Re: [CentOS] NFS new security requirements?
This now mysteriously resolved after both servers have rebooted. The long delay is due to the importance of high availability over the nfs links. Mike Yates Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV 0.95.1/10117/Mon Dec 7 02:21:53 2009 Known viruses: 662464. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS new security requirements?
Hi James Please reply to me as well as the list as I only get the digest. You wrote What is the contents of /etc/exports on 'hs8' ? at present:- #/data 172.26.0.6(rw,no_root_squash) /data hs6(rw,sync,mp,no_root_squash,sec=none) /backup 172.26.0.6(rw,sync,mp,no_root_squash) What happens if you restart rpc.mountd on 'hs8' ? I've done this many times as I try different exports options:- [r...@hs8 ~]# /etc/init.d/nfs restart Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down NFS services:[ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] [r...@hs8 ~]# vi msg SeLinux is disabled. Mike YatesMBCS CITP (ISSG) IT Support Engineer Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV 0.95.1/10098/Tue Dec 1 03:06:27 2009 Known viruses: 660899. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS new security requirements?
Hi James Yes I've tried lots of things! However, I discovered that hs8 was not running the Nov 3 kernel (uptime 68 days) so I rebooted this morning, forgetting to check /boot/grub/menu.lst where default=2 put the same damn Sep 3 kernel up. Users are busy on it until lunchtime, but I'll let you know if it still fails with both servers on Nov 3. Mike YatesMBCS CITP (ISSG) IT Support Engineer - Original Message - From: James Pearson [mailto:jame...@moving-picture.com] To: Mike Yates [mailto:mike.ya...@hawkgrove.co.uk] Cc: centos@centos.org Sent: Tue, 01 Dec 2009 10:41:13 + Subject: Re: [CentOS] NFS new security requirements? Mike Yates wrote: What is the contents of /etc/exports on 'hs8' ? at present:- #/data 172.26.0.6(rw,no_root_squash) /data hs6(rw,sync,mp,no_root_squash,sec=none) /backup 172.26.0.6(rw,sync,mp,no_root_squash) Can 'hs8' resolve 'hs6' to 172.26.0.6 ?? In your previous post you reported that hs8 logged: Nov 29 12:47:52 hs8 mountd[2255]: authenticated mount request from 172.26.0.6:617 for /data (/data) On my machines, the server reports 'authenticated mount requests' from a hostname, not an IP address. However, I guess you have already tested that given the commented out line in /etc/exports James Pearson Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV 0.95.1/10098/Tue Dec 1 03:06:27 2009 Known viruses: 660899. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NFS new security requirements?
Hi I've suddenly lost access to some permanent cross-server shares. I think this was following the Nov 5 new kernel, rather than the Centos version upgrade. I don't see any difference to man mount.nfs I have:- [r...@hs6 ~]# mount hs8:/data /sysback/hs8-data -v mount: no type was given - I'll assume nfs because of the colon mount: trying 172.26.0.8 prog 13 vers 3 prot tcp port 2049 mount: trying 172.26.0.8 prog 15 vers 3 prot udp port 735 mount: hs8:/data failed, reason given by server: Permission denied Yet on hs8 the log shows:- Nov 29 12:47:52 hs8 mountd[2255]: authenticated mount request from 172.26.0.6:617 for /data (/data) No internal permissions have changed. ' Mike YatesMBCS CITP (ISSG) IT Support Engineer Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV 0.95.1/10094/Mon Nov 30 11:45:20 2009 Known viruses: 660218. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NFS lockups
I thought this had been fixed with newer kernels? We have an old Maxtor Snap Server, an 80 GB NAS unit, containing some of our archives. Both of our CentOS servers have it permanently mounted by NFS for convenient access. This weekend, I discovered remotely that, although all systems except the VRTSralus remote agents for Veritas (now Symantec) Backup Exec were working just fine, both servers would freeze a shell solid on starting to run lsof or half way through a df. However, mount ran OK and showed the next item in the df should have been the Snap Server NFS mount. I pinged it and it did not respond - I'll let you know Monday what is up. umount -f showed Device busy but umount -l worked just fine and df lsof and VRTSralus all work OK now. BTW the Veritas does not access the Snap Server, though the weekly cron-job to tar-ball the Snap Server at 02:00 Saturday did not email me at all, though it is shown in /var/log/cron. Does anyone know of a method to make NFS mounts auto un-mount if the remote server disappears? Mike YatesMBCS CITP (ISSG) IT Support Engineer Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV 0.94.2/9865/Sat Oct 3 03:45:19 2009 Known viruses: 625330. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Clamav engine updates
Hi I get this on every scan report:- LibClamAV Warning: *** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *** --- SCAN SUMMARY --- Known viruses: 538589 Engine version: 0.94.2 yet yum update clamd clamav clamav-db returns No Packages marked for Update. Is there a yum URL I should add to get 0.95.1 (and onwards) from CentOS or Redhat, or must I roll my own ? Mike YatesMBCS CITP (ISSG) IT Support Engineer Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV Antivirus. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Symantec Backup Exec (formerly Veritas) agent
I'm just wondering if anyone else here is using this? The majority of jobs on our CentOS5 server fail by Communications failure right at the end, apparently on the very last file which, however, is recoverable, as is the whole archive. In more than half these failures, the Linux agent has stopped and, in about half of those, crashes leaving a backtrace. I had similar symptoms in Fedora4 (though much less often) and Fedora9 when the data was on a different server. Symantec have looked at this but they only support RHEL and SLES so will not delve deeper. Mike YatesMBCS CITP (ISSG) IT Support Engineer Hawkgrove Ltd - Software Systems Design 2, The Business Courtyard, Marl Pits Lane, Trudoxhill, Frome, Somerset, BA11 5DL, UK +44 (0)1373 837900 fax: +44 (0)8700 518155 Registered in England: 2756481 VAT Reg: UK 601 1137 11 Registered Office: NSO Associates LLP, 75 Springfield Road, Chelmsford, Essex CM2 6JB All e-mail is subject to contract and is not intended to create a legally binding agreement. Hawkgrove Ltd will only be bound by an agreement in writing signed by an authorized signatory. All outgoing email is scanned by Kerio, using ClamAV Antivirus. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
