from:"Rob Townley"

Re: [CentOS] tune2fs: Filesystem has unsupported feature(s) while trying to open

2016-04-30 Thread Rob Townley

Not in my testing especially about the time of 6.4.
On Apr 22, 2016 5:16 PM, "Gordon Messmer" <gordon.mess...@gmail.com> wrote:

> On 04/22/2016 01:33 AM, Rob Townley wrote:
>
>> tune2fs against a LVM (albeit formatted with ext4) is not the same as
>> tune2fs against ext4.
>>
>
> tune2fs operates on the content of a block device.  A logical volume
> containing an ext4 system is exactly the same as a partition containing an
> ext4 filesystem.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tune2fs: Filesystem has unsupported feature(s) while trying to open

2016-04-22 Thread Rob Townley

tune2fs against a LVM (albeit formatted with ext4) is not the same as
tune2fs against ext4.

Could this possibly be a machine where uptime has outlived its usefulness?

On Thu, Apr 21, 2016 at 10:02 PM, Chris Murphy 
wrote:

> On Tue, Apr 19, 2016 at 10:51 AM, Matt Garman 
> wrote:
>
>
> ># rpm -qf `which tune2fs`
> >e2fsprogs-1.41.12-18.el6.x86_64
>
> That's in the CentOS 6.4 repo, I don't see a newer one through 6.7 but
> I didn't do a thorough check, just with google site: filter.
>
>
> > # cat /etc/redhat-release
> > CentOS release 6.5 (Final)
>
> > # uname -a
> > Linux lnxutil8 2.6.32-504.12.2.el6.x86_64 #1 SMP Wed Mar 11 22:03:14
> > UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> And that's a centosplus kernel in the 6.6 repo; while the regular
> kernel for 6.7 is currently kernel-2.6.32-573.22.1.el6.src.rpm. So I'm
> going to guess you'd have this problem even if you weren't using the
> centosplus kernel.
>
> I suggest you do a yum upgrade anyway, 6.7 is current, clean it up,
> test it, and then while chances are it's still a problem, then it's
> probably a legit bug worth filing. In the meantime you'll have to
> upgrade your e2fsprogs yourself.
>
>
> > I did a little web searching on this, most of the hits were for much
> > older systems, where (for example) the e2fsprogs only supported up to
> > ext3, but the user had an ext4 filesystem.  Obviously that's not the
> > case here.  In other words, the filesystem was created with the
> > mkfs.ext4 binary from the same e2fsprogs package as the tune2fs binary
> > I'm trying to use.
> >
> > Anyone ever seen anything like this?
>
> Well the date of the kernel doesn't tell the whole story, so you need
> a secret decoder ring to figure out what's been backported into this
> distro kernels. There's far far less backporting happening in user
> space tools. So it's not difficult for them to get stale when the
> kernel is providing new features. But I'd say the kernel has newer
> features than the progs supports and the progs are too far behind.
>
> And yes, this happens on the XFS list and the Btrfs list too where
> people are using old progs with new kernels and it can be a problem.
> Sometimes new progs and old kernels are a problem too but that's less
> common.
>
>
> --
> Chris Murphy
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Does CentOS7 targetcli work to serve out to XEN hosts?

2015-06-08 Thread Rob Townley

I have been successful at getting one XEN host to initiate a iSCSI
connection to a target served by CentOS7, but not a second XEN host.

xe sr-create complains the StorageRepository is in use.

Is there a configuration change?
Another iSCSI target server to use?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SIG - Hardening

2015-04-23 Thread Rob Townley

The most common way to get root on any box is through the web browser and
web browser plugins.
sandboxing firefox, acrobat reader, flash-plugin by default has gotta be a
priority.  Was brought up before.

i use a ffSandbox.sh that launches FF in a sandbox, but no longer sandboxes
PDFs.  Not production ready.

Might want to look at porting Qubes-OS to CentOS from Fedora.
https://en.wikipedia.org/wiki/Qubes_OS


On Thu, Apr 23, 2015 at 12:58 PM, Earl A Ramirez earlarami...@gmail.com
wrote:

 On 22 April 2015 at 20:49, Mark LaPierre marklap...@gmail.com wrote:

  On 04/22/15 01:13, Earl A Ramirez wrote:
   Dear All,
  
   About a week ago; I posted a proposal over on the centos-devel mailing
   list, the proposal is for a SIG 'CentOS hardening', there were a few of
   the members of the community who are also interested in this.
 Therefore,
   I am extending that  email to this community; where there is a larger
   community.
  
   Some things that we will like to achieve are as follows:
   SSH:
   disable root (uncomment 'PermitRootLogin' and change to no)
   enable 'strictMode'
   modify 'MaxAuthTries'
   modify 'ClientAliveInterval'
   modify 'ClientAliveCountMax'
  
   Gnome:
   disable Gnome user list
  
   Console:
   Remove reboot, halt poweroff from /etc/security/console.app
  
   Applying security best practises from various compliance perspective,
   e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure
   configuration guide to get some insight or use it as a baseline. The
   members of the community who are interested in this SIG or are willing
   to contribute are:
   Leam Hall
   Corey Henderson
   Jason Pyeron
  
   You can find the post here [0]
  
   We will really like to get SIG approved by the CentOS board so if
 anyone
   is interested or willing to contribute we will be happy to have you
   onboard.
  
   [0]
   http://lists.centos.org/pipermail/centos-devel/2015-April/013197.html
  
 
  These are all wicked good ideas for machines connected to the internet.
   I hope you also plan on making it easy to turn off these otherwise
  useful features for systems with no exposure to the internet.  Don't
  make it difficult/impossible to use rsync to back up between machines on
  the local intranet.  Rsync has to run as root to access and maintain
  correct file ownership and permissions.
 
  --
  _
 °v°
/(_)\
 ^ ^  Mark LaPierre
  Registered Linux user No #267004
  https://linuxcounter.net/
  
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 

 Hello Mark,

 We understand and recognise that security should not affect the function of
 a business in our case the operating system, I believe that the goal of
 the hardening SIG will be to mitigate potential risks that can have
 significant consequences.

 Over on the centos-devel list it was mentioned that there will be a
 separate repo, therefore this means that packages will be created to meet
 the objectives of the hardening SIG. Currently we are trying to get the SIG
 approved, therefore, no clear picture has been worked out at this moment;
 however within a month or so it will be available.



 --
 Kind Regards
 Earl Ramirez
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ipset not actually blocking

2014-12-10 Thread Rob Townley

Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the most
likely culprit.

The solution for now is:
delete ',dst' from the iptables INPUT chain
delete 'src,' from the iptables OUTPUT chain.




On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley rob.town...@gmail.com wrote:

 i created an ipset and added 8.8.8.8 to it and used the same iptables
 working all summer long  but
 i can still ping 8.8.8.8 and do nslookup queries against it.   ipset or
 iptables is broken.
   Anybody else rebooted since  ipset-6.11-3.el6.i686 was installed and
 actually tested that IP addresses that are supposed to be blacklisted are
 actually blocked?
 

 Filed CentOS bug report 7977 http://bugs.centos.org/view.php?id=7977
 this morning.  ipset was working great most of the year until ipset 6.11.-3
 CentOS bug 7977 http://bugs.centos.org/view.php?id=7977

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ipset not actually blocking

2014-12-10 Thread Rob Townley

Incidentally, a different OS has a newer version of  iptables
1.4.18-1.1ubuntu1, but still works the old way where SRC still matches
SRC,DST.

On Wed, Dec 10, 2014 at 2:03 AM, Rob Townley rob.town...@gmail.com wrote:

 Appears the iptables update 1.4.7-14 which came with CentOS6 r6 is the
 most likely culprit.

 The solution for now is:
 delete ',dst' from the iptables INPUT chain
 delete 'src,' from the iptables OUTPUT chain.




 On Mon, Dec 8, 2014 at 5:39 PM, Rob Townley rob.town...@gmail.com wrote:

 i created an ipset and added 8.8.8.8 to it and used the same iptables
 working all summer long  but
 i can still ping 8.8.8.8 and do nslookup queries against it.   ipset or
 iptables is broken.
   Anybody else rebooted since  ipset-6.11-3.el6.i686 was installed and
 actually tested that IP addresses that are supposed to be blacklisted are
 actually blocked?
 

 Filed CentOS bug report 7977 http://bugs.centos.org/view.php?id=7977
 this morning.  ipset was working great most of the year until ipset 6.11.-3
 CentOS bug 7977 http://bugs.centos.org/view.php?id=7977



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ipset not actually blocking

2014-12-08 Thread Rob Townley

i created an ipset and added 8.8.8.8 to it and used the same iptables
working all summer long  but
i can still ping 8.8.8.8 and do nslookup queries against it.   ipset or
iptables is broken.
  Anybody else rebooted since  ipset-6.11-3.el6.i686 was installed and
actually tested that IP addresses that are supposed to be blacklisted are
actually blocked?


Filed CentOS bug report 7977 http://bugs.centos.org/view.php?id=7977 this
morning.  ipset was working great most of the year until ipset 6.11.-3
CentOS bug 7977 http://bugs.centos.org/view.php?id=7977
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ipset module loaded at startup on CentOS 6.5

2014-08-10 Thread Rob Townley

Anybody on here successfully get ipset iptables sets to work _after_ a
reboot?
My question on StackExchange
http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade

Some of the things that need to be in place, otherwise iptables does not
load:
1.) The kernel module ip_set needs to be loaded.
2.) The sets need to be created.
3.) Only after 1 and 2 succeed, dare start up iptables.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables question

2014-06-20 Thread Rob Townley

+1


On Tue, Jun 17, 2014 at 9:41 AM, James B. Byrne byrn...@harte-lyne.ca
wrote:


 On Mon, June 16, 2014 23:34, Chuck Campbell wrote:

  I appreciate you restating this. I'll try to go make sense of iptables,
 given
  the insight,
 

 Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD
 that are used to initiate the packet path through IPTABLES and that they
 are
 mutually exclusive.  INPUT deals ONLY with packets that arrive from off of
 AND
 are destined for the host running IPTABLES.  OUTPUT deals only with packets
 that originate from the host running IPTABLES regardless of where they are
 destined.  And FORWARD deals only with packets that arrive from and are
 destined off of the host running IPTABLES.  A packet starts in only one of
 these based solely on its origin/destination pairing and it does not cross
 over automatically into either of the others.  For example, if a forwarded
 packet is detected then the INPUT and OUTPUT chains are not used at all.

 I have seen chain misconfiguration where IPTABLES rules evidently assume
 that
 a packet is to pass from the INPUT chain or the OUTPUT chain to the FORWARD
 chain automatically. In some cases it seems that the rules writer has
 implicitly assumed that INPUT - FORWARD - OUTPUT is the default routing
 of
 all packet paths.  This is not the case and it does not happen unless the
 other chain is specifically called from within the originating chain.

 My practice is to place general rules that I wish to apply to all packets,
 regardless of source or destination, into a chain called GENERAL and simply
 call that chain as the last instruction in each of the default chains.
 Actually I put very little else in the default chains and route from the
 GENERAL chain to other chains dedicated to specific rule sets, like for
 port
 knocking (FWKNOP_ALLOW); or for assured access (ALWAYS_ALLOW); or for
 blacklists: ALWAYS_DENY and FAIL2BAN_DENY for example.


 --
 ***  E-Mail is NOT a SECURE channel  ***
 James B. Byrnemailto:byrn...@harte-lyne.ca
 Harte  Lyne Limited  http://www.harte-lyne.ca
 9 Brockley Drive  vox: +1 905 561 1241
 Hamilton, Ontario fax: +1 905 561 0757
 Canada  L8E 3C3

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] idea: hybrid iso images?

2014-01-30 Thread Rob Townley

i definitely had the same experience back then.  Anybody had luck with
simply dd a current CentOS iso.  I wonder if RedHat supports
ISOHybrid?

On Mon, Apr 15, 2013 at 3:32 PM, Joseph Spenner joseph85...@yahoo.com wrote:



 
   From: Nux! n...@li.nux.ro
 To: CentOS mailing list centos@centos.org
 Sent: Monday, April 15, 2013 11:26 AM
Subject: Re: [CentOS] idea:  hybrid iso images?


On 15.04.2013 19:07, Joseph Spenner wrote:
 In order to create a bootable CentOS installation USB thumb drive,
 there are several steps one must follow.  The process often involves
 using a Windows box, which can be kinda annoying.

 The Linux Mint distro has what they call a Hybrid iso image.
  (see:   http://community.linuxmint.com/tutorial/view/744 )

 This image can be written to a thumb drive and used for installation
 simply by performing:

 # dd /path/to/image.iso of=/dev/sdb
   (where /dev/sdb is the thumb drive device).

 This thumb drive can now be booted and used for installation.
 The same image.iso file can be written to CD/DVD to create the
 installation media as well.


 Is this a complicated ISO build process?  I'm frequently installing
 to systems without CD/DVD drives, so this would come in handy.

 Centos ISOs have been hybrid for a while now AFAIK. Have you tried
 them and did not work?

 =

 Nux:

  I just tried again, using an 8G thumb drive, with the
 CentOS-6.4-x86_64-minimal.iso image on my 64bit Dell laptop, and got a
 quick error:
no boot sector found on USB device
   It then proceeded to boot the next device in the boot order list.
   I also tried it on 2 other Dell servers, and neither would boot the thumb 
 drive.

 I then dd'd the latest Linux Mint iso to the same thumb drive, and it worked 
 fine on my laptop.
 So, perhaps the CentOS images can not (yet) be used this way.
 Have you tried?

 Thanks for the reply!

 Regards,
 Joseph Spenner

 __
 If life gives you lemons, keep them-- because hey.. free lemons.
 ♥ Sticker fixer:  http://microflush.org/stuff/stickers/heartFix.html
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] idea: hybrid iso images?

2014-01-30 Thread Rob Townley

i broke down and stopped attempting this by hand and now use
multisystem on my Ubuntu box.

On Thu, Jan 30, 2014 at 2:58 PM, Joseph Spenner joseph85...@yahoo.com wrote:

 From: Rob Townley rob.town...@gmail.com

 To: CentOS mailing list centos@centos.org
 Sent: Thursday, January 30, 2014 8:54 AM
 Subject: Re: [CentOS] idea: hybrid iso images?

 i definitely had the same experience back then.  Anybody had luck with
 simply dd a current CentOS iso.  I wonder if RedHat supports
 ISOHybrid?

 On Mon, Apr 15, 2013 at 3:32 PM, Joseph Spenner joseph85...@yahoo.com wrote:

  I just tried again, using an 8G thumb drive, with the
 CentOS-6.4-x86_64-minimal.iso image on my 64bit Dell laptop, and got a
quick error:
   no boot sector found on USB device
It then proceeded to boot the next device in the boot order list.
  I also tried it on 2 other Dell servers, and neither would boot the thumb 
 drive.

 I then dd'd the latest Linux Mint iso to the same thumb drive, and it 
 worked fine on my laptop.
So, perhaps the CentOS images can not (yet) be used this way.

 I have yet to EVER get that to work.
 The closest I get is have it start the boot/install process, then ask where 
 the media/itself is.  It forgets, and can't find the install media-- even 
 though IT IS the install media.  I've never figured that out.   But, it is 
 what it is.  It does work nicely with the debian distros, such as Linux Mint 
 though.

 __
 If life gives you lemons, keep them-- because hey.. free lemons.
 ♥ Sticker fixer:  http://microflush.org/stuff/stickers/heartFix.html
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 3rd party repositories

2013-10-27 Thread Rob Townley

Andrew,

$ yum --disablerepo=* --enablerepo=epel info kernel

Does not show any kernels except what is already installed.
i suppose you have to enable testing and for that matter, looking in
CentOS testing first would be better.

On Fri, Oct 18, 2013 at 7:16 PM, Andrew Holway andrew.hol...@gmail.com wrote:
 I have never had any problems with EPEL: http://fedoraproject.org/wiki/EPEL

 Recently I used it to upgrade a kernel to 3.0.99 from the stock 2.6.32
 and everything just worked apart from an obscure kernel module for
 hfsplus support.

 ta,

 Andrew

 On 18 October 2013 21:52, isdtor isd...@gmail.com wrote:
 Can anyone comment on the use of 3rd party repos for newer versions of
 software like php, python and mysql? Two I am aware of are puias and ius.

 Is one preferable to the other? Can their packages be installed in parallel
 to and without interfering with base packages?
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Does elrepo fix google-chrome requirement for newer glib and GTK

2013-10-27 Thread Rob Townley

Has anyone tested installing the newer kernels from elrepo (or
somewhere else) in order to keep google-chrome updated beyond version
27?  Actually, i assumed a newer kernel would come with a newer glibc
but i do not see a newer glibc via elrepo, just newer kernels.  hmmm.

# yum --disablerepo=* --enablerepo=elrepo* info glibc | grep -i repo
only lists my already installed glibc packages from updates.

Further, google-chrome requires gtk2 version 2.24.0 or above, and i do
not see that in any alternate repos either.  But that is another
question because
#rpm -qi gtk2-2.18.9
finds the package, but
#yum clean all
#yum --enablerepo=* search all gtk2-2.18.9
says No Matches found
So clearly something is messed up if yum can not find one its own
packages it itself installed, so i cannot trust it to find gtk2-2.24.


For those that do not use google-chrome-stable, each time it is newly
started, the following message appears close to the top of the window:
Google Chrome has stopped updating and no longer supports this
version of your operating system.


Assuming 3rd party repos do not work directly, has anyone tried the following:
http://productforums.google.com/d/msg/chrome/yL3X4aEceXA/xF0gvEe7vJcJ
http://chrome.richardlloyd.org.uk/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone using CentOS Active Directory like system?

2013-09-30 Thread Rob Townley

sernet.de/en/samba/ seems to have the most promising SaMBa binaries
and make an ISO image to download. Described as
http://www.enterprisesamba.com/samba4app/

Setting up a new domain without existing ADS:
http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29

http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

On Mon, Sep 30, 2013 at 12:50 PM, James A. Peltier jpelt...@sfu.ca wrote:
- Original Message -
| I am the IT Development Specialist for a small community college and
| our
| CIO has asked me to explore an alternative to Microsoft Active
| Directory as
| we are separating from our parent university and funding is tight so
| we
| were looking into CentOS with 389 Directory Server.
|
| Any advise or suggestions would be very helpful.
|
| Jacob Tennant

No, we use Active Directory because it's the right tool for the job. I think
that you will find that you will have a difficult time finding another
product that will provide all the tools that AD provides when working with
Windows. If you are working with Windows and Windows only just use AD it's
the right thing. If you're in a mixed bag of Windows, Mac and GNU/Linux,
just use AD, it's likely still the right thing.

If you only need basic authentication than Samba will likely suit your needs.
On what scale are you talking? 2 workstations, 50 workstations, 100s
workstations?

--
James A. Peltier
Manager, IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone : 778-782-6573
Fax : 778-782-3045
E-Mail : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices

“A successful person is one who can lay a solid foundation from the bricks
others have thrown at them.” -David Brinkley via Luke Shaw
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone using CentOS Active Directory like system?

2013-09-30 Thread Rob Townley

Sorry, ctrl-enter (send right away) won ctrl-shift-v...

i used to love MS ADS, but do not love it much anymore and see that
there are other tools for the job. There was not nearly enough
documentation on which target machines a particular group policy can
apply correctly to which version of windows (2000?, XP?, 7?, Vista?,
...). When there was a problem, applying a policy there were many
different logfiles one had to parse thru to put together the problem.
Most of those policies can be done with registry changes pushed out a
number of different ways.

Zarafa or Zentyal are projects to look at.

sernet.de/en/samba/ seems to have the most promising SaMBa binaries
and make an ISO image to download called samba4app. Described as
Guided initial configuration of a Samba 4 Active Directory domain
http://www.enterprisesamba.com/samba4app/

Full support for managing Windows clients via group policies using
the Windows Remote Server Administration Tools. Win7Pro or
Enterprise runs that tool. It would be much less expensive to buy one
server license instead of multiple licenses and all those CALs.

Some wiki articles:
Setting up a new domain without existing ADS:
http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29

Join an existing ADS domain:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

On Mon, Sep 30, 2013 at 4:58 PM, Rob Townley rob.town...@gmail.com wrote:
sernet.de/en/samba/ seems to have the most promising SaMBa binaries
and make an ISO image to download. Described as
http://www.enterprisesamba.com/samba4app/

Setting up a new domain without existing ADS:
http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29

http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

No, we use Active Directory because it's the right tool for the job. I
think that you will find that you will have a difficult time finding another
product that will provide all the tools that AD provides when working with
Windows. If you are working with Windows and Windows only just use AD it's
the right thing. If you're in a mixed bag of Windows, Mac and GNU/Linux,
just use AD, it's likely still the right thing.

If you only need basic authentication than Samba will likely suit your
needs. On what scale are you talking? 2 workstations, 50 workstations,
100s workstations?

[CentOS] Is there a rpm command to find the package that created a particular user or particular group?

2013-06-27 Thread Rob Townley

Given a particular user or particular group, is there a rpm command that
returns what package created that particular user or particular group?

Analogous to `rpm -q --whatprovides /etc/security/limits.conf` returns the
package pam.
Is there an rpm command that returns what package generated a particular
user?

Most of us already know that the httpd package is associated with the user
apache.  But there are passwd and group entries that i would like to verify
and want to know exactly how they got on my system.  Further i would like
to know which the security implications of adding another group to a user
account.

Something like the following command:
`rpm --query --user apache`  would return httpd
`rpm --query --group pulse-access`   might return pulseaudio
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there a rpm command to find the package that created a particular user or particular group?

2013-06-27 Thread Rob Townley

--scripts is helpful, the following returns a great deal of package scripts
having to do with users and groups, but ideally would return just the
package names involved in creating the user or group.

rpm -qa --scripts | egrep 'user|group|id\s|getent|pass'

rpm -qa --scripts | less does not seem  to list any package names, but may
be a more formal rpm would help:

rpm --queryformat %{FILEUSERNAME} %{TRIGGERSCRIPTS}
%{TRIGGERSCRIPTPROG}\n --query httpd

does not return a script name and i do not see anything else in rpm
--querytags that would help.

Has to be a way, but not today.




On Thu, Jun 27, 2013 at 1:52 PM, Leon Fauster leonfaus...@googlemail.comwrote:

 Am 27.06.2013 um 20:36 schrieb Rob Townley rob.town...@gmail.com:
  Given a particular user or particular group, is there a rpm command that
  returns what package created that particular user or particular group?
 
  Analogous to `rpm -q --whatprovides /etc/security/limits.conf` returns
 the
  package pam.
  Is there an rpm command that returns what package generated a particular
  user?
 
  Most of us already know that the httpd package is associated with the
 user
  apache.  But there are passwd and group entries that i would like to
 verify
  and want to know exactly how they got on my system.  Further i would like
  to know which the security implications of adding another group to a user
  account.
 
  Something like the following command:
  `rpm --query --user apache`  would return httpd
  `rpm --query --group pulse-access`   might return pulseaudio


 take a look at the pre/post-script parts of the rpms

 rpm -q --scripts httpd

 other users/groups are installed via centos setup (anaconda).

 --
 LF





 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuring source-specific routing

2013-05-04 Thread Rob Townley

Any neighbors with Open WiFi?
Connect Cat5 to laptop in your house and connect to neighbors open WiFi.
Woila, two ISPs.

If you have 3G, it will work better to connect it into a CradlePoint type
3G hardware gateway device and connect the laptop to the 3G Gateway.
NetworkManager would only activate my bluetooth-to-3G connection when i
turned WiFi off.  (Further, i just ran `ip route` on my android phone while
connected to 3G and WiFi and the android output was disappointing.  Does
not have both active at same time.)


On Fri, May 3, 2013 at 8:37 PM, Michael Mol mike...@gmail.com wrote:

 On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote:
  On 05/02/2013 08:48 PM, Michael Mol wrote:

 [snip]

 
  Alternate source routing, firewall and netfilter marking of packets:
 
 
  iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark
 100 #
  iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark
  200 #
  iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark
 100
 
 
  # Local network
  iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20
  iptables -t mangle -A PREROUTING -d 172.16.0.0/12  -j MARK --set-mark 20
  iptables -t mangle -A PREROUTING -s PublicIP -d 192.168.0.0/16 -j MARK
  --set-mark 20
  iptables -t mangle -A PREROUTING -s PublicIP -d 172.16.0.0/12 -j MARK
  --set-mark 20
 
  And then something like:
 
  # echo 201 mail.out  /etc/iproute2/rt_tables
  # ip rule add fwmark 1 table mail.out
  # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out
 
  (http://lartc.org/howto/lartc.netfilter.html).
 
  Used firewall rules are from StarOS router OS that has simple script for
  policy routing so that second part with ip rule and ip route is just a
  pointer in right direction.

 I don't figure I want to use the mangle table for this. Though thanks
 for the example code; that will come in handy for tc. Just need how to
 work that in with sanewall.

 I think I know what I did wrong, but it's going to be a while before I
 can test it. (Dang, I wish I had enough spare hardware at home to set up
 a test lab.)



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuring source-specific routing

2013-05-04 Thread Rob Townley

Find some businesses that both have open wifi near each other.  Bring an
old WiFi router and a Cat5 cable.   Connect your laptop WiFi to one open
hotspot.  Connect the old WiFi router in client access mode to another open
wifi.  One ISP is to your local coffee shop.  The other ISP is to the
grocery store.


On Sat, May 4, 2013 at 6:33 AM, Rob Townley rob.town...@gmail.com wrote:

 Any neighbors with Open WiFi?
 Connect Cat5 to laptop in your house and connect to neighbors open WiFi.
 Woila, two ISPs.

 If you have 3G, it will work better to connect it into a CradlePoint type
 3G hardware gateway device and connect the laptop to the 3G Gateway.
 NetworkManager would only activate my bluetooth-to-3G connection when i
 turned WiFi off.  (Further, i just ran `ip route` on my android phone while
 connected to 3G and WiFi and the android output was disappointing.  Does
 not have both active at same time.)


 On Fri, May 3, 2013 at 8:37 PM, Michael Mol mike...@gmail.com wrote:

 On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote:
  On 05/02/2013 08:48 PM, Michael Mol wrote:

 [snip]

 
  Alternate source routing, firewall and netfilter marking of packets:
 
 
  iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark
 100 #
  iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark
  200 #
  iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark
 100
 
 
  # Local network
  iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark
 20
  iptables -t mangle -A PREROUTING -d 172.16.0.0/12  -j MARK --set-mark
 20
  iptables -t mangle -A PREROUTING -s PublicIP -d 192.168.0.0/16 -j
 MARK
  --set-mark 20
  iptables -t mangle -A PREROUTING -s PublicIP -d 172.16.0.0/12 -j MARK
  --set-mark 20
 
  And then something like:
 
  # echo 201 mail.out  /etc/iproute2/rt_tables
  # ip rule add fwmark 1 table mail.out
  # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out
 
  (http://lartc.org/howto/lartc.netfilter.html).
 
  Used firewall rules are from StarOS router OS that has simple script for
  policy routing so that second part with ip rule and ip route is just a
  pointer in right direction.

 I don't figure I want to use the mangle table for this. Though thanks
 for the example code; that will come in handy for tc. Just need how to
 work that in with sanewall.

 I think I know what I did wrong, but it's going to be a while before I
 can test it. (Dang, I wish I had enough spare hardware at home to set up
 a test lab.)



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuring source-specific routing

2013-05-04 Thread Rob Townley

Somebody oughta try an external USB WiFi dongle on a laptop with internal
WiFi.  Does NetworkManager handle two WiFi devices?


On Sat, May 4, 2013 at 6:48 AM, Rob Townley rob.town...@gmail.com wrote:

 Find some businesses that both have open wifi near each other.  Bring an
 old WiFi router and a Cat5 cable.   Connect your laptop WiFi to one open
 hotspot.  Connect the old WiFi router in client access mode to another open
 wifi.  One ISP is to your local coffee shop.  The other ISP is to the
 grocery store.


 On Sat, May 4, 2013 at 6:33 AM, Rob Townley rob.town...@gmail.com wrote:

 Any neighbors with Open WiFi?
 Connect Cat5 to laptop in your house and connect to neighbors open WiFi.
 Woila, two ISPs.

 If you have 3G, it will work better to connect it into a CradlePoint type
 3G hardware gateway device and connect the laptop to the 3G Gateway.
 NetworkManager would only activate my bluetooth-to-3G connection when i
 turned WiFi off.  (Further, i just ran `ip route` on my android phone while
 connected to 3G and WiFi and the android output was disappointing.  Does
 not have both active at same time.)


 On Fri, May 3, 2013 at 8:37 PM, Michael Mol mike...@gmail.com wrote:

 On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote:
  On 05/02/2013 08:48 PM, Michael Mol wrote:

 [snip]

 
  Alternate source routing, firewall and netfilter marking of packets:
 
 
  iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark
 100 #
  iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark
  200 #
  iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark
 100
 
 
  # Local network
  iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark
 20
  iptables -t mangle -A PREROUTING -d 172.16.0.0/12  -j MARK --set-mark
 20
  iptables -t mangle -A PREROUTING -s PublicIP -d 192.168.0.0/16 -j
 MARK
  --set-mark 20
  iptables -t mangle -A PREROUTING -s PublicIP -d 172.16.0.0/12 -j
 MARK
  --set-mark 20
 
  And then something like:
 
  # echo 201 mail.out  /etc/iproute2/rt_tables
  # ip rule add fwmark 1 table mail.out
  # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out
 
  (http://lartc.org/howto/lartc.netfilter.html).
 
  Used firewall rules are from StarOS router OS that has simple script
 for
  policy routing so that second part with ip rule and ip route is just a
  pointer in right direction.

 I don't figure I want to use the mangle table for this. Though thanks
 for the example code; that will come in handy for tc. Just need how to
 work that in with sanewall.

 I think I know what I did wrong, but it's going to be a while before I
 can test it. (Dang, I wish I had enough spare hardware at home to set up
 a test lab.)



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuring source-specific routing

2013-05-03 Thread Rob Townley

Michael, very frustrating that so much noise for a very simple request. I
set up multi source routing in 5.3 or so and was astounded at all the
negativity on this list and that it could not be done. It will take
forever to read the noise in this thread alone. Some said you have to use
DHCP i could go on.

Do not trust that ping -I will work how you would think. Must specify an
IP address, not eth0, not eth1.
ping -I 10.0.0.1 8.8.8.8

This really is just a few lines per interface.

Learn by changing the /etc/sysconfig/network-scripts/ifup-route shell
scripts to add logging.
echo out variables.

There is no need to get iptables involved at all unless doing something
very special.

i did not want to setup quagga or some form of dynamic routing deamon
because of security concerns. i wanted static IP addresses communicating
to the ISP on static routes. It is pretty simple. Maybe i can hook up my
laptop to 3G and WiFi and Cat6 and make sure i get it working. Please
remember to use IP addresses, not names for ping testing. Scrutinize ping
results.

ping -I 10.0.0.1 8.8.8.8

On Fri, May 3, 2013 at 4:26 PM, Michael Mol mike...@gmail.com wrote:

On 05/03/2013 03:24 PM, Michael H. Warfield wrote:
On Wed, 2013-05-01 at 17:52 -0400, Michael Mol wrote:

[snip]

Curiously, at least one guy has reported success:

http://sysadminsjourney.com/content/2009/04/15/doing-simple-source-policy-routing-centos/

Now, the only thing different between his setup and mine (apart from my
using ethN:1 instead of ethN, as all three routers hang off the same
ethernet segment) is that were his guide says:

echo default table CorpNet via 10.0.0.1
/etc/sysconfig/network-scripts/route-eth1

Ok... Wow... If that's the only difference between his description and
what you did, you certainly left A LOT out. He's using both rules and
tables neither of which you made any mention of in your original post.

I tried it both ways, honestly. I've been blasted (postfix) or ignored
(samba) more than a few times in other environments for providing too
much information, so I didn't think it wise doing a writeup of both
approaches. Can't win. Can't even break even...

At this point, having read that article, I will eat my earlier words
(not the first time and certainly won't be the last time). I guess you
can now do this using the standard files, it's just that I haven't done
it in so long that you couldn't do it back then (my excuse and I'm
sticking with it). Following his description, I could easily reproduce
my old setups using ifcfg-ethN, rule-ethN, and route-ethN. I'm
impressed. I don't need it any more but - nice... That makes it a lot
easier than what I had to figure out.

I was going to ask you how you tied in your manual script...

Ok... So, I'm assuming you properly set up the rules-ethN file as well
(and the proper entry in /etc/iproute2/rt_tables? You made no mention
of that in your OP. That's a very crucial bit there.

So, this is interesting. I'd read that you could use a command like

ip route add 1.2.3.4/32 dev eth0 via 10.1.0.1 src 10.1.0.12 from
4.3.2.1/24

with the from 8.3.2.1/24 portion as part of the IP command, but that
using tables was usually done because it was easier.

What's bizarre is that I could have sworn I had this type of rule even
working. But when I run it on my laptop, and follow up with ip rule
show, the from X clause is gone.

This calls into question everything else I was convinced I had working,
too. But I do know my 'table CorpNet' approach worked when applied
manually, but not when I tried converting it to route-ethN. I won't be
able to try it again for a while, either, but I've got a hunch why it
didn't work.

Also, in your OP you mentioned this:

On Wed, 2013-05-01 at 16:05 -0400, Michael Mol wrote:
I've created a route-eth0:1 file that looks roughly like this:

10.0.0.1 dev eth0:1 \
src 10.0.0.2 \
from 10.0.0.0/29

default via 10.0.0.1 dev eth0:1 \
src 10.0.0.2 \
from 10.0.0.0/29

You're not showing table numbers or names there so it's not clear if you
are using different route tables or not (which you MUST do and associate
them with appropriate match rules).

Yup. See above where I discover from a.b.c.d isn't a valid clause to
attach to the ip command. As finicky as that command is, I'm
disappointed it didn't throw an error.

According to man ip-route on my router the from stanza is not valid
in a route add (route-ethN files) and in a route ls is only
applicable to cloned routes. What you wrote can not literally work,
by my reading of the ip man pages.

Yup. I just re-read through to double check, when my manual invocation
on my laptop didn't work.

You get the source matching from the rules not the routes. You
haven't mentioned (or acknowledged) anything about them but they are
crucial (as are the use of multiple tables). What did you set up for

Re: [CentOS] flashing a BIOS on an HP server

2013-04-30 Thread Rob Townley

For the DL380 G4 series, the firmware update bootable ISO was Linux based
and the SmartStart CD was Linux based.  Boot using the Live ISO and there
was a utility available that would create a LiveUSB version.  No Windows
was required whatsoever.  i loved the way that most all firmware updates
were accomplished from a LiveCD.


On Tue, Apr 30, 2013 at 2:55 PM, Hugh E Cruickshank h...@forsoft.comwrote:

 From: m.r...@5-cent.us Sent: April 30, 2013 12:34
 
  The DVD: is that bootable? If so, can I simply put the .exe
  on the h/d,
  and boot from the DVD, then point it to the .exe and run it?

 It is supplied as a zipped ISO file. Burn the ISO and then boot from
 the disk.

 I have just remembered that the Firmware DVDs have been replaced by
 the new Service Pack for ProLiant (also bootable).

 HTH

 Regards, Hugh

 --
 Hugh E Cruickshank, Forward Software, www.forward-software.com

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Warning Error procesing LVM.

2013-03-20 Thread Rob Townley

Warning Dialog Box that appears when trying to use CentOS 6.4 32bit to
upgrade a preupgrade failure of Fedora 13 to Fedora 15.
Need to make certain Re-initialize will not delete all my files, but
just rebuildable metadata.

There is inconsistent LVM data on Volume Group vg_ec239dict.  You can
reinitialize all related PVs (/dev/sdb2, /dev/sda2) which will erase
the LVM metadata, or ignore which will preserve the contents.  This
action may also be applied to all other PVs with inconsistent
metadata.

clickable options are:
Ignore
Ignore all
Re-initialize
Re-initialize all
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?

2013-03-20 Thread Rob Townley

On Mon, Dec 10, 2012 at 9:40 AM, Daniel J Walsh dwa...@redhat.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 12/07/2012 06:49 PM, Gordon Messmer wrote:
 On 12/06/2012 06:05 PM, David McGuffey wrote:
 Why isn't Firefox and Evolution confined with SELinux policy in a way
 that APT can't damage the rest of the system? Why are we not sandboxing
 these two apps with SELinux?

 Probably mostly because when you sandbox an X11 application, you can't copy
 and paste in or out of the application.  Most users want to do that.
 ___ CentOS mailing list
 CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

 Yes when you wrap something in sandbox, you loose the ability for these
 applications to communicate with the rest of the desktop.  In order to secure
 the desktop in any real way you need to break communications, and this
 communications break down, hurts usability.  I opt for security, and will just
 run evince outside my session, if I really need copy/paste.  Maybe when we get
 to Wayland, we can make this better.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.12 (GNU/Linux)
 Comment: Using GnuPG with undefined - http://www.enigmail.net/

 iEYEARECAAYFAlDGAnoACgkQrlYvE4MpobPYnQCfct1/1mnGEF7JxYd06ba/00hz
 qRgAoOQYZjU6ZvoaIk4a2gn9uKjBxsqH
 =Z6ei
 -END PGP SIGNATURE-
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


When i tried sandboxing firefox on CentOS 6.4, it says i need
seunshare, but yum search all seunshare results in nothing.

/usr/sbin/seunshare is required for the action you want to perform.

Widening the search to selinux and installing a bunch of packages, and
then running:
$ rpm -qf /usr/sbin/seunshare
policycoreutils-sandbox-2.0.83-19.30.el6.x86_64
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Eclipse (again)...

2013-02-19 Thread Rob Townley

On Tue, Feb 19, 2013 at 6:45 PM, Mark LaPierre marklap...@aol.com wrote:

 # yum install eclipse-\*
 # yum remove eclipse-nls htmlparser

 After this, various C++ components and *a lot* of other pieces, too,
 were added to the Installed Software list. I very much doubt that the
 installation actually added all the modules. Instead I suspect that in
 the past, there was some kind of problem that caused the system to stop
 loading components that were actually installed at a certain stage - and
 that this issue was resolved by the install command. If you know what I
 mean...

 - Toralf


 I'm glad you got it to work.  I remember having to spend some google
 time trying to figure out how to add syntax highlighting for perl.

 --
  _
 °v°
/(_)\
 ^ ^  Mark LaPierre
 Registered Linux user No #267004
 https://linuxcounter.net/
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Finding and installing .i686 packages to make things work on x86_64
platform could be better.

i managed to get updates from within eclipse to work, but it was not
as straightforward as i would have thought.

i needed those updates to get android-sdk stuff to work at all.

i followed your instructions for getting C/C++ projects to work as
expected and that seems to have worked!   but android stuff is no
longer working.  i want to say android requires htmlparser, but that
will have to wait till morning for verification.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] the at command

2013-01-22 Thread Rob Townley

Have the nodes subscribe to a Multicast server.

Using Pipes, Signals, and some other basic operating system course
terminology the name of which escapes me at the moment.

setpriority() or nice up (-15) the priority of your software.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba vs. Firewall and/or SELinux

2012-12-31 Thread Rob Townley

On Fri, Dec 28, 2012 at 9:10 AM, Craig White craig.wh...@ttiltd.com wrote:


 
 I guess I'm not sure what the point is by having files owned by 'nobody'
 and then adding nobody 'user' to the 'users' group - that seems to be some
 rather twisted logic that has security implications far beyond the simple
 samba share configuration but hey… it's your box.

 chirp users /data/public -R
 chmod g+s /data/public -R

 will ensure that all files/folders in /data/public are owned by the group
 'users' and any new files/folders created within (whether by samba or not)
 belong to that group.

 if you add 'inherit permissions = yes' to the 'share' definition in
 smb.conf, that also will impact.
 Yes, you could also add:
 force security mode = 770 #or 775
 force directory security mode = 770 #or 775
 within the share definition too.



What is the chirp command and where is it found?
yum search all chirp yielded nothing.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba vs. Firewall and/or SELinux

2012-12-31 Thread Rob Townley

On Mon, Dec 31, 2012 at 6:41 PM, Mark LaPierre marklap...@aol.com wrote:

 On 12/31/2012 07:27 PM, Rob Townley wrote:
  On Fri, Dec 28, 2012 at 9:10 AM, Craig Whitecraig.wh...@ttiltd.com
  wrote:
 
 
  
  I guess I'm not sure what the point is by having files owned by 'nobody'
  and then adding nobody 'user' to the 'users' group - that seems to be
 some
  rather twisted logic that has security implications far beyond the
 simple
  samba share configuration but hey… it's your box.
 
  chirp users /data/public -R
  chmod g+s /data/public -R
 
  will ensure that all files/folders in /data/public are owned by the
 group
  'users' and any new files/folders created within (whether by samba or
 not)
  belong to that group.
 
  if you add 'inherit permissions = yes' to the 'share' definition in
  smb.conf, that also will impact.
  Yes, you could also add:
  force security mode = 770 #or 775
  force directory security mode = 770 #or 775
  within the share definition too.
 
 
 
  What is the chirp command and where is it found?
  yum search all chirp yielded nothing.

 I believe you will find that chirp was a fat finger for chgrp.


THANK YOU... i could not figure out the typo quickly.
i wanted to make sure the complete and correct reference is there when i
need it some time at 3am.


 --
  _
 °v°
/(_)\
 ^ ^  Mark LaPierre
 Registerd Linux user No #267004
 https://linuxcounter.net/
 
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ethernet puzzle

2012-12-28 Thread Rob Townley

 Remember, udev's rules lists FOUR devices.  There are only THREE.


 What does the BIOS say about ethernet devices?

 Does the motherboard have a management interface card with its own
 ethernet port, perhaps potential but not actually installed?



An IPMI may have its own MAC, but share a physical port with the main NIC.
If you are using this as a firewall, make sure to not have an IPMI port
facing the internet.

You may have a MAC address in one of your ifcfg-eth* files that does not
_exactly_ match the hardware.  Sometimes, it can be case-sensitive.
pushd /etc/sysconfig/network-scripts/
mkdir BACKUP
mv ifcfg-eth* ./BACKUP/
I would take out all the add-on cards and see if this extra MAC stays
around.
Put the other cards in one-by-one till found.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Nautilus Open With difference with Connect to server... sftp

2012-12-07 Thread Rob Townley

.PDFs on my local harddrive open by default with acroread Adobe Reader 9.
.PDFs on network shares open with evince Document Viewer.

Is there some way to force Open With to also use acroread for network
locations as well?

Here are the inconsistencies in the UI:
   When right clicking a local harddrive .PDF, top line in menu is Open
with Adobe Reader 9
   When right clicking a remote harddrive .PDF, top line in menu is Open
with Document Viewer

   When right clicking and choosing properties and choosing the Open With
tab, a .PDF file in both locations indicates Adobe Reader 9.


gdm on CentOS 6.3 32bit with all latest updates.

AdobeReader_enu installed from Adobe repository:
Name: AdobeReader_enu
Arch: i486
Version : 9.5.1
Release : 1
Size: 135 M
Repo: installed
From repo   : adobe-linux-i386
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?

2012-12-07 Thread Rob Townley

Daniel,

Can the Firefox profile file hierarchy be sandboxed?  So everything
downloaded within the profile cache is sandboxed.  More like if any
application accesses something in a particular folder, sandboxing
automatically kicks in.

On Fri, Dec 7, 2012 at 5:49 AM, Daniel J Walsh dwa...@redhat.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 12/06/2012 09:05 PM, David McGuffey wrote:
  Moat of the advanced persistent threats (APT) are initiated via e-mail.
  Opening an attachment or clicking on a web link starts the process.
 
  Why isn't Firefox and Evolution confined with SELinux policy in a way
 that
  APT can't damage the rest of the system? Why are we not sandboxing these
  two apps with SELinux?
 
  I've discovered some guidance for sandboxing Firefox using the 'sandbox'
  command.  Once I test it a bit, I'll post the results back here.  Seems
 to
  me that if this works, it should be the default.
 
  DaveM
 
 
  ___ CentOS mailing list
  CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
 
 Very difficult to sandbox thunderbird and firefox.  But sandbox tool
 actually
 works well for sandboxing viewers of downloaded data.  I sandbox all
 content
 that will be viewed by evince and libreoffice.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.12 (GNU/Linux)
 Comment: Using GnuPG with undefined - http://www.enigmail.net/

 iEYEARECAAYFAlDB19QACgkQrlYvE4MpobPbugCfZfbdFXIDLwSk1/hXvXaHvVDS
 cPcAoOGg4eOtAPYVZvqcMmpB8fke1Q0d
 =krFW
 -END PGP SIGNATURE-
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?

2012-12-07 Thread Rob Townley

Let us know how it goes.  i thought i followed one of Daniel Walsh's blog
posts to sandbox firefox and don't remember it being that bad, but that was
well over a year ago.  Since he maintained selinux for RedHat for a number
of years, ... he probably knows what he is talking about. He was always on
top of selinux reported bugs.


You may want to check out Qubes-OS.  Qubes-OS is based on Fedora by the
creator of bluepill guestOS to hypervisor code.

On Thu, Dec 6, 2012 at 8:05 PM, David McGuffey davidmcguf...@verizon.netwrote:

 Moat of the advanced persistent threats (APT) are initiated via e-mail.
 Opening an attachment or clicking on a web link starts the process.

 Why isn't Firefox and Evolution confined with SELinux policy in a way
 that APT can't damage the rest of the system? Why are we not sandboxing
 these two apps with SELinux?

 I've discovered some guidance for sandboxing Firefox using the 'sandbox'
 command.  Once I test it a bit, I'll post the results back here.  Seems
 to me that if this works, it should be the default.

 DaveM


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] flash plugin

2012-09-16 Thread Rob Townley

iirc, Firefox  will block flash from working when it knows the plugin
is vulnerable.
flashtester.org works today, but not last week and maybe even the week before.
i have seen this behavior a few times after major security flaws are
known to be exploited.
i don't think i did anything to fix it except apply updates and reboot.

Have you rerembered to make sure no firefox process or any flash
process is running?


$ rpm -qv firefox flash-plugin
firefox-10.0.7-1.el6.centos.x86_64
flash-plugin-11.2.202.238-release.x86_64


FlashTester.org succeeds but javatester.org fails, so ...
Tools -- AddOns -- Plugins  -- Check to see if your plugins are up to date
which brings one to https://www.mozilla.org/en-US/plugincheck/
Missing Java?  For your safety, Firefox has disabled your outdated
version of Java. Please upgrade to the latest version.


On Sun, Sep 16, 2012 at 3:34 PM, Keith Roberts ke...@karsites.net wrote:
 On Sun, 16 Sep 2012, Michael Hennebry wrote:

 To: CentOS mailing list centos@centos.org
 From: Michael Hennebry henne...@web.cs.ndsu.nodak.edu
 Subject: [CentOS] flash plugin

 How do I get a flash plugin to work with firefox?
 I thought that I installed it correctly,
 but I have yet to see any flash videos through firefox.

 I keep being told that I need an additional plugin.
 When I folow directions, I'm told I already have it?
 At least once, I was told I needed to upgrade.

 I had similar problems on Centos 5.8 32 bit. U had to
 downgrade to:

 [root@karsites ~]# rpm -qv flash-plugin
 flash-plugin-10.3.183.19-0.1.el5.rf

 to get it to work again.

 Security patches are being backported for now, IIRC.

 HTH

 Keith

 ---
 Websites:
 http://www.karsites.net
 http://www.php-debuggers.net
 http://www.raised-from-the-dead.org.uk

 All email addresses are challenge-response protected with
 TMDA [http://tmda.net]
 ---
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 6.2 release: a thank you

2011-12-21 Thread Rob Townley

+2

On Wed, Dec 21, 2011 at 12:29 PM, Paul Heinlein heinl...@madboa.com wrote:

 On Wed, 21 Dec 2011, Louis Lagendijk wrote:

  I would like to express my appreciation for the unbelievably quick
  release of Centos 6.2. Thanks a million! You managed to release 6.2
  some 10 days after 6.1. Johnny, you are not that ugly after all :-).

 +1

 --
 Paul Heinlein  heinl...@madboa.com  http://www.madboa.com/
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Routing of outgoing packets

2010-11-21 Thread Rob Townley

2010/10/1 Mitja Mihelič mitja.mihe...@arnes.si:

 On 09/30/2010 05:02 PM, John Doe wrote:
 From: Mitja Miheličmitja.mihe...@arnes.si
 I am trying to use hping to chek the latency of our network.
 Somehow things are not going to plan and I thought someone might be able
 to shed some light on the subject.
 Here is the setup:
 (the IP addresses gvien here are fake, but they do represent the correct
 state of the networking setup)
 vlan      interface      IP                      mask
 V2        eth0           192.168.20.20    32
 V4        eth1           172.16.4.40        32
 V6        eth2           172.16.6.60        32

 The default route is set to eth1.
 The idea is to use eth2 for pinging only, the other two interfaces are
 used by another service and management access.
 Could you show the ifconfig and route outputs...?

 JD
 The Centos version is 5.5.

 This is the kernel we are using
 (http://rpms.mcnc.org/web100/el5/distro-compat/i386/):
 2.6.18-164.15.1.el5.web100PAE #1 SMP Mon May 17 17:01:51 EDT 2010 i686
 athlon i386 GNU/Linux

 The IP addresses are presented as private addresses, netmasks are real.

 Here is the ifconfig output:
 [r...@server ~]# ifconfig
 eth0      Link encap:Ethernet  HWaddr 00:16:35:82:45:A0
           inet addr:192.168.254.236  Bcast:192.168.254.239
 Mask:255.255.255.240
           inet6 addr: fe80::216:35ff:fe82:45a0/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:139602 errors:0 dropped:0 overruns:0 frame:0
           TX packets:58914 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:211203420 (201.4 MiB)  TX bytes:4285647 (4.0 MiB)
           Interrupt:186 Memory:dc00-dc012800

 eth1      Link encap:Ethernet  HWaddr 00:16:35:82:45:A2
           inet addr:192.168.254.244  Bcast:192.168.254.247
 Mask:255.255.255.248
           inet6 addr: fe80::216:35ff:fe82:45a2/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:15 errors:0 dropped:0 overruns:0 frame:0
           TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:1130 (1.1 KiB)  TX bytes:1116 (1.0 KiB)
           Interrupt:194 Memory:da00-da012800

 eth2      Link encap:Ethernet  HWaddr 00:15:17:C5:84:4D
           inet addr:192.168.254.18  Bcast:192.168.254.23
 Mask:255.255.255.248
           inet6 addr: fe80::215:17ff:fec5:844d/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:29 errors:0 dropped:0 overruns:0 frame:0
           TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:2280 (2.2 KiB)  TX bytes:1236 (1.2 KiB)
           Memory:dfde-dfe0

 lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:21 errors:0 dropped:0 overruns:0 frame:0
           TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:4240 (4.1 KiB)  TX bytes:4240 (4.1 KiB)


 And the route command output:
 [r...@server ~]# route -n
 Kernel IP routing table
 Destination      Gateway          Genmask          Flags Metric Ref
 Use Iface
 192.168.18.122   192.168.254.225  255.255.255.255  UGH   0      0
 0 eth0
 192.168.254.16   0.0.0.0          255.255.255.248  U     0      0
 0 eth2
 192.168.254.240  0.0.0.0          255.255.255.248  U     0      0
 0 eth1
 192.168.18.160   192.168.254.225  255.255.255.240  UG    0      0
 0 eth0
 192.168.254.224  0.0.0.0          255.255.255.240  U     0      0
 0 eth0
 192.168.1.64     192.168.254.225  255.255.255.192  UG    0      0
 0 eth0
 192.168.1.128    192.168.254.225  255.255.255.128  UG    0      0
 0 eth0
 169.254.0.0      0.0.0.0          255.255.0.0      U     0      0
 0 eth2
 0.0.0.0          192.168.254.241  0.0.0.0          UG    0      0
 0 eth1

 --
 Mitja
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


This may be too late, but came across this searching for my old
iproute conversations.
Each NIC needs its own source based route otherwise, it will use the
sytem wide default route.
In other words, add nic specific default routes in addition to the
system wide default route.

Once you have nic specific source routes, you may notice a big
difference between the following two seemingly identical commands:
ping -I eth2 208.67.222.222
ping -I 192.168.x.y  208.67.222.222
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Best location in filesystem to have a samba share

2010-08-26 Thread Rob Townley

The next time they buy a camera memory card, recommend to them to buy
an eye.fi card (it is uLinux based).
Set all the cards to store in MMDD format.
Set up your own ftp server to receive the uploads directly from the camera.

Even though the eye.fi SD memory card runs uLinux itself, eye.fi does
not provide Linux applications.
There are supporting applications for Linux with the most
comprehensive list here:
http://tech.groups.yahoo.com/group/EyeFiHacking/

Hope this is not too off-topic in mentioning a product, but it has a
great deal of promise in helping the OP handle user input, ftp solves
a number of problems, and it is Linux based.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NetworkManager constantly overwriting /etc/resolve.conf - how to disable?

2009-11-30 Thread Rob Townley

On Mon, Nov 30, 2009 at 2:27 AM, Rudi Ahlers rudiahl...@gmail.com wrote:
 On Mon, Nov 30, 2009 at 1:56 AM, Robert Heller hel...@deepsoft.com wrote:


 You either

 A) Don't have NetworkManager installed on the other servers
 (eg 'rpm -q NetworkManager' yields 'package NetworkManager is not installed')

 OR

 B) Don't have NetworkManager running on the other servers
 (eg '/sbin/chkconfig NetworkManager --list' yields
 'NetworkManager 0:off   1:off   2:off   3:off   4:off   5:off   6:off')





 --
 Robert Heller             -- 978-544-6933
 Deepwoods Software        -- Download the Model Railroad System
 http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
 hel...@deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/

 ___


 Thanx Robert, so it's safe to remove NetworkManager then? I have done
 so, and will see if any issues arise. The only files that was removed
 is:

 Removing:
  NetworkManager                                  i386
             1:0.7.0-9.el5                              installed
                       3.3 M
  NetworkManager                                  x86_64
             1:0.7.0-9.el5                              installed
                       3.4 M
 Removing for dependencies:
  NetworkManager-glib                             i386
             1:0.7.0-9.el5                              installed
                       154 k
  NetworkManager-glib                             x86_64
             1:0.7.0-9.el5                              installed
                       161 k




 --
 Kind Regards
 Rudi Ahlers
 CEO, SoftDux Hosting
 Web: http://www.SoftDux.com
 Office: 087 805 9573
 Cell: 082 554 7532
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


i uninstall NetworkManager as well, but i would think you have bigger
problems since it appears you have both the 64bit and 32bit versions
of software installed?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

2009-11-29 Thread Rob Townley

On Sat, Nov 28, 2009 at 2:55 PM, Ross Walker rswwal...@gmail.com wrote:
 On Nov 28, 2009, at 3:10 PM, Les Mikesell lesmikes...@gmail.com wrote:

 Tom H wrote:
 Digging around google a bit more I came up with different rules,
 and
 fingers crossed, they seem to work!
 SUBSYSTEM==net, SYSFS{address}==00:1b:21:4d:c3:e8, NAME=eth0
 # pro/1000gt
 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:30, NAME=eth1
 # internal 1
 SUBSYSTEM==net, SYSFS{address}==00:e0:81:b5:7a:31, NAME=eth2
 # internal 2

 Don't touch udev, expecting admins to write udev rules for network
 interface binding is just not realistic. Udev rules are meant to be
 static across hardware reconfigurations while ifcfg files are
 meant to
 be modified to suit your current configuration.

 Use HWADDR=00:1b:21:4d:c3:e8 in the ifcfg files along with
 NAME=eth0
 for eth0 and so on.

 I read a while ago that udev overrode ifcfg-* settings so I did a
 clean install of 5.4 and changed:
 ifcfg-eth0 to ifcfg-eth9 (file name)
 eth0 to eth9 (inside the file)
 the last number of the HWADDR line

 Do you mean that you changed the HWADDR line so it no longer matched
 the actual
 nic mac address?  In that case, you shouldn't expect it to work.

 The nic came up as eth0 with the old/original mac address after a
 reboot.

 So we unfortunately have to write udev rules when we have nic
 naming problems...

 I think the ifcfg-eth? files work when they match the nic mac
 addresses.  They
 may have to all match for any of them to work, though.  I've seen
 some cases
 where they all get renamed with a .bak extension and new ones are
 created but I
 don't know what triggers that.

 Usually a new kernel that forces a regeneration of the hwconf.

 There was a kernel update maybe the move from C4 to C5 which caused
 grief with Dell hardware, where it reversed the order Broadcom devices
 are detected, still does and needs manual swapping around after install.

 -Ross

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


NIC ordering is a problem. Some say it is the multi cpu, some say bad
BIOS, some say MAC address ordering is better, some say PCI bus
enumeration is better.  The netdev mailing list has had a long running
discussion on this issue.  The CTO of Dell and members of HP along
with others are / were active participants.  Part of the problem is
that an alias name may not be available to the kernel.

Dell has their own software to bring determinism to NIC ordering.
http://linux.dell.com/papers.shtml

One of Dell's programmers has proposed changing Anaconda to let you
choose at installation time the NIC naming convention:

We have been having discussions in the netdev list about creating
multiple names for the network interfaces to bring determinism into
the way network interfaces are named in the OSes. In specific, eth0
in the OS does not always map to the integrated NIC Gb1 as labelled on
the chassis.

http://marc.info/?l=linux-netdevm=125510301513312w=2 - (Re: PATCH:
Network Device Naming mechanism and policy)
http://marc.info/?l=linux-netdevm=125619338904322w=2 - ([PATCH]
udev: create empty regular files to represent net)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] again, nic driver order

2009-11-29 Thread Rob Townley

On Sun, Nov 29, 2009 at 10:57 AM, Les Mikesell lesmikes...@gmail.com wrote:
 Rob Townley wrote:

 NIC ordering is a problem. Some say it is the multi cpu, some say bad
 BIOS, some say MAC address ordering is better, some say PCI bus
 enumeration is better.  The netdev mailing list has had a long running
 discussion on this issue.  The CTO of Dell and members of HP along
 with others are / were active participants.  Part of the problem is
 that an alias name may not be available to the kernel.

 Dell has their own software to bring determinism to NIC ordering.
 http://linux.dell.com/papers.shtml

 One of Dell's programmers has proposed changing Anaconda to let you
 choose at installation time the NIC naming convention:

 We have been having discussions in the netdev list about creating
 multiple names for the network interfaces to bring determinism into
 the way network interfaces are named in the OSes. In specific, eth0
 in the OS does not always map to the integrated NIC Gb1 as labelled on
 the chassis.

 http://marc.info/?l=linux-netdevm=125510301513312w=2 - (Re: PATCH:
 Network Device Naming mechanism and policy)
 http://marc.info/?l=linux-netdevm=125619338904322w=2 - ([PATCH]
 udev: create empty regular files to represent net)


 Do any of these approaches help with the scenario where you want to clone a
 system across many identical machines including future additions where you 
 don't
 know the MAC addresses yet, and you'd like the remote operator to be able to
 insert a drive and have it come up with the right interfaces on the right
 network connections?  This was possible in Centos 3.x, but not in 5.x.

 --
   Les Mikesell
    lesmikes...@gmail.com

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Yes Les.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] administering an MS Windows partition under Linux

2009-11-07 Thread Rob Townley

On Fri, Nov 6, 2009 at 1:21 PM, Boris Epstein borepst...@gmail.com wrote:
 Hi all,

 If I have a dual-boot machine (Linux and Windows) would I have any
 good tools under Linux that would allow me to look at the content of
 the Windows boot partition, administer it, clean up the registry,
 remove viruses if any, etc? The Windows installation seems to be so
 defective as to be quite useless so I am trying to think of a good
 strategy for dealing with the situation.

 Thanks in advance for any and all advice.

 Boris.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


The Helix LiveCD for forensics does registry editing, av scans, ...
i would be surprised if SysRescCD doesn't give you registry editing as well.
f-prot cd for virus scans as well.
Not to mention the rootkit detection cds.

Make sure you update the virus definitions after boot up with the live cds.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bypass Hung Applications At Boot So System Can Complete The Boot Process

2009-10-25 Thread Rob Townley

On Sun, Oct 25, 2009 at 3:23 PM,  aurfal...@gmail.com wrote:
 During boot, you'll see (for a real brief moment), something to the effect
 press I for interactive startup
 A few seconds after pressing it, you will be prompted to load services with
 a y/n.
 Once in Ubuntu, I entered rescue mode by entering grub startup options at
 the command prompt, namely single user mode but I can't recall exactly how I
 did this  I imagine it would apply to any Linux distro.
 For me, sendmail and other network services (not NFS though) took forever to
 load because of fubar'd network stuff.

 On Oct 25, 2009, at 1:01 PM, Mathew S. McCarrell wrote:

 On Fri, Oct 23, 2009 at 12:12 PM, Kemp, Larry larry.k...@usmetrotel.com
 wrote:

 I have a CentOS system that is hanging at boot. Sendmail takes forever
 (and a few other apps hang as well...mainly network apps). This has proven
 in the pas to be a NIC misconfiguration or a network issue. I think that is
 what it is on this one too. Is there a way when I see an app haning at boot
 to make the server stop trying to load the hung app and bring the OS up into
 the GI so that I get to fixing it? Thanks in advance.

 Larry Kemp
 Network Engineer
 U.S. Metropolitan Telecom, LLC
 ___

 If your having network apps hang, I would take a look at your /etc/hosts
 file and make sure it is correct.  I've had an issue in the past with
 sendmail hanging during boot and an incorrect /etc/hosts file was the cause.


 Matt

 --
 Mathew S. McCarrell
 Clarkson University '10

 mccar...@gmail.com
 mccar...@clarkson.edu
 1-518-314-9214
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



i seem to recall similar situation and the netplugd helped but in my
case it was because the Cat5 cable was unplugged or the switch was
powered off.  i am not sure why it isn't on by default, maybe
NetworkManager was supposed to take over the responsibilities of
Netplugd, but clearly failed.  ifconfig would say eth0 was UP even
though it was not plugged-in.  Since netplug daemon has been running,
ifconfig hasn't lied again.

IIRC, all i did to turn it on and enable it was, but you may have to
yum it down first:
chkconfig netplug on
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help! i want to clone my Centos machine to another box..

2009-10-22 Thread Rob Townley

On Thu, Oct 22, 2009 at 3:06 AM, RoLaNd RoLaNd r_o_l_a_...@hotmail.com wrote:
 Hello all,

 i've spent the last week trying to find something that will clone my
 existing Centos server to a more powerful box.
 i've used clonezilla though that resulted in a complete failure..

You used the CloneZilla Live CD?

CloneZilla Server and DRBL Server are entirely different and can be
difficult.  But CloneZilla _LiveCD_ is easy.


Tell us more about your RAID config.  It is not software raid is it?
Not sure if any cloning system can work to clone software raid unless
you have completely identical set of drives in both and then you would
not be doing disk level cloning, but file level cloning.
What kind of raid do you have?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Caught between a Red Hat and a CentOS

2009-10-21 Thread Rob Townley

On Tue, Oct 20, 2009 at 6:47 AM, Joseph L. Casale
jcas...@activenetwerx.com wrote:
Remember that windows integration website ( don't remember the name
but related to nLite and ryanvm) shutdown by Microsoft - it made a
great deal of news because they had scripts to take out annoyances
such as balloons popping up in the taskbar.  MS lawyers had them
disbanded

 For a good reason, because silly non-admins where using nlite in a corporate
 environment? WTF, if you take all of RHELS rpms and recompile them in an
 unsupported manor then call for help, what do you think they will do?

 You have got to be kidding me, ms should just support anything anyone wants
 to do? Sigh...

The point was that there were at least thousands of publicly
documented instances of the first line of support was to wipe n
reinstall.  Should users have to wait 9 years to get some balloons
turned off?  The changes were registry key changes documented by MS,
not exactly recompiles.

No, i don't think MS should have to support nLite modifications, but
wouldn't the money spent on lawyers have been better spent on giving
customers what they wanted.  And when one stops and thinks about src
rpms .


It takes way too much time to install a windows system from scratch, configure
how you want it,  and then install all the apps on top and then all the 
updates
and then all the updates to the apps ad nauseam. Oh, you want to image that
harddrive now?  Well you get 3 attempts with sysprep and then you start all
over - no thanks..

 Well, if you need some guidance on how to do this, I would be willing to help.
 Even at home I use RIS/WDS and deploy almost all of my apps to windows lab 
 vm's
 with GPO's. So, unfortunately yes, I do *completely* automated deployments 
 that
 setup all my apps and even pre-populate some settings at the push of F12. When
 I didn't have this knowledge, I never assumed Bill was an a$$hole, I took the
 time to learn it. Same with Linux, when I never had kickstart knowledge and
 couldn't automate my CentOS deployments, I never assumed KB or the CentOS devs
 were scumbags, I took the time to learn it:)

'yum repolist' lists 19,107 packages i can install in a heartbeat.
How many 3rd party apps do you actually install?How many windows
packages do you have to spend _time_ repackaging with a $1500 and
$more windows MSI installer package to get it pushed out correctly
with standard gpos?  For the non MSI apps, how long did it take to
contact the developer and hunt down the parameters to answer yes,yes,
product-key=XXX-ZG123-56787-01l1l1Il (r those ones, letter i, letter
L, zeros?).

i never thought of Bill in a negative light.  i didn't downgrade to
WinXP and deployed WinVista except to all but my workstations.   A MS
technical account executive is giving a breakfast security meeting in
6 hours where i live on why patch management is a big problem that
will NOT be going away.   Maybe MS will come out with something akin
to yum.repos app store, but it will never have all the proprietary
software you will need and oh yeah - it will cost money over and over.


 Guess what, now I can do both! Wow...

Guess what, i can too.How many families can afford the licensing
fees for a windows server at home?  Why not use OCSinventory-ng or
FreeGhost?  Winner?


 This useless thread will never end, FOSS guys have their sh!t in a knot over
 MS for reason of which I have my own opinions. Bottom line is, I work with 
 both
 and quit successfully get equivalent uptimes and QOS with both. Many guys do 
 it,
 it's possible. I met one of the guys who did the barnes and noble setup at an 
 msdn
 conference, I guess that successful setup wasn't the result of competent guys
 who actually knew their sh!t and did a good job, but just dumb luck. Mama 
 always
 said if I could be smart or lucky, it was better to be lucky:)

You may even get longer uptimes with MS, but how much time do you have
to spend patching all those 3rd party applications?   All those apps
developed by the vast majority of developers that believe that if
their install process is half as good as MS Office, we're golden.
Those other users of MSDN that still require their users to have full
admin privs bc that is how we developed the software because the MS
developer tools required Administrator privileges to compile the exe?
Those same MSDN developers that do not see anything wrong with web
browsing with admin privileges.  i have been using NTFS permissions
since the mid 90's and just last Friday had to explain to one of our
vendor's overpaid, MSDN reading C# experts the concept of 'Least
Privilege'.

i have read and enjoyed many of your posts Joe, consider unwinding
some of those knots, the cussing doesn't help.


 jlc

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org

Re: [CentOS] full-fledge PDF editor for Linux

2009-10-21 Thread Rob Townley

On Tue, Oct 20, 2009 at 9:25 PM, MHR mhullr...@gmail.com wrote:
 On Tue, Oct 20, 2009 at 5:14 PM, Rob Townley rob.town...@gmail.com wrote:

 Acrobat isn't easy to use either.  i find it kinda clunky and not
 intuitive.  Maybe it is the nature of vector graphics and text.

 InkScape for graphics imports / exports pdf.
 The SVG can be edited in theory in a text editor because it is XML.

 ps2pdf  --   pdf2ps

 xhtml2ps | ps2pdf

 I have had problems with ps2pdf - a lot of the time it just plain
 fails, especially if the output is fancy-formatted (like dual
 columns).

 OpenOffice can export its documents as pdfs, which can provide a lot
 of the functionality, but as for editing an existing PDF, I don't know
 of a cheap, simple solution.  Acrobat is probably the best, and it's
 expensive (by my budget framework).

 mhr
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


i am having problems with ps2ascii tonight - wonder if ghostscript
versions are clobbering one another.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] full-fledge PDF editor for Linux

2009-10-20 Thread Rob Townley

On Tue, Oct 20, 2009 at 10:59 AM, Boris Epstein borepst...@gmail.com wrote:
 On Tue, Oct 20, 2009 at 10:36 AM, Boris Epstein borepst...@gmail.com wrote:
 Hi all,

 Does anybody know of an editor that can do on Linux what Acrobat /
 Acrobat Pro can do on Mac/Windows? I have tried to use the PDF Import
 extension to the Open Office which appears barely functional - at
 least it is so slow as to be almost impractical. I have also tried
 pdfedit under Linux which seems to work fine but seems to have rather
 limited functionality. For instance, the capability to make bookmarks
 or to search through the whole document (as opposed to the current
 page) seems to be missing there.

 Any tips much appreciated.

 Cheers,

 Boris.


 Hi again,

 Just to update you on the situation: the best solution I have found
 thus far is a commercial but cheap one named PDFStudio (
 http://www.qoppa.com/psindex.html ). Prices are under US $100. Seems
 to be doing all we need (much like the Adobe Acrobat Pro ).

 Boris.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Acrobat isn't easy to use either.  i find it kinda clunky and not
intuitive.  Maybe it is the nature of vector graphics and text.

InkScape for graphics imports / exports pdf.
The SVG can be edited in theory in a text editor because it is XML.

ps2pdf  --   pdf2ps

xhtml2ps | ps2pdf
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Caught between a Red Hat and a CentOS

2009-10-19 Thread Rob Townley

On Mon, Oct 19, 2009 at 3:45 PM, Joseph L. Casale
jcas...@activenetwerx.com wrote:
which is about as useful as Microsoft Windows support... is it broken?
reinstall windows

 FFS, this attitude amongst opensource guys that MS is the devil and are
 trying to murder your family or  sabotage your life is such BS.

 Take the Tin Foil Hat off and settle down, MS support is easily on par w/
 or *the* best support there is.

i don't believe the statement lambastes MS because is about as
useful means about the same.

Remember that windows integration website ( don't remember the name
but related to nLite and ryanvm) shutdown by Microsoft - it made a
great deal of news because they had scripts to take out annoyances
such as balloons popping up in the taskbar.  MS lawyers had them
disbanded.  MS Tech Support asked customers to wipe and reinstall, but
when the Wireless Networks Found balloon didn't pop up, they knew
some things had been changed in the windows installation because they
just had the customer wipe and reinstall.  The point i believe the
original poster was making is that wipe-n-reinstall is very very
very common everywhere even at MS.

i have been running NT since 3.0? / 3.1 and wondered why anything but
NT ever came out.  i don't think MS is evil but i have wasted too much
time swapping legitimate MS Office CDs when there were multiple MS
Office versions installed.

It takes way too much time to install a windows system from scratch,
configure how you want it,  and then install all the apps on top and
then all the updates and then all the updates to the apps ad nauseam.
Oh, you want to image that harddrive now?  Well you get 3 attempts
with sysprep and then you start all over - no thanks.

There is no comparison to 'yum -y update' -- i have wasted way too
much of my life updating software, hunting down product keys (the COA
on the pc case is hidden under the lock or on a misplaced cd).  In
fact,  depending on which method you get to the 2008R2 activation
screen it will not take your key.  Dealing with proprietary phone tech
support regarding software bugs that i could fix myself  if i had the
code - it is demeaning.  In that world, you rarely have an opportunity
to talk to the programmer, let alone a good tech.

Filing a bug report in Bugzilla and getting a response from one of the
programmers directly responsible - that has happened to me in open
source.  Never happened once as a Win32 developer and user.  There
really is no long lasting great tech support except open source along
with the skill and intelligence we have ourselves and shared over the
internet.  i am more independent that way.  i have more freedom that
way.  i have more time.


 I maintain both Linux/Unix and Windows machines, and since high school days
 I have been using PSS and there is nothing like it. They have have *ALWAYS*
 fixed everything but one issue I have had, where that one issue I resolved
 before them.

 Spreading your FUD reflects on _you_ not MS.

 I love Linux (and prefer to toil in this forest) but don't preach that anti-ms
 crap, its utter malarkey.

 Geesh...

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] My doubts with apache server on centos installation

2009-10-09 Thread Rob Townley

On Fri, Oct 9, 2009 at 1:46 AM, vijay shanker vijaydshan...@gmail.com wrote:
 Hi Linux geeks,

 I have just started to setup a production server with centos; and moved from
 windows server to centos. My first encounter with this great linux distro is
 good.

 I am not able to understand what is the point of having scattered folders
 for apache server installation.

 when i see the /etc/httpd folder; it has only conf folder and links to logs,
 module and , run. As i have been working on Windows where all these files
 are stored in a single installation folder.

 So, this makes me quite confused to start with.

 Can anyone tell me what is the idea behind using such a installation
 pattern.

 Now i am going to install java, I have two options via RPM and other is
 extracting the distro and use it. i have a feeling if i use first option,
 all the folders like jre and jdk will be palced any where. Not to be found.

 Please tell me or point to any relevant link. so i can go ahead without any
 doubt over this issue.



 --
 Regards,
 Vijay Shanker



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



Did it ever make since for everybody and their brother to install
everything under c:\windows\system32\?  That everything in system32
nightmare scares me security wise and functionality wise.  WinVistA
fixes that through file and registry system virtualization - that
means even more places for your files.

Some of the IIS stuff is in the registry and some in metabase and some
in files.  At least with nix, all the locations can be searched with a
single find command - not so in windows.

If you modify something in Linux using a GUI, but need
the text file equivalent, the following command can help.
touch /tmp/now
install your app or make changes using a gui
find / -newer  /tmp/now | grep -v /proc/

There are a few improvements on this, but that can get you started.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Ping Is Broken

2009-10-09 Thread Rob Townley

i am hoping this attachment gets through.  It deals with bug in ping that
made it very difficult to set up a system with two gateways.
Title: ping -I is broken
././ping-bug-demo.sh.html
 
 
ping -I is broken 

Demonstration that ping -I is broken.  When specifying the source 
interface using -I with an ethX alias and that interface is not the default gateway 
interface, then ping fails.  When specifying the interface as an ip address, 
ping works.  Search for "Destination Host Unreachable" to find the bug. 


eth0 = 4.3.2.8 and the default gateway is accessed through a different interface eth1. 
eth1 = 192.168.168.155 is used as the device to get to the default gateway. 
FAILS: ping -I eth0 208.67.222.222 
WORKS: ping -I 4.3.2.8 208.67.222.222 
WORKS: ping -I eth1 208.67.222.222 
WORKS: ping -I 192.168.168.155 208.67.222.222 

The following are actual results which can be reproduced from an up-to-date 
Fedora 11 or CentOS 5.3 box.  Caused a very very long episode of frustration 
when setting up multi gatewayed systems. 
  ping using  eth0 :
ping -c 2 -B -I  eth0 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data.
From 4.3.2.8 icmp_seq=1 Destination Host Unreachable
From 4.3.2.8 icmp_seq=2 Destination Host Unreachable

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 2

  ping using  4.3.2.8 :
ping -c 2 -B -I  4.3.2.8 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms

  ping using  eth1 :
ping -c 2 -B -I  eth1 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms

  ping using  192.168.168.155 :
ping -c 2 -B -I  192.168.168.155 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms

My source route policy rules:

/sbin/ip rule show
0:	from all lookup 255 
32762:	from 4.3.2.8 lookup nic0 
32763:	from 192.168.168.155 lookup nic1 
32764:	from 192.168.168.155 lookup nic1 
32765:	from 4.3.2.8 lookup nic0 
32766:	from all lookup main 
32767:	from all lookup default 

 
Print out routing tables using /sbin/ip route show table TABLENAME:
routing table  nic0 :
/sbin/ip route show table nic0
default via 4.3.2.1 dev eth0 

routing table  nic1 :
/sbin/ip route show table nic1
default via 192.168.168.1 dev eth1 

routing table  main :
/sbin/ip route show table main
4.3.2.1/27 dev eth0  proto kernel  scope link  src 4.3.2.8 
192.168.168.0/24 dev eth1  proto kernel  scope link  src 192.168.168.155 
169.254.0.0/16 dev eth1  scope link 
default via 192.168.168.1 dev eth1 

routing table  default :
/sbin/ip route show table default

 


NOTES:
cat /etc/iproute2/rt_tables to get your own table names. 

ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project 
 http://www.skbuff.net/iputils/  
Mailing List net...@vger.kernel.org 

man ping:
   -I interface address
Set source address to specified interface address. 
Argument may be numeric IP address or name of device.
When  pinging  IPv6  link-local  address  this option is required. 

ping -V returns the latest available on CentOS and Fedora and the maintainers website: 
 
ping utility, iputils-ss020927
 



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping Is Broken

2009-10-09 Thread Rob Townley

The following deals with bug in ping that made it very difficult to set up a
system with two gateways.

ping -I is broken

Demonstration that *ping -I is broken*. When specifying the source
interface using -I with an *ethX* alias and that interface is not the
default gateway
interface, then ping fails. When specifying the interface as an ip address,
ping works. Search for Destination Host Unreachable to find the bug.


eth*0* = 4.3.2.8 and the default gateway is accessed through a different
interface eth*1*.
eth*1* = 192.168.168.155 is used as the device to get to the default
gateway.
*FAILS *: ping *-I eth0* 208.67.222.222
*WORKS*: ping *-I 4.3.2.8* 208.67.222.222
*WORKS*: ping *-I eth1* 208.67.222.222
*WORKS*: ping *-I 192.168.168.155* 208.67.222.222

The following are actual results which can be reproduced from an up-to-date
Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration
when setting up multi gatewayed systems.


* ping using eth0 *:

ping -c 2 -B -I  eth0 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data.
From 4.3.2.8 icmp_seq=1 Destination Host Unreachable
From 4.3.2.8 icmp_seq=2 Destination Host Unreachable

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 2


* ping using 4.3.2.8 *:

ping -c 2 -B -I  4.3.2.8 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms


* ping using eth1 *:

ping -c 2 -B -I  eth1 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms


* ping using 192.168.168.155 *:

ping -c 2 -B -I  192.168.168.155 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms

My source route policy rules:

/sbin/ip rule show
0:  from all lookup 255
32762:  from 4.3.2.8 lookup nic0
32763:  from 192.168.168.155 lookup nic1
32764:  from 192.168.168.155 lookup nic1
32765:  from 4.3.2.8 lookup nic0
32766:  from all lookup main
32767:  from all lookup default



Print out routing tables using /sbin/ip route show table TABLENAME:
routing table  nic0 :
/sbin/ip route show table nic0
default via 4.3.2.1 dev eth0

routing table  nic1 :
/sbin/ip route show table nic1
default via 192.168.168.1 dev eth1

routing table  main :
/sbin/ip route show table main
4.3.2.1/27 dev eth0  proto kernel  scope link  src 4.3.2.8
192.168.168.0/24 dev eth1  proto kernel  scope link  src 192.168.168.155
169.254.0.0/16 dev eth1  scope link
default via 192.168.168.1 dev eth1

routing table  default :
/sbin/ip route show table default




NOTES: cat /etc/iproute2/rt_tables to get your own table names.

ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project
 http://www.skbuff.net/iputils/
Mailing List net...@vger.kernel.org

man ping:
   -I interface address
Set source address to specified interface address.
Argument may be *numeric IP address or name of device*.
When  pinging  IPv6  link-local  address  this option is required.

ping -V returns the latest available on CentOS and Fedora and the
maintainers website:

ping utility, iputils-ss020927
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ping Is Broken

2009-10-09 Thread Rob Townley

ping -I is broken

The following deals with bug in ping that made it very difficult to set up a
system with two gateways.

Demonstration that *ping -I is broken*. When specifying the source
interface using -I with an *ethX* alias and that interface is not the
default gateway
interface, then ping fails. When specifying the interface as an ip address,
ping works. Search for Destination Host Unreachable to find the bug.


eth*0* = 4.3.2.8 and the default gateway is accessed through a different
interface eth*1*.
eth*1* = 192.168.168.155 is used as the device to get to the default
gateway.
*FAILS *: ping *-I eth0* 208.67.222.222
*WORKS*: ping *-I 4.3.2.8* 208.67.222.222
*WORKS*: ping *-I eth1* 208.67.222.222
*WORKS*: ping *-I 192.168.168.155* 208.67.222.222

The following are actual results which can be reproduced from an up-to-date
Fedora 11 or CentOS 5.3 box. Caused a very very long episode of frustration
when setting up multi gatewayed systems.


* ping using eth0 *:

ping -c 2 -B -I  eth0 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 eth0: 56(84) bytes of data.
From 4.3.2.8 icmp_seq=1 Destination Host Unreachable
From 4.3.2.8 icmp_seq=2 Destination Host Unreachable

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 2

--
The Following all WORK:
* ping using 4.3.2.8 *:

ping -c 2 -B -I  4.3.2.8 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 4.3.2.8 : 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=55 time=562 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=55 time=642 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 562.546/602.400/642.255/39.862 ms


* ping using eth1 *:

ping -c 2 -B -I  eth1 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 eth1: 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=270 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=629 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 270.128/449.766/629.405/179.639 ms


* ping using 192.168.168.155 *:

ping -c 2 -B -I  192.168.168.155 208.67.222.222
PING 208.67.222.222 (208.67.222.222) from 192.168.168.155 : 56(84)
bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=585 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=554 ms

--- 208.67.222.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 554.098/569.655/585.212/15.557 ms

My source route policy rules:

/sbin/ip rule show
0:  from all lookup 255
32762:  from 4.3.2.8 lookup nic0
32763:  from 192.168.168.155 lookup nic1
32764:  from 192.168.168.155 lookup nic1
32765:  from 4.3.2.8 lookup nic0
32766:  from all lookup main
32767:  from all lookup default



Print out routing tables using /sbin/ip route show table TABLENAME:
routing table  nic0 :
/sbin/ip route show table nic0
default via 4.3.2.1 dev eth0

routing table  nic1 :
/sbin/ip route show table nic1
default via 192.168.168.1 dev eth1

routing table  main :
/sbin/ip route show table main
4.3.2.1/27 dev eth0  proto kernel  scope link  src 4.3.2.8
192.168.168.0/24 dev eth1  proto kernel  scope link  src 192.168.168.155
169.254.0.0/16 dev eth1  scope link
default via 192.168.168.1 dev eth1

routing table  default :
/sbin/ip route show table default




NOTES: cat /etc/iproute2/rt_tables to get your own table names.

ping Maintainer YOSHIFUJI Hideaki / USAGI/WIDE Project
 http://www.skbuff.net/iputils/
Mailing List net...@vger.kernel.org

man ping:
   -I interface address
Set source address to specified interface address.
Argument may be *numeric IP address or name of device*.
When  pinging  IPv6  link-local  address  this option is required.

ping -V returns the latest available on CentOS and Fedora and the
maintainers website:
ping utility, iputils-ss020927
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Resolv.conf with multiple adaptors on multiple networks

2009-10-09 Thread Rob Townley

On Fri, Oct 9, 2009 at 10:39 AM, ML mailingli...@mailnewsrss.com wrote:
 Hi All,

 I did a clean install of CentOS 5.3 yesterday. During setup I
 activated both adapters on startup. etho is my public IP and eth1 is
 my private/internal IP.

 It did not let me specify nameservers though.

 So I know this is resolv.conf.

 I know I put in:
 nameserver xxx.xxx.xxx.xxx
 nameserver xxx.xxx.xxx.xxx

 But how do I put in nameservers for specific networks? Example, I want
 my public IP to resolve to the comcast name-servers top get out to
 things like Google. I want internal to default to my internal DNS once
 I have it setup.

 -Jason
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


i second what the others have said, but you can specify nameservers
for each nic in their
/etc/sysconfig/network-scripts/ifcfg-ethX file.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] resolv.conf rewritten every reboot. How to figure out who and why?

2009-10-08 Thread Rob Townley

On Thu, Oct 8, 2009 at 4:39 PM, Dave tdbtdb+cen...@gmail.com wrote:
 On Thu, Oct 8, 2009 at 11:27 AM, Meenoo Shivdasani mee...@gmail.com wrote:
 /etc/init.d/network calls /etc/sysconfig/network-scripts/ifup which
 calls /sbin/dhclient which calls /sbin/dhclient-script which
 overwrites your resolv.conf with the info it gets from the DHCP server
 on the network.


 How would I find this out on my own? And it seems not to be correct.
 At least, if /etc/sysconfig/network-scripts/ifup calls
 /sbin/dhclient, it must use some indirection, as dhclient is not
 mentioned in the script explicitly:

 grep -i dhc /etc/sysconfig/network-scripts/ifup
 if [ ${BOOTPROTO} = bootp -o ${BOOTPROTO} = dhcp ]; then


 Why does it overwrite /etc/resolv.conf when the machine is not set to
 use DHCP? The IP address etc. is set statically using
 /usr/bin/system-config-network.

 Dave
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


i feel the pain as i went through this just last night on a multihomed
CentOS 5.3 box.  It was using old and wrong lease info which helped me
notice it as a problem.

i ended up deleting:

/var/lib/dhcpd/dhclient.leases
/var/lib/dhcpd/dhclient.leases~
/etc/dhclient.conf  (but you should make a backup or at least look at
the dhclient.conf because i think you can tell it what ethX to work on
or not).
rm anything else associated with dhclient

Some guys say to uninstall NetworkManager, not just keep it from running.

Setting a static dhcp lease in our separate dhcpd server you would
think would fix this.  But static lease made things worse because
dhclient broke /etc/sysconfig/network-scripts/ifup-routes calls to
'/sbin/ip/route add and /sbin/ip/rule add.  With dhclient, i could
not set a default gw rule for each different network interface card.
After deleting the lease info and maybe changing the
/etc/dhclient.conf and then deleting it, i could have a separate
default gateway for each nic.

Ok, the other BUG is ping.  There is a bug in ping that has sucked up
much of my life for the last 2 or 3 years.  i will post separately on
the ping -I bug.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux...

2009-10-07 Thread Rob Townley

On Wed, Oct 7, 2009 at 11:45 AM,  m.r...@5-cent.us wrote:
 Quoting m.r...@5-cent.us:

 Have I mentioned that I am less than enthralled with selinux?

 My latest issue is continuing messages in the /var/log/messages, which
 complain, for example, that siteminder can't write to smagent log (well,
 it can, since we've got selinux in permissive mode, and no, we have no
 control over using either siteminder or selinux).

 I've done what it says will solve the problem. A number of times.
 Discussing it with my manager, it seems as though selinux DOES NOT HAVE
 CORRECT ERROR HANDLING, and is falling through to a default error, and
 is
 *not* telling me the true cause.

 What is the error?
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

 Running sealert. let's start with...
 snip
 SELinux prevented httpd reading and writing access to http files. Ordinarily
 httpd is allowed full access to all files labeled with http file context.
 This
 machine has a tightened security policy with the httpd_unified turned off,
 this
 requires explicit labeling of all files. If a file is a cgi script it
 needs to
 snip
 and respond with
 # getsebool -a | grep unified
 httpd_unified -- on

 Then we can go to:
 ... avc:  denied  { write } for  pid=5898 comm=LLAWP
 path=/var/log/httpd/smagent.log dev=sda3 ino=whatever
 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_log_t:s0
 tclass=file

 Do you need more info?

         mark

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Don't know selinux.

when i have had init scripts write to new /var/log/ log files , i had
to change them to be system_t or it would fail.  Files under /tmp/ had
to have a special label as well.  So i wonder if you tried changing
the log file to the system_t context and it also fails.  Wouldn't it
have to have both the system and http context?  i went as far as
building se modules which is actually very easy when you find the few
instructions, but it had to rebuilt with each new kernel.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Asterisk and VOIP was Re: CentOS for non-tech user

2009-10-02 Thread Rob Townley

On Thu, Oct 1, 2009 at 1:46 PM, Rob Kampen rkam...@kampensonline.com wrote:
 Ron Blizzard wrote:

 On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis brian.mat...@gmail.com
 wrote:



 Not connected to the Internet, and not connected to a LAN are very
 different things.  I doubt VOIP would work if the server was not
 connected to a LAN.  There could be quite a few things on the LAN,
 depending on it's size, such as viruses, malware, and even users doing
 scans of the network.  Don't assume that out there is insecure, and
 in here is secure.  That's one of the biggest mistakes to make when
 creating a secure environment.


 You're right. I was thinking like a phone tech -- that the VOIP
 system's wiring was still separate from the regular LAN.



 Just to set your minds at ease (or not).
 I have a separate D-Link switch that does PoE (to power the snom phones) and
 vlans and set it up so that all the phones are on one vlan called VOIP.
 The * server single eth0 is also on this vlan, but does also belong to the
 rest of the office on another vlan called LAN.
 So - the snom phones (linux based) can only see the * server.
 The * server can see the rest of the LAN - so in theory anyone on the local
 LAN can scan and see the CentOS based * server.
 We are however a very small office and I get to see all connected PCs in
 action.
 As I have some questions about SIP security I was not prepared to have the
 snom phones in any way being accessible to / from the LAN (let alone the
 internet).
 Tks for comments and suggestions.
 Rob

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



i like that layout.  i would think instant messaging type access might
still be doable to send short text messages to the phone display from
workstations.  Receptionist and those that want to check their voice
mail from a web browser could be allowed.

Those HP Multi Function Printer  Scanner  Fax  copier machines can
be very vulnerable because a hacker calls into the fax to compromise
the fax machine which gives them full access to the inside of your
Lan.i wonder how vulnerable Asterisk / Hylafax is to a dial-up
rootkit.   If so, even * connected to vlan and trunks would in theory
still be vulnerable.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RPMforge.net down

2009-09-22 Thread Rob Townley

On Tue, Sep 22, 2009 at 9:26 PM, Hugh E Cruickshank h...@forsoft.com wrote:
 Hi All:

 It appears that the RPMforge.net site is down. Can someone confirm
 and possibly advise when it might be expected back?

 TIA

 Regards, Hugh

 --
 Hugh E Cruickshank, Forward Software, www.forward-software.com
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


yes, it appears down from here in Omaha on cox.net.  Tried to also use
that website that tests whether a 3rd party machine is up but it is
NOT   http://downformeoreveryone.com/  because that is now a porn
site!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to tell if I've been hacked?

2009-08-23 Thread Rob Townley

On Sat, Aug 22, 2009 at 6:07 PM, Bill Campbellcen...@celestial.com wrote:
 On Sat, Aug 22, 2009, Dave wrote:
On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbellcen...@celestial.com wrote:
 I review daily reports from over 50 systems every morning, checking changes
 found, usually taking no more than 10 minutes a day.  The key is to keep
 the reports simple, and to make updating easy (and to have procedures that
 monitor systems to be sure they's still alive and reporting in).

So how do you track the inevitable changes? Not saying you can't, just
curious. For me, when I look at a batch of changes, some of them are
obviously stuff I've done, other stuff not so obvious. I also filter
reports through a script that sort of does a diff and makes an attempt
to limit the boilerplate. Sometimes it is a bit too terse.

 First off, we don't allow automatic updates on most systems, much
 preferring to do them manually making it pretty easy to refresh
 the comparison database immediately after the update is complete.
 The odds that a cracker will get in and do their dirty deeds
 while this are going on are pretty low, and can probably be
 ignored.

 We handle pretty much all server stuff under the OpenPKG portable
 package management system so things like spamassassin, amavisd,
 clamav, and postfix are not the distribution versions, but those
 from OpenPKG (which are generally updated more quickly then the
 distribution's).  A typical occurrence will be that we get an
 e-mail saying that clamav is out of date from the nightly
 freshclam update, I will pick up the new sources, update the
 OpenPKG SRPM for it, and deploy it 40 or so systems running it,
 and expect to see a corresponding set of notices the next morning
 that files under clamav have changed.

 The clusterssh program makes this sort of thing much more efficient
 as one can execute shell commands on multiple systems simultaneously.

 We create a file system initially, the same size as ``/'', and make a copy
 of ``/'' in it identical except for the /etc/fstab entry.  This is not
 mounted in normal operations, but the system can be booted from it to get
 to a clean system.

Wow, elaborate. How do you protect this file system from intruders?
Exterrnal and powerred off?

 That's one way to do it.  We also run a fair number of Linux
 servers under VMware so periodic snapshots and backups simplify
 the task.

 I have not seen many successful cracks of Linux boxes that we
 have configured from scratch.  Some basic things can be done to
 minimize the chances of cracks.

   + Create the baseline for intrusion detection tools before putting the
     syste on line, and monitor it daily.

   + Configure openssh to refuse password authentication requiring
     authorized_keys access.

   + Configure openssh with tcp_wrappers support, restricting access by IP
     address and/or domain names.  I consider this absolutely mandatory if
     one needs to all username and password authentication.

   + Use fail2ban or similar techniques to quickly block IP addresses that
     are found probing the system (don't forget to look at POP and IMAP
     logs for failed login attempts).

   + Use /bin/false as the standard shell for accounts that don't have good
     reason for shell access.  This does not affect e-mail or most services
     that a typical ISP customer needs.

   + Use OpenVPN for access.  This works well even when in hotels with NAT
     firewalls, and is not easily hacked anonymously.

   + Restrict access of webmin and usermin to local networks so they are
     not vulnerable to outside attack.  These services are available to
     people outside connecting with OpenVPN.

Cross Site Attacks (CSRF, XSS) make webmin very vulnerable in this
scenario.  It is a bad idea to use a single browser.  If in Firefox,
you already logged in to webmin and browse to a malicious site (many
reputable sites unknowingly have malicious javascript -- see
HoneyNet), the malicious site could do nasty things via webmin or any
other internal webserver.  Yes, NoScript may help, but NoScript has to
be updated daily and Firefox restarted.

The best practice is to Install three separate browser application
such as Epiphany or Dillo  and only use this for internal websites.
Use Firefox for email.  Use Chrome for everything else.  The idea is
to have completely separate processes using completely separate memory
and harddrive locations.

I don't think there are many malicious variants of InvisibleThings's
BluePill or BlueChicken, but if a malicious variant can elevate itself
to become the Hypervisor, then all of your virtual machines could be
monitored by a HyperKit -- rootkit in the hypervisor.  Again, i don't
know if there are many malicious in-the-wild versions of bluepill, but
if just one malicious vmware image is uploaded to the Amazon EC2, then
every other VM on that same hardware at Amazon can be controlled by a
hyperkit.  InvisibleThings are professional security researchers in
Poland, so

[CentOS] xrdp in EPEL

2009-08-15 Thread Rob Townley

xrdp is a service that allows you to use mstsc or rdesktop to view
your Linux desktop from afar.

xrdp is packaged for Fedora and EPEL

http://koji.fedoraproject.org/koji/packageinfo?packageID=9026

now you can just type yum -y install xrdp to install it.

it's also available in EPEL repo (for redhat enterprise and centos)

https://fedoraproject.org/wiki/EPEL/FAQ#howtouse

I have only installed from source, haven't tried this rpm.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Embedded Question

2009-08-01 Thread Rob Townley

dynebolic.org LiveCD

KnoppMyth

On 8/1/09, Jason Pyeron jpye...@pdinc.us wrote:


 -Original Message-
 From: centos-boun...@centos.org
 [mailto:centos-boun...@centos.org] On Behalf Of Victor Padro
 Sent: Saturday, August 01, 2009 18:18
 To: CentOS mailing list
 Subject: Re: [CentOS] Embedded Question

 On Sat, Aug 1, 2009 at 4:59 PM, Joseph L.
 Casalejcas...@activenetwerx.com wrote:
  A friend asked me to setup an embedded appliance with an RO
 root for
  minimal maintenance to primarily stream shoutcast out to an amp.
 
  The only thing I knew that might do this is iMedia Linux, but the
  project is practically dead with little to no activity. Is
 it possible
  to do something like this with CentOS?
 
  Doesn't seem to be much info on the
 /etc/sysconfig/readonly-root file.

 Googled it:

 http://people.redhat.com/dmalcolm/stateless/

 
  Anyone know a good place to get info on this? I would rather use
  CentOS if possible as I also want to use this a
 firewall/vpn for them
  and that would be easy and reliable w/ CentOS.
 
  Thanks!
  jlc
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 

 Hi Joseph,

 Maybe it's not what you are looking for but there is a
 project named freenas which can provide a itunes server,
 uPnP, torrent server, among other things and it's based on
 m0n0wall(as pfSense is).

 http://www.freenas.org


 Greetings.

 --
 Linux User #452368
 Ubuntu User #28025

 Doing a thing well is often a waste of time.
 --
 --
 //HP Mini 2GB 60GB - Windows XP/Ubuntu Jaunty //Core 2 Duo
 2.40Ghz 8GB 500GB - Windows 7/Ubuntu Jaunty //Core 2 Duo
 2.40Ghz 8GB 320GB - MacOS Leopard //Athlon 64 2.7Ghz 8GB
 400GB - CentOS 5.3 //Core 2 Duo 1.86Ghz 8GB 1TB - Proxmox 1.3
 //Celeron 1.8Ghz 2GB 160GB - pfSense
 //NSLU2 266Mhz 32MB 1TB - Debian Lenny
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos





 --
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 -   -
 - Jason Pyeron  PD Inc. http://www.pdinc.us -
 - Principal Consultant  10 West 24th Street #100-
 - +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
 -   -
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 This message is copyright PD Inc, subject to license 20080407P00.

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Concerned 3 im clients were installed as dependencies.

2009-07-30 Thread Rob Townley

Worried, ran yum -y update expecting to get the bind update but am
concerned as to why the following instant messaging packages were
installed as dependencies.  All of the following are instant messaging
related except cyrus-sasl.

Jul 30 17:00:49 Installed: cyrus-sasl-md5-2.1.22-4.i386
Jul 30 17:00:49 Installed: meanwhile-1.0.2-5.el5.i386
Jul 30 17:00:50 Installed: libsilc-1.0.2-2.fc6.i386
Jul 30 17:00:54 Installed: libpurple-2.5.5-3.el5.i386
Jul 30 17:00:58 Installed: libpurple-perl-2.5.5-3.el5.i386

Did anybody else notice the install of im clients on practically
headless non-gui systems?
Any explanation?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Concerned 3 im clients were installed as dependencies.

2009-07-30 Thread Rob Townley

On Thu, Jul 30, 2009 at 5:27 PM, Christoph Maserc...@financial.com wrote:
 Am Freitag, den 31.07.2009, 00:21 +0200 schrieb Rob Townley:
 Worried, ran yum -y update expecting to get the bind update but am
 concerned as to why the following instant messaging packages were
 installed as dependencies.  All of the following are instant messaging
 related except cyrus-sasl.

 Jul 30 17:00:49 Installed: cyrus-sasl-md5-2.1.22-4.i386
 Jul 30 17:00:49 Installed: meanwhile-1.0.2-5.el5.i386
 Jul 30 17:00:50 Installed: libsilc-1.0.2-2.fc6.i386
 Jul 30 17:00:54 Installed: libpurple-2.5.5-3.el5.i386
 Jul 30 17:00:58 Installed: libpurple-perl-2.5.5-3.el5.i386

 Did anybody else notice the install of im clients on practically
 headless non-gui systems?
 Any explanation?

 We observed something similar. On some systems automatic update
 installed kernel-xen-devel on some of our systems. Seems like the yum
 repository metadata was broken at some point in time.

 Chris


 financial.com AG

 Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | 
 Germany
 Frankfurt branch office/Niederlassung Frankfurt: Messeturm | 
 Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
 Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) | Dr. 
 Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
 Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden 
 (chairman/Vorsitzender)
 Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID 
 number/St.Nr.: DE205 370 553
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Gosh, i miss Munich at this time of year.  Wish i was eating a roasted
chicken in the Chinese Pavillion right now!

Thanks.  Maybe i am being paranoid but Rootkits sending back their
loot via im isn't uncommon and this internet facing system is due for
a harddrive wipe anyway.  But after yum clean all and uninstalling all
the new im clients, then rerunning yum update resulted in no updates
found.  So that is good news.

Thank You Karanbir, Kwan, and Christoper.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PCI modems

2009-07-23 Thread Rob Townley

HylaFax.org's list of Analog/POTS SoftModems has a list of winmodems
mixed in with  just plain software.  (Digital Modems are for ISDN / T1
phone circuits, not home).  So you may want to ask their mailing list
and chat room.


Keeping in mind that hardware that works for one type of softmodem
project (voice) may not work for another (faxing).  Linux Gazette has
an article on a $10 dollaer Linux Answering Machine that says that
Intel 537-based modem (softmodem) works.  A PCI slot that does not
share interrupts is very important bc it will generate thousands of
interrupts.

External modems allow you to reset the modem without resetting the entire pc.

On 7/23/09, RedShift redsh...@pandora.be wrote:
 Hi all,


 I'm currently searching for a PCI modem that will be used to receive faxes.
 I've tried out a few modems but they all use conexant chipsets, which need
 out-of-tree kernel drivers and currently doesn't work here (kernel oops when
 the installation script modprobes the driver).

 Does anyone know of a PCI modem that works out of the box with in-tree
 kernel drivers?


 Thanks,


 Glenn

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help on start samba

2009-07-23 Thread Rob Townley

Why?  IIRC, I think the term is  ready for this    *Open Source *

Further, the samba project has added a great deal more than what is in
the standard RPMs.

On 7/23/09, Tom Brown t...@ng23.net wrote:



 what rpm did you use for this install?

 ---
 He did not use an rpm so he is on his on. He used the source tarball.



 one would wonder why
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need help on start samba

2009-07-23 Thread Rob Townley

On Thu, Jul 23, 2009 at 3:08 AM, Tran Van Hungtvhun...@yahoo.com.vn wrote:
 Hi!

 Thank for reply.
 But before I insalled samba by hand, as follow:
 -download samba source (.tar.gz)
 -unrar with tar command
 -build with ./configure
 -install with make

 -Then I configure /etc/samba/smb.conf by vi.
 -Then I create users with password.

 Issue I met when start samba as I wrote before:

 r...@maychu1 home]# /etc/rc.d/init.d/smb start

 Pls!

 Thank you  Best Regards,

 --
 Tran Van Hung
 IT Department
 REX HOTEL
 141 Nguyen Hue Blvd, Ho Chi Minh City, Vietnam
 Tel:(84-8)38292185 or (84-8)38293115
 Fax:(84-8)38296536
 Email: tvhun...@yahoo.com.vn
 Website:http//www.rexhotelvietnam.com
 **
 Cell Phone: 0983908262
 YM and Skype: tvhungsg

 
 From: Kwan Lowe kwan.l...@gmail.com
 To: CentOS mailing list centos@centos.org
 Sent: Wednesday, July 22, 2009 10:09:55 PM
 Subject: Re: [CentOS] Need help on start samba



 On Wed, Jul 22, 2009 at 10:52 AM, Tran Van Hung tvhun...@yahoo.com.vn
 wrote:

 Hello all!

 I have met inform as following. I see that no smb on init.d folder.

 [r...@maychu1 home]# /etc/rc.d/init.d/smb start
 bash: /etc/rc.d/init.d/smb: No such file or directory

 Pls help me how to have smb on init.d folder? Thank you.

 Thank you  Best Regards,

 You probably do not have the samba package installed. You can do:

 rpm -q samba

 If no packages are listed, do:

 yum -y install samba

 This will install the samba package which contains the /etc/rc.d/init.d/smb
 script.

 Instead of running the script directly, it's easier to do:

 service smb start



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos




Attached are RPM based /etc/init.d/smb and /etc/init.d/winbind which
are the text based shell scripts used to do things such as:
service smb start
service smb stop
service smb status

Of course, these are the RPM based ones which may have assumptions
that are not compatible with your source based version unless you edit
them.  Let me know if it works.
If you haven't done a man chkconfig, you may want to do that as well.

Don't forget the testparm command which checks /etc/samba/smb.conf for
proper syntax.

i believe the list blocks attachments, so i cced you on it directly.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is there an openssh security problem?

2009-07-10 Thread Rob Townley

On Fri, Jul 10, 2009 at 9:33 AM, Peter Kjellstromc...@nsc.liu.se wrote:
 On Friday 10 July 2009, Rob Kampen wrote:
 Coert Waagmeester wrote:
 ...
  it only allows one NEW connection to ssh per minute.
 
  That is also a good protection right?
 ...
 Not really protection - rather a deterrent - it just makes it slower for
 the script kiddies that try brute force attacks

 Basically it's not so much about protection in the end as it is about keeping
 your secure-log readable. Or maybe also a sense of being secure...

 It's always good to limit your exposure but you really have to weigh cost
 against the win. Two examples:

 Limit from which hosts you can login to a server:
  Configuration cost: trivial setup (one iptables line)
  Additional cost: between no impact and some impact depending on your habits
  Positive effect: 99.9+% of all scans and login attempts are now gone
  Verdict: Clear win as long as the set of servers are easily identifiable

 Elaborate knocking/blocking setup:
  Configuration cost: significant (include keeping it up-to-date)
  Additional cost: setup of clients for knocking, use of -p XXX for new port
  Positive effect: standard scans will probably miss but not air tight
  Verdict: Harder to judge, I think it's often not worth it

 Other things worth looking into are, for example, access.conf (pam_access.so)
 and ensuring that non-trivial passwords are used.

 my €0.02,
  Peter

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



Virtual Networks are such as tinc-vpn.org or hamachi create an
encrypted network only accessible to members of the virtual network.
So if your server's virtual nic has an address of 5.4.3.2, then the
only other host that may see your server would be your laptop with
address 5.4.3.3.  No other internet hosts would even see 5.4.3.2...
It is like IPSec, but much easier.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dhcp question

2009-07-09 Thread Rob Townley

On Wed, Jul 8, 2009 at 5:55 PM, Karanbir Singhmail-li...@karan.org wrote:
 On 07/08/2009 11:46 PM, John R Pierce wrote:
 for your use, dnsmasq would do nicely.   with the rpmforge repo
 configured...

 whats wrong with the dnsmasq already included in C5 ? ( I am guessing
 the target is c5 )

      # yum install dnsmasq
      # chkconfig dnsmasq on
      # service dnsmasq start

 Why not just use the caching-nameserver ?

 --
 Karanbir Singh : http://www.karan.org/  : 2522...@icq
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


There are db based nameservers such as MyDNS or djbdns or pdns.
MySQL db replication can replicate zones to other machines and it has
an web interface option.

pdns is authoritative only, not caching.  pdns-recursor is caching.

yum search pdns for ldap, db, geo,  and i thought a web interface.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

2009-06-29 Thread Rob Townley

On Mon, Jun 29, 2009 at 9:00 AM, Sander Snelzander.s...@gmail.com wrote:
 On 06/27/2009 09:21 PM, Mag Gam wrote:

 sane and simple security management for linux systems:
 1. only open ports in iptables which are being used, if possible with
 source address or source network.
 2. use hosts.allow/deny rules for services if applicable, this adds
 another layer of security.
 3. check logs often, use a central loghost
 4. SSH: no root login, only dedicated users, only dedicated source
 addresses, only key based access or kerberized access, no standard port

PortKnocking so the open port changes continuously.

and / or

tinc-vpn / hamachi so the port is only open to another member of your
tinc network.  Since there there are hundreds-of- thousands or
millions of infected web servers out there serving up malicious
drive-by javascript, use noscript on any machine connected to a
server.

Reemphasize watching cms (joomla and the like) plugins.



 5. enable SELinux
 6. use some kind of intrusion detection, like aide (standard in centos)
 or snort
 8. use fail2ban to deny ipaddresses with several failed login attempts
 within a short period of time
 9. clear your shell's history on logout
 10. use sudo instead of su -
 11. check bastille.org for hardening
 12. check center for internet security for benchmarks, they provide very
 detailed information for hardening servers ( csisecurity.org )
 13. use chattr -i for several key configuration files, so they cannot be
 changed or deleted

 this should get you started, good luck

 Sander

 WE have a centos 5.3 install, and our server is keep getting hacked.
 We see load averages of 500+ and see people from all over the world
 logging into our server (used last).

 Is there a good place to start to avoid these kinds of things?

 For example, here is what I already did.

 Open up sshd port only
 setup iptables to only accept port 80 and 22
 No FTP
 No other ports are allowed according to IP Tables.


 I am not sure what else measures I can take. Can someone please assist?

 TIA
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Set hostname via DHCP ?

2009-06-28 Thread Rob Townley

# i do NOT have any kind of use-host-decl-names on; entry.  Do you use
dnsmasq or dhcpd?
# /etc/dhcpd.conf   Not sure if a dnsmasq entry would be the same anymore.
host babasse {
hardware ethernet 00:0d:61:ae:6b:8f;
fixed-address 192.168.1.249;
option host-name
PutClientHostNameHereNotSureIfItHasToBeSameAsAbove-babasse;
}

#Don't remember what happens when a linux client machine has already
been configured.
#But know for a fact that all pxe booted and live linux booted and
Windows Vista and WinXP
#machines use the hostname from the dhcpd entry.

On Sun, Jun 28, 2009 at 10:38 AM, Niki Kovacscont...@kikinovak.net wrote:
 Hi.

 I just setup one of my machines as a DHCP server. I'd like it to handle
 the hostnames of clients. Don't know if this is an orthodox thing to do
 (feel free to add your comments :oD). Here's the server's relevant lines
 of dhcpd.conf:

 --8---
 ...
 # Envoyer les noms d'hôtes aux clients
 use-host-decl-names on;

 # Adresses statiques
 host babasse {
   hardware ethernet 00:0d:61:ae:6b:8f;
   fixed-address 192.168.1.249;
 }
 --8---

 Now the question is: how should the configuration look like on the
 client side, so the hostname gets effetively fetched from the DHCP
 server? During the initial install, I assigned hostnames manually to
 every machine.

 Cheers,

 Niki Kovacs
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Linux WYSIWYG HTML Editors

2009-06-28 Thread Rob Townley

On Sun, Jun 28, 2009 at 4:48 PM, Ned Slidern...@unixmail.co.uk wrote:
 Lanny Marcus wrote:
 I have KomPozer installed, but after using M$ FrontPage for years,
 KomPozer looks like it is going to have a learning curve and I want to
 get away from FrontPage and Windows.  I know Mark (MHR) uses
 SeaMonkey. Wondering if there is anything else I can use on Linux that
 is easier on a FrontPage user. I found this article:
 http://webdesign.about.com/od/htmleditors/tp/aatpwyslinux.htm when I
 googled. Recommendations?  TIA!

 What's wrong with your favourite text editor and preview in Firefox?

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


It always seemed to me that the only logical reason for FrontPage to
purposely mess up the tag order was in the hopes that someday M$ would
be the only ones capable of detangling it.  Without FrontPage
generating such messy html, i think you will find hand editing
html/xhtml/xml to be not so difficult.  O'Reilly's Head First HTML css
and xhtml is a good book. http://www.headfirstlabs.com/books/hfhtml/

eclipse and some plugins as documened here:
http://web-design.lovetoknow.com/Eclipse_HTML_Editor
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] good small registrar?

2009-06-24 Thread Rob Townley

GoDaddy switched to all windows servers according to NetCraft.com.
Look at NoDaddy.com

On Tue, Jun 23, 2009 at 8:16 PM, fmb fmbfee...@googlemail.com wrote:
 networksolutions is another good/pricey option...you can get good cs service
 if you called them, yet I prefer godaddy

 On Wed, Jun 24, 2009 at 3:22 AM, Eugene Vilensky evilen...@gmail.com
 wrote:

 Greetings,

 What are some  registrars that members of this list have had good
 experience with?  I was stepping through the godaddy checkout process, and
 being opted-in to a dozen different upsell features just left a bad
 impression.  But I have no clue who else to go with.

 -Eugene

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Windows Vista Tablet PC linux alternative

2009-06-12 Thread Rob Townley

On Fri, Jun 12, 2009 at 11:17 AM, Toshtoshli...@gmail.com wrote:
 Sorin Srbu wrote:
 That sounds about right. You get a textbox to write in and it will dump the
 input to whatever editor you set?
 Yes, it can dump the text to anything where you can use a normal keyboard.

 xournal, is a good replacement for onenote, but doesn't have the
 conversion handwriting to text

 Don't know about Onenote. Is that part of the text input in Vista Tablet or
 something?
 It is a part of office, m$ distributes it freely to students at our
 university, so all my friends use it, I convert their notes to pdf and
 enjoy with xournal

 --
 Toshaan toshli...@gmail.com - http://www.toshaan.be
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Just FYI,

While setting up CloneZilla on CentOS, i noticed that the Colorado
School of mines uses Ubuntu on TabletPCs extensively and even modified
a wacom driver for a 2007 version of Ubuntu.  They also have a guide
on imaging using drbl / CloneZilla.
http://ticc.mines.edu/csm/wiki/index.php/Imaging_Guide

Modified Wacom Driver:
http://ticc.mines.edu/csm/wiki/index.php/Custom_Tablet_Software

http://ticc.mines.edu/csm/wiki/index.php/Tablet_PC_Resources
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LZMA for CentOS 5.3 repository or source or rpm

2009-06-08 Thread Rob Townley

i need lzma compression for CloneZilla, but have not found it in any
CentOS repository.  The Finnish website was down and when up, it does
not do much english.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

2009-04-17 Thread Rob Townley

On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssi...@sgvwater.com wrote:
 on 4-17-2009 9:33 AM Lanny Marcus spake the following:
 On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
 centos4b...@triad.rr.com wrote:
 On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
 On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters 
 mpeters-ee4meeah...@public.gmane.org wrote:
 snip
 My experience is that when browsing on any OS and you come across an
 error message stating that your computer is infected and you need to
 install such and such software, the web site I was visiting has an XSS
 exploit that was taken advantage of to try and get you to manually
 install a piece of malware.

 Install the FireFox extension noscript and be very careful about what
 domains you authorize scripting from.

 I now have NoScript installed.

 snip
 You might want to also check your preferences. FF has settings about
 warning about fraud sites etc. You also can affect the things that
 javascripts can do and suppress pop-ups. I've encountered those things
 that you mentioned and gotten no ill-effects since I just leave the site
 immediately.

 Bill: I will double check the Firefox configuration settings, since I
 upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
 to visit that web site, so if anything bad is coming from it (without
 the knowledge of the webmaster) I will hopefully avoid it, with the
 NoScript Firefox extension which I just installed. Lanny

 Noscript will give you an idea of just how many sites run a script of some
 kind. You will see a large part of sites just look different when the scripts
 don't run, and some don't function at all. Not that it is a bad thing, it will
 just make you think a lot.


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



Remember the NeXT step days (for me, mid 90's) when a single
executable binary file contained both intel and PowerPC/Motorola code.
 When clicked, it would execute the intel code on the intel platform
and the PowerPC/Motorola code on the PowerPC/Motorola platform.  I
think it would be cool to have Portable App executables that run under
both Linux and Windows because life would be easier, but the security
problem would be too much of a downside -- a single binary that roots
both Linux and Windows.

It is easy to write an executable binary for Linux that ends in .exe -
so that is don't think that is any protection at all.

Clicking Cancel on these dialogs or X could still launch the
executable - safest thing to do would be to kill firefox.

Further recommend NoScript and SiteAdvisor simultaneously.  Recommend
against wine and even more so against the Internet Explorer
whatchamacallit for Firefox including on wine.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

2009-04-17 Thread Rob Townley

On Fri, Apr 17, 2009 at 2:30 PM, Robert Heller hel...@deepsoft.com wrote:
 At Fri, 17 Apr 2009 14:07:31 -0500 CentOS mailing list centos@centos.org 
 wrote:


 On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva ssi...@sgvwater.com wrote:
  on 4-17-2009 9:33 AM Lanny Marcus spake the following:
  On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
  centos4b...@triad.rr.com wrote:
  On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
  On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters 
  mpeters-ee4meeah...@public.gmane.org wrote:
  snip
  My experience is that when browsing on any OS and you come across an
  error message stating that your computer is infected and you need to
  install such and such software, the web site I was visiting has an XSS
  exploit that was taken advantage of to try and get you to manually
  install a piece of malware.
 
  Install the FireFox extension noscript and be very careful about what
  domains you authorize scripting from.
 
  I now have NoScript installed.
 
  snip
  You might want to also check your preferences. FF has settings about
  warning about fraud sites etc. You also can affect the things that
  javascripts can do and suppress pop-ups. I've encountered those things
  that you mentioned and gotten no ill-effects since I just leave the site
  immediately.
 
  Bill: I will double check the Firefox configuration settings, since I
  upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
  to visit that web site, so if anything bad is coming from it (without
  the knowledge of the webmaster) I will hopefully avoid it, with the
  NoScript Firefox extension which I just installed. Lanny
 
  Noscript will give you an idea of just how many sites run a script of some
  kind. You will see a large part of sites just look different when the 
  scripts
  don't run, and some don't function at all. Not that it is a bad thing, it 
  will
  just make you think a lot.
 
 
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 
 

 Remember the NeXT step days (for me, mid 90's) when a single
 executable binary file contained both intel and PowerPC/Motorola code.
  When clicked, it would execute the intel code on the intel platform
 and the PowerPC/Motorola code on the PowerPC/Motorola platform.  I
 think it would be cool to have Portable App executables that run under
 both Linux and Windows because life would be easier, but the security
 problem would be too much of a downside -- a single binary that roots
 both Linux and Windows.

 There is something called a StarKit that can be used to encapsulate
 Tcl/Tk programs. The StarKit can be treated as an executable that will
 run on any machine with a suitable Tclkit installed.  It is also
 possible to combine the Tclkit with the StarKit, creating a StarPack,
 which is a self-contained executable.


 It is easy to write an executable binary for Linux that ends in .exe -
 so that is don't think that is any protection at all.

 Linux does not care about file *names*.  A file is executable if its x
 bit is set AND it is recognized as an executable.  That is one of:

 1) file with the magic 'ELF' header (the # bits, bit order, and arch
 have to match what your kernel can deal with)
 2) a Java jar file (if you have Java installed and configured for this usage)
 3) a MS-Windows executable (if you have Wine installed AND the path is
 somewhere that maps to a MS-Windows drive AND Wine is configured for
 this usage)
 4) an ASCII file with a '#!' as its first line and the path there names an
 executable file.

 MacOSX also supports 'universal binaries' (binaries that run on Intel or
 PowerPC processors).


 Clicking Cancel on these dialogs or X could still launch the
 executable - safest thing to do would be to kill firefox.

 Further recommend NoScript and SiteAdvisor simultaneously.  Recommend
 against wine and even more so against the Internet Explorer
 whatchamacallit for Firefox including on wine.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



 --
 Robert Heller             -- 978-544-6933
 Deepwoods Software        -- Download the Model Railroad System
 http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
 hel...@deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Robert Heller, excellent post!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.3 samba: getent does not return data from the active directory (ads)

2009-04-08 Thread Rob Townley

Have you browsed the LDAP entries in ActiveDirectory to see if they
match similar entries for working windows hosts.  Under the computer
entry, look carefully at dnsHostname and servicePrincipalName.  For a
server, there are many many entries for these two variables.  CIFS/x2,
HOSTx2, LDAPS?/, . and so on.

On 4/7/09, Jason Ellison info...@gmail.com wrote:
 CentOS 5.3 getent does not return data from the active directory (ads)

   I have installed and configured kerberos and samba so that the
 server can be a member of an existing Active Directory (AD).  Correct
 configuration of kerbos was verified using kinit and klist.  The samba
 configuration was verified by using smbclient -k -L server.  winbind
 was verified by using wbinfo -g.  The problem seems to be nsswitch
 accessing winbindd to get group information via the getent group
 command.  I added winbind to the /etc/nsswitch.conf file like so:

 [r...@nagios ~]# grep winbind /etc/nsswitch.conf
 passwd: files winbind
 shadow: files winbind
 group:  files winbind

I verified that all dynamic libraries are being accessed correctly
 by using strace getent group.

   Below is the debug output of winbindd when issuing various commands
 that interact with it.  The commands are noted in (parenthesis).

 (winbindd -i -d 9)

 00a0 status: NT_STATUS_OK

 (getent group command issued)

 accepted socket 17
 [17171]: request interface version
 [17171]: request location of privileged pipe
 accepted socket 18
 [17171]: setgrent
 [17171]: endgrent

 (getent passwd command issued)

 accepted socket 17
 [17172]: request interface version
 [17172]: request location of privileged pipe
 accepted socket 18
 [17172]: setpwent
 [17172]: endpwent

 (winbindd -i -d 9)

 00a0 status: NT_STATUS_OK

 (wbinfo -g command issued)

 accepted socket 17
 [17158]: request interface version
 [17158]: request location of privileged pipe
 accepted socket 18
 [17158]: list groups
 get_sam_group_entries: BUILTIN or local domain; enumerating local groups as
 well
 Attempting to register passdb backend ldapsam
 Successfully added passdb backend 'ldapsam'
 Attempting to register passdb backend ldapsam_compat
 Successfully added passdb backend 'ldapsam_compat'
 Attempting to register passdb backend NDS_ldapsam
 Successfully added passdb backend 'NDS_ldapsam'
 Attempting to register passdb backend NDS_ldapsam_compat
 Successfully added passdb backend 'NDS_ldapsam_compat'
 Attempting to register passdb backend smbpasswd
 Successfully added passdb backend 'smbpasswd'
 Attempting to register passdb backend tdbsam
 Successfully added passdb backend 'tdbsam'
 Attempting to find an passdb backend to match tdbsam (tdbsam)
 Found pdb backend tdbsam
 pdb backend tdbsam has a valid init
 get_sam_group_entries: Returned 2 local groups
 get_sam_group_entries: BUILTIN or local domain; enumerating local groups as
 well
 get_sam_group_entries: Returned 0 local groups
 get_cache: Setting ADS methods for domain COMPANY
 ads: enum_dom_groups


 NOTES:

 [r...@nagios ~]# uname -a
 Linux nagios.hq.company.local 2.6.18-128.1.6.el5xen #1 SMP Wed Apr 1
 09:53:14 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

 [r...@nagios ~]# rpm -qa samba krb* nss*
 nss_db-2.2-35.3
 nss_db-2.2-35.3
 krb5-libs-1.6.1-31.el5
 nss-tools-3.12.2.0-4.el5.centos
 nss_ldap-253-17.el5
 krb5-libs-1.6.1-31.el5
 samba-3.0.33-3.7.el5
 krb5-auth-dialog-0.7-1
 nss-3.12.2.0-4.el5.centos
 nss-3.12.2.0-4.el5.centos
 nss_ldap-253-17.el5
 krb5-workstation-1.6.1-31.el5
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] need trouble ticket system

2009-03-31 Thread Rob Townley

Since many tickets have complex interdependencies, do any tracking
systems  happen to integrate directly with FreeMind?

On 3/30/09, Steve Lindemann st...@marmot.org wrote:
 Dhaval Thakar wrote:
 Hi,

 I need to implement trouble tracking system,
 we have 250 users in one premise  3 desktop support technicians.

 I need to implement trouble ticket system, where user will enter their
 application / other issues. Mail will be sent to technician available on
 duty.
 trouble ticket will be provided to user  will be given close stat once
 resolved.

 Kindly suggest me one such application based on open source.

 While I'll admit it takes some tweaking for the purpose, I'm surprised
 no one has mentioned bugzilla.  It's a little bit of work to setup as a
 helpdesk trouble ticket system, but it does work at the task reasonably
 well.  When I put it up here there wasn't as much to choose from that
 provided the flexibility we needed then.  The only real grief I've seen
 is the multiple checks required to fully close a ticket (bug) are a bit
 much for a typical helpdesk.  They make perfect sense when dealing with
 software bugs... 8^)

 We've been looking at replacing it with something less complex but
 haven't found anything yet that makes it worth the trouble for us to
 change.  Try several and find the one that works for you.
 --
 Steve Lindemann __
 Network Administrator  //\\  ASCII Ribbon Campaign
 Marmot Library Network, Inc.   \\//  against HTML/RTF email,
 http://www.marmot.org  //\\  vCards  M$ attachments
 +1.970.242.3331 x116



 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba and iptables - woes

2009-03-31 Thread Rob Townley

The poster suggesting a lopsided interfaces is correct.  Look at
incoming vs outgoing packets via
ifconfig -a.
  Use /sbin/ip to fix it.  Since the subnet is the same, u need a
/sbin/ip rule.

On 3/31/09, Rob Kampen rkam...@kampensonline.com wrote:


 Craig White wrote:
 On Tue, 2009-03-31 at 00:19 -0400, Rob Kampen wrote:

 Hi folk,
 I am trying to get iptables working on a samba server but find it is
 blocking something that prevents the windoze clients from being able to
 access the share.
 here are the bits from iptables:

 # nmb provided netbios-ns
 -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1
 --dport 137 -j ACCEPT
 # nmb provided netbios-dgm
 -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1
 --dport 138 -j ACCEPT
 # Samba
 -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
 eth1 --dport 135 --state NEW -j ACCEPT
 # smb provided netbios-ssn
 -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
 eth1 --dport 139 --state NEW -j ACCEPT
 # smb provided microsoft-ds
 -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
 eth1 --dport 445 --state NEW -j ACCEPT

 so as far as I can tell this should provide access to the required
 services.
 BTW the server has two NICs; 100Mb is eth0 at 192.168.230.230 and
 connects to the router with internet/NAT firewall; 1Gb is eth1 at
 192.168.230.232 and this connects to a G ethernet switch that has the
 windoze clients.
 The smb.conf is as follows:
  [global]
 workgroup = NDG
 netbios name = SAMBA
 netbios aliases = Samba
 server string = Samba Server Version %v
 interfaces = lo, eth1, 192.168.230.232
 bind interfaces only = Yes
 security = DOMAIN
 obey pam restrictions = Yes
 passdb backend = tdbsam
 pam password change = Yes
 log file = /var/log/samba/%m.log
 max log size = 50
 load printers = No
 add user script = /usr/sbin/useradd %u -n -g users
 delete user script = /usr/sbin/userdel %u
 add group script = /usr/sbin/groupadd %g
 delete group script = /usr/sbin/groupdel %g
 delete user from group script = /usr/sbin/userdel %u %g
 add machine script = /usr/sbin/useradd -n -c Workstation (%u)
 -M -d /nohome -s /bin/false %u
 logon path =
 domain logons = Yes
 os level = 32
 preferred master = Yes
 domain master = Yes
 dns proxy = No
 wins support = Yes
 ldap ssl = no
 create mask = 0664
 directory mask = 0775
 hosts allow = 127., 192.168.230., 192.168.231.
 case sensitive = Yes
 browseable = No
 available = No
 wide links = No
 dont descend = /

 [homes]
 comment = Home Directories
 valid users = %S
 read only = No
 browseable = Yes
 available = Yes

 [NDG]
 comment = NDG files
 path = /NDG
 write list = @NDGstaff, @birdseye
 read only = No
 browseable = Yes
 available = Yes

 I found that making the rule for port 139 ignore the eth port (i.e.
 remove the -i eth1) allowed things to work better, but do not want this
 to be the case as I do not want the eth0 interface to be used for this
 traffic.
 looking at netstat -l -n shows only lo and eth1 listening on port 139,
 so how is this failing to work??
 Any ideas?
 Thanks

 
 I don't believe that you want to use comma separators in things like
 'bind interfaces' or 'interfaces' - it doesn't seem that samba is
 consistent here.


 removed
 I have never used two separate hardware network interfaces on the same
 subnet and suspect that it may actually be trying to communicate back
 from the wrong one which is confusing things. Also, it doesn't make
 sense to list both eth1 and the actual ip address in bind interfaces but
 I would tend to doubt that would be a problem.

 Try taking eth0 down (as root - ifdown eth0) and see if that fixes the
 problem.
 tried this and things appear to work okay, so I guess I need to split my
 subnet into two..
 Some further thinking required here. I have an almost identical set up
 in my home and actually tried all this there first, as I do not want my
 business impacted. So it appears to work fine at home but not at the
 office, some more testing required. I have only two windoze machines at
 home and neither access the server, so I'll have to contrive a setup
 that tries this out properly. Will keep you posted.


 Also, I'm not sure why some of the firewall rules include --state NEW
 and some of the don't - that doesn't fully make sense to me.

 state NEW is irrelevant for udp as it is a single direction with no
 handshaking such as tcp has - i.e. connectionless?
 Craig

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] command line programs for ldap

2009-03-28 Thread Rob Townley

On Sat, Mar 28, 2009 at 1:24 PM, Jerry Geis ge...@pagestation.com wrote:

 On Sat, Mar 28, 2009 at 12:57 PM, Jerry Geis geisj at pagestation.com 
 http://lists.centos.org/mailman/listinfo/centos wrote:
 / Hi all. I am looking for some command line programs (pre made)
 // that will connect to an ldap server and list out the users in question
 // provided by the search argument given.
 /
 What wrong with getent passwd?

 ldapsearch uid=*whatever* ?

 ldapsearch was the command I was finding on oracles web page.

 whereis ldap on my machine produced nothing.

 yum provides ldapsearch produced nothing
 then I remembered I needed yum provides */ldapsearch and found
 openldap-clients

 Thanks

 Jerry
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


You may want to look at python-ldap and the apps based on it.
http://python-ldap.sourceforge.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] error when join my Centos machine to win2003 ADS server

2009-03-26 Thread Rob Townley

2009/3/26 fabian dacunha fab...@baladia.gov.kw:

 Dear All,

 I have succesfully managed to have my kerberos configured n working
 without error when i say

 kinit Administrator
 and after entering password it works fine

 my krb5.conf
 --

 [logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 [libdefaults]
  default_realm = BALADIA.LOCAL
  dns_lookup_kdc = false

  dns_lookup_realm = false
 [realms]
 BALADIA.LOCAL = {
   default_domain = baladia.local
  kdc = 172.16.2.227:88
  admin_server = 172.16.2.227:749
  kdc = KMUN
 }

 [domain_realm]
 baladia.local = BALADIA.LOCAL

 

 klist shows

 icket cache: FILE:/tmp/krb5cc_0
 Default principal: administra...@baladia.local

 Valid starting     Expires            Service principal
 03/26/09 11:33:04  03/26/09 21:33:18  krbtgt/baladia.lo...@baladia.local
        renew until 03/27/09 11:33:04


 Kerberos 4 ticket cache: /tmp/tkt0
 klist: You have no tickets cached

 

 now i configured /etc/samba/smb.conf but when i try to join the domain

  net ads join -U Administrator
 Administrator's password:
 [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
 Failed to join domain: No logon servers

 after googling and tryin various options in /etc/samba/smb.conf file here
 is the latest smb.conf file
 -

 [global]
 #--authconfig--start-line--

 # Generated by authconfig on 2009/03/26 12:50:28
 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
 # Any modification may be deleted or altered by authconfig in future

   workgroup = BALADIA.LOCAL
 ;   password server = kmun.baladia.local
   password server = 172.16.2.227
   realm = KMUN.BALADIA.LOCAL
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   winbind separator = +
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
   encrypt passwords = yes
  log level = 3
 #--authconfig--end-line--
        encrypt passwords = yes
       dns proxy = no
       server string = Samba Server Version %v
       os level = 20
      client use spnego = no
        server signing = auto

 --

 where i could be goin wrong
 i would be thankful and really apprecite your advice for any setting in my
 smb.conf file

 Is there anything else to check

 when i run testparam it gives no errors

 thnks and Regards

 Fabian








 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



Can you get to the ADS netlogon share?  It is //domainname/netlogon
which may be
//baladia.local/netlogon/on your network.

//172.16.2.227/netlogon ?

Further, even connecting WinVista to a domain will sometimes require
raw editing of the hosts properties in LDAP.   SysInternal's
adexplorer.exe or jexplorer (don't use java 1.6) are good at this.
Specifically, you will want to make sure dnsHostName and
servicePrincipalName (SPN) are correct.  If not, these tools with the
domain admin privilege will let you edit these ldap entries directly.
Use a known good ADS connected node as an example.

There is a list of apps based on python-ldap at
http://python-ldap.sourceforge.net/apps.shtml
Some of those would provide adexplorer.exe type functionality, but i
haven't tried them for editing.  Hmmm, now i wonder if they work at
all with Samba b/c python hooks were removed in Samba 3.2.0 due to
lack of maintenance???

I would like a script that could be run on a Windows ADS server, a ADS
domain connected windows client, and linux.  The script would generate
and verify everything needed to successfully connect.  SASL required?
Unsecured or Secured auth?   kerberos and ldap identifiying info.
ldapenum.pl was an attempt at this.

You will want to read the announcement for Samba 3.2 which i am not
sure if 3.2 is in the CentOS release repo or not.  i ended up using
fc9/fc10 for ads joins.  EnterpriseSamba.com may still be your best
bet for CentOS.
http://lists.samba.org/archive/samba-announce/2008/000145.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Acrobat Reader 9 on Centos 4.7

2009-03-26 Thread Rob Townley

On Thu, Mar 26, 2009 at 9:04 AM, tblader tbla...@flambeau.com wrote:
 Hello,
 Anyone know how to get Acrobat 9 running* on Centos 4.7?
 Looks like a libc conflict:

   /Adobe/Reader9/Reader/intellinux/bin/acroread: error while loading shared \
   libraries: /apps/Adobe/Reader9_libs/libstdc++.so.6: requires glibc 2.5 or 
 later dynamic linker

 Thanks
 Thomas

 [*] - http://www.us-cert.gov/cas/techalerts/TA09-051A.html
 --

 Flambeau Inc. Technology Center - Baraboo, WI
 Email    : tbla...@flambeau.com
 Keyserver: http://pgp.mit.edu KeyID: 0x00E9EC2C
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


r u using the Adobe Repository?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

2009-03-25 Thread Rob Townley

On Wed, Mar 25, 2009 at 3:52 AM, Spook ZA spoo...@gmail.com wrote:
 Hi Rudy

 2009/3/25 Rudi Ahlers rudiahl...@gmail.com:
 Hi all,

 I've been asked by a college to setup a monitor to monitor a Windows
 network, but on internet usage. They want to have detailed usage, i.e.
 on a per IP / PC basis, and if possible to get stats for every
 protocol, and see over a period of time what goes on.

 My first though wat ntop, which does all of this, but it doesn't save
 the data in a DB, so if the server reboots the stats are reset to 0. I
 also can't get Cacti to give me stats per IP  per protocol (unless
 someone knows how todo this).

 I don't yet know the full network layout, but I have a feeling they're
 using ADSL, and have a Windows Small Business server with ISA, and
 possible Exchange as well. So, I'm either going to put a CentOS box
 between the Windows box  ADSL router, or maybe even setup a CentOS
 Vmware Virtual PC, force all the network to route via the VPS.

 Does anyone have some suggestions / experience in setting up something
 like this?

 P.S. Please don't look at the fact that there's Windows on the
 network. I use Linux for business purposes, not as a hobby, and we
 also use Mac  Windows where the situation calls for it.

 --

 Kind Regards
 Rudi Ahlers

 If your firewall / border gateway is running linux, have a look at:

  http://www.networkuptime.com/tools/netflow/

 You need an exporter that will export linux netflow records and
 software that will collect and present the resultant data.

 Regards,
  Andrew.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


When you mention college internet usage, i thought of Caida.org and
CoralReef.  But that is more for scientific investigations of internet
usage in general.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] help on kerberos5

2009-03-25 Thread Rob Townley

On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu
m3fr...@thesandhufamily.ca wrote:
 On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
 my domain name is=== baladia.local
 Windows 2003 AD server computer name is kmun

 my /etc/krb5.conf file is

 
 [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log

 [libdefaults]
  ticket_lifetime=24000
  default_realm=BALADIA.LOCAL
  dns_lookup_realm = false
  dns_lookup_kdc = false

 [realms]
  BALADIA.LOCAL={
   kdc=172.16.2.227:88
 #  admin_server=kmun.baladia.local:749
   default_domain=BALADIA.LOCAL
   kdc=BALADIA.LOCAL
  }

 You only need one kdc here.  Choose one, comment/delete the other.

 [domain_realm]
 .baladia.local=BALADIA.LOCAL
 baladia.local=BALADIA.LOCAL

 kerberos  88/udp   kdc  # Kerberos key server
 kerberos  88/tcp   kdc  # Kerberos key server

 What are these kerberos lines for? Why have you put them here? They
 don't belong - comment/delete them.


 [kdc]
   profile = /var/kerberos/krb5kdc/kdc.conf

 [appdefaults]
  pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
  }

 kinit should work after making the changes above.

 Regards,

 Ranbir

 --
 Kanwar Ranbir Sandhu
 Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux
 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


it would be so much easier if all configuration files were written in
XML and by default would have an enforcing document type definition.
Self commenting, would make sure syntax is correct, and further could
ensure grammar is correct for the desired configuration.  Namespaces
can make XML less verbose;.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley

On Mon, Mar 23, 2009 at 9:05 PM, Christopher Chan
christopher.c...@bradbury.edu.hk wrote:

 * vlans
 * mstp or some well established form of per vlan spanning tree
 * acl's
 * port mirroring or what cisco calls span sessions
 * snmp
 * ssh enabled remote management
 * support w/ updates and bugfixes


 I need at least 48 ports per device and obviously would like them to be
 fast.  Most importantly, I'd like to know what you guys prefer as
 operations dudes and what pitfalls to avoid.  Also, are there other
 features you folks would demand to have in your switches that I haven't
 mentioned?  I can provide more information if you'd like.  Thanks.

 Oh, cost is sort of an issue (small/medium sized business) but right now
 insight from you guys is what's important and I can work out the cost
 issue later.  Thanks again.

 D-Link DGS-3100


 I ordered a number of these for the school where I work to place a
 number of Cisco 2960 10/100 switches.


 I am quite happy with them. Some of these switches are connected by
 multi-mode fibre.

 cheers,

 Christopher
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Every time i read these posts they are filled with contradictions in
that one person loves HP and hates CiscoLinksys while another hates
HP.  Let's get a more scientific approach.  Switch performance still
depends on the NICS in the client machines.  We all know a network is
a complex system.  Some of us claim to be computer scientists so
shouldn't we act like that instead of advertising for our vendors.

i would like to see real performance data via something like netperf
with client machines booted from a standardized LiveCD, then
peformance under their Linux Distribution and performance under
Windows.

Performance data would need to have details such as the NIC on the
client machine and other hw characteristics.  How many machines ran
the benchmark simultaneously.  Cat5e vs Cat6 or Fiber connected.

http://www.netperf.org   ( OpenSource started by HP, )
ftp://ftp.netperf.org/netperf/(Looks like 2.4.4 is the latest
version.  Not sure what 4.0.0 is)

http://sourceforge.net/projects/jnetperf  (java version of netperf)

There may be another project from some Italian Professor, but didn't
find it in my bookmarks.

Yes, there is the unix way of time dd ... but that wouldn't work for
windows clients and does not give enough details in terms of metrics.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley

On Tue, Mar 24, 2009 at 10:24 AM, Rainer Duffner rai...@ultra-secure.de wrote:
 Rob Townley schrieb:

 Every time i read these posts they are filled with contradictions in
 that one person loves HP and hates CiscoLinksys while another hates
 HP.  Let's get a more scientific approach.  Switch performance still
 depends on the NICS in the client machines.


 Uhm. No. Not any longer, AFAIK.
 At least, once you leave the SOHO region (AFAIK, the OP wanted = 48
 ports. I don't want to work in such a home-office, really...).

There are 48 port SOHO priced switches nowadays.  i am often not very
impressed by network performance and need standardized benchmarks to
figure out if there may be an issue at the NIC driver, switch or on up
to a virus shield.   It was either a ~2004 Dell Power magazine or
~2004 Network World article that mentioned that 3Com NICs didn't
perform well with Cisco switches and vice versa.  They also wrote
about other vendors and i don't remember any of them performing
extremely well across vendor.   Now that NICs are a commodity, the
problem could be worse.

 Backplane-performance is an issue.
 Especially with iSCSI.

 Also, as demonstrated, different switch-vendors offer different
 feature-sets at different price-levels.
 There's also the compatibility-question: if you already have a number of
 devices, the new ones must fit in well into the existing landscape
 (VLANs etc.pp.)



 Performance data would need to have details such as the NIC on the
 client machine and other hw characteristics.  How many machines ran
 the benchmark simultaneously.  Cat5e vs Cat6 or Fiber connected.



 That's already more variables in the equation than is healthy for a
 typical benchmark...


 http://www.netperf.org           ( OpenSource started by HP, )
 ftp://ftp.netperf.org/netperf/    (Looks like 2.4.4 is the latest
 version.  Not sure what 4.0.0 is)

 http://sourceforge.net/projects/jnetperf  (java version of netperf)

 There may be another project from some Italian Professor, but didn't
 find it in my bookmarks.

 Yes, there is the unix way of time dd ... but that wouldn't work for
 windows clients and does not give enough details in terms of metrics.


 Switch performance is extremely difficult to measure IMO. You need
 enough clients to make sure you're not accidentally measuring
 client-performance.

Agreed, this is a difficult complex system, but some baseline
measurements would still be worthwhile to rule out some problems.
Client NIC performance would be valuable info.


 In the end, the only thing that counts is real-world data. Netperf
 et.al. don't really provide a real-world scenario, where you have a
 mixture of packet-sizes and protocols.
 Same for artifical load/packet generators (ixia et.al).

netperf could use some work, but some generic baseline perf data would
still be very valuable to rule basic problems.   Somebody could post
an ethereal packet capture of varying packet sizes and protocols that
could be replayed on client machines.


 Because (almost) nobody has the time to do extensive tests, past
 real-world experience/performance data and word-of-mouth becomes an
 integral part in choosing such products.
 That, or you have enough money to buy everything from Cisco ;-)

In theory, pxe booting a test image on all machines in the lan (maybe
via drbl / CloneZilla) with netperf and running overnight could
automate this process.  The reality is that it can take much much more
time to track down where a performance bottleneck is on a
heterogeneous LAN.

What performance data are you referring to?



 Rainer


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

2009-03-24 Thread Rob Townley

On Tue, Mar 24, 2009 at 11:16 AM, Rainer Duffner rai...@ultra-secure.de wrote:
 Rob Townley schrieb:
 On Tue, Mar 24, 2009 at 10:24 AM, Rainer Duffner rai...@ultra-secure.de 
 wrote:

 Rob Townley schrieb:

 Every time i read these posts they are filled with contradictions in
 that one person loves HP and hates CiscoLinksys while another hates
 HP.  Let's get a more scientific approach.  Switch performance still
 depends on the NICS in the client machines.

 Uhm. No. Not any longer, AFAIK.
 At least, once you leave the SOHO region (AFAIK, the OP wanted = 48
 ports. I don't want to work in such a home-office, really...).


 There are 48 port SOHO priced switches nowadays.


 I see your point.
 I only imagined the home office that would need 48 ports ;-)


   i am often not very
 impressed by network performance and need standardized benchmarks to
 figure out if there may be an issue at the NIC driver, switch or on up
 to a virus shield.   It was either a ~2004 Dell Power magazine or
 ~2004 Network World article that mentioned that 3Com NICs didn't
 perform well with Cisco switches and vice versa.

 Hm. I think I saw something like that (I was at a site that used
 Catalyst 6500-switches to connect desktops - in 2001).
 Autosensing was useless...

   They also wrote
 about other vendors and i don't remember any of them performing
 extremely well across vendor.   Now that NICs are a commodity, the
 problem could be worse.



 Here, autosensing sometimes doesn't work. Then, you've got to set it
 fixed on both the client and the switch-port.



 What performance data are you referring to?



 What you gathered in the past from other switches on your LAN - and what
 you read on the internet ;-))
 I'm not a networking-guy (switches are done by someone else here).



 Rainer


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



You did read it because they autosensing was a big factor in the
article(s).  However, iirc, for some combinations of switches and nics
still didn't perform well with autosensing off.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rob Townley

http://httpd.apache.org/security/vulnerabilities_20.html

states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68.
i am no longer a httpd expert, but at least one of the security fixes
involves XSS attacks via malformed ftp commands.  I also realize that
redhat / centos may patch things separately from Apache and that the
sysadmin has  a great deal to do with how secure things are, but
almost 5 years?

Does the sysadmin for www.centos.org get paid?
HTTP/1.1 200 OK
Date: Sun, 22 Mar 2009 19:37:51 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Set-Cookie: PHPSESSID=f12ba53116e0f192b7653131d951a17d; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Connection: keep-alive

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

2009-03-22 Thread Rob Townley

On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell lesmikes...@gmail.com wrote:
 Rainer Duffner wrote:
 Am 22.03.2009 um 20:40 schrieb Rob Townley:

 http://httpd.apache.org/security/vulnerabilities_20.html

 states that Apache 2.0.52 is 4 years old and the latest version is
 2.0.68.
 i am no longer a httpd expert, but at least one of the security fixes
 involves XSS attacks via malformed ftp commands.  I also realize that
 redhat / centos may patch things separately from Apache and that the
 sysadmin has  a great deal to do with how secure things are, but
 almost 5 years?




 Download the src-RPM and make a checklist which CVEs are fixed and
 which not.
 (It's in a changelog-file somewhere - I don't remember the details,
 it's a while that I actually looked)

 Then, return here.

 Try:

 rpm -q --changelog httpd |less
 to see if it includes what you want to know before bothering with src rpms.

Thank You Les, that is an awesome info.


 --
   Les Mikesell
    lesmikes...@gmail.com

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Memory vs. Display Card

2009-03-09 Thread Rob Townley

On Mon, Mar 9, 2009 at 3:39 PM, Victor Padro vpa...@gmail.com wrote:


 On Mon, Mar 9, 2009 at 1:18 PM, Louis Lagendijk lo...@lagendijk.xs4all.nl
 wrote:

 On Sun, 2009-03-08 at 19:27 -0700, John R Pierce wrote:
  Rick wrote:
   In article 20090308031754.ga11...@bludgeon.org,
   Ray Van Dolson  centos@centos.org wrote:
  
  
   That sounds pretty strange.  Have you confirmed that removing the
   new
   memory allows you to run in runlevel 5 again?
  
  
   Yes, that's how I'm running right now.
  
 
  now, try taking out the OLD memory and putting in just the NEW memory.
  see how it runs that way.   if this works, try with the new 4GB as the 0
  bank, and the old 2GB as the 1 bank.
 
  also, in the BIOS, check the memory timings, I'd leave them all on
  'automatic' or 'default' or whatever the limited choices are in the
  Intel BIOS, trying to squeeze an extra clock out of CAS or whatever
  doesn't really help much under the best of conditions and it can
  destabilize a system under suboptimal conditions.
 
 When you use 4 banks of memory, some boards require slower settings.
 Tweaking the voltage may help there I guess, but I would opt for the
 slower settings. I recall that my BIOS chose a slower memory setting
 when I added 4G to my small server at home that already had 2G That
 system has been rock stable (except for my Sun quad ethernet that had
 problems with the Xen kernel due to MMIO issues. I solved that by
 ditching the Sun card and using a vlan capable switch with vlan trunking
 so that I no longer need so may ethernet interfaces)

 Louis

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

 have you read your technical product specifications?
 http://www.intel.com/support/motherboards/desktop/d975xbx2/sb/CS-029346.htm
 it states that the supported memory modules are only 2GB top

 Table 4 lists the supported DIMM configurations.
 Table 4. Supported Memory Configurations
 DIMM
 Capacity
 Configuration
 (Note 1)
 SDRAM
 Density
 SDRAM Organization
 Front-side/Back-side
 Number of SDRAM
 Devices (Note 2)
 128 MB SS 256 Mbit 16 M x 16/empty 4 [5]
 256 MB SS 256 Mbit 32 M x 8/empty 8 [9]
 256 MB SS 512 Mbit 32 M x 16/empty 4 [5]
 512 MB DS 256 Mbit 32 M x 8/32 M x 8 16 [18]
 512 MB SS 512 Mbit 64 M x 8/empty 8 [9]
 512 MB SS 1 Gbit 64 M x 16/empty 4 [5]
 1024 MB DS 512 Mbit 64 M x 8/64 M x 8 16 [18]
 1024 MB SS 1 Gbit 128 M x 8/empty 8 [9]
 2048 MB DS 1 Gbit 128 M x 8/128 M x 8 16 [18]
 Notes:
 1. In the second column, “DS” refers to double-sided memory modules
 (containing two rows of SDRAM)
 and “SS” refers to single-sided memory modules (containing one row of
 SDRAM).
 2. In the fifth column, the number in brackets specifies the number of SDRAM
 devices on an ECC DIMM

  So your 4GB module is not supported... you should use 4x2GB modules in
 order to see an improvement(always using pairs, remember it's dual channel).

 cheers


 --
 It is human nature to think wisely and act in an absurd fashion.

 Todo el desorden del mundo proviene de las profesiones mal o mediocremente
 servidas

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



Victor seems to have found your problem.  But you might want to verify
there isn't a BIOS / firmware update for your motherboard.

memtest distributed with most systems is old.  One of the memtests was
recently updated to for the latest intel chipsets.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] regarding vpn server for 1500 clients

2008-12-21 Thread Rob Townley

On Sun, Dec 14, 2008 at 9:20 AM,  dhaval.tha...@networthdirect.com wrote:
 Hi list,


 I have to build vpn server for 1500 clients. No encryption necessary.
 can anyone please recommend me vpn server.

 I do not have experience on vpn.

 I have tested openvpn on my test setup,  its working fine.

 I want to check if there any other vpn server available.
 I have not checked but can pptp vpn be usefull?


 My requirement is to connect 1500 clients on vpn server.
 Need frontend to manage vpn clients.



 Regards
 Dhaval




 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


The open source tinc-vpn which is like Hamachi.  Could use a tun / tap
layer with 5.0.0.0/8 addresses.
Would never recommend PPTP because of the security issues and the
clients can't have the same subnet as the corporate lan for it to work
well.  Even if you do not need encryption, but just authentication,
pptp could be blown wide open.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] utility to find which /dev/videoX

2008-12-15 Thread Rob Townley

Not sure this helps b/c maybe u need a non human interactive method.

mplayer /dev/video0

lsusb -v

On 12/15/08, Ignacio Vazquez-Abrams ivazquez...@gmail.com wrote:
 On Mon, 2008-12-15 at 19:32 -0500, Jerry Geis wrote:
 is there a utility or SOME method to
 determine which /dev/videoX (like /dev/video0 or /dev/video1)
 is being used by a device???

 Example I have a USB camera and a USB TV module
 how do I determine which device is on /dev/video0 and which is on
 /dev/video1

 I have seen perhaps a way in dmesg but I am looking for the
 BEST way and the correct way.

 Look under /sys/class/video4linux.

 --
 Ignacio Vazquez-Abrams ivazquez...@gmail.com

 PLEASE don't CC me; I'm already subscribed

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] URGENT: libdvdcss install hosed /var

2008-12-11 Thread Rob Townley

On Thu, Dec 11, 2008 at 12:56 PM, MHR mhullr...@gmail.com wrote:
 I am running CentOS 5/2 (latest updates) with the GNOME DE on a 32-bit
 machine (at work).

 I have k3b installed, and I was trying to copy a DVD earlier this
 morning, but k3b said it couldn't read encrypted DVDs.

 So, I installed libdvdcss from rpmforge and restarted k3b.  It hung
 the system.  I rebooted, and / had been damaged.  After running e2fsck
 from the repair prompt, I rebooted and a whole slew of errors
 revolving around various /var directories that did not ecist occurred.

 I have been trying to repair /var, and so far with a fair modicum of
 success, but I've hit an interesting wall - two, actually.

 1) The gdm refuses to come up.  It claims that Server Authorization
 directory (daemon/ServAuthDir) is set to /var/gdm, but this does not
 exist

 However:

 # ll -d /var/gdm
 drwxrwx--T 2 root gdm 4096 Dec 11 10:31 /var/gdm
 # ll /var/gdm
 total 8
 -rw-r- 1 root root 45 Nov 26 10:47 :0.Xauth
 -rw-r--r-- 1 root root 63 Dec 11 09:14 :0.Xservers

 This is identical to my backup system (which is not surprising - I set
 up the dir and copied the files from here - was that a bad idea?).

 2) The following daemons fail to start: auditd, NFS statd, avahi and
 HAL.  I've tried to pin down why the avahi daemon won't start because
 it keeps logging permissions errors trying to create the pid file
 /var/run/avahi-daemon//pid, but the setup of /var /var/run and
 /var/run/avahi-daemon are all identical to this (backup) machine.  Any
 suggestions?

 Or is there a better, more comprehensive repair facility available?

 BTW, OT: Does anyone know why this might have happened?  I have all
 this installed at home, no problems whatsoever (libdvdcss works
 seamlessly with all my DVD tools, including k3b).

 Thanks!

 mhr
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Was SELINUX in enforcing mode?  Rebuilding directories and files that
previously had mandatory labels seems like it would cause problems
until labels were reapplied.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] URGENT: libdvdcss install hosed /var

2008-12-11 Thread Rob Townley

On Thu, Dec 11, 2008 at 2:29 PM, Lanny Marcus lmmailingli...@gmail.com wrote:
 On Thu, Dec 11, 2008 at 2:47 PM, MHR mhullr...@gmail.com wrote:
 snip
 unpacking a tar archive into the root directory.
 Hm - well, _I_ never do that, and I rather doubt that yum did, either,

 Since you got it from rpmforge, I assume it was an rpm and not a tar file.

 but I suppose that would depend on what's in libdvdcss.  I find it
 hard to believe that it wasn't something else more subtle with k3b,
 but, again, who knows?

 Or, more probably, with the libdvdcss
 snip
 1) I did ask on the rpmforge list.  Waiting to hear back from there, too.

 2) I am just now beginning to really appreciate virtualization.

 A bunch of the gurus on this list use it. If I had a box with more
 RAM, I would try it.

 Still, past experience told me this would not be a problem.  I guess
 that would best be described as naive

 I think since it works OK on your Desktop at home, that's not so
 naive. But, the HW is different and something may be awry on the HW on
 your Workstation at work. Or, there may have been a power glitch,
 while you were installing the SW. Is your Workstation on a UPS? Been
 using K3b for a long time here and never a disaster, like you
 experienced today.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Virtualization is great and all, but not sure that watching a dvd on a
virtual machine would work so well.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Stop the FUD Xen is not deprecated

2008-11-25 Thread Rob Townley

On Tue, Nov 25, 2008 at 2:18 PM, Bo Lynch [EMAIL PROTECTED] wrote:


 On Tue, November 25, 2008 2:55 pm, Rainer Duffner wrote:

 Am 25.11.2008 um 20:32 schrieb Bo Lynch:


 I was thinking about implementing Xen for our school district. Now
 that
 I'm hearing all of this I guess I need to look at something else.
 What does everyone recommend?
 Thanks
 Bo Lynch


 How much money do you have?
 What (how many systems, what do they do?) do you actually want to
 virtualize?
 Are you going to be around your school for the next couple of years?
 ;-)

 On a small scale, running VMware ESX3i or VMware-server is perfectly
 possible.



 Rainer


 Right now we have a about 30 servers. Mixture of CentOS,debian,slack,windows.
 Free is always the best cost and is why we have been moving toward open
 source as much as possible.
 Bo


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Why not give kvm a try?  i am using kvm on Fedora 9 to virtualize
Win2008 at the moment.  Also installed Virtual Machine Manager to set
up.  i am getting a BSOD on shutdown, but so far it is not bothering
anything afaic tell.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype vs. CentOS: no outgoing sound

2008-11-23 Thread Rob Townley

On Sun, Nov 23, 2008 at 4:20 PM, Niki Kovacs [EMAIL PROTECTED] wrote:
 Lanny Marcus a écrit :

 Niki: Welcome to the club! This is something I have tried to get
 working, on my CentOS 5 (32 bit) desktop. William was very kind and he
 volunteered to help, but I have other projects, with higher
 priorities, ahead of this one now. Great to know that one of the
 previous responders has it working AOK. My Sound Card is a Generic,
 which uses the snd-cs46xx driver. It's a Cirrus Logic and Skype works
 perfectly on M$ Windows, which is the main reason why this is still a
 dual boot box. Like yours, my calls to the Skype test robot are all
 one way. I can hear her, but she can't hear me. GL! Lanny

 After a few more hours of googling, I've come to the following conclusion:
 Skype seems to work for some folks, and not for others, regardless of
 competence or used distribution.

 I'd say this is quite annoying.

 Niki
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Don't use skype, but r u sure your firewall is not blocking outgoing sound?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype vs. CentOS: no outgoing sound

2008-11-23 Thread Rob Townley

On Sun, Nov 23, 2008 at 5:02 PM, Niki Kovacs [EMAIL PROTECTED] wrote:
 Rob Townley a écrit :


 Don't use skype, but r u sure your firewall is not blocking outgoing
 sound?

 Funny, I never gave that a thought. Any idea which port I would have to
 open?

 Niki
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Can't tell the port numbers involved.
What about your selinux config - have you tried permissive mode of selinux?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how can I stress a server?

2008-11-21 Thread Rob Townley

Does this system have shared video/system RAM?  If you have video
memory shared with system memory, there is going to be memory that
can't be tested unless you rotate memory chips or put in a vga card.
In memtest+ 2.10 configuration, set for no reserved memory and watch
the memtest corrupt the video output on a shared memory system.

i have some several year old DL360's and ML370's and love em -
especially hw raid, but i my local supplier hasn't had any for several
months.  Uptil a few months ago, password reset info on ebay was sent
in the clear, so i have a very hard time trusting ebay.  It would be
great if something like LinuxBios / OpenBios could stresstest the
machine and then disable any RAM addresses that proved flaky - whether
ECC or not.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Gigabit Lan doesn't work

2008-11-16 Thread Rob Townley

On Sun, Nov 16, 2008 at 8:38 PM, Rilawich Ango [EMAIL PROTECTED] wrote:
 Hi all,

  I have installed Centos completely.  However, the LAN  doesn't work.
  Below is the message after I issue.  How can I make it work?

 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit
 Network Connection

 Thanks!
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos


Were you running a 2.6.27 pre-release kernel?  Everyone should read
this as there about 12 NICs that could be rendered useless especially
in a chipset integrated NIC.

If you have an Intel PCI Express add-on card or integrated NIC, avoid
the Ubuntu 8.10 alphas, OpenSUSE 11.1 beta, SUSE Linux Enterprise 11
beta, Fedora Rawhide or for that matter, any distribution that comes
with a 2.6.27 pre-release kernel.  So says the following arstechnica
article.
   
http://episteme.arstechnica.com/eve/forums/a/tpc/f/96509133/m/638006184931/inc/-1

i am no firmware expert, but i would think if you can find an
identical machine, you should be able to use the following command
from the article to backup good firmware, then use ethtool -E to
restore the good firmware over your bad firmware.
sudo ethtool -e ethX  savemyeep.txt
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Gigabit Lan doesn't work

2008-11-16 Thread Rob Townley

You may want to see if the device driver for your device has been
blacklisted in order to protect it.
Look through the various /etc/modprobe.d/ blacklist files to see if it
is listed.  I am not an expert, there may be another place to
blacklist or whitelist drivers on your config.

On Sun, Nov 16, 2008 at 10:06 PM, Rilawich Ango [EMAIL PROTECTED] wrote:
 Below is the setting.

 [EMAIL PROTECTED] ~]# more /etc/redhat-release
 CentOS release 5.2 (Final)

 [EMAIL PROTECTED] ~]# uname -a
 Linux localhost.localdomain 2.6.18-92.1.18.el5 #1 SMP Wed Nov 12
 09:30:27 EST 2008 i686 i686 i386 GNU/Linux

 [EMAIL PROTECTED] ~]# ethtool eth0
 Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes:   10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes:  10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 32
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbg
Wake-on: d
Current message level: 0x0007 (7)
Link detected: yes
 [EMAIL PROTECTED] ~]# ethtool eth1
 Settings for eth1:
 Cannot get device settings: No such device
 Cannot get wake-on-lan settings: No such device
 Cannot get message level: No such device
 Cannot get link status: No such device
 No data available


 On Mon, Nov 17, 2008 at 11:35 AM, Barry Brimer [EMAIL PROTECTED] wrote:
 Actually, I have 2 LAN cards.  eth0 is working as it is 10/100.  There
 is a build-in gigalan which doesn't work.  I have to remove the 10/100
 and make build-in lan works.

 [EMAIL PROTECTED] ~]# ethtool eth0
 Settings for eth0:
   Supported ports: [ TP MII ]
   Supported link modes:   10baseT/Half 10baseT/Full
   100baseT/Half 100baseT/Full
   Supports auto-negotiation: Yes
   Advertised link modes:  10baseT/Half 10baseT/Full
   100baseT/Half 100baseT/Full
   Advertised auto-negotiation: Yes
   Speed: 100Mb/s
   Duplex: Full
   Port: MII
   PHYAD: 32
   Transceiver: internal
   Auto-negotiation: on
   Supports Wake-on: pumbg
   Wake-on: d
   Current message level: 0x0007 (7)
   Link detected: yes
 [EMAIL PROTECTED] ~]# ethtool eth1
 Settings for eth1:
 Cannot get device settings: No such device
 Cannot get wake-on-lan settings: No such device
 Cannot get message level: No such device
 Cannot get link status: No such device
 No data available


 On Mon, Nov 17, 2008 at 10:54 AM, Barry Brimer [EMAIL PROTECTED] wrote:

  I have installed Centos completely.  However, the LAN  doesn't work.
 Below is the message after I issue.  How can I make it work?

 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit
 Network Connection

 What does ethtool eth0 tell you?

 What does ethtool eth0 tell you when the 10/100 card is not installed?
 What does lsmod look like with the 10/100 card in and out?  What does
 dmesg | grep eth give you with the 10/100 card in and out?

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Picasa vs. native photo management apps

2008-10-31 Thread Rob Townley

On Fri, Sep 19, 2008 at 9:33 AM, Michael Semcheski [EMAIL PROTECTED]wrote:

 On Wed, Sep 17, 2008 at 2:30 AM, Niki Kovacs [EMAIL PROTECTED]
 wrote:
  The GIMP probably is going to require a very *long* learning curve. It
  has the power of
  Adobe Photoshop and may not be something casual users are going to want
  to take the time to learn.
 
  Admittedly. But more in the sense of learning a few very basic steps that
  everybody needs to know:
 
  - photo redimensioning
  - slimming them down (bytewise)
  - turning a color photograph into black and white
  - some basic effects (one-click, included)

 I recommend taking a good look at Digicam.  For the types of tasks
 listed above, its very good and fairly easy.  It also supports bulk
 processing, tagging images, etc.

 Its part image database and part image manipulator.

 Mike
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



don't forget ImageMagick which could be hosted localhost
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba 3.0.28/3.0.32

2008-10-08 Thread Rob Townley

On Wed, Oct 8, 2008 at 6:40 PM, John R Pierce [EMAIL PROTECTED] wrote:

 Spike Turner wrote:

 I've looked at the CentOS docs-list as well as the Wiki as I was
 interested in Samba.

 On one CentOS box I've got 3.0.32 (the latest bug-fixed version from
 Samba.org)
 and on another I've got 3.0.28 (the latest from upstream). The docs look
 almost the same and the docs refer to security = share. However 3.0.32 comes
 with a blank smb.conf making it harder to get a secure server up and
 running.

 Is there a plan for a quick and dirty guide on the Wiki for setting up
 Samba
 with secure settings as well as TDB rather than deprecated settings?



 FWIW (about what you paid), I've often used SWAT to setup my Samba initial
 configuration.

 yum install samba-swat, then edit /etc/xinetd.d/swat and put a #  in front
 of 'disable = yes', save this file, service xinetd reload, and then use a
 browser to connect to http://localhost:901 log on as root, and fill out
 the forms

 (if you want to manage swat from a seperate workstation, # out the
 only_from line too, or add your LAN ip or cidrrange, seperated by a space
 example:
   only_from = 127.0.0.1 192.168.0.0/24
 would allow localhost or anyone on the 192.168.0.0/24 network to access
 swat)

 I know a lot of folks disparage swat, but its a lot easier than remembering
 all the obscure settings in the smb.conf files when you've got better things
 to do.

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



You may want to look at a third party samba packager for better
documentation such as:
http://enterprisesamba.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Thin client

2008-09-11 Thread Rob Townley

On Wed, Sep 10, 2008 at 8:44 AM, Les Mikesell [EMAIL PROTECTED] wrote:

 Kevin Thorpe wrote:

 lingu wrote:

 Dear all,


  I am very much new to Linux Thin Client Concept. But know i am very
 much interested to create Centos 5 based thin client of  512MB on
 flash rom.

  Can any one guide me to how to start and if you provide any suitable
 links that will be very much great full.



 Instead of 'rolling your own' based on a heavy desktop/server distribution
 like Centos, look into
 something like Thinstation. The work has already been done for you. If you
 want to do it as an
 exercise then by all means continue. Look into the thin client options and
 the rescue disk options
 already available.


 You might also look at the k12ltsp distribution which has fedora and Centos
 spins with LTSP and some other extra packages included to network-boot thin
 clients.  Even if you don't network boot, it is handy to have everything
 else set up on the server for remote thin client use.

 http://k12ltsp.org/mediawiki/index.php/Main_Page  The EL5 version would be
 the current Centos based copy.  Some work is in progress to turn this into
 installable packages for the next fedora release, but for now it is hard to
 beat installing this distro for something that works out of the box.

 --
  Les Mikesell
   [EMAIL PROTECTED]


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos




Another option is the xrdp project.  Using rdestkop on your thin client to
connect to a CentOS server with multiple simultaneous XWindows.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

1 2 >

1 - 100 of 130 matches

Mail list logo