Re: [CentOS] USB audio on Centos-7

2017-09-26 Thread Kahlil Hodgson 
Most of the useful audacity stuff is in their wiki:

http://wiki.audacityteam.org/wiki/USB_mic_on_Linux

seems like a good place to start.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB audio on Centos-7

2017-09-26 Thread Kahlil Hodgson 
> (and a possibly separate issue: how the heck does one point Audacity
> to a USB input? Can't find anything in its UI, and there's darn little
> help online that is actually helpful, in this regard.)

Not sure about the other stuff but my USB dock's mic input shows up in
Audacity on Fedora 26 under the second drop down on the last row (next
to the little microphone icon).

In the passed I've had most luck with pavucontrol, since it was the
only one I could find that would allow me to turn on monitoring.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 Install

2017-08-18 Thread Kahlil Hodgson 
On Sat, Aug 19, 2017 at 1:36 AM, Yan Li  wrote:

> After this call, I need to schedule a meeting with a partner in London
> so I pressed the start key and typed in "london". Tracker showed the
> current time and I could press enter to see the weather in London.

Now that's a neat trick. Thanks for sharing.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 Install

2017-08-17 Thread Kahlil Hodgson 
>
> A more interesting question would be: Where would one go to completely
> STOP these files from being created / cached / logged / stored etc?
>

In Gnome 3.

1. Got o Settings
2. Select Search
3. Un-check all the things you don't want to be tracked or just turn search off.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

2017-07-27 Thread Kahlil Hodgson 
I have a Dell XPS 13 (9360) with Fedora 26 installed. Very happy with it.

UEFI boot from flash drive works out of the box.

For install I needed to change the drive settings in the BIOS from the
default of RAID (what ever that means on a laptop) to AHCI. No need to
turn off secure boot.

If you want to use a DisplayLink USB display adaptor like the D3100
(commonly sold with this laptop), you might want to checkout
https://github.com/displaylink-rpm. This will require either you to
turn off secure boot or to sign the displaylink modules after they are
installed. Signing is not that hard, but is a extra step that you have
to look after.

Cheers,

Kal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 speedstep CPU support

2017-05-11 Thread Kahlil Hodgson 
On Fri, May 12, 2017 at 8:18 AM, ken  wrote:
> Currently I don't actually need more speed.  This is already a fairly peppy
> laptop... like right now the load is about 2%.  If it was any lower, I could
> almost turn this machine  off and still run everything.  :)  Ah but
> seriously, I'd rather have the speed cranked down and save the battery.
> That's the one weak spot: this gal can drain a battery faster than a dog can
> down a bag of cookies.  Still, I'd like to have control in gnome over cpu
> speed again.

I think all that stuff is controlled by 'tuned' now. There is gtk app
tuned-gtk to help setting and switching profiles.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop turns off after lid closed Centos6

2017-03-02 Thread Kahlil Hodgson 
At a guess that's the Automatic Suspend option.

In the GUI. Go to Settings. Then Power. Scroll to the bottom. Click on
'Automatic Suspend'. You get a popup. Make sure "Plugged In" is set to
off.

There is probably a corresponding gsettings option that you could hunt down.

Hope this helps.

On Fri, Mar 3, 2017 at 2:46 AM, david  wrote:
> At 07:16 AM 3/2/2017, Leon Fauster wrote:
>>
>> > Am 02.03.2017 um 16:08 schrieb david :
>> >
>> > Folks
>> >
>> > I have a laptop which i am using temporarily as a test server.  It is
>> > permanently plugged in.  It is running Centos 6, command line only.  In the
>> > past, I could close the lid, thereby turning off the display, but not
>> > turning off the machine.  It remained running indefinitely.
>> >
>> > A recent update (this past week) changed that behavior.  Now, when I
>> > close the lid, the laptop turns itself off within an hour.
>> >
>> > A google search talks about tools like "upower" and apcitool, but a "yum
>> > search" does not locate them.
>> >
>> > Is there a way to revert back to the previous behavior?
>>
>>
>> Sure that no X11/Gnome stuff got onto the system?
>>
>> --
>> LF
>
> LF:
> Yes, lots of stuff just in case I want to run a GUI for giggles.  The gnome
> stuff was present even with the earlier behavior.  Is there some setting I
> can adjust?
>
> David
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Kahlil (Kal) Hodgson   GPG: C9A02289
Chief Technology Officer   (m) +61 (0) 4 2573 0382
Direct Pricing Exchange Pty Ltd

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network conections problems

2017-02-22 Thread Kahlil Hodgson 
Yup, my guess is that someone has plugged in another device into your
network and that device has a ip address 192.168.41.4 statically
assigned.
Or someone has reconfigured a device and set that address by accident.
I had a UPS do this to me once.

A quick lookup on the https://macvendors.com/ shows the offending mac
address belongs to a device from Dell Inc. That may help you track
down the offender.

Hope this helps.


On Thu, Feb 23, 2017 at 8:27 AM, Rommel Rodriguez Toirac
<romme...@nauta.cu> wrote:
> El 21 de febrero de 2017 7:00:03 GMT-05:00, centos-requ...@centos.org 
> escribió:
>>Send CentOS mailing list submissions to
>>   centos@centos.org
>>
>>
>>From: Kahlil Hodgson <kahlil.hodgson@dp.exchange>
>>To: CentOS mailing list <centos@centos.org>
>>Subject: Re: [CentOS] Network conections problems
>
>>
>>First guess is that you may have two devices on the network with the
>>same ip address.
>>
>>Next time this happens, try doing
>>
>>1. 'arp -n' from a machine other than the db server
>>2. ping the other machine from the db server, then
>>3. 'arp -n' from the other machine
>>
>>Compare the outputs of the two invocations of arp. If the outputs show
>>different MAC addresses for 192.168.41.4 then you have two different
>>devices with the same IP address.
>>
>>
>  I resolve the problem of network conection loose, but still a dude of how it 
> happend and how it can be fixe.
> When I check with arping the MAC of sever change, for example
>
> rommel@p6:~$ arping 192.168.41.4
> ARPING 192.168.41.4 from 192.168.41.6 enp3s0
> Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B]  0.653ms
> Unicast reply from 192.168.41.4 [6C:92:BF:26:C7:03]  0.683ms
> Unicast reply from 192.168.41.4 [6C:92:BF:26:C7:03]  0.622ms
> Unicast reply from 192.168.41.4 [6C:92:BF:26:C7:03]  0.631ms
> ^CSent 3 probes (1 broadcast(s))
> Received 4 response(s)
>
> The first answer is with a MAC diferent to the others one.
> But when I arping from the server inseft look the MAC associate to de IP 
> address:
>
> [root@pgtm ] arping 192.168.41.4 -I eth1
> ARPING 192.168.41.4 from 192.168.41.4 eth1
> Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B]  0.658ms
> Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B]  0.654ms
> Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B]  0.654ms
> Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B]  0.662ms
> Unicast reply from 192.168.41.4 [00:1D:09:FF:44:4B]  0.655ms
> Sent 5 probes (1 broadcast(s))
> Received 5 response(s)
>
> Looking in the config of network device I can not find the MAC 
> 00:1D:09:FF:44:4B
>
> [root@pgtm ] ifconfig
> eth0  Link encap:Ethernet  HWaddr 6C:92:BF:26:C7:02
>   UP BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>   Memory:c722-c723
>
> eth1  Link encap:Ethernet  HWaddr 6C:92:BF:26:C7:03
>   inet addr:192.168.41.4  Bcast:192.168.41.255  Mask:255.255.255.0
>   inet6 addr: fe80::6e92:bfff:fe26:c703/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:95819 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:1924 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:11728605 (11.1 MiB)  TX bytes:263674 (257.4 KiB)
>   Memory:c720-c721
>
> eth2  Link encap:Ethernet  HWaddr 00:E0:ED:33:4E:9C
>   UP BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>   Memory:c712-c713
>
> eth3  Link encap:Ethernet  HWaddr 00:E0:ED:33:4E:9D
>   UP BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>   Memory:c710-c711
>
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0
>   inet6 addr: ::1/128 Scope:Host
>   UP LOOPBACK RUNNING  MTU:65536  Metric:1
>   RX packets:249609 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:249609 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>

Re: [CentOS] Network conections problems

2017-02-20 Thread Kahlil Hodgson 
First guess is that you may have two devices on the network with the
same ip address.

Next time this happens, try doing

1. 'arp -n' from a machine other than the db server
2. ping the other machine from the db server, then
3. 'arp -n' from the other machine

Compare the outputs of the two invocations of arp. If the outputs show
different MAC addresses for 192.168.41.4 then you have two different
devices with the same IP address.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Reliable way of having both LAN and WIFI on headless box

2017-01-10 Thread Kahlil Hodgson 
I'd be looking at your logs to see if there is any indication why the
wifi does not come up during boot

> sudo journalctrl -b# current boot
> sudo journalctrl -b -1 # previous boot

Kal


On Wed, Jan 11, 2017 at 7:59 AM, Eliezer  Croitoru  wrote:
> NetworkManger should work pretty nice and good as required.
> Just run the right cronjob every minute to make sure the connection is up or
> down and find out if it's possible to reconnect.
> NetworkManager is kind of does all you need automatically so you should not
> do anything unless there is a technical issue.
>
> Eliezer
>
> 
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
>
>
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Gary Stainburn
> Sent: Tuesday, January 10, 2017 11:25 AM
> To: CentOS mailing list 
> Subject: Re: [CentOS] Reliable way of having both LAN and WIFI on headless
> box
>
> On Tuesday 10 January 2017 08:53:17 John R Pierce wrote:
>> On 1/9/2017 7:11 PM, fred roller wrote:
>> > On Mon, Jan 9, 2017 at 12:04 PM, Frank
>> > Cox
>> >
>> > wrote:
>> >> That sounds like a weak signal from your wifi transmitter.
>> >
>> > Or signal interference.  Where is the antennae located on the server?
>> > Ran into signal issues with antennae which were tucked behind the
>> > server before.
>>
>> indeed, the back of a desktop or server system, sitting on the floor
>> (or in a rack) surrounded by piles of cables, is the worst possible
>> place for a 2.4GHz or 5.7GHz antenna
>
> The server is in a rack, but the dongle is plugged in the front and is 5m
> from the HP Procurv AP that covers the whole of the first floor.
>
> A key point I thought I had included in the OP is that this is mostly a
> problem on startup.  It does sometimes drop off during use, but mainly the
> problem  is not being able to activate it on startup.
>
> I am a traditionalist and long for the days before NetworkManager when
> networks were much simpler to admin, and much more stable.
>
> Is it possible to remove NetworkManager and go back to the good old days,
> and still have WIFI work properly?
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Kahlil (Kal) Hodgson   GPG: C9A02289
Chief Technology Officer   (m) +61 (0) 4 2573 0382
Direct Pricing Exchange Pty Ltd

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] .htaccess file

2016-08-28 Thread Kahlil Hodgson 
> There's nothing on the webserver except a test site I use. Just trying to
> keep out the ones that ignore robots.txt

If its just a test server, then I'd be tempted to use HTTP AUTH at the
top level. Most robots will be blocked by that, and you can use
iptables to block the ones that try to guess your password, perhaps
with fail2ban.

-- 
Kahlil (Kal) Hodgson   GPG: C9A02289
Chief Technology Officer   (m) +61 (0) 4 2573 0382
Direct Pricing Exchange Pty Ltd

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 : keyboard shortcut for mouse gesture?

2016-08-28 Thread Kahlil Hodgson 
Try the Windows key on a PC or the Command key on a Mac


-- 
Kahlil (Kal) Hodgson   GPG: C9A02289
Chief Technology Officer   (m) +61 (0) 4 2573 0382
Direct Pricing Exchange Pty Ltd

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I need glibc 2.19+ for 32 bit CentOS 6.8 or CentOS7

2016-08-24 Thread Kahlil Hodgson 
On Thu, Aug 25, 2016 at 9:44 AM, John R Pierce  wrote:
> On 8/24/2016 4:22 PM, Kay Schenk wrote:
>>
>> Due to a proposed changeover to build machines for a project I'm
>> involved with, I need at least glib 2.19. Right now I have glib 2.12,
>> and even on CentOS7-32 bit, what I see is glib 2.14. Is a higher glib
>> available anywhere that might work with my current 6.8. I see I can
>> download it from SourceForge but I am wondering what the results might me.
>
>
> whats the target OS for the builds from these build machines ?
>
> to change the default libc would require rebuilding (and retesting) the
> whole OS.

I believe glib is just the Gnome utility libraries, unlike glibc which
has the core C runtime libraries.  Upgrading glib is probably less
dire, though it


-- 
Kahlil (Kal) Hodgson   GPG: C9A02289
Chief Technology Officer   (m) +61 (0) 4 2573 0382
Direct Pricing Exchange Pty Ltd

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] script to make webpage snapshot

2016-08-11 Thread Kahlil Hodgson 
I have some some angularjs sites that I test with protractor and a
chrome webdriver. I read in the docs at some point that I could take
and save screenshots if I wanted. You may be able to write a simple
nodejs script to kick of the webdriver and take the screenhsot.  Or
someone may have already writen one :-)

https://www.seleniumeasy.com/selenium-tutorials/take-screenshot-with-selenium-webdriver
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/PHP Installation - opinions

2016-04-26 Thread Kahlil Hodgson 
If you need more recent versions checkout softwarecollections.org. It has
more recent rebuilds of the big package suites that install under /opt and
don't collide with the system installed packages. There is a CentOS
specific channel in there somewhere.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cron

2016-04-22 Thread Kahlil Hodgson 
​If your script is failing, I would normally expect it to output some error
messages. Cron will email this to root by default. Maybe check
​/var/spool/mail/root? Or set MAILTO="youremail address" at the top of your
cron script.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cron

2016-04-22 Thread Kahlil Hodgson 
On 23 April 2016 at 10:25, Marcin Trendota  wrote:

> Anything interesting in the logs?
> >
> > sudo journalctl -xf _SYSTEMD_UNIT=crond.service
>
> Don't know.
>
> [root@kohrin cron.d]# sudo journalctl -xf _SYSTEMD_UNIT=crond.service
>
​...​


> (/etc/cron.d/osticket-cron)
> kwi 22 23:28:01 vz471 crond[30534]: (*system*) RELOAD
> (/etc/cron.d/osticket-cron)
> kwi 22 23:30:01 vz471 crond[30534]: (*system*) RELOAD
> (/etc/cron.d/osticket-cron)
> kwi 22 23:32:01 vz471 crond[30534]: (*system*) RELOAD
> (/etc/cron.d/osticket-cron)
> kwi 22 23:34:01 vz471 crond[30534]: (*system*) RELOAD
> (/etc/cron.d/osticket-cron)
>
​That shows ​cron triggering your script once every 2 minutes, which makes
_maybe_ makes sense with '*/1'.

So nothing wrong with you cron line, so its probably something in your
environment.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cron

2016-04-22 Thread Kahlil Hodgson 
Anything interesting in the logs?

sudo journalctl -xf _SYSTEMD_UNIT=crond.service
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

2016-03-09 Thread Kahlil Hodgson 
I did this once more than 10 years ago. If I was to do it again, I would
probably get shorewall to do most of the heavy lifting:

http://shorewall.net/MultiISP.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Just need to vent

2016-01-25 Thread Kahlil Hodgson 
I personally love Gnome3 on Fedora. It took me about a week to adjust my
mindset though -- I did that over a Xmas break.

It did help that I read the release notes first (so I was not surprised at
the major change) and went through the tutorial the developers provided.

An interesting exercise re-examining and critiquing old workflows and
exploring alternatives.  It works really well on the smallish laptop that I
use while commuting and which I plug into a couple of monitors when I get
to work.  Its great the way it frees up screen real estate and encourages
me to focus on "what I am doing" rather than distracting me with "things I
might want to do".
​
Reading the release notes before installing an OS is a really good idea.​
Fedora and RedHat do a really good job with their release notes.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Starting stunnel on boot with CentOS7

2015-12-23 Thread Kahlil Hodgson 
​Apologies. My bad. The service file was copied across from F22.

# Service file from Fedora 22

[Unit]
Description=SSL tunnel for network daemons
After=syslog.target network.target

[Service]
ExecStart=/usr/bin/stunnel
Type=forking
PrivateTmp=true

[Install]
WantedBy=multi-user.target
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Starting stunnel on boot with CentOS7

2015-12-22 Thread Kahlil Hodgson 
On my CenOS7 system with stunnel from base

stunnel-4.56-4.el7.x86_64

there's a systemd service file

/etc/systemd/system/stunnel.service

try

sudo systemctl enable stunnel.service

Hope this helps,

K
​al​
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Poor perfmance of bridged interfaces

2015-11-12 Thread Kahlil Hodgson 
If you really need two bridges on the same LAN you will need to turn on STP
and give your interfaces a delay of say 10 seconds on start up. Sorry, cant
remember options to do that.


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925

On 13 November 2015 at 08:09, Alexander Dalloz  wrote:

> Am 12.11.2015 um 19:42 schrieb Sergio Belkin:
>
>> [root@localhost ~]# uname -a
>> Linux localhost 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014
>> x86_64 x86_64 x86_64 GNU/Linux
>>
>
> First of all: yum update to current!
>
> Alexander
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SSH login between servers still asking for password, why?

2015-11-02 Thread Kahlil Hodgson 
First thought is that you may have a file permission issue on the target --
possibly selinux contexts.
Have a look in /var/log/secure on the target server and it will tell you
what the culprit is.

I tend to use ssh-copy-id because this always ensures you've got your
permissions right.

Kal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] problem on exceptional quit

2015-10-08 Thread Kahlil Hodgson 
​Can you trigger the error reliably by doing something network intenstive,
like scp or rsync a large file?  I've seen similar behaviour with a bad NIC
that was in the process of dying.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can one construct an IPTables rule to block on NS records?

2015-10-06 Thread Kahlil Hodgson 
Taking a stab at you meaning "block all IPs that reverse resolve to a name
managed by secureserver.net" because their servers keep scanning you.

You could craft a fail2ban recipe to reverse resolve the IP address (after
a some threshold of rejected packets) then block that IP if it '
secureserver.net' is the authority for the PTR record.

K


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925

On 7 October 2015 at 04:36, John R Pierce  wrote:

> On 10/6/2015 6:34 AM, Leon Fauster wrote:
>
>> --On Monday, October 05, 2015 10:46 AM -0400 "James B. Byrne"<
>> byrn...@harte-lyne.ca>  wrote:
>>
>> >So, is there any convenient way to construct an IPTables rule to block
>>> >all IPs associated with a given Domain Name server?
>>>
>> IPs have the reversed lookup "assosiated" with a NS.
>>
>> What do you mean with "associated"?
>>   Do mean all IPs that this DNS server resolves to
>> (A-Records in zone) (how do know for what zone
>> the NS gives authoritative answers)?
>>
>> Or just the domain name server IPs of a given
>> domain name (NS records)?
>>
>> What are you trying to solve?
>>
>
> I wondered much the same.most NS servers won't allow you to do a zone
> transfer to find all the A/ records in a given domain. doing a reverse
> DNS lookup on every incoming/outgoing socket connection would be beyond
> painful, it would bring your network to its knees as the reverse DNS zones
> are often broken.
>
>
>
> --
> john r pierce, recycling bits in santa cruz
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can one construct an IPTables rule to block on NS records?

2015-10-06 Thread Kahlil Hodgson 
On 6 October 2015 at 00:46, James B. Byrne  wrote:

> So, is there any convenient way to construct an IPTables rule to block
> all IPs associated with a given Domain Name server?
>

​You can use ipsets to block a large collection of IP addresses with
netfilter.  I block various problematic countries that way.

The problem is getting _all_ the IP addresses associated with a DNS
server.  I don't think that is going to be easy/possible, unless that DNS
sever has been badly misconfigured.



​K​
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.1 doesn't seem to have a functional default pdf reader installed (interesting)

2015-07-14 Thread Kahlil Hodgson 
evince is the PDF reader for Gnome
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mounting NFS file systems via Nautilus on CentOS 6

2015-07-12 Thread Kahlil Hodgson 
Looks like Nautilus is periodically 'stat'-ing the bookmark location.

How about making a softlink to the target dir in your home directory, then
bookmarking the link in nautilus.  Hopefully Nautilus will stat the link
and not the target then.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing Centos Server Problems

2015-07-07 Thread Kahlil Hodgson 
Did you shrink your windows installation to make way for the new OS first?


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On 8 July 2015 at 13:44, michael wright michael_j@hotmail.com wrote:

  Hi  Can some one help me please. I am trying to install Centos 7.0 server
 but every time I install centos I keep loosing my windows 7 ? I have a 2TB
 Hard-Drive, Window 7 64 bit Operating System with Intel Core i5 2300
 Processor when I reboot I loose windows and I have no dual-boot can anybody
 help me please this is the 7 time I have tried this and still fail

 Michael Wright

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dual-booting - Re: installing Cents os server 7.0

2015-07-03 Thread Kahlil Hodgson 
IMHO dual booting, although interesting, is a dying technology. A necessary
hack from less civilised times.

The modern approach is to choose the OS that personally gives you the most
comfort (legal, physical, moral, aesthetic, financial, ...) and use
virtualization to boot any other OS you may need.

Investing time in improving the UX for dual-booting may be fun or satisfy
the soul, but it seems inappropriate to suggest its an important issue that
must be resolved. Personally I'd choose investing my time in improving
virtualization.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dual-booting - Re: installing Cents os server 7.0

2015-07-03 Thread Kahlil Hodgson 
Wow. So many _passionate_ words. Still have no idea what Chris is really
going on about.

​​This seems to be running in two threads in Gmail, which makes it even
more confusing.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CPAN issues

2015-06-30 Thread Kahlil Hodgson 
​From what I can see there you are running cpan as root and installing it
under a local lib /root/perl5. The new cpan executable is is under
/root/perl5/bin/. Thats probably not in your path? Also the modules under
/root/perl5/lib/perl5 are probably not in your module search path.

There is a lot of what your are doing here that is either unsafe or unwise.

Before we go into that, could we step back a bit and discus your
environment and what you are trying to achieve. Specifically, why you feel
the need to upgrade CPAN at a system level?  There may be a better way to
solve the underlying issue.

Cheers,

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CPAN issues

2015-06-29 Thread Kahlil Hodgson 
​CPAN is a core module which can be tricky to update on the RedHat based
systems.

Suggest investigating:

local::lib
App::cpanminus
Pinto​

​If you need a newer Perl, check out www.softwarecollections.org.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Old and new package version numbers during RPM update

2015-06-28 Thread Kahlil Hodgson 
On 29 June 2015 at 07:37, John R Pierce pie...@hogranch.com wrote:

 so a regex looking for system: vs system {   should nicely delineate
 these.   I dunno, I might even put that into the conversion utility and
 have it just quit if the file is already in the new format, and always run
 it.


​+1 for the idempotent approach. IMHO much more robust. Also consider what
will happen if someone does a 'yum downgrade' on the package or a
dependency -- you might want to allow the conversion to go both ways or at
least complain appropriately.

​K​
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Many troubles in CentOS 6 since the last update of GLibc-2.12-1.149.el6

2015-06-11 Thread Kahlil Hodgson 
Have you rebooted since the update?  If not, try that and see if it helps.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] off topic - need help registering to the smplayer forum

2015-06-11 Thread Kahlil Hodgson 
Just keep clicking on the little refresh button to the right of the image
until you get one that you can easily decipher.  Just tried this and 5/10
were ok.


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On 13 June 2015 at 12:40, jd1008 jd1...@gmail.com wrote:

 Hi All,
 smplayer has no mailing list.
 I tried to register at
 http://forum.smplayer.info/ucp.php?mode=register
 but the capchas are so incredibly impossible to discern
 that I gave up after 5 tries.
 I tried the audio option, but the audio option plays so garbled
 it is impossible to understand.
 My audio is great. I play youtube vids with great clarity.
 So I am hoping someone who is on that forum to inform
 the registration web page's designer to do something about this problem.

 Thanx to all who show some info on how to get this done.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Project Management Software

2015-06-01 Thread Kahlil Hodgson 
You could try 'planner'

rizo:~ yum info planner
Loaded plugins: changelog, presto
Available Packages
Name: planner
Arch: i686
Version : 0.14.4
Release : 10.el6
Size: 3.1 M
Repo: base
Summary : A graphical project management tool
URL : http://live.gnome.org/Planner
License : GPLv2+
Description : Planner is a visual project management application which
allows users to
: manage several aspects of a project, including schedule
tracking using
: Gantt charts.
:
: You should install Planner if you wish to manage schedules,
allocate
: resources, and track the progress of your projects.



Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On 2 June 2015 at 02:32, Mike - st257 silvertip...@gmail.com wrote:

 On Fri, May 29, 2015 at 10:26 PM, H age...@meddatainc.com wrote:

  I have a need to use a project management software package under Centos
  6.6 and have started looking at ProjectLibre which is a Java package.
 
  Unfortunately it seems to have shortcomings when it comes to following up
  projects and my current understanding is that it falls short of Microsoft
  Project 2010, i.e., a previous version.
 

 I have not used ProjectLibre, so I can't comment on its features.


 
  Does anyone have experience with this type of software and what would you
  recommend?
 

 Years back I used [what appears to have been] GanttProject.
 Worked fine for me, but I was only interested in creating Gantt charts and
 not so much comparing features to Microsoft Project (though I used MS
 Project briefly many moons ago).
 http://www.ganttproject.biz/


 Hope that helps.

 --
 ---~~.~~---
 Mike
 //  SilverTip257  //
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Turning off wifi in CentOS 7

2015-05-19 Thread Kahlil Hodgson 
device names are all kernel and udev. nothing to do with network manager.

​if you want to get predictable interface names, set up udev rules
appropriately.​

https://www.kernel.org/pub/linux/utils/kernel/hotplug/udev/udev.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Back to eth shuffling ...

2015-05-14 Thread Kahlil Hodgson 
another identical machine will have the same bus ids. that's why this works.


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On 15 May 2015 at 11:02, Ashley M. Kirchner ash...@pcraft.com wrote:

 Right, I understand that part. However I believe I'm now in the realm of
 making this specific to this machine as I have no guarantee that another
 identical machine will pop up with those same bus IDs. Maybe for the
 internal ports, but I don't know if the same will happen for the PCIe bus.
 Would that be correct?

 On Thu, May 14, 2015 at 6:21 PM, Kahlil Hodgson 
 kahlil.hodg...@dealmax.com.au wrote:

  So a 70-persistent-net.rules like
 
  # onboard port 1 - eth0
  ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:19.0,
  NAME=eth0
 
  # PCIe card - eth2
  ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:03:00.0,
  NAME=eth2
 
  # onboard port 2 - eth1
  ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:08:00.0,
  NAME=eth1
 
  will do what you want.
 
  Note: I've just changed the ID and NAME values to match what you have and
  what you want.
 
 
 
  Kahlil (Kal) Hodgson   GPG: C9A02289
  Head of Technology (m) +61 (0) 4 2573 0382
  DealMax Pty LtdGitHub: @tartansandal
 
  Suite 1416
  401 Docklands Drive
  Docklands VIC 3008 Australia
 
  All parts should go together without forcing.  You must remember that
  the parts you are reassembling were disassembled by you.  Therefore,
  if you can't get them together again, there must be a reason.  By all
  means, do not use a hammer.  -- IBM maintenance manual, 1925
 
  On 15 May 2015 at 10:12, Ashley M. Kirchner ash...@pcraft.com wrote:
 
   Actually, I know what the MAC is for the builtin Port1 and 2. Those are
   listed in the BIOS. But ultimately I don't want to rely on them as I
 want
   the same kickstart file to work for other machines, so hardcoding those
  in
   the kickstart file wouldn't quite work, unless I start writing multiple
   kickstart files, one per machine.
  
   Anyway, lspci reports this:
   00:19.0 Ethernet controller: Intel Corporation 82566DM-2 Gigabit
 Network
   Connection (rev 02)
   03:00.0 Ethernet controller: Intel Corporation 82572EI Gigabit Ethernet
   Controller (Copper) (rev 06)
   08:00.0 Ethernet controller: Intel Corporation 82573V Gigabit Ethernet
   Controller (Copper) (rev 03)
  
   Now when I look at the enumeration from dmesg, I get this:
   e1000e :00:19.0: eth0: (PCI Express:2.5GT/s:Width x1)
   00:1e:68:58:00:4c  -- this is Port1
   e1000e :03:00.0: eth1: (PCI Express:2.5GT/s:Width x1)
   00:15:17:d3:43:62  -- PCIe Card
   e1000e :08:00.0: eth2: (PCI Express:2.5GT/s:Width x1)
   00:1e:68:58:00:4d  -- this is Port2
  
   So this is how it gets enumerated for some reason. But during the
  machine's
   POST, it always brings up the PXE boot order as Port1, Port2, and
 finally
   the PCIe card, which is the correct order that I want it in. It also
 only
   has one single expansion slot so it's not like I can try a different
 one
  to
   see if it makes a difference, unfortunately.
  
  
   On Thu, May 14, 2015 at 5:47 PM, Kahlil Hodgson 
   kahlil.hodg...@dealmax.com.au wrote:
  
On 15 May 2015 at 03:51, Ashley M. Kirchner ash...@pcraft.com
 wrote:
   
 After the machine boots and I look in /root/ksnet-devices, I see
 the
   MAC
 addresses for the devices as:
 Port1 - eth0
 PCIe Card- eth1
 Port2 - eth2

 And yet, during the machine's POST (which  can verify by the PXE
 boot
   up
of
 each device), it correctly enumerates the ethernet devices as:
 Port1
 Port2
 PCIe card

 So where and why is the order changed when the kernel kicks in and
   start
 booting the machine? And how can I stop it, or change its behavior?
  I'm
not
 seeing any 'renaming' going on in dmesg like I sometimes find. So
something
 is causing this and I can't figure it out.

   
​Yeah, my understanding is that the kernel does not really trust all
  the
information that the BIOS tells it and probes for the network devices
itself.​
   
I'm thinking, since you are using kickstart and PXE boot, you're not
   going
to know the HWADDR for your NICs before hand, but you probably do
 have
  a
predictable pci bus layout.
   
So grab pciutils package and run:
   
lspci | grep Ethernet
   
I get something like
   
00:0a.0 Ethernet controller: NVIDIA Corporation MCP67 Ethernet (rev
 a2

Re: [CentOS] Back to eth shuffling ...

2015-05-14 Thread Kahlil Hodgson 
apologies. just realised I was top posting again. damn this email client :-(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Back to eth shuffling ...

2015-05-14 Thread Kahlil Hodgson 
On 15 May 2015 at 03:51, Ashley M. Kirchner ash...@pcraft.com wrote:

 After the machine boots and I look in /root/ksnet-devices, I see the MAC
 addresses for the devices as:
 Port1 - eth0
 PCIe Card- eth1
 Port2 - eth2

 And yet, during the machine's POST (which  can verify by the PXE boot up of
 each device), it correctly enumerates the ethernet devices as:
 Port1
 Port2
 PCIe card

 So where and why is the order changed when the kernel kicks in and start
 booting the machine? And how can I stop it, or change its behavior? I'm not
 seeing any 'renaming' going on in dmesg like I sometimes find. So something
 is causing this and I can't figure it out.


​Yeah, my understanding is that the kernel does not really trust all the
information that the BIOS tells it and probes for the network devices
itself.​

I'm thinking, since you are using kickstart and PXE boot, you're not going
to know the HWADDR for your NICs before hand, but you probably do have a
predictable pci bus layout.

So grab pciutils package and run:

lspci | grep Ethernet

I get something like

00:0a.0 Ethernet controller: NVIDIA Corporation MCP67 Ethernet (rev a2)
01:06.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet
Controller (rev 05)
01:07.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet
Controller (rev 05)

The first number is the bus id which is going to be consistent across
machines with the same mainboard and nic layout.

So I can make a persistent-net.rules file like:

ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:0a.0,
NAME=eth0
ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:06.0,
NAME=eth1
ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:07.0,
NAME=eth2


Hope this helps.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Back to eth shuffling ...

2015-05-14 Thread Kahlil Hodgson 
So a 70-persistent-net.rules like

# onboard port 1 - eth0
ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:19.0,
NAME=eth0

# PCIe card - eth2
ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:03:00.0,
NAME=eth2

# onboard port 2 - eth1
ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:08:00.0,
NAME=eth1

will do what you want.

Note: I've just changed the ID and NAME values to match what you have and
what you want.



Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On 15 May 2015 at 10:12, Ashley M. Kirchner ash...@pcraft.com wrote:

 Actually, I know what the MAC is for the builtin Port1 and 2. Those are
 listed in the BIOS. But ultimately I don't want to rely on them as I want
 the same kickstart file to work for other machines, so hardcoding those in
 the kickstart file wouldn't quite work, unless I start writing multiple
 kickstart files, one per machine.

 Anyway, lspci reports this:
 00:19.0 Ethernet controller: Intel Corporation 82566DM-2 Gigabit Network
 Connection (rev 02)
 03:00.0 Ethernet controller: Intel Corporation 82572EI Gigabit Ethernet
 Controller (Copper) (rev 06)
 08:00.0 Ethernet controller: Intel Corporation 82573V Gigabit Ethernet
 Controller (Copper) (rev 03)

 Now when I look at the enumeration from dmesg, I get this:
 e1000e :00:19.0: eth0: (PCI Express:2.5GT/s:Width x1)
 00:1e:68:58:00:4c  -- this is Port1
 e1000e :03:00.0: eth1: (PCI Express:2.5GT/s:Width x1)
 00:15:17:d3:43:62  -- PCIe Card
 e1000e :08:00.0: eth2: (PCI Express:2.5GT/s:Width x1)
 00:1e:68:58:00:4d  -- this is Port2

 So this is how it gets enumerated for some reason. But during the machine's
 POST, it always brings up the PXE boot order as Port1, Port2, and finally
 the PCIe card, which is the correct order that I want it in. It also only
 has one single expansion slot so it's not like I can try a different one to
 see if it makes a difference, unfortunately.


 On Thu, May 14, 2015 at 5:47 PM, Kahlil Hodgson 
 kahlil.hodg...@dealmax.com.au wrote:

  On 15 May 2015 at 03:51, Ashley M. Kirchner ash...@pcraft.com wrote:
 
   After the machine boots and I look in /root/ksnet-devices, I see the
 MAC
   addresses for the devices as:
   Port1 - eth0
   PCIe Card- eth1
   Port2 - eth2
  
   And yet, during the machine's POST (which  can verify by the PXE boot
 up
  of
   each device), it correctly enumerates the ethernet devices as:
   Port1
   Port2
   PCIe card
  
   So where and why is the order changed when the kernel kicks in and
 start
   booting the machine? And how can I stop it, or change its behavior? I'm
  not
   seeing any 'renaming' going on in dmesg like I sometimes find. So
  something
   is causing this and I can't figure it out.
  
 
  ​Yeah, my understanding is that the kernel does not really trust all the
  information that the BIOS tells it and probes for the network devices
  itself.​
 
  I'm thinking, since you are using kickstart and PXE boot, you're not
 going
  to know the HWADDR for your NICs before hand, but you probably do have a
  predictable pci bus layout.
 
  So grab pciutils package and run:
 
  lspci | grep Ethernet
 
  I get something like
 
  00:0a.0 Ethernet controller: NVIDIA Corporation MCP67 Ethernet (rev a2)
  01:06.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet
  Controller (rev 05)
  01:07.0 Ethernet controller: Intel Corporation 82541PI Gigabit Ethernet
  Controller (rev 05)
 
  The first number is the bus id which is going to be consistent across
  machines with the same mainboard and nic layout.
 
  So I can make a persistent-net.rules file like:
 
  ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:00:0a.0,
  NAME=eth0
  ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:06.0,
  NAME=eth1
  ACTION==add, SUBSYSTEM==net, BUS==pci, ID==:01:07.0,
  NAME=eth2
 
 
  Hope this helps.
 
  K
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Back to eth shuffling ...

2015-05-13 Thread Kahlil Hodgson 
Have you tried having kickstart set up a more appropriate
/etc/udev/rules/70-persistent-net.rules?
This is normally written by /lib/udev/write_net_rules.  You should be able
to modify the automatically generated one to match what you need.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS

2015-04-15 Thread Kahlil Hodgson 
I would avoid the Thinkpad X1 Carbon 2nd generation if I was you (I'm
writing this on one).

The 1st gen is much better (my wife has one) and I hear that the 3rd
gen is too, but just stay away from the 2nd gen (so much grief).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Custom ISO based on kickstart

2015-04-14 Thread Kahlil Hodgson 
The fedora spins SIG
https://fedoraproject.org/wiki/Spins_SIG?rd=SIGs/Spins
created/assembled a whole bunch of tools for doing just that. I used
such machinery to do pretty much the same as what you are a number of
years ago. I think there was even graphical tool called 'revisor'.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Independent dual monitors on CentOS 7

2015-04-14 Thread Kahlil Hodgson 
With GNOME3, the secondary monitors do not have workspaces.  That is
useful for some workflows, but if you don't like it you can use
gnome-tweak-tool to give workspaces to all monitors.  Hope this helps.

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum upgrade of an older 6.1

2015-04-08 Thread Kahlil Hodgson 
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.3  (Section 4.
Major Changes)

Matahari is now obsoleted, but in 6.1, had a dependency on
qpid-cpp-server and qpid-cpp-client which wanted updates.  A quick
Google shows many others seeing this problem.  I think if you run yum
with the --obsoletes flag you may get more information.  IMHO you need
a human to decide when/if to remove the obsoleted packages and proceed
with the update.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7-Zip for CentOS X86-64

2015-03-11 Thread Kahlil Hodgson 
On 12 March 2015 at 10:39, Mark LaPierre marklap...@gmail.com wrote:

 Okay then, next question.  How do you get it to work?  I can't figure
 out the command to run it so I can't use man to get a clue.

 I tried p7zip, 7zip, etc... no luck.


​rpm -ql p7zip​

​will list all the files associated with the package, including the
executables and man pages.

K​
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Glibc sources?

2015-03-10 Thread Kahlil Hodgson 
apologies for last top post :-(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Glibc sources?

2015-03-10 Thread Kahlil Hodgson 
Hi Andy,

mock is part of EPEL and is almost certainly what you want to use.


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty LtdGitHub: @tartansandal

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On 11 March 2015 at 09:47, ANDY KENNEDY andy.kenn...@adtran.com wrote:

  Okay, thanks.  I really don't need _EXACT_ match, but close.  Again, my
  aim is to equip GlibC with some logging facilities IF anyone is using the
  gethostbyname().  Given the help from this list, I was able to rebuild
  GlibC for CentOS and am testing my stuff now.
 
  I appreciate your help on this matter.  Not knowing where the knobs are
 was
  the hardest part.  I have just about completed my testing.
 
  Again, thanks for the help!
 
  Andy

 Ughh!!  I just realized that the app that I'm testing has parts that are
 linked against 32-Bit
 libraries.  I have to test that as well.  Ouch!

 This leads to the question:

 How do I tell rpmbuild to build the i686 version of the library in place
 of the x86_64?  I've
 done some looking around on the web and I have found something about:

 setarch i686 mock -r something ... rebuild my.rpm

 Not being able to find the mock package for CentOS, I thought maybe:

 setarch i686 rpmbuild -ba glibc.spec

 would work.  This ended with an error:

 enable-bind-now --with-tls --with-__thread --build i686-redhat-linux
 --host i686-redhat-linux --enable-multi-arch --enable-systemtap
 --disable-profile --enable-experimental-malloc --enable-nss-crypt
 checking build system type... i686-redhat-linux-gnu
 checking host system type... i686-redhat-linux-gnu
 checking for i686-redhat-linux-gcc... gcc
 checking for suffix of object files... configure: error: in
 `/home/akennedy/rpmbuild/BUILD/glibc-2.12-2-gc4ccff1/build-i686-linuxnptl':
 configure: error: cannot compute suffix of object files: cannot compile
 See `config.log' for more details.
 error: Bad exit status from /var/tmp/rpm-tmp.2d2i9G (%build)

 I have also looked through the glibc.spec file for something that would
 make me think that
 I could change the target variant.

 rpmbuild --target=i686 -ba glibc.spec gives the same output as the
 setarch i686 above.

 Again, any help on this would be greatly appreciated.

 Thanks,
 Andy
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] grsync for centos 7

2015-03-05 Thread Kahlil Hodgson 
On 6 March 2015 at 04:44, Francis Gerund ranr...@gmail.com wrote:

 But, Grsync does not seem to be in the centos 7 or EPEL 7 repositories
 (although it may have been around as late as centos 6).  Is it now in any
 reputable repositories?


​Just to note, it does seem to be in the base for Fedora-21, so maybe it
will come back in CentOS-8​.
​Note sure why it seems to have been removed. ​ Try posting on the EPEL
list. You may be able to convince someone to add it there.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] grsync for centos 7

2015-03-05 Thread Kahlil Hodgson 
On 6 March 2015 at 04:44, Francis Gerund ranr...@gmail.com wrote:

 But, Grsync does not seem to be in the centos 7 or EPEL 7 repositories
 (although it may have been around as late as centos 6).  Is it now in any
 reputable repositories?


​Just to note, it does seem to be in the base for Fedora-21, so maybe it
will come back in CentOS-8​.
​Note sure why it seems to have been removed. ​ Try posting on the EPEL
list. You may be able to convince someone to add it there.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Glibc sources?

2015-03-01 Thread Kahlil Hodgson 
On 28 February 2015 at 05:49, ANDY KENNEDY andy.kenn...@adtran.com wrote:

 I'm tasked with reconstructing the CentOS version of the GlibC library for
 testing with
 gethostbyname().  My mission is to show that we are not affected by the
 latest exploit for
 the product we are shipping targeted for RHEL and CentOS.  To do so, I
 want to equip
 gethostbyname() with additional code.


​I may be way out of line here, haven't had much coffee yet, but I wonder
if systemtap could be used to achieve your goals less intrusively?​
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7: software RAID 5 array with 4 disks and no spares?

2015-02-19 Thread Kahlil Hodgson 
On 20 February 2015 at 05:25, Chris Murphy li...@colorremedies.com wrote:
 I'd say your mom is an admin in the sense that chickens fly and horses swim.

 It's a confusing analogy. Chickens don't fly. Horses do swim.

I have a couple of chickens, and yes, the buggers do fly if you don't
clip their flight feathers. :-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Do I need these?

2015-02-11 Thread Kahlil Hodgson 
Probably OK to remove.  The netcf-libs package is a dependency of,
among other things, libvirtd.  Perhaps you installed and removed some
visualization related packages?  If you are keen to remove unwanted
packages, have a look at the 'package-cleanup' command and the
'--leaves' option.

Hope this helps.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why the command 'service ntpd stop' cause the time reversed?

2015-02-11 Thread Kahlil Hodgson 
I've seen situations where people have put ntpdate in a cronjob to get
around issues with big time jumps at boot or dodgy clocks under
virtualization. There are much better solutions to this problem, so
let us know if this is the case for you.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-09 Thread Kahlil Hodgson 
On 10 February 2015 at 16:39, Pete Travis li...@petetravis.com wrote:
 Officially, no, the Fedora Documentation bz product isn't there for
 Red Hat guides.  If you want to file a bug against a RHEL guide, choose
 your version of RHEL then look for the guide's component - these days,
 they all start with doc-, which should make the search easy.

Thanks for the heads up. Was not aware of the 'doc-' prefix.

 Unofficially, there's a nonzero chance that your bug will find a writer
 that plays in both spaces, or that we'll be able reassign the bug to the
 correct component for you.  But please, don't make work for Fedora
 volunteers when there are people standing by getting paid to handle your
 bugs :)

As previously noted, the authors of both documents are the same, and
appear to be RedHat employees.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-09 Thread Kahlil Hodgson 
On 10 February 2015 at 09:53, PatrickD Garvey patrickdgarv...@gmail.com wrote:
 I'd like to know how a member of
 the CentOS project submits improvements to something in the RedHat
 documentation. Can you provide guidance in that regard?

I think you can simply submit a bug report under fedora documentation.

Note, the Fedora Systems Administration Guide seems to have been
written by the same RedHat engineers

https://docs.fedoraproject.org/en-US/Fedora/21/html/System_Administrators_Guide/index.html

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-09 Thread Kahlil Hodgson 
On 10 February 2015 at 10:08, Kahlil Hodgson
kahlil.hodg...@dealmax.com.au wrote:
 I think you can simply submit a bug report under fedora documentation.

Via bugzilla:

https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-09 Thread Kahlil Hodgson 
On 10 February 2015 at 10:15, PatrickD Garvey patrickdgarv...@gmail.com wrote:
 Please allow me to make sure I am perceiving this correctly,
 reports of errors found in RedHat documentation are to be reported
 against the Fedora Documentation product type in the RedHat bugzilla?
 and
 reports of errors found in Fedora documentation are, also, to be
 reported against the Fedora Documentation product type in the RedHat
 bugzilla?

I don't know officially, but I'm making a guess that, since the two
documents are clearly related and have the same authors, if you see
the same error in the Fedora document and you report it, it will
probably get fixed in both.  The Fedora document explicitly solicits
bug reports, but I don't see the same in the RedHat one.  Worth a shot
don't you think?  Maybe submit a small bug report and see what the
response is like?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-05 Thread Kahlil Hodgson 
On 6 February 2015 at 10:23, Always Learning cen...@u64.u22.net wrote:
 Logically ?

 1. to change the permissions on shadow from -rw-x-- or from
 -- to -rw-r--r-- requires root permissions ?

 2. if so, then what is the advantage of changing those permissions when
 the entity possessing root authority can already read shadow - that
 entity requires neither group nor user permissions to read shadow.

The concept in play here is privilege escalation.

An exploit may not give you all that root can do, but may be limited
to, say, tricking the system to change file permission.
From there an attacker could use that and other exploits to escalate 
privileges.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-04 Thread Kahlil Hodgson 
On 5 February 2015 at 10:53, Always Learning cen...@u64.u22.net wrote:
 On C6, the default is:-

 --  1 root root  854 Mar 13  2014 shadow

Even better if you have SElinux enabled

--. root root system_u:object_r:shadow_t:s0/etc/shadow
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-04 Thread Kahlil Hodgson 
I just had a peek at the anaconda source for Fedora 21.  Apparently
you can waive the password strength tests (and the non-ASCII tests) by
simply clicking Done twice.

def _checkPasswordASCII(self, inputcheck):
Set an error message if the password contains non-ASCII characters.

   Like the password strength check, this check can be bypassed by
   pressing Done twice.



Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925


On 5 February 2015 at 09:16, Lamar Owen lo...@pari.edu wrote:
 On 02/04/2015 04:55 PM, Warren Young wrote:

 Unless you have misconfigured your system, anyone who can copy /etc/shadow
 already has root privileges. They don’t need to crack your passwords now.
 You’re already boned.


 Not exactly.

 There have been remotely exploitable vulnerabilities where an arbitrary file
 could be read (not written), but otherwise root access wasn't given by the
 exploit; that is, no shellcode per se. If you can somehow (buffer overflow
 shellcode or something similar) get, say, httpd to return a copy of
 /etc/shadow in a GET request, well, you don't have root, but you do have the
 hashed passwords.  It doesn't take an interactive root session, and may not
 even leave a trace of the activity depending upon the particular bug being
 exploited.

 Now, I have seen this happen, on a system in the wild, where the very first
 thing the attacker did was grab a copy of /etc/shadow, even with an
 interactive reverse shell and root access being had. So even when you
 recover your system from the compromise you have the risk of all those
 passwords being known, and unfortunately people have a habit of using the
 same password on more than one system.

 Further, lists of usernames and passwords have market value.


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-04 Thread Kahlil Hodgson 
On 5 February 2015 at 10:36, Warren Young w...@etr-usa.com wrote:
 When the hashes are properly salted, the only option is brute force.  All 
 having /etc/shadow does for you is let you make billions of guesses per 
 second instead of 5 guesses per minute, as you get with proper throttling on 
 remote login avenues.

Kinda highlights that 'time' is important here.  Booting into a fresh
system and then running updates and hardening your system can take a
few minutes.  There may be an appreciable difference between having a
password that can be cracked in 1 second and one that takes an hour.
(Yes, infrastructure can help mitigate this risk).

I'm thinking of someone with limited infrastructure installing a
system under time pressure. They might be tempted to use a very weak
password initially with the expectation that they would get back to
hardening the system later.  If they are regularly under time
pressure, that may never actually happen, or may be delayed for
hours/days.  An 8 character password might just nudge the
probabilities in your favour and protect against a drive by attack.

Does that sound like a reasonable case to protect against?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-04 Thread Kahlil Hodgson 
On 5 February 2015 at 12:09, Scott Robbins scot...@nyc.rr.com wrote:
 On Thu, Feb 05, 2015 at 09:56:30AM +1100, Kahlil Hodgson wrote:
 I just had a peek at the anaconda source for Fedora 21.  Apparently
 you can waive the password strength tests (and the non-ASCII tests) by
 simply clicking Done twice.

 That's correct for Fedora 21.  The inability to waive the requirement will
 show up in the new Anaconda.

Thanks for the heads up.  At least we know it can be easily reinstate
it via an updates.img -- for those testing installers in sandboxed
environments.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-04 Thread Kahlil Hodgson 
While this discussion has been very interesting, I would like to
encourage participants to be very careful about disclosing the
specifics their own security efforts.  While is good to discuss the
pros and cons of strategies, disclosing the details of the exact
strategies that you use, no matter how good they are, is a bad idea.
This is typically hard information for an attacker to acquire and they
would run the risk of generating too much noise if they were to try to
acquire it.  A somewhat subtle trap is to disclose information about
time, e.g., when you last changed a password on a system.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-03 Thread Kahlil Hodgson 
On 4 February 2015 at 14:36, Always Learning cen...@u64.u22.net wrote:
 Thinking about you systems from a penetration testing perspective can
 be helpful.  For example, Always Learning has just told us that he
 uses single character root passwords on his testing machines, that he
 is testing 7 days a week and does not turn off his test machines.

 Yes single character.
 Writing and testing usually 7 days weekly.
 Turn off everything when not in use including test machines.

 No connection to the Internet.

Sorry. Must have misunderstood your earlier comments.

Sounds like a fairly specialized work-flow.  You might want to
consider using an updates.img that removes the password strength
requirements (see http://fedoraproject.org/wiki/Anaconda/Updates). The
anaconda installer is fairly straight forward Python code.  I haven't
got a copy on me at the moment, but at a guess, all you need to do is
track down the relevant lines and comment them out.

Hope this helps.

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-03 Thread Kahlil Hodgson 
On 4 February 2015 at 02:17, James B. Byrne byrn...@harte-lyne.ca wrote:
 I think it well to recall that the change which instigated this
 tempest was not to the network operations of a RHEL based system but
 to the 'INSTALLER' process, Anaconda.  Now, I might be off base on
 this but really, ask yourself: Who exactly uses an installer program?
 And what is the threat model being addressed by requiring that the
 installer set a suitably strong password for root?  For what purpose?
 Because RHEL sets the sshd on and allows root access over ssh via
 password by default?  Then is not the correct approach to disable that
 access instead?

Good points.

Consider a user who installs RHEL with a poor root password and
reboots while connected to the internet.  At that point they are
potentially vulnerable.  How long will it take for them to get around
to improving the password?  Probably a long time, unless they are
security conscious, in which case they probably would have opted for a
strong password from the start.

Not allowing root ssh access immediately after an install is a much
bigger imposition.  You would have to insist that there was a second
user on the system with a strong password.  I think that is a good
idea too, by the way.

Requiring a strong root password really is a small imposition, unless
you are doing a lot of manual installs and in which case you should
look into automation.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-02 Thread Kahlil Hodgson 
On 3 February 2015 at 12:09, Always Learning cen...@u64.u22.net wrote:
 As for security, the cess pit is weak security not on Linux, BSDs and
 others etc. but on M$. It seems to be incredibly easy for one malicious
 person to launch attacks from machines they control all over the world -
 and those machines just happen to be running M$. Breaking into M$
 machines seems to be t-o-o easy so I suspect it is not password
 weaknesses that are being exploited !

This is not correct and a dangerous assumption to make about real and
current threats.

Your security practice, as you have described it, is poor. If you have
been compromised, you may not be aware of it.  A compromise of your
systems weakens the whole community.

Kal

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-02 Thread Kahlil Hodgson 
On 3 February 2015 at 10:31, Always Learning cen...@u64.u22.net wrote:
 If testing then a one character password is very acceptable to me. Why
 should some arrogant nutter impose an arduous ultra secure password when
 a simple one character password will suffice ?  Who knows the machine,
 the deploying environment and the circumstances better ?  The user or
 some anonymous and arrogant nutter perhaps many thousands of miles (or
 kilometers) away ?

I know its hard to believe, but you are not the only one using this
OS.  There are a broad range of users with a broad range of experience
using the OS in a broad range scenarios.  One important group is new
users with limited experience and knowledge about security.  This is
an important group to protect.  More experienced users understand this
and put up with, or work around, the occasional inconvenience.  This
is not arrogance, this is about being a responsible member of a
community.  It is important for all of us to encourage (and discuss)
good security practices, as well as discourage (and refute) poor
practices. Ultimately, this make our community a safer place.

It is my, perhaps naive, hope that members of our community are Always
Learning about good security practices and emerging threats to the OS.

The root password is close to, if not actually, our last line of
defense (SELinux helps us here by the way). Using a one character
password is problematic if you are connected to the internet, for
example, if you are _testing_ the OS and want to run updates after the
install. This is problematic since, by default, new installs typically
allows SSH access and root logins over SSH. Yes, firewalls help, but
they need to be configured correctly, and there are subtle tricks that
sophisticated attackers can exploit to subvert poorly configured
firewalls. If you really want to do this, I'd suggest running your
test system in some kind of DMZ to prevent any exploit cascading into
the rest of your network.  It may just be easier to pick a good but
easy to type root password that you use for all your test machines.
Also, its a good idea to make sure you always turn off your test
machines when not in use, and to disable them once you are finished
testing (so they can't be accidentally turned on in the future).

Hope this helps.

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-02 Thread Kahlil Hodgson 
On 3 February 2015 at 13:34, PatrickD Garvey patrickdgarv...@gmail.com wrote:
 Now how about some specific sources you personally used to learn your
 craft that we can use likewise?

So many places it makes my brain hurt just thinking about it.  Google
and Wikipedia will keep you busy for a long while.

Off the top of my head:

There are some online Security Handbooks around (I think RedHat
publish one) which lay some of the basic ground work.

SANS (http://www.sans.org/) and OWASP (https://www.owasp.org/) have
some good resources.  If you are cashed up, you can even do courses
with SANS.

Reading about the security infrastructure that you are already using
is a good idea, often accessible via mysterious things called man
pages. I learned a lot simply by reading about pam, iptables, and
selinux.

Thinking about you systems from a penetration testing perspective can
be helpful.  For example, Always Learning has just told us that he
uses single character root passwords on his testing machines, that he
is testing 7 days a week and does not turn off his test machines.  A
pen tester or cracker could use that information to formulate a
potentially successful attack strategy.

Google free penetration testing tools.  Only use the tools if you
own the network or have written permission.  Just reading about the
tools can give you some insight into attack strategies that you should
be defending against.  Please don't try to attack Always Learning.

Download and unpack a copy of rkhunter. Have a look inside. Its just a
bunch of bash scripts. Good insight into some surprisingly simple
historical attacks.

Google linux security hardening.  There are a lot of resources out
there.  The hard part is sifting out the gold from the crap.  Sorry
can help much there.

There are many other people on this list who have a much better grasp
on this stuff than me.  Hope they chime in.

Hope this helps,

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Another Fedora decision

2015-02-02 Thread Kahlil Hodgson 
On 3 February 2015 at 12:58, Always Learning cen...@u64.u22.net wrote:
  If you really want to do this, I'd suggest running your
 test system in some kind of DMZ to prevent any exploit cascading into
 the rest of your network.

 Not really sure what a (USA military) DMZ looks like.  Security has
 always been my highest priority. When in doubt, lock 'em out is my
 motto.

A DMZ in this context is a network that has been isolated from the
rest of your local network.  You can access it from your local
network, it can access the rest of the world, but it can't access your
network.  The idea is that, if a machine in the DMZ is compromised, it
can only access other machines in the DMZ.

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How To Record Sound Being Played

2015-01-27 Thread Kahlil Hodgson 
I've used Audacity in the past to do similar. Their website has a
howto section covering the details.

Kal

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925


On 28 January 2015 at 13:32, Mark LaPierre marklap...@gmail.com wrote:
 Hey all,

 I've installed MuseScore on my C6.6 machine.  MuseScore is able to
 generate a midi sounding playback through the speakers of the active
 score.  I want to capture that sound directly to a file without using a
 microphone.  I want to send individual sound files to each of the
 members of my quartet with their part only.

 Does anyone know how I can capture sound directly to a file?  Is there
 an app for that? ;-)

 --
 _
°v°
   /(_)\
^ ^  Mark LaPierre
 Registered Linux user No #267004
 https://linuxcounter.net/
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Design changes are done in Fedora

2015-01-13 Thread Kahlil Hodgson 
Just to note: Fedora has been upstream for RHEL for many years.  New
features are tested in Fedora for a long time before they hit RHEL.  For
example, systemd was first introduced in Fedora 15 (we are currently at
21).  Ample time has been given to discuss, critique, provide feedback and
to help shape what ends up in RHEL.  If you are running RHEL/CentOS,
consider running an instance of Fedora in a VM or testing environment so
you get years of warning about new features before they hit RHEL.  If you
are concerned about what happens to RHEL, get involved:
https://fedoraproject.org/wiki/Join.

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Design changes are done in Fedora

2015-01-13 Thread Kahlil Hodgson 
For those who want to track what is going on in Fedora, http://
fedoramagazine.org/ highlights of discussions on the multitudinous
mailing lists, forums, meetings, etc.

For those interested in Fedora Server, its goals, and the people working on
it, http://fedoraproject.org/wiki/Server seems a good place to start, in
particular,
http://fedoraproject.org/wiki/Server/Product_Requirements_Document.  This
is still a very new project
​: if you want to help shape what happens in the future, get involved.

​Kal​

--
Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Design changes are done in Fedora

2015-01-10 Thread Kahlil Hodgson 
For those who don't know, as of version 21, Fedora has split into 3
streams: workstation, server, and cloud. This addresses many of the
concerns raised in this thread. See https://getfedora.org/ for details.  I
gather we'll see the impact of this change with CentOS-8.

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync output under CentOS 6

2014-12-16 Thread Kahlil Hodgson 
On Tue, Dec 16, 2014 at 7:39 PM, Niamh Holding ni...@fullbore.co.uk wrote:

 KH When you use --itemize-changes, does it indicate that the timestamps
 of the
 KH directories have changed?

 Not uless the sequence of dots and letters before the folder name
 indicates that

 --
 Best regards,
  Niamhmailto:ni...@fullbore.co.uk


​Indeed: the sequence of dots and letters before the name indicates why
rsync wants to update a file.

From the '--itemize-changes' entry in the rsync man page:

A t means the modification time is different and is being updated to
the sender’s  value

A p means the permissions are different and are being updated to the
sender’s value

​See the man page for the meaning of other symbols.

​Kal​

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync output under CentOS 6

2014-12-15 Thread Kahlil Hodgson 
When you use --itemize-changes, does it indicate that the timestamps of the
directories have changed?

K

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync output under CentOS 6

2014-12-14 Thread Kahlil Hodgson 
rsync -h
...
-i, --itemize-changes   output a change-summary for all updates
...

K
--
​ ​

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] print something on console after boot

2014-12-11 Thread Kahlil Hodgson 
Looks like you are seeing the codes defined for mingetty rather than
agetty.  This is what you would expect for a virtual console on CentOS 6
which uses the former.

K
​al​
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] partedmagic connecting to a comcast address

2014-12-03 Thread Kahlil Hodgson 
Possibly your system was installed or cloned using PartedMagic, and that
left an entry in

  /etc/ethers

mapping your default nic to the name 'PartedMagic'?

K


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925

On Thu, Dec 4, 2014 at 10:23 AM, John R Pierce pie...@hogranch.com wrote:

 On 12/3/2014 3:09 PM, g wrote:

 On 12/03/2014 04:15 PM, zep wrote:

 

 oh.   the ARP packet suggests that MAC address is 192.168.1.144

 that is how i see it.
 

 is that 1.144 IP address  in use by the machine you ran the lspci
 from?

 somewhere. but i know not where.

 http://www.whoami.it/home/  shows me to be;
 adsl-184-41-28-86.mem.bellsouth.net
 for the hell of it, i pulled and reconnected DSL line, now, i am
 adsl-184-41-28-44.mem.bellsouth.net

 which is now confusing me more because the 1.144 address is in;

   ~]$ ifconfig
   eth0  Link encap:Ethernet  HWaddr 00:0F:FE:8F:8F:23
 inet addr:192.168.1.144  Bcast:192.168.1.255 \
  Mask:255.255.255.0
 inet6 addr: fe80::20f:feff:fe8f:8f23/64 Scope:Link


 your ROUTER gets the internet IP on its WAN side (184.41.28.86 or
 whatever), and your LAN uses 192.168.1.xxx, the system you ran ifconfig on
 there has 192.168.1.144.   the router 'translates' your private LAN
 addresses to the public internet address, this process is often called NAT
 (Network Address Translation), or Masquerade.

 so. Wireshark, for unknown reasons, thinks your system is 'PartedMagic'.
  I have no idea why.

 so... 'PartedMagic' is a red herring.   whats the ACTUAL problem here
 we're trying to solve?


 --
 john r pierce  37N 122W
 somewhere on the middle of the left coast

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] partedmagic connecting to a comcast address

2014-12-03 Thread Kahlil Hodgson 
Apologies for the previous top post :-(  Forgot to trim the (...)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.6 Displays return: Command not found in Terminal

2014-11-26 Thread Kahlil Hodgson 
Hi Brian,

Likely culprits are in

~/.bashrc
~/.bash_profile
~/.profile
/etc/profile
/etc/profiled.d/*

Try 'source' on each one at a time to see if any triggers the message.

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CROSS-LIST Notice: Changes in EPEL

2014-11-05 Thread Kahlil Hodgson 
Also note, the announcement is not very clear on which EL version is
being orphaned.
For example, python-boto is being orphaned, but it appears that this
is only for EL5.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] lynx only shows : FRAME: wlmframe

2014-10-23 Thread Kahlil Hodgson 
I'd use a SOCKS proxy for that.  On your local machine run:

   ssh -ND  remote_server

Then temporarily configure your web browser to use localhost: as its proxy.

In Firefox the setting is under Preferences - Advanced - Network - Connection

Since this is only temporary, but something you might want to do from
time to time, consider one of the numerous browser extensions that
help with this. For firefox, I use the Toggle Proxy addon to toggle
between no proxy and the manually configured one.

Hope this helps,

Kal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] lynx only shows : FRAME: wlmframe

2014-10-23 Thread Kahlil Hodgson 
In case you're not familiar with SOCKS proxies, the aforementioned
setup will allow your browser to connect to the printers web server as
though you were running the browser on remote_server.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Your experience with os hardening tool - Bastille?

2014-10-19 Thread Kahlil Hodgson 
Was thinking of checking out

http://linux-audit.com/lynis/

but have not had the time. Might be worth a look.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] POODLE on CentOS

2014-10-16 Thread Kahlil Hodgson 
The following nmap invocation may also be helpful with testing:

nmap --script ssl-enum-ciphers -p 443 hostname

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925


On Fri, Oct 17, 2014 at 3:32 PM, Tharun Kumar Allu
tharun.a...@gmail.com wrote:
 Modifying apache configuration to the following should take care of it.
 The SSLProtocol directive disables SSLv2 and SSLv3 and leaves other on.

 SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
 EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS



 On Thu, Oct 16, 2014 at 7:41 PM, James B. Byrne byrn...@harte-lyne.ca
 wrote:

 According to the centos wiki:

 Validating Changes

 You can use Qualys SSL Labs to verify that your web server is no longer
 vulnerable to POODLE or TLS_FALLBACK_SCSV once all action is complete. You
 might also want to only use TLSv1.2 for httpd on CentOS-6.5 (or higher) and
 CentOS-7, while using TLSv1 on CentOS-5.


 However, on my up-to-datestock CentOS-6.5 the httpd version is 2.2.15 and
 attems to use SSLProtocols greater than v1 yield this error:


 Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf:
 SSLProtocol: Illegal protocol 'TLSv1.1'


 I presume that the wiki is in error but I would like confirmation of that
 or
 instructions on how to enable TLSv1.1 and 1.2 on CentOS-6.5.

 --
 ***  E-Mail is NOT a SECURE channel  ***
 James B. Byrnemailto:byrn...@harte-lyne.ca
 Harte  Lyne Limited  http://www.harte-lyne.ca
 9 Brockley Drive  vox: +1 905 561 1241
 Hamilton, Ontario fax: +1 905 561 0757
 Canada  L8E 3C3

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos




 --
 Tharun Kumar Allu
 ==
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 : AIDE experience

2014-09-28 Thread Kahlil Hodgson 
My bad :-(
Cut and pasted HTML in a hurry.
Lets try plain text.

http://www.la-samhna.de/samhain/

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 : AIDE experience

2014-09-28 Thread Kahlil Hodgson 
Yeah. Not for the fainthearted. For full stealthiness you have to
compile and maintain matching (signed) server/client pairs. Not too
bad if management is well automated.

K
--
Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1416
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] X, why did it have to be X

2014-09-22 Thread Kahlil Hodgson 
Anything enlightening showing up in /var/log/Xorg.0.log?  Maybe
something explaining why your conf is being ignored?

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925



On Tue, Sep 23, 2014 at 7:37 AM,  m.r...@5-cent.us wrote:
 m.r...@5-cent.us wrote:
 I have one user. We've pretty much all got two monitors, but he insists on
 rotating both of them vertically - that is, they're taller than they are
 wide, and he's got a Radeon card. I always have X grief on his system when
 I update it

 I just did a full update. X comes up in both screens... but the left one
 is *not* rotated, while the right one is. And they're mirrored. I've
 logged in as root, looked at all the configuration I know of, and nothing
 tells it to mirror, or one rotate and the other not. But when I use the
 menu, and go to system-preferences-display, it shows mirror screens
 *always* checked. I uncheck that, and hit apply, and nothing happens. I
 move the one off from over the other, and rotate the other, and still,
 nothing at all happens, and I don't see anything written, anywhere.

 Suggestions?

 A couple other things: the /etc/X11/xorg.conf that I fought successfully
 last year is still in place, but it acts as though it's ignoring it.

 mark

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] X, why did it have to be X

2014-09-22 Thread Kahlil Hodgson 
Apologies for previous top post.  Gmail was being, well, Gmail :-(
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 : AIDE experience

2014-09-17 Thread Kahlil Hodgson 
checkout samhain (www.la-samhna.de/*samhain*/) if your feeling really
paranoid.


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925


On Thu, Sep 18, 2014 at 1:42 AM, Mark Tinberg mtinb...@wisc.edu wrote:


 On Sep 17, 2014, at 10:26 AM, Valeri Galtsev galt...@kicp.uchicago.edu
 wrote:

 
  On Tue, September 16, 2014 9:40 pm, Always Learning wrote:
 
  On Tue, 2014-09-16 at 16:41 -0400, Bowie Bailey wrote:
 
  Aide does not update it's database file.  Whenever you run an init or
  update, it will create a new file.  You then have to manually rename
  that file in order to start using the new database.
 
  I used aide for some time after tripwire went commercial, stayed without
  support, and finally a bug (in e-mail...) was discovered. I moved away
  from aide soon after. You may think of some intrusion detection
  tool/system that:
 
  1. doesn't keep reference database on the same box (I know, I know, they
  are signed, etc...)
 
  2. does not rely on binaries living on this same box (think about
 checking
  these binaries on another, much more trusted box before using them…)

 That’s kind of an impossible requirement, any kind of userspace
 measurement of binaries, no matter how many hoops you jump through, have
 the same potential problems that a compromised system can hide from them
 using just the legitimate available APIs.  A user space integrity checker
 is only good against malware that isn’t specifically trying to hide itself
 from the checker, which does actually cover a lot of ground, the only way
 to reliably find malware that is trying to be stealthy is offline
 checking.  That still doesn’t cover other places where _really_ stealthy
 malware can hide, like in device firmware, that can survive a disk wipe.

 Although probably not relevant for CentOS 6 there are some interesting
 tools in the Linux Integrity Measurement Architecture that I have recently
 become aware of but haven’t tested.  Apparently with newer versions you can
 store _signed_ hashes of binaries as an xattr that the kernel will check
 itself on open(), since they are signed off-box and the public key is in
 the kernel keyring you get much of the same benefit as AIDE without the
 heavy cron jobs and without any delay in checking, every time the file is
 read it is checked.

 —
 Mark Tinberg
 mtinb...@wisc.edu

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 : Network Interface Naming

2013-11-25 Thread Kahlil Hodgson 
/etc/udev/rules.d/70-persistent-net.rules is your friend

the device names defined in there are set nice and early during boot,
well before any ifcfg scripts

K

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925



On 16 November 2013 10:12, SilverTip257 silvertip...@gmail.com wrote:
 On Fri, Nov 15, 2013 at 2:33 PM, Scott Robbins scot...@nyc.rr.com wrote:

 On Fri, Nov 15, 2013 at 01:50:18PM -0500, SilverTip257 wrote:
  Hello All,
 
  I have one CentOS 6 KVM virtualization server that I built around a year
  ago (best I can tell it was in October 2012) at which time I would have
  been installing 6.3 [0].  That particular install used the Consistent
  Network Device Naming [1] conventions (PCIe NICs are p1p1, p1p2).

 This regression is a combo RedHat/Dell idea, IIRC.  That may be why it's
 that way on a Dell machine.  On Fedora, which usually shows what new
 regressions will be in RH, it's gotten harder to fix with each iteration.

 To make it worse, at least on Fedora (and again, many of their ideas,
 whether good or bad for servers, get into RedHat) has apparently now been
 intertwined with systemd.  At first, one simply had to remove the
 biosdevnames rpm to fix it.  Now, one has to do that, and also add, (in
 Fedora, with grub2) net.ifnames=0 to the kernel line.  (Note that this was
 for Fedora 19, not sure if they at least removed biosdevnames in F20).


 I'm not tied to wanting my network interfaces to be ethX.
 Once my servers are configured, I'm generally not changing anything, so for
 all it matters they could be called wan0, etc.

 I actually think some of the conventions are worthwhile (ex: em for
 embedded, pXpY for PCI cards - I've not seen any others on Fedora/CentOS).
  I believe embedded NIC naming on Dell hw starts with em1 rather than em0
 which is odd (we start counting at zero!).



 To make it even more of a mess, (again, this is judging from Fedora, which
 is good to keep on hand to see what new decisions good and bad will be made
 by RH), I think biosdevnames gave it one name and then the whole systemd
 thing gave it another.  So, it would boot up as say p12p but in
 /etc/sysconfig/network-scripts it would show up as ifcfg-p1p2p or something
 like that. (I'm making these names up, but that was the general idea.)


 I did see something similar to this, I believe it was on a Fedora system I
 was using for testing ... I don't recall which release though.

 RHEL7 ought to have some Easter eggs for us. ;)



 Some people consider it a good thing, especially when moving drives between
 machines, but aside from it being something new, which isn't necessarily
 improved, it breaks various working scripts.

 Like you, I consider it a regression, but of course, that's only my
 opinion, and many experienced folks disagree, thinking it's a good
 thing--although I'm sure that even they would agree that they better figure
 out if biosdevname or something else will be handling it so that it is at
 least consistent.


 I'm not calling the biosdevname conventions a regression.
 But what I am calling a regression is all the flip flopping between the old
 convention and the new one, especially on two nearly identical hardware
 builds and OS builds for that matter.



 Actually, I think (but am not sure, that in VMs, even Fedora will use the
 eth0, eth1 system rather than the new naming scheme.  Not just KVM, but
 also VirtualBox, VMware, and so on--that has been my experience with CentOS
 VMs at least.

 --
 Scott Robbins
 PGP keyID EB3467D6
 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
 gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos




 --
 ---~~.~~---
 Mike
 //  SilverTip257  //
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Howto: Extremely tight security rsync shell for backups

2013-09-23 Thread Kahlil Hodgson 
A couple of weeks ago I found this breakdown of various approaches

https://techstdout.boum.org/EncryptedBackupsForParanoiacs/

We're currently using a variation of the push-backup system described
(using rsync via duplicity).

K

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925



On Tue, Sep 24, 2013 at 7:58 AM,  m.r...@5-cent.us wrote:
 Lists wrote:
 On 09/23/2013 02:44 PM, m.r...@5-cent.us wrote:
 Lists wrote:
 On 09/23/2013 01:50 PM, Les Mikesell wrote:
 Is there something that convinces you that sudo is better at handling
 the command restriction than sshd would be?
 In the context of a production server, the idea is to remove any
 ability from another host (EG: backup server) to run local arbitrary
 code or
 change local files. (read-only)
 snip
 You can disable the password on the backup account to achieve a similar
 effect using an SSHD option. If there's a better/simpler way to do this
 via SSHD option I'd love to hear about it!

 Sure. You disable password authentication, and allow keys only, in
 /etc/ssh/sshd_config.

 This prohibits SSH logins via password, but does not strictly enforce
 what commands are allowed to be run (and all options allowed) by a
 specific which is what I was looking for.

 Having done a bit more research, It does appear that you could use the
 ForceCommand option and disable passwords altogether for a user to
 achieve a similar effect with SSHD.

 Right, but a) it very much limits who can get in. Another thing is that
 you can run the backups from a cron job as a push, instead of a pull.

 And the other user still leaves the issue of ownership - only root can
 copy a user's home directory, or a project directory owned by that
 project, and keep it all the same.

 And don't forget to save selinux contexts

   mark

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] change sudoers remotely

2013-07-08 Thread Kahlil Hodgson 
You might want to have a look at ansible (www.ansibleworks.com) for
orchestration/configuration tasks like this.  Very simple to set up
and requires nothing but ssh and python on the target host.  Takes
care of all the ssh and sudo user transitions for you.  For your case
it would be as simple as.

yum install ansible
echo target_host  hosts
ansible target_host -i hosts -s -m lineinfile -a
'dest=/etc/sudoers regexp=^username ALL=(ALL) NOPASSWD:'

replacing target_host and username as appropriate.

You can even package that invocation in a playbook so you don't have
to remember all the details next time.

Hope this helps.

K
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpmbuild environment CentOS5 vs CentOS6

2013-07-02 Thread Kahlil Hodgson 
make sure you have rpmdevtools

yum install rpmdevtools

then run

rpmdev-setuptree

to setup the ~/rpmbuild tree structure

Hope this helps

K


Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925



On Wed, Jul 3, 2013 at 7:40 AM, Peter Wood peterwood...@gmail.com wrote:

 On CentOS5 I was used to create a simple spec file where at the end I'll
 declare files and directories I wan't to package:

 -- Snip --
 %files
 %dir /opt/myapp
 %dir /opt/myapp/bin
 %dir /opt/myapp/etc
 /opt/myapp/bin/exec01
 /opt/myapp/etc/myapp.conf
 

 I'll copy the file in /usr/src/redhat/SPECS and run rpmbuild -bb
 myapp.spec.

 On CentOS6 rpm-build package no longer creates the /usr/src/redhat/...
 directory tree. I followed the CentOS6 Wiki instructions to setup my
 rpmbuild environment for a regular user.

 When I try to build the package on CentOS6 I'm getting this error for every
 single file and directory:

 File not found:
 /home/peter/rpmbuild/BUILDROOT/myapp-5.2-1el6.x86_64/opt/myapp/bin/exec01

 I tried to override buildroot:

   rpmbuild -bb --define=buildroot / myapp.spec
   error: %{buildroot} can not be /

 As a workaround I can manually create
   /home/peter/rpmbuild/BUILDROOT/myapp-5.2-1el6.x86_64/
   and copy all my file in there but that's a lot of extra work.

 Is there a way to get the same functionality on CentOS6 where rpmbuild will
 collect the files from the main / directory and build the rpm package?

 Thank you,

 -- Peter
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange Beauvoir with hard and soft link

2013-05-29 Thread Kahlil Hodgson 
Early in the morning and I haven't finished my coffee yet, but this could
be a bind mount.
Search for the 'bind' option in the mount man page for an explanation.
You should be able to tell by looking at the output of

   mount

Also check /etc/fstab

K

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 1925



On Thu, May 30, 2013 at 2:37 AM, Dario Lesca d.le...@solinos.it wrote:

 How to is possible this?

  [root@lucatest ~]# ls -lid /var/log /var/log/ispconfig
 /var/log/ispconfig/httpd 
 /var/log/ispconfig/httpd/prova.it/var/log/ispconfig/httpd/
 prova.it/test /var/www /var/www/clients /var/www/clients/client1
 /var/www/clients/client1/web3 /var/www/clients/client1/web3/log
 /var/www/clients/client1/web3/log/test
 706 drwxr-xr-x. 15 root root 4096 29 mag 08:44 /var/log
   69619 drwxr-xr-x   3 root root 4096  8 mag 18:05 /var/log/ispconfig
   69620 drwxr-xr-x   6 root root 4096 29 mag 10:54
 /var/log/ispconfig/httpd
  253961 drwxr-xr-x   2 root root 4096 29 mag 12:21
 /var/log/ispconfig/httpd/prova.it
  253984 -rw-r--r--   1 root root0 29 mag 12:21
 /var/log/ispconfig/httpd/prova.it/test
   44509 drwxr-xr-x. 12 root root 4096 29 mag 10:54 /var/www
   79376 drwxr-xr-x   4 root root 4096 22 mag 12:57 /var/www/clients
   87935 drwxr-xr-x   7 root root 4096 29 mag 10:54
 /var/www/clients/client1
  253953 drwxr-xr-x   9 root root 4096 29 mag 10:54
 /var/www/clients/client1/web3
  253961 drwxr-xr-x   2 root root 4096 29 mag 12:21
 /var/www/clients/client1/web3/log
  253984 -rw-r--r--   1 root root0 29 mag 12:21
 /var/www/clients/client1/web3/log/test

 See this two folder:

 1) /var/log/ispconfig/httpd/prova.it
 2) /var/www/clients/client1/web3/log

 have the same inode (253953) and none of the parent dirs are symbolic
 link (l) but (d), and dir is not possible to generate it with hard link.

 If I put a file into first dir, the file there is also into second dir.

 See also this two file:

 1) /var/log/ispconfig/httpd/prova.it/test
 2) /var/www/clients/client1/web3/log/test

 these file have same inode 253984 but its not hard or soft link, if I
 modify first file also the second file is modified

 There is only one filesystem and is the root filesystem.

 How to is possible this situation?

 Many thanks

 --
 Dario Lesca - sip:da...@solinos.it
 (Inviato dal mio Linux Fedora18+Gnome3)


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to find unknown ip address?

2013-05-28 Thread Kahlil Hodgson 
Running 'arp -n' on a machine that you think might receive packets from the
unknown host might also do the job.

K

Kahlil (Kal) Hodgson   GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd(w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer.  -- IBM maintenance manual, 19
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

  1   2   >