Re: [CentOS] USB audio on Centos-7
Most of the useful audacity stuff is in their wiki: http://wiki.audacityteam.org/wiki/USB_mic_on_Linux seems like a good place to start. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB audio on Centos-7
> (and a possibly separate issue: how the heck does one point Audacity > to a USB input? Can't find anything in its UI, and there's darn little > help online that is actually helpful, in this regard.) Not sure about the other stuff but my USB dock's mic input shows up in Audacity on Fedora 26 under the second drop down on the last row (next to the little microphone icon). In the passed I've had most luck with pavucontrol, since it was the only one I could find that would allow me to turn on monitoring. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 Install
On Sat, Aug 19, 2017 at 1:36 AM, Yan Liwrote: > After this call, I need to schedule a meeting with a partner in London > so I pressed the start key and typed in "london". Tracker showed the > current time and I could press enter to see the weather in London. Now that's a neat trick. Thanks for sharing. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 Install
> > A more interesting question would be: Where would one go to completely > STOP these files from being created / cached / logged / stored etc? > In Gnome 3. 1. Got o Settings 2. Select Search 3. Un-check all the things you don't want to be tracked or just turn search off. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?
I have a Dell XPS 13 (9360) with Fedora 26 installed. Very happy with it. UEFI boot from flash drive works out of the box. For install I needed to change the drive settings in the BIOS from the default of RAID (what ever that means on a laptop) to AHCI. No need to turn off secure boot. If you want to use a DisplayLink USB display adaptor like the D3100 (commonly sold with this laptop), you might want to checkout https://github.com/displaylink-rpm. This will require either you to turn off secure boot or to sign the displaylink modules after they are installed. Signing is not that hard, but is a extra step that you have to look after. Cheers, Kal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 speedstep CPU support
On Fri, May 12, 2017 at 8:18 AM, kenwrote: > Currently I don't actually need more speed. This is already a fairly peppy > laptop... like right now the load is about 2%. If it was any lower, I could > almost turn this machine off and still run everything. :) Ah but > seriously, I'd rather have the speed cranked down and save the battery. > That's the one weak spot: this gal can drain a battery faster than a dog can > down a bag of cookies. Still, I'd like to have control in gnome over cpu > speed again. I think all that stuff is controlled by 'tuned' now. There is gtk app tuned-gtk to help setting and switching profiles. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Laptop turns off after lid closed Centos6
At a guess that's the Automatic Suspend option. In the GUI. Go to Settings. Then Power. Scroll to the bottom. Click on 'Automatic Suspend'. You get a popup. Make sure "Plugged In" is set to off. There is probably a corresponding gsettings option that you could hunt down. Hope this helps. On Fri, Mar 3, 2017 at 2:46 AM, davidwrote: > At 07:16 AM 3/2/2017, Leon Fauster wrote: >> >> > Am 02.03.2017 um 16:08 schrieb david : >> > >> > Folks >> > >> > I have a laptop which i am using temporarily as a test server. It is >> > permanently plugged in. It is running Centos 6, command line only. In the >> > past, I could close the lid, thereby turning off the display, but not >> > turning off the machine. It remained running indefinitely. >> > >> > A recent update (this past week) changed that behavior. Now, when I >> > close the lid, the laptop turns itself off within an hour. >> > >> > A google search talks about tools like "upower" and apcitool, but a "yum >> > search" does not locate them. >> > >> > Is there a way to revert back to the previous behavior? >> >> >> Sure that no X11/Gnome stuff got onto the system? >> >> -- >> LF > > LF: > Yes, lots of stuff just in case I want to run a GUI for giggles. The gnome > stuff was present even with the earlier behavior. Is there some setting I > can adjust? > > David > > > > > > > > > > > > > > > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Kahlil (Kal) Hodgson GPG: C9A02289 Chief Technology Officer (m) +61 (0) 4 2573 0382 Direct Pricing Exchange Pty Ltd Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network conections problems
Yup, my guess is that someone has plugged in another device into your network and that device has a ip address 192.168.41.4 statically assigned. Or someone has reconfigured a device and set that address by accident. I had a UPS do this to me once. A quick lookup on the https://macvendors.com/ shows the offending mac address belongs to a device from Dell Inc. That may help you track down the offender. Hope this helps. On Thu, Feb 23, 2017 at 8:27 AM, Rommel Rodriguez Toirac <romme...@nauta.cu> wrote: > El 21 de febrero de 2017 7:00:03 GMT-05:00, centos-requ...@centos.org > escribió: >>Send CentOS mailing list submissions to >> centos@centos.org >> >> >>From: Kahlil Hodgson <kahlil.hodgson@dp.exchange> >>To: CentOS mailing list <centos@centos.org> >>Subject: Re: [CentOS] Network conections problems > >> >>First guess is that you may have two devices on the network with the >>same ip address. >> >>Next time this happens, try doing >> >>1. 'arp -n' from a machine other than the db server >>2. ping the other machine from the db server, then >>3. 'arp -n' from the other machine >> >>Compare the outputs of the two invocations of arp. If the outputs show >>different MAC addresses for 192.168.41.4 then you have two different >>devices with the same IP address. >> >> > I resolve the problem of network conection loose, but still a dude of how it > happend and how it can be fixe. > When I check with arping the MAC of sever change, for example > > rommel@p6:~$ arping 192.168.41.4 > ARPING 192.168.41.4 from 192.168.41.6 enp3s0 > Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B] 0.653ms > Unicast reply from 192.168.41.4 [6C:92:BF:26:C7:03] 0.683ms > Unicast reply from 192.168.41.4 [6C:92:BF:26:C7:03] 0.622ms > Unicast reply from 192.168.41.4 [6C:92:BF:26:C7:03] 0.631ms > ^CSent 3 probes (1 broadcast(s)) > Received 4 response(s) > > The first answer is with a MAC diferent to the others one. > But when I arping from the server inseft look the MAC associate to de IP > address: > > [root@pgtm ] arping 192.168.41.4 -I eth1 > ARPING 192.168.41.4 from 192.168.41.4 eth1 > Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B] 0.658ms > Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B] 0.654ms > Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B] 0.654ms > Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B] 0.662ms > Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B] 0.655ms > Sent 5 probes (1 broadcast(s)) > Received 5 response(s) > > Looking in the config of network device I can not find the MAC > 00:1D:09:FF:44:4B > > [root@pgtm ] ifconfig > eth0 Link encap:Ethernet HWaddr 6C:92:BF:26:C7:02 > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Memory:c722-c723 > > eth1 Link encap:Ethernet HWaddr 6C:92:BF:26:C7:03 > inet addr:192.168.41.4 Bcast:192.168.41.255 Mask:255.255.255.0 > inet6 addr: fe80::6e92:bfff:fe26:c703/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:95819 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1924 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:11728605 (11.1 MiB) TX bytes:263674 (257.4 KiB) > Memory:c720-c721 > > eth2 Link encap:Ethernet HWaddr 00:E0:ED:33:4E:9C > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Memory:c712-c713 > > eth3 Link encap:Ethernet HWaddr 00:E0:ED:33:4E:9D > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Memory:c710-c711 > > loLink encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:249609 errors:0 dropped:0 overruns:0 frame:0 > TX packets:249609 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 >
Re: [CentOS] Network conections problems
First guess is that you may have two devices on the network with the same ip address. Next time this happens, try doing 1. 'arp -n' from a machine other than the db server 2. ping the other machine from the db server, then 3. 'arp -n' from the other machine Compare the outputs of the two invocations of arp. If the outputs show different MAC addresses for 192.168.41.4 then you have two different devices with the same IP address. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reliable way of having both LAN and WIFI on headless box
I'd be looking at your logs to see if there is any indication why the wifi does not come up during boot > sudo journalctrl -b# current boot > sudo journalctrl -b -1 # previous boot Kal On Wed, Jan 11, 2017 at 7:59 AM, Eliezer Croitoruwrote: > NetworkManger should work pretty nice and good as required. > Just run the right cronjob every minute to make sure the connection is up or > down and find out if it's possible to reconnect. > NetworkManager is kind of does all you need automatically so you should not > do anything unless there is a technical issue. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Gary Stainburn > Sent: Tuesday, January 10, 2017 11:25 AM > To: CentOS mailing list > Subject: Re: [CentOS] Reliable way of having both LAN and WIFI on headless > box > > On Tuesday 10 January 2017 08:53:17 John R Pierce wrote: >> On 1/9/2017 7:11 PM, fred roller wrote: >> > On Mon, Jan 9, 2017 at 12:04 PM, Frank >> > Cox >> > >> > wrote: >> >> That sounds like a weak signal from your wifi transmitter. >> > >> > Or signal interference. Where is the antennae located on the server? >> > Ran into signal issues with antennae which were tucked behind the >> > server before. >> >> indeed, the back of a desktop or server system, sitting on the floor >> (or in a rack) surrounded by piles of cables, is the worst possible >> place for a 2.4GHz or 5.7GHz antenna > > The server is in a rack, but the dongle is plugged in the front and is 5m > from the HP Procurv AP that covers the whole of the first floor. > > A key point I thought I had included in the OP is that this is mostly a > problem on startup. It does sometimes drop off during use, but mainly the > problem is not being able to activate it on startup. > > I am a traditionalist and long for the days before NetworkManager when > networks were much simpler to admin, and much more stable. > > Is it possible to remove NetworkManager and go back to the good old days, > and still have WIFI work properly? > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Kahlil (Kal) Hodgson GPG: C9A02289 Chief Technology Officer (m) +61 (0) 4 2573 0382 Direct Pricing Exchange Pty Ltd Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .htaccess file
> There's nothing on the webserver except a test site I use. Just trying to > keep out the ones that ignore robots.txt If its just a test server, then I'd be tempted to use HTTP AUTH at the top level. Most robots will be blocked by that, and you can use iptables to block the ones that try to guess your password, perhaps with fail2ban. -- Kahlil (Kal) Hodgson GPG: C9A02289 Chief Technology Officer (m) +61 (0) 4 2573 0382 Direct Pricing Exchange Pty Ltd Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 : keyboard shortcut for mouse gesture?
Try the Windows key on a PC or the Command key on a Mac -- Kahlil (Kal) Hodgson GPG: C9A02289 Chief Technology Officer (m) +61 (0) 4 2573 0382 Direct Pricing Exchange Pty Ltd Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I need glibc 2.19+ for 32 bit CentOS 6.8 or CentOS7
On Thu, Aug 25, 2016 at 9:44 AM, John R Piercewrote: > On 8/24/2016 4:22 PM, Kay Schenk wrote: >> >> Due to a proposed changeover to build machines for a project I'm >> involved with, I need at least glib 2.19. Right now I have glib 2.12, >> and even on CentOS7-32 bit, what I see is glib 2.14. Is a higher glib >> available anywhere that might work with my current 6.8. I see I can >> download it from SourceForge but I am wondering what the results might me. > > > whats the target OS for the builds from these build machines ? > > to change the default libc would require rebuilding (and retesting) the > whole OS. I believe glib is just the Gnome utility libraries, unlike glibc which has the core C runtime libraries. Upgrading glib is probably less dire, though it -- Kahlil (Kal) Hodgson GPG: C9A02289 Chief Technology Officer (m) +61 (0) 4 2573 0382 Direct Pricing Exchange Pty Ltd Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] script to make webpage snapshot
I have some some angularjs sites that I test with protractor and a chrome webdriver. I read in the docs at some point that I could take and save screenshots if I wanted. You may be able to write a simple nodejs script to kick of the webdriver and take the screenhsot. Or someone may have already writen one :-) https://www.seleniumeasy.com/selenium-tutorials/take-screenshot-with-selenium-webdriver ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/PHP Installation - opinions
If you need more recent versions checkout softwarecollections.org. It has more recent rebuilds of the big package suites that install under /opt and don't collide with the system installed packages. There is a CentOS specific channel in there somewhere. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
If your script is failing, I would normally expect it to output some error messages. Cron will email this to root by default. Maybe check /var/spool/mail/root? Or set MAILTO="youremail address" at the top of your cron script. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
On 23 April 2016 at 10:25, Marcin Trendotawrote: > Anything interesting in the logs? > > > > sudo journalctl -xf _SYSTEMD_UNIT=crond.service > > Don't know. > > [root@kohrin cron.d]# sudo journalctl -xf _SYSTEMD_UNIT=crond.service > ... > (/etc/cron.d/osticket-cron) > kwi 22 23:28:01 vz471 crond[30534]: (*system*) RELOAD > (/etc/cron.d/osticket-cron) > kwi 22 23:30:01 vz471 crond[30534]: (*system*) RELOAD > (/etc/cron.d/osticket-cron) > kwi 22 23:32:01 vz471 crond[30534]: (*system*) RELOAD > (/etc/cron.d/osticket-cron) > kwi 22 23:34:01 vz471 crond[30534]: (*system*) RELOAD > (/etc/cron.d/osticket-cron) > That shows cron triggering your script once every 2 minutes, which makes _maybe_ makes sense with '*/1'. So nothing wrong with you cron line, so its probably something in your environment. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
Anything interesting in the logs? sudo journalctl -xf _SYSTEMD_UNIT=crond.service ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to force outbound ssh through one network card
I did this once more than 10 years ago. If I was to do it again, I would probably get shorewall to do most of the heavy lifting: http://shorewall.net/MultiISP.html ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Just need to vent
I personally love Gnome3 on Fedora. It took me about a week to adjust my mindset though -- I did that over a Xmas break. It did help that I read the release notes first (so I was not surprised at the major change) and went through the tutorial the developers provided. An interesting exercise re-examining and critiquing old workflows and exploring alternatives. It works really well on the smallish laptop that I use while commuting and which I plug into a couple of monitors when I get to work. Its great the way it frees up screen real estate and encourages me to focus on "what I am doing" rather than distracting me with "things I might want to do". Reading the release notes before installing an OS is a really good idea. Fedora and RedHat do a really good job with their release notes. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Starting stunnel on boot with CentOS7
Apologies. My bad. The service file was copied across from F22. # Service file from Fedora 22 [Unit] Description=SSL tunnel for network daemons After=syslog.target network.target [Service] ExecStart=/usr/bin/stunnel Type=forking PrivateTmp=true [Install] WantedBy=multi-user.target ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Starting stunnel on boot with CentOS7
On my CenOS7 system with stunnel from base stunnel-4.56-4.el7.x86_64 there's a systemd service file /etc/systemd/system/stunnel.service try sudo systemctl enable stunnel.service Hope this helps, K al ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Poor perfmance of bridged interfaces
If you really need two bridges on the same LAN you will need to turn on STP and give your interfaces a delay of say 10 seconds on start up. Sorry, cant remember options to do that. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 On 13 November 2015 at 08:09, Alexander Dallozwrote: > Am 12.11.2015 um 19:42 schrieb Sergio Belkin: > >> [root@localhost ~]# uname -a >> Linux localhost 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 >> x86_64 x86_64 x86_64 GNU/Linux >> > > First of all: yum update to current! > > Alexander > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH login between servers still asking for password, why?
First thought is that you may have a file permission issue on the target -- possibly selinux contexts. Have a look in /var/log/secure on the target server and it will tell you what the culprit is. I tend to use ssh-copy-id because this always ensures you've got your permissions right. Kal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem on exceptional quit
Can you trigger the error reliably by doing something network intenstive, like scp or rsync a large file? I've seen similar behaviour with a bad NIC that was in the process of dying. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can one construct an IPTables rule to block on NS records?
Taking a stab at you meaning "block all IPs that reverse resolve to a name managed by secureserver.net" because their servers keep scanning you. You could craft a fail2ban recipe to reverse resolve the IP address (after a some threshold of rejected packets) then block that IP if it ' secureserver.net' is the authority for the PTR record. K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925 On 7 October 2015 at 04:36, John R Piercewrote: > On 10/6/2015 6:34 AM, Leon Fauster wrote: > >> --On Monday, October 05, 2015 10:46 AM -0400 "James B. Byrne"< >> byrn...@harte-lyne.ca> wrote: >> >> >So, is there any convenient way to construct an IPTables rule to block >>> >all IPs associated with a given Domain Name server? >>> >> IPs have the reversed lookup "assosiated" with a NS. >> >> What do you mean with "associated"? >> Do mean all IPs that this DNS server resolves to >> (A-Records in zone) (how do know for what zone >> the NS gives authoritative answers)? >> >> Or just the domain name server IPs of a given >> domain name (NS records)? >> >> What are you trying to solve? >> > > I wondered much the same.most NS servers won't allow you to do a zone > transfer to find all the A/ records in a given domain. doing a reverse > DNS lookup on every incoming/outgoing socket connection would be beyond > painful, it would bring your network to its knees as the reverse DNS zones > are often broken. > > > > -- > john r pierce, recycling bits in santa cruz > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can one construct an IPTables rule to block on NS records?
On 6 October 2015 at 00:46, James B. Byrnewrote: > So, is there any convenient way to construct an IPTables rule to block > all IPs associated with a given Domain Name server? > You can use ipsets to block a large collection of IP addresses with netfilter. I block various problematic countries that way. The problem is getting _all_ the IP addresses associated with a DNS server. I don't think that is going to be easy/possible, unless that DNS sever has been badly misconfigured. K ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.1 doesn't seem to have a functional default pdf reader installed (interesting)
evince is the PDF reader for Gnome ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting NFS file systems via Nautilus on CentOS 6
Looks like Nautilus is periodically 'stat'-ing the bookmark location. How about making a softlink to the target dir in your home directory, then bookmarking the link in nautilus. Hopefully Nautilus will stat the link and not the target then. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installing Centos Server Problems
Did you shrink your windows installation to make way for the new OS first? Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 8 July 2015 at 13:44, michael wright michael_j@hotmail.com wrote: Hi Can some one help me please. I am trying to install Centos 7.0 server but every time I install centos I keep loosing my windows 7 ? I have a 2TB Hard-Drive, Window 7 64 bit Operating System with Intel Core i5 2300 Processor when I reboot I loose windows and I have no dual-boot can anybody help me please this is the 7 time I have tried this and still fail Michael Wright ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dual-booting - Re: installing Cents os server 7.0
IMHO dual booting, although interesting, is a dying technology. A necessary hack from less civilised times. The modern approach is to choose the OS that personally gives you the most comfort (legal, physical, moral, aesthetic, financial, ...) and use virtualization to boot any other OS you may need. Investing time in improving the UX for dual-booting may be fun or satisfy the soul, but it seems inappropriate to suggest its an important issue that must be resolved. Personally I'd choose investing my time in improving virtualization. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dual-booting - Re: installing Cents os server 7.0
Wow. So many _passionate_ words. Still have no idea what Chris is really going on about. This seems to be running in two threads in Gmail, which makes it even more confusing. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CPAN issues
From what I can see there you are running cpan as root and installing it under a local lib /root/perl5. The new cpan executable is is under /root/perl5/bin/. Thats probably not in your path? Also the modules under /root/perl5/lib/perl5 are probably not in your module search path. There is a lot of what your are doing here that is either unsafe or unwise. Before we go into that, could we step back a bit and discus your environment and what you are trying to achieve. Specifically, why you feel the need to upgrade CPAN at a system level? There may be a better way to solve the underlying issue. Cheers, K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CPAN issues
CPAN is a core module which can be tricky to update on the RedHat based systems. Suggest investigating: local::lib App::cpanminus Pinto If you need a newer Perl, check out www.softwarecollections.org. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Old and new package version numbers during RPM update
On 29 June 2015 at 07:37, John R Pierce pie...@hogranch.com wrote: so a regex looking for system: vs system { should nicely delineate these. I dunno, I might even put that into the conversion utility and have it just quit if the file is already in the new format, and always run it. +1 for the idempotent approach. IMHO much more robust. Also consider what will happen if someone does a 'yum downgrade' on the package or a dependency -- you might want to allow the conversion to go both ways or at least complain appropriately. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Many troubles in CentOS 6 since the last update of GLibc-2.12-1.149.el6
Have you rebooted since the update? If not, try that and see if it helps. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] off topic - need help registering to the smplayer forum
Just keep clicking on the little refresh button to the right of the image until you get one that you can easily decipher. Just tried this and 5/10 were ok. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 13 June 2015 at 12:40, jd1008 jd1...@gmail.com wrote: Hi All, smplayer has no mailing list. I tried to register at http://forum.smplayer.info/ucp.php?mode=register but the capchas are so incredibly impossible to discern that I gave up after 5 tries. I tried the audio option, but the audio option plays so garbled it is impossible to understand. My audio is great. I play youtube vids with great clarity. So I am hoping someone who is on that forum to inform the registration web page's designer to do something about this problem. Thanx to all who show some info on how to get this done. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Project Management Software
You could try 'planner' rizo:~ yum info planner Loaded plugins: changelog, presto Available Packages Name: planner Arch: i686 Version : 0.14.4 Release : 10.el6 Size: 3.1 M Repo: base Summary : A graphical project management tool URL : http://live.gnome.org/Planner License : GPLv2+ Description : Planner is a visual project management application which allows users to : manage several aspects of a project, including schedule tracking using : Gantt charts. : : You should install Planner if you wish to manage schedules, allocate : resources, and track the progress of your projects. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 2 June 2015 at 02:32, Mike - st257 silvertip...@gmail.com wrote: On Fri, May 29, 2015 at 10:26 PM, H age...@meddatainc.com wrote: I have a need to use a project management software package under Centos 6.6 and have started looking at ProjectLibre which is a Java package. Unfortunately it seems to have shortcomings when it comes to following up projects and my current understanding is that it falls short of Microsoft Project 2010, i.e., a previous version. I have not used ProjectLibre, so I can't comment on its features. Does anyone have experience with this type of software and what would you recommend? Years back I used [what appears to have been] GanttProject. Worked fine for me, but I was only interested in creating Gantt charts and not so much comparing features to Microsoft Project (though I used MS Project briefly many moons ago). http://www.ganttproject.biz/ Hope that helps. -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Turning off wifi in CentOS 7
device names are all kernel and udev. nothing to do with network manager. if you want to get predictable interface names, set up udev rules appropriately. https://www.kernel.org/pub/linux/utils/kernel/hotplug/udev/udev.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to eth shuffling ...
another identical machine will have the same bus ids. that's why this works. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 15 May 2015 at 11:02, Ashley M. Kirchner ash...@pcraft.com wrote: Right, I understand that part. However I believe I'm now in the realm of making this specific to this machine as I have no guarantee that another identical machine will pop up with those same bus IDs. Maybe for the internal ports, but I don't know if the same will happen for the PCIe bus. Would that be correct? On Thu, May 14, 2015 at 6:21 PM, Kahlil Hodgson kahlil.hodg...@dealmax.com.au wrote: So a 70-persistent-net.rules like # onboard port 1 - eth0 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:19.0, NAME=eth0 # PCIe card - eth2 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:03:00.0, NAME=eth2 # onboard port 2 - eth1 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:08:00.0, NAME=eth1 will do what you want. Note: I've just changed the ID and NAME values to match what you have and what you want. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 15 May 2015 at 10:12, Ashley M. Kirchner ash...@pcraft.com wrote: Actually, I know what the MAC is for the builtin Port1 and 2. Those are listed in the BIOS. But ultimately I don't want to rely on them as I want the same kickstart file to work for other machines, so hardcoding those in the kickstart file wouldn't quite work, unless I start writing multiple kickstart files, one per machine. Anyway, lspci reports this: 00:19.0 Ethernet controller: Intel Corporation 82566DM-2 Gigabit Network Connection (rev 02) 03:00.0 Ethernet controller: Intel Corporation 82572EI Gigabit Ethernet Controller (Copper) (rev 06) 08:00.0 Ethernet controller: Intel Corporation 82573V Gigabit Ethernet Controller (Copper) (rev 03) Now when I look at the enumeration from dmesg, I get this: e1000e :00:19.0: eth0: (PCI Express:2.5GT/s:Width x1) 00:1e:68:58:00:4c -- this is Port1 e1000e :03:00.0: eth1: (PCI Express:2.5GT/s:Width x1) 00:15:17:d3:43:62 -- PCIe Card e1000e :08:00.0: eth2: (PCI Express:2.5GT/s:Width x1) 00:1e:68:58:00:4d -- this is Port2 So this is how it gets enumerated for some reason. But during the machine's POST, it always brings up the PXE boot order as Port1, Port2, and finally the PCIe card, which is the correct order that I want it in. It also only has one single expansion slot so it's not like I can try a different one to see if it makes a difference, unfortunately. On Thu, May 14, 2015 at 5:47 PM, Kahlil Hodgson kahlil.hodg...@dealmax.com.au wrote: On 15 May 2015 at 03:51, Ashley M. Kirchner ash...@pcraft.com wrote: After the machine boots and I look in /root/ksnet-devices, I see the MAC addresses for the devices as: Port1 - eth0 PCIe Card- eth1 Port2 - eth2 And yet, during the machine's POST (which can verify by the PXE boot up of each device), it correctly enumerates the ethernet devices as: Port1 Port2 PCIe card So where and why is the order changed when the kernel kicks in and start booting the machine? And how can I stop it, or change its behavior? I'm not seeing any 'renaming' going on in dmesg like I sometimes find. So something is causing this and I can't figure it out. Yeah, my understanding is that the kernel does not really trust all the information that the BIOS tells it and probes for the network devices itself. I'm thinking, since you are using kickstart and PXE boot, you're not going to know the HWADDR for your NICs before hand, but you probably do have a predictable pci bus layout. So grab pciutils package and run: lspci | grep Ethernet I get something like 00:0a.0 Ethernet controller: NVIDIA Corporation MCP67 Ethernet (rev a2
Re: [CentOS] Back to eth shuffling ...
apologies. just realised I was top posting again. damn this email client :-( ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to eth shuffling ...
On 15 May 2015 at 03:51, Ashley M. Kirchner ash...@pcraft.com wrote: After the machine boots and I look in /root/ksnet-devices, I see the MAC addresses for the devices as: Port1 - eth0 PCIe Card- eth1 Port2 - eth2 And yet, during the machine's POST (which can verify by the PXE boot up of each device), it correctly enumerates the ethernet devices as: Port1 Port2 PCIe card So where and why is the order changed when the kernel kicks in and start booting the machine? And how can I stop it, or change its behavior? I'm not seeing any 'renaming' going on in dmesg like I sometimes find. So something is causing this and I can't figure it out. Yeah, my understanding is that the kernel does not really trust all the information that the BIOS tells it and probes for the network devices itself. I'm thinking, since you are using kickstart and PXE boot, you're not going to know the HWADDR for your NICs before hand, but you probably do have a predictable pci bus layout. So grab pciutils package and run: lspci | grep Ethernet I get something like 00:0a.0 Ethernet controller: NVIDIA Corporation MCP67 Ethernet (rev a2) 01:06.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet Controller (rev 05) 01:07.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet Controller (rev 05) The first number is the bus id which is going to be consistent across machines with the same mainboard and nic layout. So I can make a persistent-net.rules file like: ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:0a.0, NAME=eth0 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:06.0, NAME=eth1 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:07.0, NAME=eth2 Hope this helps. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to eth shuffling ...
So a 70-persistent-net.rules like # onboard port 1 - eth0 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:19.0, NAME=eth0 # PCIe card - eth2 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:03:00.0, NAME=eth2 # onboard port 2 - eth1 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:08:00.0, NAME=eth1 will do what you want. Note: I've just changed the ID and NAME values to match what you have and what you want. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 15 May 2015 at 10:12, Ashley M. Kirchner ash...@pcraft.com wrote: Actually, I know what the MAC is for the builtin Port1 and 2. Those are listed in the BIOS. But ultimately I don't want to rely on them as I want the same kickstart file to work for other machines, so hardcoding those in the kickstart file wouldn't quite work, unless I start writing multiple kickstart files, one per machine. Anyway, lspci reports this: 00:19.0 Ethernet controller: Intel Corporation 82566DM-2 Gigabit Network Connection (rev 02) 03:00.0 Ethernet controller: Intel Corporation 82572EI Gigabit Ethernet Controller (Copper) (rev 06) 08:00.0 Ethernet controller: Intel Corporation 82573V Gigabit Ethernet Controller (Copper) (rev 03) Now when I look at the enumeration from dmesg, I get this: e1000e :00:19.0: eth0: (PCI Express:2.5GT/s:Width x1) 00:1e:68:58:00:4c -- this is Port1 e1000e :03:00.0: eth1: (PCI Express:2.5GT/s:Width x1) 00:15:17:d3:43:62 -- PCIe Card e1000e :08:00.0: eth2: (PCI Express:2.5GT/s:Width x1) 00:1e:68:58:00:4d -- this is Port2 So this is how it gets enumerated for some reason. But during the machine's POST, it always brings up the PXE boot order as Port1, Port2, and finally the PCIe card, which is the correct order that I want it in. It also only has one single expansion slot so it's not like I can try a different one to see if it makes a difference, unfortunately. On Thu, May 14, 2015 at 5:47 PM, Kahlil Hodgson kahlil.hodg...@dealmax.com.au wrote: On 15 May 2015 at 03:51, Ashley M. Kirchner ash...@pcraft.com wrote: After the machine boots and I look in /root/ksnet-devices, I see the MAC addresses for the devices as: Port1 - eth0 PCIe Card- eth1 Port2 - eth2 And yet, during the machine's POST (which can verify by the PXE boot up of each device), it correctly enumerates the ethernet devices as: Port1 Port2 PCIe card So where and why is the order changed when the kernel kicks in and start booting the machine? And how can I stop it, or change its behavior? I'm not seeing any 'renaming' going on in dmesg like I sometimes find. So something is causing this and I can't figure it out. Yeah, my understanding is that the kernel does not really trust all the information that the BIOS tells it and probes for the network devices itself. I'm thinking, since you are using kickstart and PXE boot, you're not going to know the HWADDR for your NICs before hand, but you probably do have a predictable pci bus layout. So grab pciutils package and run: lspci | grep Ethernet I get something like 00:0a.0 Ethernet controller: NVIDIA Corporation MCP67 Ethernet (rev a2) 01:06.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet Controller (rev 05) 01:07.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet Controller (rev 05) The first number is the bus id which is going to be consistent across machines with the same mainboard and nic layout. So I can make a persistent-net.rules file like: ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:0a.0, NAME=eth0 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:06.0, NAME=eth1 ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:07.0, NAME=eth2 Hope this helps. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to eth shuffling ...
Have you tried having kickstart set up a more appropriate /etc/udev/rules/70-persistent-net.rules? This is normally written by /lib/udev/write_net_rules. You should be able to modify the automatically generated one to match what you need. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Laptop for CentOS
I would avoid the Thinkpad X1 Carbon 2nd generation if I was you (I'm writing this on one). The 1st gen is much better (my wife has one) and I hear that the 3rd gen is too, but just stay away from the 2nd gen (so much grief). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Custom ISO based on kickstart
The fedora spins SIG https://fedoraproject.org/wiki/Spins_SIG?rd=SIGs/Spins created/assembled a whole bunch of tools for doing just that. I used such machinery to do pretty much the same as what you are a number of years ago. I think there was even graphical tool called 'revisor'. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Independent dual monitors on CentOS 7
With GNOME3, the secondary monitors do not have workspaces. That is useful for some workflows, but if you don't like it you can use gnome-tweak-tool to give workspaces to all monitors. Hope this helps. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum upgrade of an older 6.1
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.3 (Section 4. Major Changes) Matahari is now obsoleted, but in 6.1, had a dependency on qpid-cpp-server and qpid-cpp-client which wanted updates. A quick Google shows many others seeing this problem. I think if you run yum with the --obsoletes flag you may get more information. IMHO you need a human to decide when/if to remove the obsoleted packages and proceed with the update. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 7-Zip for CentOS X86-64
On 12 March 2015 at 10:39, Mark LaPierre marklap...@gmail.com wrote: Okay then, next question. How do you get it to work? I can't figure out the command to run it so I can't use man to get a clue. I tried p7zip, 7zip, etc... no luck. rpm -ql p7zip will list all the files associated with the package, including the executables and man pages. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Glibc sources?
apologies for last top post :-( ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Glibc sources?
Hi Andy, mock is part of EPEL and is almost certainly what you want to use. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty LtdGitHub: @tartansandal Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 11 March 2015 at 09:47, ANDY KENNEDY andy.kenn...@adtran.com wrote: Okay, thanks. I really don't need _EXACT_ match, but close. Again, my aim is to equip GlibC with some logging facilities IF anyone is using the gethostbyname(). Given the help from this list, I was able to rebuild GlibC for CentOS and am testing my stuff now. I appreciate your help on this matter. Not knowing where the knobs are was the hardest part. I have just about completed my testing. Again, thanks for the help! Andy Ughh!! I just realized that the app that I'm testing has parts that are linked against 32-Bit libraries. I have to test that as well. Ouch! This leads to the question: How do I tell rpmbuild to build the i686 version of the library in place of the x86_64? I've done some looking around on the web and I have found something about: setarch i686 mock -r something ... rebuild my.rpm Not being able to find the mock package for CentOS, I thought maybe: setarch i686 rpmbuild -ba glibc.spec would work. This ended with an error: enable-bind-now --with-tls --with-__thread --build i686-redhat-linux --host i686-redhat-linux --enable-multi-arch --enable-systemtap --disable-profile --enable-experimental-malloc --enable-nss-crypt checking build system type... i686-redhat-linux-gnu checking host system type... i686-redhat-linux-gnu checking for i686-redhat-linux-gcc... gcc checking for suffix of object files... configure: error: in `/home/akennedy/rpmbuild/BUILD/glibc-2.12-2-gc4ccff1/build-i686-linuxnptl': configure: error: cannot compute suffix of object files: cannot compile See `config.log' for more details. error: Bad exit status from /var/tmp/rpm-tmp.2d2i9G (%build) I have also looked through the glibc.spec file for something that would make me think that I could change the target variant. rpmbuild --target=i686 -ba glibc.spec gives the same output as the setarch i686 above. Again, any help on this would be greatly appreciated. Thanks, Andy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grsync for centos 7
On 6 March 2015 at 04:44, Francis Gerund ranr...@gmail.com wrote: But, Grsync does not seem to be in the centos 7 or EPEL 7 repositories (although it may have been around as late as centos 6). Is it now in any reputable repositories? Just to note, it does seem to be in the base for Fedora-21, so maybe it will come back in CentOS-8. Note sure why it seems to have been removed. Try posting on the EPEL list. You may be able to convince someone to add it there. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grsync for centos 7
On 6 March 2015 at 04:44, Francis Gerund ranr...@gmail.com wrote: But, Grsync does not seem to be in the centos 7 or EPEL 7 repositories (although it may have been around as late as centos 6). Is it now in any reputable repositories? Just to note, it does seem to be in the base for Fedora-21, so maybe it will come back in CentOS-8. Note sure why it seems to have been removed. Try posting on the EPEL list. You may be able to convince someone to add it there. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Glibc sources?
On 28 February 2015 at 05:49, ANDY KENNEDY andy.kenn...@adtran.com wrote: I'm tasked with reconstructing the CentOS version of the GlibC library for testing with gethostbyname(). My mission is to show that we are not affected by the latest exploit for the product we are shipping targeted for RHEL and CentOS. To do so, I want to equip gethostbyname() with additional code. I may be way out of line here, haven't had much coffee yet, but I wonder if systemtap could be used to achieve your goals less intrusively? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7: software RAID 5 array with 4 disks and no spares?
On 20 February 2015 at 05:25, Chris Murphy li...@colorremedies.com wrote: I'd say your mom is an admin in the sense that chickens fly and horses swim. It's a confusing analogy. Chickens don't fly. Horses do swim. I have a couple of chickens, and yes, the buggers do fly if you don't clip their flight feathers. :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Do I need these?
Probably OK to remove. The netcf-libs package is a dependency of, among other things, libvirtd. Perhaps you installed and removed some visualization related packages? If you are keen to remove unwanted packages, have a look at the 'package-cleanup' command and the '--leaves' option. Hope this helps. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why the command 'service ntpd stop' cause the time reversed?
I've seen situations where people have put ntpdate in a cronjob to get around issues with big time jumps at boot or dodgy clocks under virtualization. There are much better solutions to this problem, so let us know if this is the case for you. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 10 February 2015 at 16:39, Pete Travis li...@petetravis.com wrote: Officially, no, the Fedora Documentation bz product isn't there for Red Hat guides. If you want to file a bug against a RHEL guide, choose your version of RHEL then look for the guide's component - these days, they all start with doc-, which should make the search easy. Thanks for the heads up. Was not aware of the 'doc-' prefix. Unofficially, there's a nonzero chance that your bug will find a writer that plays in both spaces, or that we'll be able reassign the bug to the correct component for you. But please, don't make work for Fedora volunteers when there are people standing by getting paid to handle your bugs :) As previously noted, the authors of both documents are the same, and appear to be RedHat employees. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 10 February 2015 at 09:53, PatrickD Garvey patrickdgarv...@gmail.com wrote: I'd like to know how a member of the CentOS project submits improvements to something in the RedHat documentation. Can you provide guidance in that regard? I think you can simply submit a bug report under fedora documentation. Note, the Fedora Systems Administration Guide seems to have been written by the same RedHat engineers https://docs.fedoraproject.org/en-US/Fedora/21/html/System_Administrators_Guide/index.html Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 10 February 2015 at 10:08, Kahlil Hodgson kahlil.hodg...@dealmax.com.au wrote: I think you can simply submit a bug report under fedora documentation. Via bugzilla: https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 10 February 2015 at 10:15, PatrickD Garvey patrickdgarv...@gmail.com wrote: Please allow me to make sure I am perceiving this correctly, reports of errors found in RedHat documentation are to be reported against the Fedora Documentation product type in the RedHat bugzilla? and reports of errors found in Fedora documentation are, also, to be reported against the Fedora Documentation product type in the RedHat bugzilla? I don't know officially, but I'm making a guess that, since the two documents are clearly related and have the same authors, if you see the same error in the Fedora document and you report it, it will probably get fixed in both. The Fedora document explicitly solicits bug reports, but I don't see the same in the RedHat one. Worth a shot don't you think? Maybe submit a small bug report and see what the response is like? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 6 February 2015 at 10:23, Always Learning cen...@u64.u22.net wrote: Logically ? 1. to change the permissions on shadow from -rw-x-- or from -- to -rw-r--r-- requires root permissions ? 2. if so, then what is the advantage of changing those permissions when the entity possessing root authority can already read shadow - that entity requires neither group nor user permissions to read shadow. The concept in play here is privilege escalation. An exploit may not give you all that root can do, but may be limited to, say, tricking the system to change file permission. From there an attacker could use that and other exploits to escalate privileges. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 5 February 2015 at 10:53, Always Learning cen...@u64.u22.net wrote: On C6, the default is:- -- 1 root root 854 Mar 13 2014 shadow Even better if you have SElinux enabled --. root root system_u:object_r:shadow_t:s0/etc/shadow ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
I just had a peek at the anaconda source for Fedora 21. Apparently you can waive the password strength tests (and the non-ASCII tests) by simply clicking Done twice. def _checkPasswordASCII(self, inputcheck): Set an error message if the password contains non-ASCII characters. Like the password strength check, this check can be bypassed by pressing Done twice. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 5 February 2015 at 09:16, Lamar Owen lo...@pari.edu wrote: On 02/04/2015 04:55 PM, Warren Young wrote: Unless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don’t need to crack your passwords now. You’re already boned. Not exactly. There have been remotely exploitable vulnerabilities where an arbitrary file could be read (not written), but otherwise root access wasn't given by the exploit; that is, no shellcode per se. If you can somehow (buffer overflow shellcode or something similar) get, say, httpd to return a copy of /etc/shadow in a GET request, well, you don't have root, but you do have the hashed passwords. It doesn't take an interactive root session, and may not even leave a trace of the activity depending upon the particular bug being exploited. Now, I have seen this happen, on a system in the wild, where the very first thing the attacker did was grab a copy of /etc/shadow, even with an interactive reverse shell and root access being had. So even when you recover your system from the compromise you have the risk of all those passwords being known, and unfortunately people have a habit of using the same password on more than one system. Further, lists of usernames and passwords have market value. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 5 February 2015 at 10:36, Warren Young w...@etr-usa.com wrote: When the hashes are properly salted, the only option is brute force. All having /etc/shadow does for you is let you make billions of guesses per second instead of 5 guesses per minute, as you get with proper throttling on remote login avenues. Kinda highlights that 'time' is important here. Booting into a fresh system and then running updates and hardening your system can take a few minutes. There may be an appreciable difference between having a password that can be cracked in 1 second and one that takes an hour. (Yes, infrastructure can help mitigate this risk). I'm thinking of someone with limited infrastructure installing a system under time pressure. They might be tempted to use a very weak password initially with the expectation that they would get back to hardening the system later. If they are regularly under time pressure, that may never actually happen, or may be delayed for hours/days. An 8 character password might just nudge the probabilities in your favour and protect against a drive by attack. Does that sound like a reasonable case to protect against? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 5 February 2015 at 12:09, Scott Robbins scot...@nyc.rr.com wrote: On Thu, Feb 05, 2015 at 09:56:30AM +1100, Kahlil Hodgson wrote: I just had a peek at the anaconda source for Fedora 21. Apparently you can waive the password strength tests (and the non-ASCII tests) by simply clicking Done twice. That's correct for Fedora 21. The inability to waive the requirement will show up in the new Anaconda. Thanks for the heads up. At least we know it can be easily reinstate it via an updates.img -- for those testing installers in sandboxed environments. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
While this discussion has been very interesting, I would like to encourage participants to be very careful about disclosing the specifics their own security efforts. While is good to discuss the pros and cons of strategies, disclosing the details of the exact strategies that you use, no matter how good they are, is a bad idea. This is typically hard information for an attacker to acquire and they would run the risk of generating too much noise if they were to try to acquire it. A somewhat subtle trap is to disclose information about time, e.g., when you last changed a password on a system. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 4 February 2015 at 14:36, Always Learning cen...@u64.u22.net wrote: Thinking about you systems from a penetration testing perspective can be helpful. For example, Always Learning has just told us that he uses single character root passwords on his testing machines, that he is testing 7 days a week and does not turn off his test machines. Yes single character. Writing and testing usually 7 days weekly. Turn off everything when not in use including test machines. No connection to the Internet. Sorry. Must have misunderstood your earlier comments. Sounds like a fairly specialized work-flow. You might want to consider using an updates.img that removes the password strength requirements (see http://fedoraproject.org/wiki/Anaconda/Updates). The anaconda installer is fairly straight forward Python code. I haven't got a copy on me at the moment, but at a guess, all you need to do is track down the relevant lines and comment them out. Hope this helps. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 4 February 2015 at 02:17, James B. Byrne byrn...@harte-lyne.ca wrote: I think it well to recall that the change which instigated this tempest was not to the network operations of a RHEL based system but to the 'INSTALLER' process, Anaconda. Now, I might be off base on this but really, ask yourself: Who exactly uses an installer program? And what is the threat model being addressed by requiring that the installer set a suitably strong password for root? For what purpose? Because RHEL sets the sshd on and allows root access over ssh via password by default? Then is not the correct approach to disable that access instead? Good points. Consider a user who installs RHEL with a poor root password and reboots while connected to the internet. At that point they are potentially vulnerable. How long will it take for them to get around to improving the password? Probably a long time, unless they are security conscious, in which case they probably would have opted for a strong password from the start. Not allowing root ssh access immediately after an install is a much bigger imposition. You would have to insist that there was a second user on the system with a strong password. I think that is a good idea too, by the way. Requiring a strong root password really is a small imposition, unless you are doing a lot of manual installs and in which case you should look into automation. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 3 February 2015 at 12:09, Always Learning cen...@u64.u22.net wrote: As for security, the cess pit is weak security not on Linux, BSDs and others etc. but on M$. It seems to be incredibly easy for one malicious person to launch attacks from machines they control all over the world - and those machines just happen to be running M$. Breaking into M$ machines seems to be t-o-o easy so I suspect it is not password weaknesses that are being exploited ! This is not correct and a dangerous assumption to make about real and current threats. Your security practice, as you have described it, is poor. If you have been compromised, you may not be aware of it. A compromise of your systems weakens the whole community. Kal Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 3 February 2015 at 10:31, Always Learning cen...@u64.u22.net wrote: If testing then a one character password is very acceptable to me. Why should some arrogant nutter impose an arduous ultra secure password when a simple one character password will suffice ? Who knows the machine, the deploying environment and the circumstances better ? The user or some anonymous and arrogant nutter perhaps many thousands of miles (or kilometers) away ? I know its hard to believe, but you are not the only one using this OS. There are a broad range of users with a broad range of experience using the OS in a broad range scenarios. One important group is new users with limited experience and knowledge about security. This is an important group to protect. More experienced users understand this and put up with, or work around, the occasional inconvenience. This is not arrogance, this is about being a responsible member of a community. It is important for all of us to encourage (and discuss) good security practices, as well as discourage (and refute) poor practices. Ultimately, this make our community a safer place. It is my, perhaps naive, hope that members of our community are Always Learning about good security practices and emerging threats to the OS. The root password is close to, if not actually, our last line of defense (SELinux helps us here by the way). Using a one character password is problematic if you are connected to the internet, for example, if you are _testing_ the OS and want to run updates after the install. This is problematic since, by default, new installs typically allows SSH access and root logins over SSH. Yes, firewalls help, but they need to be configured correctly, and there are subtle tricks that sophisticated attackers can exploit to subvert poorly configured firewalls. If you really want to do this, I'd suggest running your test system in some kind of DMZ to prevent any exploit cascading into the rest of your network. It may just be easier to pick a good but easy to type root password that you use for all your test machines. Also, its a good idea to make sure you always turn off your test machines when not in use, and to disable them once you are finished testing (so they can't be accidentally turned on in the future). Hope this helps. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 3 February 2015 at 13:34, PatrickD Garvey patrickdgarv...@gmail.com wrote: Now how about some specific sources you personally used to learn your craft that we can use likewise? So many places it makes my brain hurt just thinking about it. Google and Wikipedia will keep you busy for a long while. Off the top of my head: There are some online Security Handbooks around (I think RedHat publish one) which lay some of the basic ground work. SANS (http://www.sans.org/) and OWASP (https://www.owasp.org/) have some good resources. If you are cashed up, you can even do courses with SANS. Reading about the security infrastructure that you are already using is a good idea, often accessible via mysterious things called man pages. I learned a lot simply by reading about pam, iptables, and selinux. Thinking about you systems from a penetration testing perspective can be helpful. For example, Always Learning has just told us that he uses single character root passwords on his testing machines, that he is testing 7 days a week and does not turn off his test machines. A pen tester or cracker could use that information to formulate a potentially successful attack strategy. Google free penetration testing tools. Only use the tools if you own the network or have written permission. Just reading about the tools can give you some insight into attack strategies that you should be defending against. Please don't try to attack Always Learning. Download and unpack a copy of rkhunter. Have a look inside. Its just a bunch of bash scripts. Good insight into some surprisingly simple historical attacks. Google linux security hardening. There are a lot of resources out there. The hard part is sifting out the gold from the crap. Sorry can help much there. There are many other people on this list who have a much better grasp on this stuff than me. Hope they chime in. Hope this helps, Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Another Fedora decision
On 3 February 2015 at 12:58, Always Learning cen...@u64.u22.net wrote: If you really want to do this, I'd suggest running your test system in some kind of DMZ to prevent any exploit cascading into the rest of your network. Not really sure what a (USA military) DMZ looks like. Security has always been my highest priority. When in doubt, lock 'em out is my motto. A DMZ in this context is a network that has been isolated from the rest of your local network. You can access it from your local network, it can access the rest of the world, but it can't access your network. The idea is that, if a machine in the DMZ is compromised, it can only access other machines in the DMZ. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How To Record Sound Being Played
I've used Audacity in the past to do similar. Their website has a howto section covering the details. Kal Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 28 January 2015 at 13:32, Mark LaPierre marklap...@gmail.com wrote: Hey all, I've installed MuseScore on my C6.6 machine. MuseScore is able to generate a midi sounding playback through the speakers of the active score. I want to capture that sound directly to a file without using a microphone. I want to send individual sound files to each of the members of my quartet with their part only. Does anyone know how I can capture sound directly to a file? Is there an app for that? ;-) -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Design changes are done in Fedora
Just to note: Fedora has been upstream for RHEL for many years. New features are tested in Fedora for a long time before they hit RHEL. For example, systemd was first introduced in Fedora 15 (we are currently at 21). Ample time has been given to discuss, critique, provide feedback and to help shape what ends up in RHEL. If you are running RHEL/CentOS, consider running an instance of Fedora in a VM or testing environment so you get years of warning about new features before they hit RHEL. If you are concerned about what happens to RHEL, get involved: https://fedoraproject.org/wiki/Join. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Design changes are done in Fedora
For those who want to track what is going on in Fedora, http:// fedoramagazine.org/ highlights of discussions on the multitudinous mailing lists, forums, meetings, etc. For those interested in Fedora Server, its goals, and the people working on it, http://fedoraproject.org/wiki/Server seems a good place to start, in particular, http://fedoraproject.org/wiki/Server/Product_Requirements_Document. This is still a very new project : if you want to help shape what happens in the future, get involved. Kal -- Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Design changes are done in Fedora
For those who don't know, as of version 21, Fedora has split into 3 streams: workstation, server, and cloud. This addresses many of the concerns raised in this thread. See https://getfedora.org/ for details. I gather we'll see the impact of this change with CentOS-8. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync output under CentOS 6
On Tue, Dec 16, 2014 at 7:39 PM, Niamh Holding ni...@fullbore.co.uk wrote: KH When you use --itemize-changes, does it indicate that the timestamps of the KH directories have changed? Not uless the sequence of dots and letters before the folder name indicates that -- Best regards, Niamhmailto:ni...@fullbore.co.uk Indeed: the sequence of dots and letters before the name indicates why rsync wants to update a file. From the '--itemize-changes' entry in the rsync man page: A t means the modification time is different and is being updated to the sender’s value A p means the permissions are different and are being updated to the sender’s value See the man page for the meaning of other symbols. Kal Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync output under CentOS 6
When you use --itemize-changes, does it indicate that the timestamps of the directories have changed? K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync output under CentOS 6
rsync -h ... -i, --itemize-changes output a change-summary for all updates ... K -- Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] print something on console after boot
Looks like you are seeing the codes defined for mingetty rather than agetty. This is what you would expect for a virtual console on CentOS 6 which uses the former. K al ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] partedmagic connecting to a comcast address
Possibly your system was installed or cloned using PartedMagic, and that left an entry in /etc/ethers mapping your default nic to the name 'PartedMagic'? K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Thu, Dec 4, 2014 at 10:23 AM, John R Pierce pie...@hogranch.com wrote: On 12/3/2014 3:09 PM, g wrote: On 12/03/2014 04:15 PM, zep wrote: oh. the ARP packet suggests that MAC address is 192.168.1.144 that is how i see it. is that 1.144 IP address in use by the machine you ran the lspci from? somewhere. but i know not where. http://www.whoami.it/home/ shows me to be; adsl-184-41-28-86.mem.bellsouth.net for the hell of it, i pulled and reconnected DSL line, now, i am adsl-184-41-28-44.mem.bellsouth.net which is now confusing me more because the 1.144 address is in; ~]$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:FE:8F:8F:23 inet addr:192.168.1.144 Bcast:192.168.1.255 \ Mask:255.255.255.0 inet6 addr: fe80::20f:feff:fe8f:8f23/64 Scope:Link your ROUTER gets the internet IP on its WAN side (184.41.28.86 or whatever), and your LAN uses 192.168.1.xxx, the system you ran ifconfig on there has 192.168.1.144. the router 'translates' your private LAN addresses to the public internet address, this process is often called NAT (Network Address Translation), or Masquerade. so. Wireshark, for unknown reasons, thinks your system is 'PartedMagic'. I have no idea why. so... 'PartedMagic' is a red herring. whats the ACTUAL problem here we're trying to solve? -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] partedmagic connecting to a comcast address
Apologies for the previous top post :-( Forgot to trim the (...) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.6 Displays return: Command not found in Terminal
Hi Brian, Likely culprits are in ~/.bashrc ~/.bash_profile ~/.profile /etc/profile /etc/profiled.d/* Try 'source' on each one at a time to see if any triggers the message. Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CROSS-LIST Notice: Changes in EPEL
Also note, the announcement is not very clear on which EL version is being orphaned. For example, python-boto is being orphaned, but it appears that this is only for EL5. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lynx only shows : FRAME: wlmframe
I'd use a SOCKS proxy for that. On your local machine run: ssh -ND remote_server Then temporarily configure your web browser to use localhost: as its proxy. In Firefox the setting is under Preferences - Advanced - Network - Connection Since this is only temporary, but something you might want to do from time to time, consider one of the numerous browser extensions that help with this. For firefox, I use the Toggle Proxy addon to toggle between no proxy and the manually configured one. Hope this helps, Kal ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lynx only shows : FRAME: wlmframe
In case you're not familiar with SOCKS proxies, the aforementioned setup will allow your browser to connect to the printers web server as though you were running the browser on remote_server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Your experience with os hardening tool - Bastille?
Was thinking of checking out http://linux-audit.com/lynis/ but have not had the time. Might be worth a look. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] POODLE on CentOS
The following nmap invocation may also be helpful with testing: nmap --script ssl-enum-ciphers -p 443 hostname Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Fri, Oct 17, 2014 at 3:32 PM, Tharun Kumar Allu tharun.a...@gmail.com wrote: Modifying apache configuration to the following should take care of it. The SSLProtocol directive disables SSLv2 and SSLv3 and leaves other on. SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS On Thu, Oct 16, 2014 at 7:41 PM, James B. Byrne byrn...@harte-lyne.ca wrote: According to the centos wiki: Validating Changes You can use Qualys SSL Labs to verify that your web server is no longer vulnerable to POODLE or TLS_FALLBACK_SCSV once all action is complete. You might also want to only use TLSv1.2 for httpd on CentOS-6.5 (or higher) and CentOS-7, while using TLSv1 on CentOS-5. However, on my up-to-datestock CentOS-6.5 the httpd version is 2.2.15 and attems to use SSLProtocols greater than v1 yield this error: Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.1' I presume that the wiki is in error but I would like confirmation of that or instructions on how to enable TLSv1.1 and 1.2 on CentOS-6.5. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tharun Kumar Allu == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6 : AIDE experience
My bad :-( Cut and pasted HTML in a hurry. Lets try plain text. http://www.la-samhna.de/samhain/ K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6 : AIDE experience
Yeah. Not for the fainthearted. For full stealthiness you have to compile and maintain matching (signed) server/client pairs. Not too bad if management is well automated. K -- Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X, why did it have to be X
Anything enlightening showing up in /var/log/Xorg.0.log? Maybe something explaining why your conf is being ignored? Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Tue, Sep 23, 2014 at 7:37 AM, m.r...@5-cent.us wrote: m.r...@5-cent.us wrote: I have one user. We've pretty much all got two monitors, but he insists on rotating both of them vertically - that is, they're taller than they are wide, and he's got a Radeon card. I always have X grief on his system when I update it I just did a full update. X comes up in both screens... but the left one is *not* rotated, while the right one is. And they're mirrored. I've logged in as root, looked at all the configuration I know of, and nothing tells it to mirror, or one rotate and the other not. But when I use the menu, and go to system-preferences-display, it shows mirror screens *always* checked. I uncheck that, and hit apply, and nothing happens. I move the one off from over the other, and rotate the other, and still, nothing at all happens, and I don't see anything written, anywhere. Suggestions? A couple other things: the /etc/X11/xorg.conf that I fought successfully last year is still in place, but it acts as though it's ignoring it. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] X, why did it have to be X
Apologies for previous top post. Gmail was being, well, Gmail :-( ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6 : AIDE experience
checkout samhain (www.la-samhna.de/*samhain*/) if your feeling really paranoid. Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Thu, Sep 18, 2014 at 1:42 AM, Mark Tinberg mtinb...@wisc.edu wrote: On Sep 17, 2014, at 10:26 AM, Valeri Galtsev galt...@kicp.uchicago.edu wrote: On Tue, September 16, 2014 9:40 pm, Always Learning wrote: On Tue, 2014-09-16 at 16:41 -0400, Bowie Bailey wrote: Aide does not update it's database file. Whenever you run an init or update, it will create a new file. You then have to manually rename that file in order to start using the new database. I used aide for some time after tripwire went commercial, stayed without support, and finally a bug (in e-mail...) was discovered. I moved away from aide soon after. You may think of some intrusion detection tool/system that: 1. doesn't keep reference database on the same box (I know, I know, they are signed, etc...) 2. does not rely on binaries living on this same box (think about checking these binaries on another, much more trusted box before using them…) That’s kind of an impossible requirement, any kind of userspace measurement of binaries, no matter how many hoops you jump through, have the same potential problems that a compromised system can hide from them using just the legitimate available APIs. A user space integrity checker is only good against malware that isn’t specifically trying to hide itself from the checker, which does actually cover a lot of ground, the only way to reliably find malware that is trying to be stealthy is offline checking. That still doesn’t cover other places where _really_ stealthy malware can hide, like in device firmware, that can survive a disk wipe. Although probably not relevant for CentOS 6 there are some interesting tools in the Linux Integrity Measurement Architecture that I have recently become aware of but haven’t tested. Apparently with newer versions you can store _signed_ hashes of binaries as an xattr that the kernel will check itself on open(), since they are signed off-box and the public key is in the kernel keyring you get much of the same benefit as AIDE without the heavy cron jobs and without any delay in checking, every time the file is read it is checked. — Mark Tinberg mtinb...@wisc.edu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 : Network Interface Naming
/etc/udev/rules.d/70-persistent-net.rules is your friend the device names defined in there are set nice and early during boot, well before any ifcfg scripts K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On 16 November 2013 10:12, SilverTip257 silvertip...@gmail.com wrote: On Fri, Nov 15, 2013 at 2:33 PM, Scott Robbins scot...@nyc.rr.com wrote: On Fri, Nov 15, 2013 at 01:50:18PM -0500, SilverTip257 wrote: Hello All, I have one CentOS 6 KVM virtualization server that I built around a year ago (best I can tell it was in October 2012) at which time I would have been installing 6.3 [0]. That particular install used the Consistent Network Device Naming [1] conventions (PCIe NICs are p1p1, p1p2). This regression is a combo RedHat/Dell idea, IIRC. That may be why it's that way on a Dell machine. On Fedora, which usually shows what new regressions will be in RH, it's gotten harder to fix with each iteration. To make it worse, at least on Fedora (and again, many of their ideas, whether good or bad for servers, get into RedHat) has apparently now been intertwined with systemd. At first, one simply had to remove the biosdevnames rpm to fix it. Now, one has to do that, and also add, (in Fedora, with grub2) net.ifnames=0 to the kernel line. (Note that this was for Fedora 19, not sure if they at least removed biosdevnames in F20). I'm not tied to wanting my network interfaces to be ethX. Once my servers are configured, I'm generally not changing anything, so for all it matters they could be called wan0, etc. I actually think some of the conventions are worthwhile (ex: em for embedded, pXpY for PCI cards - I've not seen any others on Fedora/CentOS). I believe embedded NIC naming on Dell hw starts with em1 rather than em0 which is odd (we start counting at zero!). To make it even more of a mess, (again, this is judging from Fedora, which is good to keep on hand to see what new decisions good and bad will be made by RH), I think biosdevnames gave it one name and then the whole systemd thing gave it another. So, it would boot up as say p12p but in /etc/sysconfig/network-scripts it would show up as ifcfg-p1p2p or something like that. (I'm making these names up, but that was the general idea.) I did see something similar to this, I believe it was on a Fedora system I was using for testing ... I don't recall which release though. RHEL7 ought to have some Easter eggs for us. ;) Some people consider it a good thing, especially when moving drives between machines, but aside from it being something new, which isn't necessarily improved, it breaks various working scripts. Like you, I consider it a regression, but of course, that's only my opinion, and many experienced folks disagree, thinking it's a good thing--although I'm sure that even they would agree that they better figure out if biosdevname or something else will be handling it so that it is at least consistent. I'm not calling the biosdevname conventions a regression. But what I am calling a regression is all the flip flopping between the old convention and the new one, especially on two nearly identical hardware builds and OS builds for that matter. Actually, I think (but am not sure, that in VMs, even Fedora will use the eth0, eth1 system rather than the new naming scheme. Not just KVM, but also VirtualBox, VMware, and so on--that has been my experience with CentOS VMs at least. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto: Extremely tight security rsync shell for backups
A couple of weeks ago I found this breakdown of various approaches https://techstdout.boum.org/EncryptedBackupsForParanoiacs/ We're currently using a variation of the push-backup system described (using rsync via duplicity). K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Tue, Sep 24, 2013 at 7:58 AM, m.r...@5-cent.us wrote: Lists wrote: On 09/23/2013 02:44 PM, m.r...@5-cent.us wrote: Lists wrote: On 09/23/2013 01:50 PM, Les Mikesell wrote: Is there something that convinces you that sudo is better at handling the command restriction than sshd would be? In the context of a production server, the idea is to remove any ability from another host (EG: backup server) to run local arbitrary code or change local files. (read-only) snip You can disable the password on the backup account to achieve a similar effect using an SSHD option. If there's a better/simpler way to do this via SSHD option I'd love to hear about it! Sure. You disable password authentication, and allow keys only, in /etc/ssh/sshd_config. This prohibits SSH logins via password, but does not strictly enforce what commands are allowed to be run (and all options allowed) by a specific which is what I was looking for. Having done a bit more research, It does appear that you could use the ForceCommand option and disable passwords altogether for a user to achieve a similar effect with SSHD. Right, but a) it very much limits who can get in. Another thing is that you can run the backups from a cron job as a push, instead of a pull. And the other user still leaves the issue of ownership - only root can copy a user's home directory, or a project directory owned by that project, and keep it all the same. And don't forget to save selinux contexts mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] change sudoers remotely
You might want to have a look at ansible (www.ansibleworks.com) for orchestration/configuration tasks like this. Very simple to set up and requires nothing but ssh and python on the target host. Takes care of all the ssh and sudo user transitions for you. For your case it would be as simple as. yum install ansible echo target_host hosts ansible target_host -i hosts -s -m lineinfile -a 'dest=/etc/sudoers regexp=^username ALL=(ALL) NOPASSWD:' replacing target_host and username as appropriate. You can even package that invocation in a playbook so you don't have to remember all the details next time. Hope this helps. K ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpmbuild environment CentOS5 vs CentOS6
make sure you have rpmdevtools yum install rpmdevtools then run rpmdev-setuptree to setup the ~/rpmbuild tree structure Hope this helps K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Wed, Jul 3, 2013 at 7:40 AM, Peter Wood peterwood...@gmail.com wrote: On CentOS5 I was used to create a simple spec file where at the end I'll declare files and directories I wan't to package: -- Snip -- %files %dir /opt/myapp %dir /opt/myapp/bin %dir /opt/myapp/etc /opt/myapp/bin/exec01 /opt/myapp/etc/myapp.conf I'll copy the file in /usr/src/redhat/SPECS and run rpmbuild -bb myapp.spec. On CentOS6 rpm-build package no longer creates the /usr/src/redhat/... directory tree. I followed the CentOS6 Wiki instructions to setup my rpmbuild environment for a regular user. When I try to build the package on CentOS6 I'm getting this error for every single file and directory: File not found: /home/peter/rpmbuild/BUILDROOT/myapp-5.2-1el6.x86_64/opt/myapp/bin/exec01 I tried to override buildroot: rpmbuild -bb --define=buildroot / myapp.spec error: %{buildroot} can not be / As a workaround I can manually create /home/peter/rpmbuild/BUILDROOT/myapp-5.2-1el6.x86_64/ and copy all my file in there but that's a lot of extra work. Is there a way to get the same functionality on CentOS6 where rpmbuild will collect the files from the main / directory and build the rpm package? Thank you, -- Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange Beauvoir with hard and soft link
Early in the morning and I haven't finished my coffee yet, but this could be a bind mount. Search for the 'bind' option in the mount man page for an explanation. You should be able to tell by looking at the output of mount Also check /etc/fstab K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925 On Thu, May 30, 2013 at 2:37 AM, Dario Lesca d.le...@solinos.it wrote: How to is possible this? [root@lucatest ~]# ls -lid /var/log /var/log/ispconfig /var/log/ispconfig/httpd /var/log/ispconfig/httpd/prova.it/var/log/ispconfig/httpd/ prova.it/test /var/www /var/www/clients /var/www/clients/client1 /var/www/clients/client1/web3 /var/www/clients/client1/web3/log /var/www/clients/client1/web3/log/test 706 drwxr-xr-x. 15 root root 4096 29 mag 08:44 /var/log 69619 drwxr-xr-x 3 root root 4096 8 mag 18:05 /var/log/ispconfig 69620 drwxr-xr-x 6 root root 4096 29 mag 10:54 /var/log/ispconfig/httpd 253961 drwxr-xr-x 2 root root 4096 29 mag 12:21 /var/log/ispconfig/httpd/prova.it 253984 -rw-r--r-- 1 root root0 29 mag 12:21 /var/log/ispconfig/httpd/prova.it/test 44509 drwxr-xr-x. 12 root root 4096 29 mag 10:54 /var/www 79376 drwxr-xr-x 4 root root 4096 22 mag 12:57 /var/www/clients 87935 drwxr-xr-x 7 root root 4096 29 mag 10:54 /var/www/clients/client1 253953 drwxr-xr-x 9 root root 4096 29 mag 10:54 /var/www/clients/client1/web3 253961 drwxr-xr-x 2 root root 4096 29 mag 12:21 /var/www/clients/client1/web3/log 253984 -rw-r--r-- 1 root root0 29 mag 12:21 /var/www/clients/client1/web3/log/test See this two folder: 1) /var/log/ispconfig/httpd/prova.it 2) /var/www/clients/client1/web3/log have the same inode (253953) and none of the parent dirs are symbolic link (l) but (d), and dir is not possible to generate it with hard link. If I put a file into first dir, the file there is also into second dir. See also this two file: 1) /var/log/ispconfig/httpd/prova.it/test 2) /var/www/clients/client1/web3/log/test these file have same inode 253984 but its not hard or soft link, if I modify first file also the second file is modified There is only one filesystem and is the root filesystem. How to is possible this situation? Many thanks -- Dario Lesca - sip:da...@solinos.it (Inviato dal mio Linux Fedora18+Gnome3) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to find unknown ip address?
Running 'arp -n' on a machine that you think might receive packets from the unknown host might also do the job. K Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd(w) +61 (0) 3 9008 5281 Suite 1415 401 Docklands Drive Docklands VIC 3008 Australia All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 19 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos