Re: [CentOS] CentOS 6.3 - fail2ban not working properly + workaround
2013/3/12 Theo Band theo.b...@greenpeak.com: On 03/12/2013 05:35 PM, Timothy Murphy wrote: I'm running fail2ban on my server (under CentOS-6.4) and it seems to be running according to - [tim@grover fail2ban]$ sudo service fail2ban status Fail2ban (pid 31794) is running... Status |- Number of jail: 1 `- Jail list: ssh-iptables - I have absolutely no idea how fail2ban works, and I'm running it with the default /etc/fail2ban/fail2ban.conf , which seems to set the logfile to /var/log/fail2ban.log . Should I actually study how it is meant to be configured? I just yum-installed it (from Epel, I assume) and hope it does its job, whatever that is. It sets up iptables rules for every jail that is configured (iptables -L). You seem to have only the ssh-iptables configured. Check the date of the logfile. I noticed that SYSLOG is now used for logging. It used to be /var/log/fail2ban.log in the past. I removed the old log file. If ssh is the only public service you want to protect against brute force, then you don't need to setup anything. But have a look in /etc/fail2ban/jail.conf and add at least your email address to get a notification when it blocks access. There lots of other jails that can be enabled. Normally I receive several messages a day. So not receiving them means that the service is no longer protecting. Simply because it watches a renamed no longer updated version of /var/log/secure: ls -l /var/log/secure* -rw--- 1 root root 2130892 Mar 12 18:25 /var/log/secure -rw--- 1 root root 1374710 Feb 17 01:31 /var/log/secure-20130217 -rw--- 1 root root 1482646 Feb 24 03:09 /var/log/secure-20130224 -rw--- 1 root root 1732930 Mar 3 03:13 /var/log/secure-20130303 -rw--- 1 root root 656454 Mar 10 03:12 /var/log/secure-20130310 Once a week fail2ban stops working as a new secure log file is created (logrotate) and it seems to watch the only old name. You will not see any error message and status show as running. But I have no proof that it keeps working with the gamin fix. Theo I too have the same problem but couldn't figure where is the issue. It stops working even if the service says all is right. I have to restart the service to let it work again... I will try to find through your idea. Thanks, Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.3: libreport/abrt update problem
2013/2/1 odusseas piskopakis_antr...@hotmail.com: Luigi Rosa lists@... writes: Mogens Kjaer said the following on 01/02/2013 07:52: In updates, there are new packages of abrt and libreport. But yum update gives me: Error: Package: abrt-2.0.8-6.el6.centos.2.x86_64 (updates) Confirmed. Same issue here. Ciao, luigi The same problem also for me!! any help?? Cheers ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You can just skip, temporarily the update of abrt with: yum update --exclude=abrt\* This should leave only abrt not updated (not a huge issue) or just wait a couple of days until it is fixed. Cheers, Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'localyum' alias...
2012/7/23 Fernando Cassia fcas...@gmail.com: This alias should be a great default addition to the bashrc... as it helps install packages to a CentOS system from the mounted install CD before you get networking up and running... alias localyum='yum --disablerepo=* localinstall' Does Red Hat care about Requests for Enhancement? or is filing a bug pointless? FC Since the latest version of yum obsolete (in Fedora at least so I believe in CentOS it is/will be the same) the localinstall option, I believe that using this alias is useless. Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 'localyum' alias...
2012/7/23 Fernando Cassia fcas...@gmail.com: On Mon, Jul 23, 2012 at 3:00 AM, Fabien Archambault fabien.archamba...@univ-amu.fr wrote: Since the latest version of yum obsolete the localinstall option, I believe that using this alias is useless. I have used yum's localinstall option on my CenOS 6.3 box... and it worked... This option is kept for legacy purpose [1] (or man yum). It works yet but will be removed in the future releases (years ago) I believe. [1] http://linux.die.net/man/8/yum FC ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NIS expiration of passwords
Dear all, I have a NIS server which shares a database of users between some computers (nodes exactly) and I would like that, on the first login, the user changes its password. So, on the NIS server I have made: chage -d 0 USER Then: # cd /var/yp # make On the NIS server I have: chage -l USER Last password change: password must be changed Password expires: password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 9 Number of days of warning before password expires : 7 I would believe this information is shared from the server to the other computers but here users still can connect (via SSH). If I try to get the information on the user connected I have: # chage -l USER user 'USER' does not exist in /etc/passwd This looks normal as there is no user there but then I do not know how to enable the expiration information through NIS. Do someone has an idea? Thanks, Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] packaging: src.rpm not a rpm
2012/4/17 Mihamina Rakotomandimby miham...@rktmb.org: Hi all, I have installed the recommended installs from here: http://wiki.centos.org/HowTos/RebuildSRPM I want to build a ipfm RPM on a CentOS 6.2, for legacy purpose. I cant immediately get rid of that piece of software, but we're on the move... So: $ wget http://rpm.pbone.net/index.php3/stat/3/srodzaj/2/search/ipfm-0.11.5-alt1.src.rpm $ rpm -i --nomd5 ipfm-0.11.5-alt1.src.rpm error: ipfm-0.11.5-alt1.src.rpm: not an rpm package (or package manifest): I probably missed something or am using some very outdated ressources: would some help me? Hi, To rebuild you can use: $ rpmbuild --rebuild ipfm-0.11.5-alt1.src.rpm First you need to follow those instructions: http://wiki.centos.org/HowTos/SetupRpmBuildEnvironment Cheers, Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6.2 on DELL E6520
2012/3/2 Bernd Bartmann bernd.bartm...@gmail.com On Fri, Mar 2, 2012 at 3:21 PM, Jussi Hirvi wrote: On 2.3.2012 15.59, Bernd Bartmann wrote: The only problem is that the system hangs after entering reboot. I can see that several services get stopped, but after some seconds the screen is just black and nothing happens anymore. Does it hang after the shutdown process is totally complete, or somewhere in between? (If so, what is the last thing you see on screen?) How long have you waited for it to proceed? After pressing ESC to see all the service shutdown messages the last two lines show: init: Re-executing /sbin/init [OK] Please stand by while rebooting the system... Restarting system. So it hangs after shutdown has been completed. I've waited more than 10 minutes. How much RAM? On startup it will be checking the RAM, and possible other things, and I think this happens right at the beginning of startup sequence. The system has 8GB RAM. Best regards, Bernd. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi, Perhaps this bug is related: https://bugzilla.redhat.com/show_bug.cgi?id=731114 Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd: listen on ip1:port1 and ip2:port2
2012/1/24 Alexander Farber alexander.far...@gmail.com Hello, with CentOS 6.2 - is it possible to configure OpenSSH daemon to listen on different IPs _and_ ports? I have received a 2nd IP address for my server and have successfully configured by adding the new /etc/sysconfig/network-scripts/ifcfg-eth0:1 file. I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443. The 443 on the_old_ip is already taken by Apache, so I can't just write Port 22 + Port 443 to sshd_config. Thank you Alex Hi, In order to do so, you just need to add in /etc/ssh/sshd_config: Port 22 Port 443 Then reload the ssh service. Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where is libid3-3.8.so.3
Hi, Perhaps could you use yum provides instead of search. In a 6.x box I have it in epel and rpmforge repo. Fabien 2012/1/18 ken geb...@mousecar.com I searched for libid3-3.8.so.3 with yum: # yum search \*libid3-3.8\* but it returns No Matches found Am I not searching correctly, or does this not exist in CentOS 5.7? tnx http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum update fails on perl dependancy
On 12/20/2011 03:55 PM, Ljubomir Ljubojevic wrote: I finally started yum upgrade for CentOS 6.0+CR x86_64. yum reports that I have already installed perl-5.10.1-119.el6_1.1, but perl-CGI requests for perl-5.10.1-119.el6 from ISO/base repo. Can someone advise on the best course of action? Logical would be to downgrade perl to the one from ISO file. Hi, perhaps it is the same as: http://lists.centos.org/pipermail/centos/2011-December/120923.html You just need a yum clean all yum update Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Netinstall wants to use wlan0
On 12/08/2011 09:11 AM, Jeff Gordon wrote: Hi, Folks -- I'm setting up an Acer Aspire 5250 as a Christmas gift, CentOS 6 netinstall insists on trying to configure wlan0 but I'm using a wired DSL connection, consequently netinstall fails and only offers the option to Retry. How can I get it to bypass the wlan0 idea and go straight to eth0...? Thanks, Hi, I believe there is an hardware switch available to shutdown the wirless on this laptop. If you disable it then no wlan0 can be used. Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] checking package versions in various releases
On 11/30/2011 04:28 PM, Alan McKay wrote: Hey folks, I am sure there must be an easy way to do this. I am currently running 5.3 and yum info db4 tells me that they have version 4.3.29. Is that telling me that this is the version in 5.3? Or that this is the latest version in the 5.x stream? If the former, then how do I find out what release of the db4 software (sleepcat berkeley db) is in 5.7? I don't want to yum upgrade just yet. I have to research a number of things before upgrading, and this is one of them. thanks, -Alan If you have questions on the 5.7 version why not building a virtual machine and do tests on it? Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5: text editor with file compare?
On 11/25/2011 10:37 AM, Rainer Traut wrote: Hi List, I'm looking for an editor with file compare capabilities. Gedit and kate don't seem to do this? Thx Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Perhaps meld is usable for your purpose even it is more for comparing. Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with gdb or maybe gcc
On 11/24/2011 01:06 PM, John J. Boyer wrote: I have CentOS 5.7. Before the last updates, when I ran gdb with a program name gave a breakpoint and then typed run it would stop on that breakpoint. Now it prints the message Warning: no loadable sections in added symbol file. It then just runs the program without stopping. What could have changed? Are there some flags that need to be set when invoking gcc? Thanks, John Hi, How do you compile in terms of flags? I usually compile with at least -O0 -g -ggdb. Fabien ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos