Re: [CentOS] iTunes on CentOS??
On 04/13/2010 05:26 PM, ken wrote: Stay tuned (but not necessarily iTuned). Que the sad trombone! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Repodata for 5.4 updates?
Karanbir Singh wrote: This is now normal, but it hasent been like this in the past. Over the last 8 months the updates for CentOS-5 have come from a mostly automated system and one of the fallouts is that this system will nominate and track update state on a few external mirrors before doing the metadata and announce[1]. This has worked flaw lessley in the past ( only sometimes when specific mirrors would orphan themselves would users reall 'see' this ). And ofcourse when we do things like OpenOffice ( which pushes ~ 3 GB of updates ). SNIP Karanbir, Thank you so much for taking the time to write that reply. Reading about the process of pushing out updates gave me a new appreciation for what you and the rest of the team does for me the consumer. Thank you, thank you, thank you, Andy Hull ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newsletter feedback
Geerd-Dietger Hoffmann wrote: Hey We have now published the sixth version of the Newsletter and I think it is time to ask YOU ( the reader ) what we can improve. The current trend is away from really technical details more to a light read and entertaining stuff. Is this a good way to go. Or should we focus more on the technical side again*. Or is the balance right? What do you want to read about? What sections do you want? Or just comment. I am happy about any constructive criticism. I hope you are enjoying the Newsletter. Cheers Didi *Of course the we will not become a only fun Newsletter. My www page: www.ribalba.de Email / Jabber: riba...@gmail.com Skype : ribalba ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I would like to echo the thoughts of Keith and Mathieu. I am a long time CentOS user and lurker in the list. To me, the newsletter feels like a top-view of CentOS and the community, and I like it. A few ideas to ponder: - I could see the newsletter being a great platform for the lead maintainers to keep us informed - Mathieu's idea of soliciting a publishing success stories, real-life deployment stories, and the like would be very interesting to me Bottom line: You are doing a great job, and I like The Pulse's direction. Andy Hull ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need some help with logwatch.
James B. Byrne wrote: host1 crontab -l as root 45 7 * * * /usr/sbin/logwatch --service http --service imapd --service pop3 --service sshd --service vsftpd --service zz-disk_space --service zz-network --service zz-sys --mailto supp...@harte-lyne.ca host2 crontab -l as root 45 7 * * * /usr/sbin/logwatch --service http --service imapd --service pop3 --service sshd --service vsftpd --service zz-disk_space -- service zz-network --service zz-sys --mailto supp...@harte-lyne.ca #Logwatch summary Hello, I'm afraid I cannot address your specific question, however this may still be helpful... I recommend moving all of those command line switches from your crontab into the config file(s). The defaults are defined in /usr/share/logwatch/default.conf/logwatch.conf The logwatch maintainers intend users to override those defaults in /etc/logwatch/conf/logwatch.conf If you move your customizations to /etc/logwatch/conf/logwatch.conf, then you can call logwatch without any switches at all. Also, something I do and find useful is to leave delivery of the logwatch emails set to the default - r...@localhost. Then forward root's mail to my external sys...@domain account. This way I get any/all system generated e-mail to root (like an mdadm failed array event!), not just logwatch. Hope that helps, Andy Hull ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring a remote server with Conky ?
Niki Kovacs wrote: Hi, I've been using Conky for some time, a nifty utility to monitor just about anything on the PC. Vital things like CPU, RAM, swap, disks, current song playing in MPD :o) Here's what it looks like : http://www.microlinux.fr/images/bureau_conky.png And with more detail : http://www.microlinux.fr/images/conky_zoom.png Now I wonder... I'd really like to use that to monitor my remote server. I know this feature isn't officially supported by Conky, but I'm right now thinking about a workaround. Something like: OK, my server is 'headless' (e. g.: no graphical server, nothing), but why not install just xorg-x11-server-Xorg, then use Conky and forward it to my local display with SSH -X ? I'm pondering this question, thinking about the possible issues... ... so maybe one of you guys here has come up with some solution ? Cheers, Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi, The suggestions offered by other posters to install/use a monitoring/polling/graphing system is a fine idea. Using something like Cacti is great for collecting and viewing historical data. However for looking at what a server is doing _right now_, that kind of system falls short. I think your original idea is spot on! I do exactly what you suggest. I keep a minimal X install on most of my headless machines -- I still boot run level 3. This lets me ssh -X to a machine and execute graphical commands, and up the come on my local Linux workstation. Occasionally, this is very useful for me. For instance: I have some of these headless boxen scattered throughout the network. With this, I can launch firefox on a remote machine. This lets me test viewing resources from various points of the network; great for security policy testing. What you're talking about works great too. I have gkrellm installed on these machines too, as well as the servers. Cacti is great for looking at trending or historical data. But to see what a server is up to _right now_ I fire up gkrellm this way (along with things like tail 'cat /var/log/_something_' and htop) to see what the machine is up to right then and there. gkrellm is available from the wonderful rpmforge repo, but I'm sure Conky would work too. Andy Hull ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Status of RPMForge || RPMRepo
Are the websites for RPMForge or RPMRepo off line for anyone else? As an aside (since I am just noticing), how long has rpmforge.net redirected to rpmrepo.org/rpmforge? Thanks, Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] vsFTPd and hidden files - standards compliant?
Hi Folks, I recently received a complaint regarding the vsFTP server I'm running on a CentOS 4.x box. The complaint was that it is improperly responding to the LIST command - it is not returning hidden (period prefixed) files in the directory listing. I investigated and found that vsFTPd would only return hidden files in the directory listing when it received the command LIST -a. Reading RFC 959, it appears that the LIST command does not officially support any flags. I found the force_dot_files directive in the vsFTPd config file. Enabling the directive appears make vsFTPd RFC compliant with regards to responding to LIST -- returning all files and directories (even dot files). So I guess my question is: can anyone confirm that LIST -a really is contrary to the RFC? If so, does anyone know why $upstream_vendor would ship a default conf file that is standards non-compliant? Is there something I'm missing here? Thanks, Andy Hull ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.3 Update Success
Paul Heinlein wrote: On Thu, 2 Apr 2009, Tim Nelson wrote: So, I just wanted to say 'Thank You' to all those who put in such hard work into the CentOS project. The time between releases was not a problem here. If it was, I guess I'd just ask for a refund. :-) I agree. I've only updated one server so far (the backup server, which is completely subservient to my will -- unlike development servers with real live users who might complain), but it went very smoothly. Thank you very, very much! +1 Thank you for a job well done, Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] date differs permanent some 3450 sec.
If your hwclock stores local time and your BIOS adjusts it for DST that would cause a 3600 second time difference or if your hwclock stores UTC and the BIOS adds an hour to that... Turn off any BIOS DST adjust feature if it's enabled. OP: Did the problem start when DST took affect? If not, then the theory that DST hardware/software features/bugs seems to be invalidated. Of course, the inverse could be true as well. Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables rules to limit attack
chloe K wrote: Hi all ks there iptables rules to limit attack? Thank you Hi, Below is an example that I use to limit the rate of new connections to a particular port/service. You should be able to mold this to work with whatever service you would like to protect. Add the first line to your main input chain. This will limit new connections to tcp/22 to a rate of 4/minute/uniqueIP. Another benefit for me, is that this uses the modules that come with the CentOS stock kernel... no extra mussing to get it to work. Andy -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 22 / --state NEW -j SSH_CHECK -A SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT -A SSH_CHECK -m recent --set --name SSH --rsource -A SSH_CHECK -m recent -j LOG --log-prefix SSH Drop / --update --seconds 60 --hitcount 4 --name SSH --rsource -A SSH_CHECK -m recent -j DROP --update --seconds 60 --hitcount / 4 --name SSH --rsource -A SSH_CHECK -j ACCEPT ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables rules to limit attack
chloe K wrote: Thank you Can I know how to define the SSH_CHECK and white list? I only know to use iptables -A Thank you Hello, When you're entering the rules from the CLI, the first time you reference a chain, you need to use -N (for new) instead of -A (for append). So, using my example #iptables -N SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT #iptables -A SSH_CHECK -m recent --set --name SSH --rsource and so on. I use the first line of the SSH_CHECK chain to keep from accidentally locking myself out of my server. If, for instance, I have control and trust over a particular IP address or subnet, I can use the first line to explude them from being rate-limited... #iptables -N SSH_CHECK -s 127.219.24.149 -j ACCEPT or #iptables -N SSH_CHECK -s 127.247.67.0/24 -j ACCEPT (ip addresses changed to protect the innocent) I think that'll do you, Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Web Filter
Joseph L. Casale wrote: I have a location using a CentOS 5 server that's multihomed running Asterisk and iptables for internal web access. Recently some sales people got busted surfing some explicit content so the owner wants something in there to block this. I had heard of Dans Guardian and am reading about what's involved here but just wanted an opinion on what's the best solution for this. NTLM silent auth would be an asset, but the lan is simple and the owner doesn't need granular control if it would be complicated. What are you guys using with good results?/ Thanks? jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Opendns, as Lanny suggested, works as they advertise. Its not very granular though. I've also been using Untangle (untangle.com) and just love it. Its FLOSS with commercial add-ons; but I think the straight FLOSS capabilities are great without the fee-based extras. Its a linux-based router distro. Capable of full NAT routing or as a transparent bridge, you just build up a beige box with 2 NICs and put this baby in between the PCs and the internet. Its got a great UI, and is really flexible. Depending on what you were hoping for/envisioning it could be a great fit. Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] --=Getting OTer by the sec=-- Web Filter
William L. Maltby wrote: On Fri, 2008-12-05 at 14:53 -0500, Andrew Hull wrote: Joseph L. Casale wrote: I have a location using a CentOS 5 server that's multihomed running Asterisk and iptables for internal web access. Recently some sales people got busted surfing some explicit content so the owner wants something in there to block this. I had heard of Dans Guardian and am reading about what's involved here but just wanted an opinion on what's the best solution for this. NTLM silent auth would be an asset, but the lan is simple and the owner doesn't need granular control if it would be complicated. What are you guys using with good results?/ Thanks? jlc SNIP I'm not sure if the latest has all the features OP is seeking, but I've been using IPCop for ages with NP (which means I've not really visited the site and browsed as I should). It has a decent Web interface for administration, ability to block ports, custom Iptables rules inclusion support, squid proxy capability, etc. Has Green/Red/Blue/Orange zone support. I've run it on my old Pentium 200MHz with 96MB and got 900MB/sec from good sites through my Road Runner turbo link (w/10/100 Mb nics). With 2xGB nics on an AMD K7 @ 360MHz, 1.2MB/sec. Easy install, administration and upgrade path. Biggest weakness is that docs seem to lag severly sometimes. And it's FREE open source based on LFS (2.4 kernels?). Find it here. http://ipcop.org/ Andy snip sig stuff HTH Hi Bill, I've never used IPCop (opting for m0n0wall instead), but I was under the impression that IPCop lacked any content filtering features requested by the OP. A quick perusing of the website leads me to believe its trying to be a kick-ass beige-box firewall/router (and most-likely succeeding), but it seems like a content filter it is not. Did I miss some glaring features? Thanks for the conservation, Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Please don't feed the Troll(s)
David Mackintosh wrote: [...] ignorant, unappreciative, self-centered, and emotionally immature [...] You tripped the irony detector. That's exactly what I was thinking. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos