Re: [CentOS] rpm libuser-devel is not signed
On 21/04/11 5:26 AM, Olaf Mueller wrote: Hello, 'yum update' runs into the following error message. Package libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm is not signed I got this too, there's two ways around it: 1) Wait until the package is signed and then update. 2) Run: yum update --nogpgcheck Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] timezone issue
On 17/04/11 2:47 PM, Tim Dunphy wrote: But when I run ntpdate it returns the wrong time: 16 Apr 19:46:13 ntpdate[1968]: step time server 204.235.61.9 offset 14408.651330 sec [root@VIRTCENT08:/etc] #date Sat Apr 16 19:46:42 EST 2011 can someone hit me upside the head with the cluehammer? I've had another look at your strange American times available: [root@seditious zoneinfo]# pwd /usr/share/zoneinfo [root@seditious zoneinfo]# ls -l EST* -rw-r--r-- 1 root root 118 Apr 14 23:54 EST -rw-r--r-- 1 root root 2294 Apr 14 23:54 EST5EDT [root@seditious zoneinfo]# ls -l US/ total 96 -rw-r--r-- 2 root root 2358 Apr 14 23:54 Alaska -rw-r--r-- 3 root root 2353 Apr 14 23:54 Aleutian -rw-r--r-- 2 root root 327 Apr 14 23:54 Arizona -rw-r--r-- 2 root root 3543 Apr 14 23:54 Central -rw-r--r-- 3 root root 3519 Apr 14 23:54 Eastern -rw-r--r-- 4 root root 1649 Apr 14 23:54 East-Indiana -rw-r--r-- 2 root root 250 Apr 14 23:54 Hawaii -rw-r--r-- 3 root root 2395 Apr 14 23:54 Indiana-Starke -rw-r--r-- 2 root root 2202 Apr 14 23:54 Michigan -rw-r--r-- 4 root root 2427 Apr 14 23:54 Mountain -rw-r--r-- 2 root root 2819 Apr 14 23:54 Pacific -rw-r--r-- 3 root root 290 Apr 14 23:54 Samoa [root@seditious zoneinfo]# What happens if you try /usr/share/zoneinfo/EST5EDT or /usr/share/zoneinfo/US/Eastern? Also, what happens when you try date -u? If that's actually different from the real UTC, then your timezone data is less likely to be the cause. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] timezone issue
On 17/04/11 2:47 PM, Tim Dunphy wrote: [root@VIRTCENT08:/etc] #date Sat Apr 16 19:46:42 EST 2011 can someone hit me upside the head with the cluehammer? Well, depending on the system (and how old it might be) perhaps the BIOS time? Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installing php-mcrypt
On 28/03/11 2:33 PM, Todd Cary wrote: It has been 6 years since I set up my Linux server and have hardly had to touch it in all of those years other than running yum update, so I ma rusty in some of the fine details (especially at 72). That's not old, I've been corresponding with a 78 year-old crypto freak on another mailing list. ;) I located a source for the php-mcrypt rpm (php-mcrypt-5.1.6-15.el5.centos.1.i386.rpm), however, isn't there an easier method to get and install the appropriate rpm - other than downloading it then running rpm? And when should I use yum rather than rpm? Use Yum whenever possible. One thing that is worth mentioning, though, is that php-mcrypt 5.1.x is a little old and a lot of things which require it (e.g. a CMS like WordPress) need 5.2 or above and higher versions of PHP. Fortunately these are all currently available in the CentOS Testing repository. This is where I grabbed my versions from to get WordPress to behave (i.e. recognise timezones). My /etc/yum.repos.d/Centos-Testing.repo file contains: [c5-testing] name=CentOS-5 Testing baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing priority=5 includepkgs=php* If you make this change you should also add exclude=php* to the end of the [base] and [updates] sections of the Centos-Base.repo file. Only include the priority line if you have that set in your other .repo files (everything in my Centos-Base.repo file has a priority of 1, except for [contrib] which has a priority of 2). There's a very good guide on how to do this properly here: http://wiki.centos.org/HowTos/PHP_5.1_To_5.2?highlight=%28php%29 I recommend following it because the chances are that your need for installing php-mcrypt in the first place is for something that needs at least version 5.2. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5 updates
Hello, I've noticed that there haven't been any updates to centos-announce (or in Yum) for CentOS 5 since January 6th (that might be the 5th for a lot of you, I'm at +11:00 UTC). Since then, however, Red Hat have released the following updates for RHEL 5: Critical: https://rhn.redhat.com/errata/RHSA-2011-0169.html Important: https://rhn.redhat.com/errata/RHSA-2011-0017.html https://rhn.redhat.com/errata/RHSA-2011-0163.html https://rhn.redhat.com/errata/RHSA-2011-0182.html Moderate: https://rhn.redhat.com/errata/RHSA-2011-0013.html https://rhn.redhat.com/errata/RHSA-2011-0152.html https://rhn.redhat.com/errata/RHSA-2011-0153.html https://rhn.redhat.com/errata/RHSA-2011-0154.html https://rhn.redhat.com/errata/RHSA-2011-0170.html https://rhn.redhat.com/errata/RHSA-2011-0176.html https://rhn.redhat.com/errata/RHSA-2011-0180.html Low: https://rhn.redhat.com/errata/RHSA-2011-0025.html https://rhn.redhat.com/errata/RHSA-2011-0027.html https://rhn.redhat.com/errata/RHSA-2011-0028.html Does anyone have any idea when we might see these? In particular the kernel updates, but really all security updates are important. Not all of these are security updates, but enough of them are to be of some concern. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 1/02/11 10:50 PM, James Hogarth wrote: Work is currently ongoing on QA for 5.6 ... once that is out then you'll start seeing the other updates that depend on that. Ah, so that's what it is. I had kind of assumed everyone had been distracted by work on CentOS 6, until I saw the recent massive update to CentOS 4. Thanks. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 1/02/11 11:13 PM, James Hogarth wrote: Centos6 is pretty much on hold until 5.6 is out the door due to the number of systems it has an impact on (ie no existing C6 systems to update and many many C5 ones). Now that is excellent news; exactly what I wanted to hear. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 updates
On 2/02/11 12:16 AM, Karanbir Singh wrote: On 02/01/2011 11:43 AM, Ben McGinnes wrote: Critical: https://rhn.redhat.com/errata/RHSA-2011-0169.html This is irrelevant to CentOS, its an RHEL update; if there was to be a critical or a remotely exploiteable issue that comes up we would then do a release into 5.5, but mostly things are now building /linking into 5.6, so releasing those with out the deps they build against might cause interesting issue. Fair enough. I must admit to not caring as much about the Java stuff anyway, I was mainly collating a list of notices which might correspond. I use the RH lists to give myself an idea of what is likely to appear from CentOS. if there is specific concern about the kernel's released, those can be pushed into the c5-testing repo for early adopters.. Good to know, thanks. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what process is sending this packet?
On 28/12/10 1:30 AM, S Mathias wrote: I can see, that theres a program that keeps sending packets on port 25: Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55854 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 Dec 27 14:12:10 a kernel: [ 6361.649059] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55855 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 but where or how could i find out, that what process sends these packets? It's something connecting to the SMTP service on your system. The clue is DPT=25. Possibly some kind of filter. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] do i need a dedicated ip address for https?
On 22/12/10 11:52 PM, Nico Kadel-Garcia wrote: It's the easiest way to do it. If you allow someone else to hold your SSL keys, they can do interesting things to act as your front end to Where in the original post did it mention using a system that's not under their control? The question was about a static IP address, not the system the keys and certificates would be installed on. register your hostname associated with a registered key, but that gets tricky. And there are other fancy tricks, but they get weird and painful. Yes, it also depends on how much effort they're willing to go to and whether or not they care if a visitor notices. But let's be honest. Most SSL encryption is not done to authenticate a website as a signed, registered websites. Most of us at penny-wise workplaces have to hit Yes, I accept this unsigned key pop-ups all the time. SSL is often useful merely to encrypt the traffic end-to-end while clients accept such unsigned or incorrectly registered keys without concern. For that kind of use, dodging and weaving unregistered IP addresses are common place. That's what my self-signed site is for, but then I live in a country that is still debating mandatory Internet censorship. Most people wanting SSL on their website see it as a business requirement and most of those sites are running on shared or VPS hosting. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sun X4640
On 14/12/10 7:12 AM, m.r...@5-cent.us wrote: I've been working with them (right, the engineer I'm working with is in Chile, while I'm in DC). I *think* this is a Linux naming convention, though. Anyway, after I posted, I mentioned the problem to my manager, and he suggested I look in dmesg. I went to one of the other identical boxes, and looked, and sure enough, Linux is looking at it from node 0, so it's the third board (if you count from 1). g This is what I was about to suggest (that it counted from 0). If it's a variation on the X4600 M2 I can send you some useful related material off-list. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPV4 is nearly depleted, are you ready for IPV6?
On 7/12/10 8:33 PM, Christopher Chan wrote: Ah, I must pity you who have to live with what you've got in the United States being under the rule of these tyrants. You guys probably can only dream of getting a 100MB fibre connection for 13USD/mnth or a 1GB fibre connection for 30 or so USD/mnth. I hesitate to keep the chaps in Australia on the list to be pitied now that Telstra is being dismantled. It's okay, soon we'll have a new monopoly to whinge about: NBN Co. ;) The real problem here is the quotas on broadband connections, although that is in part due to the cost of hauling almost all the data half-way around the globe. The even more horrendous problem, which is so pervasive it affects everyone, is the insistence on asymmetric connections. Even when Australia does get this fabled fibre-to-the-home, it still won't be symmetric. *sigh* Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPV4 is nearly depleted, are you ready for IPV6?
On 8/12/10 4:12 AM, David Sommerseth wrote: On 07/12/10 16:49, Bob McConnell wrote: No, it is not FUD, it is a real concern by people with much to lose. Those of you evangelizing this new, and still unproven technology can't seem to recognize this simple fact. This is FUD. Agreed, but I'm not adding more to the pro-IPv6 chorus, because it's already being covered very well, both here and on NANOG (and ipv6-ops). And due to the enormous address space IPv6 gives each single site, doing a brute-force attack against more IP addresses will be a never-ending story. Try to double 4.294.967.296 32 times, and you'll have the number of addresses available *only to you* in *one* /64 subnet. Anyone wanting a nice clear explanation of the numbers of IPv6 address space: http://www.ripe.net/info/info-services/addressing.html If you then even introduce IPv6 Privacy Extensions, which will randomise and change the IPv6 address regularly, an attacker will shoot at a moving target. Then put this moving target behind a firewall which doesn't provide access from the outside to the inside (only from inside to outside), and the attacker will not know if he hits or not. This coupled with statefull firewalling should cover everyone's needs. No doubt there will still be people like Bob who will remain unconvinced until everyone around them become the proof. If they really want to deliberately break things to retain their NAT-like world, they can configure a single box with 6to4 and 4to6, give it a /128 and then run their existing v4 NAT space behind that. They'll get very little sympathy when it breaks other things, though. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] hi all
On 4/12/10 9:45 PM, Mathieu wrote: Dear Manuel First,thanks for your kindness... I understand now better the Centos spirit of contribution. For the wiki link I dont know how you got it, i sent you the table of contents of my wiki page, not the content (yet)... You composed your email in HTML, so when you copied and pasted the TOC from your site into the email it included the URLs as HREFs. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] SELinux - way of the future or good idea but !!!
On 30/11/10 10:54 PM, Leonard den Ottolander wrote: On Tue, 2010-11-30 at 02:12 -0800, John Doe wrote: Because it comes from the NSA! The backdoor experts... ;P PS: joking of course, the NSA would never do anything bad... This of course was a serious concern by any of the early adopters. It has been discussed in length on various mailing lists. But since the code is available it can and has been audited. Unless of course the Linux developers are collaborating with the NSA to take over your computer and they slipped us a mickey. As you say, it was eventually determined that the NSA did not insert anything dodgy in the code to give them access. They only did two things which caused a certain amount of questioning, to a greater or lesser extent: 1) They only work with Red Hat officially because it is an American company, though the current business model of Red Hat made the partnership far more viable. 2) In spite of many requests, they refused point blank to incorporate encryption in any of the enhancements. The reason for the second one is pretty obvious, though, they know that SELinux would be (and is) used by non-Americans and they don't want to protect foreign secrets, they want to discover them. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimal VPN
On 25/11/10 4:07 AM, tony.chamberl...@lemko.com wrote: I am looking for the optimal VPN. Well it doens't have to be that elaborate. Just the best VPN. We currently have some customers using PPTP, some using openvpn, some using Cisco Any Connect and there are a few others. Be careful with the Cisco VPN solutions. Cisco's VPN client is notoriously bad at handling 64-bit architecture and frequently induces kernel panics (I've seen this in both Linux and OS X systems). So my question is, if you have control of both ends (client and server) what is the best VPN to use? There are not too many requirements, but a big one is I'd go for OpenVPN, it's free and widely supported across multiple platforms. The VPN must return the same IP address to the same user each time That is there must be a specific IP address assigned to a user/password combination. pptp does not really do this but I wrote sort of a backend (or maybe frontend? ;-) ) to change the IP address assigned based on a login and password. It is extra stuff I would prefer not to do though. RADIUS can assign a specific IP to a given user, but let OpenVPN handle the encryption. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux - way of the future or good idea but !!!
On 1/12/10 2:32 AM, m.r...@5-cent.us wrote: Ben McGinnes wrote: The reason for the second one is pretty obvious, though, they know that SELinux would be (and is) used by non-Americans and they don't want to protect foreign secrets, they want to discover them. Um, not quite: there *are* export controls on encryption, and even if they wanted it, they couldn't. With the crypto that is already included by default in Linux (e.g. OpenSSH, OpenSSL, etc.), US companies are already unable to distribute their products to those few countries left on the list that those export controls apply to (not that that actually stops those countries from obtaining it anyway). You won't find any RHEL service contracts in Syria, Cuba, Iran, North Korea and whichever other countries are on the list (I can't be bothered looking it up). It's more likely that the NSA reasoning is operational rather than legal. There are already enough suppliers of cryptographic software within the United States to show that compliance with that legislation is still possible. The NSA know that the crypto genie is out of the bottle, they're just not willing to share their own advances. Which makes sense considering what they do, it's not like GCHQ shares its advances with UK firms or the DSD shares theirs with Australian firms. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix - message queue filling with Host or name not found - try again
On 22/11/10 2:54 PM, Indunil Jayasooriya wrote: Pls add bdgiedjhea.po6e4ina.com mailto:j...@bdgiedjhea.po6e4ina.com to /etc/hosts file and , then add bdgiedjhea.po6e4ina.com mailto:j...@bdgiedjhea.po6e4ina.com to mydestination parameter in /etc/postfix/main.cf http://main.cf file mydestination = $myhostname, localhost.$mydomain, localhost, bdgiedjhea.po6e4ina.com mailto:j...@bdgiedjhea.po6e4ina.com This is a really *bad* idea, it makes Rob's mail server accept mail for that domain, which is not what he wants. What he wants is to prevent his system from sending an auto-response to an unreachable host. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix - message queue filling with Host or name not found - try again
On 22/11/10 2:47 PM, Rob Kampen wrote: Ben McGinnes wrote: What is the complete output of postqueue -p? What is the From address and, more to the point, is it MAILER-DAEMON? Yes it is Cool. Where $MSGID is one of the messages in the queue. That will show you the message and headers. I'd be willing to bet it's your server trying to send a rejection/spam detection to a server. Correct - thanks for the pointers on how to track it down - No problem. so now my question is how do I set things up to simply try this once and then drop it, rather than queue it up for the next five days with all the attendant dns errors. That would be difficult to do without it affecting all mail and resolution problems are supposed to induce temporary failures for a reason. The reason normally being that if you are isolated from the Internet for any length of time (e.g. link outage), you don't want mail queued on the server being bounced or dropped because you can't reach an external name server to find an A record or MX record. This is definitely at the boundaries of my mail setup experience - for some reason the other two mail servers I run do not seem to get the same level of spam and thus I seldom notice this. Are they both running Postfix too? If so, compare the output of postconf -n between the three servers and look for what is different. In this case, the email address that the bounces are trying to be delivered to is what appeared in the MAIL FROM section during delivery. It is almost certainly intended to bounce and the mail will all be spam. I haven't been able to find any A records for that domain and the registration is in Russia. It's a fairly safe bet that they're spammers. I would recommend that you add the following to your smtpd_recipient_restrictions in main.cf: check_sender_access hash:/etc/postfix/sender_access, Probably immediately above or below the line for check_recipient_access which is listed in your original post. Create a file called /etc/postfix/sender_access with the text editor of your choice and include the following line: po6e4ina.com REJECT Then run the following commands: postmap /etc/postfix/sender_access postfix reload That should do the trick nicely. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix - message queue filling with Host or name not found - try again
On 17/11/10 7:26 AM, Rob Kampen wrote: Examining the postfix queue with postqueue -p: I see many (Host or domain name not found. Name service error for name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again) j...@bdgiedjhea.po6e4ina.com My question - why does this stay in the message queue - why not dumped back with message undeliverable or dropped? What is the complete output of postqueue -p? What is the From address and, more to the point, is it MAILER-DAEMON? Agreed, however this opens a potential DoS attack vector - I'm trying to determine why my postfix even has these requests present as I'm not initiating the emails (as far as I know) and I do not forward emails for any other domains. I feel like I'm missing something..confused maybe It could be backscatter. Run postqueue -p and pick one of the messages, it shouldn't matter which. Then run: postcat -q $MSGID | less Where $MSGID is one of the messages in the queue. That will show you the message and headers. I'd be willing to bet it's your server trying to send a rejection/spam detection to a server. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail Transfer of Large Files
On 20/11/10 8:16 AM, Michael D. Berger wrote: On my intranet, I sometimes transfer large files, about 4G, to an CentOS old box that I use for a web server. I transfer with ftp or sftp. Have you tried scp or rsync? Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] large numbers of linux system user for postfix
On 8/11/10 7:30 PM, ahmad riza h nst wrote: hello, i need to setup a mail server with postfix + dovecot + webmin + virtualmin + virtual user with linux system user. the virtual user may reach to thousands user from several hundreds virtual domains. That shouldn't be a problem. Postfix has had support for this for well over a decade. what i concern is large numbers of linux system user which used in these setup, is it good or bad? Virtual users with a Postfix/Dovecot installation does not equate to real Linux/shell accounts. If the only service being provided is mail, then there's no reason to create real accounts. maybe somebody would share their experience about this setup ? any links would be good. postfix 2.6.7 dovecot 2.0.6 centos 5.x Is there any particular reason you've chosen these versions? That is, are there specific functions which these versions provide that are not in prior versions? I ask because I'm running these versions in CentOS 5.x: postfix-2.3.3-2.1.el5_2.i386 dovecot-1.0.7-7.el5.i386 If the only concern is security updates, these are backported to the current versions in CentOS. webmin + virtualmin I've had no experience with either of these as I edit the config files with a text editor. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] large numbers of linux system user for postfix
On 8/11/10 11:54 PM, ahmad riza h nst wrote: the problem is we would use webmin + virtualmin as an interface for costumers to manage their domain (mainly emails) on the server and virtualmin don't use/support mysql + vpopmail yet, at least that what i understand at this moment. virtualmin choose to use unix system user with postfix, so if i create an email then it create one unix system user too, this is what i'm concern, since i don't have any information about what happen to linux/centos if these unix system user growing bigger and bigger to reach some thousands users for an example. Assuming that Virtualmin doesn't have support for real virtual users or redirecting to MySQL for that then you have three basic choices: 1a) Use a different management interface for managing the Postfix/Dovecot configuration. 1b) Write your own extension for Virtualmin which provides this functionality (essentially a variation on 1a). 2) Stick with the existing mail server configuration which already works with Webmin and Virtualmin. 3) Create user accounts that do not provide an actual shell account (e.g. /bin/noshell). With the number of domains and users you're looking at, this could be a real problem, especially when the usernames might conflict between different domains. If I were in your position I'd be looking at either 1a or 1b. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pptp vpn server
On 5/11/10 9:39 AM, Ross Walker wrote: As for the SSL part, you can monitor traffic over it in a couple of ways. For internal services being served out you can have the SSL connection terminate at the gateway and the gateway establish an internal SSL connection to the service. For internal clients connecting to external services I have used SSL inspectors, these basically initiate an SSL connection to the destination, take the certificate, generate a per-destination itself and pass that to the client, basically acting as a man in the middle, as long as the gateway/inspector is a trusted intermediate CA and the subject is preserved then the client doesn't have a problem with it. I believe this is one of the methods that was looked at to enable ISPs to filter/censor/log SSL connections should the government policies become legislation here. Except for all outbound connections. The rest of us call it a MitM (when used for outbound or between third parties, not in your example). Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pptp vpn server
On 5/11/10 11:29 PM, Les Mikesell wrote: On 11/5/10 4:27 AM, Ben McGinnes wrote: I believe this is one of the methods that was looked at to enable ISPs to filter/censor/log SSL connections should the government policies become legislation here. Except for all outbound connections. The rest of us call it a MitM (when used for outbound or between third parties, not in your example). So if you really want privacy you need to run another layer of encryption end to end with an uncommon cipher? In this kind of scenario, yes. The SSL/TLS filters aren't uncommon. Ironport have products that will do it, but they're usually sold to corporations that want to monitor *all* connections from their network. The difference here as that the government were looking at instituting something similar nationally. Though it was mentioned in a testing report from 2008, this part appeared to be silently dropped by the time of the live pilot in 2009. I'd have to take another look at the 2008 report, but I'm pretty sure that none of the software tested in 2007-2008 could filter SSH or VPNs. They could be blocked, though, depending on how much effort was expended. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pptp vpn server
On 6/11/10 12:25 AM, Ross Walker wrote: If we could start the whole certificate thing over I think it would have been better to have a trust registrar rather then a bunch of semi-trusted authorities. Then any corporation can create their own CA and register that CA with a registrar with proof of identity, then manage their own certificates and CRLs. Now this is an excellent idea! It would be vastly superior to the current situation, though a serious challenge to the price-gouging of many CAs. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Nagios installation problem
Hello, Has anyone managed a successful installation of Nagios using the RPMForge packages on CentOS 5.5? It looks like it should have worked, I followed the guides for Fedora and CentOS here (with appropriate path adjustments): http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html http://wiki.centos.org/HowTos/Nagios The SELinux policies look fine (I tend to ignore instructions to permanently disable SELinux, if I'm not using SELinux then there's no reason not to return to Slackware): # semodule -l | grep nagios nagios 1.1.0 # The nagios.cfg check gave the all clear: Reading configuration data... Read main config file okay... Processing object config file '/etc/nagios/objects/commands.cfg'... Processing object config file '/etc/nagios/objects/contacts.cfg'... Processing object config file '/etc/nagios/objects/timeperiods.cfg'... Processing object config file '/etc/nagios/objects/templates.cfg'... Processing object config file '/etc/nagios/objects/localhost.cfg'... Read object config files okay... Running pre-flight check on configuration data... Checking services... Checked 8 services. Checking hosts... Checked 1 hosts. Checking host groups... Checked 1 host groups. Checking service groups... Checked 0 service groups. Checking contacts... Checked 1 contacts. Checking contact groups... Checked 1 contact groups. Checking service escalations... Checked 0 service escalations. Checking service dependencies... Checked 0 service dependencies. Checking host escalations... Checked 0 host escalations. Checking host dependencies... Checked 0 host dependencies. Checking commands... Checked 24 commands. Checking time periods... Checked 5 time periods. Checking for circular paths between hosts... Checking for circular host and service dependencies... Checking global event handlers... Checking obsessive compulsive processor commands... Checking misc settings... Total Warnings: 0 Total Errors: 0 Things look okay - No serious problems were detected during the pre-flight check My adjustment of other config files is minimal, essentially just setting the email address to deliver notifications to. Yet every time I try to start the service I get this: # service nagios start nagios is stopped Configuration validation failed[FAILED] The error appears to be identical to that reported here: http://forums.meulie.net/viewtopic.php?f=61t=6538start=0 Like the original poster of the thread on that forum, I am able to start it with nagios -d /etc/nagios/nagios.cfg though various web pages continue to report an unspecified configuration error. Does anyone have any ideas? Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auto-Re: CentOS Digest, Vol 70, Issue 5
On 6/11/10 3:04 AM, 韦加宁 wrote: 信已收到,谢谢! 有没有必要每个邮件到达通知我们。谢谢。 Regards, Ben P.S. 不,我看不懂中文。我用谷歌。 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Nagios installation problem
On 6/11/10 5:30 AM, Paul Heinlein wrote: I've had trouble getting Nagios runtime files to work and play well with SELinux. In particular, the pid file, /var/nagios/nagios.pid, is created with a generic var_t type rather than the necessary nagios_var_run_t type, so I've tweaked system policy a bit: semanage fcontext -a -t nagios_var_run_t /var/nagios/nagios\.pid Okay, that works to get the service to start (along with chcon -t nagios_var_run_t -R nagios/ while in /var just to be sure). I'm still getting Error: Could not read object configuration data! in the nagios pages, though. It looks like I'll have to play around with some of the configuration options and see what happens. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pptp vpn server
On 6/11/10 6:09 AM, Rob Kampen wrote: Ben McGinnes wrote: Now this is an excellent idea! It would be vastly superior to the current situation, though a serious challenge to the price-gouging of many CAs. I used to use godaddy for my certs but now use the startssl folk - much better value!! Free is pretty good value ... unless you want/need wildcard certificates for your domain. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Copying root partition
On 4/11/10 10:28 PM, Timothy Murphy wrote: I recently transferred the / partition on my CentOS server from a small disk to a large disk, using rsync -auvz. This works fine, except that I get dozens of selinux warnings when I re-boot. I'm running selinux in permissive mode. Is there any way to make sure that all the files in a partition are kosher as far as selinux is concerned? Try: restorecon -Rv /partition Expect it to take a while. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pptp vpn server
On 4/11/10 10:35 AM, Ross Walker wrote: On Nov 3, 2010, at 7:01 PM, John R Pierce pie...@hogranch.com wrote: On 11/03/10 3:46 PM, Ross Walker wrote: I just think VPNs' time has come and gone. VPN's have another use entirely, which is linking LAN segments over the internet to create a private WAN. Yes, of course, those will remain and I use those across routers and concentrators, but the personal VPNs aren't necessary. I'm just guessing here, but you live in a country that doesn't (or isn't trying to introduce) mandatory censorship and/or data retention. Right? Those of us in the antipodes have a whole different reason for wanting VPN connections to such insecure points as shared hosting or VPS systems. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] POP3 server
On 22/10/10 3:10 AM, David wrote: I was hoping Dovecot could be not so RFC compliant in this matter. Anyway if gets the DELE command the message arrived safely to the client. Any other POP3 server not so RFC compliant? Thanks for the answer. Breaking RFCs to get the functions you want is a *bad* idea. What happens if you get hit by a bus and someone else has to deal with the issue, sees that the config is broken and fixes it. You're much better off using a protocol which supports an immediate delete from the server, like IMAP. Unless, of course, the issue is with a lack of disk space on the server. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh with shared home dir
On 23/10/10 2:17 PM, Tim Dunphy wrote: Would someone @ mail dot centos dot org delete this email expung it from public view??? uhm.. what's your problem, dude? He's probably referring to the private RSA SSH key that has been posted in that message. Actually, that would be *your* private key. Time to make a new one. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not receiving mail
On 21/10/10 6:17 AM, Dotan Cohen wrote: I thank you guys for your patience and help. No problem. I just spent a good few hours googling today and working my way around blogs, documentation, howto articles, forum posts, mailing list archives, and the like. I wouldn't have even known what to google for without the patient and helpful assistance I've received here. When it is said that CentOS is a Community ENTerprise Operating System be there no mistake! Heh. It probably helps that I'm also subscribed to the postfix-users mailing list, which frequently addresses issues like this. I highly recommend it for anyone running postfix, even just as a lurker. Also, Wietse posts regularly to that list. Cold beer for anyone visiting Israel soon! If I could afford to visit, I'd take you up on that! :) Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not receiving mail
On 20/10/10 5:42 AM, m.r...@5-cent.us wrote: Ian Murray wrote: No the example above shows a telnet to port 25 connecting - which I can reproduce too - but there is no 220 response as there should be from a I am late to the thread (and I haven't a clue what we are talking about in fact), but I get a 220 when I telnet into that IP address... Escape character is '^]'. 220 mercury.localdomain ESMTP Postfix Odd. Why would it say localdomain? He probably has an incorrect myhostname or mydomain value in main.cf. From the look of the postconf -n he posted, he hasn't specified either of these. From the relevant section in Dotan's postconf -n: mydestination = $myhostname, localhost.$mydomain, localhost newaliases_path = /usr/bin/newaliases.postfix The equivalent section in mine (sanitised because copying pasting is not the solution): mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = example.com myhostname = mail.example.com mynetworks = 127.0.0.0/8, 192.168.1.0/24 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openoffice.org2.3 in CentOS5.3
On 16/10/10 7:57 PM, Ritika Garg wrote: I want to update the system because I haven't updated CentOS5.3 from the time when I installed it. But I am also afraid of directly using yum update command. I used yum list updates but theres a error displayed which I have already posted. As Manish said in his response, the error indicates a networking failure. Either the system's Internet connection is down, suffering from high latency or the DNS resolution is timing out. You should check all the suggestions that Manish made. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux policy for dkim-milter
Hello, Does anyone have a sample SELinux policy for dkim-milter? I'm using the configuration from this page: http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3 Along with the latest RPM from the link on that page. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux policy for dkim-milter
On 13/10/10 1:44 AM, Ben McGinnes wrote:
Hello,
Does anyone have a sample SELinux policy for dkim-milter?
I'm using the configuration from this page:
http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
Along with the latest RPM from the link on that page.
Okay, my solution was this:
module dkimlocal 1.0;
require {
type postfix_smtpd_t;
type postfix_cleanup_t;
class tcp_socket { read write };
}
#= postfix_cleanup_t ==
allow postfix_cleanup_t postfix_smtpd_t:tcp_socket { read write };
#EOF
Which was generated from the audit.log. Simply trying to load it with
semodule -i dkimlocal.te failed (magic number error), but doing the
following fixed it:
make -f /usr/share/selinux/devel/Makefile
semodule -i dkimlocal.pp
Special thanks go to Dan Walsh at Red Hat for lending a hand here.
Regards,
Ben
--
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313
signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security updates
On 11/10/10 11:30 PM, sync wrote: I have the same problem on it . Isn't the CentOS very safe? *Sigh* If you don't update it then it won't remain so. It's like buying a brand new deadlock for the door to your house and then leaving the door wide open when you go out. Chances are that sooner or later your stuff will get stolen and the place will get trashed. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: linux desktop market share more than 1%
On 10/10/10 10:16 PM, Christopher Chan wrote: Go OpenSolaris then. Also OpenOffice and maybe LibreOffice can open docx files...not sure about those from MSO 2010 though... Except OpenSolaris has already been killed by Oracle. There is a fork called Illumos, though. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: linux desktop market share more than 1%
On 10/10/10 11:31 PM, Christopher Chan wrote: /me shrugs. Yeah, maybe I better start saying Illumos and yelling use OpenIndiana, a distro which uses Illumos. It'll only be an option for x86/x86-64 and with the move to using Fujitsu UltraSPARC chips that contain patented technology which can only be addressed using binary modules in the Solaris kernel. OpenBSD has already run into that wall and Theo was told where to go in no uncertain terms. Sun is so dead. I guess that makes Oracle a necrophiliac. If you want a desktop os without binary driver issues, this is it. Although I'd say a fair few use it for other purposes. If you have analog Thrustmaster FLCS, TQS, RCS gear and MIDI keyboards, just endure Linux for the time being. :-p Poke at these things long enough and you realise that *all* software sucks, some just sucks less than others. ;) Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] recommended way to install source rpms?
On 11/10/10 10:44 AM, ken wrote: Alternatively, you could also check out Slackware. In my opinion Slackware is still the best distribution for actually learning about GNU/Linux. I'm a little biased, though, I've been running it since 4.0 (and had accounts on other systems running it prior to that). The last time I looked at it (several years ago) it didn't use rpm or apt or any package management system at all, just tgz files. Recently that's changed to .txz for the greater level of compression, but oterwise it's the same. Pkgtool is really simple and straight forward. This is what Linux used to be before there was a redhat... and it's generally how code files are handled in development before they become rpms... or whatever. Slack is great because of its strong adherance to the KISS principle. Source code shouldn't scare anyone. It's interesting stuff and harmless... just text files, after all. If your students are going to hack around with it and compile it (which I would hope they would do), then of course you'll want to take appropriate measures. Yep. I still don't see why some people are so afraid of: ./configure [options] make make install [make clean] If it doesn't work it will tell you. Regards, Ben -- Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes Systems Administrator, Writer, ICT Consultant Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x371AC5BFA04AE313 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: linux desktop market share more than 1%
On 9/10/10 9:06 PM, Marko Vojinovic wrote: Why is there only one Windows? :-D (sorry, couldn't resist... ;-) ) There isn't. The original consumer edition (i.e. Win 95/98/ME) became the XBox. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: linux desktop market share more than 1%
On 9/10/10 11:12 PM, Marko Vojinovic wrote: XBox is a gaming console, not an operating system. You cannot install it on a generic PC hardware. Besides, AFAIK XBox's OS was based on WinNT and WinXP, not the 95/98/ME. It's been quite a few years since I looked at any of this so I might be wrong, but the changes between Win98 and WinME were building towards the project which eventually became the XBox. Things like improving the graphics support in ME, but stripping down (and generally messing up) the TCP/IP stack. Then that got folded into a fork of WinNT 5.x (Windows 2000 = NT 5.0 and XP = NT 5.1). Not that I cared, I'd already been using Slackware for years before ME was released. As for the XBox itself, yes the OS is customised for that kind of gaming platform, but it's still just a PC. It's not even a particularly powerful one. This page has the specs for the XBox: http://www.xbox-linux.org/wiki/Getting_Started#3 Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: linux desktop market share more than 1%
On 8/10/10 8:27 AM, Phil Schaffner wrote: About 10% of the people at my workplace use Linux for the desktop despite sizable pressure to the contrary from the CIO. Is there a reason for the pressure or is it just a generic pro-M$ and anti-*nix attitude? Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] networking problem
On 7/10/10 6:20 PM, Smith Erick Marume-Bahizire wrote: Hello Please I want help in centos server I can ping the gateway or my eth1 ip address but i cant browse from my server could you help me with the codes the codes that will enable network cause i've already configure my iptables and it's showing me that everything is ok. Please help Thank you. Okay, firstly, when asking for help with a new issue, it is best to start a new message rather than reply to a message on an unrelated topic. Otherwise those of us using threaded mail clients (like Mutt or Thunderbird) might overlook the query. Secondly, we need a little detail about your current network configuration and what you have tried. Is it only browsing that is not working, or do other services not work either? Can you send through the output of: route -n cat /etc/resolv.conf Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] does ssh-copy-id not use id_rsa.pub file by default?
On 7/10/10 10:23 PM, Robert P. J. Day wrote: My man page says: ~/.ssh/identity.pub... argh ... sorry, i was logged into the wrong system when reading the man page, i was connected to my ubuntu system. interesting that different distros have different default files for the same command. i will definitely remember that. Slackware also says ~/.ssh/id_rsa.pub, so chances are this is (another) Red Hat/CentOS specific modification. Anyone got an OpenBSD box to double-check on? Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] does ssh-copy-id not use id_rsa.pub file by default?
On 7/10/10 11:20 PM, Václav Strachoň wrote: OpenBSD is not shipped with ssh-copy-id. But ssh-copy-id is only script. So if you try this: Ah, cool. The last time I needed to do this it was the old-fashioned way. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how many people still use NIS?
On 2/10/10 4:27 AM, Boris Epstein wrote: Hello listmates, I have discovered a very strange SFTP problem which I can not connect to anything but NIS thus far. See here: http://www.linuxquestions.org/questions/linux-server-73/sftp-seems-to-fail-for-nis-accounts-under-openssh-5-x-816020/ http://readlist.com/lists/suse.com/suse-linux-e/38/193419.html Hence the question: is NIS (YP) still in use much anywhere for authentication? Solaris still favours it, but mainly because Sun invented it. Most of the rest of us don't bother. I certainly haven't seen it anywhere except exclusively SunOS/Solaris based networks for ages. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls this bandwidth package availblale in Centos
On 1/10/10 1:32 AM, adrian kok wrote: Hi ls the if top package availblale in Centos? http://www.ex-parrot.com/~pdw/iftop/ It appears to be available in the RPMForge repository: iftop.i386 0.17-1.el5.rf rpmforge Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forbidden: can't access *.html files in /var/www/html
On 30/09/10 12:43 AM, Alexander Farber wrote: Hello, I'm using the latest CentOS with phpBB 3.0.x + postgreSQL + sendmail (relayed through gmail.com) - all those programs working fine, with no big modifications of the CentOS defaults (i.e. SELinux is on). [SNIP Does anybody know what is wrong, how to find out? Yep, it's SELinux picking up that the files have been moved or copied to that directory. Run this command: restorecon -R /var/www/html The pages should load after that. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Forbidden: can't access *.html files in /var/www/html
On 30/09/10 3:21 AM, Simon Billis wrote: You can use setenforce 0 without the quotes to disable selinux from the command line till next reboot or until you issue setenforce 1 - this is useful for testing as is looking at /var/log/audit/audit.log and also using commands such as audit2why and audit2allow (I strongly recommend reading at least the man pages and also such websites as http://www.nsa.gov/research/selinux/docs.shtml (google selinux)) In addition to that URL, this document (which I didn't see listed, probably due to the publication date) looks very useful: http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf I'd second reading as much as possible on SELinux before diving into it, as there are more than a few gotchas. Especially when enabling and disabling it and knowing when a reboot is necessary when enabling or re-enabling it. Regards, Ben signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
