Re: [CentOS] How do I download RHEL 8.3 with free license and free subscription for my production servers?

[Mike McCarthy, W1NR]

On 1/28/2021 10:40 AM, Andrew Pearce wrote:
> On 2021-01-28 15:08, Turritopsis Dohrnii Teo En Ming wrote:
>> Subject: How do I download RHEL 8.3 with free license and free
>> subscription
>> for my production servers?
>>
>> Good day from Singapore,
>>
>> I am referring to the following news articles.
>>
>> Article: CentOS is gone—but RHEL is now free for up to 16 production
>> servers
> 
> The start date as mentioned in the article says from the 1st of Feb.
> From that article
> 
> As of February 1, 2021, Red Hat will make RHEL available at no cost for
> small-production workloads—with "small" defined as 16 systems or fewer.
> This access to no-cost production RHEL is by way of the newly expanded
> Red Hat Developer Subscription program, and it comes with no strings—in
> Red Hat's words, "this isn't a sales program, and no sales
> representative will follow up."
> 
> Regards
> 
> Andrew
> 

It seems to be available now. Just log into or create a "Developer
Network" account and they just showed up under my "subscriptions" tab.
Once you do that it seems like it's all one account. It was confusing
why I had to do a separate step.

Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk choice for workstation ?

[Mike McCarthy, W1NR]

I have seen significant improvement when virtual machine disks are on
their own spindle/ssd. I would add an SSD and put the VM's on it.

Mike

On 12/26/2020 3:20 PM, Nicolas Kovacs wrote:
> Hi,
> 
> My workstation is currently equipped with a pair of Western Digital Red 1 TB
> SATA disks in a software RAID 1 setup.
> 
> Some stuff like working with virtual machines is a bit slow, so I'm thinking
> about replacing the disks by SSD.
> 
> I'm hesitating between three different setups:
> 
> 1) Use a relatively small SSD (120 to 240 GB) to reinstall the system on it.
> Keep the two SATA disks in a RAID 1 array and mount /home on it.
> 
> 2) Use a larger SSD (500 GB to 1 TB), install everything (including /home) on
> it. Keep the two SATA disks in a RAID 1 array and mount them on /data for 
> storage.
> 
> 3) Get rid of the disks and go full SSD, with a 1 TB disk.
> 
> Any advice from the hardware gurus on this list?
> 
> Cheers,
> 
> Niki
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LibreOffice locking up

[Mike McCarthy, W1NR]

> Can you reproduce the problem with this document?
> 
> And, when the crash happened, could you still ping the computer from
> another device in the network?
> 
> Crashing hard so that only a reset helps is usually only possible with a
> kernel bug or hardware issue, not something LibreOffice should be able to
> do.
> 
> Regards,
> Simon
> 
I would agree. In my experience, so called "lockups" are usually the
result of the video crashing. If you can ping then try ssh to the box
and do init 3 then init 5 to reset the graphics and see if that clears it.

Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

[Mike McCarthy, W1NR]

It appears that it is affecting multiple distributions including Debian
and Ubuntu so it looks like the grub2 team messed up. See

https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/

Mike

On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> 
> 
>> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS :
>>
>> Am 01.08.20 um 23:41 schrieb Kay Schenk:
>>> Well misery loves company but still...just truly unfathomable!
>>> Time for a change.
>>
>>
>> I can only express my incomprehension for such statements!
>>
>> Stay and help. Instead running away or should I say out of the
>> frying pan and into the fire? :-)
> 
> The thing, RHEL and CentOS not properly testing updates, cost me at minimum 
> 3-4 full working days, plus losses at customer sites.
> 
> This is really a huge failure of RHEL and CentOS.
> 
> A lot of trust has been destroyed.
>>
>> --
>> Leon
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] perl-Curses in C8?

[Mike McCarthy, W1NR]

Are there any repos that would have perl-Curses for CentOS 8? It was
always available in epel but not anymore.

Thanks,
Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC question

[Mike McCarthy, W1NR]

On 12/19/18 4:36 AM, isdtor wrote:
> We have run into the infamous black screen problem with tigervnc under 
> CentOS7, which prompted me to look into how vnc is configured here.
>
> https://access.redhat.com/solutions/966063
>
> Am I reading this correctly - root needs to set up a systemd vnc service for 
> every user and display individually? Compared to e.g. CentOS before 7, or 
> indeed any other Linux/Unix system where vnc is completely under user control?
>

openSUSE always spawned VNC sessions for each user through xinetd. The
user did not have "control" of the sessions.

Do you get a login screen? Does the screen go "black" after login? If
so, in my experience, the user logging in already has a desktop session
running (usually on the console). Make sure to try logging in with a
user that is not already logged in. Linux can deal with multiple
DIFFERENT users logged in but the desktops can only deal with one login
and home directory per user.

Mike, W1NR


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SFTP - Private/Public Authentication Keysets Beyond The First Set

[Mike McCarthy, W1NR]

On 12/12/18 4:40 PM, Gary Braatz wrote:
> Inclusion of the -i flag and the location of the private key solved the
> problem.
>
> Thanks Steve!
>
>
You really don't need multiple ppk pairs for different hosts. One for
all is what I do. As long as you keep the private key private you only
need distribute the one public key every where you need secure
identification.

Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kernel 3.10.0-957.el7.x86_64 + EFI on Dell server - problem

[Mike McCarthy, W1NR]

On 11/20/18 8:45 AM, Phil Wyett wrote:
> On Tue, 2018-11-20 at 13:42 +, Phil Wyett wrote:
> > On Tue, 2018-11-20 at 13:32 +, lejeczek via CentOS wrote:
> >> hi guys
> >>
> >> I've one box where I just yesterday upgraded Centos. I
> >> wonder if that kernel upgrade process might somewhat
> >> troublesome.
> >> After that upgrade UEFI boot fails with:
> >>
> >> Failed to set MokListRT: Invalid Parameter
> >> Something has gone seriously wrong: import_mok_state() failed
> >> : Invalid Parameter
> >>
> >> Has anybody seen that? And maybe know to fix it?
> >> many thanks, L.
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
>
> > Hi,
>
> > Seen similar on my RHEL 7.6 laptop and reported (locked) on bugzilla:
>
> > https://bugzilla.redhat.com/show_bug.cgi?id=1651592
>
> > Regards
>
> > Phil
>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
>
> Whoops, that is the one for 8 I have been added on. Bug I reported for
> 7.6 (also
> locked):
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1646022
>
> Regards
>
> Phil
>
Those bugs all have restricted access and I cannot see them.

Mike




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NetworkManager, multiple IPs, and selinux...

[Mike McCarthy, W1NR]

On 10/4/18 4:10 PM, Sean wrote:
> Hello,
>
> I was wondering if any one has seen issues with selinux name_bind denials
> that result from having IP:PORT bindings for services to specific IP
> addresses managed on an interface under NetworkManager's control?


Is selinux denying the request or the socket? Does it work with
setenforce permissive?

> I do realize that people will probably say stop using NetworkManager, and I
> may, but the behavior is strange, and I'd like to have a better
> understanding of what's going on.
>
> The config is like so:
>
> # nmcli c mod eth0 ipv4.addresses 192.168.1.10/24,192.168.1.11/24
> # nmcli c down eth0
> # nmcli c up eth0
> # getenforce
> Enforcing
> # systemctl start httpd
>  permission denied binding to 192.168.1.10:443
>
> Apache has two simple IP based VHosts, site1 and site2, with different (and
> correct dns records and ssl certs).  I'm snipping the config because I know
> the Apache config works.
>
> Listen 443
> 
> ...
> 
> ...
>
> I find the denial strange.  I've done some testing such as removing one
> VHost's config and adding a NIC to the VM (eth1) and reconfigure to have 1
> IP on each NIC and use both Vhosts.  Either way, the selinux denial
> disappears and everything works.  All the packaged selinux policy relating
> to httpd_t and access to port 443 is correct.
>
> I don't doubt that if I ditched NetworkManager and went for eth0:0 and
> eth0:1 for the IP interfaces, all would be well.  I'd just like to see if
> anyone has some input on the issue.


I don't believe apache selectively binds the socket to the address, but
the interface. My suspicion is that you can only bind one listener for a
port to an interface and not to individual IP addresses on the same
interface. If you use "virtual" interfaces to separate the IP addresses
(eth0:0, eth0:1) then I would expect it to work.

- Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail has quit working

[Mike McCarthy, W1NR]

Your IP address is flagged as spam in Real Time Block Lists. Are you
using a dynamic IP address? You may have a mis-configured server that is
allowing spammers to relay through your server. Another possibility is
your system is compromised with a spambot.

Mike


On 07/24/2018 07:31 AM, TE Dukes wrote:
> OK, not sure what happened, my response was rejected by Centos:
>
> Reason: There was an error while attempting to deliver your message with 
> [Subject: "RE: [CentOS] Mail has quit working"] to centos@centos.org. MTA 
> p3plwbeout03-06.prod.phx3.secureserver.net received this response from the 
> destination host IP - 208.100.23.70 -  554 , 554 5.7.1 Service unavailable; 
> Client host [72.167.218.218] blocked using ix.dnsbl.manitu.net; Your e-mail 
> service was detected by mail.ixlab.de (NiX Spam) as spamming at Tue, 24 Jul 
> 2018 11:45:20 +0200. Your admin should visit 
> http://www.dnsbl.manitu.net/lookup.php?value=72.167.218.218
> ..
>
> So, I'm trying a third time:
>
> On 24/07/18 13:46, Nataraj wrote:
>> Simply telnet to mailserver on port 25 and type what I've shown,
> This is pointless because he's complaining about cron and system emails
> which use the sendmail command are submitted through the pickup service,
> not port 25/smtp (in fact, if you're submitting any mail via port 25
> you're doing it wrong but that's another discussion).
>
> TE Dukes:
>
> Please do the following (lines that start with # should be run as root,
> lines that start with $ should be run as a local user):
>
> Install the mail command which is an easy interface to the sendmail
> command and thus the pickup service.
>
> # yum install mailx
> # tail  -n0 -f /var/log/maillog
>
> then in another window (replace someu...@example.com with your own
> email address):
>
> $ mail -s 'Test Email' someu...@example.com <<< "This is a test"
>
>  wait a minute for postfix to have a chance to process and send the
> message, then break out of the tail command and copy/paste the output
> into your reply.
>
> Then also copy and paste the output of the following:
>
> $ postconf -nf; postconf -Mf
>
> If I need any more info after that I'll let you know.
>
>
> Peter
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
> Here's the output from tail:
>
> Jul 24 07:00:21 ts130 postfix/pickup[4017]: 338CA811240E: uid=0
> from=
> Jul 24 07:00:21 ts130 postfix/cleanup[7047]: 338CA811240E:
> message-id=<20180724110021.338ca8112...@ts130.palmettodomains.com>
> Jul 24 07:00:21 ts130 postfix/qmgr[8283]: 338CA811240E:
> from=, size=461, nrcpt=1 (queue active)
> Jul 24 07:00:22 ts130 postfix/smtpd[7112]: connect from
> localhost[127.0.0.1]
> Jul 24 07:00:22 ts130 postfix/smtpd[7112]: 468E581DAB6C:
> client=localhost[127.0.0.1]
> Jul 24 07:00:22 ts130 postfix/cleanup[7047]: 468E581DAB6C:
> message-id=<20180724110021.338ca8112...@ts130.palmettodomains.com>
> Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 468E581DAB6C:
> from=, size=946, nrcpt=1 (queue active)
> Jul 24 07:00:22 ts130 postfix/smtpd[7112]: disconnect from
> localhost[127.0.0.1]
> Jul 24 07:00:22 ts130 amavis[423]: (00423-02) Passed CLEAN
> {RelayedInbound}, [127.0.0.1]  ->
> , Message-ID:
> <20180724110021.338ca8112...@ts130.palmettodomains.com>, mail_id:
> 8sW4ZXrbEdBD, Hits: 1.766, size: 461, queued_as: 468E581DAB6C, 1094 ms
> Jul 24 07:00:22 ts130 postfix/smtp[7049]: 338CA811240E:
> to=, relay=127.0.0.1[127.0.0.1]:10024,
> delay=1.1, delays=0.04/0/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 from
> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 468E581DAB6C)
> Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 338CA811240E: removed
> Jul 24 07:00:22 ts130 dovecot: lda(tdukes):
> msgid=<20180724110021.338ca8112...@ts130.palmettodomains.com>: saved
> mail to INBOX
> Jul 24 07:00:22 ts130 postfix/local[7113]: 468E581DAB6C:
> to=, relay=local, delay=0.11,
> delays=0.03/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command:
> /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT")
> Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 468E581DAB6C: removed
> Jul 24 07:04:04 ts130 postfix/smtpd[7053]: timeout after END-OF-MESSAGE
> from localhost[127.0.0.1]
> Jul 24 07:04:04 ts130 postfix/smtpd[7053]: disconnect from
> localhost[127.0.0.1]
> Jul 24 07:05:59 ts130 postfix/qmgr[8283]: C33128410546:
> from=, size=949, nrcpt=1 (queue active)
>
> Here's the output from postconf:
>
> smtp inet n - n - - smtpd
> -o content_filter=spamassassin
> pickup unix n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr unix n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> showq unix n - n - - showq

Re: [CentOS] Centos 7 on Dell Latitude E6500

[Mike McCarthy, W1NR]

Does this laptop have the Nvidia Quadro graphics option? If so try 
booting with NOMODESET. Also, if available in the BIOS turn OFF 
switchable graphics.


Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754

[Mike McCarthy, W1NR]

How about kernel-lt and kernel-ml?

Mike


On 01/04/2018 05:41 PM, Warren Young wrote:
> On Jan 4, 2018, at 12:18 PM, Walter H.  wrote:
>> will there be updates for these CVEs for CentOS 6?
> Red Hat hasn’t released them all yet.  Quoting Christopher Robinson in the 
> thread for this here:
>
> https://access.redhat.com/errata/RHSA-2018:0007
>
> "We will be pushing errata out as soon as they have passed our QA team's 
> testing. The more modern versions were easier to backport patches from 
> upstream, and as you progress backwards the fixes change from a backporting 
> exercise into a complete rewrite. We expect all packages for RHEL7 to be 
> available shortly, with RHEL6 following closely behind.”
>
> Robinson’s reply then goes into other ramifications which don’t impact CentOS 
> for one reason or another, except insofar as CentOS’s speed in responding to 
> this is gated in large part by Red Hat’s ability to respond.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Btrfs going forward, was: Errors on an SSD drive

[Mike McCarthy, W1NR]

>  For SSDs all the sauce is in the firmware. If the model and firmware
> were all the same, it is more likely to be a firmware bug than it is
> to be a Btrfs bug. There are absolutely cases where Btrfs runs into
> problems that other file systems don't, because Btrfs is designed to
> detect them and others aren't. There's a reason why XFS and ext4 have
> added metadata checksumming in recent versions. Hardware lies.
> Firmware has bugs and it causes problems. And it can be months before
> it materializes into a noticeable problem.
>
In my experience I have seen drives that will work flawlessly under
Windows/NTFS but fail spectacularly under Linux. And EVERY time it
turned out to be a firmware bug.

Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

[Mike McCarthy, W1NR]

On 08/02/2017 10:55 AM, Lamar Owen wrote:
> On 07/27/2017 04:16 PM, wwp wrote:
>> ...
>> It is as simple as unknown hardware at boot up, it's a well known issue
>> w/ *Lake hardware (modern hardware) that kernel 3.x cannot handle.
>> CentOS7 has a kernel which is simply not modern, unable to handle lots
>> of computers sold currently.
>>
>> That said, there might be a way to boot, but nothing trivial and
>> nothing at all I could find on the Internet, everytime it's kernel
>> 4.3/4.10 minimum required.
> ...
>
> While I know that Johnny has provided the experimental kernel (thanks,
> Johnny) I would like to just briefly address this idea that the C7
> kernel is 'obviously' not going to work because 'is 3.x and must have
> 4.x.'
>
> In EL-land, kernel versions are effectively meaningless, since
> features, hardware support, bugfixes, security fixes, etc are
> back-ported into the 'old and not modern' 3.10 kernel (for EL7) by
> competent developers at Red Hat.  An EL 3.10 kernel, such as the
> current 3.10.0-514.26.2.el7.x86_64 one, may have hardware support
> back-ported from a 4.x kernel that doesn't exist in the vanilla
> kernel.org kernel (I'm almost certain it does, but I'm not going to
> take the time to get details).
>
> So it is very possible that full hardware support for your hardware
> could show up in a 3.10 kernel (in fact, I would expect that this
> would happen, but it might not happen quickly).  As you found out,
> experimental kernels and non-distribution kernels can freak out
> software packages, such as VMware Workstation, that only work with
> certain kernels and are expecting a particular kernel version and ABI
> for EL7.  I've tried out a few non-standard kernels before, and if you
> rely on packages that depend upon the distribution default kernel
> version (as I do with kmod-nvidia from ELrepo!) that breakage can be
> swift, and can derail you in a hurry, causing you to go down a rabbit
> hole very quickly.  So be prepared and keep your eyes open for these
> issues.
>
> In some circles, the back-porting of features into old kernels is
> controversial; but that is a business decision made as part of the EL
> development and is not likely to change any time soon.  YMMV.
> ___

I missed some of the responses but have you tried kernel-ml for RHEL 7
yet? See http://elrepo.org/tiki/kernel-ml

Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

[Mike McCarthy, W1NR]

I would go with Fedora or OpenSUSE latest if you want RH like on that
hardware. There is nothing that unstable about them other than losing
updates and maintenance after 2 years and having to upgrade.

Another choice is to run Virtualbox on the Windows that shipped with the
laptop and run a CentOS 7 virtual guest.

If you REALLY need RHEL (CentOS) running on the hardware I would return
the XPS and get a Lattitude or Precision laptop. They have much better
Linux support as they tend to be more stability oriented rather than
latest and greatest hardware.

Mike

On 07/27/2017 01:25 PM, wwp wrote:
> Hello there,
>
>
> I've just got a Dell XPS 15 (9590) at work and need to set up a stable
> GNU/Linux system on it. I thought of CentOS7, but.. obviously its
> kernel can't run on this hardware.
>
> What would you recommend? Waiting for CentOS8 is not an option unless
> it's a question of few weeks. Are there respins of the CentOS7 DVDs w/
> more top-recent kernels? I'm know of Fedora 26 or course, and not
> willing to switch to Ubuntu 16.10 at all.
>
>
> Regards,
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPv6 broken on Linode

[Mike McCarthy, W1NR]

Having used Linode and CentOS for years I have never had a problem quite
like this. Sure sounds like the IPv6 is misconfigured in the DHCP server
or is in use somewhere. Some things I would try are:

1. Set "Auto configure networking" in your config profile and reboot.
2. Try to assign the adddress static.
3. Ask Linode to assign you a new IPv6
4. Wait for Linode to fix the problem.

Mike

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewalld

[Mike McCarthy, W1NR]

firewalld isn't the only thing that will prevent services from accessing
the internet. I found that I needed to do a relabel before postfix could
access DNS and I have seen other issues as well. Have you tried
disabling the firewall to see if you can get connections to work? Then
try to disable SElinux and see if that works.

# netstat --inet -l -n

Is the service listening on port 143?

# systemctl stop firewalld

Does it now work?

# setenforce 0

Does it now work?

Once you establish what's biting you then you can fix it. To force a
relabel do

# touch /.autorelabel

# reboot

Mike

On 01/28/2017 07:11 AM, TE Dukes wrote:
>
>> -Original Message-
>> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Pete Biggs
>> Sent: Saturday, January 28, 2017 6:02 AM
>> To: centos@centos.org
>> Subject: Re: [CentOS] firewalld
>>
>>
>>> The zone apparently means something because an interface can only be on
>> one.
>>> Moving it to a different zone results in the same error (same
>>> services/ports opened in each zone).
>> The "zones" are just labels and are used to create kernel iptables.
>> Each zone has a default set of open and closed ports ranging from "trusted"
>> which accepts all packets to "public" which has everything closed. You can
>> modify the allowed ports and services on each zone at will.
>>
>> Some of the zones have "special" features - "block" rejects all packets,
>> "drop" drops all packets, "external" has masquerading turned on and so on.
>>
>> If you have a single network, then that interface will, by default, be put 
>> in the
>> "public" zone, so most ports will be closed. That's fine, just leave it in 
>> that
>> zone, it's just a label/container.
>>
>> You can list the services open in the default zone by doing
>>
>>   firewall-cmd --list-services
>>
>> or for ports not services
>>
>>   firewall-cmd --list-ports
>>
>> or for a different zone
>>
>>   firewall-cmd --zone=public --list-services
>>
>> You can also find out which zones your interface(s) is in with
>>
>>   firewall-cmd --get-active-zones
>>
>> One of the gotchas with firewalld is that the changes are made in either the
>> current running iptables *or* the stored rules, not both. So if you make a
>> change to the running rule set, those changes won't be kept the next time
>> you restart firewalld. You can either use the '
>> --permanent' flag to set the stored rules (but it won't affect the active 
>> rules)
>> or the '--runtime-to-permanent' flag to copy the current active rules to the
>> stored ones.
>>
>> The bottom line is that firewalld is just another application that 
>> manipulates
>> the kernel packet routing tables. Use something else if you prefer it - some
>> of the system tools assume firewalld, but if you are aware of what's
>> happening it shouldn't be an issue.
>>
>>> I may as well disable firewalld and let my router handle the firewall.
>>>
>> If you are happy that there is nothing behind your firewall that could cause 
>> a
>> problem then that's an acceptable route.
>>
>> P.
> Thanks,
>
> That's a better explanation of things than I have read so far.
>
> Yes, initially I wasn't adding the --permanent to the rules but I wasn't 
> doing really any reboots.
>
> I did a few --reloads so that may have gotten me.
>
> I have zoneminder, dns, and  urbackup  working. I can ssh and scp in from 
> work but mail is being a pain.
>
> Thanks
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux file permissions

[Mike McCarthy, W1NR]

This last update caused numerous services to stop working for me. I
fixed them with a relabel.

touch /.autorelabel
reboot

Try that and see...
Mike

On 01/23/2017 01:57 PM, Tim Smith wrote:
> Hi,
>
> I'm trying to grant dovecot the ability to manage its socket within
> the postfix spool directory.
>
> I have added the below to file_contexts.local :
>
> /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0
>
>
> However, running "restorecon -v
> /var/spool/postfix/private/dovecot-auth" gives me the following error
> :
>
> restorecon:  lstat(/var/spool/postfix/private/dovecot-auth) failed:
> No such file or directory
>
>
> I cannot create the socket file in advance, because dovecot manages
> it, and if you "touch" the file, dovecot complains.
>
> Where am I going wrong ?
>
> Thanks !
>
> Tim
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Test

[Mike McCarthy, W1NR]

The SPF record for your email provider did not match the sending systems
for your domain. Possibly the IP address or DNS record changed recently
at your ISP?


On 01/18/2017 01:33 PM, TE Dukes wrote:
>
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Hal Wigoda
> Sent: Wednesday, January 18, 2017 1:18 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Test
>
> No.
>
> On Wed, Jan 18, 2017 at 12:11 PM, TE Dukes 
> wrote:
>
>> Is it working?
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
> Been getting these since last night
>
>   This is an automatically generated Delivery Status Notification.  
>
> Delivery to the following recipients failed permanently:
>
>* centos@centos.org
>
> Reason: There was an error while attempting to deliver your message with
> [Subject: "Test"] to centos@centos.org. MTA
> p3plsmtpa11-05.prod.phx3.secureserver.net received this response from the
> destination host IP - 208.100.23.70 -  550 , 550 5.7.1 :
> Recipient address rejected: Message rejected due to: SPF fail - not
> authorized. Please see
> http://www.openspf.net/Why?s=mfrom;id=tdu...@palmettoshopper.com;ip=68.178.2
> 52.106;r=centos@centos.org
> .
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] New laptop recomendation

[Mike McCarthy, W1NR]

I have been buying off-lease used Latitudes and Precision laptops for
years for the sole reason that they are always Linux friendly and
solidly reliable. Most of them can be ordered new with Ubuntu.

Mike


On 11/22/2016 10:23 AM, Tony Molloy wrote:
> Hi,
>
> I'm recently retired from my university job. I am looking for a laptop 
> to run CentOS 6/7. My university was a traditional Dell site so I've 
> used Latitude laptops for years, currently E6500/E6510.
>
> Anybody got any experience of running CentOS on the newer Dell 
> Latitudes E5000 or E7000. These are not certified according to Redhats' 
> Hardware Guide.
>
> Alternatively Precision Workstations would do. These can be supplied 
> with Ubuntu installed so they run Linux.
>
> Thanks,
>
> Tony

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to move /var to another partition

[Mike McCarthy, W1NR]

> [Thomas E Dukes] 
>
> I was about to head off to Bestbuy and pickup a 1TB SATA drive but I think
> I'm going to hold off for now and use /home for the VMs.
>
> Thanks!!
>
>
I find that putting the virtual machine disks on their own spindle
boosts performance SIGNIFICANTLY, especially if you are using the host
system for other things.

Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Realtek 8111GR on C7

[Mike McCarthy, W1NR]

Realtek is "real" good about getting drivers for their chips into the 
kernels as soon as possible. They are one of the few vendors that I have 
never had a problem with built in support...


Mike McCarthy

On 06/03/2016 08:03 AM, Phil Manuel wrote:

You can get the Linux driver from
http://www.realtek.com/downloads/downloadsView.aspx?Langid=1=5=5=5=4=3=false#RTL8111B/RTL8168B/RTL8111/RTL8168%3Cbr%3ERTL8111C/RTL8111CP/RTL8111D%28L%29%3Cbr%3ERTL8168C/RTL8111DP
if you can't find it under C7

Regards


On Fri, Jun 3, 2016 at 8:11 PM, Alessandro Baggi 

Re: [CentOS] Cyrus 2.4 and Centos6

[Mike McCarthy, W1NR]

Is there a reason why you need 2.4 vs. the 2.3 package from the CentOS6
repos?

Mike

On 02/27/2015 05:19 AM, Timothy Kesten wrote:
 Hi Folks,

 I'd like to install cyrus-imapd 2.4 in CentOS6.
 Found rpm cyrus 2.4 for CentOS6 on rpmseek.
 cyrus-imapd-2.4.17-30.1.x86_64.rpm

 But there are conflicts with postfix 2.6.6.

 Can I ignore this conflicts or is there a suitable version of ppstfix 
 available?

 Thx
 Timothy
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help with IPv6 /48 block

[Mike McCarthy, W1NR]

The normal usage for a /48 block is to divide it into /64 sub-networks
and use DHCP to issue addresses to each subnet from the corresponding
/64 segment.

I would recommend taking the IPv6 certification course from Hurricane
Electric at https://ipv6.he.net/certification/ as a start.

Mike

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos laptop support

[Mike McCarthy, W1NR]

On 10/02/2014 01:38 PM, Lamar Owen wrote:
 On 10/02/2014 06:39 AM, Brian Miller wrote:
 On Wed, 2014-10-01 at 22:57 -0600, Frank Cox wrote:

 I'm wondering what the rest of you fine folks do when it comes to
 purchasing a laptop?
 Been using CentOS.available on a series of Dell Precision laptops
 (M4300, M4600) since 2007 or so without much difficulty.




If you look at the Latitude and Precision offerings from Dell you will
notice that RHEL is offered as an OS. These are specifically designed to
run Linux and therefore, they should all work fine with CentOS as well.

Mike

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Webalizer not available for CentOS 7?

[Mike McCarthy, W1NR]

It seems that the Webalizer WEB statistics reporting package is no
longer available in CentOS 7. Rather than building from Sourceforge and
writing custom configuration files for it, is there an alternative? Use
the Fedora package? Another WEB analyzer?

Thanks,
Mike

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 in VirtualBox

[Mike McCarthy, W1NR]

I had to go into /etc/sysconfig/network-scripts/ifcfg-enp0s3 and change
ONBOOT=yes and reboot. I'm sure there is a management tool or something
with Network Manager to do it, but the manual edit worked for me.

Mike

On 07/10/2014 04:15 PM, Wes James wrote:

 On Jul 10, 2014, at 01:52 PM, Wes James compte...@icloud.com wrote:

  I just installed linux mint/mate on both systems where I've been having 
 issues with centos 7 and they both have  eth0 working fine.  I wonder ups up 
 with a non functional enp0s3 network device in centos 7??  I'm going to try 
 centos 6.5 and see what happens.
  

 Just installed  centos 6.5 and it has eth0 and the network is working.  
 Hmmm...  Anyone have any ideas where to look on centos 7?  Earlier, I did try 
 a network restart, but that didn't work.

 -wes
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 in VirtualBox

[Mike McCarthy, W1NR]

On further investigation, system-config-... scripts no longer seem to be
available :-( . nmcli and nmtui seem to be a replacement for command
line network configuration.

Mike

On 07/10/2014 04:37 PM, Mike McCarthy, W1NR wrote:
 I had to go into /etc/sysconfig/network-scripts/ifcfg-enp0s3 and change
 ONBOOT=yes and reboot. I'm sure there is a management tool or something
 with Network Manager to do it, but the manual edit worked for me.

 Mike

 On 07/10/2014 04:15 PM, Wes James wrote:
 On Jul 10, 2014, at 01:52 PM, Wes James compte...@icloud.com wrote:

  I just installed linux mint/mate on both systems where I've been having 
 issues with centos 7 and they both have  eth0 working fine.  I wonder ups 
 up with a non functional enp0s3 network device in centos 7??  I'm going to 
 try centos 6.5 and see what happens.
  

 Just installed  centos 6.5 and it has eth0 and the network is working.  
 Hmmm...  Anyone have any ideas where to look on centos 7?  Earlier, I did 
 try a network restart, but that didn't work.

 -wes
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am having a problem getting sshd to run after changing it's default
port. I edit sshd_config and set the desired port, open it with
firewall-cmd and then issue a systemctl start sshd. No error gets
reported on the console but the following is logged in /var/messages

sshd.service: main process exited, code=exited, status=255/n/a

Not a very helpful error message. Sounds like I should report a bug?

Thanks,
Mike

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlO9UyAACgkQW1M1BMdnYxlRPwCgkdzu1RTBR26PSMXscy15Pf+y
U/MAoLrdInn/d/uySC/d6Dwh5ifkVvHg
=zy9z
-END PGP SIGNATURE-

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This was a minimal install for a virtual server and semanage is not
available so the command doesn't work...

What package is semanage in?

Mike

On 07/09/2014 10:45 AM, Jonathan Billings wrote:
 On Wed, Jul 09, 2014 at 10:35:12AM -0400, Mike McCarthy, W1NR wrote:
 I am having a problem getting sshd to run after changing it's default
 port. I edit sshd_config and set the desired port, open it with
 firewall-cmd and then issue a systemctl start sshd. No error gets
 reported on the console but the following is logged in /var/messages

 sshd.service: main process exited, code=exited, status=255/n/a

 Not a very helpful error message. Sounds like I should report a bug?

 If you have SELinux enabled, it will block sshd from listening on a
 port other than what is described in the policy.  You can add the
 additional port by running:

 semanage port -a -t ssh_port_t -p tcp $PORTNUM

 (replace $PORTNUM with the new port number you chose)


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlO9VsEACgkQW1M1BMdnYxmY1wCeNU+Jzf3bdoglIox15IxEuBF1
d/gAoMYocoFEh73K5l2VeBhhsg/vsUdu
=5Sio
-END PGP SIGNATURE-

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

SELinux is not running. Any other ideas?

Mike

On 07/09/2014 10:50 AM, Mike McCarthy, W1NR wrote:

 This was a minimal install for a virtual server and semanage is not
 available so the command doesn't work...

 What package is semanage in?

 Mike

 On 07/09/2014 10:45 AM, Jonathan Billings wrote:
  On Wed, Jul 09, 2014 at 10:35:12AM -0400, Mike McCarthy, W1NR wrote:
  I am having a problem getting sshd to run after changing it's default
  port. I edit sshd_config and set the desired port, open it with
  firewall-cmd and then issue a systemctl start sshd. No error gets
  reported on the console but the following is logged in /var/messages
 
  sshd.service: main process exited, code=exited, status=255/n/a
 
  Not a very helpful error message. Sounds like I should report a bug?

  If you have SELinux enabled, it will block sshd from listening on a
  port other than what is described in the policy.  You can add the
  additional port by running:

  semanage port -a -t ssh_port_t -p tcp $PORTNUM

  (replace $PORTNUM with the new port number you chose)



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlO9V6MACgkQW1M1BMdnYxlQ/wCfW51oVgxhq0GD+/ZPx1rcOZ2G
qvQAoJ3LPBmy+mYA9oSIBHJe5Q2gfB+R
=Vsyr
-END PGP SIGNATURE-

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

Not using IPTables. Using firewalld and yes, I opened the new port there
as well.

Mike

On 07/09/2014 11:08 AM, Robert Moskowitz wrote:

 On 07/09/2014 10:54 AM, Mike McCarthy, W1NR wrote:
 SELinux is not running. Any other ideas?

  Did you update your IPTable?  I change my SSHD port all the time.
 One of
  the first things I do on setting up a server.  I know this is just
  obfusication, but it stops the robot noise.  There are five steps:

  edit /etc/ssh/sshd_config
  edit IPtables
  add ssh policy for new port
  restart sshd
  restart iptables


 Mike

 On 07/09/2014 10:50 AM, Mike McCarthy, W1NR wrote:
  This was a minimal install for a virtual server and semanage is not
  available so the command doesn't work...
 
  What package is semanage in?
 
  Mike
 
  On 07/09/2014 10:45 AM, Jonathan Billings wrote:
  On Wed, Jul 09, 2014 at 10:35:12AM -0400, Mike McCarthy, W1NR wrote:
  I am having a problem getting sshd to run after changing it's
 default
  port. I edit sshd_config and set the desired port, open it with
  firewall-cmd and then issue a systemctl start sshd. No error gets
  reported on the console but the following is logged in /var/messages
 
   sshd.service: main process exited, code=exited, status=255/n/a
 
  Not a very helpful error message. Sounds like I should report a bug?
  If you have SELinux enabled, it will block sshd from listening on a
  port other than what is described in the policy.  You can add the
  additional port by running:
  semanage port -a -t ssh_port_t -p tcp $PORTNUM
  (replace $PORTNUM with the new port number you chose)
 
 
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

Nothing more than what was in messages namely 'code=exited,
status=255/n/a' which looks an awful lot like a printf of an
uninitialized variable...

Mike

On 07/09/2014 11:21 AM, Jonathan Billings wrote:
 On Wed, Jul 09, 2014 at 10:54:29AM -0400, Mike McCarthy, W1NR wrote:
 SELinux is not running. Any other ideas?
 Checking the firewall is useful, but it sounds like you can't get the
 service to start in the first place.

 It might be helpful if you gave us the full error output.  Do you get
 more information by running:

 systemctl status -l sshd.service

 ... after running the systemctl start?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

/usr/sbin/sshd -d seems to work properly and accept connections at the
new port. So does typing /usr/sbin/sshd, which daemonizes and runs
manually. It now appears that it will not start as a service if I change
the port, even after a reboot.


Mike


On 07/09/2014 11:32 AM, Vipul Agarwal wrote:
 On 09/07/14 15:35, Mike McCarthy, W1NR wrote:
 sshd.service: main process exited, code=exited, status=255/n/a
 Hi Mike

 Can you run sshd manually in debugging mode and paste the output please:
 $ /usr/sbin/sshd -d

 It's worth looking at the output of strace that may help here:
 $ strace /usr/sbin/sshd

 -V



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port

[Mike McCarthy, W1NR]

Well, getenforce says enforcing but 'systemctl status selinux' says
'Active: inactive (dead)' ?

Mike

On 07/09/2014 11:45 AM, Ian Pilcher wrote:
 On 07/09/2014 09:54 AM, Mike McCarthy, W1NR wrote:
 SELinux is not running. Any other ideas?
 Are you sure?  (It's enabled by default.)

 What does 'getenforce' say?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port SOLVED

[Mike McCarthy, W1NR]

After installing the correct utilities and setting the port with
semanage, it now works. Thanks to all for this one. Looks like I got
some real work to do moving from 6 to 7 and understanding the massive
management changes that were made.

Mike

On 07/09/2014 12:04 PM, Jonathan Billings wrote:
 I suggest installing the policycoreutils-python package and run the
 semanage command I mentioned earlier. 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Moving sshd listen port SOLVED

[Mike McCarthy, W1NR]

My COS6 server never required me to do that even though SELinux is
enabled there (I didn't even know it was until today). Before I even
posted the first help I tried the semanage command and found that it was
not installed so I assumed wrongly that SELinux was not enabled.

Mike

On 07/09/2014 01:34 PM, Markus Falb wrote:
 On 09.Jul.2014, at 18:44, Liam O'Toole liam.p.oto...@gmail.com wrote:

 On 2014-07-09, Mike McCarthy, W1NR sy...@w1nr.net wrote:
 After installing the correct utilities and setting the port with
 semanage, it now works. Thanks to all for this one. Looks like I got
 some real work to do moving from 6 to 7 and understanding the massive
 management changes that were made.

 If I understand the problem (and its solution) correctly, this is not a
 6-to-7 migration issue. The same SELinux fix would be required in CentOS
 6.
 That was my thought too.
 Athough the error message presented to Mike is not very helpful and maybe 
 worth a bugzilla.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos