Re: [CentOS] tune2fs: Filesystem has unsupported feature(s) while trying to open
Not in my testing especially about the time of 6.4. On Apr 22, 2016 5:16 PM, "Gordon Messmer" <gordon.mess...@gmail.com> wrote: > On 04/22/2016 01:33 AM, Rob Townley wrote: > >> tune2fs against a LVM (albeit formatted with ext4) is not the same as >> tune2fs against ext4. >> > > tune2fs operates on the content of a block device. A logical volume > containing an ext4 system is exactly the same as a partition containing an > ext4 filesystem. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] tune2fs: Filesystem has unsupported feature(s) while trying to open
tune2fs against a LVM (albeit formatted with ext4) is not the same as tune2fs against ext4. Could this possibly be a machine where uptime has outlived its usefulness? On Thu, Apr 21, 2016 at 10:02 PM, Chris Murphywrote: > On Tue, Apr 19, 2016 at 10:51 AM, Matt Garman > wrote: > > > ># rpm -qf `which tune2fs` > >e2fsprogs-1.41.12-18.el6.x86_64 > > That's in the CentOS 6.4 repo, I don't see a newer one through 6.7 but > I didn't do a thorough check, just with google site: filter. > > > > # cat /etc/redhat-release > > CentOS release 6.5 (Final) > > > # uname -a > > Linux lnxutil8 2.6.32-504.12.2.el6.x86_64 #1 SMP Wed Mar 11 22:03:14 > > UTC 2015 x86_64 x86_64 x86_64 GNU/Linux > > And that's a centosplus kernel in the 6.6 repo; while the regular > kernel for 6.7 is currently kernel-2.6.32-573.22.1.el6.src.rpm. So I'm > going to guess you'd have this problem even if you weren't using the > centosplus kernel. > > I suggest you do a yum upgrade anyway, 6.7 is current, clean it up, > test it, and then while chances are it's still a problem, then it's > probably a legit bug worth filing. In the meantime you'll have to > upgrade your e2fsprogs yourself. > > > > I did a little web searching on this, most of the hits were for much > > older systems, where (for example) the e2fsprogs only supported up to > > ext3, but the user had an ext4 filesystem. Obviously that's not the > > case here. In other words, the filesystem was created with the > > mkfs.ext4 binary from the same e2fsprogs package as the tune2fs binary > > I'm trying to use. > > > > Anyone ever seen anything like this? > > Well the date of the kernel doesn't tell the whole story, so you need > a secret decoder ring to figure out what's been backported into this > distro kernels. There's far far less backporting happening in user > space tools. So it's not difficult for them to get stale when the > kernel is providing new features. But I'd say the kernel has newer > features than the progs supports and the progs are too far behind. > > And yes, this happens on the XFS list and the Btrfs list too where > people are using old progs with new kernels and it can be a problem. > Sometimes new progs and old kernels are a problem too but that's less > common. > > > -- > Chris Murphy > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Does CentOS7 targetcli work to serve out to XEN hosts?
I have been successful at getting one XEN host to initiate a iSCSI connection to a target served by CentOS7, but not a second XEN host. xe sr-create complains the StorageRepository is in use. Is there a configuration change? Another iSCSI target server to use? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SIG - Hardening
The most common way to get root on any box is through the web browser and web browser plugins. sandboxing firefox, acrobat reader, flash-plugin by default has gotta be a priority. Was brought up before. i use a ffSandbox.sh that launches FF in a sandbox, but no longer sandboxes PDFs. Not production ready. Might want to look at porting Qubes-OS to CentOS from Fedora. https://en.wikipedia.org/wiki/Qubes_OS On Thu, Apr 23, 2015 at 12:58 PM, Earl A Ramirez earlarami...@gmail.com wrote: On 22 April 2015 at 20:49, Mark LaPierre marklap...@gmail.com wrote: On 04/22/15 01:13, Earl A Ramirez wrote: Dear All, About a week ago; I posted a proposal over on the centos-devel mailing list, the proposal is for a SIG 'CentOS hardening', there were a few of the members of the community who are also interested in this. Therefore, I am extending that email to this community; where there is a larger community. Some things that we will like to achieve are as follows: SSH: disable root (uncomment 'PermitRootLogin' and change to no) enable 'strictMode' modify 'MaxAuthTries' modify 'ClientAliveInterval' modify 'ClientAliveCountMax' Gnome: disable Gnome user list Console: Remove reboot, halt poweroff from /etc/security/console.app Applying security best practises from various compliance perspective, e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure configuration guide to get some insight or use it as a baseline. The members of the community who are interested in this SIG or are willing to contribute are: Leam Hall Corey Henderson Jason Pyeron You can find the post here [0] We will really like to get SIG approved by the CentOS board so if anyone is interested or willing to contribute we will be happy to have you onboard. [0] http://lists.centos.org/pipermail/centos-devel/2015-April/013197.html These are all wicked good ideas for machines connected to the internet. I hope you also plan on making it easy to turn off these otherwise useful features for systems with no exposure to the internet. Don't make it difficult/impossible to use rsync to back up between machines on the local intranet. Rsync has to run as root to access and maintain correct file ownership and permissions. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hello Mark, We understand and recognise that security should not affect the function of a business in our case the operating system, I believe that the goal of the hardening SIG will be to mitigate potential risks that can have significant consequences. Over on the centos-devel list it was mentioned that there will be a separate repo, therefore this means that packages will be created to meet the objectives of the hardening SIG. Currently we are trying to get the SIG approved, therefore, no clear picture has been worked out at this moment; however within a month or so it will be available. -- Kind Regards Earl Ramirez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset not actually blocking
Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the most likely culprit. The solution for now is: delete ',dst' from the iptables INPUT chain delete 'src,' from the iptables OUTPUT chain. On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley rob.town...@gmail.com wrote: i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? Filed CentOS bug report 7977 http://bugs.centos.org/view.php?id=7977 this morning. ipset was working great most of the year until ipset 6.11.-3 CentOS bug 7977 http://bugs.centos.org/view.php?id=7977 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset not actually blocking
Incidentally, a different OS has a newer version of iptables 1.4.18-1.1ubuntu1, but still works the old way where SRC still matches SRC,DST. On Wed, Dec 10, 2014 at 2:03 AM, Rob Townley rob.town...@gmail.com wrote: Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the most likely culprit. The solution for now is: delete ',dst' from the iptables INPUT chain delete 'src,' from the iptables OUTPUT chain. On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley rob.town...@gmail.com wrote: i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? Filed CentOS bug report 7977 http://bugs.centos.org/view.php?id=7977 this morning. ipset was working great most of the year until ipset 6.11.-3 CentOS bug 7977 http://bugs.centos.org/view.php?id=7977 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ipset not actually blocking
i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? Filed CentOS bug report 7977 http://bugs.centos.org/view.php?id=7977 this morning. ipset was working great most of the year until ipset 6.11.-3 CentOS bug 7977 http://bugs.centos.org/view.php?id=7977 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ipset module loaded at startup on CentOS 6.5
Anybody on here successfully get ipset iptables sets to work _after_ a reboot? My question on StackExchange http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade Some of the things that need to be in place, otherwise iptables does not load: 1.) The kernel module ip_set needs to be loaded. 2.) The sets need to be created. 3.) Only after 1 and 2 succeed, dare start up iptables. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
+1 On Tue, Jun 17, 2014 at 9:41 AM, James B. Byrne byrn...@harte-lyne.ca wrote: On Mon, June 16, 2014 23:34, Chuck Campbell wrote: I appreciate you restating this. I'll try to go make sense of iptables, given the insight, Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD that are used to initiate the packet path through IPTABLES and that they are mutually exclusive. INPUT deals ONLY with packets that arrive from off of AND are destined for the host running IPTABLES. OUTPUT deals only with packets that originate from the host running IPTABLES regardless of where they are destined. And FORWARD deals only with packets that arrive from and are destined off of the host running IPTABLES. A packet starts in only one of these based solely on its origin/destination pairing and it does not cross over automatically into either of the others. For example, if a forwarded packet is detected then the INPUT and OUTPUT chains are not used at all. I have seen chain misconfiguration where IPTABLES rules evidently assume that a packet is to pass from the INPUT chain or the OUTPUT chain to the FORWARD chain automatically. In some cases it seems that the rules writer has implicitly assumed that INPUT - FORWARD - OUTPUT is the default routing of all packet paths. This is not the case and it does not happen unless the other chain is specifically called from within the originating chain. My practice is to place general rules that I wish to apply to all packets, regardless of source or destination, into a chain called GENERAL and simply call that chain as the last instruction in each of the default chains. Actually I put very little else in the default chains and route from the GENERAL chain to other chains dedicated to specific rule sets, like for port knocking (FWKNOP_ALLOW); or for assured access (ALWAYS_ALLOW); or for blacklists: ALWAYS_DENY and FAIL2BAN_DENY for example. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] idea: hybrid iso images?
i definitely had the same experience back then. Anybody had luck with simply dd a current CentOS iso. I wonder if RedHat supports ISOHybrid? On Mon, Apr 15, 2013 at 3:32 PM, Joseph Spenner joseph85...@yahoo.com wrote: From: Nux! n...@li.nux.ro To: CentOS mailing list centos@centos.org Sent: Monday, April 15, 2013 11:26 AM Subject: Re: [CentOS] idea: hybrid iso images? On 15.04.2013 19:07, Joseph Spenner wrote: In order to create a bootable CentOS installation USB thumb drive, there are several steps one must follow. The process often involves using a Windows box, which can be kinda annoying. The Linux Mint distro has what they call a Hybrid iso image. (see: http://community.linuxmint.com/tutorial/view/744 ) This image can be written to a thumb drive and used for installation simply by performing: # dd /path/to/image.iso of=/dev/sdb (where /dev/sdb is the thumb drive device). This thumb drive can now be booted and used for installation. The same image.iso file can be written to CD/DVD to create the installation media as well. Is this a complicated ISO build process? I'm frequently installing to systems without CD/DVD drives, so this would come in handy. Centos ISOs have been hybrid for a while now AFAIK. Have you tried them and did not work? = Nux: I just tried again, using an 8G thumb drive, with the CentOS-6.4-x86_64-minimal.iso image on my 64bit Dell laptop, and got a quick error: no boot sector found on USB device It then proceeded to boot the next device in the boot order list. I also tried it on 2 other Dell servers, and neither would boot the thumb drive. I then dd'd the latest Linux Mint iso to the same thumb drive, and it worked fine on my laptop. So, perhaps the CentOS images can not (yet) be used this way. Have you tried? Thanks for the reply! Regards, Joseph Spenner __ If life gives you lemons, keep them-- because hey.. free lemons. ♥ Sticker fixer: http://microflush.org/stuff/stickers/heartFix.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] idea: hybrid iso images?
i broke down and stopped attempting this by hand and now use multisystem on my Ubuntu box. On Thu, Jan 30, 2014 at 2:58 PM, Joseph Spenner joseph85...@yahoo.com wrote: From: Rob Townley rob.town...@gmail.com To: CentOS mailing list centos@centos.org Sent: Thursday, January 30, 2014 8:54 AM Subject: Re: [CentOS] idea: hybrid iso images? i definitely had the same experience back then. Anybody had luck with simply dd a current CentOS iso. I wonder if RedHat supports ISOHybrid? On Mon, Apr 15, 2013 at 3:32 PM, Joseph Spenner joseph85...@yahoo.com wrote: I just tried again, using an 8G thumb drive, with the CentOS-6.4-x86_64-minimal.iso image on my 64bit Dell laptop, and got a quick error: no boot sector found on USB device It then proceeded to boot the next device in the boot order list. I also tried it on 2 other Dell servers, and neither would boot the thumb drive. I then dd'd the latest Linux Mint iso to the same thumb drive, and it worked fine on my laptop. So, perhaps the CentOS images can not (yet) be used this way. I have yet to EVER get that to work. The closest I get is have it start the boot/install process, then ask where the media/itself is. It forgets, and can't find the install media-- even though IT IS the install media. I've never figured that out. But, it is what it is. It does work nicely with the debian distros, such as Linux Mint though. __ If life gives you lemons, keep them-- because hey.. free lemons. ♥ Sticker fixer: http://microflush.org/stuff/stickers/heartFix.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3rd party repositories
Andrew, $ yum --disablerepo=* --enablerepo=epel info kernel Does not show any kernels except what is already installed. i suppose you have to enable testing and for that matter, looking in CentOS testing first would be better. On Fri, Oct 18, 2013 at 7:16 PM, Andrew Holway andrew.hol...@gmail.com wrote: I have never had any problems with EPEL: http://fedoraproject.org/wiki/EPEL Recently I used it to upgrade a kernel to 3.0.99 from the stock 2.6.32 and everything just worked apart from an obscure kernel module for hfsplus support. ta, Andrew On 18 October 2013 21:52, isdtor isd...@gmail.com wrote: Can anyone comment on the use of 3rd party repos for newer versions of software like php, python and mysql? Two I am aware of are puias and ius. Is one preferable to the other? Can their packages be installed in parallel to and without interfering with base packages? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Does elrepo fix google-chrome requirement for newer glib and GTK
Has anyone tested installing the newer kernels from elrepo (or somewhere else) in order to keep google-chrome updated beyond version 27? Actually, i assumed a newer kernel would come with a newer glibc but i do not see a newer glibc via elrepo, just newer kernels. hmmm. # yum --disablerepo=* --enablerepo=elrepo* info glibc | grep -i repo only lists my already installed glibc packages from updates. Further, google-chrome requires gtk2 version 2.24.0 or above, and i do not see that in any alternate repos either. But that is another question because #rpm -qi gtk2-2.18.9 finds the package, but #yum clean all #yum --enablerepo=* search all gtk2-2.18.9 says No Matches found So clearly something is messed up if yum can not find one its own packages it itself installed, so i cannot trust it to find gtk2-2.24. For those that do not use google-chrome-stable, each time it is newly started, the following message appears close to the top of the window: Google Chrome has stopped updating and no longer supports this version of your operating system. Assuming 3rd party repos do not work directly, has anyone tried the following: http://productforums.google.com/d/msg/chrome/yL3X4aEceXA/xF0gvEe7vJcJ http://chrome.richardlloyd.org.uk/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyone using CentOS Active Directory like system?
sernet.de/en/samba/ seems to have the most promising SaMBa binaries and make an ISO image to download. Described as http://www.enterprisesamba.com/samba4app/ Setting up a new domain without existing ADS: http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29 http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC On Mon, Sep 30, 2013 at 12:50 PM, James A. Peltier jpelt...@sfu.ca wrote: - Original Message - | I am the IT Development Specialist for a small community college and | our | CIO has asked me to explore an alternative to Microsoft Active | Directory as | we are separating from our parent university and funding is tight so | we | were looking into CentOS with 389 Directory Server. | | Any advise or suggestions would be very helpful. | | Jacob Tennant No, we use Active Directory because it's the right tool for the job. I think that you will find that you will have a difficult time finding another product that will provide all the tools that AD provides when working with Windows. If you are working with Windows and Windows only just use AD it's the right thing. If you're in a mixed bag of Windows, Mac and GNU/Linux, just use AD, it's likely still the right thing. If you only need basic authentication than Samba will likely suit your needs. On what scale are you talking? 2 workstations, 50 workstations, 100s workstations? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyone using CentOS Active Directory like system?
Sorry, ctrl-enter (send right away) won ctrl-shift-v... i used to love MS ADS, but do not love it much anymore and see that there are other tools for the job. There was not nearly enough documentation on which target machines a particular group policy can apply correctly to which version of windows (2000?, XP?, 7?, Vista?, ...). When there was a problem, applying a policy there were many different logfiles one had to parse thru to put together the problem. Most of those policies can be done with registry changes pushed out a number of different ways. Zarafa or Zentyal are projects to look at. sernet.de/en/samba/ seems to have the most promising SaMBa binaries and make an ISO image to download called samba4app. Described as Guided initial configuration of a Samba 4 Active Directory domain http://www.enterprisesamba.com/samba4app/ Full support for managing Windows clients via group policies using the Windows Remote Server Administration Tools. Win7Pro or Enterprise runs that tool. It would be much less expensive to buy one server license instead of multiple licenses and all those CALs. Some wiki articles: Setting up a new domain without existing ADS: http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29 Join an existing ADS domain: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC On Mon, Sep 30, 2013 at 4:58 PM, Rob Townley rob.town...@gmail.com wrote: sernet.de/en/samba/ seems to have the most promising SaMBa binaries and make an ISO image to download. Described as http://www.enterprisesamba.com/samba4app/ Setting up a new domain without existing ADS: http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29 http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC On Mon, Sep 30, 2013 at 12:50 PM, James A. Peltier jpelt...@sfu.ca wrote: - Original Message - | I am the IT Development Specialist for a small community college and | our | CIO has asked me to explore an alternative to Microsoft Active | Directory as | we are separating from our parent university and funding is tight so | we | were looking into CentOS with 389 Directory Server. | | Any advise or suggestions would be very helpful. | | Jacob Tennant No, we use Active Directory because it's the right tool for the job. I think that you will find that you will have a difficult time finding another product that will provide all the tools that AD provides when working with Windows. If you are working with Windows and Windows only just use AD it's the right thing. If you're in a mixed bag of Windows, Mac and GNU/Linux, just use AD, it's likely still the right thing. If you only need basic authentication than Samba will likely suit your needs. On what scale are you talking? 2 workstations, 50 workstations, 100s workstations? -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices “A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Is there a rpm command to find the package that created a particular user or particular group?
Given a particular user or particular group, is there a rpm command that returns what package created that particular user or particular group? Analogous to `rpm -q --whatprovides /etc/security/limits.conf` returns the package pam. Is there an rpm command that returns what package generated a particular user? Most of us already know that the httpd package is associated with the user apache. But there are passwd and group entries that i would like to verify and want to know exactly how they got on my system. Further i would like to know which the security implications of adding another group to a user account. Something like the following command: `rpm --query --user apache` would return httpd `rpm --query --group pulse-access` might return pulseaudio ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a rpm command to find the package that created a particular user or particular group?
--scripts is helpful, the following returns a great deal of package scripts having to do with users and groups, but ideally would return just the package names involved in creating the user or group. rpm -qa --scripts | egrep 'user|group|id\s|getent|pass' rpm -qa --scripts | less does not seem to list any package names, but may be a more formal rpm would help: rpm --queryformat %{FILEUSERNAME} %{TRIGGERSCRIPTS} %{TRIGGERSCRIPTPROG}\n --query httpd does not return a script name and i do not see anything else in rpm --querytags that would help. Has to be a way, but not today. On Thu, Jun 27, 2013 at 1:52 PM, Leon Fauster leonfaus...@googlemail.comwrote: Am 27.06.2013 um 20:36 schrieb Rob Townley rob.town...@gmail.com: Given a particular user or particular group, is there a rpm command that returns what package created that particular user or particular group? Analogous to `rpm -q --whatprovides /etc/security/limits.conf` returns the package pam. Is there an rpm command that returns what package generated a particular user? Most of us already know that the httpd package is associated with the user apache. But there are passwd and group entries that i would like to verify and want to know exactly how they got on my system. Further i would like to know which the security implications of adding another group to a user account. Something like the following command: `rpm --query --user apache` would return httpd `rpm --query --group pulse-access` might return pulseaudio take a look at the pre/post-script parts of the rpms rpm -q --scripts httpd other users/groups are installed via centos setup (anaconda). -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring source-specific routing
Any neighbors with Open WiFi? Connect Cat5 to laptop in your house and connect to neighbors open WiFi. Woila, two ISPs. If you have 3G, it will work better to connect it into a CradlePoint type 3G hardware gateway device and connect the laptop to the 3G Gateway. NetworkManager would only activate my bluetooth-to-3G connection when i turned WiFi off. (Further, i just ran `ip route` on my android phone while connected to 3G and WiFi and the android output was disappointing. Does not have both active at same time.) On Fri, May 3, 2013 at 8:37 PM, Michael Mol mike...@gmail.com wrote: On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote: On 05/02/2013 08:48 PM, Michael Mol wrote: [snip] Alternate source routing, firewall and netfilter marking of packets: iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark 100 # iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark 200 # iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark 100 # Local network iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -d 172.16.0.0/12 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s PublicIP -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s PublicIP -d 172.16.0.0/12 -j MARK --set-mark 20 And then something like: # echo 201 mail.out /etc/iproute2/rt_tables # ip rule add fwmark 1 table mail.out # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out (http://lartc.org/howto/lartc.netfilter.html). Used firewall rules are from StarOS router OS that has simple script for policy routing so that second part with ip rule and ip route is just a pointer in right direction. I don't figure I want to use the mangle table for this. Though thanks for the example code; that will come in handy for tc. Just need how to work that in with sanewall. I think I know what I did wrong, but it's going to be a while before I can test it. (Dang, I wish I had enough spare hardware at home to set up a test lab.) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring source-specific routing
Find some businesses that both have open wifi near each other. Bring an old WiFi router and a Cat5 cable. Connect your laptop WiFi to one open hotspot. Connect the old WiFi router in client access mode to another open wifi. One ISP is to your local coffee shop. The other ISP is to the grocery store. On Sat, May 4, 2013 at 6:33 AM, Rob Townley rob.town...@gmail.com wrote: Any neighbors with Open WiFi? Connect Cat5 to laptop in your house and connect to neighbors open WiFi. Woila, two ISPs. If you have 3G, it will work better to connect it into a CradlePoint type 3G hardware gateway device and connect the laptop to the 3G Gateway. NetworkManager would only activate my bluetooth-to-3G connection when i turned WiFi off. (Further, i just ran `ip route` on my android phone while connected to 3G and WiFi and the android output was disappointing. Does not have both active at same time.) On Fri, May 3, 2013 at 8:37 PM, Michael Mol mike...@gmail.com wrote: On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote: On 05/02/2013 08:48 PM, Michael Mol wrote: [snip] Alternate source routing, firewall and netfilter marking of packets: iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark 100 # iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark 200 # iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark 100 # Local network iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -d 172.16.0.0/12 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s PublicIP -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s PublicIP -d 172.16.0.0/12 -j MARK --set-mark 20 And then something like: # echo 201 mail.out /etc/iproute2/rt_tables # ip rule add fwmark 1 table mail.out # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out (http://lartc.org/howto/lartc.netfilter.html). Used firewall rules are from StarOS router OS that has simple script for policy routing so that second part with ip rule and ip route is just a pointer in right direction. I don't figure I want to use the mangle table for this. Though thanks for the example code; that will come in handy for tc. Just need how to work that in with sanewall. I think I know what I did wrong, but it's going to be a while before I can test it. (Dang, I wish I had enough spare hardware at home to set up a test lab.) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring source-specific routing
Somebody oughta try an external USB WiFi dongle on a laptop with internal WiFi. Does NetworkManager handle two WiFi devices? On Sat, May 4, 2013 at 6:48 AM, Rob Townley rob.town...@gmail.com wrote: Find some businesses that both have open wifi near each other. Bring an old WiFi router and a Cat5 cable. Connect your laptop WiFi to one open hotspot. Connect the old WiFi router in client access mode to another open wifi. One ISP is to your local coffee shop. The other ISP is to the grocery store. On Sat, May 4, 2013 at 6:33 AM, Rob Townley rob.town...@gmail.com wrote: Any neighbors with Open WiFi? Connect Cat5 to laptop in your house and connect to neighbors open WiFi. Woila, two ISPs. If you have 3G, it will work better to connect it into a CradlePoint type 3G hardware gateway device and connect the laptop to the 3G Gateway. NetworkManager would only activate my bluetooth-to-3G connection when i turned WiFi off. (Further, i just ran `ip route` on my android phone while connected to 3G and WiFi and the android output was disappointing. Does not have both active at same time.) On Fri, May 3, 2013 at 8:37 PM, Michael Mol mike...@gmail.com wrote: On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote: On 05/02/2013 08:48 PM, Michael Mol wrote: [snip] Alternate source routing, firewall and netfilter marking of packets: iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark 100 # iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark 200 # iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark 100 # Local network iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -d 172.16.0.0/12 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s PublicIP -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s PublicIP -d 172.16.0.0/12 -j MARK --set-mark 20 And then something like: # echo 201 mail.out /etc/iproute2/rt_tables # ip rule add fwmark 1 table mail.out # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out (http://lartc.org/howto/lartc.netfilter.html). Used firewall rules are from StarOS router OS that has simple script for policy routing so that second part with ip rule and ip route is just a pointer in right direction. I don't figure I want to use the mangle table for this. Though thanks for the example code; that will come in handy for tc. Just need how to work that in with sanewall. I think I know what I did wrong, but it's going to be a while before I can test it. (Dang, I wish I had enough spare hardware at home to set up a test lab.) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Configuring source-specific routing
Michael, very frustrating that so much noise for a very simple request. I set up multi source routing in 5.3 or so and was astounded at all the negativity on this list and that it could not be done. It will take forever to read the noise in this thread alone. Some said you have to use DHCP i could go on. Do not trust that ping -I will work how you would think. Must specify an IP address, not eth0, not eth1. ping -I 10.0.0.1 8.8.8.8 This really is just a few lines per interface. Learn by changing the /etc/sysconfig/network-scripts/ifup-route shell scripts to add logging. echo out variables. There is no need to get iptables involved at all unless doing something very special. i did not want to setup quagga or some form of dynamic routing deamon because of security concerns. i wanted static IP addresses communicating to the ISP on static routes. It is pretty simple. Maybe i can hook up my laptop to 3G and WiFi and Cat6 and make sure i get it working. Please remember to use IP addresses, not names for ping testing. Scrutinize ping results. ping -I 10.0.0.1 8.8.8.8 On Fri, May 3, 2013 at 4:26 PM, Michael Mol mike...@gmail.com wrote: On 05/03/2013 03:24 PM, Michael H. Warfield wrote: On Wed, 2013-05-01 at 17:52 -0400, Michael Mol wrote: [snip] Curiously, at least one guy has reported success: http://sysadminsjourney.com/content/2009/04/15/doing-simple-source-policy-routing-centos/ Now, the only thing different between his setup and mine (apart from my using ethN:1 instead of ethN, as all three routers hang off the same ethernet segment) is that were his guide says: echo default table CorpNet via 10.0.0.1 /etc/sysconfig/network-scripts/route-eth1 Ok... Wow... If that's the only difference between his description and what you did, you certainly left A LOT out. He's using both rules and tables neither of which you made any mention of in your original post. I tried it both ways, honestly. I've been blasted (postfix) or ignored (samba) more than a few times in other environments for providing too much information, so I didn't think it wise doing a writeup of both approaches. Can't win. Can't even break even... At this point, having read that article, I will eat my earlier words (not the first time and certainly won't be the last time). I guess you can now do this using the standard files, it's just that I haven't done it in so long that you couldn't do it back then (my excuse and I'm sticking with it). Following his description, I could easily reproduce my old setups using ifcfg-ethN, rule-ethN, and route-ethN. I'm impressed. I don't need it any more but - nice... That makes it a lot easier than what I had to figure out. I was going to ask you how you tied in your manual script... Ok... So, I'm assuming you properly set up the rules-ethN file as well (and the proper entry in /etc/iproute2/rt_tables? You made no mention of that in your OP. That's a very crucial bit there. So, this is interesting. I'd read that you could use a command like ip route add 1.2.3.4/32 dev eth0 via 10.1.0.1 src 10.1.0.12 from 4.3.2.1/24 with the from 8.3.2.1/24 portion as part of the IP command, but that using tables was usually done because it was easier. What's bizarre is that I could have sworn I had this type of rule even working. But when I run it on my laptop, and follow up with ip rule show, the from X clause is gone. This calls into question everything else I was convinced I had working, too. But I do know my 'table CorpNet' approach worked when applied manually, but not when I tried converting it to route-ethN. I won't be able to try it again for a while, either, but I've got a hunch why it didn't work. Also, in your OP you mentioned this: On Wed, 2013-05-01 at 16:05 -0400, Michael Mol wrote: I've created a route-eth0:1 file that looks roughly like this: 10.0.0.1 dev eth0:1 \ src 10.0.0.2 \ from 10.0.0.0/29 default via 10.0.0.1 dev eth0:1 \ src 10.0.0.2 \ from 10.0.0.0/29 You're not showing table numbers or names there so it's not clear if you are using different route tables or not (which you MUST do and associate them with appropriate match rules). Yup. See above where I discover from a.b.c.d isn't a valid clause to attach to the ip command. As finicky as that command is, I'm disappointed it didn't throw an error. According to man ip-route on my router the from stanza is not valid in a route add (route-ethN files) and in a route ls is only applicable to cloned routes. What you wrote can not literally work, by my reading of the ip man pages. Yup. I just re-read through to double check, when my manual invocation on my laptop didn't work. You get the source matching from the rules not the routes. You haven't mentioned (or acknowledged) anything about them but they are crucial (as are the use of multiple tables). What did you set up for
Re: [CentOS] flashing a BIOS on an HP server
For the DL380 G4 series, the firmware update bootable ISO was Linux based and the SmartStart CD was Linux based. Boot using the Live ISO and there was a utility available that would create a LiveUSB version. No Windows was required whatsoever. i loved the way that most all firmware updates were accomplished from a LiveCD. On Tue, Apr 30, 2013 at 2:55 PM, Hugh E Cruickshank h...@forsoft.comwrote: From: m.r...@5-cent.us Sent: April 30, 2013 12:34 The DVD: is that bootable? If so, can I simply put the .exe on the h/d, and boot from the DVD, then point it to the .exe and run it? It is supplied as a zipped ISO file. Burn the ISO and then boot from the disk. I have just remembered that the Firmware DVDs have been replaced by the new Service Pack for ProLiant (also bootable). HTH Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Warning Error procesing LVM.
Warning Dialog Box that appears when trying to use CentOS 6.4 32bit to upgrade a preupgrade failure of Fedora 13 to Fedora 15. Need to make certain Re-initialize will not delete all my files, but just rebuildable metadata. There is inconsistent LVM data on Volume Group vg_ec239dict. You can reinitialize all related PVs (/dev/sdb2, /dev/sda2) which will erase the LVM metadata, or ignore which will preserve the contents. This action may also be applied to all other PVs with inconsistent metadata. clickable options are: Ignore Ignore all Re-initialize Re-initialize all ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
On Mon, Dec 10, 2012 at 9:40 AM, Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/07/2012 06:49 PM, Gordon Messmer wrote: On 12/06/2012 06:05 PM, David McGuffey wrote: Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux? Probably mostly because when you sandbox an X11 application, you can't copy and paste in or out of the application. Most users want to do that. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Yes when you wrap something in sandbox, you loose the ability for these applications to communicate with the rest of the desktop. In order to secure the desktop in any real way you need to break communications, and this communications break down, hurts usability. I opt for security, and will just run evince outside my session, if I really need copy/paste. Maybe when we get to Wayland, we can make this better. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDGAnoACgkQrlYvE4MpobPYnQCfct1/1mnGEF7JxYd06ba/00hz qRgAoOQYZjU6ZvoaIk4a2gn9uKjBxsqH =Z6ei -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos When i tried sandboxing firefox on CentOS 6.4, it says i need seunshare, but yum search all seunshare results in nothing. /usr/sbin/seunshare is required for the action you want to perform. Widening the search to selinux and installing a bunch of packages, and then running: $ rpm -qf /usr/sbin/seunshare policycoreutils-sandbox-2.0.83-19.30.el6.x86_64 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Eclipse (again)...
On Tue, Feb 19, 2013 at 6:45 PM, Mark LaPierre marklap...@aol.com wrote: # yum install eclipse-\* # yum remove eclipse-nls htmlparser After this, various C++ components and *a lot* of other pieces, too, were added to the Installed Software list. I very much doubt that the installation actually added all the modules. Instead I suspect that in the past, there was some kind of problem that caused the system to stop loading components that were actually installed at a certain stage - and that this issue was resolved by the install command. If you know what I mean... - Toralf I'm glad you got it to work. I remember having to spend some google time trying to figure out how to add syntax highlighting for perl. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Finding and installing .i686 packages to make things work on x86_64 platform could be better. i managed to get updates from within eclipse to work, but it was not as straightforward as i would have thought. i needed those updates to get android-sdk stuff to work at all. i followed your instructions for getting C/C++ projects to work as expected and that seems to have worked! but android stuff is no longer working. i want to say android requires htmlparser, but that will have to wait till morning for verification. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] the at command
Have the nodes subscribe to a Multicast server. Using Pipes, Signals, and some other basic operating system course terminology the name of which escapes me at the moment. setpriority() or nice up (-15) the priority of your software. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba vs. Firewall and/or SELinux
On Fri, Dec 28, 2012 at 9:10 AM, Craig White craig.wh...@ttiltd.com wrote: I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box. chirp users /data/public -R chmod g+s /data/public -R will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group. if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too. What is the chirp command and where is it found? yum search all chirp yielded nothing. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba vs. Firewall and/or SELinux
On Mon, Dec 31, 2012 at 6:41 PM, Mark LaPierre marklap...@aol.com wrote: On 12/31/2012 07:27 PM, Rob Townley wrote: On Fri, Dec 28, 2012 at 9:10 AM, Craig Whitecraig.wh...@ttiltd.com wrote: I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box. chirp users /data/public -R chmod g+s /data/public -R will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group. if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too. What is the chirp command and where is it found? yum search all chirp yielded nothing. I believe you will find that chirp was a fat finger for chgrp. THANK YOU... i could not figure out the typo quickly. i wanted to make sure the complete and correct reference is there when i need it some time at 3am. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registerd Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ethernet puzzle
Remember, udev's rules lists FOUR devices. There are only THREE. What does the BIOS say about ethernet devices? Does the motherboard have a management interface card with its own ethernet port, perhaps potential but not actually installed? An IPMI may have its own MAC, but share a physical port with the main NIC. If you are using this as a firewall, make sure to not have an IPMI port facing the internet. You may have a MAC address in one of your ifcfg-eth* files that does not _exactly_ match the hardware. Sometimes, it can be case-sensitive. pushd /etc/sysconfig/network-scripts/ mkdir BACKUP mv ifcfg-eth* ./BACKUP/ I would take out all the add-on cards and see if this extra MAC stays around. Put the other cards in one-by-one till found. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Nautilus Open With difference with Connect to server... sftp
.PDFs on my local harddrive open by default with acroread Adobe Reader 9. .PDFs on network shares open with evince Document Viewer. Is there some way to force Open With to also use acroread for network locations as well? Here are the inconsistencies in the UI: When right clicking a local harddrive .PDF, top line in menu is Open with Adobe Reader 9 When right clicking a remote harddrive .PDF, top line in menu is Open with Document Viewer When right clicking and choosing properties and choosing the Open With tab, a .PDF file in both locations indicates Adobe Reader 9. gdm on CentOS 6.3 32bit with all latest updates. AdobeReader_enu installed from Adobe repository: Name: AdobeReader_enu Arch: i486 Version : 9.5.1 Release : 1 Size: 135 M Repo: installed From repo : adobe-linux-i386 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
Daniel, Can the Firefox profile file hierarchy be sandboxed? So everything downloaded within the profile cache is sandboxed. More like if any application accesses something in a particular folder, sandboxing automatically kicks in. On Fri, Dec 7, 2012 at 5:49 AM, Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/06/2012 09:05 PM, David McGuffey wrote: Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process. Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux? I've discovered some guidance for sandboxing Firefox using the 'sandbox' command. Once I test it a bit, I'll post the results back here. Seems to me that if this works, it should be the default. DaveM ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Very difficult to sandbox thunderbird and firefox. But sandbox tool actually works well for sandboxing viewers of downloaded data. I sandbox all content that will be viewed by evince and libreoffice. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDB19QACgkQrlYvE4MpobPbugCfZfbdFXIDLwSk1/hXvXaHvVDS cPcAoOGg4eOtAPYVZvqcMmpB8fke1Q0d =krFW -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
Let us know how it goes. i thought i followed one of Daniel Walsh's blog posts to sandbox firefox and don't remember it being that bad, but that was well over a year ago. Since he maintained selinux for RedHat for a number of years, ... he probably knows what he is talking about. He was always on top of selinux reported bugs. You may want to check out Qubes-OS. Qubes-OS is based on Fedora by the creator of bluepill guestOS to hypervisor code. On Thu, Dec 6, 2012 at 8:05 PM, David McGuffey davidmcguf...@verizon.netwrote: Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process. Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux? I've discovered some guidance for sandboxing Firefox using the 'sandbox' command. Once I test it a bit, I'll post the results back here. Seems to me that if this works, it should be the default. DaveM ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] flash plugin
iirc, Firefox will block flash from working when it knows the plugin is vulnerable. flashtester.org works today, but not last week and maybe even the week before. i have seen this behavior a few times after major security flaws are known to be exploited. i don't think i did anything to fix it except apply updates and reboot. Have you rerembered to make sure no firefox process or any flash process is running? $ rpm -qv firefox flash-plugin firefox-10.0.7-1.el6.centos.x86_64 flash-plugin-11.2.202.238-release.x86_64 FlashTester.org succeeds but javatester.org fails, so ... Tools -- AddOns -- Plugins -- Check to see if your plugins are up to date which brings one to https://www.mozilla.org/en-US/plugincheck/ Missing Java? For your safety, Firefox has disabled your outdated version of Java. Please upgrade to the latest version. On Sun, Sep 16, 2012 at 3:34 PM, Keith Roberts ke...@karsites.net wrote: On Sun, 16 Sep 2012, Michael Hennebry wrote: To: CentOS mailing list centos@centos.org From: Michael Hennebry henne...@web.cs.ndsu.nodak.edu Subject: [CentOS] flash plugin How do I get a flash plugin to work with firefox? I thought that I installed it correctly, but I have yet to see any flash videos through firefox. I keep being told that I need an additional plugin. When I folow directions, I'm told I already have it? At least once, I was told I needed to upgrade. I had similar problems on Centos 5.8 32 bit. U had to downgrade to: [root@karsites ~]# rpm -qv flash-plugin flash-plugin-10.3.183.19-0.1.el5.rf to get it to work again. Security patches are being backported for now, IIRC. HTH Keith --- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] --- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.2 release: a thank you
+2 On Wed, Dec 21, 2011 at 12:29 PM, Paul Heinlein heinl...@madboa.com wrote: On Wed, 21 Dec 2011, Louis Lagendijk wrote: I would like to express my appreciation for the unbelievably quick release of Centos 6.2. Thanks a million! You managed to release 6.2 some 10 days after 6.1. Johnny, you are not that ugly after all :-). +1 -- Paul Heinlein heinl...@madboa.com http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Routing of outgoing packets
2010/10/1 Mitja Mihelič mitja.mihe...@arnes.si: On 09/30/2010 05:02 PM, John Doe wrote: From: Mitja Miheličmitja.mihe...@arnes.si I am trying to use hping to chek the latency of our network. Somehow things are not going to plan and I thought someone might be able to shed some light on the subject. Here is the setup: (the IP addresses gvien here are fake, but they do represent the correct state of the networking setup) vlan interface IP mask V2 eth0 192.168.20.20 32 V4 eth1 172.16.4.40 32 V6 eth2 172.16.6.60 32 The default route is set to eth1. The idea is to use eth2 for pinging only, the other two interfaces are used by another service and management access. Could you show the ifconfig and route outputs...? JD The Centos version is 5.5. This is the kernel we are using (http://rpms.mcnc.org/web100/el5/distro-compat/i386/): 2.6.18-164.15.1.el5.web100PAE #1 SMP Mon May 17 17:01:51 EDT 2010 i686 athlon i386 GNU/Linux The IP addresses are presented as private addresses, netmasks are real. Here is the ifconfig output: [r...@server ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:16:35:82:45:A0 inet addr:192.168.254.236 Bcast:192.168.254.239 Mask:255.255.255.240 inet6 addr: fe80::216:35ff:fe82:45a0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:139602 errors:0 dropped:0 overruns:0 frame:0 TX packets:58914 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:211203420 (201.4 MiB) TX bytes:4285647 (4.0 MiB) Interrupt:186 Memory:dc00-dc012800 eth1 Link encap:Ethernet HWaddr 00:16:35:82:45:A2 inet addr:192.168.254.244 Bcast:192.168.254.247 Mask:255.255.255.248 inet6 addr: fe80::216:35ff:fe82:45a2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1130 (1.1 KiB) TX bytes:1116 (1.0 KiB) Interrupt:194 Memory:da00-da012800 eth2 Link encap:Ethernet HWaddr 00:15:17:C5:84:4D inet addr:192.168.254.18 Bcast:192.168.254.23 Mask:255.255.255.248 inet6 addr: fe80::215:17ff:fec5:844d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2280 (2.2 KiB) TX bytes:1236 (1.2 KiB) Memory:dfde-dfe0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:21 errors:0 dropped:0 overruns:0 frame:0 TX packets:21 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4240 (4.1 KiB) TX bytes:4240 (4.1 KiB) And the route command output: [r...@server ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.18.122 192.168.254.225 255.255.255.255 UGH 0 0 0 eth0 192.168.254.16 0.0.0.0 255.255.255.248 U 0 0 0 eth2 192.168.254.240 0.0.0.0 255.255.255.248 U 0 0 0 eth1 192.168.18.160 192.168.254.225 255.255.255.240 UG 0 0 0 eth0 192.168.254.224 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.1.64 192.168.254.225 255.255.255.192 UG 0 0 0 eth0 192.168.1.128 192.168.254.225 255.255.255.128 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 0.0.0.0 192.168.254.241 0.0.0.0 UG 0 0 0 eth1 -- Mitja ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos This may be too late, but came across this searching for my old iproute conversations. Each NIC needs its own source based route otherwise, it will use the sytem wide default route. In other words, add nic specific default routes in addition to the system wide default route. Once you have nic specific source routes, you may notice a big difference between the following two seemingly identical commands: ping -I eth2 208.67.222.222 ping -I 192.168.x.y 208.67.222.222 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best location in filesystem to have a samba share
The next time they buy a camera memory card, recommend to them to buy an eye.fi card (it is uLinux based). Set all the cards to store in MMDD format. Set up your own ftp server to receive the uploads directly from the camera. Even though the eye.fi SD memory card runs uLinux itself, eye.fi does not provide Linux applications. There are supporting applications for Linux with the most comprehensive list here: http://tech.groups.yahoo.com/group/EyeFiHacking/ Hope this is not too off-topic in mentioning a product, but it has a great deal of promise in helping the OP handle user input, ftp solves a number of problems, and it is Linux based. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NetworkManager constantly overwriting /etc/resolve.conf - how to disable?
On Mon, Nov 30, 2009 at 2:27 AM, Rudi Ahlers rudiahl...@gmail.com wrote: On Mon, Nov 30, 2009 at 1:56 AM, Robert Heller hel...@deepsoft.com wrote: You either A) Don't have NetworkManager installed on the other servers (eg 'rpm -q NetworkManager' yields 'package NetworkManager is not installed') OR B) Don't have NetworkManager running on the other servers (eg '/sbin/chkconfig NetworkManager --list' yields 'NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off') -- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ Thanx Robert, so it's safe to remove NetworkManager then? I have done so, and will see if any issues arise. The only files that was removed is: Removing: NetworkManager i386 1:0.7.0-9.el5 installed 3.3 M NetworkManager x86_64 1:0.7.0-9.el5 installed 3.4 M Removing for dependencies: NetworkManager-glib i386 1:0.7.0-9.el5 installed 154 k NetworkManager-glib x86_64 1:0.7.0-9.el5 installed 161 k -- Kind Regards Rudi Ahlers CEO, SoftDux Hosting Web: http://www.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i uninstall NetworkManager as well, but i would think you have bigger problems since it appears you have both the 64bit and 32bit versions of software installed? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] again, nic driver order
On Sat, Nov 28, 2009 at 2:55 PM, Ross Walker rswwal...@gmail.com wrote: On Nov 28, 2009, at 3:10 PM, Les Mikesell lesmikes...@gmail.com wrote: Tom H wrote: Digging around google a bit more I came up with different rules, and fingers crossed, they seem to work! SUBSYSTEM==net, SYSFS{address}==00:1b:21:4d:c3:e8, NAME=eth0 # pro/1000gt SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:30, NAME=eth1 # internal 1 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:31, NAME=eth2 # internal 2 Don't touch udev, expecting admins to write udev rules for network interface binding is just not realistic. Udev rules are meant to be static across hardware reconfigurations while ifcfg files are meant to be modified to suit your current configuration. Use HWADDR=00:1b:21:4d:c3:e8 in the ifcfg files along with NAME=eth0 for eth0 and so on. I read a while ago that udev overrode ifcfg-* settings so I did a clean install of 5.4 and changed: ifcfg-eth0 to ifcfg-eth9 (file name) eth0 to eth9 (inside the file) the last number of the HWADDR line Do you mean that you changed the HWADDR line so it no longer matched the actual nic mac address? In that case, you shouldn't expect it to work. The nic came up as eth0 with the old/original mac address after a reboot. So we unfortunately have to write udev rules when we have nic naming problems... I think the ifcfg-eth? files work when they match the nic mac addresses. They may have to all match for any of them to work, though. I've seen some cases where they all get renamed with a .bak extension and new ones are created but I don't know what triggers that. Usually a new kernel that forces a regeneration of the hwconf. There was a kernel update maybe the move from C4 to C5 which caused grief with Dell hardware, where it reversed the order Broadcom devices are detected, still does and needs manual swapping around after install. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos NIC ordering is a problem. Some say it is the multi cpu, some say bad BIOS, some say MAC address ordering is better, some say PCI bus enumeration is better. The netdev mailing list has had a long running discussion on this issue. The CTO of Dell and members of HP along with others are / were active participants. Part of the problem is that an alias name may not be available to the kernel. Dell has their own software to bring determinism to NIC ordering. http://linux.dell.com/papers.shtml One of Dell's programmers has proposed changing Anaconda to let you choose at installation time the NIC naming convention: We have been having discussions in the netdev list about creating multiple names for the network interfaces to bring determinism into the way network interfaces are named in the OSes. In specific, eth0 in the OS does not always map to the integrated NIC Gb1 as labelled on the chassis. http://marc.info/?l=linux-netdevm=125510301513312w=2 - (Re: PATCH: Network Device Naming mechanism and policy) http://marc.info/?l=linux-netdevm=125619338904322w=2 - ([PATCH] udev: create empty regular files to represent net) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] again, nic driver order
On Sun, Nov 29, 2009 at 10:57 AM, Les Mikesell lesmikes...@gmail.com wrote: Rob Townley wrote: NIC ordering is a problem. Some say it is the multi cpu, some say bad BIOS, some say MAC address ordering is better, some say PCI bus enumeration is better. The netdev mailing list has had a long running discussion on this issue. The CTO of Dell and members of HP along with others are / were active participants. Part of the problem is that an alias name may not be available to the kernel. Dell has their own software to bring determinism to NIC ordering. http://linux.dell.com/papers.shtml One of Dell's programmers has proposed changing Anaconda to let you choose at installation time the NIC naming convention: We have been having discussions in the netdev list about creating multiple names for the network interfaces to bring determinism into the way network interfaces are named in the OSes. In specific, eth0 in the OS does not always map to the integrated NIC Gb1 as labelled on the chassis. http://marc.info/?l=linux-netdevm=125510301513312w=2 - (Re: PATCH: Network Device Naming mechanism and policy) http://marc.info/?l=linux-netdevm=125619338904322w=2 - ([PATCH] udev: create empty regular files to represent net) Do any of these approaches help with the scenario where you want to clone a system across many identical machines including future additions where you don't know the MAC addresses yet, and you'd like the remote operator to be able to insert a drive and have it come up with the right interfaces on the right network connections? This was possible in Centos 3.x, but not in 5.x. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Yes Les. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] administering an MS Windows partition under Linux
On Fri, Nov 6, 2009 at 1:21 PM, Boris Epstein borepst...@gmail.com wrote: Hi all, If I have a dual-boot machine (Linux and Windows) would I have any good tools under Linux that would allow me to look at the content of the Windows boot partition, administer it, clean up the registry, remove viruses if any, etc? The Windows installation seems to be so defective as to be quite useless so I am trying to think of a good strategy for dealing with the situation. Thanks in advance for any and all advice. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The Helix LiveCD for forensics does registry editing, av scans, ... i would be surprised if SysRescCD doesn't give you registry editing as well. f-prot cd for virus scans as well. Not to mention the rootkit detection cds. Make sure you update the virus definitions after boot up with the live cds. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bypass Hung Applications At Boot So System Can Complete The Boot Process
On Sun, Oct 25, 2009 at 3:23 PM, aurfal...@gmail.com wrote: During boot, you'll see (for a real brief moment), something to the effect press I for interactive startup A few seconds after pressing it, you will be prompted to load services with a y/n. Once in Ubuntu, I entered rescue mode by entering grub startup options at the command prompt, namely single user mode but I can't recall exactly how I did this I imagine it would apply to any Linux distro. For me, sendmail and other network services (not NFS though) took forever to load because of fubar'd network stuff. On Oct 25, 2009, at 1:01 PM, Mathew S. McCarrell wrote: On Fri, Oct 23, 2009 at 12:12 PM, Kemp, Larry larry.k...@usmetrotel.com wrote: I have a CentOS system that is hanging at boot. Sendmail takes forever (and a few other apps hang as well...mainly network apps). This has proven in the pas to be a NIC misconfiguration or a network issue. I think that is what it is on this one too. Is there a way when I see an app haning at boot to make the server stop trying to load the hung app and bring the OS up into the GI so that I get to fixing it? Thanks in advance. Larry Kemp Network Engineer U.S. Metropolitan Telecom, LLC ___ If your having network apps hang, I would take a look at your /etc/hosts file and make sure it is correct. I've had an issue in the past with sendmail hanging during boot and an incorrect /etc/hosts file was the cause. Matt -- Mathew S. McCarrell Clarkson University '10 mccar...@gmail.com mccar...@clarkson.edu 1-518-314-9214 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i seem to recall similar situation and the netplugd helped but in my case it was because the Cat5 cable was unplugged or the switch was powered off. i am not sure why it isn't on by default, maybe NetworkManager was supposed to take over the responsibilities of Netplugd, but clearly failed. ifconfig would say eth0 was UP even though it was not plugged-in. Since netplug daemon has been running, ifconfig hasn't lied again. IIRC, all i did to turn it on and enable it was, but you may have to yum it down first: chkconfig netplug on ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help! i want to clone my Centos machine to another box..
On Thu, Oct 22, 2009 at 3:06 AM, RoLaNd RoLaNd r_o_l_a_...@hotmail.com wrote: Hello all, i've spent the last week trying to find something that will clone my existing Centos server to a more powerful box. i've used clonezilla though that resulted in a complete failure.. You used the CloneZilla Live CD? CloneZilla Server and DRBL Server are entirely different and can be difficult. But CloneZilla _LiveCD_ is easy. Tell us more about your RAID config. It is not software raid is it? Not sure if any cloning system can work to clone software raid unless you have completely identical set of drives in both and then you would not be doing disk level cloning, but file level cloning. What kind of raid do you have? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
On Tue, Oct 20, 2009 at 6:47 AM, Joseph L. Casale jcas...@activenetwerx.com wrote: Remember that windows integration website ( don't remember the name but related to nLite and ryanvm) shutdown by Microsoft - it made a great deal of news because they had scripts to take out annoyances such as balloons popping up in the taskbar. MS lawyers had them disbanded For a good reason, because silly non-admins where using nlite in a corporate environment? WTF, if you take all of RHELS rpms and recompile them in an unsupported manor then call for help, what do you think they will do? You have got to be kidding me, ms should just support anything anyone wants to do? Sigh... The point was that there were at least thousands of publicly documented instances of the first line of support was to wipe n reinstall. Should users have to wait 9 years to get some balloons turned off? The changes were registry key changes documented by MS, not exactly recompiles. No, i don't think MS should have to support nLite modifications, but wouldn't the money spent on lawyers have been better spent on giving customers what they wanted. And when one stops and thinks about src rpms . It takes way too much time to install a windows system from scratch, configure how you want it, and then install all the apps on top and then all the updates and then all the updates to the apps ad nauseam. Oh, you want to image that harddrive now? Well you get 3 attempts with sysprep and then you start all over - no thanks.. Well, if you need some guidance on how to do this, I would be willing to help. Even at home I use RIS/WDS and deploy almost all of my apps to windows lab vm's with GPO's. So, unfortunately yes, I do *completely* automated deployments that setup all my apps and even pre-populate some settings at the push of F12. When I didn't have this knowledge, I never assumed Bill was an a$$hole, I took the time to learn it. Same with Linux, when I never had kickstart knowledge and couldn't automate my CentOS deployments, I never assumed KB or the CentOS devs were scumbags, I took the time to learn it:) 'yum repolist' lists 19,107 packages i can install in a heartbeat. How many 3rd party apps do you actually install?How many windows packages do you have to spend _time_ repackaging with a $1500 and $more windows MSI installer package to get it pushed out correctly with standard gpos? For the non MSI apps, how long did it take to contact the developer and hunt down the parameters to answer yes,yes, product-key=XXX-ZG123-56787-01l1l1Il (r those ones, letter i, letter L, zeros?). i never thought of Bill in a negative light. i didn't downgrade to WinXP and deployed WinVista except to all but my workstations. A MS technical account executive is giving a breakfast security meeting in 6 hours where i live on why patch management is a big problem that will NOT be going away. Maybe MS will come out with something akin to yum.repos app store, but it will never have all the proprietary software you will need and oh yeah - it will cost money over and over. Guess what, now I can do both! Wow... Guess what, i can too.How many families can afford the licensing fees for a windows server at home? Why not use OCSinventory-ng or FreeGhost? Winner? This useless thread will never end, FOSS guys have their sh!t in a knot over MS for reason of which I have my own opinions. Bottom line is, I work with both and quit successfully get equivalent uptimes and QOS with both. Many guys do it, it's possible. I met one of the guys who did the barnes and noble setup at an msdn conference, I guess that successful setup wasn't the result of competent guys who actually knew their sh!t and did a good job, but just dumb luck. Mama always said if I could be smart or lucky, it was better to be lucky:) You may even get longer uptimes with MS, but how much time do you have to spend patching all those 3rd party applications? All those apps developed by the vast majority of developers that believe that if their install process is half as good as MS Office, we're golden. Those other users of MSDN that still require their users to have full admin privs bc that is how we developed the software because the MS developer tools required Administrator privileges to compile the exe? Those same MSDN developers that do not see anything wrong with web browsing with admin privileges. i have been using NTFS permissions since the mid 90's and just last Friday had to explain to one of our vendor's overpaid, MSDN reading C# experts the concept of 'Least Privilege'. i have read and enjoyed many of your posts Joe, consider unwinding some of those knots, the cussing doesn't help. jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org
Re: [CentOS] full-fledge PDF editor for Linux
On Tue, Oct 20, 2009 at 9:25 PM, MHR mhullr...@gmail.com wrote: On Tue, Oct 20, 2009 at 5:14 PM, Rob Townley rob.town...@gmail.com wrote: Acrobat isn't easy to use either. i find it kinda clunky and not intuitive. Maybe it is the nature of vector graphics and text. InkScape for graphics imports / exports pdf. The SVG can be edited in theory in a text editor because it is XML. ps2pdf -- pdf2ps xhtml2ps | ps2pdf I have had problems with ps2pdf - a lot of the time it just plain fails, especially if the output is fancy-formatted (like dual columns). OpenOffice can export its documents as pdfs, which can provide a lot of the functionality, but as for editing an existing PDF, I don't know of a cheap, simple solution. Acrobat is probably the best, and it's expensive (by my budget framework). mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i am having problems with ps2ascii tonight - wonder if ghostscript versions are clobbering one another. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] full-fledge PDF editor for Linux
On Tue, Oct 20, 2009 at 10:59 AM, Boris Epstein borepst...@gmail.com wrote: On Tue, Oct 20, 2009 at 10:36 AM, Boris Epstein borepst...@gmail.com wrote: Hi all, Does anybody know of an editor that can do on Linux what Acrobat / Acrobat Pro can do on Mac/Windows? I have tried to use the PDF Import extension to the Open Office which appears barely functional - at least it is so slow as to be almost impractical. I have also tried pdfedit under Linux which seems to work fine but seems to have rather limited functionality. For instance, the capability to make bookmarks or to search through the whole document (as opposed to the current page) seems to be missing there. Any tips much appreciated. Cheers, Boris. Hi again, Just to update you on the situation: the best solution I have found thus far is a commercial but cheap one named PDFStudio ( http://www.qoppa.com/psindex.html ). Prices are under US $100. Seems to be doing all we need (much like the Adobe Acrobat Pro ). Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Acrobat isn't easy to use either. i find it kinda clunky and not intuitive. Maybe it is the nature of vector graphics and text. InkScape for graphics imports / exports pdf. The SVG can be edited in theory in a text editor because it is XML. ps2pdf -- pdf2ps xhtml2ps | ps2pdf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Caught between a Red Hat and a CentOS
On Mon, Oct 19, 2009 at 3:45 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: which is about as useful as Microsoft Windows support... is it broken? reinstall windows FFS, this attitude amongst opensource guys that MS is the devil and are trying to murder your family or sabotage your life is such BS. Take the Tin Foil Hat off and settle down, MS support is easily on par w/ or *the* best support there is. i don't believe the statement lambastes MS because is about as useful means about the same. Remember that windows integration website ( don't remember the name but related to nLite and ryanvm) shutdown by Microsoft - it made a great deal of news because they had scripts to take out annoyances such as balloons popping up in the taskbar. MS lawyers had them disbanded. MS Tech Support asked customers to wipe and reinstall, but when the Wireless Networks Found balloon didn't pop up, they knew some things had been changed in the windows installation because they just had the customer wipe and reinstall. The point i believe the original poster was making is that wipe-n-reinstall is very very very common everywhere even at MS. i have been running NT since 3.0? / 3.1 and wondered why anything but NT ever came out. i don't think MS is evil but i have wasted too much time swapping legitimate MS Office CDs when there were multiple MS Office versions installed. It takes way too much time to install a windows system from scratch, configure how you want it, and then install all the apps on top and then all the updates and then all the updates to the apps ad nauseam. Oh, you want to image that harddrive now? Well you get 3 attempts with sysprep and then you start all over - no thanks. There is no comparison to 'yum -y update' -- i have wasted way too much of my life updating software, hunting down product keys (the COA on the pc case is hidden under the lock or on a misplaced cd). In fact, depending on which method you get to the 2008R2 activation screen it will not take your key. Dealing with proprietary phone tech support regarding software bugs that i could fix myself if i had the code - it is demeaning. In that world, you rarely have an opportunity to talk to the programmer, let alone a good tech. Filing a bug report in Bugzilla and getting a response from one of the programmers directly responsible - that has happened to me in open source. Never happened once as a Win32 developer and user. There really is no long lasting great tech support except open source along with the skill and intelligence we have ourselves and shared over the internet. i am more independent that way. i have more freedom that way. i have more time. I maintain both Linux/Unix and Windows machines, and since high school days I have been using PSS and there is nothing like it. They have have *ALWAYS* fixed everything but one issue I have had, where that one issue I resolved before them. Spreading your FUD reflects on _you_ not MS. I love Linux (and prefer to toil in this forest) but don't preach that anti-ms crap, its utter malarkey. Geesh... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] My doubts with apache server on centos installation
On Fri, Oct 9, 2009 at 1:46 AM, vijay shanker vijaydshan...@gmail.com wrote: Hi Linux geeks, I have just started to setup a production server with centos; and moved from windows server to centos. My first encounter with this great linux distro is good. I am not able to understand what is the point of having scattered folders for apache server installation. when i see the /etc/httpd folder; it has only conf folder and links to logs, module and , run. As i have been working on Windows where all these files are stored in a single installation folder. So, this makes me quite confused to start with. Can anyone tell me what is the idea behind using such a installation pattern. Now i am going to install java, I have two options via RPM and other is extracting the distro and use it. i have a feeling if i use first option, all the folders like jre and jdk will be palced any where. Not to be found. Please tell me or point to any relevant link. so i can go ahead without any doubt over this issue. -- Regards, Vijay Shanker ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Did it ever make since for everybody and their brother to install everything under c:\windows\system32\? That everything in system32 nightmare scares me security wise and functionality wise. WinVistA fixes that through file and registry system virtualization - that means even more places for your files. Some of the IIS stuff is in the registry and some in metabase and some in files. At least with nix, all the locations can be searched with a single find command - not so in windows. If you modify something in Linux using a GUI, but need the text file equivalent, the following command can help. touch /tmp/now install your app or make changes using a gui find / -newer /tmp/now | grep -v /proc/ There are a few improvements on this, but that can get you started. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Ping Is Broken
i am hoping this attachment gets through. It deals with bug in ping that made it very difficult to set up a system with two gateways. Title: ping -I is broken ././ping-bug-demo.sh.html ping -I is broken Demonstration that ping -I is broken. When specifying the source interface using -I with an ethX alias and that interface is not the default gateway interface, then ping fails. When specifying the interface as an ip address, ping works. Search for "Destination Host Unreachable" to find the bug. eth0 = 4.3.2.8 and the default gateway is accessed through a different interface eth1. eth1 = 192.168.168.155 is used as the device to get to the default gateway. FAILS: ping -I eth0 208.67.222.222 WORKS: ping -I 4.3.2.8 208.67.222.222 WORKS: ping -I eth1 208.67.222.222 WORKS: ping -I 192.168.168.155 208.67.222.222 The following are actual results which can be reproduced from an up-to-date Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration when setting up multi gatewayed systems. ping using eth0 : ping -c 2 -B -I eth0 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data. From 4.3.2.8 icmp_seq=1 Destination Host Unreachable From 4.3.2.8 icmp_seq=2 Destination Host Unreachable --- 208.67.222.222 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms , pipe 2 ping using 4.3.2.8 : ping -c 2 -B -I 4.3.2.8 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms ping using eth1 : ping -c 2 -B -I eth1 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms ping using 192.168.168.155 : ping -c 2 -B -I 192.168.168.155 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms My source route policy rules: /sbin/ip rule show 0: from all lookup 255 32762: from 4.3.2.8 lookup nic0 32763: from 192.168.168.155 lookup nic1 32764: from 192.168.168.155 lookup nic1 32765: from 4.3.2.8 lookup nic0 32766: from all lookup main 32767: from all lookup default Print out routing tables using /sbin/ip route show table TABLENAME: routing table nic0 : /sbin/ip route show table nic0 default via 4.3.2.1 dev eth0 routing table nic1 : /sbin/ip route show table nic1 default via 192.168.168.1 dev eth1 routing table main : /sbin/ip route show table main 4.3.2.1/27 dev eth0 proto kernel scope link src 4.3.2.8 192.168.168.0/24 dev eth1 proto kernel scope link src 192.168.168.155 169.254.0.0/16 dev eth1 scope link default via 192.168.168.1 dev eth1 routing table default : /sbin/ip route show table default NOTES: cat /etc/iproute2/rt_tables to get your own table names. ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project http://www.skbuff.net/iputils/ Mailing List net...@vger.kernel.org man ping: -I interface address Set source address to specified interface address. Argument may be numeric IP address or name of device. When pinging IPv6 link-local address this option is required. ping -V returns the latest available on CentOS and Fedora and the maintainers website: ping utility, iputils-ss020927 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping Is Broken
The following deals with bug in ping that made it very difficult to set up a system with two gateways. ping -I is broken Demonstration that *ping -I is broken*. When specifying the source interface using -I with an *ethX* alias and that interface is not the default gateway interface, then ping fails. When specifying the interface as an ip address, ping works. Search for Destination Host Unreachable to find the bug. eth*0* = 4.3.2.8 and the default gateway is accessed through a different interface eth*1*. eth*1* = 192.168.168.155 is used as the device to get to the default gateway. *FAILS *: ping *-I eth0* 208.67.222.222 *WORKS*: ping *-I 4.3.2.8* 208.67.222.222 *WORKS*: ping *-I eth1* 208.67.222.222 *WORKS*: ping *-I 192.168.168.155* 208.67.222.222 The following are actual results which can be reproduced from an up-to-date Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration when setting up multi gatewayed systems. * ping using eth0 *: ping -c 2 -B -I eth0 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data. From 4.3.2.8 icmp_seq=1 Destination Host Unreachable From 4.3.2.8 icmp_seq=2 Destination Host Unreachable --- 208.67.222.222 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms , pipe 2 * ping using 4.3.2.8 *: ping -c 2 -B -I 4.3.2.8 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms * ping using eth1 *: ping -c 2 -B -I eth1 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms * ping using 192.168.168.155 *: ping -c 2 -B -I 192.168.168.155 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms My source route policy rules: /sbin/ip rule show 0: from all lookup 255 32762: from 4.3.2.8 lookup nic0 32763: from 192.168.168.155 lookup nic1 32764: from 192.168.168.155 lookup nic1 32765: from 4.3.2.8 lookup nic0 32766: from all lookup main 32767: from all lookup default Print out routing tables using /sbin/ip route show table TABLENAME: routing table nic0 : /sbin/ip route show table nic0 default via 4.3.2.1 dev eth0 routing table nic1 : /sbin/ip route show table nic1 default via 192.168.168.1 dev eth1 routing table main : /sbin/ip route show table main 4.3.2.1/27 dev eth0 proto kernel scope link src 4.3.2.8 192.168.168.0/24 dev eth1 proto kernel scope link src 192.168.168.155 169.254.0.0/16 dev eth1 scope link default via 192.168.168.1 dev eth1 routing table default : /sbin/ip route show table default NOTES: cat /etc/iproute2/rt_tables to get your own table names. ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project http://www.skbuff.net/iputils/ Mailing List net...@vger.kernel.org man ping: -I interface address Set source address to specified interface address. Argument may be *numeric IP address or name of device*. When pinging IPv6 link-local address this option is required. ping -V returns the latest available on CentOS and Fedora and the maintainers website: ping utility, iputils-ss020927 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping Is Broken
ping -I is broken The following deals with bug in ping that made it very difficult to set up a system with two gateways. Demonstration that *ping -I is broken*. When specifying the source interface using -I with an *ethX* alias and that interface is not the default gateway interface, then ping fails. When specifying the interface as an ip address, ping works. Search for Destination Host Unreachable to find the bug. eth*0* = 4.3.2.8 and the default gateway is accessed through a different interface eth*1*. eth*1* = 192.168.168.155 is used as the device to get to the default gateway. *FAILS *: ping *-I eth0* 208.67.222.222 *WORKS*: ping *-I 4.3.2.8* 208.67.222.222 *WORKS*: ping *-I eth1* 208.67.222.222 *WORKS*: ping *-I 192.168.168.155* 208.67.222.222 The following are actual results which can be reproduced from an up-to-date Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration when setting up multi gatewayed systems. * ping using eth0 *: ping -c 2 -B -I eth0 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data. From 4.3.2.8 icmp_seq=1 Destination Host Unreachable From 4.3.2.8 icmp_seq=2 Destination Host Unreachable --- 208.67.222.222 ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms , pipe 2 -- The Following all WORK: * ping using 4.3.2.8 *: ping -c 2 -B -I 4.3.2.8 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms * ping using eth1 *: ping -c 2 -B -I eth1 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms * ping using 192.168.168.155 *: ping -c 2 -B -I 192.168.168.155 208.67.222.222 PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84) bytes of data. 64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms 64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms --- 208.67.222.222 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms My source route policy rules: /sbin/ip rule show 0: from all lookup 255 32762: from 4.3.2.8 lookup nic0 32763: from 192.168.168.155 lookup nic1 32764: from 192.168.168.155 lookup nic1 32765: from 4.3.2.8 lookup nic0 32766: from all lookup main 32767: from all lookup default Print out routing tables using /sbin/ip route show table TABLENAME: routing table nic0 : /sbin/ip route show table nic0 default via 4.3.2.1 dev eth0 routing table nic1 : /sbin/ip route show table nic1 default via 192.168.168.1 dev eth1 routing table main : /sbin/ip route show table main 4.3.2.1/27 dev eth0 proto kernel scope link src 4.3.2.8 192.168.168.0/24 dev eth1 proto kernel scope link src 192.168.168.155 169.254.0.0/16 dev eth1 scope link default via 192.168.168.1 dev eth1 routing table default : /sbin/ip route show table default NOTES: cat /etc/iproute2/rt_tables to get your own table names. ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project http://www.skbuff.net/iputils/ Mailing List net...@vger.kernel.org man ping: -I interface address Set source address to specified interface address. Argument may be *numeric IP address or name of device*. When pinging IPv6 link-local address this option is required. ping -V returns the latest available on CentOS and Fedora and the maintainers website: ping utility, iputils-ss020927 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resolv.conf with multiple adaptors on multiple networks
On Fri, Oct 9, 2009 at 10:39 AM, ML mailingli...@mailnewsrss.com wrote: Hi All, I did a clean install of CentOS 5.3 yesterday. During setup I activated both adapters on startup. etho is my public IP and eth1 is my private/internal IP. It did not let me specify nameservers though. So I know this is resolv.conf. I know I put in: nameserver xxx.xxx.xxx.xxx nameserver xxx.xxx.xxx.xxx But how do I put in nameservers for specific networks? Example, I want my public IP to resolve to the comcast name-servers top get out to things like Google. I want internal to default to my internal DNS once I have it setup. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i second what the others have said, but you can specify nameservers for each nic in their /etc/sysconfig/network-scripts/ifcfg-ethX file. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?
On Thu, Oct 8, 2009 at 4:39 PM, Dave tdbtdb+cen...@gmail.com wrote: On Thu, Oct 8, 2009 at 11:27 AM, Meenoo Shivdasani mee...@gmail.com wrote: /etc/init.d/network calls /etc/sysconfig/network-scripts/ifup which calls /sbin/dhclient which calls /sbin/dhclient-script which overwrites your resolv.conf with the info it gets from the DHCP server on the network. How would I find this out on my own? And it seems not to be correct. At least, if /etc/sysconfig/network-scripts/ifup calls /sbin/dhclient, it must use some indirection, as dhclient is not mentioned in the script explicitly: grep -i dhc /etc/sysconfig/network-scripts/ifup if [ ${BOOTPROTO} = bootp -o ${BOOTPROTO} = dhcp ]; then Why does it overwrite /etc/resolv.conf when the machine is not set to use DHCP? The IP address etc. is set statically using /usr/bin/system-config-network. Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i feel the pain as i went through this just last night on a multihomed CentOS 5.3 box. It was using old and wrong lease info which helped me notice it as a problem. i ended up deleting: /var/lib/dhcpd/dhclient.leases /var/lib/dhcpd/dhclient.leases~ /etc/dhclient.conf (but you should make a backup or at least look at the dhclient.conf because i think you can tell it what ethX to work on or not). rm anything else associated with dhclient Some guys say to uninstall NetworkManager, not just keep it from running. Setting a static dhcp lease in our separate dhcpd server you would think would fix this. But static lease made things worse because dhclient broke /etc/sysconfig/network-scripts/ifup-routes calls to '/sbin/ip/route add and /sbin/ip/rule add. With dhclient, i could not set a default gw rule for each different network interface card. After deleting the lease info and maybe changing the /etc/dhclient.conf and then deleting it, i could have a separate default gateway for each nic. Ok, the other BUG is ping. There is a bug in ping that has sucked up much of my life for the last 2 or 3 years. i will post separately on the ping -I bug. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux...
On Wed, Oct 7, 2009 at 11:45 AM, m.r...@5-cent.us wrote: Quoting m.r...@5-cent.us: Have I mentioned that I am less than enthralled with selinux? My latest issue is continuing messages in the /var/log/messages, which complain, for example, that siteminder can't write to smagent log (well, it can, since we've got selinux in permissive mode, and no, we have no control over using either siteminder or selinux). I've done what it says will solve the problem. A number of times. Discussing it with my manager, it seems as though selinux DOES NOT HAVE CORRECT ERROR HANDLING, and is falling through to a default error, and is *not* telling me the true cause. What is the error? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Running sealert. let's start with... snip SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to snip and respond with # getsebool -a | grep unified httpd_unified -- on Then we can go to: ... avc: denied { write } for pid=5898 comm=LLAWP path=/var/log/httpd/smagent.log dev=sda3 ino=whatever scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file Do you need more info? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Don't know selinux. when i have had init scripts write to new /var/log/ log files , i had to change them to be system_t or it would fail. Files under /tmp/ had to have a special label as well. So i wonder if you tried changing the log file to the system_t context and it also fails. Wouldn't it have to have both the system and http context? i went as far as building se modules which is actually very easy when you find the few instructions, but it had to rebuilt with each new kernel. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asterisk and VOIP was Re: CentOS for non-tech user
On Thu, Oct 1, 2009 at 1:46 PM, Rob Kampen rkam...@kampensonline.com wrote: Ron Blizzard wrote: On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis brian.mat...@gmail.com wrote: Not connected to the Internet, and not connected to a LAN are very different things. I doubt VOIP would work if the server was not connected to a LAN. There could be quite a few things on the LAN, depending on it's size, such as viruses, malware, and even users doing scans of the network. Don't assume that out there is insecure, and in here is secure. That's one of the biggest mistakes to make when creating a secure environment. You're right. I was thinking like a phone tech -- that the VOIP system's wiring was still separate from the regular LAN. Just to set your minds at ease (or not). I have a separate D-Link switch that does PoE (to power the snom phones) and vlans and set it up so that all the phones are on one vlan called VOIP. The * server single eth0 is also on this vlan, but does also belong to the rest of the office on another vlan called LAN. So - the snom phones (linux based) can only see the * server. The * server can see the rest of the LAN - so in theory anyone on the local LAN can scan and see the CentOS based * server. We are however a very small office and I get to see all connected PCs in action. As I have some questions about SIP security I was not prepared to have the snom phones in any way being accessible to / from the LAN (let alone the internet). Tks for comments and suggestions. Rob ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i like that layout. i would think instant messaging type access might still be doable to send short text messages to the phone display from workstations. Receptionist and those that want to check their voice mail from a web browser could be allowed. Those HP Multi Function Printer Scanner Fax copier machines can be very vulnerable because a hacker calls into the fax to compromise the fax machine which gives them full access to the inside of your Lan.i wonder how vulnerable Asterisk / Hylafax is to a dial-up rootkit. If so, even * connected to vlan and trunks would in theory still be vulnerable. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RPMforge.net down
On Tue, Sep 22, 2009 at 9:26 PM, Hugh E Cruickshank h...@forsoft.com wrote: Hi All: It appears that the RPMforge.net site is down. Can someone confirm and possibly advise when it might be expected back? TIA Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos yes, it appears down from here in Omaha on cox.net. Tried to also use that website that tests whether a 3rd party machine is up but it is NOT http://downformeoreveryone.com/ because that is now a porn site! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to tell if I've been hacked?
On Sat, Aug 22, 2009 at 6:07 PM, Bill Campbellcen...@celestial.com wrote: On Sat, Aug 22, 2009, Dave wrote: On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbellcen...@celestial.com wrote: I review daily reports from over 50 systems every morning, checking changes found, usually taking no more than 10 minutes a day. The key is to keep the reports simple, and to make updating easy (and to have procedures that monitor systems to be sure they's still alive and reporting in). So how do you track the inevitable changes? Not saying you can't, just curious. For me, when I look at a batch of changes, some of them are obviously stuff I've done, other stuff not so obvious. I also filter reports through a script that sort of does a diff and makes an attempt to limit the boilerplate. Sometimes it is a bit too terse. First off, we don't allow automatic updates on most systems, much preferring to do them manually making it pretty easy to refresh the comparison database immediately after the update is complete. The odds that a cracker will get in and do their dirty deeds while this are going on are pretty low, and can probably be ignored. We handle pretty much all server stuff under the OpenPKG portable package management system so things like spamassassin, amavisd, clamav, and postfix are not the distribution versions, but those from OpenPKG (which are generally updated more quickly then the distribution's). A typical occurrence will be that we get an e-mail saying that clamav is out of date from the nightly freshclam update, I will pick up the new sources, update the OpenPKG SRPM for it, and deploy it 40 or so systems running it, and expect to see a corresponding set of notices the next morning that files under clamav have changed. The clusterssh program makes this sort of thing much more efficient as one can execute shell commands on multiple systems simultaneously. We create a file system initially, the same size as ``/'', and make a copy of ``/'' in it identical except for the /etc/fstab entry. This is not mounted in normal operations, but the system can be booted from it to get to a clean system. Wow, elaborate. How do you protect this file system from intruders? Exterrnal and powerred off? That's one way to do it. We also run a fair number of Linux servers under VMware so periodic snapshots and backups simplify the task. I have not seen many successful cracks of Linux boxes that we have configured from scratch. Some basic things can be done to minimize the chances of cracks. + Create the baseline for intrusion detection tools before putting the syste on line, and monitor it daily. + Configure openssh to refuse password authentication requiring authorized_keys access. + Configure openssh with tcp_wrappers support, restricting access by IP address and/or domain names. I consider this absolutely mandatory if one needs to all username and password authentication. + Use fail2ban or similar techniques to quickly block IP addresses that are found probing the system (don't forget to look at POP and IMAP logs for failed login attempts). + Use /bin/false as the standard shell for accounts that don't have good reason for shell access. This does not affect e-mail or most services that a typical ISP customer needs. + Use OpenVPN for access. This works well even when in hotels with NAT firewalls, and is not easily hacked anonymously. + Restrict access of webmin and usermin to local networks so they are not vulnerable to outside attack. These services are available to people outside connecting with OpenVPN. Cross Site Attacks (CSRF, XSS) make webmin very vulnerable in this scenario. It is a bad idea to use a single browser. If in Firefox, you already logged in to webmin and browse to a malicious site (many reputable sites unknowingly have malicious javascript -- see HoneyNet), the malicious site could do nasty things via webmin or any other internal webserver. Yes, NoScript may help, but NoScript has to be updated daily and Firefox restarted. The best practice is to Install three separate browser application such as Epiphany or Dillo and only use this for internal websites. Use Firefox for email. Use Chrome for everything else. The idea is to have completely separate processes using completely separate memory and harddrive locations. I don't think there are many malicious variants of InvisibleThings's BluePill or BlueChicken, but if a malicious variant can elevate itself to become the Hypervisor, then all of your virtual machines could be monitored by a HyperKit -- rootkit in the hypervisor. Again, i don't know if there are many malicious in-the-wild versions of bluepill, but if just one malicious vmware image is uploaded to the Amazon EC2, then every other VM on that same hardware at Amazon can be controlled by a hyperkit. InvisibleThings are professional security researchers in Poland, so
[CentOS] xrdp in EPEL
xrdp is a service that allows you to use mstsc or rdesktop to view your Linux desktop from afar. xrdp is packaged for Fedora and EPEL http://koji.fedoraproject.org/koji/packageinfo?packageID=9026 now you can just type yum -y install xrdp to install it. it's also available in EPEL repo (for redhat enterprise and centos) https://fedoraproject.org/wiki/EPEL/FAQ#howtouse I have only installed from source, haven't tried this rpm. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Embedded Question
dynebolic.org LiveCD KnoppMyth On 8/1/09, Jason Pyeron jpye...@pdinc.us wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Victor Padro Sent: Saturday, August 01, 2009 18:18 To: CentOS mailing list Subject: Re: [CentOS] Embedded Question On Sat, Aug 1, 2009 at 4:59 PM, Joseph L. Casalejcas...@activenetwerx.com wrote: A friend asked me to setup an embedded appliance with an RO root for minimal maintenance to primarily stream shoutcast out to an amp. The only thing I knew that might do this is iMedia Linux, but the project is practically dead with little to no activity. Is it possible to do something like this with CentOS? Doesn't seem to be much info on the /etc/sysconfig/readonly-root file. Googled it: http://people.redhat.com/dmalcolm/stateless/ Anyone know a good place to get info on this? I would rather use CentOS if possible as I also want to use this a firewall/vpn for them and that would be easy and reliable w/ CentOS. Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi Joseph, Maybe it's not what you are looking for but there is a project named freenas which can provide a itunes server, uPnP, torrent server, among other things and it's based on m0n0wall(as pfSense is). http://www.freenas.org Greetings. -- Linux User #452368 Ubuntu User #28025 Doing a thing well is often a waste of time. -- -- //HP Mini 2GB 60GB - Windows XP/Ubuntu Jaunty //Core 2 Duo 2.40Ghz 8GB 500GB - Windows 7/Ubuntu Jaunty //Core 2 Duo 2.40Ghz 8GB 320GB - MacOS Leopard //Athlon 64 2.7Ghz 8GB 400GB - CentOS 5.3 //Core 2 Duo 1.86Ghz 8GB 1TB - Proxmox 1.3 //Celeron 1.8Ghz 2GB 160GB - pfSense //NSLU2 266Mhz 32MB 1TB - Debian Lenny ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Concerned 3 im clients were installed as dependencies.
Worried, ran yum -y update expecting to get the bind update but am concerned as to why the following instant messaging packages were installed as dependencies. All of the following are instant messaging related except cyrus-sasl. Jul 30 17:00:49 Installed: cyrus-sasl-md5-2.1.22-4.i386 Jul 30 17:00:49 Installed: meanwhile-1.0.2-5.el5.i386 Jul 30 17:00:50 Installed: libsilc-1.0.2-2.fc6.i386 Jul 30 17:00:54 Installed: libpurple-2.5.5-3.el5.i386 Jul 30 17:00:58 Installed: libpurple-perl-2.5.5-3.el5.i386 Did anybody else notice the install of im clients on practically headless non-gui systems? Any explanation? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Concerned 3 im clients were installed as dependencies.
On Thu, Jul 30, 2009 at 5:27 PM, Christoph Maserc...@financial.com wrote: Am Freitag, den 31.07.2009, 00:21 +0200 schrieb Rob Townley: Worried, ran yum -y update expecting to get the bind update but am concerned as to why the following instant messaging packages were installed as dependencies. All of the following are instant messaging related except cyrus-sasl. Jul 30 17:00:49 Installed: cyrus-sasl-md5-2.1.22-4.i386 Jul 30 17:00:49 Installed: meanwhile-1.0.2-5.el5.i386 Jul 30 17:00:50 Installed: libsilc-1.0.2-2.fc6.i386 Jul 30 17:00:54 Installed: libpurple-2.5.5-3.el5.i386 Jul 30 17:00:58 Installed: libpurple-perl-2.5.5-3.el5.i386 Did anybody else notice the install of im clients on practically headless non-gui systems? Any explanation? We observed something similar. On some systems automatic update installed kernel-xen-devel on some of our systems. Seems like the yum repository metadata was broken at some point in time. Chris financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Gosh, i miss Munich at this time of year. Wish i was eating a roasted chicken in the Chinese Pavillion right now! Thanks. Maybe i am being paranoid but Rootkits sending back their loot via im isn't uncommon and this internet facing system is due for a harddrive wipe anyway. But after yum clean all and uninstalling all the new im clients, then rerunning yum update resulted in no updates found. So that is good news. Thank You Karanbir, Kwan, and Christoper. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PCI modems
HylaFax.org's list of Analog/POTS SoftModems has a list of winmodems mixed in with just plain software. (Digital Modems are for ISDN / T1 phone circuits, not home). So you may want to ask their mailing list and chat room. Keeping in mind that hardware that works for one type of softmodem project (voice) may not work for another (faxing). Linux Gazette has an article on a $10 dollaer Linux Answering Machine that says that Intel 537-based modem (softmodem) works. A PCI slot that does not share interrupts is very important bc it will generate thousands of interrupts. External modems allow you to reset the modem without resetting the entire pc. On 7/23/09, RedShift redsh...@pandora.be wrote: Hi all, I'm currently searching for a PCI modem that will be used to receive faxes. I've tried out a few modems but they all use conexant chipsets, which need out-of-tree kernel drivers and currently doesn't work here (kernel oops when the installation script modprobes the driver). Does anyone know of a PCI modem that works out of the box with in-tree kernel drivers? Thanks, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help on start samba
Why? IIRC, I think the term is ready for this *Open Source * Further, the samba project has added a great deal more than what is in the standard RPMs. On 7/23/09, Tom Brown t...@ng23.net wrote: what rpm did you use for this install? --- He did not use an rpm so he is on his on. He used the source tarball. one would wonder why ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help on start samba
On Thu, Jul 23, 2009 at 3:08 AM, Tran Van Hungtvhun...@yahoo.com.vn wrote: Hi! Thank for reply. But before I insalled samba by hand, as follow: -download samba source (.tar.gz) -unrar with tar command -build with ./configure -install with make -Then I configure /etc/samba/smb.conf by vi. -Then I create users with password. Issue I met when start samba as I wrote before: r...@maychu1 home]# /etc/rc.d/init.d/smb start Pls! Thank you Best Regards, -- Tran Van Hung IT Department REX HOTEL 141 Nguyen Hue Blvd, Ho Chi Minh City, Vietnam Tel:(84-8)38292185 or (84-8)38293115 Fax:(84-8)38296536 Email: tvhun...@yahoo.com.vn Website:http//www.rexhotelvietnam.com ** Cell Phone: 0983908262 YM and Skype: tvhungsg From: Kwan Lowe kwan.l...@gmail.com To: CentOS mailing list centos@centos.org Sent: Wednesday, July 22, 2009 10:09:55 PM Subject: Re: [CentOS] Need help on start samba On Wed, Jul 22, 2009 at 10:52 AM, Tran Van Hung tvhun...@yahoo.com.vn wrote: Hello all! I have met inform as following. I see that no smb on init.d folder. [r...@maychu1 home]# /etc/rc.d/init.d/smb start bash: /etc/rc.d/init.d/smb: No such file or directory Pls help me how to have smb on init.d folder? Thank you. Thank you Best Regards, You probably do not have the samba package installed. You can do: rpm -q samba If no packages are listed, do: yum -y install samba This will install the samba package which contains the /etc/rc.d/init.d/smb script. Instead of running the script directly, it's easier to do: service smb start ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Attached are RPM based /etc/init.d/smb and /etc/init.d/winbind which are the text based shell scripts used to do things such as: service smb start service smb stop service smb status Of course, these are the RPM based ones which may have assumptions that are not compatible with your source based version unless you edit them. Let me know if it works. If you haven't done a man chkconfig, you may want to do that as well. Don't forget the testparm command which checks /etc/samba/smb.conf for proper syntax. i believe the list blocks attachments, so i cced you on it directly. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there an openssh security problem?
On Fri, Jul 10, 2009 at 9:33 AM, Peter Kjellstromc...@nsc.liu.se wrote: On Friday 10 July 2009, Rob Kampen wrote: Coert Waagmeester wrote: ... it only allows one NEW connection to ssh per minute. That is also a good protection right? ... Not really protection - rather a deterrent - it just makes it slower for the script kiddies that try brute force attacks Basically it's not so much about protection in the end as it is about keeping your secure-log readable. Or maybe also a sense of being secure... It's always good to limit your exposure but you really have to weigh cost against the win. Two examples: Limit from which hosts you can login to a server: Configuration cost: trivial setup (one iptables line) Additional cost: between no impact and some impact depending on your habits Positive effect: 99.9+% of all scans and login attempts are now gone Verdict: Clear win as long as the set of servers are easily identifiable Elaborate knocking/blocking setup: Configuration cost: significant (include keeping it up-to-date) Additional cost: setup of clients for knocking, use of -p XXX for new port Positive effect: standard scans will probably miss but not air tight Verdict: Harder to judge, I think it's often not worth it Other things worth looking into are, for example, access.conf (pam_access.so) and ensuring that non-trivial passwords are used. my €0.02, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Virtual Networks are such as tinc-vpn.org or hamachi create an encrypted network only accessible to members of the virtual network. So if your server's virtual nic has an address of 5.4.3.2, then the only other host that may see your server would be your laptop with address 5.4.3.3. No other internet hosts would even see 5.4.3.2... It is like IPSec, but much easier. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dhcp question
On Wed, Jul 8, 2009 at 5:55 PM, Karanbir Singhmail-li...@karan.org wrote: On 07/08/2009 11:46 PM, John R Pierce wrote: for your use, dnsmasq would do nicely. with the rpmforge repo configured... whats wrong with the dnsmasq already included in C5 ? ( I am guessing the target is c5 ) # yum install dnsmasq # chkconfig dnsmasq on # service dnsmasq start Why not just use the caching-nameserver ? -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos There are db based nameservers such as MyDNS or djbdns or pdns. MySQL db replication can replicate zones to other machines and it has an web interface option. pdns is authoritative only, not caching. pdns-recursor is caching. yum search pdns for ldap, db, geo, and i thought a web interface. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] server is always getting hacked
On Mon, Jun 29, 2009 at 9:00 AM, Sander Snelzander.s...@gmail.com wrote: On 06/27/2009 09:21 PM, Mag Gam wrote: sane and simple security management for linux systems: 1. only open ports in iptables which are being used, if possible with source address or source network. 2. use hosts.allow/deny rules for services if applicable, this adds another layer of security. 3. check logs often, use a central loghost 4. SSH: no root login, only dedicated users, only dedicated source addresses, only key based access or kerberized access, no standard port PortKnocking so the open port changes continuously. and / or tinc-vpn / hamachi so the port is only open to another member of your tinc network. Since there there are hundreds-of- thousands or millions of infected web servers out there serving up malicious drive-by javascript, use noscript on any machine connected to a server. Reemphasize watching cms (joomla and the like) plugins. 5. enable SELinux 6. use some kind of intrusion detection, like aide (standard in centos) or snort 8. use fail2ban to deny ipaddresses with several failed login attempts within a short period of time 9. clear your shell's history on logout 10. use sudo instead of su - 11. check bastille.org for hardening 12. check center for internet security for benchmarks, they provide very detailed information for hardening servers ( csisecurity.org ) 13. use chattr -i for several key configuration files, so they cannot be changed or deleted this should get you started, good luck Sander WE have a centos 5.3 install, and our server is keep getting hacked. We see load averages of 500+ and see people from all over the world logging into our server (used last). Is there a good place to start to avoid these kinds of things? For example, here is what I already did. Open up sshd port only setup iptables to only accept port 80 and 22 No FTP No other ports are allowed according to IP Tables. I am not sure what else measures I can take. Can someone please assist? TIA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Set hostname via DHCP ?
# i do NOT have any kind of use-host-decl-names on; entry. Do you use dnsmasq or dhcpd? # /etc/dhcpd.conf Not sure if a dnsmasq entry would be the same anymore. host babasse { hardware ethernet 00:0d:61:ae:6b:8f; fixed-address 192.168.1.249; option host-name PutClientHostNameHereNotSureIfItHasToBeSameAsAbove-babasse; } #Don't remember what happens when a linux client machine has already been configured. #But know for a fact that all pxe booted and live linux booted and Windows Vista and WinXP #machines use the hostname from the dhcpd entry. On Sun, Jun 28, 2009 at 10:38 AM, Niki Kovacscont...@kikinovak.net wrote: Hi. I just setup one of my machines as a DHCP server. I'd like it to handle the hostnames of clients. Don't know if this is an orthodox thing to do (feel free to add your comments :oD). Here's the server's relevant lines of dhcpd.conf: --8--- ... # Envoyer les noms d'hôtes aux clients use-host-decl-names on; # Adresses statiques host babasse { hardware ethernet 00:0d:61:ae:6b:8f; fixed-address 192.168.1.249; } --8--- Now the question is: how should the configuration look like on the client side, so the hostname gets effetively fetched from the DHCP server? During the initial install, I assigned hostnames manually to every machine. Cheers, Niki Kovacs ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux WYSIWYG HTML Editors
On Sun, Jun 28, 2009 at 4:48 PM, Ned Slidern...@unixmail.co.uk wrote: Lanny Marcus wrote: I have KomPozer installed, but after using M$ FrontPage for years, KomPozer looks like it is going to have a learning curve and I want to get away from FrontPage and Windows. I know Mark (MHR) uses SeaMonkey. Wondering if there is anything else I can use on Linux that is easier on a FrontPage user. I found this article: http://webdesign.about.com/od/htmleditors/tp/aatpwyslinux.htm when I googled. Recommendations? TIA! What's wrong with your favourite text editor and preview in Firefox? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos It always seemed to me that the only logical reason for FrontPage to purposely mess up the tag order was in the hopes that someday M$ would be the only ones capable of detangling it. Without FrontPage generating such messy html, i think you will find hand editing html/xhtml/xml to be not so difficult. O'Reilly's Head First HTML css and xhtml is a good book. http://www.headfirstlabs.com/books/hfhtml/ eclipse and some plugins as documened here: http://web-design.lovetoknow.com/Eclipse_HTML_Editor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] good small registrar?
GoDaddy switched to all windows servers according to NetCraft.com. Look at NoDaddy.com On Tue, Jun 23, 2009 at 8:16 PM, fmb fmbfee...@googlemail.com wrote: networksolutions is another good/pricey option...you can get good cs service if you called them, yet I prefer godaddy On Wed, Jun 24, 2009 at 3:22 AM, Eugene Vilensky evilen...@gmail.com wrote: Greetings, What are some registrars that members of this list have had good experience with? I was stepping through the godaddy checkout process, and being opted-in to a dozen different upsell features just left a bad impression. But I have no clue who else to go with. -Eugene ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Windows Vista Tablet PC linux alternative
On Fri, Jun 12, 2009 at 11:17 AM, Toshtoshli...@gmail.com wrote: Sorin Srbu wrote: That sounds about right. You get a textbox to write in and it will dump the input to whatever editor you set? Yes, it can dump the text to anything where you can use a normal keyboard. xournal, is a good replacement for onenote, but doesn't have the conversion handwriting to text Don't know about Onenote. Is that part of the text input in Vista Tablet or something? It is a part of office, m$ distributes it freely to students at our university, so all my friends use it, I convert their notes to pdf and enjoy with xournal -- Toshaan toshli...@gmail.com - http://www.toshaan.be ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Just FYI, While setting up CloneZilla on CentOS, i noticed that the Colorado School of mines uses Ubuntu on TabletPCs extensively and even modified a wacom driver for a 2007 version of Ubuntu. They also have a guide on imaging using drbl / CloneZilla. http://ticc.mines.edu/csm/wiki/index.php/Imaging_Guide Modified Wacom Driver: http://ticc.mines.edu/csm/wiki/index.php/Custom_Tablet_Software http://ticc.mines.edu/csm/wiki/index.php/Tablet_PC_Resources ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] LZMA for CentOS 5.3 repository or source or rpm
i need lzma compression for CloneZilla, but have not found it in any CentOS repository. The Finnish website was down and when up, it does not do much english. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?
On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssi...@sgvwater.com wrote: on 4-17-2009 9:33 AM Lanny Marcus spake the following: On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby centos4b...@triad.rr.com wrote: On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote: On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters-ee4meeah...@public.gmane.org wrote: snip My experience is that when browsing on any OS and you come across an error message stating that your computer is infected and you need to install such and such software, the web site I was visiting has an XSS exploit that was taken advantage of to try and get you to manually install a piece of malware. Install the FireFox extension noscript and be very careful about what domains you authorize scripting from. I now have NoScript installed. snip You might want to also check your preferences. FF has settings about warning about fraud sites etc. You also can affect the things that javascripts can do and suppress pop-ups. I've encountered those things that you mentioned and gotten no ill-effects since I just leave the site immediately. Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Remember the NeXT step days (for me, mid 90's) when a single executable binary file contained both intel and PowerPC/Motorola code. When clicked, it would execute the intel code on the intel platform and the PowerPC/Motorola code on the PowerPC/Motorola platform. I think it would be cool to have Portable App executables that run under both Linux and Windows because life would be easier, but the security problem would be too much of a downside -- a single binary that roots both Linux and Windows. It is easy to write an executable binary for Linux that ends in .exe - so that is don't think that is any protection at all. Clicking Cancel on these dialogs or X could still launch the executable - safest thing to do would be to kill firefox. Further recommend NoScript and SiteAdvisor simultaneously. Recommend against wine and even more so against the Internet Explorer whatchamacallit for Firefox including on wine. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?
On Fri, Apr 17, 2009 at 2:30 PM, Robert Heller hel...@deepsoft.com wrote: At Fri, 17 Apr 2009 14:07:31 -0500 CentOS mailing list centos@centos.org wrote: On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssi...@sgvwater.com wrote: on 4-17-2009 9:33 AM Lanny Marcus spake the following: On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby centos4b...@triad.rr.com wrote: On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote: On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters mpeters-ee4meeah...@public.gmane.org wrote: snip My experience is that when browsing on any OS and you come across an error message stating that your computer is infected and you need to install such and such software, the web site I was visiting has an XSS exploit that was taken advantage of to try and get you to manually install a piece of malware. Install the FireFox extension noscript and be very careful about what domains you authorize scripting from. I now have NoScript installed. snip You might want to also check your preferences. FF has settings about warning about fraud sites etc. You also can affect the things that javascripts can do and suppress pop-ups. I've encountered those things that you mentioned and gotten no ill-effects since I just leave the site immediately. Bill: I will double check the Firefox configuration settings, since I upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able to visit that web site, so if anything bad is coming from it (without the knowledge of the webmaster) I will hopefully avoid it, with the NoScript Firefox extension which I just installed. Lanny Noscript will give you an idea of just how many sites run a script of some kind. You will see a large part of sites just look different when the scripts don't run, and some don't function at all. Not that it is a bad thing, it will just make you think a lot. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Remember the NeXT step days (for me, mid 90's) when a single executable binary file contained both intel and PowerPC/Motorola code. When clicked, it would execute the intel code on the intel platform and the PowerPC/Motorola code on the PowerPC/Motorola platform. I think it would be cool to have Portable App executables that run under both Linux and Windows because life would be easier, but the security problem would be too much of a downside -- a single binary that roots both Linux and Windows. There is something called a StarKit that can be used to encapsulate Tcl/Tk programs. The StarKit can be treated as an executable that will run on any machine with a suitable Tclkit installed. It is also possible to combine the Tclkit with the StarKit, creating a StarPack, which is a self-contained executable. It is easy to write an executable binary for Linux that ends in .exe - so that is don't think that is any protection at all. Linux does not care about file *names*. A file is executable if its x bit is set AND it is recognized as an executable. That is one of: 1) file with the magic 'ELF' header (the # bits, bit order, and arch have to match what your kernel can deal with) 2) a Java jar file (if you have Java installed and configured for this usage) 3) a MS-Windows executable (if you have Wine installed AND the path is somewhere that maps to a MS-Windows drive AND Wine is configured for this usage) 4) an ASCII file with a '#!' as its first line and the path there names an executable file. MacOSX also supports 'universal binaries' (binaries that run on Intel or PowerPC processors). Clicking Cancel on these dialogs or X could still launch the executable - safest thing to do would be to kill firefox. Further recommend NoScript and SiteAdvisor simultaneously. Recommend against wine and even more so against the Internet Explorer whatchamacallit for Firefox including on wine. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Robert Heller, excellent post! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.3 samba: getent does not return data from the active directory (ads)
Have you browsed the LDAP entries in ActiveDirectory to see if they match similar entries for working windows hosts. Under the computer entry, look carefully at dnsHostname and servicePrincipalName. For a server, there are many many entries for these two variables. CIFS/x2, HOSTx2, LDAPS?/, . and so on. On 4/7/09, Jason Ellison info...@gmail.com wrote: CentOS 5.3 getent does not return data from the active directory (ads) I have installed and configured kerberos and samba so that the server can be a member of an existing Active Directory (AD). Correct configuration of kerbos was verified using kinit and klist. The samba configuration was verified by using smbclient -k -L server. winbind was verified by using wbinfo -g. The problem seems to be nsswitch accessing winbindd to get group information via the getent group command. I added winbind to the /etc/nsswitch.conf file like so: [r...@nagios ~]# grep winbind /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind I verified that all dynamic libraries are being accessed correctly by using strace getent group. Below is the debug output of winbindd when issuing various commands that interact with it. The commands are noted in (parenthesis). (winbindd -i -d 9) 00a0 status: NT_STATUS_OK (getent group command issued) accepted socket 17 [17171]: request interface version [17171]: request location of privileged pipe accepted socket 18 [17171]: setgrent [17171]: endgrent (getent passwd command issued) accepted socket 17 [17172]: request interface version [17172]: request location of privileged pipe accepted socket 18 [17172]: setpwent [17172]: endpwent (winbindd -i -d 9) 00a0 status: NT_STATUS_OK (wbinfo -g command issued) accepted socket 17 [17158]: request interface version [17158]: request location of privileged pipe accepted socket 18 [17158]: list groups get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init get_sam_group_entries: Returned 2 local groups get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well get_sam_group_entries: Returned 0 local groups get_cache: Setting ADS methods for domain COMPANY ads: enum_dom_groups NOTES: [r...@nagios ~]# uname -a Linux nagios.hq.company.local 2.6.18-128.1.6.el5xen #1 SMP Wed Apr 1 09:53:14 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux [r...@nagios ~]# rpm -qa samba krb* nss* nss_db-2.2-35.3 nss_db-2.2-35.3 krb5-libs-1.6.1-31.el5 nss-tools-3.12.2.0-4.el5.centos nss_ldap-253-17.el5 krb5-libs-1.6.1-31.el5 samba-3.0.33-3.7.el5 krb5-auth-dialog-0.7-1 nss-3.12.2.0-4.el5.centos nss-3.12.2.0-4.el5.centos nss_ldap-253-17.el5 krb5-workstation-1.6.1-31.el5 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] need trouble ticket system
Since many tickets have complex interdependencies, do any tracking systems happen to integrate directly with FreeMind? On 3/30/09, Steve Lindemann st...@marmot.org wrote: Dhaval Thakar wrote: Hi, I need to implement trouble tracking system, we have 250 users in one premise 3 desktop support technicians. I need to implement trouble ticket system, where user will enter their application / other issues. Mail will be sent to technician available on duty. trouble ticket will be provided to user will be given close stat once resolved. Kindly suggest me one such application based on open source. While I'll admit it takes some tweaking for the purpose, I'm surprised no one has mentioned bugzilla. It's a little bit of work to setup as a helpdesk trouble ticket system, but it does work at the task reasonably well. When I put it up here there wasn't as much to choose from that provided the flexibility we needed then. The only real grief I've seen is the multiple checks required to fully close a ticket (bug) are a bit much for a typical helpdesk. They make perfect sense when dealing with software bugs... 8^) We've been looking at replacing it with something less complex but haven't found anything yet that makes it worth the trouble for us to change. Try several and find the one that works for you. -- Steve Lindemann __ Network Administrator //\\ ASCII Ribbon Campaign Marmot Library Network, Inc. \\// against HTML/RTF email, http://www.marmot.org //\\ vCards M$ attachments +1.970.242.3331 x116 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba and iptables - woes
The poster suggesting a lopsided interfaces is correct. Look at incoming vs outgoing packets via ifconfig -a. Use /sbin/ip to fix it. Since the subnet is the same, u need a /sbin/ip rule. On 3/31/09, Rob Kampen rkam...@kampensonline.com wrote: Craig White wrote: On Tue, 2009-03-31 at 00:19 -0400, Rob Kampen wrote: Hi folk, I am trying to get iptables working on a samba server but find it is blocking something that prevents the windoze clients from being able to access the share. here are the bits from iptables: # nmb provided netbios-ns -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport 137 -j ACCEPT # nmb provided netbios-dgm -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport 138 -j ACCEPT # Samba -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i eth1 --dport 135 --state NEW -j ACCEPT # smb provided netbios-ssn -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i eth1 --dport 139 --state NEW -j ACCEPT # smb provided microsoft-ds -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i eth1 --dport 445 --state NEW -j ACCEPT so as far as I can tell this should provide access to the required services. BTW the server has two NICs; 100Mb is eth0 at 192.168.230.230 and connects to the router with internet/NAT firewall; 1Gb is eth1 at 192.168.230.232 and this connects to a G ethernet switch that has the windoze clients. The smb.conf is as follows: [global] workgroup = NDG netbios name = SAMBA netbios aliases = Samba server string = Samba Server Version %v interfaces = lo, eth1, 192.168.230.232 bind interfaces only = Yes security = DOMAIN obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes log file = /var/log/samba/%m.log max log size = 50 load printers = No add user script = /usr/sbin/useradd %u -n -g users delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g delete user from group script = /usr/sbin/userdel %u %g add machine script = /usr/sbin/useradd -n -c Workstation (%u) -M -d /nohome -s /bin/false %u logon path = domain logons = Yes os level = 32 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no create mask = 0664 directory mask = 0775 hosts allow = 127., 192.168.230., 192.168.231. case sensitive = Yes browseable = No available = No wide links = No dont descend = / [homes] comment = Home Directories valid users = %S read only = No browseable = Yes available = Yes [NDG] comment = NDG files path = /NDG write list = @NDGstaff, @birdseye read only = No browseable = Yes available = Yes I found that making the rule for port 139 ignore the eth port (i.e. remove the -i eth1) allowed things to work better, but do not want this to be the case as I do not want the eth0 interface to be used for this traffic. looking at netstat -l -n shows only lo and eth1 listening on port 139, so how is this failing to work?? Any ideas? Thanks I don't believe that you want to use comma separators in things like 'bind interfaces' or 'interfaces' - it doesn't seem that samba is consistent here. removed I have never used two separate hardware network interfaces on the same subnet and suspect that it may actually be trying to communicate back from the wrong one which is confusing things. Also, it doesn't make sense to list both eth1 and the actual ip address in bind interfaces but I would tend to doubt that would be a problem. Try taking eth0 down (as root - ifdown eth0) and see if that fixes the problem. tried this and things appear to work okay, so I guess I need to split my subnet into two.. Some further thinking required here. I have an almost identical set up in my home and actually tried all this there first, as I do not want my business impacted. So it appears to work fine at home but not at the office, some more testing required. I have only two windoze machines at home and neither access the server, so I'll have to contrive a setup that tries this out properly. Will keep you posted. Also, I'm not sure why some of the firewall rules include --state NEW and some of the don't - that doesn't fully make sense to me. state NEW is irrelevant for udp as it is a single direction with no handshaking such as tcp has - i.e. connectionless? Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] command line programs for ldap
On Sat, Mar 28, 2009 at 1:24 PM, Jerry Geis ge...@pagestation.com wrote: On Sat, Mar 28, 2009 at 12:57 PM, Jerry Geis geisj at pagestation.com http://lists.centos.org/mailman/listinfo/centos wrote: / Hi all. I am looking for some command line programs (pre made) // that will connect to an ldap server and list out the users in question // provided by the search argument given. / What wrong with getent passwd? ldapsearch uid=*whatever* ? ldapsearch was the command I was finding on oracles web page. whereis ldap on my machine produced nothing. yum provides ldapsearch produced nothing then I remembered I needed yum provides */ldapsearch and found openldap-clients Thanks Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You may want to look at python-ldap and the apps based on it. http://python-ldap.sourceforge.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] error when join my Centos machine to win2003 ADS server
2009/3/26 fabian dacunha fab...@baladia.gov.kw: Dear All, I have succesfully managed to have my kerberos configured n working without error when i say kinit Administrator and after entering password it works fine my krb5.conf -- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BALADIA.LOCAL dns_lookup_kdc = false dns_lookup_realm = false [realms] BALADIA.LOCAL = { default_domain = baladia.local kdc = 172.16.2.227:88 admin_server = 172.16.2.227:749 kdc = KMUN } [domain_realm] baladia.local = BALADIA.LOCAL klist shows icket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@baladia.local Valid starting Expires Service principal 03/26/09 11:33:04 03/26/09 21:33:18 krbtgt/baladia.lo...@baladia.local renew until 03/27/09 11:33:04 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached now i configured /etc/samba/smb.conf but when i try to join the domain net ads join -U Administrator Administrator's password: [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Failed to join domain: No logon servers after googling and tryin various options in /etc/samba/smb.conf file here is the latest smb.conf file - [global] #--authconfig--start-line-- # Generated by authconfig on 2009/03/26 12:50:28 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = BALADIA.LOCAL ; password server = kmun.baladia.local password server = 172.16.2.227 realm = KMUN.BALADIA.LOCAL security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind separator = + template shell = /bin/bash winbind use default domain = true winbind offline logon = false encrypt passwords = yes log level = 3 #--authconfig--end-line-- encrypt passwords = yes dns proxy = no server string = Samba Server Version %v os level = 20 client use spnego = no server signing = auto -- where i could be goin wrong i would be thankful and really apprecite your advice for any setting in my smb.conf file Is there anything else to check when i run testparam it gives no errors thnks and Regards Fabian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Can you get to the ADS netlogon share? It is //domainname/netlogon which may be //baladia.local/netlogon/on your network. //172.16.2.227/netlogon ? Further, even connecting WinVista to a domain will sometimes require raw editing of the hosts properties in LDAP. SysInternal's adexplorer.exe or jexplorer (don't use java 1.6) are good at this. Specifically, you will want to make sure dnsHostName and servicePrincipalName (SPN) are correct. If not, these tools with the domain admin privilege will let you edit these ldap entries directly. Use a known good ADS connected node as an example. There is a list of apps based on python-ldap at http://python-ldap.sourceforge.net/apps.shtml Some of those would provide adexplorer.exe type functionality, but i haven't tried them for editing. Hmmm, now i wonder if they work at all with Samba b/c python hooks were removed in Samba 3.2.0 due to lack of maintenance??? I would like a script that could be run on a Windows ADS server, a ADS domain connected windows client, and linux. The script would generate and verify everything needed to successfully connect. SASL required? Unsecured or Secured auth? kerberos and ldap identifiying info. ldapenum.pl was an attempt at this. You will want to read the announcement for Samba 3.2 which i am not sure if 3.2 is in the CentOS release repo or not. i ended up using fc9/fc10 for ads joins. EnterpriseSamba.com may still be your best bet for CentOS. http://lists.samba.org/archive/samba-announce/2008/000145.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Acrobat Reader 9 on Centos 4.7
On Thu, Mar 26, 2009 at 9:04 AM, tblader tbla...@flambeau.com wrote: Hello, Anyone know how to get Acrobat 9 running* on Centos 4.7? Looks like a libc conflict: /Adobe/Reader9/Reader/intellinux/bin/acroread: error while loading shared \ libraries: /apps/Adobe/Reader9_libs/libstdc++.so.6: requires glibc 2.5 or later dynamic linker Thanks Thomas [*] - http://www.us-cert.gov/cas/techalerts/TA09-051A.html -- Flambeau Inc. Technology Center - Baraboo, WI Email : tbla...@flambeau.com Keyserver: http://pgp.mit.edu KeyID: 0x00E9EC2C ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos r u using the Adobe Repository? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for some advice to monitor network usage in office
On Wed, Mar 25, 2009 at 3:52 AM, Spook ZA spoo...@gmail.com wrote: Hi Rudy 2009/3/25 Rudi Ahlers rudiahl...@gmail.com: Hi all, I've been asked by a college to setup a monitor to monitor a Windows network, but on internet usage. They want to have detailed usage, i.e. on a per IP / PC basis, and if possible to get stats for every protocol, and see over a period of time what goes on. My first though wat ntop, which does all of this, but it doesn't save the data in a DB, so if the server reboots the stats are reset to 0. I also can't get Cacti to give me stats per IP per protocol (unless someone knows how todo this). I don't yet know the full network layout, but I have a feeling they're using ADSL, and have a Windows Small Business server with ISA, and possible Exchange as well. So, I'm either going to put a CentOS box between the Windows box ADSL router, or maybe even setup a CentOS Vmware Virtual PC, force all the network to route via the VPS. Does anyone have some suggestions / experience in setting up something like this? P.S. Please don't look at the fact that there's Windows on the network. I use Linux for business purposes, not as a hobby, and we also use Mac Windows where the situation calls for it. -- Kind Regards Rudi Ahlers If your firewall / border gateway is running linux, have a look at: http://www.networkuptime.com/tools/netflow/ You need an exporter that will export linux netflow records and software that will collect and present the resultant data. Regards, Andrew. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos When you mention college internet usage, i thought of Caida.org and CoralReef. But that is more for scientific investigations of internet usage in general. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] help on kerberos5
On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu m3fr...@thesandhufamily.ca wrote: On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote: my domain name is=== baladia.local Windows 2003 AD server computer name is kmun my /etc/krb5.conf file is [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false [realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL } You only need one kdc here. Choose one, comment/delete the other. [domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL kerberos 88/udp kdc # Kerberos key server kerberos 88/tcp kdc # Kerberos key server What are these kerberos lines for? Why have you put them here? They don't belong - comment/delete them. [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } kinit should work after making the changes above. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos it would be so much easier if all configuration files were written in XML and by default would have an enforcing document type definition. Self commenting, would make sure syntax is correct, and further could ensure grammar is correct for the desired configuration. Namespaces can make XML less verbose;. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Network switches
On Mon, Mar 23, 2009 at 9:05 PM, Christopher Chan christopher.c...@bradbury.edu.hk wrote: * vlans * mstp or some well established form of per vlan spanning tree * acl's * port mirroring or what cisco calls span sessions * snmp * ssh enabled remote management * support w/ updates and bugfixes I need at least 48 ports per device and obviously would like them to be fast. Most importantly, I'd like to know what you guys prefer as operations dudes and what pitfalls to avoid. Also, are there other features you folks would demand to have in your switches that I haven't mentioned? I can provide more information if you'd like. Thanks. Oh, cost is sort of an issue (small/medium sized business) but right now insight from you guys is what's important and I can work out the cost issue later. Thanks again. D-Link DGS-3100 I ordered a number of these for the school where I work to place a number of Cisco 2960 10/100 switches. I am quite happy with them. Some of these switches are connected by multi-mode fibre. cheers, Christopher ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Every time i read these posts they are filled with contradictions in that one person loves HP and hates CiscoLinksys while another hates HP. Let's get a more scientific approach. Switch performance still depends on the NICS in the client machines. We all know a network is a complex system. Some of us claim to be computer scientists so shouldn't we act like that instead of advertising for our vendors. i would like to see real performance data via something like netperf with client machines booted from a standardized LiveCD, then peformance under their Linux Distribution and performance under Windows. Performance data would need to have details such as the NIC on the client machine and other hw characteristics. How many machines ran the benchmark simultaneously. Cat5e vs Cat6 or Fiber connected. http://www.netperf.org ( OpenSource started by HP, ) ftp://ftp.netperf.org/netperf/(Looks like 2.4.4 is the latest version. Not sure what 4.0.0 is) http://sourceforge.net/projects/jnetperf (java version of netperf) There may be another project from some Italian Professor, but didn't find it in my bookmarks. Yes, there is the unix way of time dd ... but that wouldn't work for windows clients and does not give enough details in terms of metrics. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Network switches
On Tue, Mar 24, 2009 at 10:24 AM, Rainer Duffner rai...@ultra-secure.de wrote: Rob Townley schrieb: Every time i read these posts they are filled with contradictions in that one person loves HP and hates CiscoLinksys while another hates HP. Let's get a more scientific approach. Switch performance still depends on the NICS in the client machines. Uhm. No. Not any longer, AFAIK. At least, once you leave the SOHO region (AFAIK, the OP wanted = 48 ports. I don't want to work in such a home-office, really...). There are 48 port SOHO priced switches nowadays. i am often not very impressed by network performance and need standardized benchmarks to figure out if there may be an issue at the NIC driver, switch or on up to a virus shield. It was either a ~2004 Dell Power magazine or ~2004 Network World article that mentioned that 3Com NICs didn't perform well with Cisco switches and vice versa. They also wrote about other vendors and i don't remember any of them performing extremely well across vendor. Now that NICs are a commodity, the problem could be worse. Backplane-performance is an issue. Especially with iSCSI. Also, as demonstrated, different switch-vendors offer different feature-sets at different price-levels. There's also the compatibility-question: if you already have a number of devices, the new ones must fit in well into the existing landscape (VLANs etc.pp.) Performance data would need to have details such as the NIC on the client machine and other hw characteristics. How many machines ran the benchmark simultaneously. Cat5e vs Cat6 or Fiber connected. That's already more variables in the equation than is healthy for a typical benchmark... http://www.netperf.org ( OpenSource started by HP, ) ftp://ftp.netperf.org/netperf/ (Looks like 2.4.4 is the latest version. Not sure what 4.0.0 is) http://sourceforge.net/projects/jnetperf (java version of netperf) There may be another project from some Italian Professor, but didn't find it in my bookmarks. Yes, there is the unix way of time dd ... but that wouldn't work for windows clients and does not give enough details in terms of metrics. Switch performance is extremely difficult to measure IMO. You need enough clients to make sure you're not accidentally measuring client-performance. Agreed, this is a difficult complex system, but some baseline measurements would still be worthwhile to rule out some problems. Client NIC performance would be valuable info. In the end, the only thing that counts is real-world data. Netperf et.al. don't really provide a real-world scenario, where you have a mixture of packet-sizes and protocols. Same for artifical load/packet generators (ixia et.al). netperf could use some work, but some generic baseline perf data would still be very valuable to rule basic problems. Somebody could post an ethereal packet capture of varying packet sizes and protocols that could be replayed on client machines. Because (almost) nobody has the time to do extensive tests, past real-world experience/performance data and word-of-mouth becomes an integral part in choosing such products. That, or you have enough money to buy everything from Cisco ;-) In theory, pxe booting a test image on all machines in the lan (maybe via drbl / CloneZilla) with netperf and running overnight could automate this process. The reality is that it can take much much more time to track down where a performance bottleneck is on a heterogeneous LAN. What performance data are you referring to? Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Network switches
On Tue, Mar 24, 2009 at 11:16 AM, Rainer Duffner rai...@ultra-secure.de wrote: Rob Townley schrieb: On Tue, Mar 24, 2009 at 10:24 AM, Rainer Duffner rai...@ultra-secure.de wrote: Rob Townley schrieb: Every time i read these posts they are filled with contradictions in that one person loves HP and hates CiscoLinksys while another hates HP. Let's get a more scientific approach. Switch performance still depends on the NICS in the client machines. Uhm. No. Not any longer, AFAIK. At least, once you leave the SOHO region (AFAIK, the OP wanted = 48 ports. I don't want to work in such a home-office, really...). There are 48 port SOHO priced switches nowadays. I see your point. I only imagined the home office that would need 48 ports ;-) i am often not very impressed by network performance and need standardized benchmarks to figure out if there may be an issue at the NIC driver, switch or on up to a virus shield. It was either a ~2004 Dell Power magazine or ~2004 Network World article that mentioned that 3Com NICs didn't perform well with Cisco switches and vice versa. Hm. I think I saw something like that (I was at a site that used Catalyst 6500-switches to connect desktops - in 2001). Autosensing was useless... They also wrote about other vendors and i don't remember any of them performing extremely well across vendor. Now that NICs are a commodity, the problem could be worse. Here, autosensing sometimes doesn't work. Then, you've got to set it fixed on both the client and the switch-port. What performance data are you referring to? What you gathered in the past from other switches on your LAN - and what you read on the internet ;-)) I'm not a networking-guy (switches are done by someone else here). Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You did read it because they autosensing was a big factor in the article(s). However, iirc, for some combinations of switches and nics still didn't perform well with autosensing off. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old
http://httpd.apache.org/security/vulnerabilities_20.html states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. i am no longer a httpd expert, but at least one of the security fixes involves XSS attacks via malformed ftp commands. I also realize that redhat / centos may patch things separately from Apache and that the sysadmin has a great deal to do with how secure things are, but almost 5 years? Does the sysadmin for www.centos.org get paid? HTTP/1.1 200 OK Date: Sun, 22 Mar 2009 19:37:51 GMT Server: Apache/2.0.52 (CentOS) X-Powered-By: PHP/4.3.9 Set-Cookie: PHPSESSID=f12ba53116e0f192b7653131d951a17d; path=/ Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: private, no-cache Pragma: no-cache Content-Type: text/html; charset=ISO-8859-1 Connection: keep-alive ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old
On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell lesmikes...@gmail.com wrote: Rainer Duffner wrote: Am 22.03.2009 um 20:40 schrieb Rob Townley: http://httpd.apache.org/security/vulnerabilities_20.html states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. i am no longer a httpd expert, but at least one of the security fixes involves XSS attacks via malformed ftp commands. I also realize that redhat / centos may patch things separately from Apache and that the sysadmin has a great deal to do with how secure things are, but almost 5 years? Download the src-RPM and make a checklist which CVEs are fixed and which not. (It's in a changelog-file somewhere - I don't remember the details, it's a while that I actually looked) Then, return here. Try: rpm -q --changelog httpd |less to see if it includes what you want to know before bothering with src rpms. Thank You Les, that is an awesome info. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Memory vs. Display Card
On Mon, Mar 9, 2009 at 3:39 PM, Victor Padro vpa...@gmail.com wrote: On Mon, Mar 9, 2009 at 1:18 PM, Louis Lagendijk lo...@lagendijk.xs4all.nl wrote: On Sun, 2009-03-08 at 19:27 -0700, John R Pierce wrote: Rick wrote: In article 20090308031754.ga11...@bludgeon.org, Ray Van Dolson centos@centos.org wrote: That sounds pretty strange. Have you confirmed that removing the new memory allows you to run in runlevel 5 again? Yes, that's how I'm running right now. now, try taking out the OLD memory and putting in just the NEW memory. see how it runs that way. if this works, try with the new 4GB as the 0 bank, and the old 2GB as the 1 bank. also, in the BIOS, check the memory timings, I'd leave them all on 'automatic' or 'default' or whatever the limited choices are in the Intel BIOS, trying to squeeze an extra clock out of CAS or whatever doesn't really help much under the best of conditions and it can destabilize a system under suboptimal conditions. When you use 4 banks of memory, some boards require slower settings. Tweaking the voltage may help there I guess, but I would opt for the slower settings. I recall that my BIOS chose a slower memory setting when I added 4G to my small server at home that already had 2G That system has been rock stable (except for my Sun quad ethernet that had problems with the Xen kernel due to MMIO issues. I solved that by ditching the Sun card and using a vlan capable switch with vlan trunking so that I no longer need so may ethernet interfaces) Louis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos have you read your technical product specifications? http://www.intel.com/support/motherboards/desktop/d975xbx2/sb/CS-029346.htm it states that the supported memory modules are only 2GB top Table 4 lists the supported DIMM configurations. Table 4. Supported Memory Configurations DIMM Capacity Configuration (Note 1) SDRAM Density SDRAM Organization Front-side/Back-side Number of SDRAM Devices (Note 2) 128 MB SS 256 Mbit 16 M x 16/empty 4 [5] 256 MB SS 256 Mbit 32 M x 8/empty 8 [9] 256 MB SS 512 Mbit 32 M x 16/empty 4 [5] 512 MB DS 256 Mbit 32 M x 8/32 M x 8 16 [18] 512 MB SS 512 Mbit 64 M x 8/empty 8 [9] 512 MB SS 1 Gbit 64 M x 16/empty 4 [5] 1024 MB DS 512 Mbit 64 M x 8/64 M x 8 16 [18] 1024 MB SS 1 Gbit 128 M x 8/empty 8 [9] 2048 MB DS 1 Gbit 128 M x 8/128 M x 8 16 [18] Notes: 1. In the second column, “DS” refers to double-sided memory modules (containing two rows of SDRAM) and “SS” refers to single-sided memory modules (containing one row of SDRAM). 2. In the fifth column, the number in brackets specifies the number of SDRAM devices on an ECC DIMM So your 4GB module is not supported... you should use 4x2GB modules in order to see an improvement(always using pairs, remember it's dual channel). cheers -- It is human nature to think wisely and act in an absurd fashion. Todo el desorden del mundo proviene de las profesiones mal o mediocremente servidas ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Victor seems to have found your problem. But you might want to verify there isn't a BIOS / firmware update for your motherboard. memtest distributed with most systems is old. One of the memtests was recently updated to for the latest intel chipsets. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
On Sun, Dec 14, 2008 at 9:20 AM, dhaval.tha...@networthdirect.com wrote: Hi list, I have to build vpn server for 1500 clients. No encryption necessary. can anyone please recommend me vpn server. I do not have experience on vpn. I have tested openvpn on my test setup, its working fine. I want to check if there any other vpn server available. I have not checked but can pptp vpn be usefull? My requirement is to connect 1500 clients on vpn server. Need frontend to manage vpn clients. Regards Dhaval ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The open source tinc-vpn which is like Hamachi. Could use a tun / tap layer with 5.0.0.0/8 addresses. Would never recommend PPTP because of the security issues and the clients can't have the same subnet as the corporate lan for it to work well. Even if you do not need encryption, but just authentication, pptp could be blown wide open. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] utility to find which /dev/videoX
Not sure this helps b/c maybe u need a non human interactive method. mplayer /dev/video0 lsusb -v On 12/15/08, Ignacio Vazquez-Abrams ivazquez...@gmail.com wrote: On Mon, 2008-12-15 at 19:32 -0500, Jerry Geis wrote: is there a utility or SOME method to determine which /dev/videoX (like /dev/video0 or /dev/video1) is being used by a device??? Example I have a USB camera and a USB TV module how do I determine which device is on /dev/video0 and which is on /dev/video1 I have seen perhaps a way in dmesg but I am looking for the BEST way and the correct way. Look under /sys/class/video4linux. -- Ignacio Vazquez-Abrams ivazquez...@gmail.com PLEASE don't CC me; I'm already subscribed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] URGENT: libdvdcss install hosed /var
On Thu, Dec 11, 2008 at 12:56 PM, MHR mhullr...@gmail.com wrote: I am running CentOS 5/2 (latest updates) with the GNOME DE on a 32-bit machine (at work). I have k3b installed, and I was trying to copy a DVD earlier this morning, but k3b said it couldn't read encrypted DVDs. So, I installed libdvdcss from rpmforge and restarted k3b. It hung the system. I rebooted, and / had been damaged. After running e2fsck from the repair prompt, I rebooted and a whole slew of errors revolving around various /var directories that did not ecist occurred. I have been trying to repair /var, and so far with a fair modicum of success, but I've hit an interesting wall - two, actually. 1) The gdm refuses to come up. It claims that Server Authorization directory (daemon/ServAuthDir) is set to /var/gdm, but this does not exist However: # ll -d /var/gdm drwxrwx--T 2 root gdm 4096 Dec 11 10:31 /var/gdm # ll /var/gdm total 8 -rw-r- 1 root root 45 Nov 26 10:47 :0.Xauth -rw-r--r-- 1 root root 63 Dec 11 09:14 :0.Xservers This is identical to my backup system (which is not surprising - I set up the dir and copied the files from here - was that a bad idea?). 2) The following daemons fail to start: auditd, NFS statd, avahi and HAL. I've tried to pin down why the avahi daemon won't start because it keeps logging permissions errors trying to create the pid file /var/run/avahi-daemon//pid, but the setup of /var /var/run and /var/run/avahi-daemon are all identical to this (backup) machine. Any suggestions? Or is there a better, more comprehensive repair facility available? BTW, OT: Does anyone know why this might have happened? I have all this installed at home, no problems whatsoever (libdvdcss works seamlessly with all my DVD tools, including k3b). Thanks! mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Was SELINUX in enforcing mode? Rebuilding directories and files that previously had mandatory labels seems like it would cause problems until labels were reapplied. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] URGENT: libdvdcss install hosed /var
On Thu, Dec 11, 2008 at 2:29 PM, Lanny Marcus lmmailingli...@gmail.com wrote: On Thu, Dec 11, 2008 at 2:47 PM, MHR mhullr...@gmail.com wrote: snip unpacking a tar archive into the root directory. Hm - well, _I_ never do that, and I rather doubt that yum did, either, Since you got it from rpmforge, I assume it was an rpm and not a tar file. but I suppose that would depend on what's in libdvdcss. I find it hard to believe that it wasn't something else more subtle with k3b, but, again, who knows? Or, more probably, with the libdvdcss snip 1) I did ask on the rpmforge list. Waiting to hear back from there, too. 2) I am just now beginning to really appreciate virtualization. A bunch of the gurus on this list use it. If I had a box with more RAM, I would try it. Still, past experience told me this would not be a problem. I guess that would best be described as naive I think since it works OK on your Desktop at home, that's not so naive. But, the HW is different and something may be awry on the HW on your Workstation at work. Or, there may have been a power glitch, while you were installing the SW. Is your Workstation on a UPS? Been using K3b for a long time here and never a disaster, like you experienced today. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Virtualization is great and all, but not sure that watching a dvd on a virtual machine would work so well. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Stop the FUD Xen is not deprecated
On Tue, Nov 25, 2008 at 2:18 PM, Bo Lynch [EMAIL PROTECTED] wrote: On Tue, November 25, 2008 2:55 pm, Rainer Duffner wrote: Am 25.11.2008 um 20:32 schrieb Bo Lynch: I was thinking about implementing Xen for our school district. Now that I'm hearing all of this I guess I need to look at something else. What does everyone recommend? Thanks Bo Lynch How much money do you have? What (how many systems, what do they do?) do you actually want to virtualize? Are you going to be around your school for the next couple of years? ;-) On a small scale, running VMware ESX3i or VMware-server is perfectly possible. Rainer Right now we have a about 30 servers. Mixture of CentOS,debian,slack,windows. Free is always the best cost and is why we have been moving toward open source as much as possible. Bo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Why not give kvm a try? i am using kvm on Fedora 9 to virtualize Win2008 at the moment. Also installed Virtual Machine Manager to set up. i am getting a BSOD on shutdown, but so far it is not bothering anything afaic tell. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Skype vs. CentOS: no outgoing sound
On Sun, Nov 23, 2008 at 4:20 PM, Niki Kovacs [EMAIL PROTECTED] wrote: Lanny Marcus a écrit : Niki: Welcome to the club! This is something I have tried to get working, on my CentOS 5 (32 bit) desktop. William was very kind and he volunteered to help, but I have other projects, with higher priorities, ahead of this one now. Great to know that one of the previous responders has it working AOK. My Sound Card is a Generic, which uses the snd-cs46xx driver. It's a Cirrus Logic and Skype works perfectly on M$ Windows, which is the main reason why this is still a dual boot box. Like yours, my calls to the Skype test robot are all one way. I can hear her, but she can't hear me. GL! Lanny After a few more hours of googling, I've come to the following conclusion: Skype seems to work for some folks, and not for others, regardless of competence or used distribution. I'd say this is quite annoying. Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Don't use skype, but r u sure your firewall is not blocking outgoing sound? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Skype vs. CentOS: no outgoing sound
On Sun, Nov 23, 2008 at 5:02 PM, Niki Kovacs [EMAIL PROTECTED] wrote: Rob Townley a écrit : Don't use skype, but r u sure your firewall is not blocking outgoing sound? Funny, I never gave that a thought. Any idea which port I would have to open? Niki ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Can't tell the port numbers involved. What about your selinux config - have you tried permissive mode of selinux? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how can I stress a server?
Does this system have shared video/system RAM? If you have video memory shared with system memory, there is going to be memory that can't be tested unless you rotate memory chips or put in a vga card. In memtest+ 2.10 configuration, set for no reserved memory and watch the memtest corrupt the video output on a shared memory system. i have some several year old DL360's and ML370's and love em - especially hw raid, but i my local supplier hasn't had any for several months. Uptil a few months ago, password reset info on ebay was sent in the clear, so i have a very hard time trusting ebay. It would be great if something like LinuxBios / OpenBios could stresstest the machine and then disable any RAM addresses that proved flaky - whether ECC or not. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Gigabit Lan doesn't work
On Sun, Nov 16, 2008 at 8:38 PM, Rilawich Ango [EMAIL PROTECTED] wrote: Hi all, I have installed Centos completely. However, the LAN doesn't work. Below is the message after I issue. How can I make it work? 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit Network Connection Thanks! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Were you running a 2.6.27 pre-release kernel? Everyone should read this as there about 12 NICs that could be rendered useless especially in a chipset integrated NIC. If you have an Intel PCI Express add-on card or integrated NIC, avoid the Ubuntu 8.10 alphas, OpenSUSE 11.1 beta, SUSE Linux Enterprise 11 beta, Fedora Rawhide or for that matter, any distribution that comes with a 2.6.27 pre-release kernel. So says the following arstechnica article. http://episteme.arstechnica.com/eve/forums/a/tpc/f/96509133/m/638006184931/inc/-1 i am no firmware expert, but i would think if you can find an identical machine, you should be able to use the following command from the article to backup good firmware, then use ethtool -E to restore the good firmware over your bad firmware. sudo ethtool -e ethX savemyeep.txt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Gigabit Lan doesn't work
You may want to see if the device driver for your device has been blacklisted in order to protect it. Look through the various /etc/modprobe.d/ blacklist files to see if it is listed. I am not an expert, there may be another place to blacklist or whitelist drivers on your config. On Sun, Nov 16, 2008 at 10:06 PM, Rilawich Ango [EMAIL PROTECTED] wrote: Below is the setting. [EMAIL PROTECTED] ~]# more /etc/redhat-release CentOS release 5.2 (Final) [EMAIL PROTECTED] ~]# uname -a Linux localhost.localdomain 2.6.18-92.1.18.el5 #1 SMP Wed Nov 12 09:30:27 EST 2008 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] ~]# ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 32 Transceiver: internal Auto-negotiation: on Supports Wake-on: pumbg Wake-on: d Current message level: 0x0007 (7) Link detected: yes [EMAIL PROTECTED] ~]# ethtool eth1 Settings for eth1: Cannot get device settings: No such device Cannot get wake-on-lan settings: No such device Cannot get message level: No such device Cannot get link status: No such device No data available On Mon, Nov 17, 2008 at 11:35 AM, Barry Brimer [EMAIL PROTECTED] wrote: Actually, I have 2 LAN cards. eth0 is working as it is 10/100. There is a build-in gigalan which doesn't work. I have to remove the 10/100 and make build-in lan works. [EMAIL PROTECTED] ~]# ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 32 Transceiver: internal Auto-negotiation: on Supports Wake-on: pumbg Wake-on: d Current message level: 0x0007 (7) Link detected: yes [EMAIL PROTECTED] ~]# ethtool eth1 Settings for eth1: Cannot get device settings: No such device Cannot get wake-on-lan settings: No such device Cannot get message level: No such device Cannot get link status: No such device No data available On Mon, Nov 17, 2008 at 10:54 AM, Barry Brimer [EMAIL PROTECTED] wrote: I have installed Centos completely. However, the LAN doesn't work. Below is the message after I issue. How can I make it work? 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit Network Connection What does ethtool eth0 tell you? What does ethtool eth0 tell you when the 10/100 card is not installed? What does lsmod look like with the 10/100 card in and out? What does dmesg | grep eth give you with the 10/100 card in and out? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Picasa vs. native photo management apps
On Fri, Sep 19, 2008 at 9:33 AM, Michael Semcheski [EMAIL PROTECTED]wrote: On Wed, Sep 17, 2008 at 2:30 AM, Niki Kovacs [EMAIL PROTECTED] wrote: The GIMP probably is going to require a very *long* learning curve. It has the power of Adobe Photoshop and may not be something casual users are going to want to take the time to learn. Admittedly. But more in the sense of learning a few very basic steps that everybody needs to know: - photo redimensioning - slimming them down (bytewise) - turning a color photograph into black and white - some basic effects (one-click, included) I recommend taking a good look at Digicam. For the types of tasks listed above, its very good and fairly easy. It also supports bulk processing, tagging images, etc. Its part image database and part image manipulator. Mike ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos don't forget ImageMagick which could be hosted localhost ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba 3.0.28/3.0.32
On Wed, Oct 8, 2008 at 6:40 PM, John R Pierce [EMAIL PROTECTED] wrote: Spike Turner wrote: I've looked at the CentOS docs-list as well as the Wiki as I was interested in Samba. On one CentOS box I've got 3.0.32 (the latest bug-fixed version from Samba.org) and on another I've got 3.0.28 (the latest from upstream). The docs look almost the same and the docs refer to security = share. However 3.0.32 comes with a blank smb.conf making it harder to get a secure server up and running. Is there a plan for a quick and dirty guide on the Wiki for setting up Samba with secure settings as well as TDB rather than deprecated settings? FWIW (about what you paid), I've often used SWAT to setup my Samba initial configuration. yum install samba-swat, then edit /etc/xinetd.d/swat and put a # in front of 'disable = yes', save this file, service xinetd reload, and then use a browser to connect to http://localhost:901 log on as root, and fill out the forms (if you want to manage swat from a seperate workstation, # out the only_from line too, or add your LAN ip or cidrrange, seperated by a space example: only_from = 127.0.0.1 192.168.0.0/24 would allow localhost or anyone on the 192.168.0.0/24 network to access swat) I know a lot of folks disparage swat, but its a lot easier than remembering all the obscure settings in the smb.conf files when you've got better things to do. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos You may want to look at a third party samba packager for better documentation such as: http://enterprisesamba.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thin client
On Wed, Sep 10, 2008 at 8:44 AM, Les Mikesell [EMAIL PROTECTED] wrote: Kevin Thorpe wrote: lingu wrote: Dear all, I am very much new to Linux Thin Client Concept. But know i am very much interested to create Centos 5 based thin client of 512MB on flash rom. Can any one guide me to how to start and if you provide any suitable links that will be very much great full. Instead of 'rolling your own' based on a heavy desktop/server distribution like Centos, look into something like Thinstation. The work has already been done for you. If you want to do it as an exercise then by all means continue. Look into the thin client options and the rescue disk options already available. You might also look at the k12ltsp distribution which has fedora and Centos spins with LTSP and some other extra packages included to network-boot thin clients. Even if you don't network boot, it is handy to have everything else set up on the server for remote thin client use. http://k12ltsp.org/mediawiki/index.php/Main_Page The EL5 version would be the current Centos based copy. Some work is in progress to turn this into installable packages for the next fedora release, but for now it is hard to beat installing this distro for something that works out of the box. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Another option is the xrdp project. Using rdestkop on your thin client to connect to a CentOS server with multiple simultaneous XWindows. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos