Re: [CentOS] updating a Centos 6 lamp stack
Hi, Thanks. Is there a repo with updated postfix rpms, 2.9 or 2.10? Also, do you have remi and epel activated constantly or just when you want to check for updates manually to those installed packages? Thanks. Dave. On 2/15/13, Les Mikesell lesmikes...@gmail.com wrote: On Fri, Feb 15, 2013 at 5:36 PM, David Mehler dave.meh...@gmail.com wrote: Hello, I've got a new centos 6 system it's i386 and I'm wanting to update it's lamp stack, specifically httpd, php, and mysql. Also, if postfix as an MTA would be available that's a plus. Postfix should be the default MTA. Sendmail is also available. I've checked out the centos wiki and it looks like I have two choices for third party repos for this task. I have enabled rpmforge as of now. The two repos I'm seeing are Les RPM de Remi repository, and IUS Community Repo. I'm wanting from user's who have used either or both impressions, pro conn of both and which you'd prefer. I've used remi (only, so I can't compare) for ocsinventory-ng, glpi, and fusioninventory packages. Seems well-maintained with internal consistency but you may run into conflicts with EPEL(etc.) packages that expect older php versions. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] updating a Centos 6 lamp stack
Hello, I've got a new centos 6 system it's i386 and I'm wanting to update it's lamp stack, specifically httpd, php, and mysql. Also, if postfix as an MTA would be available that's a plus. I've checked out the centos wiki and it looks like I have two choices for third party repos for this task. I have enabled rpmforge as of now. The two repos I'm seeing are Les RPM de Remi repository, and IUS Community Repo. I'm wanting from user's who have used either or both impressions, pro conn of both and which you'd prefer. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] svnserve with encryption on CentOS
Hello, Thanks again for your reply. I've done some more reading/googling and from what i'm seeing high security isn't doable with svnserve even with sasl, passwords from the client need to be stored on disk plain, this isn't desirable in my case. Do you host a repository via apache? The problem I'm having is not it's ease of setup, I can do that, the issue is one of data visibility. I'm not wanting someone to be able to go to http://domain.com/svn/project1 and see trunk code. I know that I can use basic authentication to prevent this, but would rather the repo not be viewable at all to any anonymous users. Thanks. Dave On 7/15/11, Les Mikesell lesmikes...@gmail.com wrote: On 7/15/2011 6:55 PM, David Mehler wrote: Hello, Thanks, and apologies if this is a repeat message. I'm not really wanting to do an apache setup for this project. You make it sound like that's a hard thing. It's basically a 'yum install httpd mod_dav_svn' and an edit to /etc/httpd/conf.d/subversion.conf. What my structure will be like I think will be /var/svn and under that parent directory repos# where that equals a separate project. That will work with any of the serving methods. I've read that svnserve can hook in to sasl for encryption and authentication, but not a lot of details on it. I'm starting to think my best method would be svn+ssh, any experiences with this method? I think the sasl encryption is limited to the password exchange. You should probably ask on the subversion list if encryption/security is important - there are some fanatics there. My experience is mostly behind firewalls where those details are less critical. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] svnserve with encryption on CentOS
Hello, I've got a CentOS box that i'm wanting to set up svnserve on. I've read much, and am confused. Does svnserve support data encryption and also restricting users from specific repositories? I'm thinking of a single repo structure under /var/svn-repos and I've got two users user1 and user2, each should have access to their own projects in this case user1 can access project1 and user2 can access project2, but neither should be allowed to access the others. My second issue is I don't want to have a access path like /var/svn-repos/project1 for instance. I've read the -r root option which I would set to: -r /var/svn-repos would settle this, but am not sure where to set that option so it's picked up. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] svnserve with encryption on CentOS
Hello, Thanks, and apologies if this is a repeat message. I'm not really wanting to do an apache setup for this project. What my structure will be like I think will be /var/svn and under that parent directory repos# where that equals a separate project. I've read that svnserve can hook in to sasl for encryption and authentication, but not a lot of details on it. I'm starting to think my best method would be svn+ssh, any experiences with this method? Thanks. Dave. On 7/15/11, Les Mikesell lesmikes...@gmail.com wrote: On 7/15/2011 9:41 AM, David Mehler wrote: Hello, I've got a CentOS box that i'm wanting to set up svnserve on. I've read much, and am confused. Does svnserve support data encryption and also restricting users from specific repositories? I'm thinking of a single repo structure under /var/svn-repos and I've got two users user1 and user2, each should have access to their own projects in this case user1 can access project1 and user2 can access project2, but neither should be allowed to access the others. My second issue is I don't want to have a access path like /var/svn-repos/project1 for instance. I've read the -r root option which I would set to: -r /var/svn-repos would settle this, but am not sure where to set that option so it's picked up. I don't believe svnserve provides encryption, but it is not the only way to remotely access subversion repositories. You can also use http(s) with mod_dav_svn or svn+ssh which the clients understand natively. You can set up path-based authorization but that and authentication will depend on which access method(s) you use. Details here: http://svnbook.red-bean.com/nightly/en/svn-book.html It is somewhat painful to re-arrange repositories/contents after they grow large, so unless your projects share components it might be better to have separate repositories under the same root directory. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] securing ldap with tls and security
Hello, I'm trying to set up a centos 5.3 machine to do authentication via openldap. I've got it working, I'm not sure if I have it 100% right, but I can use ldapsearch to query the directory, use finger, id, chown, and other utilities with ldap usernames and groups, log in via ssh as an ldap user and if it's a new user automatically have the home directory created. Having got this far if anyone with a working ldap authentication system could give my config a sanity check let me know. My goal now is to get tls encryption going so that usernames and passwords aren't sent in the clear. I'm using self-signed certificates for now. Any help appreciated. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] allowing users to write to a web content area
Hi, Thanks to everyone with suggestions thus far. I'm still having difficulties getting this to work. Using find and xargs I can get the permissions on the files and directories what i'm wanting, but adding new ones the umask takes over the group ownership is right but with the 077 it doesn't matter. Thanks. Dave. On 5/16/11, Ljubomir Ljubojevic off...@plnet.rs wrote: Nicolas Thierry-Mieg wrote: Marian Marinov wrote: On Monday 16 May 2011 06:19:49 David Mehler wrote: Hello, I've got apache running on a centos 5.6 machine. All of my users have a umask of 077 set in /etc/bashrc. I'm now wanting to give several of them permission to write to a web area so they can place content visible to the web server. I've got two groups webdev1 and webdev2 which I want one to be able to write to site1 and the other to site2. I've got between 3 and 5 users in each group. I'd prefer not to mess with these users umask settings, but want the correct permissions and ownerships user:webdev1 or user:webdev2 where user is the username of the person who placed the file. Permissions I believe should be 664 so apache can read the files. I'm wondering if I need to look in to ACLS which I've not used or if there's another solution? Thanks. Dave. It seams obvious... add the apache user to both webdev1 and webdev2 groups and you are done... no need to change umasks and perms :) This would give apache write access to the site contents, which is bad practice. It also won't solve the umask issue. Since the OP wants all members of webdev1 to have write access to site1, he needs the setgid bit active on site1/ . And he needs all files in site1/ to be 664 as he says. But with a umask 077 for all users, any new file created by a user will be 600. I don't know how to solve that cleanly at file creation (but I don't know ACLs). You could ask your users to try to remember to chmod any new files; and have a find command running in cron regularly to do the chmod when they forget. There is an option to set on the directory so any new file when created will have umask of the group or directory owner (something like that). I am yet to test and use this but I found howto somewhere on the net. Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] issue with fail2ban letting IP's through
Hello, I'm using fail2ban to block bots in conjunction with existing iptables rules. Here's a few rules from my iptables configuration: # # Set up a temporary pass rule so we don't lock ourselves out when #doing remote ssh iptables -P INPUT ACCEPT # # flush the current rules iptables -F # # Allow SSH connections on tcp port 22 iptables -A INPUT -p tcp --dport 22 -j ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -s 202.0.0.0/8 -j DROP This morning the ssh fail2ban jail blocked this: 202.205.176.125 and the email sent gave me this ip range: inetnum: 202.205.176.0 - 202.205.191.255 That shouldn't have even been seen it should have been blocked by the 202/8 drop rule before fail2ban even saw it. Is that not so? Suggestions welcome. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] allowing users to write to a web content area
Hello, I've got apache running on a centos 5.6 machine. All of my users have a umask of 077 set in /etc/bashrc. I'm now wanting to give several of them permission to write to a web area so they can place content visible to the web server. I've got two groups webdev1 and webdev2 which I want one to be able to write to site1 and the other to site2. I've got between 3 and 5 users in each group. I'd prefer not to mess with these users umask settings, but want the correct permissions and ownerships user:webdev1 or user:webdev2 where user is the username of the person who placed the file. Permissions I believe should be 664 so apache can read the files. I'm wondering if I need to look in to ACLS which I've not used or if there's another solution? Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot sieve rpm?
Hello, Thank you everyone for your replies. I would definitely like to stick with postfix as it's what i'm most comfortable with. The problem is dovecot. I believe it's extras there's the 1.0.7 dovecot, I'd like to be running the 2.0.x dovecot prefered or the 1.2.x version if not, the problem is the only place I can find to get them at in rpm form they are broken, both those versions. I am not an rpm compilation guru I can compile an src.rpm in to a binary package, which is how I upgraded postfix, but making one from scratch is over my head. Unless anyone has a 2.0.x or 1.2.x version of dovecot i'm going to have to switch pop/imap servers for this configuration. I don't want to run a xinetd service, so that's out and i'd prefer having my pop/imap server in a single package. The two packages I can think of as alternatives to dovecot are courier-imap and cyrus-imap. I'd appreciate experiences pro conn with each. And if anyone has that dovecot or can help me make one offlist i'd appreciate that as well. Thanks. Dave. On 5/9/11, Devin Reade g...@gno.org wrote: I don't know how firmly you want to stick with dovecot/postfix, but an equivalent stack (cyrus/sendmail) is part of the base distro and of course works well with sieve, is fast, and scalable. Adding Horde (which isn't part of the base distro) gives a good web-based interface to sieve in addition to its usual webmail and other features. Devin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] iptables to block region-specific ip's?
Hello, I'm running fail2ban on my centos machine. It's handling sshd and postfix, and is working quite well. From the reports I'm seeing all the atempts are from a certain registrar's region, I won't name it, and was wondering instead of blocking individual ip's if there was a way I could block with iptables the complete region of ip's. I realize this will cut off a good majority of the world, but this is something i'm still curious about? With regards blocking ip's and fail2ban, which method is better in terms of system resources, blocking via iptables as in the case of sshd or blocking via hosts.deny as in the case of postfix? Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables to block region-specific ip's?
Hello Everyone, Thanks for all your suggestions. I have gone with iptables and blocked off the necessary region ip blocks in my firewall. If anyone is interested i'll send the list. Thanks again. Dave. On 5/11/11, Ljubomir Ljubojevic off...@plnet.rs wrote: Robert Spangler wrote: On Wednesday 11 May 2011 12:58, the following was written: the atempts are from a certain registrar's region, I won't name it, iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP I do not consider /24 subnet a region subnet. You would need to use something like sophisticated reverse DNS to resolve IP of the connection and that would take time, not to mention problems with false positives and .com, etc. Only way would be if you would know physical locations of respective subnets. I use denyhosts that regularly pools new offenders IP's from protected systems all around a world. On my 3 servers, in last 5 months, I had only 114 e-mail reports of an ssh attempt. denyhosts uses hosts.deny, and currently I have ~7000 IP's blocked from there that are automatically blocked. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ipv6 to ipv4 tunnel private replies requested
Hello, Is anyone using an ipv6 to ipv4 tunnel? I've got one through Hurricane Electric http://www.tunnelbroker.net and am having an extremely difficult time getting it to work. If anyone has this going i'd appreciate hearing from you offlist and please have Ubuntu experience if possible. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipv6 to ipv4 tunnel private replies requested
Hello, I am afraid a comment in my last message was misinterpreted. I previously had this configuration, linux and ipv6 tunnel through a tunnel broker. It was on a Ubuntu 9.10 box that a friend of mine set up. That box has been retired and replaced with CentOS 5.6. I am now trying to get the tunnel broker working with the centos box, and having many frustrations with it. I do have the ubuntu network files from backup, but I to date have not been able to make them work, settings wise, with the way centos does networking, I would almost say forget the backup files just take the numbers out of them. I appreciate any help. Again, private replies please. Thanks. Dave. On 5/10/11, Lucian luc...@lastdot.org wrote: On Tue, May 10, 2011 at 4:17 PM, David Mehler dave.meh...@gmail.com wrote: appreciate hearing from you offlist and please have Ubuntu experience No wonder you can't manage to get it working, you couldn't even post to the right list. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot sieve rpm?
Hello, Thank you for your reply. I'm using a centos 5 will that make a difference? Also, is there a way I can set my yum up to access your repo from the server? I'm also interested in your php packages. Thanks. Dave. On 5/9/11, David Hrbáč david-li...@hrbac.cz wrote: Dne 9.5.2011 6:32, David Mehler napsal(a): Hello, Does anyone have a repo or have a dovecot 1.2 and dovecot sieve rpm, also a postfix 2.5 or 2.6 rpm? I saw some on a repo called atrpms, but it has dependency issues, and I read that that repo is dangerous. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos David, You can use atrpms and exclude all packages but dovecot. As to Dovecot upgrade on C4.x, here is may testing repo containing the successful path to upgrade Dovecot: http://fs12.vsb.cz/hrb33/el5/hrb/testing/i386/repoview/dovecot-sieve.html As far as I can remember, we went to 1.1.x first and than - 1.2.x and everything was OK. Regards, DH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] fail2ban and secure permissions
Hello, Has anyone got fail2ban working and blocking ssh spambot atempts? My ssh is logging with a facility of authpriv which syslogd sends to /var/log/secure. That file has 600 permissions owned and group of root. I want to make it where fail2ban can access the needed file, yet not make it insecure in the process. I was not wanting to change permissions last time I did that on a log file a cron daily report kept noting it. I'd appreciate any suggestions. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] dovecot sieve rpm?
Hello, Does anyone have a repo or have a dovecot 1.2 and dovecot sieve rpm, also a postfix 2.5 or 2.6 rpm? I saw some on a repo called atrpms, but it has dependency issues, and I read that that repo is dangerous. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Configuring ipv6 reboot persistence, CentOS 5.6
Hello, I'm running a CentOS 5.6 server through linode. I am atempting to configure it for ipv6, previously this had been done though not by me on a ubuntu box so the hardware can take it. I've got an ipv6 tunnel through Hurricane Electric and at a shell prompt have done the following: ifconfig sit0 up ifconfig sit0 inet6 tunnel ::IPV4 Address ifconfig sit1 up ifconfig sit1 inet6 add IPV6 Address route -A inet6 add ::/0 dev sit1 Testing that with a ping6 works fine. I then want it to persist across reboots. So I added the following to /etc/sysconfig/network: NETWORKING_IPV6=yes IPV6_DEFAULTDEV=sit1 and I made /etc/sysconfig/network-scripts/ifcfg-sit1 DEVICE=sit1 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes IPV6TUNNELIPV4=IPV4 Address IPV6ADDR=IPV6 Address Reboot the box, check sit1 and it has an ip address. Running that ping6 command says the network can't be reached. I have to take the interface down and rerun those above commands manually. I'd appreciate any suggestions. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring ipv6 reboot persistence, CentOS 5.6
Hello, Thanks for the suggestion. Unfortunately, that didn't fix it. Dave On 5/7/11, Ryan Wagoner rswago...@gmail.com wrote: On Sat, May 7, 2011 at 4:28 PM, David Mehler dave.meh...@gmail.com wrote: Hello, I'm running a CentOS 5.6 server through linode. I am atempting to configure it for ipv6, previously this had been done though not by me on a ubuntu box so the hardware can take it. I've got an ipv6 tunnel through Hurricane Electric and at a shell prompt have done the following: ifconfig sit0 up ifconfig sit0 inet6 tunnel ::IPV4 Address ifconfig sit1 up ifconfig sit1 inet6 add IPV6 Address route -A inet6 add ::/0 dev sit1 Testing that with a ping6 works fine. I then want it to persist across reboots. So I added the following to /etc/sysconfig/network: NETWORKING_IPV6=yes IPV6_DEFAULTDEV=sit1 and I made /etc/sysconfig/network-scripts/ifcfg-sit1 DEVICE=sit1 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes IPV6TUNNELIPV4=IPV4 Address IPV6ADDR=IPV6 Address Reboot the box, check sit1 and it has an ip address. Running that ping6 command says the network can't be reached. I have to take the interface down and rerun those above commands manually. I'd appreciate any suggestions. Try adding TYPE=sit to /etc/sysconfig/network-scripts/ifcfg-sit1 Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring ipv6 reboot persistence, CentOS 5.6
Hello, Thank you for your response. The IPV4 endpoint address in ifcfg-sit1 is in fact the tunnel endpoint and not my system's address. The output of ifconfig sit1 does in fact show the ipv6 addresses looks correct to me. The output of ip -6 route | grep -v 'dev lo' shows ipv6 traffic going out sit1. I should probably mention I do not have any ipv6 firewall in place. Thanks. Dave. On 5/7/11, Stephen Harris li...@spuddy.org wrote: On Sat, May 07, 2011 at 04:28:45PM -0400, David Mehler wrote: Testing that with a ping6 works fine. I then want it to persist across reboots. So I added the following to /etc/sysconfig/network: NETWORKING_IPV6=yes IPV6_DEFAULTDEV=sit1 Looks good; I have the same. and I made /etc/sysconfig/network-scripts/ifcfg-sit1 DEVICE=sit1 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes IPV6TUNNELIPV4=IPV4 Address IPV6ADDR=IPV6 Address I have DEVICE=sit1 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes IPV6TUNNELIPV4=remote_ipv4_address IPV6ADDR=my_ip6_address/netmask Reboot the box, check sit1 and it has an ip address. Running that ping6 command says the network can't be reached. I have to take the interface down and rerun those above commands manually. I'd appreciate any suggestions. Is the IPv4 address in the config above the IP address of the HE endpoint and _not_ your IP address? (In my case I have 72.52.104.74 for tserv3) ifconfig sit1 should show something like sit1 Link encap:IPv6-in-IPv4 inet6 addr: your_ip6/metmask Scope:Global inet6 addr: fe80::link_addr/64 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:756 errors:0 dropped:0 overruns:0 frame:0 TX packets:758 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:76421 (74.6 KiB) TX bytes:88155 (86.0 KiB) Also check the output of ip -6 route | grep -v 'dev lo' -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mailman and postfix on CentOS
Hi, Thanks. Checked the setting it is set to lists.example.com. Thanks. Dave. On 3/15/10, Ryan Pugatch r...@linux.com wrote: On 03/13/2010 07:27 PM, David Mehler wrote: Hello, I'm trying to get postfix and mailman going on CentOS 5.4. I had this working previously, six to eight months ago, and shut it down since the need for use was no longer there. I've now reactivated mailman and set up a list. The software versions I'm using are httpd 2.2.14, postfix 2.3.3, and mailman 2.1.9. All the services are started, the list is created, and email is sent to the list owner. The problem is reply addresses for subscriptions are being sent to mail...@domain.com rather than mail...@lists.domain.com as i want. In the email all the email addresses point to mail...@lists.domain.com except for the reply to header that goes to as i said mail...@domain.com. The lists.domain.com is a subdomain dedicated to the mailing list.The mailman newlist command correctly creates list aliases in /etc/mailman/aliases file. Any ideas? Thanks. Dave. Take a look at DEFAULT_EMAIL_HOST in mm_cfg.py Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] log rotation not working
Hello, I've got a Centos 5.4 box that is not rotating it's mail logs. I just found out about this, the file is considerably large. I've included my log rotation configs if anyone has any suggestions i'm open to them. Thanks. Dave. /etc/rsyslog.conf: # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! # don't log clamd messages *.info;ftp.none;clamd.none;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. #uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.*/var/log/boot.log # log ftp stuff separately ftp.* /var/log/ftp.log /etc/logrotate.d/syslog: /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2 /dev/null` 2 /dev/null || true /bin/kill -HUP `cat /var/run/rsyslogd.pid 2 /dev/null` 2 /dev/null || true endscript } logrotate.conf: # see man logrotate for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log rotation not working
Hi, Thanks for your reply. Crontabs package is indeed installed. Thanks. Dave. On 3/14/10, Wes Shull wes.sh...@gmail.com wrote: On Sun, Mar 14, 2010 at 5:10 PM, David Mehler dave.meh...@gmail.com wrote: I've got a Centos 5.4 box that is not rotating it's mail logs. I just found out about this, the file is considerably large. I've included my log rotation configs if anyone has any suggestions i'm open to them. I had a system, set up very minimally by someone else, exhibit this behavior. In my case, turned out that the crontabs package was not installed, which has the general cron config. Check that? --wes ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log rotation not working
Hi, Thanks for your reply. Cron is indeed installed and started. I had a logrotate script in cron.daily. When i ran logrotate -d -f logrotate.conf first it failed to complete with an error having to do with ftp, corrected that, reran it, this time it completed successfully but the major file had not rotated. The script claimed rotation of the maillog* files replacing 5 with 4, but the large maillog file didn't go away. Thanks. Dave. On 3/14/10, Jorge Fábregas jorge.fabre...@gmail.com wrote: On Sunday 14 March 2010 20:38:23 David Mehler wrote: Thanks for your reply. Crontabs package is indeed installed. Various things: 1- Check that indeed crond is running (ps -ef | grep cron) 2- Check that the logrotate script is indeed in the /etc/cron.daily|hourly| weekly directories... 3- the best one: run it manually by doing: logrotate -d -f /etc/logrotate.conf ..and see for yourself why isn't running. HTH, Jorge ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mailman on CentOS with multiple virtual hosts
Hello, This isn't exactly CentOS specific, but it does reference the CentOS way of doing things, so offlist replies might be better. I'm running a CentOS 5.4 server with postfix as MTA with virtual mailbox domains. I have set up a mailing list server lists.example1.com using apache virtual hosts and the mailman rpm. Now i want to add a second one call it lists.example2.com and am not sure how to pull this off. If anyone has a multiple virtual host setup i'd be interested. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mailman and postfix on CentOS
Hello, I'm trying to get postfix and mailman going on CentOS 5.4. I had this working previously, six to eight months ago, and shut it down since the need for use was no longer there. I've now reactivated mailman and set up a list. The software versions I'm using are httpd 2.2.14, postfix 2.3.3, and mailman 2.1.9. All the services are started, the list is created, and email is sent to the list owner. The problem is reply addresses for subscriptions are being sent to mail...@domain.com rather than mail...@lists.domain.com as i want. In the email all the email addresses point to mail...@lists.domain.com except for the reply to header that goes to as i said mail...@domain.com. The lists.domain.com is a subdomain dedicated to the mailing list.The mailman newlist command correctly creates list aliases in /etc/mailman/aliases file. Any ideas? Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] fully automatic installation FAI?
Hello, Is anyone running a software package called FAI for Fully Automatic Installation on a CentOS server? I was wondering if there were any issues to running it? Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] post install freezes
Hello, I'm doing an unattended CentOS 5.3 install in a virtual machine vmware. I'm redirecting output to a serial console because production boxes won't have monitors. I'm getting to the point of doing the post installation then the box freezes. The only command i have in %post is yum -y update. I'm not getting no output. Suggestions appreciated. In the commands section reboot is explicitly called so that at the end of the install the vm will reboot. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] post install freezes
Hello, I'm configuring the addresses for the network interface statically so i was under the impression name resolution would work. For the gpg key import i did an rpm --import /etc/pki/ i can't remember the rest of this path though i checked it on a running system. I'm still getting a freeze. Thanks. Dave. On 10/14/09, Tru Huynh t...@centos.org wrote: On Wed, Oct 14, 2009 at 01:37:30PM -0400, David Mehler wrote: Hello, I'm doing an unattended CentOS 5.3 install in a virtual machine vmware. I'm redirecting output to a serial console because production boxes won't have monitors. I'm getting to the point of doing the post installation then the box freezes. The only command i have in %post is yum -y update. that's expected: 1) your chrooted post-install does not have any network information 2) nor the ability to acknowledge the import of the GPG key... I'm not getting no output. Suggestions appreciated. the kickstart mailing list archives are full of info on how to do that. Cheers, Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] post install freezes
Hi, Just the standard keys that come with centos. Dave. On 10/14/09, DTS-Corp (Knowledgebase) mlists_s...@dts-int.com wrote: what kind of pki's are you using? On Wed, Oct 14, 2009 at 5:58 PM, David Mehler dave.meh...@gmail.com wrote: Hello, I'm configuring the addresses for the network interface statically so i was under the impression name resolution would work. For the gpg key import i did an rpm --import /etc/pki/ i can't remember the rest of this path though i checked it on a running system. I'm still getting a freeze. Thanks. Dave. On 10/14/09, Tru Huynh t...@centos.org wrote: On Wed, Oct 14, 2009 at 01:37:30PM -0400, David Mehler wrote: Hello, I'm doing an unattended CentOS 5.3 install in a virtual machine vmware. I'm redirecting output to a serial console because production boxes won't have monitors. I'm getting to the point of doing the post installation then the box freezes. The only command i have in %post is yum -y update. that's expected: 1) your chrooted post-install does not have any network information 2) nor the ability to acknowledge the import of the GPG key... I'm not getting no output. Suggestions appreciated. the kickstart mailing list archives are full of info on how to do that. Cheers, Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] continuing issues with %post
Hello, I'm trying to do an unattended CentOS 5.3 install. For the most part it's working. As of right now i'm statically assigning the machine an IP which i believe will allow %post to resolve names? I also like knowing where the box will show up. I am however having a few issues and I'm probably thinking to complicated on them. My first one is the fact that updates aren't working from %post. Under the assumption name resolution is working, see above with the static configuration, the issue is then most likely importing of gpg keys. I've got these lines in %post: # GPG keys echo Importing GPG keys ... rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* /usr/bin/yum -y update When they're uncommented the box hangs, i'd love to see output. My second issue is a cosmetic one. I want to set a standard prompt in /etc/bashrc. Out of the box the bashrc PS1 lines: if [ $PS1 ]; then [ $PS1 = \\s-\\v\\\$ ] PS1=[...@\h \W]\\$ I have to make changes to that second line so a sed substitution would probably be my best bet. I'm not sure how to grab the part i need and change it. Manually i change that line to: PS1='\...@\h:\w\$' I'd like to get %post to do that for me. Next, i'd like to alter /boot/grub/grub.conf. I want to set it up for serial terminal support, so i have to add a serial and terminal lines at the top of the file say after any comment blocks that might or might not be there plus add console=tty0 and/or console=ttyS0,9600n8 to the append lines to however many kernels are there. Again, i'm assuming sed but i'm not sure how to get the parts i need and edit. I want to do other things, mostly with security, increasing password complexity requirements and pam, but that should be easy once i figure out how to alter the right sections in files. Any help appreciated. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] customized centos 5.4 install, core install?
Hi, Yes, thank you. Please send that script privately. I'll check in to cobbler. Thanks. Dave. On 10/13/09, Tait Clarridge t...@clarridge.ca wrote: On Tue, 2009-10-13 at 00:21 -0400, David Mehler wrote: Hi, Thanks for your reply. I'd probably be doing them in pairs spread out over a long period. I'd be interested in your php kickstart setup script. Thanks. Dave. You may want to look at cobbler. It has a PXE boot option that can be limited by MAC address. This would help in installing a certain profile to your machine making it easier for you to customize each install without having to burn mountains of CDs... I am playing around with cobbler right now, but I can still send you the kickstart script if you would like. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] customized centos 5.4 install, core install?
Hello, This might be called a core build not completely positive. What i want to do is make a completely customized centos 5.4 unattended CD or DVt not only installs a specific list of apps apps that i want on each system, but configures them automatically perhaps via scripts, and enables or disables services etc. Basically, i want to drop the CD or DVD in a box which will probably not have a monitor anyway, and walk away. I then come back or ssh in and everything is already installed, any repos are added, configured and ready to go. Is this a core build? I'd appreciate any pointers on this. Thanks. Dave. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] customized centos 5.4 install, core install?
Hi, Thanks for all your replies. I checked out spacewalk and cobbler, both of which look like they require a network support infrastructure, at least a tftp server. I want to use a CD or DVD. Kickstart sounds like the way to go, but i'm looking to have everything self contained, for example if i want to install the postfix package, i'll want to remove sendmail, set up postfix to start at selected runlevels and configure the main.cf and master.cf files so that when the box reboots postfix is ready to go. I'd also like to have this install as slimmed down as possible, for example i probably won't be using x so i'd prefer not to have any x packages in the install dvd. Thanks. Dave. On 10/12/09, Tait Clarridge t...@clarridge.ca wrote: On Mon, 2009-10-12 at 10:53 -0400, David Mehler wrote: Hello, This might be called a core build not completely positive. What i want to do is make a completely customized centos 5.4 unattended CD or DVt not only installs a specific list of apps apps that i want on each system, but configures them automatically perhaps via scripts, and enables or disables services etc. Basically, i want to drop the CD or DVD in a box which will probably not have a monitor anyway, and walk away. I then come back or ssh in and everything is already installed, any repos are added, configured and ready to go. Is this a core build? I'd appreciate any pointers on this. Thanks. Dave. Hi Dave, Investigate kickstart installs, you can customize packages and run scripts after the install is complete before the box restarts. Tait ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] customized centos 5.4 install, core install?
Hi, Thanks for your reply. I'd probably be doing them in pairs spread out over a long period. I'd be interested in your php kickstart setup script. Thanks. Dave. On 10/13/09, Tait Clarridge t...@clarridge.ca wrote: On Mon, 2009-10-12 at 20:06 -0400, David Mehler wrote: Hi, Thanks for all your replies. I checked out spacewalk and cobbler, both of which look like they require a network support infrastructure, at least a tftp server. I want to use a CD or DVD. Kickstart sounds like the way to go, but i'm looking to have everything self contained, for example if i want to install the postfix package, i'll want to remove sendmail, set up postfix to start at selected runlevels and configure the main.cf and master.cf files so that when the box reboots postfix is ready to go. I'd also like to have this install as slimmed down as possible, for example i probably won't be using x so i'd prefer not to have any x packages in the install dvd. Thanks. Dave. I believe recently there was a thread posted about respinning a DVD for these purposes, you could also have a network install CD pointing to a local repository on your network and a kickstart on an internal webserver. Kickstart is very robust, I am pretty sure you can get it to do anything you want (especially after the install is complete). I currently have a kickstart script that installs packages for a PHP/mysql setup (as well as the base files) and then updates everything before rebooting. It also disables a few services that I do not require. I suggest hitting google for more kickstart tips/tricks.. as there are a lot of things you can do. The issue would be that for each of the new systems that you want to bring up unattended, you would possibly need to burn a new CD or change the kickstart config file on your web server. This would be because I am pretty sure that you do not want to have multiple machines using the exact same configuration information. Would you be doing multiple machines at once? Or one at a time, spread out over long periods. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos