[CentOS] Where to report (possible) bugs? Redhat? Bugzilla?
Hi I want to know whether this is a bug and report it but I do not know where to report it. Upstream? Background: It seems upon booting there is a problem where the ifup-route file is called before the actual interface is up. I put some "logger -t ifup-route.jobst ... " messages into the "/etc/sysconfig/network-scripts/ifup-route" and those messages show up BEFORE the interface is up: Oct 7 10:21:28 ifup-route.jobst: Called with eth: eth_1 (eth_1) Oct 7 10:21:28 network: Bringing up interface eth_1: SIOCADDRT: Network is unreachable Oct 7 10:21:28 network: SIOCADDRT: Network is unreachable Oct 7 10:21:28 network: SIOCADDRT: Network is unreachable Oct 7 10:21:28 network: [ OK ] The file /etc/sysconfig/network-scripts/route-eth_1 contains: -host XXX.YYY.ZZZ.1 gw AAA.BBB.CCC.DDD -host XXX.YYY.ZZZ.3 gw AAA.BBB.CCC.DDD -host XXX.YYY.ZZZ.4 gw AAA.BBB.CCC.DDD Eth1 is part of the AAA.BBB.CCC.DDD network. If I put the routing rules into "run-at-boot" file that requires networking being UP, there are NO problems adding the routes. -- Jobst Schmalenbach Be gentle with the earth. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Upgrade from 7.6.1810 to 7.7.1908 -> Interfaces order not static
Hi For years (long time) I had " net.ifnames=0 biosdevname=0 " and it worked as it should (6.X, 7.X) I never had any problems, until yesterday. I started upgrading my machines and I stopped after the first one showed issues and I will not update all the other ones until this is sorted. I have problems keeping the interfaces in order as I wanted them to be assigned to eth0, eth1 .. eth4 Every reboot the order of eth1, eth2 and eth3 change BUT eth0 stays. Now when I read this https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-understanding_the_device_renaming_procedure then I am doing the correct thing by adding the MAC as in so: DEVICE=eth0 IPADDR=... ... GATEWAY=... ONBOOT=yes BOOTPROTO=none USERCTL=no NOZEROCONF=true TYPE=Ethernet NM_CONTROLLED=no HWADDR=01:23:45:67:78:9a This works for eth0 but all the other ones the kernel complains /etc/sysconfig/network-scripts/ifup-eth: Device eth[1,2,3] has different MAC address than expected, ignoring NOTE: this worked until yesterday, I could reboot, update whatever it always came up in the same way and I also did not need to swap the network cables EVERY time ... Even without HWADDR/MAX adddress I have to swap the cables every time (eth[1,2,3]). Did something change in the kernel/networking/udev I am not aware of? What am I doing wrong all over sudden? Jobst -- Jobst Schmalenbach Programmer - an organism that turns coffee into software ! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase logging verbosity of saslauthd?
On Wed, Sep 11, 2019 at 08:36:47PM -0400, Jonathan Billings (billi...@negate.org) wrote: > On Sep 11, 2019, at 7:34 PM, Jobst Schmalenbach wrote: > > I have tried that as well before I asked for help, however systemd refuses > > to accept this as the "-d" keeps saslauthd in foreground. > > Systemd kills the process after a minute as systemd cannot see that > > required PID's. > You???ll need to also create an > /etc/systemd/systemd/saslauthd.service.d/override.conf that has: > > [Service] > Type=simple > This shouldmake systemd leave saslauthd alone rather than waiting for it to > fork. Good idea and it does, thanks! Logging still isn't enough, though. Like it seems debugging some incorrect usernames still is a search in the bloody dark. Just found a mailing list of cyrau sasl, just subscribed to it. Sending an email to the list aafter this. -- Jobst Schmalenbach All we need is love, but all we get is work. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase logging verbosity of saslauthd?
On Wed, Sep 11, 2019 at 09:43:32AM -0400, Jonathan Billings (billi...@negate.org) wrote: > On Wed, Sep 11, 2019 at 01:34:27PM +1000, Jobst Schmalenbach wrote: > > CentOS 7.X, sendmail.x86_64 8.14.7-5.el7, cyrus-sasl.x86_64 2.1.26-23.el7 > If you look at the systemd unit for saslauthd, you can see this: > > [Unit] > Description=SASL authentication daemon. > After=syslog.target > > [Install] > WantedBy=multi-user.target > I have tried that as well before I asked for help, however systemd refuses to accept this as the "-d" keeps saslauthd in foreground. Systemd kills the process after a minute as systemd cannot see that required PID's. I can also see that saslauth logs when started normally, the logging is just NOT enough. I want to increase the verbosity so I can see what is going on. For example it does not seem to log the failed username. thanks anyway. -- Jobst Schmalenbach This country, with its institutions, belongs to the people who inhabit it. Whenever they shall grow weary of the existing Government, they can exercise their constitutional right of amending it, or their revolutionary right to dismember or overthrow it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Increase logging verbosity of saslauthd?
Hi CentOS 7.X, sendmail.x86_64 8.14.7-5.el7, cyrus-sasl.x86_64 2.1.26-23.el7 There are conflicting message on how to increase the logging of saslauthd. I know I can do this: /usr/sbin/saslauthd -d -n0 -m /var/run/saslauthd -a pam but that requires a terminal as saslauthd logs the output to STDOUT, this is not what I want. I would like to have it started as a daemon and verbosity of logging increased into a log file. How can I increase the verbosity of logging for saslauthd? thanks -- Jobst Schmalenbach If you think knowledge is expensive, try ignorance. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] another bizarre thing...
On Sun, Aug 11, 2019 at 08:52:59PM -0400, Fred Smith (fre...@fcshome.stoneham.ma.us) wrote: > On Mon, Aug 12, 2019 at 10:16:35AM +1000, Jobst Schmalenbach wrote: > > On Mon, Aug 05, 2019 at 08:57:45PM -0400, Fred Smith > > (fre...@fcshome.stoneham.ma.us) wrote: > > > Hi all! > > > > Late to the thread but since it has not been suggested: Have you tried to > > statically link all libs? > > I doubt modern Linux systems will produce a fully-static binary, since > many of the system libs come only as .so files. I know that. It's just how keen you are to find the reason ... especially if you have no control what libraries (even i686) are installed on the other machines. Depening how many libraries the binary uses you could download them and use those as source for inclusion. You could omit the obvious libs for starters ... and then even include those if still crashing. You only need to distribute those binaries to the people who have problems ... If a couple of those customers (failing progs) are helpful get a "yum list installed" and scan the list of libs and see whether sth might raise eyebrows. For example I had one of my machines failing on one prog because it had "glibc.i686" installed due to ftdi. I changed the program using the ftdi libs to use full x86_64 (took me a few hours) and unstinalled the "glibc.i686" and suddenly the other prog had no problems! I know you cant tell people to un-install but static linking MIGHT help. -- Jobst Schmalenbach Who is general Failure and what is he doing on my disk? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] another bizarre thing...
On Mon, Aug 05, 2019 at 08:57:45PM -0400, Fred Smith (fre...@fcshome.stoneham.ma.us) wrote: > Hi all! > > I'm stuck on something really bizarre that is happening to a product > I "own" at work. It's a C program, built on CentOS, runs on CentOs or > RHEL, has been in circulation since the early 00's, is in use at > hundreds of sites. > > recently, at multiple customer sites it has started just going away. > no core file (yes, ulimit is configured), nothing in any of its > (several) log files. it's just gone. > Late to the thread but since it has not been suggested: Have you tried to statically link all libs? Then use Frank Cox's suggestion to use printf's at location thoughout the source code. I know it will be big (depending on the number of libs) But this way you are sure that the compile is against a known (yours) set of libs! Also have you recompiled it and given the new binaries to the customers? Just an idea .. -- Jobst Schmalenbach Nice computers don't go down. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Test
On Sat, Jul 06, 2019 at 09:37:36AM +0100, Lucian (n...@li.nux.ro) wrote: > Just testing, sorry for the noise. Sorry for highjacking this. I do not receive any of my emails sent to the list although I have ticked "receive you won posts" in the mailman interface. I am trying to trace this problem with this reply. -- Jobst Schmalenbach ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Performance issues/difference of two servers running same task (one is quicker)
On Thu, Jul 04, 2019 at 10:46:19AM -0700, Gordon Messmer (gordon.mess...@gmail.com) wrote: > On 7/3/19 11:43 PM, Jobst Schmalenbach wrote: > > - How can it be that the DELL takes so much longer alltough on the far > > better hardware? > It looks like the DIY system has a CPU that's nearly twice as fast > as the Dell's. The additional CPU in the Dell will run more tasks > concurrently, but it won't make a single process faster. > > You might also think that the SSD RAID would make the Dell faster, > but that will only be true if the process that you're testing > performs a significant amount of IO. If your DB operations are > happening mostly in memory (that is, if the data is cached), then > the faster CPU will be the primary determining factor. I made the buffer pool size on the DELL double the size of the DIY when I started trying to figure out why the speed difference. > > The other thing that you left out of your description is the amount > of data on each server. If your live server has a lot of data in > its DB and the dev system has a small dataset suitable for testing, > then generally you'd expect that the dev system's data is more > likely to live in cache and avoid disk IO, and processing the > smaller set will also take less CPU time. Most of the DB's are small as they contain websites. The biggest DB is the Online Training DB, which are the same on both machine as I constantly copy the data from the life server to the DIY. Very good analysis indeed. Makes total sense. -- Jobst Schmalenbach Road to hell is paved with NAND gates. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Performance issues/difference of two servers running same task (one is quicker)
On Thu, Jul 04, 2019 at 09:07:35AM +0200, Simon Matter via CentOS (centos@centos.org) wrote: > > Hi > > Two ideas: > > a) the DELL maybe faster over all but if I'm right single core speed is > slower than on DEV machine. Yes, but since BOTH have "other" things to do at the same time the sheer number of CPUs of the DELL should help > > b) how do the LSI/SSD perform compared to the MDADM/RAID0 on the DEV > server? I'm not sure the DELL is a clear winner here. See my answer to the disk task test to another email. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Performance issues/difference of two servers running same task (one is quicker)
On Thu, Jul 04, 2019 at 09:39:18AM +0200, Roberto Ragusa (m...@robertoragusa.it) wrote: > On 7/4/19 8:43 AM, Jobst Schmalenbach wrote: > >Clearly the development server is hardware wise way below the specs of the > >Dell but > >software wise they are identical (they get upgraded at the same time). > As a first step, you have to test subsystems one by one. Thank you for the tips. Here are the results (DELL is faster overall): > time dd 2>/dev/null if=/dev/zero of=/dev/null bs=1 count=100 [DIY ~] #>time dd 2>/dev/null if=/dev/zero of=/dev/null bs=1 count=100 real0m1.931s user0m1.022s sys 0m0.896s [DELL ~] #>time dd 2>/dev/null if=/dev/zero of=/dev/null bs=1 count=100 real0m1.308s user0m0.389s sys 0m0.919s Dell faster overall > cd /a/directory/on/the/filesystem/you/want/to/test > time bash -c "for((i=0;i<1000;i++)); do dd 2>/dev/null if=/dev/zero of=test > bs=1 count=1 conv=fsync;done" > rm test [DIY /mnt] #>time bash -c "for((i=0;i<1000;i++)); do dd 2>/dev/null if=/dev/zero of=test bs=1 count=1 conv=fsync;done" real1m12.944s user0m1.604s sys 0m2.595s [DELL /mnt] #>time bash -c "for((i=0;i<1000;i++)); do dd 2>/dev/null if=/dev/zero of=test bs=1 count=1 conv=fsync;done" real0m2.270s user0m0.509s sys 0m1.475s Expected the DIY to be slower here, it's running MDADM RAID1 on Seagete Spinners compared to LSI RAID1 SSD The result shows the DELL overall is faster, back to the drawing board after I followed all the other hints in this thread. Jobst ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Performance issues/difference of two servers running same task (one is quicker)
Hi I need some advice what to do next, even if someone tells me to check out (an)other mailing list(s), tuning site or point me in a better direction how to solve my annoying problem: one server is much faster for certain tasks although on "shitty" hardware. I have tried many things to solve my issue - changed buffer/pool/cache/etc mysqld - changed server settings apache/php - changed various OS settings (sysctl) e.g. turned off IPV6 but havent figured it out. I have a development server (local) and life servers (data center) Used mainly for many different websites and one online training site. the development and life server in question run the same software setup: - CentOS Linux release 7.6.1810 - bind 32:9.9.4-74.el7_6.1 - Apache/2.4.6 (CentOS) - PHP 7.1.29 - mysqld Ver 5.7.26 - wordpress, woocommerce, wishlistmember, Sensei etc - software are all in the same stages of updates. - even many of the linux conf files are the same (/etc/host, bind, etc) - the databases are copies/identical Life server is a Poweredge M710,48GB,2xXeon L5630,LSI Raid1 SSD Dev server is a DIY, GIGABYTE MX31-BS0, 32GB, 1xXeon E3-1245,MDADM RAID0 1TB Seagate Spinners Clearly the development server is hardware wise way below the specs of the Dell but software wise they are identical (they get upgraded at the same time). During normal operations (i.e. display websites, online training courses etc) the DELL displays the websites faster although it sits 1000KM up north in a datacenter on a different network than the local server on the same network as my machine. Yet the DEV server outshines the DELL when creating a few large custom tables, ie the local server takes 5s while the DELL takes 15s (small tables), more for bigger tables. The task is based on: - level, member, course, group are all ID's - members can belong to a group, a level and can access many courses - the ID restricts what they can access and what they belong to. - a course for each member can have various stages of completion - using an API (wishlist member) that performs LOCAL calls when accessed locally I can get who belongs to what and make up my info I need, then use PHP to make up the table. - DB calls ARE LOCAL! Now when I try to create a table of members belonging to the same group level doing the same course with different stages of completion the DELL takes on average 3 times longer to complete the table (normally about 20 to 30 rows). I have put microtime() calls before and after certain calls, and it's visibly different: DEV Jul 04 04:57:26 UTC _members took 0.0005459785461425 ms Jul 04 04:57:26 UTC _members took 0.0005321502685546 ms LIFE Jul 04 05:00:36 UTC _members took 0.0014369487762451 ms Jul 04 05:00:36 UTC _members took 0.0013291835784912 ms If I do this 300+ times, the outcome is very different. So my questions: - How can it be that the DELL takes so much longer alltough on the far better hardware? - How can it be allthough everything (software/os/plugins) is the same? - This even happens if the DELL is on low load (i.e. middle of the night) and only serves a few requests. Same software, same config, same database, same amount of data in the database yet on better hardware it's slower? Any ideas anyone? -- Jobst Schmalenbach ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about ntp
On Mon, May 27, 2019 at 09:50:51PM -0400, Fred Smith (fre...@fcshome.stoneham.ma.us) wrote: > On Tue, May 28, 2019 at 11:44:35AM +1000, Jobst Schmalenbach wrote: > > On Mon, May 27, 2019 at 06:32:19AM +0200, Ralf Prengel > > (ralf.pren...@rprengel.de) wrote: > > > > > It's hard to imagine that someone would have REMOVED that ability in > the intervening years I read a couple of comparisons some time back, I learned chrony cannot server time. The comparison might have been wrong! I just read this, so I stand corrected: https://chrony.tuxfamily.org/comparison.html -- Jobst Schmalenbach Egotism is pain, and the only way to end it is to cease to believe that the world revolves around one's petty life. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about ntp
On Mon, May 27, 2019 at 06:32:19AM +0200, Ralf Prengel (ralf.pren...@rprengel.de) wrote: > > Hallo, > > what is the standard way to sync time under Centos 7. > ntp or chrony. YMMV. I have used NTP for many, many years so I am familiar with it and also have ALL config files, I normally just delete chrony and install ntpd, then copy the config files and start ntp. All done, 2 minutes. Chrony cannot supply time info, so if you have clients requesting time info the server cannot serve time, you need ntpd for that. I have many windows stations that pull time from my CentOS servers. -- Jobst Schmalenbach A computer without Microsoft is like chocolate cake without ketchup! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Older versions of samba that work with CentOS 7?
On Mon, May 27, 2019 at 12:43:41PM +0200, Miroslav Geisselreiter (m...@intar.cz) wrote: > Hi Jobst, > > you can use latest samba package from CentOS 7 - there is no problem with NT > style domains support (ie. it supports NT style domains). We use servers > with CentOS 6 and CentOS 7 both with NT style domains. Phew! Thank you, this is great news! I had huge trouble to get the samba server started after I ported it onto a CentOS 7 machine. I tried to start it with systemctl start smbd nmbd winbind samba and it failed without error messages. So I has asked a question on the Samba mailing list. They told me I should do this as systemctl stop smbd nmbd winbind samba systemctl disable smbd nmbd winbind samba systemctl mask smbd nmbd winbind samba systemctl unmask samba-ad-dc systemctl enable samba-ad-dc systemctl start samba-ad-dc Can you confirm, you start this with systemctl start samba-ad-dc thanks -- Jobst Schmalenbach Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Older versions of samba that work with CentOS 7?
Hi. Are there any places I can download older versions of Samba working with CentOS 7? Reason: I have been upgrading all of my servers from 6.X to 7.X. This alone is a massive task for me as I am a one man band. Samba made massive changes not allowing NT style domains anymore in the 4.10 branch. If I can find older samba RPM's for CentOS 7 than I can finish all upgrades of the OS, then later upgrade samba once I am finished when I have more time. Any ideas anyone? thanks Jobst -- Jobst Schmalenbach The future isn't what it used to be (it never was). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] yum remove iptables problem
Hi Just got a new server replacing another server. I had to use iptables to protect it until I could move a hardware firewall from the old server to the new server. Now I am trying to delete iptables but it wants to delete lots of other dependency packages, e.g. sendmail, cyrus-sasl and even plymouth. Can I just use "force" and "no-dependecies" to get rid of it? Are there other implications I do not know about? thanks Jobst -- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Systemd's [ OK ] in green beginning of line
Hi I have to (re-)write many bootup scripts to move a bunch of servers from CentOS6 to CentOS7 In sysvinit the "echo_success" and "echo_failure" used to do this. What is the equivalent for systemd? thanks Jobst ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What files to edit when changing the sdX of hard drives?
On Fri, Mar 01, 2019 at 09:48:55AM -0600, Valeri Galtsev (galt...@kicp.uchicago.edu) wrote: > > > On 2/28/19 10:04 PM, Jobst Schmalenbach wrote: > > On Thu, Feb 28, 2019 at 05:19:49PM +0100, Nicolas Kovacs > > (i...@microlinux.fr) wrote: > > > Le 28/02/2019 à 04:12, Jobst Schmalenbach a écrit : > > > > I want to lock in the SDA/SDB/SDC for my drives > > > > > > In short : use UUIDs or labels instead of hardcoding /dev/sdX. > > > > I **KNOW** how to use UUID's ... this is NOT the reason why I am doing this! > > Try to switch physical connections of second and third drives, then you most > likely will have the correct "BIOS" order of physical drives. As, as far as It seems I need to go that way as I learned that you cannot use UDEV to swtich the names of sdX as assigned by the kernel. You can only ADD (as in make an extra name) but not RENAME :-(. It's weird though even in the BIOS they are assigned SDA (mirror 1) SDB (mirror 2) SDC (extra rsync/backup drive). It's not nice, though. The problem arises because I will NEVER have a backup/rsync drive in a system when I do an install that includes resetting of partition tables of SOME of the drives - a backup drive is a holy grail. So I created the mirror (i.e. partitioning and starting mdadm) withou the backup drive. As soon as I put that one back in I cannot use and of the grub2 utils without those errors "missing drive" as suddenly the the mirrors are on SDA and SDC. So there must be some bug somewhere as the grub2 utils do not look at the UUIDs but somehow at the hardware sdX. Jobst -- Do Lipton Tea employees take coffee breaks? | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What files to edit when changing the sdX of hard drives?
On Thu, Feb 28, 2019 at 05:19:49PM +0100, Nicolas Kovacs (i...@microlinux.fr) wrote: > Le 28/02/2019 à 04:12, Jobst Schmalenbach a écrit : > > I want to lock in the SDA/SDB/SDC for my drives > > In short : use UUIDs or labels instead of hardcoding /dev/sdX. I **KNOW** how to use UUID's ... this is NOT the reason why I am doing this! I *NEED* the order of the disks to be SDA(1st BIOS drive) SDB(2nd BIOS drive) SDC(3rd BIOS drive) and not SDA (1st BIOS drive) SDB(3rd BIOS drive) SDC (2nd BIOS drive). Reason: it stuffs up the use of grub2* utilities leaving behind a bunch of error messages. The SDA (1st BIOS drive) and SDB (2nd BIOS drive) are part of a MDADM raid(1) system. As soon as I plug in the third drive, the OS (or systemD) decides to put it into the SDB spot - I do NOT want that. When I the use any of the grub2 utils I end up with "missing drive" errors. If I leave the drive out NO problem. I have managed twice to have the machine booting with the third drive as SDC, when that happens I I do not get any error messages. Jobst -- Why is the man who invests all your money called a broker? | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] What files to edit when changing the sdX of hard drives?
Hi
I have read instructions for udev, I also found many example on how to do this.
I want to lock in the SDA/SDB/SDC for my drives and I came up with a rule like
this
KERNEL=="sd?", SUBSYSTEM=="block",
ENV{ID_SERIAL}=="ST500DM002-1BC142_W2A56H8A", NAME="sda", RUN+="/usr/bin/logger
ID_SERIAL=$ENV{ID_SERIAL} set to /dev/sda ", GOTO="END_PERSISTENT_DISK"
However, it is not clear to me is in what files I need to add my rules.
Do I add a random file "99-my-rules.rules" in "/etc/udev/rules.d/"?
Do I copy a file from "/usr/lib/udev" to "/etc/udev/rules.d/" and add my rules?
Do I need to be careful with the NUMBER, e.g. "60-my-rule.rules"?
Jobst
--
186,262 miles/second : Not just a good idea, it's the LAW.
| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with mdadm, raid1 and automatically adds any disk to raid
On Mon, Feb 25, 2019 at 11:23:12AM +, Tony Mountifield (t...@softins.co.uk) wrote: > In article <20190225050144.ga5...@button.barrett.com.au>, > Jobst Schmalenbach wrote: > > Hi. > > CENTOS 7.6.1810, fresh install - use this as a base to create/upgrade > > new/old machines. > > > > I was trying to setup two disks as a RAID1 array, using these lines > > > > mdadm --create --verbose /dev/md0 --level=0 --raid-devices=2 /dev/sdb1 > > /dev/sdc1 > > mdadm --create --verbose /dev/md1 --level=0 --raid-devices=2 /dev/sdb2 > > /dev/sdc2 > > mdadm --create --verbose /dev/md2 --level=0 --raid-devices=2 /dev/sdb3 > > /dev/sdc3 > > > > then I did a lsblk and realized that I used --level=0 instead of --level=1 > > (spelling mistake) > > So I believe you need to do: > > mdadm --zero-superblock /dev/sdb1 > mdadm --zero-superblock /dev/sdb2 > I actually deleted the partitions, at first using fdisk than parted (read a few ideas on the internet). Also from the second try onwards I also changed the partition sizes, filesystems. Also I tried with one disk missing (either sda or sdb). Jobst -- If proof denies faith, and uncertainty denies proof, then uncertainty is proof of God's existence. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with mdadm, raid1 and automatically adds any disk to raid
On Tue, Feb 26, 2019 at 03:37:34PM +0100, Simon Matter via CentOS (centos@centos.org) wrote: > > On Mon, Feb 25, 2019 at 11:54 PM Simon Matter via CentOS > > > > wrote: > >> > What makes you think this has *anything* to do with systemd? Bitching > >> > about systemd every time you hit a problem isn't helpful. Don't. > >> > >> If it's not systemd, who else does it? Can you elaborate, please? > > How is it not systemd doing it? Such things didn't happen with pre systemd > distributions. I just had a hardware failure of a Raid controller (well they fail thats why we have backups). This means putting the drives onto a new controller I have to (re-) format them. In Centos6 times this took me under an hour to fix this, mostly due to the rsyncing time. Yesterday it took me over 6 hours to move a system. Jobst -- Why don't sheep shrink when it rains? | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with mdadm, raid1 and automatically adds any disk to raid
On Mon, Feb 25, 2019 at 05:24:44PM -0800, Gordon Messmer (gordon.mess...@gmail.com) wrote: > On 2/24/19 9:01 PM, Jobst Schmalenbach wrote: > [snip] > > What makes you think this has *anything* to do with systemd? Bitching about > systemd every time you hit a problem isn't helpful. Don't. Becasue of this. Feb 25 15:38:32 webber systemd: Started Timer to wait for more drives before activating degraded array md2.. -- When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with mdadm, raid1 and automatically adds any disk to raid
On Mon, Feb 25, 2019 at 06:50:11AM +0100, Simon Matter via CentOS (centos@centos.org) wrote: > > Hi. > > > > dd if=/dev/zero of=/dev/sdX bs=512 seek=$(($(blockdev --getsz > > /dev/sdX)-1024)) count=1024 > > I didn't check but are you really sure you're cleaning up the end of the > drive? Maybe you should clean the end of every partition first because > metadata may be written there. Mmmmhhh, not sure. I run fdisk on it, basically re-creating everything from the start. The "trying to re-create the MDX's" happens when I use "w" in fdisk. As soon as I hit the "w" it starts re-creating the MDx! Thats the annoying part. [snip] > > No matter what I do as soon as I hit the "w" in fdisk systemd tries to > > assemble the array again without letting me to decide what to do. > > I am not ;-), it's @ work. Jobst -- You seem (in my (humble) opinion (which doesn.t mean much)) to be (or possibly could be) more of a Lisp programmer (but I could be (and probably am) wrong) | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Problem with mdadm, raid1 and automatically adds any disk to raid
Hi. CENTOS 7.6.1810, fresh install - use this as a base to create/upgrade new/old machines. I was trying to setup two disks as a RAID1 array, using these lines mdadm --create --verbose /dev/md0 --level=0 --raid-devices=2 /dev/sdb1 /dev/sdc1 mdadm --create --verbose /dev/md1 --level=0 --raid-devices=2 /dev/sdb2 /dev/sdc2 mdadm --create --verbose /dev/md2 --level=0 --raid-devices=2 /dev/sdb3 /dev/sdc3 then I did a lsblk and realized that I used --level=0 instead of --level=1 (spelling mistake) The SIZE was reported double as I created a striped set by mistake, yet I wanted the mirrored. Here starts my problem, I cannot get rid of the /dev/mdX no matter what I do (try to do). I tried to delete the MDX, I removed the disks by failing them, then removing each array md0, md1 and md2. I also did dd if=/dev/zero of=/dev/sdX bs=512 seek=$(($(blockdev --getsz /dev/sdX)-1024)) count=1024 dd if=/dev/zero of=/dev/sdX bs=512 count=1024 mdadm --zero-superblock /dev/sdX Then I wiped each partition of the drives using fdisk. Now every time I start fdisk to setup a new set of partitions I see in /var/log/messages as soon as I hit "W" in fdisk: Feb 25 15:38:32 webber systemd: Started Timer to wait for more drives before activating degraded array md2.. Feb 25 15:38:32 webber systemd: Started Timer to wait for more drives before activating degraded array md1.. Feb 25 15:38:32 webber systemd: Started Timer to wait for more drives before activating degraded array md0.. Feb 25 15:38:32 webber kernel: md/raid1:md0: active with 1 out of 2 mirrors Feb 25 15:38:32 webber kernel: md0: detected capacity change from 0 to 5363466240 Feb 25 15:39:02 webber systemd: Created slice system-mdadm\x2dlast\x2dresort.slice. Feb 25 15:39:02 webber systemd: Starting Activate md array md1 even though degraded... Feb 25 15:39:02 webber systemd: Starting Activate md array md2 even though degraded... Feb 25 15:39:02 webber kernel: md/raid1:md1: active with 0 out of 2 mirrors Feb 25 15:39:02 webber kernel: md1: failed to create bitmap (-5) Feb 25 15:39:02 webber mdadm: mdadm: failed to start array /dev/md/1: Input/output error Feb 25 15:39:02 webber systemd: mdadm-last-resort@md1.service: main process exited, code=exited, status=1/FAILURE I check /proc/mdstat and sure enough, there it is trying to assemble an Array I DID NOT TOLD IT TO DO. I do NOT WANT this to happen, it creates the same "SHIT" (the incorrect array) over and over again (systemd frustration). So I tried to delete them again, wiped them again, killed processes, wiped disks. No matter what I do as soon as I hit the "w" in fdisk systemd tries to assemble the array again without letting me to decide what to do. Help! Jobst -- windoze 98: useless extension to a minor patch release for 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition! | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
On Tue, Jan 15, 2019 at 07:43:02AM +, Phil Perry (ppe...@elrepo.org) wrote: > On 15/01/2019 01:29, Jobst Schmalenbach wrote: > > On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) > > wrote: > > > On 14/01/2019 07:09, Jobst Schmalenbach wrote: > Below is my script for creating/updating an ipset to block my top 10 > Hope that helps Thanks, it did, cleared up conflicting info I found on the Internet. I also wanted to go the "other way": disallow everything but 2 countries (AU,NZ). There are even more conflicting ideas about how to do this, but I figured it out. Also I cannot see a difference in speed between using (maxmind) -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT and (ipdeny) -A filter_countries -m set --set au.geoblock src -j ACCEPT which is really good! Jobst -- The future isn't what it used to be (it never was). | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote: > On 14/01/2019 07:09, Jobst Schmalenbach wrote: > > Hi > I use ipdeny's aggregated country lists to do the same thing: > > http://www.ipdeny.com/ipblocks/data/aggregated/ > > I just feed this data directly into ipset/iptables via a script running on > my firewall (not a C6 box). ipset is a really efficient way of doing this. Do you create a separate table, then feed every IP address (via ipset) into this chain? Would you mind sharing this script? thx Jobst -- Computers are like air conditioners, they stop working properly if you open Windows! | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
Hi Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2 I use the Geolite legacy databases together with iptables 1.47 to filter traffic for a variety of ports and only allow .AU traffic to have access. Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB to the latest version which is GeoLite2, this leaves all users in need of the old Geolite Legacy database in the dark, they cannot update. If I download a later version of xtables it will complain that it requires iptable>1.6 which I do not think I can get going on CentOS 6.X. Is there a way that I can convert Geolite2 CSV files to Geolite Legacy CSV Files and then compile those into BE/LE? Are there any other ways I can use Geolite2 on a CentOS 6.X system? Does anyone have other ideas how to tackle this? (this made me really sleep well!) thanks Jobst -- "XP: If you are nine years old you are just going to love it. If you're a few years older you'll resent the choking paternalistic atmosphere of vapid gee-whiz kiddie entertainment (babysitting), euphemism and fake-friendly bullying." | |0| | Jobst Schmalenbach, | | |0| Barrett & Sales Essentials |0|0|0| Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Possible to have EthX acting like the ipaddress of the attached device (aka bridge) having no ipaddress?
Hi I have a Centos 6.X router/firewall/gateway for a /29 network all connected to one ETHX that has a switch behind it. This setup works very well but does NOT allow me to QOS one of the devices (a VOIP phone, many lines) as for "tc" to work I need a device, not ipaddress. I thought to connect the VOIP phone directly to the router, but in doing so I need that interface to ACT like the IPADDRESS of the VOIP box, meaning the ethernet interface has no ipaddress acting like a bridge: Internet | --- | router ip | | BRIDGEbase of /29 --- | | | - | || | _ | | | | | | | phone system | That way I can use "tc" to prioritize the traffic for the phone system If there are other ways to do this, please suggest. thanks Jobst -- Sometimes, the sharpest sword is not enough, but usually...it is. | |0| | Jobst Schmalenbach | | |0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia |0|0|0| ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Weird bandwith behaviour (download throughput) on CentOS based gateway
On Mon, Oct 09, 2017 at 03:05:51PM +0200, hw (h...@adminart.net) wrote: > Jobst Schmalenbach <jo...@barrett.com.au> writes: > > > On Thu, Oct 05, 2017 at 02:57:18PM +1300, Clint Dilks > > (cli...@scms.waikato.ac.nz) wrote: > >> On Thu, Oct 5, 2017 at 2:41 PM, Jobst Schmalenbach <jo...@barrett.com.au> > > Is there a dependency on which machine you test first? Perhaps the file > has been stored in some cache along the way and for the second test, it > can be delivered from the cache instead of from the source, which might > yield higher speeds. Very good question, answer is no for the following reasons: - it happens for all downloads - yum, wget etc - I have looked at the interfaces using ngrep, all traffic goes straight out through the closest (as in hops) interface - As you raised this I have disabled caching on the command line using wget, still happens - As you raised this I have checked whether there are any (environment) options set, none I, too, use the same bash scripts on all machines I have I though about the interfaces, but can't be. The last two interfaces are on the problem machine, but when downloading on the LAN I get a throughput of ~28mbs, only when downloading on the gateway I only get <10mbs. So still baffled. Jobst -- Computing power increases as the square of the cost. If you want to do it twice as cheaply, you have to do it four times as fast. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Weird bandwith behaviour (download throughput) on CentOS based gateway
On Thu, Oct 05, 2017 at 02:57:18PM +1300, Clint Dilks
(cli...@scms.waikato.ac.nz) wrote:
> On Thu, Oct 5, 2017 at 2:41 PM, Jobst Schmalenbach <jo...@barrett.com.au>
> wrote:
> [snip]
> Hi,
>
> Are you sure that your issue isn't related to the mirror that your
> systems are selecting ? If they are using different mirrors I would try
> using the fastestmirror plugin to make the gateway select the same mirror
> as you other host.
Darn
I should have included in the initial email that I actually ran EXTRA tests
from a {local} CentOS mirror using wget after I figured there was some
differences in the "yum update" times ...
The Gateway:
[root@GATEWAY /tmp] #>wget
http://mirror.internode.on.net/pub/centos/6.9/isos/x86_64/CentOS-6.9-x86_64-bin-DVD1.iso
--2017-10-05 14:59:55--
http://mirror.internode.on.net/pub/centos/6.9/isos/x86_64/CentOS-6.9-x86_64-bin-DVD1.iso
Resolving mirror.internode.on.net... 150.101.135.3
Connecting to mirror.internode.on.net|150.101.135.3|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3972005888 (3.7G) [application/octet-stream]
Saving to: âCentOS-6.9-x86_64-bin-DVD1.isoâ
0% [
] 4,454,198680K/s
One of the hosts behind it:
[root@piquet /tmp] #>wget
http://mirror.internode.on.net/pub/centos/6.9/isos/x86_64/CentOS-6.9-x86_64-bin-DVD1.iso
--2017-10-05 15:01:32--
http://mirror.internode.on.net/pub/centos/6.9/isos/x86_64/CentOS-6.9-x86_64-bin-DVD1.iso
Resolving mirror.internode.on.net... 150.101.135.3
Connecting to mirror.internode.on.net|150.101.135.3|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3972005888 (3.7G) [application/octet-stream]
Saving to: `CentOS-6.9-x86_64-bin-DVD1.iso'
0% [
] 13,616,730 2.4M/s
Jobst
--
You have junk mail.
| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[CentOS] Weird bandwith behaviour (download throughput) on CentOS based gateway
Hi. I have a company gateway that is connected to a 30/30 Fiber connection, network termination point is a MRV OS-904. It acts as a firewall/router for the DMZ/hosts/lans behind. Software: CentOS 6.9, bare minimum install, all latest patches. Hardware: Xeon CPU, Intel server MB with two Intel PRO 1000 (e1000, e1000e) network cards, adaptec RAID, 8GB RAM On the hosts/lan behind I can happily achieve 28.8 mbs - it seems it's being capped at that speed by the provider. However, on the host itself I cannot get passed 820k/s max, even if I switch off iptables and anything else that could interfere with the download/upload bandwidth. I have no idea why this is the case - It only matters when I need to "yum update" as the updates take 4 times longer than on the CentOS DMZ hosts behind it - but yes, its rather annoying! Where do I need to look? What am I missing? Jobst -- Passwords are like underwear. You don't share them, you don't hang them on your monitor, or under your keyboard, you don't email them, or put them on a web site, and you must change them very often. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with IPTABLES logging message to the screen/console
Thanks, that fixed it! It seems it need to go into rc.local, it gets wiped after a reboot due to kernel updates. Jobst On Sun, Aug 06, 2017 at 08:03:53PM +1000, Anthony K (akcen...@anroet.com) wrote: > On 02/08/17 13:32, Jobst Schmalenbach wrote: > > How can I solve this that those messages are NOT printed. > I think you are after *dmesg -n alert* > > man dmesg > ... >-n, --console-level level > Set the level at which printing of messages is done to the > con??? > sole. The level is a level number or abbreviation of the > level > name. For all supported levels see the --help output. > > For example, -n 1 or -n alert prevents all messages, > except > emergency (panic) messages, from appearing on the console. > All > levels of messages are still written to /proc/kmsg, so > sys??? > logd(8) can still be used to control exactly where kernel > mes??? > sages appear. When the -n option is used, dmesg will not > print > or clear the kernel ring buffer. > ... > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- 186,262 miles/second : Not just a good idea, it's the LAW. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Problem with IPTABLES logging message to the screen/console
Hi I am not sure how to solve this. I am constantly getting messages that should go into the kern/message log printed on screen - MOSTLY from iptables. The messages are ALSO logged to the syslog files. It still prints those message onto the console screen even if I am logged off (security issue). When logged in on the console its anoying as I constantly have to hit CTRL-L to refresh the screen to get rid of those messages. However it does NOT happen when I ssh into the machine. How can I solve this that those messages are NOT printed. thanks Jobst -- Share your knowledge. It's a way to achieve immortality. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Domain Logout, then domain login again, profile corrupt -> replaced by TEMP profile
I am sorry, wrong list. Jobst On Wed, Jun 07, 2017 at 04:13:30PM +1000, Jobst Schmalenbach (jo...@barrett.com.au) wrote: > Hi > > I have had this problem for a while, but waited to post this until I upgraded > to see whether the upgrade would fix it. > I upgraded samba to the 4.2.X stream from 3.6.X stream, but it happens on > both, 3.6.X and 4.2.10. > > Whenever someone logs out, then in again the profile gets corrupted and a new > TEMP profile is created (the dreadful "creating new desktop"). Now I do not > know where this problem is - the desktop or the server. > It also happens if you wait 1/2 hour or so, never tried it longer. > > I can quickly fix this by: > > - tell the user to log out > - rsync -avHAX the profile with yesterdays profile > - tell the user to log in again > > Now if I log out on my workstation, then on the server I do a "smb reload", > then log in again this problem does not happen. > > This morning a person logged out of his workstation, went over to the > bigscreen in one of our training rooms and logged in there, then logged out, > went over to his machine but got the dreadful "preparing desktop" on login > > > Anybody got any idea? > > thanks > Jobst > > Here is some info: > ~~ > All latest patches installed on everything. > > OS server: CentOS 6.X > OS Workstations: Windows 7 Prof > Samba: 4.2.10 (was 3.6.23) > Other: roaming profiles (as we log into other stations, e.g. training rooms) > > smb.conf (important bits): > [global] > workgroup = LALA > server string = Domain Server > netbios name = LALAMACHINE > username map = /etc/samba/smbusers > interfaces = eth0, lo > bind interfaces only = yes > # these flags were recommended. > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 > SO_SNDBUF=131072 > > # Logging, what, how much, etc > log level = 1 > syslog = 0 > log file = /var/log/samba/samba.log > max log size = 1000 > > # Auditing > vfs objects = full_audit > full_audit:prefix = %u|%I|%m|%S > full_audit:failure = none > full_audit:facility = LOCAL4 > full_audit:priority = NOTICE > full_audit:success = none > full_audit:failure = none > > idmap config *: backend = tdb > idmap config *: range = 100-199 > idmap config LALA : default = Yes > idmap config LALA : backend = > idmap config LALA : range = 500-99 > > winbind use default domain = Yes > winbind nested groups = Yes > winbind normalize names = no > > # domain stuff > logon script = user.cmd > logon path = \\lalamachine\profiles\%u > logon drive = Z: > logon home = \\lalamachine\%u\samba-homeshare > domain logons = Yes > os level = 200 > domain master = Yes > dns proxy = No > wins support = Yes > security = user > encrypt passwords = Yes > hosts allow = 192.168.0., 127. > guest account = nobody > usershare allow guests = No > > # printer setup > load printers = Yes > printing = cups > printcap name = cups > printcap = cups > printcap cache time = 750 > cups options = raw > read raw = yes > write raw = yes > oplocks = yes > max xmit = 65535 > dead time = 15 > getwd cache = yes > > # Samba implements the CIFS UNIX > unix extensions = no > > [netlogon] > comment = Network Logon Service > path = /samba/NetLogon > browseable = Yes > guest ok = yes > admin users = root > full_audit:success = none > full_audit:failure = none > # this is required for log files to be written to > read only = No > write list = @lalausers, @lalaadmins > > [profiles] > comment = Roaming Profile Share > path = /samba/Profiles/ > read only = No > create mask = 0600 > directory mask = 0700 > browseable = yes > # you MUST disable caching on shares that have roaming profiles stored > csc policy = disable > guest ok = no > valid users = @lalausers, @lalaadmins > admin users = root > store dos attributes = yes > profile acls = yes > full_audit:success = none > full_audit:failure = none > > > -- > Keyboard not found - please clean up desktop! > > | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager > | | |0| Barrett Consulting Group P/L & The Meditation Room P/L > |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- This message represents the official view of the voices in my head! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Domain Logout, then domain login again, profile corrupt -> replaced by TEMP profile
Hi I have had this problem for a while, but waited to post this until I upgraded to see whether the upgrade would fix it. I upgraded samba to the 4.2.X stream from 3.6.X stream, but it happens on both, 3.6.X and 4.2.10. Whenever someone logs out, then in again the profile gets corrupted and a new TEMP profile is created (the dreadful "creating new desktop"). Now I do not know where this problem is - the desktop or the server. It also happens if you wait 1/2 hour or so, never tried it longer. I can quickly fix this by: - tell the user to log out - rsync -avHAX the profile with yesterdays profile - tell the user to log in again Now if I log out on my workstation, then on the server I do a "smb reload", then log in again this problem does not happen. This morning a person logged out of his workstation, went over to the bigscreen in one of our training rooms and logged in there, then logged out, went over to his machine but got the dreadful "preparing desktop" on login Anybody got any idea? thanks Jobst Here is some info: ~~ All latest patches installed on everything. OS server: CentOS 6.X OS Workstations: Windows 7 Prof Samba: 4.2.10 (was 3.6.23) Other: roaming profiles (as we log into other stations, e.g. training rooms) smb.conf (important bits): [global] workgroup = LALA server string = Domain Server netbios name = LALAMACHINE username map = /etc/samba/smbusers interfaces = eth0, lo bind interfaces only = yes # these flags were recommended. socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072 # Logging, what, how much, etc log level = 1 syslog = 0 log file = /var/log/samba/samba.log max log size = 1000 # Auditing vfs objects = full_audit full_audit:prefix = %u|%I|%m|%S full_audit:failure = none full_audit:facility = LOCAL4 full_audit:priority = NOTICE full_audit:success = none full_audit:failure = none idmap config *: backend = tdb idmap config *: range = 100-199 idmap config LALA : default = Yes idmap config LALA : backend = idmap config LALA : range = 500-99 winbind use default domain = Yes winbind nested groups = Yes winbind normalize names = no # domain stuff logon script = user.cmd logon path = \\lalamachine\profiles\%u logon drive = Z: logon home = \\lalamachine\%u\samba-homeshare domain logons = Yes os level = 200 domain master = Yes dns proxy = No wins support = Yes security = user encrypt passwords = Yes hosts allow = 192.168.0., 127. guest account = nobody usershare allow guests = No # printer setup load printers = Yes printing = cups printcap name = cups printcap = cups printcap cache time = 750 cups options = raw read raw = yes write raw = yes oplocks = yes max xmit = 65535 dead time = 15 getwd cache = yes # Samba implements the CIFS UNIX unix extensions = no [netlogon] comment = Network Logon Service path = /samba/NetLogon browseable = Yes guest ok = yes admin users = root full_audit:success = none full_audit:failure = none # this is required for log files to be written to read only = No write list = @lalausers, @lalaadmins [profiles] comment = Roaming Profile Share path = /samba/Profiles/ read only = No create mask = 0600 directory mask = 0700 browseable = yes # you MUST disable caching on shares that have roaming profiles stored csc policy = disable guest ok = no valid users = @lalausers, @lalaadmins admin users = root store dos attributes = yes profile acls = yes full_audit:success = none full_audit:failure = none -- Keyboard not found - please clean up desktop! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauth logging
On Tue, Apr 25, 2017 at 07:14:56PM -0700, Gordon Messmer (gordon.mess...@gmail.com) wrote: > On 04/25/2017 07:00 PM, Jobst Schmalenbach wrote: > > What I want is the IP address and if possible the incorrect password (just > > to see how far they are off). > > Is this possible? > > I hope not. That's a terrible idea. Every time a user fat-fingers their > password, your plain-text logs have a copy of their almost-correct password. > As always there are tradeoffs ... I have a reasonable strict password policy, so by looking at the failed passwords I can see how far the tries are off the real thing, so it actually is a good thing for me. Also I learn which passwords are used for cracking, which again is a good thing. As for the logged passwords - this is a non user server, only two people have access ... so reading the logs is difficult for imap/sendmail users in the company ... J -- Gravity does not exist, the Earth sucks. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] saslauth logging
On Tue, Apr 25, 2017 at 07:15:43PM -0700, John R Pierce (pie...@hogranch.com) wrote: > On 4/25/2017 7:00 PM, Jobst Schmalenbach wrote: > > snip > > client request originated from, so logging the IP of the failed request had > best be done at a higher layer. Good answer, makes sense. As for the higher layer used - can be either sendmail or imaps as both use the saslauth. Just need to find a way to "connect" the sasl request to the caller that issued the sasl request ... thx Jobst -- Student to Teacher: Sir, what's an oxymoron? Teacher to Student: Microsoft security. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] saslauth logging
Hi Not sure whether this is the correct list to ask ... if it's not please direct me to the correct one. Is it possible on to log a bit more detail when auth failure occurs when using saslauthd? saslauthd[2119]: do_auth : auth failure: [user=DELETED] [service=smtp] [realm=DELETED] [mech=pam] [reason=PAM auth error] What I want is the IP address and if possible the incorrect password (just to see how far they are off). Is this possible? thanks Jobst -- If a pig loses its voice, is it disgruntled? | |0| | Jobst Schmalenbach | | |0| jo...@barrett.com.au |0|0|0| General Manager ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] httpd 2.3 or 2.4 repository for CentOS 6.X anywhere?
Hi is there a yum repository for httpd 2.3 or 2.4 for CentOS 6.X anywhere? Like remi for php/mysql? thanks Jobst -- f u cn rd ths, u cn gt a gd jb n cmptr prgmmng. [Anon] | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
sorry late reply. thanks, will look into it. On Fri, Nov 06, 2015 at 07:23:59PM -0800, Gordon Messmer (gordon.mess...@gmail.com) wrote: > On 11/06/2015 06:30 PM, Jobst Schmalenbach wrote: > >What troubles me that a simple restart of the daemon fixes everything but it > >does not come up on reboot. > > Running the service script manually may not give you the same selinux > context as on boot. Services should be started using "run_init" to ensure > they get the correct context. > > I think this is legitimately the most confusing aspect of SELinux, and it's > one of the things that systemd fixed properly. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Never share a foxhole with anyone braver than yourself. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
sorry, late reply.
thanks, one part was a path.
jobst
On Mon, Nov 09, 2015 at 09:40:44AM -0800, Gordon Messmer
(gordon.mess...@gmail.com) wrote:
> On 11/06/2015 06:30 PM, Jobst Schmalenbach wrote:
> >Putting selinux into permissive mode starts the server right from boot.
> >Looking at all the logs I cannot see anything.
>
> Which logs? You should see AVC denies logged in /var/log/audit/audit.log,
> unless you've disabled audit logging.
>
> The AVCs should indicate which files are labeled incorrectly, and what their
> current label is. You probably need to fix the tree from which you're
> serving files.
>
> Could be just "restorecon -r -v /var/www" if you're using the default paths.
> Otherwise, you should use semanage to fix whatever paths you're using:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
--
while ( !sorted ) { do_nothing ( ) ; }
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[CentOS] After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
Hi. I am stuck with this one and I do not know where and how to search for this problem nor do I know how to fix it. When I reboot one of our servers (CentOS 6.7, selinux target, yum fully updated) the http server loads fine (no erros) but when accessing one of the server's websites it displays "Forbidden", restarting the httpd server (command line) will give full access and all is fine. What troubles me that a simple restart of the daemon fixes everything but it does not come up on reboot. [Sat Nov 07 13:02:44 2015] [notice] caught SIGTERM, shutting down [Sat Nov 07 13:02:45 2015] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [Sat Nov 07 13:02:45 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Nov 07 13:02:45 2015] [notice] Digest: generating secret for digest authentication ... [Sat Nov 07 13:02:45 2015] [notice] Digest: done [Sat Nov 07 13:02:45 2015] [notice] Apache/2.2.15 (Unix) PHP/5.4.45 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_wsgi/3.2 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations I started it with an strace but I cant find anything that looks suspicious ... Putting selinux into permissive mode starts the server right from boot. Looking at all the logs I cannot see anything. Any ideas? Jobst -- Though the pen IS mightier than the sword, the sword is mightier at any given moment. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Centos and logs
On Tue, Nov 18, 2014 at 05:03:30PM +0200, Alan Holt (berber...@gmail.com) wrote:
Hello,
may be anyone familiar with some tool for viewing logs.
I mean web-interface based, simple solution.
I have developers, and I can't give them access to my Centos servers, but
they want to see logs of Apache. I want to give them address like
172.17.17.21/logs and they will be able to watch logs of Apache in browser.
I was looking a lot for something like this, but didn't find.
Alex.
You could use NFS, exportfs the apache log directory to 127.0.0.1 only,
make a directory somewhere accessible to the developers outside the root of the
server
and mount the apache log directory to that dir READONLY.
Alternatively you can change the log directory location in http.conf to
somewhere the developers can access it but outside the root of the server.
Since apache AND the developers must be able to access it this should be no
problem.
Jobst
--
main(){for (;;) fputc(NULL,rand() % 2);)
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] CLAMAV problem: Error message outdated version although yum list installed reports correct version
Hi. I posted this on the clamav list as well, as I do not know whether this is a rpm issue or clamav issue. Strange problem indeed: [root /tmp] #yum list installed clamav* Loaded plugins: fastestmirror Installed Packages clamav.x86_64 0.98-2.el5.rf installed clamav-db.x86_64 0.98-2.el5.rf installed clamav-milter.x86_64 0.98-2.el5.rf installed [root /tmp] # [root /tmp] #su clamav -c /usr/bin/freshclam ClamAV update process started at Thu Feb 20 12:37:52 2014 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.98 Recommended version: 0.98.1 DON'T PANIC! Read http://www.clamav.net/support/faq I have checked the following: - all configuration files point to the same database directory - there is only one binary for each of the clamav things on the system - freshclam updates with no problems - clamconf report correct databases but also: Software settings - Version: 0.98 Any ideas? It has been complaining about this one for some time. Jobst -- My software never has bugs; it just develops random features. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CLAMAV problem: Error message outdated version although yum list installed reports correct version
On Wed, Feb 19, 2014 at 09:20:05PM -0600, Johnny Hughes (joh...@centos.org) wrote: On 02/19/2014 08:29 PM, Jobst Schmalenbach wrote: Hi. I posted this on the clamav list as well, as I do not know whether this is a rpm issue or clamav issue. Strange problem indeed: [root /tmp] #yum list installed clamav* Loaded plugins: fastestmirror Installed Packages clamav.x86_64 0.98-2.el5.rf installed clamav-db.x86_64 0.98-2.el5.rf installed clamav-milter.x86_64 0.98-2.el5.rf installed [root /tmp] # Yes, repoforge needs to build the new version if clamav (version 0.98.1) instead of 0.98. But according to the RPM numbers (see above) it already did ... this is why it is so confusing. Jobst ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] deleting FakeRaid - what happens to the partitions/data
Hi A server has FakeRAID installed, I want to remove it to make it mdadm driven If I delete the FakeRAID including - disabling it in the BIOS - removing the dmraid driver from initrd - deleting all meta data from partitions - deleting all dmraid packages is the data still available on the drives, i.e. the partitions, filesystem and files are still ok? I know that FakeRAID controller is not a real hardware controller and the driver (thus CPU doing the work) makes it look like one drive ... So if you create a partition it would be a standard (and same) partition on each of the drive connected to a FakeRAID? This would me there are just normal drives with partitions and file system that is ready to be used after the deletion of the faeRAID? thanks Jobst -- Dont blink or you miss it! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] updated certificate, but certwatch still reporting it needs to be renewed
Hi I updapted the ssl certificate on the 15th of Jan using the providers update facility. Then I downloaded the new certificate, installed it and restarted httpd. Then I checked with the providers ssl installation diagnostic tool whether everything is fine - and it is, all reported good. Then I opened a browser, loaded the https website, checked the certificate and it's valid until 8/02/2017, which was reported by above, as well. I know I could turn certwatch off, but I like the warning as I have a few certs on different websites, domains and machines. How come certwatch is still complaining? Jobst -- Why do overlook and oversee mean opposite things? | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] updated certificate, but certwatch still reporting it needs to be renewed
Thanks for the reply. I put all the different certs into different subdirectories, so I know it's that one, e.g.: /apachepath/conf.d/cert1 /apachepath/conf.d/cert2 /apachepath/conf.d/cert3 It, too, complains about the /apachepath/conf.d/cert3/domain.crt file, which comes from the provider anyway. I know it's the correct/new/latest one (date,size and from tests). Jobst On Mon, Jan 20, 2014 at 03:01:20AM +0100, Reindl Harald (h.rei...@thelounge.net) wrote: Am 20.01.2014 02:23, schrieb Jobst Schmalenbach: I updapted the ssl certificate on the 15th of Jan using the providers update facility. Then I downloaded the new certificate, installed it and restarted httpd. Then I checked with the providers ssl installation diagnostic tool whether everything is fine - and it is, all reported good. Then I opened a browser, loaded the https website, checked the certificate and it's valid until 8/02/2017, which was reported by above, as well. I know I could turn certwatch off, but I like the warning as I have a few certs on different websites, domains and machines. How come certwatch is still complaining? look about *what* certificate it complains certwatch looks at *all* certificates and you have changed *one* -- If proof denies faith, and uncertainty denies proof, then uncertainty is proof of God's existence. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two external interfaces, one with default route and ping problem
hi. sorry for the late reply ... been busy. When I first started this project I read while doing research that it is not a good idea to use eth0:1 using iptables ... but after you wrote the below I did some more RTFm and came to the conclusion there is not anything wrong doing this when done right. So I made a new chain name and directed all traffic with the IP address through that chain letting only mail (inc ssl etc) traffic pass - thanks its working now. Jobst On Mon, Aug 19, 2013 at 11:34:37PM -0500, Les Mikesell (lesmikes...@gmail.com) wrote: On Mon, Aug 19, 2013 at 10:41 PM, Jobst Schmalenbach jo...@barrett.com.au wrote: Hi I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses. I have tried: 1) one machine, two real interfaces, two cables (eth0 and eth2) 2) one machine, one real interface eth0 and one virtual interface eth0:1, one network cable Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications). Why do you need different rules for eth0:1? Can't you specify the IP addresses? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- My Carpenter has a 1956 VW Beetle. He still can go to any place in Australia, use any Oil, spark plugs, pertol, tires, wiper blades, etc available today with a car that old. If only software would be like that. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Two external interfaces, one with default route and ping problem
Hi I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses. I have tried: 1) one machine, two real interfaces, two cables (eth0 and eth2) 2) one machine, one real interface eth0 and one virtual interface eth0:1, one network cable Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications). I have a problem with number number 1) I can ping the first ip address and I get a return, but I cannot get a return when I ping the second ip address. I can see traffic coming into the second interface but it does not return. Now one of the interfaces needs the default route applied (is this correct??), which is eth0. I assume this is a routing problem? What do I need to do to get this to work? Jobst -- Student to Teacher: Sir, what's an oxymoron? Teacher to Student: Microsoft Works. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.9, GNOKII, SMS and Huawei [ E160G | E176 ]
Hi. This is for a Nagios server which sends out warnings when something is dead. So if the internet connection is dead, email2sms will not work and I will not be informed. jobst On Tue, Aug 13, 2013 at 05:24:00AM -0700, John Doe (jd...@yahoo.com) wrote: From: Jobst Schmalenbach jo...@barrett.com.au I want to setup a SMS system for Nagios on a 5.9 box. I read in a blog that the two modems Huawei [ E160G | E176 ] work with 6.3. Anybody any experience with those modems and do they work with 5.9? Are there any other devices that are better/recommended? Can't help you with these modems but... did you check the email2sms gateway providers? Are they a lot more expensive than an extra telephone subscription? Unless you want it to work even without net on the nagios server of course... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- If love is blind, why is lingerie so popular? | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 5.9, GNOKII, SMS and Huawei [ E160G | E176 ]
Hi I want to setup a SMS system for Nagios on a 5.9 box. I read in a blog that the two modems Huawei [ E160G | E176 ] work with 6.3. Anybody any experience with those modems and do they work with 5.9? Are there any other devices that are better/recommended? Thanks Jobst -- 186,262 miles/second : Not just a good idea, it's the LAW. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] What is bind97 and what are the differences to bind
Hi, sorry if this has been covered, I searched google for this but can't find an answer (maybe I am trying the incorrect search terms). What is bind97? What are the differences between bind97 and bind? thanks Jobst -- Fortune: No such file or directory. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5.8, Adaptec 6405 but lsmod lists dmraid?
Hi I have (actaully on a number of machines) various Adaptec card installed, yet lsmod shows dmraid loaded? How come? I thought that dmraid is software raid? Is this part of the booting and if so How do I tell mkinitrd NOT to make it part of the bootup process? Jobst -- When you lose, don't lose the lesson. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permission nfsnobody and mounting an nfs share in a datacenter
Yeah, should have stated that in the original message ... I know. I already asked the data center whether they can do the squash ... they can't. They have a deal with a supplier providing the infrastructure for the NFS system. Jobst On Mon, Oct 22, 2012 at 06:37:00PM -0700, John R Pierce (pie...@hogranch.com) wrote: On 10/22/12 6:21 PM, Jobst Schmalenbach wrote: How can I make this possible? nfs exports usually default to not allowing root write access. this si on the nfs server side, not the client. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Remember that silence is sometimes the best answer. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mount -o loop question.
Hi, I know I can create a file and mount it like this: dd if=/dev/zero of=/tmp/somefile bs=1024 count=10 mke2fs /tmp/somefile mount /tmp/somefile /mnt -o loop but that has a problem it cannot grow. Is there a way to do the same (above) but have it not restricted to a size? Or can I append blocks to the end of the file without distroying it? Jobst -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mount -o loop question.
On Tue, Oct 23, 2012 at 08:08:38AM -0500, Robert Nichols (rnicholsnos...@comcast.net) wrote: On 10/23/2012 03:44 AM, Banyan He wrote: btw, here is the way to append more bytes on the tail, dd if=/dev/zero of=myfile bs=1 count=no_of_bytes seek=$(stat -c%s myfile) Sounds like a hard way to do dd conv=notrunc oflag=append if=/dev/zero ... was thinking more of a LVM way to do this. Jobst -- Student to Teacher: Sir, what's an oxymoron? Teacher to Student: Microsoft Works. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Permission nfsnobody and mounting an nfs share in a datacenter
Hi A datacenter I use provides mountable nfs shares that are provided through a subnet, the only person having access to the nfs share is me. If I do this: mount -t nfs 192.168.53.21:/USERNAME /mnt/share/ then I get the share: [root@hostname /mnt/share] #ls -la total 12 drwxrwxrwx 2 nfsnobody nfsnobody 4096 Oct 9 18:04 . drwxr-xr-x 7 root root 4096 Oct 9 17:55 .. -rw-r--r-- 1 nfsnobody nfsnobody0 Oct 9 18:01 test I want to use this as a snapshot backup drive, so I need to have the permission on the backup the same as on the source, e.g. rsync -avH /bin /mnt/share Off course this fails: rsync: chown /mnt/share/bin/.zcat.WDISFU failed: Operation not permitted (1) How can I make this possible? Jobst -- The reason you cannot think about eternity is because the intellect which is doing the thinking is an instrument of time and nothing else. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changes to inodes discovered by aide
Hi Correct, looking at the log of prelink.full and prelink.quick the times match the inode changes using aide -c. thanks Jobst On Fri, Sep 28, 2012 at 09:31:19AM +0100, Tony Molloy (tony.mol...@ul.ie) wrote: On Friday 28 September 2012 03:03:31 Jobst Schmalenbach wrote: Hi. On one of my servers aide just reported inode changes to a large bunch of files in a variety of directories, e.g. /usr/bin, /usr/sbin etc. This machine sits behind a couple of firewalls and it would be hard to get to. The day before I updated clam* and updated the aide database right after that: -rw--- 1 root root 7407412 Sep 26 10:58 aide.db.gz The problem was that the changes were made when no-one was in the office, here are a few: Directory: /usr/sbin Mtime: 2012-09-26 10:55:15 , 2012-09-27 06:36:42 Ctime: 2012-09-26 10:55:15 , 2012-09-27 06:36:42 File: /usr/sbin/wpa_supplicant Ctime: 2012-09-07 06:39:44 , 2012-09-27 06:36:40 Inode: 2490595 , 2490536 MD5 : IVNJESmXwIG9XY0MowL3CA== , DUQMpFMsKqlZgjOmJIp3OQ== RMD160 : 4xuWhqqliTLM5Jx6zAvQ9f1PY1c= , AlSPQGiVe+/T8YdHDSIypI904kA= SHA256 : OaUWNIGUS9AhXEjV3p8Cg4TeIEjuQ/tu , z1c9XCKVyjDzDuN7t32B+sbj6nil90TK File: /usr/sbin/clamav-milter Size : 202453 , 206637 Ctime: 2012-09-26 10:55:15 , 2012-09-27 06:36:37 Inode: 2490507 , 2490625 MD5 : HoONWy9q+qbRzHtlTeR6Wg== , klWTxNFmL8MEAQmIPwvHxg== RMD160 : lfa72Vrh6Q2DWjf+UIxREAK4V1Y= , MPbEoKH/ws3aWA+sBuycRvU9DP0= SHA256 : aFRvKcA999IPRFJ2qByu8aKB6QmHpW5i , u0oTtBkHjchhlY8AIejOfKPoJRencpmK Yum does not report anything (last 4 lines os yum.log) Sep 21 10:40:11 Installed: ghostscript-fonts-5.50-13.1.1.noarch Sep 26 10:55:14 Updated: clamav-0.97.6-1.el5.rf.x86_64 Sep 26 10:55:15 Updated: clamd-0.97.6-1.el5.rf.x86_64 Sep 26 10:55:15 Updated: clamav-milter-0.97.6-1.el5.rf.x86_64 I ran (a fresh install) of rkhunter, did not find a thing ... Is it possible that a change to one file sets of a domino effect of indode changes? thanks Jobst Just a thought. I run tripwire, planning to switch to aide, and occasionally see the same. Lots of changes reported reported in /bin type directories. In my case it's caused by a run of prelink updating lots of files in /bin. Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Though the pen IS mightier than the sword, the sword is mightier at any given moment. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Changes to inodes discovered by aide
Hi. On one of my servers aide just reported inode changes to a large bunch of files in a variety of directories, e.g. /usr/bin, /usr/sbin etc. This machine sits behind a couple of firewalls and it would be hard to get to. The day before I updated clam* and updated the aide database right after that: -rw--- 1 root root 7407412 Sep 26 10:58 aide.db.gz The problem was that the changes were made when no-one was in the office, here are a few: Directory: /usr/sbin Mtime: 2012-09-26 10:55:15 , 2012-09-27 06:36:42 Ctime: 2012-09-26 10:55:15 , 2012-09-27 06:36:42 File: /usr/sbin/wpa_supplicant Ctime: 2012-09-07 06:39:44 , 2012-09-27 06:36:40 Inode: 2490595 , 2490536 MD5 : IVNJESmXwIG9XY0MowL3CA== , DUQMpFMsKqlZgjOmJIp3OQ== RMD160 : 4xuWhqqliTLM5Jx6zAvQ9f1PY1c= , AlSPQGiVe+/T8YdHDSIypI904kA= SHA256 : OaUWNIGUS9AhXEjV3p8Cg4TeIEjuQ/tu , z1c9XCKVyjDzDuN7t32B+sbj6nil90TK File: /usr/sbin/clamav-milter Size : 202453 , 206637 Ctime: 2012-09-26 10:55:15 , 2012-09-27 06:36:37 Inode: 2490507 , 2490625 MD5 : HoONWy9q+qbRzHtlTeR6Wg== , klWTxNFmL8MEAQmIPwvHxg== RMD160 : lfa72Vrh6Q2DWjf+UIxREAK4V1Y= , MPbEoKH/ws3aWA+sBuycRvU9DP0= SHA256 : aFRvKcA999IPRFJ2qByu8aKB6QmHpW5i , u0oTtBkHjchhlY8AIejOfKPoJRencpmK Yum does not report anything (last 4 lines os yum.log) Sep 21 10:40:11 Installed: ghostscript-fonts-5.50-13.1.1.noarch Sep 26 10:55:14 Updated: clamav-0.97.6-1.el5.rf.x86_64 Sep 26 10:55:15 Updated: clamd-0.97.6-1.el5.rf.x86_64 Sep 26 10:55:15 Updated: clamav-milter-0.97.6-1.el5.rf.x86_64 I ran (a fresh install) of rkhunter, did not find a thing ... Is it possible that a change to one file sets of a domino effect of indode changes? thanks Jobst -- Diplomacy: The art of saying, Nice Doggy, until you can find a stick. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Loading drivers during linux rescue
Hi I got a new Adaptec 6405 card with a set of new harddrives. Problem that I assumed that the card had kernel drivers, which it has but only from 2.6.39 onwards. I installed the kmod-aacraid drivers, they see the card and drives, fine. However, I need to get a linux rescue to work, thus I need to load the drivers during the boot of the resuce disk. How do I do this? thanks Jobst -- C is a write-only language. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Order of sata/sas raid cards
Hi. I bought a new Adaptec 6405 card including new (much larger) SAS drives (arrays). I need to copy content of the current SATA (old adaptec 2405) drives to the new SAS drives. When I put the new controller into the machine, the card is seen and I can see that the kernel loads the new drives and the old drives. The problem is that the new drives are loaded as SDA and SDB, which then stops the kernel loading, becasue it cannot find root and get kernel panic. Is there a way to tell the kernel in which order to load the drives and assign the drive order in a way that the new drives are assigned SDC and SDD and the old drives get SDA and SDB? thanks Jobst -- Why are a wise man and a wise guy opposites? | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Order of sata/sas raid cards
Hi Adrian yes this will do. Because I do not know (yet) the UUID of the new partitions (drives), if I specify the UUID for the known drives for the partitions the kernel will assign the new drives to higher sdx? Is this correct? thanks Jobst On Thu, Aug 23, 2012 at 12:49:38PM +0300, Adrian Sevcenco (adrian.sevce...@cern.ch) wrote: On 08/23/12 12:13, Jobst Schmalenbach wrote: Is there a way to tell the kernel in which order to load the drives and assign the drive order in a way that the new drives are assigned SDC and SDD and the old drives get SDA and SDB? use UUID= in fstab (lsblk -o NAME,KNAME,UUID) and you will get rid of all this headaches (if you have software raid the assembling is done internally based on UUID so you don't have to worry about mdraid) HTH, Adrian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- f u cn rd ths, u cn gt a gd jb n cmptr prgmmng. [Anon] | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Loading drivers during linux rescue
Sorry, maybe I did not give enough information.
I have the drivers from adaptecs site (plus the kmod stuff).
At least once I need to boot the rescue disk to select the
bootpartition and install grub on the new drives, I need to insmod
the drivers, but I do not know where and how to do that during
the boot process of the rescue disk (there is no menu for that).
I have never had to do this before ... in all the years of using Linux ;-)
Jobst
On Thu, Aug 23, 2012 at 02:31:55AM -0700, John Doe (jd...@yahoo.com) wrote:
From: Jobst Schmalenbach jo...@barrett.com.au
I got a new Adaptec 6405 card with a set of new harddrives.
Problem that I assumed that the card had kernel drivers, which it has but
only
from 2.6.39 onwards.
I installed the kmod-aacraid drivers, they see the card and drives, fine.
However, I need to get a linux rescue to work, thus I need to load
the drivers during the boot of the resuce disk.
How do I do this?
Tried adaptec's driver disk?
http://www.adaptec.com/en-us/speed/raid/aac/linux/aacraid_linux_driverdisks_v1_1_7-29100_tgz.htm
JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
while ( !sorted ) { do_nothing ( ) ; }
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Order of sata/sas raid cards
I agree with the UUID stuff, I do not like them for the exact same reason. I do not understand why RedHat cannot include the partition into the UUID, e.g. dev-sda1-c05e-449a-837b-b2579b949d55 As for the first drive, when the kernel boots I think it assigns the drives in order of the controller on the system bus/slots. As the new controller sits lower in the slot system (i.e. closer to the CPUs) it is recognised first as I can see it appearing first in the order being initialized by the kernel. I cant move it below the old card as there is no slot that has the correct PCI-x8. I will try the LABEL way of doing I remember that was the same problem a few years back when one had multiple network interfaces until the MAC addresses where introduced into the ifcfg files. Jobst On Thu, Aug 23, 2012 at 09:40:24AM -0400, m.r...@5-cent.us (m.r...@5-cent.us) wrote: Markus Falb wrote: On 23.8.2012 14:01, Jobst Schmalenbach wrote: Hi Adrian yes this will do. Because I do not know (yet) the UUID of the new partitions (drives), if I specify the UUID for the known drives for the partitions the kernel will assign the new drives to higher sdx? Is this correct? After reboot sdx could be sdy, as you noticed. The solution: you dont access a drive via /dev/sdx You access per UUID and the kernel maps it to the appropiate sdXY which could be sdy after reboot. You can also label it. I loathe UUIDs - there is *no* way you're going to remember one when you need it. Labels are so much clearer. I am not sure about initial ramdisks etc. maybe there is hardcoded stuff to sdx in there. Maybe it has to be rebuilt? Maybe you has to rebuild initrd as well as updating fstab? I've actually never seen a system *not* know what the first drive was, hardware-wise. And grub will point to root hd(0,x), normally, not UUID or anything else. You *can* (and I do, all the time) use LABEL= on the kernel line. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- When the Pope visits a country he really likes, does he french kiss the ground? | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Intel D425KT Motherboard / Realtek RTL8105E
Just to be sure, have you tested on the machine to ping the interface? i.e. give it an IP address in ifcfg-eth0, then ping the ip address locally? Did you put another temporary PCI card into the system and tried that? Jobst On Fri, Aug 17, 2012 at 12:59:11PM -0500, Tim Nelson (tnel...@rockbochs.com) wrote: - Original Message - Tim Nelson wrote: Greetings- I'm attempting to get CentOS 5.5 x86 (yes, very specific version required for specific software usage scenario... don't ask) running on an Intel D425KT mini-ITX motherboard. Everything works fine, with the exception of the onboard ethernet, which is a Realtek RTL8105E chip. The stock CentOS installation attempts to use the r8169 driver, which does not work. I've been around the block a few times dealing with Realtek interfaces and their driver hell, but this one is stumping me. snip I've got a baaad feeling about this. Have you considered returning the m/b for a replacement? Yes, it crossed my mind, but the fact is I have 4 of these boards, all with the same symptoms. :( --Tim ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- If love is blind, why is lingerie so popular? | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Filing a bug for clamav
On Fri, Feb 17, 2012 at 04:44:21PM +0100, Morten Stevens (mstev...@imt-systems.com) wrote: On 17.02.2012 14:06, Jobst Schmalenbach wrote: Hi. IMHO there is a bug in the latest updater for clamav: Where do I file a bug report? Repo? EPEL? If, Yes: https://bugzilla.redhat.com/ Yes thanks, I did that. Jobst -- My software never has bugs; it just develops random features. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ways To Practice Breaking My System?
On Tue, Feb 21, 2012 at 08:00:17AM -0700, Warren Young (war...@etr-usa.com) wrote: On 2/21/2012 5:57 AM, Boris Epstein wrote: Things like boot process rarely break. - Get asked to configure the foo service, get it all working, forget to add it to init.d, use it happily for months, reboot, fail to notice the service's absence until someone gives a misleading bug report. (The foo service has crashed!) Then I have to go chasing it, handicapped by being half a year separated from the last time I looked at it. I am glad to see I am NOT the only one doing this ... ;-) You made my day ;-) Jobst -- The future isn't what it used to be (it never was). | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Filing a bug for clamav
Hi. IMHO there is a bug in the latest updater for clamav: * it places a freshclam script into /etc/cron.daily that uses a hardcoded datadir not defined in /etc/clamd.conf its never done that before in the last 5 years or so, and I have a script running from cron.d * its overwrites the permissions of existing directories (lib and log) to another new clamav user, although one already exist (making the system unstable) Where do I file a bug report? Jobst -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Filing a bug for clamav
On Fri, Feb 17, 2012 at 09:38:02AM -0600, Johnny Hughes (joh...@centos.org) wrote: On 02/17/2012 07:06 AM, Jobst Schmalenbach wrote: Hi. IMHO there is a bug in the latest updater for clamav: CentOS does not distribute clamav ... OK, thanks ... I am a step further then. Now if I do a yum list installed | grep clamav then this happens: [root ~] #yum list installed | grep clam clamav.x86_64 0.97.3-3.el5 installed clamav-db.x86_64 0.97.3-3.el5 installed clamav-milter.x86_64 0.97.3-3.el5 installed clamd.x86_64 0.97.3-3.el5 installed It only says installed but I cannot remember the repository ... sadly. How can I find out the repository it came from? There does not seem to be an option in YUM to list all available rpm's from a particular reposotory ... -- There are three kinds of lies: Lies, Damn lies, and statistics. - Disraeli | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail, port 465/587, auth and imap
Hi replying to myself as I figured it (ouch!) I had the correct stuff in the saslauth file: # this is VIA IMAP MECH=rimap FLAGS=-O localhost -r but I forgot to exclude the FLAGS line which was at the end of that file: # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. # make sure you dont have double flags in here. FLAGS= wiping FLAGS to null and sasl is complaining with Starting saslauthd: saslauthd[20677] :set_auth_mech : failed to initialize mechanism rimap Bugger. Jobst On Wed, Feb 23, 2011 at 06:18:28PM +1100, Jobst Schmalenbach (jo...@barrett.com.au) wrote: Hi. Apologies to the list for sending this twice as I forgot to enter a proper subject line, I wanted to write the content first and then make up the subject line ;-) I am trying to configure sendmail that is looks up the users credentials to allow them to send email via that server via an imap server on the same machine when sending email while on the road. I can send email when specifying a user that is stored in the servers /etc/shadow ... no problem but I cannot get my head around it how to do make saslauth OR sendmail lookup the user via the imap daemon. This is the working config (mc) for the sendmail daemon when using a locally created user (I knock the PLAIN off once I got it to work): define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5') TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5') DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s') etc. How can I make sendmail (or saslauth) to get the user credentials via an imap server running on the same machine (the credentials are from an internal samba server) so I do not need to enter users details twice? Jobst -- 186,262 miles/second : Not just a good idea, it's the LAW. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- My Carpenter has a 1956 VW Beetle. He still can go to any place in Australia, use any Oil, spark plugs, pertol, tires, wiper blades, etc available today with a car that old. If only software would be like that. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting traffic using iptables
You are correct, I used section 6.1. Its working now thanks On Mon, Jan 31, 2011 at 01:49:08PM +0100, Giles Coochey (gi...@coochey.net) wrote: On 31/01/2011 13:46, Jobst Schmalenbach wrote: Hi. I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing. I all works fine if people specify the proxy in the browser, but in case like flash it of no use. Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2. SHDSL ADSL2+ -- --- host 1 host2 SQUID -- --- || host3 | eth1 On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work tried: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 browser tell me invalid request. All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required. ANy ideas, anyone? Read the transparent proxy howto... you may need to do SNAT as well as DNAT. http://tldp.org/HOWTO/TransparentProxy-6.html -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Time flies like the wind. Fruit flies like a banana. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] asd
Hi. I am trying to configure sendmail that is looks up the users credentials to allow them to send email via that server via an imap server on the same machine when sending email while on the road. I can send email when specifying a user that is stored in the servers /etc/shadow ... no problem but I cannot get my head around it how to do make saslauth OR sendmail lookup the user creds via the imap daemon. This is the working config (mc) for the sendmail daemon when using a locally created user (I knock the PLAIN off once I got it to work): define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl etc. How can I make sendmail (or saslauth) to get the user credentials via an imap server running on the same machine (the credentials are from an internal samba server) so I do not need to enter users details twice? Jobst -- Passwords are like underwear. You don't share them, you don't hang them on your monitor, or under your keyboard, you don't email them, or put them on a web site, and you must change them very often. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sendmail, port 465/587, auth and imap
Hi. Apologies to the list for sending this twice as I forgot to enter a proper subject line, I wanted to write the content first and then make up the subject line ;-) I am trying to configure sendmail that is looks up the users credentials to allow them to send email via that server via an imap server on the same machine when sending email while on the road. I can send email when specifying a user that is stored in the servers /etc/shadow ... no problem but I cannot get my head around it how to do make saslauth OR sendmail lookup the user via the imap daemon. This is the working config (mc) for the sendmail daemon when using a locally created user (I knock the PLAIN off once I got it to work): define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5') TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5') DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s') etc. How can I make sendmail (or saslauth) to get the user credentials via an imap server running on the same machine (the credentials are from an internal samba server) so I do not need to enter users details twice? Jobst -- 186,262 miles/second : Not just a good idea, it's the LAW. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] redirecting traffic using iptables
Hi. I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing. I all works fine if people specify the proxy in the browser, but in case like flash it of no use. Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2. SHDSL ADSL2+ -- --- host 1 host2 SQUID -- --- || host3 | eth1 On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work tried: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 browser tell me invalid request. All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required. ANy ideas, anyone? Jobst -- 'Two things are infinite: the universe and human stupidity, and I'm not sure about the first one. - Albert Einstein | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Graphing System Load MRTG
I understand that, but here are some points why I chose my post: 1: not sure about the persons knowledge re snmp 2: dont know the guys hardware and packages installed 3: seeing uptime and uname explains other parts of the MRTG system, i.e. required return values of the scripts 4: portabilty 5: most of the time server are cruising below their capacity, adding a few more cycles because calling scripts etc does not really matter Jobst On Thu, Jan 06, 2011 at 04:58:50AM -0800, Benjamin Franz (jfr...@freerun.com) wrote: On 01/05/2011 09:33 PM, Jobst Schmalenbach wrote: On Tue, Dec 21, 2010 at 10:09:30AM -0600, Matt (lm7...@gmail.com) wrote: I check system load like so: [r...@server cron.daily]# w 10:07:33 up 4 days, 15:01, 2 users, load average: 4.22, 3.17, 3.09 I would like to to graph the 3.17 5 minute average with MRTG. Anyone know of some examples of doing this? Make yourself a script, include this: [...] That is doing it the hard way. Use scripts only if there isn't an OID for what you want. Target[hostname_load]: laLoadInt.2laLoadInt.2:commun...@host:2 RouterUptime[hostname_load]: commun...@host:2 MaxBytes[hostname_load]: 3 Title[hostname_load]: System Load Factor[hostname_load]: 0.01 YTicsFactor[hostname_load]: 0.01 YLegend[hostname_load]: System Load Legend1[hostname_load]: Load Legend2[hostname_load]: Legend3[hostname_load]: Legend4[hostname_load]: LegendI[hostname_load]: Load LegendO[hostname_load]: ShortLegend[hostname_load]: load Options[hostname_load]: gauge,growright,nopercent Directory[hostname_load]: hostname Make sure you load the correct MIB otherwise you might have to use the OID instead of the symbolic name. LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt -- Benjamin Franz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Hoju Keyboard solo! skskskskskskskskskskskskskskskskskskskskksksksksks | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Graphing System Load MRTG
Make yourself a script, include this:
#!/bin/sh
# first the load 5 and 15 min avg
# multiply * 100 to avoid floats
# it helps if mrtg period is a multiple of 5 mins
uptime | sed -e 's/^.*average.*: \(.*\)$/\1/' -e 's/ //g' |
awk -F, '{ printf(%.0f\n,$2*100); printf(%.0f\n,$3*100) }'
# the uptime
uptime | sed 's/.*\sup\s\(.*\),\s*.*user.*$/\1/'
# my name
uname -n
than for mrtg (in the mrtg.cfg file):
Target[load]: `THE_NAME_AND_PATH_OF_THE_SCRIPT_ABOVE`
Options[load]: integer,gauge
Title[load]:System load
Xsize[load]:600
Ysize[load]:200
Ytics[load]:10
MaxBytes[load]: 3000
PageTop[load]: H1Load Average/H1
YLegend[load]: Load Average
ShortLegend[load]: nbsp;
LegendO[load]: 5 minute average
LegendI[load]: 15 minute stagger
jobst
On Tue, Dec 21, 2010 at 10:09:30AM -0600, Matt (lm7...@gmail.com) wrote:
I check system load like so:
[r...@server cron.daily]# w
10:07:33 up 4 days, 15:01, 2 users, load average: 4.22, 3.17, 3.09
I would like to to graph the 3.17 5 minute average with MRTG. Anyone
know of some examples of doing this?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
Sometimes, the sharpest sword is not enough, but usually...it is.
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hwclock problem
Ok I try that, but the thing is: * motherboards not that old * its exactly 11 hours (+/- a couple of seconds) each time Jobst On Fri, Nov 12, 2010 at 09:31:55AM -0500, Brunner, Brian T. (bbrun...@gai-tronics.com) wrote: and off course dovecot falls over too Time just moved backwards by 39599 seconds. Now, 39600s is 11 hours, which is (inc DST) *MY* offset from Greenwich. So what am I doing wrong? I have this problem when dead batteries on the mobo prevent the hwclock from preserving the time. Reboots don't show this (shutdown -r) but yanking the AC to fiddle with switches on the cards (which takes pulling them out) or swapping known-good with suspect-under-test gives me a boot-up time somewhere back in August of 2006. *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- If builders built buildings the way Microsoft wrote programs, then the first woodpecker that came along would destroy civilization. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Does yum update tzdata update /etc/localtime?
Hi list. Does yum update tzdata update /etc/localtime or does this need to be done manually? [this is part of the hwclock problem, a guy from sage-au has given me a hint] Jobst -- Keyboard not found - please clean up desktop! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] hwclock problem
Hi. I run peridocally (from cron) on all of my machines 30 * * * * root /sbin/hwclock --systohc All of those machines in question take their time via NTP from the same local server, and that server gets its time from a ntp pool. Now I had to reboot a couple of them two days ago and to my surprise all had problems with the time upon booting. Here are the important files: [r...@xx ~] #l /etc/adjtime 0.001687 1289518202 0.00 1289518202 LOCAL [r...@xxx ~] #l /etc/sysconfig/clock ZONE=Australia/Melbourne UTC=false ARC=false So from my understanding the hwclock should contain the local time. [r...@xx ~] #date Fri Nov 12 11:26:23 EST 2010 [r...@xx ~] #hwclock Fri 12 Nov 2010 11:26:42 EST -0.167976 seconds [r...@xx ~] # However on boot I get the following: Nov 10 19:08:37 XX syslogd 1.4.1: restart. Nov 10 19:08:37 XX kernel: klogd 1.4.1, log source = /proc/kmsg started. Nov 10 19:08:37 XX kernel: Linux version 2.6.18-164.11.1.el5 (mockbu...@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4. 1.2-46)) #1 SMP Wed Jan 20 07:32:21 EST 2010 Nov 10 19:08:37 XX kernel: Command line: ro root=/dev/sda2 vga=791 Nov 10 19:08:37 XX kernel: BIOS-provided physical RAM map: ... ... Nov 10 19:08:51 XX kernel: IPv6 over IPv4 tunneling driver Nov 10 08:08:52 XX ntpdate[2464]: step time server 192.168.1.1 offset -39599.950905 sec Nov 10 08:08:52 XX xinetd[2447]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in. and off course dovecot falls over too Time just moved backwards by 39599 seconds. Now, 39600s is 11 hours, which is (inc DST) *MY* offset from Greenwich. So what am I doing wrong? The idea of running hwclock is to make sure that exactly the problem with dovecot does NOT occur, and ntp does not have a coughing fit when the hardware clock is not close to the correct time upon booting. The last time I booted some of those machine was more than 200 days ago, so the hwclock will be skewed if I do not update it. Jobst -- Keyboard not found - please clean up desktop! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] access to file system through web browser
Hi Using apache (either webdav or index) destroys the file permissions, on top of that I have to add the user that runs apache (nobody) to the group permissions having access to the file system. Most of my file systems do not have global access, only owner/group ... especially when it comes to data files ... WINSCP uses ssh, and ssh (when logged in) uses the file permissions that are used within the system. This is one of the prime reasons using WINSCP. The only way I can achieve keeping the permissions alive using either WINSCP (or derivatives) or a UI (php based) that interacts with the filessystem sthrough php based functions (imap,ftp,ssh). I found a few .. and there are some really good ones ... after I put the correct search terms in (thanks for that hint). http://www.google.com.au/search?hl=enq=php+file+browser Jobst On Thu, Aug 05, 2010 at 11:08:28AM +1000, Jobst Schmalenbach (jo...@barrett.com.au) wrote: Hi. I am trying to find something (php prefered) that I can stick onto a Centos apache server that would allow me to browse a selected file system by employees through a web-browser explorer like interface. I know I can do this through WinSCP (and have done so), but my problem is I have Linux, Windows and MAC clients and my knowledge of MAC's is rather limited. I can limit access to the (php) files to (ranges of) IP addresses, so security is reasonable ok and doing this through a web interface saves me time, too, as I only have to do this once, and security fixes is easy, too. Is there anything that would imitate a tree view like interface to browse a file system? Jobst -- She said she loved my mind, though by most accounts I had already lost it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- 'I will go to Korea.' - Dwight D Eisenhower. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] access to file system through web browser
Hi. I am trying to find something (php prefered) that I can stick onto a Centos apache server that would allow me to browse a selected file system by employees through a web-browser explorer like interface. I know I can do this through WinSCP (and have done so), but my problem is I have Linux, Windows and MAC clients and my knowledge of MAC's is rather limited. I can limit access to the (php) files to (ranges of) IP addresses, so security is reasonable ok and doing this through a web interface saves me time, too, as I only have to do this once, and security fixes is easy, too. Is there anything that would imitate a tree view like interface to browse a file system? Jobst -- She said she loved my mind, though by most accounts I had already lost it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2 on CentOS 4
for 5.3.2 follow the instruction on http://blog.famillecollet.com/pages/Config-en I did a fair amount of research before I decided to go with something providing a more recent version of PHP and a lot of people are raving about this one. Jobst On Wed, Jul 14, 2010 at 08:48:46PM +0300, Torintino T (torinti...@live.com) wrote: How can i upgrade from PHP 5.1.6 to PHP 5.2.9 on CentOS 4. Thanks _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum archive for PHP greater than 5.2.1 for CentOS 5.4?
On Thu, Jun 24, 2010 at 09:20:35PM -0700, John R Pierce (pie...@hogranch.com) wrote: On 06/24/10 7:50 PM, Jobst Schmalenbach wrote: Whether I like it or not I need to get a version of PHP that is greater than 5.2.1 as the latest SugarCRM version require this and as I am a module developer I need to have one of the later versions of PHP on my machines. so, basically, SugarCRM no longer supports RHEL ? huh. I did not say that, did I? I did say SugarCRM 5.5 requires PHP 5.2.1 and up and as the last version of PHP I can get for CentOS 5.4 is 5.1.6.23 I cannot install SugarCRM 5.5. But yes, you are somehow correct, with that I cannot install latest SugarCRM on a stock system. Jobst -- Nothing is stationary. Everything wiggles. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Yum archive for PHP greater than 5.2.1 for CentOS 5.4?
Whether I like it or not I need to get a version of PHP that is greater than 5.2.1 as the latest SugarCRM version require this and as I am a module developer I need to have one of the later versions of PHP on my machines. Does anyone know of a reliable and good archive for PHP that provides higher versions than the ones supplied by the upstream provider? Thanks Jobst -- 'Two things are infinite: the universe and human stupidity, and I'm not sure about the first one. - Albert Einstein | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] cameras and CentOS
Hi I want to put up a few cameras connected to a CentOS box. I currently have a box with one camera and that works (USB), I can take a pic (the script does that) and see that on a webpage. However, I want to have a couple of cameras a little further away (more than 5 meters). USB has a limit, I have tried that camera with a longer cable and it does not work ... so I need to route that in a different way. Are there equaly as cheap other moethods? Or can I use USB-adapter-network cable-adapter-USB? How can I get that to work? Jobst -- Student to Teacher: Sir, what's an oxymoron? Teacher to Student: Microsoft security. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5 Update error
You can see this too if you come from FC6 or FC7 and upgrade to 64 at the same time. This is for SOME packages a DOWNGRADE, so it keeps the i386 ... then at a later stage if you want to upgrade you get the problem above. JObst On Sat, Jun 12, 2010 at 01:52:35PM -0700, John R Pierce (pie...@hogranch.com) wrote: Morten P.D. Stevens wrote: From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Yes, you see you have Perl 64-bit and 32-bit installed. You really need it as an i386 package? I have no problem updating x86_64 packages only. Hi Alexander, thank you. I removed perl.i386 and the yum update process is now working perfectly :) this is an ongoing sporadic problem with yum and centos ... I suspect what might be happening is the i386 package sometimes gets updated first, then confuses it when it goes to update the x86_64 package. perhaps this happens when a mirror is only partially updated, but thats just a wild guess. this can be a real annoyance when it happens with a package, like for instance a library, that you have to have both 386 and _64 packages for... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Road to hell is paved with NAND gates. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Interrupt on pressing reset button
IMHO this is not possible as this is a NON maskable interrupt, thus the processor MUST do the jump and there is no way a programmer (think OS) can hook into that. ... and so it SHOULD. Think the other way, you have a hung OS (locked) and you need to reset. IF this was maskable you could press that button, but nothing wopuld happen as the OS already is dead, requiring a power cycle. If you want something to reboot the computer by pressing a button, i.e. no keyboard, use the power button as this is maskable. Catch this through inittab and shut down the computer nicely (I do this one a few machines). Jobst On Wed, Jun 02, 2010 at 05:03:21PM +0530, premr...@digilink.in (premr...@digilink.in) wrote: Hi, On Centos-5.3, is it possible to capture an interrupt when the reset button on the Supermicro Box is pressed ? Regards, Premraj M Disclaimer : This message is proprietary to Smartlink Network Systems Ltd. and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. The company accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. __ This email has been scrubbed for your protection by SecureMX. For more information visit http://securemx.in __ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- A computer without Microsoft is like chocolate cake without ketchup! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache redirection
put this into root of the domain into the .htaccess file
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{REMOTE_HOST} !^.*YOURDOMAIN\.com [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Jobst
On Wed, May 19, 2010 at 02:08:59PM -0600, Ski Dawg (cen...@skidawg.org) wrote:
Hello everyone,
Part of our website has secured access with an SSL certificate. The
problem we are running into is that the certificate is for
www.domainname.com, so when they go to domainname.com (without the
www. in front), the users are getting a This connection is untrusted
warning, because the url doesn't match the certificate.
I found one site that said to make a change to the apache conf file,
which I have done. The change that I made is adding:
VirtualHost xxx.xxx.xxx.xxx:80
ServerName domainname.com
Redirect permanent / http://www.domainname.com/
/VirtualHost
This works great to redirect the users to http://www.domainname.com
when they go to http://domainname.com.
The problem I am running into is if they go to https://domainname.com
(straight to the secure site), I am not able to find a solution that
will redirect them to https://www.domainname.com, so that the ssl
certificate matches and they won't get the This connection is
untrusted warning.
I tried using the same thing as above, but changing the port number to
443, and the http to https on the redirect line, but that actually
breaks the site, and only displays an error:
Secure Connection Failed
(Error code: ssl_error_rx_record_too_long)
Is there something obvious that I am missing? Is there a better way to
ensure that everyone will always end up with the www in the url, so
the certificate always matches?
Any thoughts and suggestions would be greatly appreciated.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
Never trust a computer you can't throw out a window.
-- Steve Wozniak
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
I have a license to kill -9!
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] update of rpm directory
If I understand this correctly then you want to update
the LOCAL RPM files to the latest version?
I am not sure but you could try yumdownloader
with some kind of bash script:
for f in `ls -1 *rpm`; do
echo Working on file: $f
rpm=${f##*/}
name=${rpm%%-[0-9]*}
echo The name of the rpm: $name
yumdownloader $name
done
This is NOT tested but you could give it a try!
jobst
On Thu, May 13, 2010 at 03:49:27PM +0300, Adrian Sevcenco
(adrian.sevce...@cern.ch) wrote:
Hi! I have an directory full with rpms that are installed on some
machines.. what is the best way to update those rpms to the latest
version? are there more optimal approaches then searching for each rpm
names in an update repo and download one by one?
Thanks,
Adrian
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone. -- Bjarne
Stroustrup, inventor of the C++ language.
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mail server best practices question
Been using sendmail-clamav-mimedefang-greylist combo for years and have never
had a problem.
Standard package:
sendmail-devel-8.13.8-2.el5
sendmail-cf-8.13.8-2.el5
sendmail-doc-8.13.8-2.el5
sendmail-8.13.8-2.el5
From rpmforge:
mimedefang.2.68-1.el5
clamd-0.96-2.el5
clamav-0.96-2.el5
clamav-milter-0.96-2.el5
milter-greylist.3.0-2.el5
The important settings to get this to work:
sendmail.mc:
INPUT_MAIL_FILTER(`greylist',
`S=local:/var/milter-greylist/milter-greylist.sock, F=T, T=S:3m;R:3m')
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock,
F=T, T=S:3m;R:3m')
INPUT_MAIL_FILTER(`clamav',`S=local:/var/clamav/clamav_milter.sock, F=T,
T=S:4m;R:4m')dnl
clamav-milter.conf:
MilterSocket unix:/var/clamav/clamav_milter.sock
clamd.conf:
LocalSocket /var/clamav/clamd_local.sock
/etc/rc.d/init.d/mimedefang:
SPOOLDIR='/var/spool/MIMEDefang'
SOCKET=${SOCKET:=$SPOOLDIR/$prog.sock}
/etc/mail/greylist.conf:
socket /var/milter-greylist/milter-greylist.sock
As for the secondary MX (on a different host) running the same OS just copy ALL
the config, its that easy.
However, on the PRIMARY host you need to make sure that the SECONDARY MX has
access to hand over mail.
Jobst
On Mon, May 10, 2010 at 01:01:13PM +0200, Coert (lgro...@waagmeester.co.za)
wrote:
Hello all,
About a year ago I set up a mail server on CentOS using this howto:
http://wanderingbarque.com/howtos/mailserver/mailserver.html
I managed to add amavisd-new with clamav and spamassassin.
It runs very well, but it runs on CentOS 5.2, and if I try to upgrade,
amavisd-new and clamav break.
we are now also at the point where a backup mx will need to be implemented.
If necessary I am willing to implement a new mail server and a new
backup mx.
What I would like to know is what solution you guys would recommend for
the mail server and the backup MX?
Any pointers would be greatly appreciated.
Regards,
Coert
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
When the Pope visits a country he really likes, does he french kiss the
ground?
| |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpmyadmin
If you look into the config file you'll find $cfg['Servers'][$i]['history'] = ''; // table to store SQL history // - leave blank for no SQL query history // DEFAULT: 'pma_history' Set it and you get the history. Jobst On Wed, May 05, 2010 at 06:35:33PM -0700, ann kok (oiyan...@yahoo.ca) wrote: Hi all When someone uses the phpmyadmin to delete data, how can I know it Does it have log? Thank you ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Why is the man who invests all your money called a broker? | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on sendmail.mc file
Using a trap-all user may seem like a good method to prevent spammers from determining what user accounts are on a system, but will also trap legitimate mail sent to an incorrect address (e.g. via a typo on the username). I would only user a trap-all on an entire domain dedicated to the purpose. I have always found that there are better methods to decrease spamming (e.g. grey listing, greet pause, mimedefang). However, if you really need to you coud try define(`LUSER_RELAY',`local:someu...@your.domain') Remember too, that user MUST exist! Jobst On Tue, May 04, 2010 at 08:18:28AM -0400, Jerry Geis (ge...@pagestation.com) wrote: I tried to set in sendmail.mc file at the LAST line define(`LUSER_RELAY', `local:unknownuser') dnl I did service sendmail restart and got an error on a completely different line. - as a thought I deleted that line and put it on line 2 of the sendmail.mc file. re-ran service sendmail restart and now it worked. I changed nothing else. Is there something special about the placement of this command??? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- recursion (re - cur' - zhun) n. 1. (see recursion) | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to schedule for a repeated task?
On Sat, May 01, 2010 at 07:12:54AM -0400, Jim Perrin (jper...@gmail.com) wrote: On Sat, May 1, 2010 at 5:52 AM, hadi motamedi motamed...@gmail.com wrote: [snip] Several things are wrong with this: 1. DO NOT EVER USE TELNET. just to be picky ;-) While I 100% agree with this you need to refine the wording a little 1. DO NOT EVER USE TELNET TO LOGIN. Telnet is still a VERY VERY worthy tool to debug e.g. a mail/imap/pop/whatever conection and I would not want to live without it, even for HTTP connections, the only thing you need to know is the protocol you want to debug. telnet mail.domain.ext 25 If you establish a sucessful connection you will see something like Connected to mail.domain.ext. Escape character is '^]'. 220 domain.ext ESMTP MDaemon 6.7.6; Tue, 25 Mar 2003 11:37:02 + The next step is to tell the mail server where you are mailing from. This is the FQDN or the IP address of your local machine HELO local.domain.name A well configured mail server will check you are who you say you are (so, if you lie about your machine FQDN or IP, you may well caught), then respond 250 mail.domain.ext Hello local.domain.name [a.b.c.d], pleased to meet you Next you specify who the mail is from MAIL FROM: m...@domain.ext which should return 250 2.1.0 m...@domain.ext... Sender ok Some mail servers will check that the domain you use in the MAIL FROM: command exists. Now tell the mail server who the email is to RCPT TO: m...@destinationdomain.ext which should return 250 2.1.0 m...@destinationdomain.ext... Recipient ok Now tell the mail server that you are going to send the email DATA Now you can start writing your email. Start by entering the email headers. Note the space between the : terminating the header name and the value. This is mandatory. From: Your Name To: Their name CC: Someone else Subject: Your subject. Once you finished with your header, press enter to leave a blank line before you begin the message body, then enter your email contents. To tell the mail server that you have completed the message enter a single . on a line on its own. The mail server should reply with something like 250 2.0.0 OK Message saved for delivery You should close the connection by issuing the QUIT command. The mailserver should sign off with something like: 221 2.0.0 mail.domain.ext closing connection Connection closed by foreign host. /just to be picky ;-) Jobst Seriously. Don't do this. It sends your user/pass in plain text. It's a horrendous security risk. I don't care what excuse you have to try to defend it. DO NOT DO IT. Use ssh keys instead. 2. Use ssh keys instead of setting a password in the script. 3. You don't need to use expect to set the PWD to /tmp. You can do this with basic scripting. Pick up a bash scripting guide and read through it. I see almost nothing in your example that requires expect. This can be done with a simple bash script. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tommorow or the next life, whichever comes first, we never know. - Saying from Tibet. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail Configuration Problem - 550 5.1.1 - User unknown Problem
On Sat, May 01, 2010 at 08:06:05PM -0700, Wang, Mary Y (mary.y.w...@boeing.com) wrote: It's working now. I just commented out some of the FEATURE lines in sendmail.mc file. Mary I hope you know what you are doing coz commenting out feature lines (randomly) just to get sendmail working is not a good idea ... for example I would not comment out these: FEATURE(delay_checks,friend) FEATURE(`dnsbl',`zen.spamhaus.org',`go away spammer') FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`virtusertable',`hash /etc/mail/virtusertable')dnl FEATURE(redirect)dnl FEATURE(always_add_domain) FEATURE(use_cw_file) FEATURE(use_ct_file) FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -TTMPF /etc/mail/access.db')dnl FEATURE(`greet_pause',5000) FEATURE(blacklist_recipients) FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl FEATURE(allmasquerade) But I comment out (and highly recommend that) these: dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl So I assume the SMART_HOST is your ISP's mailserver? When you send an email internally what is the error in the sendmail maillog (as your mailserver becomes the recipient)? Jobst _ From: Wang, Mary Y Sent: Saturday, May 01, 2010 6:21 PM To: 'centos@centos.org' Subject:Sendmail Configuration Problem - 550 5.1.1 - User unknown Problem Hi, I'm having this Sendmail configuration problem and stuck. I've been doing googling/reading posts and none of the solutions matched my problem. I'm doing some testing, and have been getting this 550 5.1.1 User unknown error when I send the email to my company's email address. When I send it to an external email address, such as yahoo, the message delivered successfully. Of course, I'm doing the configuration behind a firewall. I'm using a relay too, and I did declare the relay host in 'SMART_HOST' in the sendmail.mc file and have also recompiled it to produce the sendmail.cf. I also restarted the sendmail service. telnet ana.boeing.com 25 Trying 134.51.151.114... Connected to ana.boeing.com (134.51.151.114). Escape character is '^]'. 220 ana.boeing.com ESMTP Sendmail 8.12.11.20060308/8.12.11; Sat, 1 May 2010 16:39:06 -0700 helo ana.boeing.com 250 ana.boeing.com Hello ana.boeing.com [134.51.151.114], pleased to meet you mail from:r...@ana.boeing.com 250 2.1.0 r...@ana.boeing.com... Sender ok rcpt to:mary.y.w...@boeing.com 550 5.1.1 mary.y.w...@boeing.com... User unknown Any ideas? I'm running on Sendmail 8.12.11 Mary ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- The future isn't what it used to be (it never was). | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] System Resources Graphing
http://oss.oetiker.ch/mrtg/ http://www.nagios.org/ Jobst On Mon, Apr 26, 2010 at 11:09:41AM -0500, Matt (lm7...@gmail.com) wrote: Is there a package I can get that will graph system resources such as CPU and disk I/O to an html file or something? Matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Time flies like the wind. Fruit flies like a banana. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Debugging slow apache server?
+1 What do yo mean by which is a completely different site? Other things to consider: * make sure that every virtual host has its own log file * sometimes problems occur using symbolic links, turn FollowSymLinks off * increase the number of spare servers etc (prefork). jobst On Tue, Apr 20, 2010 at 08:59:57AM -0400, Rob Kampen (rkam...@kampensonline.com) wrote: On Apr 20, 2010, at 8:28 AM, Roland RoLaNd r_o_l_a_...@hotmail.com wrote: hello, i'm using an apache server to host 8 virtual hosts. even though this server is local.. 7 out of these 8 virtual hosts open extremly slow.. it takes around 10 seconds to open a page.. though the 8th (which is a completely different site) it opens fairly fast in around 1 or 2 seconds tops.. i tried tailing the error_log and i found nothing .. is there a way i could monitor wht each branch is doing and what's causing it to be so slow? any suggestion ? Check DNS resolution for all the domains Hotmail: Trusted email with Microsoft???s powerful SPAM protection. Sign up now. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- My Carpenter has a 1956 VW Beetle. He still can go to any place in Australia, use any Oil, spark plugs, pertol, tires, wiper blades, etc available today with a car that old. If only software would be like that. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.x and Fedora
On Mon, Apr 19, 2010 at 09:28:36AM -0700, Ian Kaufman (i...@mac.com) wrote: ... and because some package is provided in the MAIN repository I don't think you understand how Red Hat (and thus CentOS) package things. I actually do and is one of the reasons why I use it (if you read my last email carefully, you would have noticed this fact). The version of Amanda in RHEL 5.4 and CentOS 5.4 is indeed 2.5.0p2-8 (the -8 is important) and is not yet 6 months old, much less 5 years old. When Red Hat packages RPMs, they often times back port security patches and bugfixes. As to why it crashed you server, I can bet that there are other config and software changes you have added by hand that may have caused a problem. We have a few CentOS 5.4 systems running the standard amanda packages without any problems. It is rather strange (and sad) what people assume and how you argue a case. You have no idea who I am, what my knowledge is, what I have learned, my degrees, my setup, my skill set ... nothing. You do not even know what I backup, what machines, how many and the variety. You simply assume: I can bet that there are other config and software changes you have added by hand that may have caused a problem. After I upgraded amanda, it hasn't fallen over at all with the same software on machine. I actually know the reason why it fell over, which is why I have chosen amanda-2.6.0p2 and NOT the latest version. The changes made to (the core of) amanda made my life easier, my environment more stable and my users happy, which is what I am paid for. BTW: I have been using Red Hat based software since Hurricane running with samba fully employed at the place where I work half a year later and amanda since late 1.9 and early 2.x versions. Jobst -- It took the power of 3 Commodore 64's to go to the moon, but it takes a 2GHz Pentium 4 to run XP... Something is desperately wrong here! | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
