Re: [CentOS] EL7, grub-crypt?
On Aug 27, 2014, at 6:37 PM, Darod Zyree darodzy...@gmail.com wrote: 2014-08-27 16:07 GMT+02:00 Baptiste Agasse baptiste.aga...@lyra-network.com : - Mail original - Hi, Whats the new way of creating sha512 passwords in EL7? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html#sec-Password_Encryption In Centos6 I used grub-crypt but that does not exist anymore. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Baptiste AGASSE Lyra Network, Service Systèmes et Réseaux 109 Rue de l'innovation, 31670 Labège - France Tél: (+33)5.67.22.31.87 Fax: (+33)5.67.22.31.61 Mail: baptiste.aga...@lyra-network.com Site: http://www.lyra-network.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos But this is for creating passwords for grub2, no? I was asking (altough might not have been clear enough) on how to get the encrypted values for the shadow file entries. grub-crypt used to be able to do that, returning with the encrypted value of a given passphrase starting with $6$ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Its the default hash used on EL7 by the “passwd” command. [root@centos7 etc]# grep dgoldsmith /etc/shadow dgoldsmith:$6$IoGARIF2$44lyu/9VjFmGsOW (line truncated) [root@centos7 etc]# tail -3 /etc/login.defs # Use SHA512 to encrypt password. ENCRYPT_METHOD SHA512 -- David Goldsmith signature.asc Description: Message signed with OpenPGP using GPGMail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] iostat results for multi path disks
Here is a sample of running iostat on a server that has a LUN from a SAN with multiple paths. I am specifying a device list that just grabs the bits related to the multi path device: $ iostat -dxkt 1 2 sdf sdg sdh sdi dm-7 dm-8 dm-9 Linux 2.6.18-371.8.1.el5 (db21b.den.sans.org) 06/20/2014 Time: 02:30:23 PM Device: rrqm/s wrqm/s r/s w/srkB/swkB/s avgrq-sz avgqu-sz await svctm %util sdf 0.6652.32 3.57 34.54 188.38 347.5228.13 0.14 3.62 0.87 3.31 sdg 0.6652.29 3.57 34.56 189.79 347.4828.18 0.14 3.72 0.87 3.32 sdh 0.00 0.00 0.00 0.00 0.00 0.0014.19 0.00 2.90 2.90 0.00 sdi 0.00 0.00 0.00 0.00 0.00 0.0014.19 0.00 2.87 2.87 0.00 dm-7 0.00 0.00 8.46 173.75 378.17 695.0011.78 3.41 18.68 0.35 6.46 dm-8 0.00 0.00 8.46 173.75 378.17 695.0011.78 3.41 18.68 0.36 6.47 dm-9 0.00 0.00 8.46 173.75 378.17 695.0011.78 3.41 18.68 0.36 6.48 Time: 02:30:24 PM Device: rrqm/s wrqm/s r/s w/srkB/swkB/s avgrq-sz avgqu-sz await svctm %util sdf 0.0054.00 7.00 48.0088.00 408.0018.04 0.12 2.11 1.20 6.60 sdg 0.0013.00 1.00 26.00 4.00 156.0011.85 0.01 0.52 0.48 1.30 sdh 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sdi 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 dm-7 0.00 0.00 8.00 141.0092.00 564.00 8.81 0.251.69 0.53 7.90 dm-8 0.00 0.00 8.00 141.0092.00 564.00 8.81 0.251.70 0.54 8.00 dm-9 0.00 0.00 8.00 141.0092.00 564.00 8.81 0.251.70 0.54 8.00 sdf,sdg,sdh,sdi - four paths for LUN (sdf and sdg are the active paths) dm-7 - device-mapper pseudo device for the mpath device dm-8 - device-mapper pseudo-device for the partition spanning the entire mpath device dm-9 - device-mapper pseudo-device for the LVM LV created on the mpath device The first sample from iostat is the historical data so lets ignore it. The second sample are the stats for a 1 second interval. I see the stats for sdf and sdg are roughly equal but they differ — they are the two active paths that are both being used. I see the stats for dm-7, dm-8 and dm-9 are almost completely identical - makes sense as they really represent the same “disk”. What confuses me is the fact that all the stats for sdf/sdg don’t add up to be equivalent to the dm-[789] devices For the rkB/s and wkB/s columns, the numbers for sdf and sdg add up to equal the numbers for dm-9. But for the first four columns: Column sdf/sdg dm-9 == = rrqm/s 0.0 + 0.0 = 0.0 0 wrqm/s 54.0 +13.0 = 67.0 0 Very different r/s 7.0 + 1.0 = 8.0 8.0 w/s 48.0 + 26.0 = 74.0 141.0 Very different So read data matches and write data diverges Which numbers should I go with? The physical devices or the logical device? Thanks David Goldsmith signature.asc Description: Message signed with OpenPGP using GPGMail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CESA-2014:0626 Important CentOS 5 openssl097a Update
We still haven’t seen the CentOS 5 openssl-0.9.8* RPM updates show up on the CentOS mirrors today. Checked: http://mirror.centos.org/centos-5/5.10/updates/x86_64/RPMS/ http://mirror.yellowfiber.net/centos/5.10/updates/x86_64/RPMS/ http://mirror.vcu.edu/pub/gnu+linux/centos/5.10/updates/x86_64/RPMS/ On Jun 5, 2014, at 12:24 PM, Karanbir Singh mail-li...@karan.org wrote: Hi, Its in the pipes, coming in the next few minutes. - KB On 06/05/2014 05:16 PM, Joe Pruett wrote: what about RHSA-2014:0624-1? On 06/05/2014 06:38 AM, Karanbir Singh wrote: CentOS Errata and Security Advisory 2014:0626 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0626.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 28a83a987c35bf2297a33d7e75703d345953cbb4ab2033f2e06a8be94b7ded0e openssl097a-0.9.7a-12.el5_10.1.i386.rpm x86_64: 28a83a987c35bf2297a33d7e75703d345953cbb4ab2033f2e06a8be94b7ded0e openssl097a-0.9.7a-12.el5_10.1.i386.rpm 56e0b690fa9182cc84f3ae8d7a0062cb0789b0f4a39045953eae63419f5dbb57 openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm Source: 995d2c032cde0e3249e21f266e726217cbfe4ae7a0ed034855e4bc981407a890 openssl097a-0.9.7a-12.el5_10.1.src.rpm ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- David Goldsmith - Director of IT Systems SANS Institute, (www.sans.org) 540.412.5099 x202 (w) 703.819.6197 (c) 540.412.5073 (f) Don’t Miss SANSFIRE 2014 in Baltimore, MD, June 21-30, featuring bonus talks from Internet Storm Center Handlers from around the world! Choose from over 40 hands-on immersion courses in cyber defense, computer forensics, pentesting, and more. http://www.sans.org/info/155480 SANS remains the gold standard in security training - technical, hands on and immediately useful and relevant. Robin Stuart, eBay signature.asc Description: Message signed with OpenPGP using GPGMail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.10, crashes
On Nov 1, 2013, at 2:38 PM, m.r...@5-cent.us wrote: We've just started getting this. We're running 5.10, kernel 2.6.32-358.18.1.el6.x86_64. Anyone else seen anything like this, or have any ideas? mark Nov 1 14:34:21 server kernel: WARNING: at block/ll_rw_blk.c:543 blk_do_ordered() Nov 1 14:34:21 server kernel: Nov 1 14:34:21 server kernel: Call Trace: Nov 1 14:34:22 server kernel: [8014defa] blk_do_ordered+0x27a/0x2b3 Nov 1 14:34:22 server kernel: [8014ac82] elv_next_request+0x13e/0x178 Nov 1 14:34:22 server kernel: [8807b335] :scsi_mod:scsi_request_fn+0x6a/0x392 Nov 1 14:34:22 server kernel: [8005abd2] generic_unplug_device+0x22/0x32 Nov 1 14:34:22 server kernel: [8004d957] run_workqueue+0x9e/0xfb Nov 1 14:34:22 server kernel: [8004a1aa] worker_thread+0x0/0x122 Nov 1 14:34:22 server kernel: [800a3d4a] keventd_create_kthread+0x0/0xc4 Nov 1 14:34:22 server kernel: [8004a29a] worker_thread+0xf0/0x122 Nov 1 14:34:22 server kernel: [8008f4a9] default_wake_function+0x0/0xe Nov 1 14:34:22 server kernel: [800a3d4a] keventd_create_kthread+0x0/0xc4 Nov 1 14:34:22 server kernel: [800a3d4a] keventd_create_kthread+0x0/0xc4 Nov 1 14:34:22 server kernel: [80032c68] kthread+0xfe/0x132 Nov 1 14:34:22 server kernel: [8005dfc1] child_rip+0xa/0x11 Nov 1 14:34:22 server kernel: [800a3d4a] keventd_create_kthread+0x0/0xc4 Nov 1 14:34:23 server kernel: [80032b6a] kthread+0x0/0x132 Nov 1 14:34:23 server kernel: [8005dfb7] child_rip+0x0/0x11 Have you added a kernel from an option CentOS or 3rd-party repo? Our patched CentOS 5.10 servers are running kernel-2.6.18-371.1.2.el5 -- David Goldsmith signature.asc Description: Message signed with OpenPGP using GPGMail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/20/2012 5:25 AM, Markus Falb wrote: On 19.3.2012 10:14, Peter Kjellström wrote: On Sunday 18 March 2012 19.40.21 Ray Van Dolson wrote: On Sun, Mar 18, 2012 at 08:04:14PM +0100, Markus Falb wrote: What filesystem? Assuming ext3, this cannot shrunk without unmounting. I believe the following *should* work for ext3 $ umount /home $ e2fsck -f /dev/vg_web/lv_home $ resize2fs /dev/vg_web/lv_home 150g $ lvresize -L 150g /dev/vg_web/lv_home $ mount /home I am not sure how safe it is. Take care! I'd like to add that it's probably good paranoia not to size the lv down too tightly (should it happen to become smaller than the fs then ooops). That is, I'd size the lv down to a comfortable margin above the fs size (and then size the fs up to the device size). Hmm. I did that too a couple of times in the past. But why? What are the reasons for the paranoia? I think he means don't resize/shrink the filesystem *and* the LVM LV to the exact same size. If the LVM lvresize command were to truncate the end of the existing filesystem, now you have issues. Instead do this: first shrink the filesystem a little smaller than you want, then resize the LVM LV down to the desired size, then resize the filesystem again to grow to use the remaining space. This way you ensure you don't snip of the end of the filesystem. # umount /home # e2fsck -f /dev/vg_web/lv_home # resize2fs /dev/vg_web/lv_home 149g # lvresize -L 150g /dev/vg_web/lv_home # resize2fs /dev/vg_web/lv_home (will default to the LV size of 150g) # mount /home - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9obXgACgkQ417vU8/9QfnyvgCgp67Z1TdMA/Yj/e96EC7CbJL4 XtgAnAq+H/KMqrROuEy6XYN8UNMed3hp =tbIZ -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Isues with YUM Update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/15/2012 8:09 PM, Robert Spangler wrote: Hello all, Is this a known issue? From what I can tell it started on Tuesday. ~ $ sudo yum -y update Password: Setting up Update Process Setting up repositories dag 100% |=| 1.1 kB00:00 kbs-CentOS-Extras 100% |=| 1.9 kB00:00 kbs-CentOS-Misc 100% |=| 1.9 kB00:00 http://www.gtlib.gatech.edu/pub/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://ftp.osuosl.org/pub/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. - From one of those mirror sites: http://www.gtlib.gatech.edu/pub/centos/4/readme This directory (and version of CentOS) is depreciated. CentOS-4 is now past EOL You can get the last released version of centos 4.9 here: http://vault.centos.org/4.9/ - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9ii3sACgkQ417vU8/9QfmvzgCfc1yB69FukQMxAwJrF04cj9DN FmoAni6OZMcHKgdd35E1PnHyWKIX1r9o =L26L -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] build postfix spec w/ mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/19/2011 1:11 PM, Tim Dunphy wrote: hello list! I am attempting to build an rpm of postfix that includes support for mysql. I've done this before with earlier versions on postfix but I am staring at this spec file until my eyes bleed and I just don't see why when I build the spec with rpmbuild mysql support isn't there. After I install the rpm I have a look at the modules as such: ldd $(which postfix) | grep -i mysql and nothing's there. I was hoping someone out there might not mind having a look at the spec file and let me know what I'm missing. One of these two lines likely needs to be set to 1 %define with_mysql0 %define with_mysql_redhat 0 They control two conditional blocks later in the spec file %if %{with_mysql_redhat} Requires: mysql BuildRequires: mysql, mysql-devel %endif %if %{with_mysql} Requires: MySQL-shared BuildRequires: MySQL-shared, MySQL-devel %endif I'm guessing you added the following line: %define MYSQL 1 because that define name does not appear to be referenced anywhere else in the spec file. - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7H+aQACgkQ417vU8/9QfnppACfUOFG05KqoN6s8rsrHHrNAvvX OscAn3WMAHWStJgYPrIDTpXSr/rkq1H0 =xEFq -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Feed a list of filenames to vim
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5/17/2011 12:19 PM, Jussi Hirvi wrote: There are some googlable ways to feed a list of filenames to vim, but I stumble on weird results. With my filelist, I try to do cat list | xargs vim ...to edit the files listed in the file list. Here's what happens: [root@lasso2 tempdir]# ls -l total 8 -rw-r--r-- 1 root root 0 May 17 18:28 a -rw-r--r-- 1 root root 0 May 17 18:28 b -rw-r--r-- 1 root root 3 May 17 18:31 c -rw-r--r-- 1 root root 12 May 17 18:43 list [root@lasso2 tempdir]# cat list ./a ./b ./c [root@lasso2 tempdir]# cat list | xargs vim 3 files to edit Vim: Warning: Input is not from a terminal Ok, so far, so good. And after this, the file a opens, as expected. However, the contents show as all uppercase. And everything I write is uppercase too. I can move to the next file (:n) even though the command shows as uppercase (:N). I cannot quit vim, however. When I do :q, I get blank screen, and I have to close the terminal window. If I do instead cat list | xargs less ...it works as expected. And with cat list | xargs vi ...(in a fresh terminal window), the editing goes just perfect, but when I quit vi, the terminal will not show the commands I write, and the display gets garbled (no newlines etc.). What is happening? Do this instead: vi `cat list` cat list - gives the output of the file which is the three filenames `cat list` - executes this command and feeds its output to the input of your next command So the resulting command ends up being vi ./a ./b ./c which opens up the 'a' file and you will be able to move to the next file with the :n option. xargs is effectively running a for loop on each unique item in the output of the previous command (cat list). vi expects to be run on one file at a time and needs to be associated with a terminal session in prder to be able to get input from you (either text or commands) to apply to the file. - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3SpE0ACgkQ417vU8/9QflaoQCdH0YmjkeVG4QypCWRZFPpDBD4 N0QAn3dCourgI97OpthGJFa7FTWS/f5t =lkQA -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudo 1.6.9 versus sudo 1.7.2 behavioral differences with umask settings
On 10/8/2010 4:42 AM, John Doe wrote: From: David Goldsmith dgoldsm...@sans.org On the first server (CentOS 5.4 i386) running sudo 1.6.9pl7-5 (from base), here are the results of touching a file as a user, as root and as a user sudoing to root: On the second server (CentOS x86-64) running sudo 1.7.2p1-7 (from updates), here are the results of the same actions: Maybe check the release notes... http://www.sudo.ws/sudo/stable.html A quick look got: A new Defaults option umask_override will cause sudo to set the umask specified in sudoers even if it is more permissive than the invoking user's umask. JD Ok, I missed that last bullet on changes from 1.7.0 to 1.7.1. However, on both servers, there is no umask_override line in the /etc/sudoers file and if I run sudo -V as root and grep for umask, I get the same output on both versions: # sudo -V | grep -i umask Umask to use or 0777 to use user's: 022 So that would seem to me that it ought to have been using a umask of 022 resulting in test files with 644 permissions. These sections from the sudoers man page on the each version seems to explain the difference: 1.6.9 man page: umask Umask to use when running the command. Negate this option or set it to 0777 to preserve the userâs umask. The default is 0022. 1.7.2 man page: umask_override If set, sudo will set the umask as specified by sudoers without modification. This makes it possible to specify a more permissive umask in sudoers than the userâs own umask and matches historical behavior. If umask_override is not set, sudo will set the umask to be the union of the userâs umask and what is specified in sudoers. This flag is off by default. umask Umask to use when running the command. Negate this option or set it to 0777 to preserve the userâs umask. The actual umask that is used will be the union of the userâs umask and 0022. This guarantees that sudo never lowers the umask when running a command. Note on systems that use PAM, the default PAM configuration may specify its own umask which will override the value set in sudoers. If I add Defaultsumask_override in /etc/sudoers on the system with sudo 1.7.2, then the umask behavior I was expecting occurs -- sudo touch file results in a file with 644 perms (based on root's umask). Since the sudo 1.6.9 systems don't like seeing that line in their config file, I either need to get all the systems upgraded to 1.7.2 or modify Puppet to push different versions of the /etc/sudoers depending on what version of sudo is installed. Thanks for the responses. David Goldsmith ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sudo 1.6.9 versus sudo 1.7.2 behavioral differences with umask settings
Two servers, each have normal user umask values of 0077 and root umask values on 0022. On the first server (CentOS 5.4 i386) running sudo 1.6.9pl7-5 (from base), here are the results of touching a file as a user, as root and as a user sudoing to root: user: touch file- result is 600 root: touch file- result is 644 user: sudo touch file - result is 644 On the second server (CentOS x86-64) running sudo 1.7.2p1-7 (from updates), here are the results of the same actions: user: touch file- result is 600 root: touch file- result is 644 user: sudo touch file - result is 600 ** this differs ** On the second system, if I downgrade sudo to the base version, it behaves the same as on the first server, so this appears to be sudo version specific rather than an i386 vs x86-64 difference. Looking at the changelogs at the package home site, I don't see anything obvious that covers this change: http://www.courtesan.com/sudo/stable.html#1.7.0 http://www.courtesan.com/sudo/stable.html#1.7.1 http://www.courtesan.com/sudo/stable.html#1.7.2 Does anyone know how to change the behavior with the umask values when using the newer version of sudo? This is causing us some issues when sudoing to update an SVN working directory used by our Puppet server. Thanks, David Goldsmith ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudo 1.6.9 versus sudo 1.7.2 behavioral differences with umask settings
On 10/7/2010 9:25 PM, Tom H wrote: On Thu, Oct 7, 2010 at 7:20 PM, David Goldsmith dgoldsm...@sans.org wrote: Two servers, each have normal user umask values of 0077 and root umask values on 0022. On the first server (CentOS 5.4 i386) running sudo 1.6.9pl7-5 (from base), here are the results of touching a file as a user, as root and as a user sudoing to root: user: touch file- result is 600 root: touch file- result is 644 user: sudo touch file - result is 644 On the second server (CentOS x86-64) running sudo 1.7.2p1-7 (from updates), here are the results of the same actions: user: touch file- result is 600 root: touch file- result is 644 user: sudo touch file - result is 600 ** this differs ** On the second system, if I downgrade sudo to the base version, it behaves the same as on the first server, so this appears to be sudo version specific rather than an i386 vs x86-64 difference. Looking at the changelogs at the package home site, I don't see anything obvious that covers this change: http://www.courtesan.com/sudo/stable.html#1.7.0 http://www.courtesan.com/sudo/stable.html#1.7.1 http://www.courtesan.com/sudo/stable.html#1.7.2 Does anyone know how to change the behavior with the umask values when using the newer version of sudo? This is causing us some issues when sudoing to update an SVN working directory used by our Puppet server. Check for a umask variable/line in the two installs' /etc/sudoers file. grep -i mask /etc/sudoers on both servers gets no hits. David Goldsmith ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudo 1.6.9 versus sudo 1.7.2 behavioral differences with umask settings
On 10/7/2010 9:59 PM, Tom H wrote: On Thu, Oct 7, 2010 at 9:48 PM, David Goldsmith dgoldsm...@sans.org wrote: On 10/7/2010 9:25 PM, Tom H wrote: On Thu, Oct 7, 2010 at 7:20 PM, David Goldsmith dgoldsm...@sans.org wrote: Two servers, each have normal user umask values of 0077 and root umask values on 0022. On the first server (CentOS 5.4 i386) running sudo 1.6.9pl7-5 (from base), here are the results of touching a file as a user, as root and as a user sudoing to root: user: touch file- result is 600 root: touch file- result is 644 user: sudo touch file - result is 644 On the second server (CentOS x86-64) running sudo 1.7.2p1-7 (from updates), here are the results of the same actions: user: touch file- result is 600 root: touch file- result is 644 user: sudo touch file - result is 600 ** this differs ** On the second system, if I downgrade sudo to the base version, it behaves the same as on the first server, so this appears to be sudo version specific rather than an i386 vs x86-64 difference. Looking at the changelogs at the package home site, I don't see anything obvious that covers this change: http://www.courtesan.com/sudo/stable.html#1.7.0 http://www.courtesan.com/sudo/stable.html#1.7.1 http://www.courtesan.com/sudo/stable.html#1.7.2 Does anyone know how to change the behavior with the umask values when using the newer version of sudo? This is causing us some issues when sudoing to update an SVN working directory used by our Puppet server. Check for a umask variable/line in the two installs' /etc/sudoers file. grep -i mask /etc/sudoers on both servers gets no hits. Any differences in the env_keep, env_delete, env_check settings (if they are used) in sudoers? Both servers have the same defaults settings: # Defaults specification Defaultslog_year, logfile=/var/log/sudo.log Defaultsloglinelen=0 Defaultsenv_reset Defaultsenv_keep = COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ _XKB_CHARSET XAUTHORITY David Goldsmith ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Newsletter release
On 3/31/2010 10:30 PM, Geerd-Dietger Hoffmann wrote: Hey Could everyone please proofread and add last changes to the Newsletter[1]. Cheers Didi [1] http://wiki.centos.org/Newsletter/1002 Went to [1] - got this: * Newsletter * 1002 You are not allowed to view this page. Link to prior post works - http://wiki.centos.org/Newsletter/1001 David Goldsmith SANS NOC ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionning for future.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yaovi Atohoun wrote: Hi all, I have a disk of 146Gb in a machine intended to have mainly mysql database, apache and some web data. I didn't use LVM for / and /boot during the installtion Could I extend easily in the future the /var partition when I add another disk? FilesystemSize Used Avail Use% Mounted on /dev/cciss/c0d0p6 23G 432M 22G 2% / /dev/mapper/VolGroup00-LogVol00 5.0G 139M 4.7G 3% /home /dev/mapper/VolGroup00-LogVol03 98G 275M 93G 1% /var /dev/mapper/VolGroup00-LogVol02 5.0G 2.9G 1.9G 61% /usr /dev/cciss/c0d0p1 99M 19M 75M 20% /boot tmpfs 470M 0 470M 0% /dev/shm I would like to have your comments before I continue installin MySQL and others. Thanks Yaovi Yes, add a new disk to the system, then run commands such as: pvcreate /dev/whatever device it is vgextend VolGroup00 /dev/whatever device it is lvextend (either -l +## to add extents or -L +## to add size) /dev/VolGroup00/LogVol03 resize2fs /dev/VolGroup00/LogVol03 - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpHjogACgkQ417vU8/9QfkM9QCeIAcvH5Bgkwgv96D50rmAXVbt MOkAn0MFj0F5SixH/Lnsu63j1X4Dr7JX =8vaY -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionning for future.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jorge Fábregas wrote: On Sunday 28 June 2009 11:38:48 am David Goldsmith wrote: resize2fs /dev/VolGroup00/LogVol03 Does it performs the resizing while the filesystem is mounted? Resizing to make an ext2/ext3 filesystem larger can be done while the filesystem is mounted. Resizing to shrink a filesystem requires the filesystem to not be mounted. Example of online resizing: # df -h /var FilesystemSize Used Avail Use% Mounted on /dev/mapper/vg0-varlv 2.0G 605M 1.3G 33% /var # lvextend -L +1G /dev/vg0/varlv Extending logical volume varlv to 3.00 GB Logical volume varlv successfully resized # resize2fs /dev/vg0/varlv resize2fs 1.39 (29-May-2006) Filesystem at /dev/vg0/varlv is mounted on /var; on-line resizing required Performing an on-line resize of /dev/vg0/varlv to 786432 (4k) blocks. The filesystem on /dev/vg0/varlv is now 786432 blocks long. # df -h /var FilesystemSize Used Avail Use% Mounted on /dev/mapper/vg0-varlv 3.0G 605M 2.2G 22% /var - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpHkcQACgkQ417vU8/9Qfl1wQCfTvtzeYz6xeDNC6sHyt4A6dT2 W7oAoIHVnagZmxOfjuUGqYmzUmFEOTU3 =wnz+ -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Filesystem backup?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rafał Radecki wrote: Could You please explain what exactly that line means: # dump 0f - / | (cd /seconddisk; restore -rf -) As root, do a level 0 (or full) backup of the root / filesystem. Rather than write the backup output to a regular file, send it to standard out. Pipe the standard output to a new process. For the new process, change your working location to be another directory where you have another filesystem mounted. It will be best if this second filesystem was formatted prior to running this command. Run a restore of the dump results in a non-interactive mode taking as input the output of the dump command. - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko/dJwACgkQ417vU8/9QflgFQCfWQRtRe/CP1yCyKbkSyf2o2Ig XGgAn1xAtnq7sTUtnF2chBAAjtD80fR3 =rk26 -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Simple Shell Script (while loop)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Bensley wrote: Hey Guys, I can not find the corrent syntax for what I am trying to acheive with a while loop. Having said that I'm not exactly sure what you would call it so I have been googling with no success probably for that reason. I am just working with some sub directories except there is one I don't want to use so I have a while loop like the following; if we stubmle into the sub directory I wish to leave alone then there is an IF statement and I have used the break command which is wrong, I don't want to end this whole loop I just want to skip onto the next increment of the loop as it were skipping this sub directory. Break is the wrong command but what should it be? Sorry I can't be any clearer but I don't know exactly what you would call this (which is why I am having no success finding it for my self!) #!/bin/bash find ./ -maxdepth 1 -type d | while read FOLDER do if [ $FOLDER == ./not_this_folder_oh_no! ]; then break fi otherwise do some magic here done Many thanks for your time and input. Regards, James ;) Reverse the logic in the test and consolidate further #!/bin/bash find ./ -maxdepth 1 -type d | while read FOLDER do if [ $FOLDER != ./not_this_folder_oh_no! ]; then do some magic here fi done Or exclude the directory in the find command itself #!/bin/bash find ./ -maxdepth 1 -type d -wholename './not_this_folder' -prune -o - -print | while read FOLDER do do some magic here done - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoqsu4ACgkQ417vU8/9QfkyXQCfXXeVhiREuESbs5aV4qXPXLi+ ZKkAoKfqqytzt8GBwf7CCVxrwooL5Ouu =Av57 -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Minimal Install?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Sat, Mar 28, 2009 at 12:05 PM, Jim Wildman j...@rossberry.com wrote: rpm -qf `which command` Nice. Thanks Frank and Jim What about the minimal install? Is it possible? I don't need kerberos, ldap, and a lot of other things. Best regards, Norberto ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I was just playing with this myself this week. For CentOS 5.2, the very minimal install is 88 RPMs. This is missing things you will need (like openssh, passwd, yum, etc) but its basically the bare-bones install. If you statically assign IP addresses and don't care about DHCP, you can reduce the list one more and get rid of 'dhclient'. All other RPMs are required because of the dependencies that are laid out. Various other things will be required as you add some of the useful utilities back in. The list of RPMS are: audit-libs basesystem bash beecrypt bzip2-libs centos-release centos-release-notes chkconfig coreutils cpio cracklib cracklib-dicts db4 device-mapper device-mapper-event device-mapper-multipath dhclient diffutils dmraid e2fsprogs e2fsprogs-libs elfutils-libelf ethtool expat filesystem findutils gawk gdbm glib2 glibc glibc-common grep grub gzip info initscripts iproute iputils kernel keyutils-libs kpartx krb5-libs less libacl libattr libcap libgcc libselinux libsepol libstdc++ libsysfs libtermcap lvm2 m2crypto MAKEDEV mcstrans mingett mkinitrd mktemp module-init-tools nash ncurses net-tools openssl pam pcre popt procps psmisc python readline redhat-logos rootfiles rpm rpm-libs sed setup shadow-utils sqlite sysklogd SysVinit tar termcap tzdata udev util-linux vim-minimal zlib If you are building a Kickstart file, here are useful %packages and %post sections: %packages --nobase kernel-PAE - -audit-libs-python - -checkpolicy - -dhcpv6-client - -ecryptfs-utils - -ed - -file - -gnu-efi - -gpm - -hdparm - -kbd - -libhugetlbfs - -libselinux-python - -libsemanage - -nspr - -nss - -openssh - -openssh-clients - -openssh-server - -perl - -policycoreutils - -prelink - -selinux-policy - -selinux-policy-targeted - -setools - -setserial - -sysfsutils - -tcl - -udftools - -vim-enhanced %post rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 yum -y remove kernel iptables slang usermode wireless-tools yum -y remove cryptsetup-luks dbus dmidecode hwdata libgpg-error libusb yum -y remove libvolume_id libxml2-python pciutils yum -y remove cyrus-sasl-lib logrotate Packages that are in the Core group tagged as 'mandatory' will get installed even if you specify them with '-' in the %packages section thus the need to explicitly remove them in the %post section. Packages in the Core group tagged as 'default' can be configured to not be installed by subtracting them in the %packages section. After the install finishes, you can run the following rpm command to get rid of yum stuff if desired: rpm -e libxml2 python-elementtree python-iniparse python-sqlite python-urlgrabber rpm-python yum yum-metadata-parser This 'minimal' load is mainly for educational purposes just to see how small it can get (about 300MB) -- its not very useful. A useful minimal load will be somewhere around 150-200 packages depending on what utilities you want to include. - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJzqJV417vU8/9QfkRAjYPAKC3k6UMS2qKA6P8BcXYEtDnOWczJQCcCGLG lpoKd9kbkc3Hw6HyKgmdf30= =3/Px -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql 5.1 rpm spec file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Karanbir Singh wrote: Johnny Tan wrote: Does Red Hat make available spec files for future releases? I took the existing mysql 5.0 spec file and, with a few mods here and there, was able to build the 5.1 rpm. But there are some new things which I am curious how they will deal with (ndb stuff, primarily), and was wondering if they have available the beta SRPMs or spec files for future versions of software. Well, Johnny maintains mysql-enterprise in centos-plus, and he has most of this stuff sorted out. You can start there. I have mysql-5.1.22-rc built based on something similar, if there is interest, i can put that in dev.centos.org for people to use /abuse - but I am hoping there is a more formal and usable mysql-5.1.x release soon. I see various MySQL RPMs in 4.5/centosplus/i386/RPMS but nothing under the 5.0 or 5.1. Are there newer RPMs available or should the 4.5 RPMs work? - -- David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYgcD417vU8/9QfkRAuM/AKC0qovx25OGKi1qVDddn0X1T+of9QCgq+W4 UILChIoA54C6pPs4ZQesVR0= =v1ZI -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum --security and staying with 5.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Karanbir Singh wrote: Amos Shapira wrote: 1. If I read the FAQ correctly, in order to force yum to stay with 5.0 should I just manually edit /etc/redhat-release from: CentOS release 5 (Final) to: CentOS release 5.0 (Final) no, there is no such mention abut anything in the FAQ or anywhere else that I can find. What made you believe that changing stuff in that text file will change the repo's your machine is looking at ? Possibly this: http://wiki.centos.org/FAQ/CentOS5#q8 - -- David Goldsmith, SANS NOC SANS Institute (www.sans.org) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHX2Hs417vU8/9QfkRAs/RAJ97SpViDVo5glViEQgFnOcEyyGnIACfVOk7 YlZdsWY+q0l4DNCY47LKc1A= =YRNh -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos