQL injection attack ("Union Select")
Be careful with WordPress - it's database handler doesn't actually use parameterized statements, it emulates them with printf - one (of many) reasons I do not like the product. This is a rather controversial statement. There's nothing wrong with using sprintf when building sql queries. Besides "Using a prepared statement is not always the most efficient way of executing a statement. A prepared statement executed only once causes more client-server round-trips than a non-prepared statement." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 MySQL injection attack ("Union Select")
This is obviously an application level problem. What is this php file? You should upgrade wordpress and remove or block access to the plugin or custom page which allows sql injections. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Keep the politics out, please?
The post from a disgruntled member of the public is longer than the original thread. I wonder if this was worth the effort. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bitcoin for CentOS 7
Meanwhile banks like Chase charge poor people $12.00 a month just have checking and push debit card paychecks on low income jobs where they charge just for the poor to check how much they have on it. That bad, huh? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Chrome and CentOS 6?
Was there any real conclusion about Google Chrome on CentOS and how to get around this problem? http://chrome.richardlloyd.org.uk ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] routing with 2 public ips
I'm struggling to understand what you meant when you said that the destination is the gateway. If you just mean that the traffic is NATed, then again, I was not assuming that in any of my explanations. I said that, assuming the host with 2 public ips mentioned in the OP could be the gateway for a lan as I suspect routing based on source address that you suggested will not work for transit traffic. There's a routeback option in shorewall which probably does what the OP wants but I have no idea how to achieve this with firewalld or iptables. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + routing
ip route: 0.0.0.0/1 via 10.8.0.5 dev tun0 default via 192.168.2.1 dev br0 proto static metric 425 10.8.0.1 via 10.8.0.5 dev tun0 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 88.198.140.127 via 192.168.2.1 dev br0 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101 metric 425 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 traceroute gmx.de traceroute to gmx.de (213.165.65.60), 30 hops max, 60 byte packets 1 Speedport.ip (192.168.2.1) 0.578 ms 0.662 ms 0.859 ms ^C [root@h1 ~]# traceroute spiegel.de traceroute to spiegel.de (62.138.116.3), 30 hops max, 60 byte packets 1 10.8.0.1 (10.8.0.1) 35.009 ms 34.982 ms 34.956 ms Why the routing is different, in first case over br0 in second over the vpn device? Have no idea what 0.0.0.0/1 is, but 62.138.116.3 is part of 0.0.0.0/1 and 213.165.65.60 is not. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Shorewall and the latest kernel problem
I just installed the latest kernel 2.6.32-573.8.1.el6.x86_64 and when I rebooted it shorewall (shorewall-4.5.4-1.el6.noarch) failed with the following error ERROR: a non-empty masq file requires NAT in your kernel and iptables /etc/shorewall/masq (line 15) FYI I have the same kernel (2.6.32-573.8.1.el6.x86_64) and shorewall (shorewall-4.5.4-1.el6.noarch) versions and non-empty /etc/shorewall/masq here and do not see this problem. Try as root: service shorewall restart. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync and differential Backups
cp -a daily.0 daily.1 cp -al daily.0 daily.1 All these can be combined with an rsyncd module to allow read only root access to a remote system excluding the dirs you don't normally want to be backed up like /proc, /var/lib/mysql, /var/lib/libvirt, ... Oops... My provider email gateway has been blacklisted by anti spam vigilantes. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Incoming rsync connection attempts
Jeff Boyce писал 2015-10-14 21:13: Greetings - In my logwatch report this morning I noticed reference to an attempt to connect to rsync from an external IP address. It doesn't appear that the connection was successful based on correlating information between /var/log/secure and /var/log/messages. But I am looking for some suggestions for implementing more preventative measures, if necessary. The log information from the last few attempts are shown below. /var/log/secure Oct 13 00:14:08 Bison xinetd[2232]: START: rsync pid=15306 from=180.97.106.36 Oct 13 01:55:51 Bison xinetd[2232]: START: rsync pid=15343 from=85.25.43.94 Oct 13 23:25:35 Bison xinetd[2232]: START: rsync pid=16548 from=114.119.37.86 /var/log/messages Oct 13 00:14:08 Bison rsyncd[15306]: rsync: unable to open configuration file "/etc/rsyncd.conf": No such file or directory (2) Oct 13 00:14:08 Bison rsyncd[15306]: rsync error: syntax or usage error (code 1) at clientserver.c(923) [receiver=3.0.5] Oct 13 01:55:51 Bison rsyncd[15343]: rsync: unable to open configuration file "/etc/rsyncd.conf": No such file or directory (2) Oct 13 01:55:51 Bison rsyncd[15343]: rsync error: syntax or usage error (code 1) at clientserver.c(923) [receiver=3.0.5] Oct 13 23:25:35 Bison rsyncd[16548]: rsync: unable to open configuration file "/etc/rsyncd.conf": No such file or directory (2) Oct 13 23:25:35 Bison rsyncd[16548]: rsync error: syntax or usage error (code 1) at clientserver.c(923) [receiver=3.0.5] There is no /etc/rsyncd.conf file present on the system, so I can see why the connection wasn't successful. Our backups get pushed to this one from other servers using rsync. You can block access to tcp/udp port 873 from external addresses. You probably don't need rsync server either and can just disable it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-install message regarding Spice and TLS
Is TLS required for the usage of Spice with KVM/libvirtd? No. I had a similar problem several years back and ended up manually removing tlsPort= from /etc/libvirt/qemu/xxx.xml ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmbuild dwz error
On CentOS 7, I'm building a large C++ package with rpmbuild. Arachne (https://www.broadinstitute.org/crd/wiki/index.php/Arachne_Main_Page). During the debuginfo extraction stage, I get the following error: + /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 1000 --dwz-max-die-limit 11000 /home/andrew/rpmbuild/BUILD/arachne-46233 dwz: Multifile temporary files too large cpio: /builddir/build/BUILD/glibc-2.17-c758a686/math: Cannot stat: No such file or directory cpio: arachne-46233/src/Calculator.cc: Cannot stat: No such file or directory cpio: arachne-46233/src/Calculator.y: Cannot stat: No such file or directory 36150 blocks rpmbuild/dwz appear to be using /var/tmp for large temporary debug info files. This package generates over 30GB of debug data and I think it is filling up /var/tmp leading to the error. How can I tell rpmbuild to use an alternative temporary file location? Try to change %_tmppath in /usr/lib/rpm/macros or build in mock and place the whole chroot on a larger drive (/etc/mock/site-defaults.cfg). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 6.7
I don't have CR enabled and a heap of available updates means CentOS 6.7 has been released or what? Did I miss the announcement? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED] kernel: BUG: scheduling while atomic
Rebooted my home server into a new kernel and got a hard system lockup and a bunch of kernel: BUG: scheduling while atomic in /var/log/messages. The culprits seem to be nvidia-352.30 drivers from elrepo. Downgrading to 352.21 solved the problem. which centos version? which kernel? which nvidia card? what is bug report number? CentOS 6.6, fully updated. This is not a kernel problem. The system freezes with both kernel-2.6.32-504.23.4.el6.x86_64 and kernel-2.6.32-504.30.3.el6.x86_64. GPU: GeForce GTX 650. No bug has been filed yet. You may want to file a bug report with great details. kernel: BUG: scheduling while atomic is not really enough to diagnose the issue. Just FYI, I have a system running: kmod-nvidia-352.30-1.el6.elrepo.x86_64 kernel-2.6.32-504.30.3.el6.x86_64 x86_64 with no apparent problems. http://bugs.centos.org/view.php?id=9169 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [SOLVED] kernel: BUG: scheduling while atomic
Rebooted my home server into a new kernel and got a hard system lockup and a bunch of kernel: BUG: scheduling while atomic in /var/log/messages. The culprits seem to be nvidia-352.30 drivers from elrepo. Downgrading to 352.21 solved the problem. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED] kernel: BUG: scheduling while atomic
Rebooted my home server into a new kernel and got a hard system lockup and a bunch of kernel: BUG: scheduling while atomic in /var/log/messages. The culprits seem to be nvidia-352.30 drivers from elrepo. Downgrading to 352.21 solved the problem. which centos version? which kernel? which nvidia card? what is bug report number? CentOS 6.6, fully updated. This is not a kernel problem. The system freezes with both kernel-2.6.32-504.23.4.el6.x86_64 and kernel-2.6.32-504.30.3.el6.x86_64. GPU: GeForce GTX 650. No bug has been filed yet. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyncing directories - sanity check
Does anyone have a good guess as to why these 'out of space' failures are occurring? Probaly sparse files or hard links? Try # rsync -aHASWXv --delete src/ dst/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] could not insert 'fuse' error on CentOS 7.1
I've tried googling this to no avail!! Have you tried The young mechanics mailing list yet? And have a look at Gentoo Linux (http://www.gentoo.org). It might suit your needs better. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd
The bigger issue is a project like MythTV being targeted at the bleeding edge like Fedora while I want to stay on the stable edge with CentOS. I've had to deal with this for years. MythTV will eventually move on to a library or a tool not supported by the base CentOS install and it will be a battle to get it to work. docker or kvm? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forcing yum update
I have tried launching yum shell and then remove libmodplug, install libmodplug while having made sure epel is available. This after having read that it is a bad idea to use no-deps with yum. My attempt, however, fails with a not found message. What would the correct approach be? The correct approach would be to use yum-plugin-priorities, set rpmforge priority to a higher value (lower priority) than epel and run yum distro-sync. Thank you. Unfortunately distro-sync fails with not found which seems to apply to libmodplug at epel. Check if you have exclude=libmodplug in /etc/yum.repos.d/epel.repo and comment this line out. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forcing yum update
I have tried launching yum shell and then remove libmodplug, install libmodplug while having made sure epel is available. This after having read that it is a bad idea to use no-deps with yum. My attempt, however, fails with a not found message. What would the correct approach be? The correct approach would be to use yum-plugin-priorities, set rpmforge priority to a higher value (lower priority) than epel and run yum distro-sync. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
But being not native English speaker, I use it (not native English speaker) Figured as much, which is why I mentioned it ;) as an excuse for being unable to pronounce anything. Not as if most English speakers can pronounce many English words ... ttfn :) It is amazing how much one can cripple what another person said by scissoring his phrases ;-) bugger! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] perf trace
# perf trace perf: 'trace' is not a perf-command. See 'perf --help'. Should 'perf trace' work in C6.6 or this is a bug related to https://bugzilla.redhat.com/show_bug.cgi?id=892893? # rpm -qa perf perf-2.6.32-504.12.2.el6.x86_64 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Recommended anti-virus for Windows
One thing I forgot to mention: I also always recommend AGAINST using kasperski. Kasperski is KGB guy (*cough* *cough* retired. You know in that service retirement is only feet first dead, so you do your math). Is KGB rant still in vogue in your new homeland? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] Release for CentOS Linux 7 (1503 ) on x86_64
Karanbir Singh писал 2015-04-01 14:25: On 04/01/2015 11:45 AM, Александр Кириллов wrote: This was discussed on the CentOS-Devel mailing list and approved by the CentOS Board. It is what we are using in the future. I suggest you become familiar with it. Obviously naming conventions should provide for an easy upstream vendor version reference? does /etc/centos-release-upstream provide you with that ? There's nothing of the sort in 7.0.1406. Ideally I'd like to see 7.1 in each and every rpm or iso name related to the point release. I'm not going to flame over something done and buried but sometimes the decisions made by rational people are just stunningly surprising. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] Release for CentOS Linux 7 (1503 ) on x86_64
This was discussed on the CentOS-Devel mailing list and approved by the CentOS Board. It is what we are using in the future. I suggest you become familiar with it. Obviously naming conventions should provide for an easy upstream vendor version reference? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] headless VirtualBox on Centos
I am wondering if there is a set of scripts/utilities for automatically starting and running headless (no X11) VM's using VirtualBox omn a CentOS 6 server. VNC/RDP access to the VM's would be fine. You can also get access to a headless VM console via RDP with VRDE (VBox Remote Desktop Extension) available from VBox Extension Pack. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] headless VirtualBox on Centos
I was looking more or less at the same options. Just was wondering if there was a ready-made set of scripts somewhere to set all of this in motion to save me a little time - but if not, I will just make one. You can use vboxmanage modifyvm VM name --autostart-enabled on and enable vboxautostart-service. However I had to tweak the script to suspend VMs on system reboot/shutdown. Don't know if this works out of the box with newer VBox versions. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xfs fsck error metadata corruption
Everytime I restart Centos 7 I receive a error saying…
metadata is corrupt
and then I need to go through the process of mount and unmount the
disk uuid then run
xfs_repair {some uuid}
or
xfs_repair -L {some uuid} which ultimately corrupts even more.
I’m running on a RAID 1 two identical drives
Could be totally irrelevant but once I had serious fs corruption
problems after hibernation on a Fedora laptop with Intel graphics.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Something like apt-cacher for CentOS/RHEL?
For some time I've fiddled with Debian and Ubuntu LTS. There's one really nice feature for local networks: apt-cacher, a package proxy for APT. My company is in the remote South French countryside, and more often than not, schools and public libraries only have some very limited Internet access with relatively low bandwidth, which can make the updating process very tedious. A package cache comes in very handy in such situation. You can also enable keepcache in /etc/yum.conf on one of the servers and after update copy rpms from /var/cache/yum to a (higher priority) local repository. You'll need to use createrepo to generate metadata for the repo. HTH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Design changes are done in Fedora
John R. Dennison писал 2015-01-07 04:49: Quick question, if I may? What does this have to do with CentOS? I for one read this thread with interest. Let it be. And IMHO the topics are relevant for anybody professionally involved with computers. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2ban mail failures ???
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 2014 Return-Path: mailer-dae...@lion.protogeek.org Date: Sun, 21 Dec 2014 03:09:19 -0600 From: Mail Delivery Subsystem mailer-dae...@lion.protogeek.org To: postmas...@lion.protogeek.org Content-Type: multipart/report; report-type=delivery-status; boundary=sBL97EKS003880.1419152959/lion.protogeek.org Subject: Postmaster notify: see transcript for details Auto-Submitted: auto-generated (postmaster-notification) Status: R Part 1: The original message was received at Tue, 16 Dec 2014 03:09:17 -0600 from localhost with id sBG97E83025627 - The following addresses had permanent fatal errors - fail2...@example.com - Transcript of session follows - fail2...@example.com... Deferred: Connection timed out with example.com. Message could not be delivered for 5 days Message will be deleted from queue .. I used to get the messages that are now being deleted after five days. Any suggestions? Check your /etc/fail2ban/jail.local /etc/fail2ban/jail.conf. You have to provide valid email addresses for dest= and sender= parameters in sendmail-whois or mail-whois actions for enabled jails. os.org/mailman/listinfo/centos Александр Кириллов, I should have made it clear that this is all on one machine. The jail.conf file is the default from the fail2ban package. It used to work perfectly, but now has the mail problem. All I've had to do for years is install the fail2ban package, start it, and make it autostart whenever I reboot. Now it's misbehaving in a way that puzzles me. Robert, If you never changed fail2ban defaults you probably had email aliases defined somewhere in your configurations. Whatever you had it was incorrect and it's not worth the effort to figure out why it ever worked if at all. The right way is to use email addresses in (at least locally) routable domains. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2ban mail failures ???
Robert G. (Doc) Savage писал 2014-12-26 20:39: I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 2014 Return-Path: mailer-dae...@lion.protogeek.org Date: Sun, 21 Dec 2014 03:09:19 -0600 From: Mail Delivery Subsystem mailer-dae...@lion.protogeek.org To: postmas...@lion.protogeek.org Content-Type: multipart/report; report-type=delivery-status; boundary=sBL97EKS003880.1419152959/lion.protogeek.org Subject: Postmaster notify: see transcript for details Auto-Submitted: auto-generated (postmaster-notification) Status: R Part 1: The original message was received at Tue, 16 Dec 2014 03:09:17 -0600 from localhost with id sBG97E83025627 - The following addresses had permanent fatal errors - fail2...@example.com - Transcript of session follows - fail2...@example.com... Deferred: Connection timed out with example.com. Message could not be delivered for 5 days Message will be deleted from queue .. I used to get the messages that are now being deleted after five days. Any suggestions? Check your /etc/fail2ban/jail.local /etc/fail2ban/jail.conf. You have to provide valid email addresses for dest= and sender= parameters in sendmail-whois or mail-whois actions for enabled jails. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bounced email processing
James B. Byrne писал 2014-11-06 16:58: On Wed, November 5, 2014 16:00, Keith Keller wrote: It's also inappropriate (IMO of course) to intentionally circumvent controls which have been implemented to restrict someone from posting to the list. If the posting is a pertinent technical question then I submit that it is unethical not to circumvent the restriction. This is a technical forum and if there is no possibility of said posting being off-topic or intended to be unpleasant then it should be seen and answered if at all possible. Banning from a mailing list is just a rather ham-fisted way of saying that the job of moderating an individual disruptive user is deemed too burdensome. And, having moderated lists myself, I can sympathize with that position. But if other, un-banned, list members are willing to judiciously moderate said individual on a case by case basis then I see no difficulty at all. You're making too much of a hassle about a person I don't consider exceptionally polite to other list members. Please keep this discussion off list if at all possible. TIA. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache wakes-up inactive Exim
I was remotely testing a web page. A web page error condition invoked the embedded PHP mail() command. To my astonishment something in Centos woke-up Exim. Exim sent the email and then became inactive again. The Exim logs does not show any start-up lines, just 1. input from Apache. 2. output to remote server. 3. 'completed'. Hours later Logwatch, not yet customised, also caused inactive Exim to send an email (which got rejected by Exim because it was to local user 0). What causes Centos to temporarily activate in-active (meaning non-running) Exim ? You don't really need an active smtp daemon to send email or deliver it locally. $ cat /etc/php.ini | grep sendmail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firefox: annoyance
I hope, my government doesn't go into alliance with Russia behind my back ;-) (I'm perfectly OK about Romania, no matter how much more careful I'll be about repositories hosted there compared to the ones hosted, say, in Finland, just based on statistics of compromised machines...) These guys they just don't get the hint and then we have to watch in disgust their heads being cut off by the friends of Libya :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firefox: annoyance
Maybe we can get it into extras? I mentioned something from his repo to my manager, who understandably balked at a Russian server (this is a US gov't agency (non-DoD) that we work at li.nux.ro, that's Romania not Russia. Thanks, I sit (and type) corrected. There was something nagging at me, saying Russia was wrong for Nux. However, I don't foresee aforesaid manager being happy with an eastern European individual's repo. Jesus! Couldn't you just shut up? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6: why i686 are installed on x86_64 based arch?
I dont want that, unless I'ts really mandatory: Is it? One solution would be to append the architecture to the package name to install, but how to make it default, in order to save typing? Add exclude=*.i?86 to [main] in /etc/yum.conf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not resolve host: mirror.centos.org
Александр Кириллов писал 2014-09-06 18:32: There seems to be a problem with my local dns server resolving mirror.centos.org. I know something about dns but obviously not enough to figure out what might be wrong here or how to fix this in bind configs. The SERVFAIL errors below seem to be related to and MX queries for the domain. Please advise. TIA. # host mirror.centos.org 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: mirror.centos.org has address 69.167.139.9 # host mirror.centos.org mirror.centos.org has address 66.109.26.212 Host mirror.centos.org not found: 2(SERVFAIL) Host mirror.centos.org not found: 2(SERVFAIL) # tail -F /var/named/chroot/var/named/data/named.run error (FORMERR) resolving 'mirror.centos.org//IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org//IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org//IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org//IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org//IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org//IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 94.46.190.42#53 Try asking the correct type (A record only) and you'll have the correct answer : the three PDNS servers having delegation for mirror.centos.org will only answer for A records (we have obviously no MX record for mirror.centos.org and, unfortunately, no records for those machines either) PS : host is considered deprecated so switch to dig instead ? ;-) Thanks for your answer, Fabian, I forgot to mention in the OP that the source of the error is yum with scl repo enabled: # yum distro-sync Loaded plugins: fastestmirror, priorities, refresh-packagekit, security, verify ... http://mirror.centos.org/centos/6/SCL/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - Could not resolve host: mirror.centos.org (Could not contact DNS servers) Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: scl. Please verify its path and try again This is an ipv6-enabled system and that's probably why yum tries to get an ipv6 address first for mirror.centos.org and fails miserably. For whatever reason I do not get an authoritative negative response for query from upstream servers. Well an easy fix is to hardcode an ipv4 address for mirror.centos.org in /etc/hosts and forget it. I suspect miconfiguration on centos.org side as scl is the only repo which gives me troubles but don't have the time to dig into this. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not resolve host: mirror.centos.org
There seems to be a problem with my local dns server resolving mirror.centos.org. I know something about dns but obviously not enough to figure out what might be wrong here or how to fix this in bind configs. The SERVFAIL errors below seem to be related to and MX queries for the domain. Please advise. TIA. # host mirror.centos.org 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: mirror.centos.org has address 69.167.139.9 # host mirror.centos.org mirror.centos.org has address 66.109.26.212 Host mirror.centos.org not found: 2(SERVFAIL) Host mirror.centos.org not found: 2(SERVFAIL) # tail -F /var/named/chroot/var/named/data/named.run error (FORMERR) resolving 'mirror.centos.org//IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org//IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org//IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org//IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org//IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org//IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 94.46.190.42#53 Try asking the correct type (A record only) and you'll have the correct answer : the three PDNS servers having delegation for mirror.centos.org will only answer for A records (we have obviously no MX record for mirror.centos.org and, unfortunately, no records for those machines either) PS : host is considered deprecated so switch to dig instead ? ;-) Thanks for your answer, Fabian, I forgot to mention in the OP that the source of the error is yum with scl repo enabled: # yum distro-sync Loaded plugins: fastestmirror, priorities, refresh-packagekit, security, verify ... http://mirror.centos.org/centos/6/SCL/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - Could not resolve host: mirror.centos.org (Could not contact DNS servers) Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: scl. Please verify its path and try again I'm using host for debugging only and as 8.8.8.8 seems to be able to handle these requests correctly I could probably use it as a forwarder but may be there's a way to tweak bind configs to work around the problem? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Could not resolve host: mirror.centos.org
There seems to be a problem with my local dns server resolving mirror.centos.org. I know something about dns but obviously not enough to figure out what might be wrong here or how to fix this in bind configs. The SERVFAIL errors below seem to be related to and MX queries for the domain. Please advise. TIA. # host mirror.centos.org 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: mirror.centos.org has address 69.167.139.9 # host mirror.centos.org mirror.centos.org has address 66.109.26.212 Host mirror.centos.org not found: 2(SERVFAIL) Host mirror.centos.org not found: 2(SERVFAIL) # tail -F /var/named/chroot/var/named/data/named.run error (FORMERR) resolving 'mirror.centos.org//IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org//IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org//IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org//IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org//IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org//IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 94.46.190.42#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 85.12.30.226#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 93.113.36.66#53 error (FORMERR) resolving 'mirror.centos.org/MX/IN': 94.46.190.42#53 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-fpm on centos 6
mod_fastcgi is gone. That's now fcgid. mod_proxy_fcgi is not dead. It's too new for centos 6 though. It needs apache 2.4 and centos has lower (2.2?) I think. Thus you'd need to build apache yourself or find packages in rpm forge or something as it requires apache 2.4 and this module for proxy to fcgi. You can see the module doesn't exist for 2.2 here: http://httpd.apache.org/docs/2.2/mod/ But does for 2.4: http://httpd.apache.org/docs/2.4/mod/ To summarise, what you want to do will need apache 2.4. Or just use the old school php-cgi and mod_fcgid. Other option is nginx and fastcgi_pass. Benefit here is you can use unix socket if php-fpm is local to drop the TCP overhead Thanks, Jason! I've been using php-cgi, mod_fcgid and suexec combo for years on my servers. Now I want to run php apps in UserDir with user credentials. This probably can be achieved with mod_fcgid and suexec but it seems like I'd need separate fcgi configs and cgi wrappers under suexec docroot for each user. If you know of a simpler way please share your experience. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-fpm on centos 6
Mihamina Rakotomandimby писал 2014-08-23 08:49: On 08/22/2014 11:27 PM, Александр Кириллов wrote: Does it? There's mod_fastcgi in rpmforge but I don't feel quite comfortable with packages from this repo. Just check the spec file from the src.rpm and see if you find something suspicious. Or, if you have a bit more spare time, check the spec file and just rebuild it. Thanks, Mihamina! That's what I did but I'm not sure I'll be using this mod on production servers. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-fpm on centos 6
Jason Woods писал 2014-08-23 11:44: On 23 Aug 2014, at 08:15, Александр Кириллов nevis...@infoline.su wrote: Thanks, Jason! I've been using php-cgi, mod_fcgid and suexec combo for years on my servers. Now I want to run php apps in UserDir with user credentials. This probably can be achieved with mod_fcgid and suexec but it seems like I'd need separate fcgi configs and cgi wrappers under suexec docroot for each user. If you know of a simpler way please share your experience. To be fair you'd still need separate configs for each user even with php-fpm to set the user/group for the processes and to set the sessions path. I always did it that way. Unique wrappers for each user and apache config for each user setting the suexec user group etc. I had shell scripts to generate them for me. Even with nginx you need config per user but at least you don't need any wrappers - you do need a php-fpm config per user tho so it's about the same work. I shell scripted this too. I suspected as much :( Seems like fpm isn't worth the effort after all though sharing the opcode cache by php-fpm workers might be interesting. Thanks a lot for your input! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-fpm on centos 6
Jason Woods писал 2014-08-23 12:28: I suspected as much :( Seems like fpm isn't worth the effort after all though sharing the opcode cache by php-fpm workers might be interesting. Thanks a lot for your input! You're welcome! I'll say though that I did see a boost in response times (can't remember how much but noticeable) when I switched to fpm. So it may still be worth considering, though on CentOS 6 Nginx will be an easier setup and more maintained than rolling ones own. With SSL and official Nginx repo you'll get things like SPDY too. Yeah, maybe I should get out of the groove and try something new like many other fearless old farts on this list do :) Just kidding. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] php-fpm on centos 6
What's the story with php-fpm on centos 6? There's a php-fpm rpm for centos 6 in epel but other essential mods like mod_fastcgi or mod_proxy_fcgi seem to be missing from the repos I'm usually using. Need a push in right direction. Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php-fpm on centos 6
Does it? There's mod_fastcgi in rpmforge but I don't feel quite comfortable with packages from this repo. Eero Volotinen писал 2014-08-22 22:46: Remi repo provides it? 22.8.2014 20.59 kirjoitti Александр Кириллов nevis...@infoline.su: What's the story with php-fpm on centos 6? There's a php-fpm rpm for centos 6 in epel but other essential mods like mod_fastcgi or mod_proxy_fcgi seem to be missing from the repos I'm usually using. Need a push in right direction. Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Can't see all files on a cifs mount
Awhile ago I've set up a backup of my C6 home server to a D-Link NAS and it seems to be working. But when I mount a share with the backups I can't see files or directories not readable by others. I'm not very knowledgeable in cifs and probably missing some obvious options. noserverino option suggested on ubuntu forums didn't help. TIA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't see all files on a cifs mount
Awhile ago I've set up a backup of my C6 home server to a D-Link NAS and it seems to be working. But when I mount a share with the backups I can't see files or directories not readable by others. I'm not very knowledgeable in cifs and probably missing some obvious options. noserverino option suggested on ubuntu forums didn't help. Forget it. NFS mount worked out of the box. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] chromium-34.0.1847.132-4.el6
New EL6 compilation of chromium (34.0.1847.132) (aura) Based on russian fedora build Build with devtools-2 (http://people.centos.org/tru/devtools-2/readme) chromium-34.0.1847.132-4.el6.i686.rpm https://drive.google.com/file/d/0B9RlkKQB1POSM1ByMUNMaWNVYmM/edit?usp=sharing chromium-34.0.1847.132-4.el6.src.rpm https://drive.google.com/file/d/0B9RlkKQB1POSNk05U0tlYU1DR1k/edit?usp=sharing It works with latest flash taken from chrome (non-free) e.g. http://pull-mirror.yandex.net/fedora/russianfedora/russianfedora/nonfree/fedora/updates/19/SRPMS/ I could successfully build chromium in mock on x86_64 from your SRPM and it worked right out of the box. Thanks! But somehow I've lost saved passwords and some open tabs after upgrade from chromium-31.0.1650.63-1 (provided by Johnny Hughes). Is it a known bug? I'm not using google account to save my settings. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Filesystem gets corrupted after kernel upgrade to 2.6.32-431.5.1.el6
OK, the original CentOS mirror does not make any changes to that :-( Is there any way I can debug these kernel panics? The hardware I'm testing on is definetily working well (Memtest did not find any errors, besides that, this machine is using ECC RAM) and as mentioned, no other machine on this host throws any errors. The panics seem to be a KVM related thing... When powering up the machine, it boots without any problems. If I do a reboot, it nevers comes up again. Then it gets stuck in a bootloader loop, which means, the bootloader shows up, tries to start something and the system gets reset instantly. The last thing I can see before the reset occurs is Probing EDD (edd=off to disable)... ok. Then the machine gets reset and the bootloader comes up again. If I add edd=off to the kernel parameters before booting, it gets stuck with a cursor in the top left corner and nothing happens - it does'nt anything on the disks and does not consume any CPU time. This machine is running on a Debian Wheezy host with kernel 3.2.0-4-amd64 and QEMU 1.1.2 / libvirtd 0.9.12. Is there anything I could do to debug this thing more deeply? At the moment I have to shut off the machine when I'm going to reboot it... The collapsing file system has been demystified - my colleague simply missed to reboot the systems after upgrading to the new kernel version. But, in my opinion, that should'nt happen either... Any ext4 or kernel errors in the logs or anything at all? AFAIR there was once a problem with virtio disk drivers in C5 kvm guests. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] And then there was one (browser)
Well, turns out it was more than a rumour. Here it is, some test version: http://people.redhat.com/tpopela/rpms/ I would recommend trying those RPMs .. I will see if I can get it to build and get it into my chromium soon. FYI chromium-31.0.1650.63-1.el6_5.src.rpm builds (in mock) and installs just fine in C6.5 64-bit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What is eating up Swap
recently I noticed, that one of our webservers is using swap space,
while there is plenty of physical ram available.
free -m
total used free sharedbuffers
cached
Mem: 8118 2014 6103 0 85
261
-/+ buffers/cache: 1667 6450
Swap: 8197 77 8119
It's not that much, but why?
Any ideas how to debug that? Thanks for any hint and suggestion.
#!/bin/bash
# Get current swap usage for all running processes
# Erik Ljungstrom 27/05/2011
# Modified by Mikko Rantalainen 2012-08-09
# Pipe the output to sort -nk3 to get sorted output
SUM=0
OVERALL=0
for DIR in `find /proc/ -maxdepth 1 -type d -regex ^/proc/[0-9]+`
do
PID=`echo $DIR | cut -d / -f 3`
PROGNAME=`ps -p $PID -o comm --no-headers`
for SWAP in `grep Swap $DIR/smaps 2/dev/null | awk '{ print $2 }'`
do
let SUM=$SUM+$SWAP
done
if (( $SUM 0 )); then
echo PID=$PID swapped $SUM KB ($PROGNAME)
fi
let OVERALL=$OVERALL+$SUM
SUM=0
done
echo Overall swap used: $OVERALL KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ltsp Selinux
The message I'm now seeing in /var/log/audit/audit.log :
type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for
pid=8218 comm=xauth name=caw dev=md1 ino=262145
scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1385112688.399:67769): arch=c03e syscall=2
success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217
pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 tty=(none) ses=9 comm=xauth exe=/usr/bin/xauth
subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
You may try to add the following rules to your local policy, but do you
really need this? It seems like you shouldn't have any problems with
non-root accounts.
module local 1.0;
require {
type xauth_t;
type home_root_t;
class dir write;
}
#= xauth_t ==
# The source type 'xauth_t' can write to a 'dir' of the following
types:
# user_home_t, xauth_tmp_t, var_lib_t, xdm_var_run_t, admin_home_t,
user_home_dir_t, tmp_t, user_tmp_t, nx_server_var_lib_t, nfs_t
allow xauth_t home_root_t:dir write;
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ltsp Selinux
thanks for the replies. I did test this with other then root user. Trying with restorecon -R -v /home I was wrong. At least should have checked the labels before writing a quick response. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] page allocation failure
James A. Peltier писал 2013-10-28 03:02: - Original Message - | CentOS 6.4 | | /var/log/messages-20131013:Oct 9 03:16:36 vixen kernel: EMT: page | allocation failure. order:4, mode:0xd0 | /var/log/messages-20131020:Oct 14 13:15:11 vixen kernel: httpd: page | allocation failure. order:2, mode:0x20 | /var/log/messages-20131020:Oct 14 13:15:11 vixen kernel: httpd: page | allocation failure. order:2, mode:0x20 | /var/log/messages-20131027:Oct 20 16:00:47 vixen kernel: sshd: page | allocation failure. order:2, mode:0x20 | /var/log/messages-20131027:Oct 20 16:14:28 vixen kernel: sshd: page | allocation failure. order:2, mode:0x20 | /var/log/messages-20131027:Oct 20 16:14:28 vixen kernel: swapper: | page | allocation failure. order:1, mode:0x20 | /var/log/messages-20131027:Oct 20 16:14:28 vixen kernel: sshd: page | allocation failure. order:2, mode:0x20 | /var/log/messages-20131027:Oct 23 10:22:41 vixen kernel: httpd: page | allocation failure. order:1, mode:0x20 | | I know It's been discussed about a year ago but I can't view the bug | reports mentioned in the thread. It seems to require an active RHEL | subscription. What was that workaround again? | | Thanks How much memory is in the system? Is it a NUMA machine? Can you tell me what memory looks like during these errors? It looks like a memory problem, but I'll need more details. RAM: 8GB No NUMA configuration found dmesg and monthly memory usage chart: http://www.mediafire.com/folder/wc55gwc17dpp4/vixen I don't see anything suspicious there. I had an impression this is a known problem with an easy fix. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] page allocation failure
Laurent Wandrebeck писал 2013-10-29 13:54: echo never /sys/kernel/mm/redhat_transparent_hugepage/defrag echo no /sys/kernel/mm/redhat_transparent_hugepage/khugepaged/defrag is something I got on several boxes here. If I remember correctly, it « fixes » the problem. I will try that, thanks. Any refs to the source of the solution? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] page allocation failure
echo never /sys/kernel/mm/redhat_transparent_hugepage/defrag echo no /sys/kernel/mm/redhat_transparent_hugepage/khugepaged/defrag is something I got on several boxes here. If I remember correctly, it « fixes » the problem. I will try that, thanks. Any refs to the source of the solution? h I'm pretty sure it comes from CentOS ml but I can't find the ref right now. Anyway, the problem was back then close to this one: http://bugs.centos.org/view.php?id=5716 Thanks Laurent, But are you sure that's a cure for the problem I'm having? Occasional page allocation failures? I don't see anything of the sort in this thread. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] page allocation failure
CentOS 6.4 /var/log/messages-20131013:Oct 9 03:16:36 vixen kernel: EMT: page allocation failure. order:4, mode:0xd0 /var/log/messages-20131020:Oct 14 13:15:11 vixen kernel: httpd: page allocation failure. order:2, mode:0x20 /var/log/messages-20131020:Oct 14 13:15:11 vixen kernel: httpd: page allocation failure. order:2, mode:0x20 /var/log/messages-20131027:Oct 20 16:00:47 vixen kernel: sshd: page allocation failure. order:2, mode:0x20 /var/log/messages-20131027:Oct 20 16:14:28 vixen kernel: sshd: page allocation failure. order:2, mode:0x20 /var/log/messages-20131027:Oct 20 16:14:28 vixen kernel: swapper: page allocation failure. order:1, mode:0x20 /var/log/messages-20131027:Oct 20 16:14:28 vixen kernel: sshd: page allocation failure. order:2, mode:0x20 /var/log/messages-20131027:Oct 23 10:22:41 vixen kernel: httpd: page allocation failure. order:1, mode:0x20 I know It's been discussed about a year ago but I can't view the bug reports mentioned in the thread. It seems to require an active RHEL subscription. What was that workaround again? Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat CEO: Go Ahead, Copy Our Software
GPL == SOURCECODE No. It applies to everything copied/derived from/translated from (etc.) anything where any part is covered by GPL. Including binaries. GPL == COPYRIGHT Yes, and without it, nothing gives you the right to distribute programs where any part is covered. YOU FOOL RHEL IS NOT THE WORK AS WHOLE AND NOT UNDER GPL-ONLY Yes, I am only talking about the components where copyright law would consider it a copy or derivative of GPL code. And I didn't say otherwise. nice that you removed all of my quotes about *source code* in the GPL They are irrelevant to the discussion of how binaries are equally covered by the 'no additional restrictions' section. The only place where source is different is that if you distribute binaries you are required to also provide matching sources. There is no mention of any exceptions to the requirement to permit redistribution for any covered work in any form. Everytime I see a discussion like this on the list I feel an urge to switch either to debian or ubuntu lts. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat CEO: Go Ahead, Copy Our Software
where Canonical even deserves the right to re-use your code for non-open development - are you kidding? http://en.wikipedia.org/wiki/Contributor_License_Agreement#Canonical Thanks for the link. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty Try restorecon -Rv /etc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to determine why a server is not responding
We're using CentOS 5.5 64bits for our Plesk 11. This week we had the following problem 3 times... Suddenly, the server stops responding in all services (SSH, Apache, Postfix, ...) but ping works! After wait a few minutes (or 2 hours some times) the server continues unresponsive until we reboot. After reboot we search on /var/log/messages but cannot find useful information... ... What can we do? what can we test? Could be something related to disk access or RAM, runaway process or whatever. Do you have any system monitoring tools installed? Like munin, atop, sysstat? Any kernel errors in the logs? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] web collaboration packages.
Web mail is particularly important for my wife so she can check e-mail when she is at work. roundcubemail? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux and tinydns
tinydns starts up fine, selinux reports no issues (now after a day of clearing errors). If I turn selinux back to permissive in /etc/sysconfig/selinux, and reboot, tinydns responds to queries. If I turn selinux back to enforcing and reboot, tinydns does not respond. Monitoring /var/log/messages shows no errors from iptables/shorewall or selinux. The only way I can find an error is performing the following:- netstat -npl | grep tinydns # gives me the process id strace -f -p process id From this I can see that tinydns is reporting an error of:- recvfrom(3, 0x606720, 513, 0, 0x7fffc7321ec0, 0x7fffc7321edc) = -1 EACCES (Permission denied) I've got setroubleshoot set to send me an alert on first occurrence of an issue, so far none received. Does anyone know how I should proceed from here ? May be you can see what is there is in the audit log and audit2allow tool might help you http://wiki.centos.org/HowTos/SELinux You may also try to temporarily disable dontadit rules: # semodule -DB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] basic auth fails
I've setup apache basic auth on by web server to protect my nagios site. It's been working just fine, but suddenly it stopped accepting passwords even tho they are being typed in correctly. I was wondering if I could get some advice on how to troubleshoot this? Check permissions and selinux context of the auth file. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] suppressing openssh server identification
With all of the discussions regarding getting p3wned, I am feeling paranoid and can't seem to figure out how to suppress this... telnet $SOME_CENTOS_5_SERVER 22 Trying $SOME_IP_ADDRESS... Connected to $SOME_CENTOS_5_SERVER. Escape character is '^]'. SSH-2.0-OpenSSH_4.3 'Banner no' doesn't do it. Is it possible to suppress the version? http://www.openssh.org/faq.html#2.14 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DHCP_HOSTNAME in ifcfg-eth0
Sorry for the wrong wording: what I want is the DHCP client to send the hostname when a lease is requested, but I do not want to give dhclient any explicit hostname to be sent. I want dhclient to read the hostname from `hostname` or from /etc/sysconfig/network or any other way, and use that name to send the hostname to DHCP server. DHCP_HOSTNAME=$(hostname -s) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
Fully agree. This attitude has lead many companies I know to drop CentOS in favour of other distros. This project is sure not going in the right direction. I know, I'm going to be told to use something else, I know I know, I'm looking for alternatives. Good ... if you don't like CentOS, then we do not want you to use it. For people who do like it, we do want you to use it. What we do not want is for people to think that they have a Service Level Agreement with CentOS to produce updates on their schedule. If you WANT a service level agreement with me, then you may contract for one. If you pay me enough, I will guarantee you updates on what ever schedule you are willing to pay for. I will be very professional in my dealings with you in that case too. When you want something that is provided for free, and when you want to treat me like you are paying me a million dollars a year to give it to you, guess what ... You can also get service level agreements from Red Hat or from Oracle or Novell. If this is all about money and what isn't, why don't you try and start accepting cash donations to the project which have been disabled for a couple of years now? Some extra income for the devs with no strings attached. You may even set financing targets the way wikipedia does it. What's wrong with that? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
