Re: [CentOS] Slow login to system without internet connection
On Tue, Nov 20, 2012 at 07:48:40PM +0100, Ljubomir Ljubojevic wrote: But when I tried to login to my server, it was not instantenous, and I think it was 15+, maybe even 30+ seconds (I forgot to time it) from start of ssh command to password prompt. It is in-house connection, so there is nothing to traceroute. DNS. Your host is configured to resolved IP addresses and is not able to because of lack of external DNS, so it's timing out. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to configure sendmail
On Sun, Dec 02, 2012 at 05:54:06PM -0800, John R Pierce wrote: I once knew my way around the 'rules' in the .cf file. thats truly some evil arcane magic in there. My old SA interviews used to include a line of sendmail.cf to see if the applicant recognised it. At the time (SunOS 4, Solaris 5) we didn't have mc files, just the cf :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Building a C5 chroot on a C6 machine
I'm trying to do something slightly silly; rather than having a C5 machine and a C6 machine around for compiling and testing, I want to create a C5 chroot area. Something similar to mock but using lvm snapshots and some local config specific stuff. (Potentially even using Linux Containers to enter the chroot environment). So I thought I'd build out the chroot... % cat /etc/yum.repos.d/c5.repo [c5] name=CentOS-$releasever - Media baseurl=http://repo/CentOS/DVD/CentOS-5-x86_64/ gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 enabled=0 [c5-update] name=CentOS-$releasever - Updates local baseurl=http://repo/CentOS/updates/centos5/x86_64/ gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 enabled=0 Now I can do yum --disablerepo=* --enablerepo=c5* -y --installroot=$ROOT install $rpms (where $rpms is derived from what anaconda left behind on an old install) So far so... ok. Some issues with post-install scripts breaking, but it mostly works. Verifying : 3:traceroute-2.0.1-6.el5.x86_64 235/237 Verifying : setup-2.5.58-9.el5.noarch236/237 Verifying : at-3.1.8-84.el5.x86_64 237/237 Installed: MAKEDEV.x86_64 0:3.23-1.2 SysVinit.x86_64 0:2.86-17.el5 acl.x86_64 0:2.2.39-8.el5 [etc etc] EXCEPT... test2.pts/0% chroot /mnt5 /bin/sh sh-3.2# ls bin dev home lib64 media opt root selinux sys usr boot etc lib lost+found mntproc sbin srv tmp var sh-3.2# rpm -qa rpmdb: /var/lib/rpm/Packages: unsupported hash version: 9 error: cannot open Packages index using db3 - Invalid argument (22) error: cannot open Packages database in /var/lib/rpm The rpm database is in the format of C6, so the C5 programs can't read it! Anyone have any ideas on how I can work around this problem? It's a little annoying! Thanks, -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Building a C5 chroot on a C6 machine
On Fri, Dec 14, 2012 at 12:38:18PM -0600, Les Mikesell wrote: On Fri, Dec 14, 2012 at 12:32 PM, Stephen Harris li...@spuddy.org wrote: I'm trying to do something slightly silly; rather than having a C5 machine and a C6 machine around for compiling and testing, I want to create a C5 chroot area. Something similar to mock but using lvm snapshots and some local config specific stuff. (Potentially even using Linux Containers to enter the chroot environment). Even if it is possible to get everything right that way, is it really worth the trouble compared to a VM? Yes. I have use cases and constraints that aren't relevant to the technical problem but impact the overall problem. Additional VMs are highly non-optimal. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Building a C5 chroot on a C6 machine
On Fri, Dec 14, 2012 at 07:58:17PM +0100, Nicolas Thierry-Mieg wrote: Stephen Harris wrote: The rpm database is in the format of C6, so the C5 programs can't read it! perhaps if you kept the rpms that were installed by yum, you could rpm -i --justdb *.rpm within your chroot. If necessary first remove the rpm database and rpm --initdb or some such. Interesting idea! yum --setopt=keepcache=1 --disablerepo=* --enablerepo=c5* -y --installroot=$ROOT install $rpms # Fix up RPM database rm $ROOT/var/lib/rpm/* chroot $ROOT /bin/rpm --initdb chroot $ROOT /bin/rpm -i --justdb '/var/cache/yum/*/packages/*.rpm' And y'know what? it worked! Very good idea. Thanks! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Filesystem Hierarchy Standard respecting CentOS
On Thu, Dec 27, 2012 at 04:14:18PM -0500, James B. Byrne wrote: However, I have not yet found any application packages for CentOS-6 that actually do this. I find some that go into /usr/package_name, some into /usr/lib/package_name, many that install into /usr/libexec I've seen a few. Not many, but a few. (some IBM products, a couple of other commercial products). and none that install into /usr/local, which I gather is reserved for packaged built on the system rather than installed via rpm. It's reserved for the local admins to use; they _could_ do their own rpms that install into /usr/local, but no third party rpm should touch it. So, what is the actual practice with respect to packaging via rpm? Where do things go? I'd recommend following the FHS standard locations. If you ever decide to support more than just CentOS then all Linux distro's should support that structure, as do other non-Linux based Unix systems. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gdisk dependancy problem
On Wed, Jan 09, 2013 at 03:29:29PM -0500, Meyer, Bruce wrote: I followed the instructions here for enabling EHEL: http://www.thegeekstuff.com/2012/06/enable-epel-repository/ However, you enabled it for the wrong repository... --- Package gdisk.x86_64 0:0.8.4-1.el5 will be installed THis is a RH5 version of gdisk that you're trying to install on 6.2 ... -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] dhclient in 5.9 having trouble with dhcpd in 6.3 ?
I have a KVM setup. Host is 6.3. I have a bridged client running 5.9 Since upgrading to 5.9 I noticed that ntpd is being restarted every 12 hours. Jan 20 08:00:25 mercury ntpd[16103]: ntpd exiting on signal 15 Jan 20 20:00:26 mercury ntpd[27462]: ntpd exiting on signal 15 Jan 21 08:00:27 mercury ntpd[11343]: ntpd exiting on signal 15 Jan 21 20:00:28 mercury ntpd[25148]: ntpd exiting on signal 15 Jan 22 08:00:29 mercury ntpd[6254]: ntpd exiting on signal 15 Jan 22 20:00:30 mercury ntpd[20424]: ntpd exiting on signal 15 Jan 23 08:00:31 mercury ntpd[2101]: ntpd exiting on signal 15 Looking at logs this appears to be corrolated to boot.log entries Jan 22 08:00:29 mercury NET[20506]: /sbin/dhclient-script : updated /etc/resolv.conf Jan 22 20:00:30 mercury NET[2080]: /sbin/dhclient-script : updated /etc/resolv.conf Jan 22 20:00:30 mercury NET[2188]: /sbin/dhclient-script : updated /etc/resolv.conf Jan 23 08:00:31 mercury NET[16383]: /sbin/dhclient-script : updated /etc/resolv.conf Jan 23 08:00:31 mercury NET[16485]: /sbin/dhclient-script : updated /etc/resolv.conf Hmm, looking at messages Jan 23 07:58:26 mercury dhclient: 5 bad udp checksums in 5 packets Jan 23 07:58:38 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x3265b988) Jan 23 07:59:13 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x3265b988) Jan 23 07:59:22 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x3265b988) Jan 23 07:59:22 mercury dhclient: 5 bad udp checksums in 5 packets Jan 23 07:59:30 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x3265b988) Jan 23 08:00:13 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x3265b988) Jan 23 08:00:13 mercury dhclient: 5 bad udp checksums in 5 packets Jan 23 08:00:31 mercury NET[16383]: /sbin/dhclient-script : updated /etc/resolv.conf Jan 23 08:00:31 mercury dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 (xid=0x41b67d6c) Jan 23 08:00:31 mercury dhclient: DHCPOFFER from 10.0.0.134 Jan 23 08:00:31 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x41b67d6c) Jan 23 08:00:31 mercury dhclient: DHCPACK from 10.0.0.134 (xid=0x41b67d6c) Jan 23 08:00:31 mercury NET[16485]: /sbin/dhclient-script : updated /etc/resolv.conf Jan 23 08:00:31 mercury dhclient: bound to 10.0.0.135 -- renewal in 17809 seconds. And the dhcp server (on the host) Jan 23 07:59:39 penfold dhcpd: DHCPACK on 10.0.0.135 to 00:1d:09:1c:c8:7e via br0 Jan 23 07:59:51 penfold dhcpd: DHCPREQUEST for 10.0.0.135 from 00:1d:09:1c:c8:7e via br0 Jan 23 07:59:51 penfold dhcpd: DHCPACK on 10.0.0.135 to 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:04 penfold dhcpd: DHCPREQUEST for 10.0.0.135 from 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:04 penfold dhcpd: DHCPACK on 10.0.0.135 to 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:13 penfold dhcpd: DHCPREQUEST for 10.0.0.135 from 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:13 penfold dhcpd: DHCPACK on 10.0.0.135 to 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:31 penfold dhcpd: DHCPOFFER on 10.0.0.135 to 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:31 penfold dhcpd: DHCPREQUEST for 10.0.0.135 (10.0.0.134) from 00:1d:09:1c:c8:7e via br0 Jan 23 08:00:31 penfold dhcpd: DHCPACK on 10.0.0.135 to 00:1d:09:1c:c8:7e via br0 So it's definitely looking like dhclient doesn't like dhcpd. Server is dhcp-4.1.1-31.0.1.P1.el6.centos.1.x86_64 qemu-kvm-0.12.1.2-2.295.el6_3.10.x86_64 Client is dhclient-3.0.5-31.el5_8.1 Other than being noisy, it doesn't look like things are breaking, but it's definitely wrong :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Performance issue
On Sat, Feb 09, 2013 at 04:24:19PM -0200, Carlos Henrique Reimer wrote: processors. vmstat r column run queue usually indicates values higher than 2 and less than 5 but Load Average values from top, sar -q and other commands show always values less than 1. Should not these values be higher than 16 on a box with 16 processors to confirm a CPU constraint? If you have single-threaded processes then that process could chew up 100% of a single core but not be able to run any faster. The load average would only be 1. Load average is a poor measure; look at %idle on each core. If you see one core with 0% idle then something is maxed out. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] A workaround to dhclient problems
Summary: if you have C5 guests with dhclient bad udp checksum issues then this entry on the host will fix it: iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill Detail: If anyone else is seeing this... Feb 11 19:22:11 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x63be132a) Feb 11 19:22:56 mercury last message repeated 3 times Feb 11 19:23:12 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x63be132a) Feb 11 19:23:12 mercury dhclient: 5 bad udp checksums in 5 packets Feb 11 19:23:20 mercury dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x63be132a) Feb 11 19:23:51 mercury last message repeated 2 times Feb 11 19:24:09 mercury last message repeated 2 times Feb 11 19:24:09 mercury dhclient: 5 bad udp checksums in 5 packets The client eventually expires the lease and goes back to DISCOVER state and then gets an IP address. This only seems to happen with C5 (RH5?) guests on a KVM host. C6 guests don't have the problem. Googling also shows Debian with issues, and the problem may be in the ISC code base. The work-around is to add an iptables entry on the host: iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill With this in place dhclient on C5 guests can happily renew their address Feb 12 00:02:02 mercury dhclient: DHCPREQUEST on eth0 to 10.0.0.134 port 67 (xid=0x63be132a) Feb 12 00:02:02 mercury dhclient: DHCPACK from 10.0.0.134 (xid=0x63be132a) Feb 12 00:02:02 mercury dhclient: bound to 10.0.0.135 -- renewal in 16918 seconds. Feb 12 04:44:00 mercury dhclient: DHCPREQUEST on eth0 to 10.0.0.134 port 67 (xid=0x63be132a) Feb 12 04:44:00 mercury dhclient: DHCPACK from 10.0.0.134 (xid=0x63be132a) Feb 12 04:44:00 mercury dhclient: bound to 10.0.0.135 -- renewal in 18447 seconds. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHSA-2013:0223-1 - moderate kernel update
On Tue, Feb 12, 2013 at 11:02:58AM -0500, m.r...@5-cent.us wrote: CentOS team: has the CentOS kernel update come out yet that addresses what upstream sent out the email this morning RHSA-2013:0223-1, which mentions a bugfix for a deadlock when oom-killer's invoked? You mean http://rhn.redhat.com/errata/RHSA-2013-0223.html from last week? Which mentions kernel-2.6.32-279.22.1.el6 Yeah, that's already been released and I installed it over the weekend % uname -r 2.6.32-279.22.1.el6.x86_64 Or do you mean something else? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: UPS battery vendor, cont'd
On Tue, Feb 12, 2013 at 01:28:32PM -0500, m.r...@5-cent.us wrote: Having checked with my manager, we'll try the open market quotes. I would like a third recommendation, so I can offer purchasing three quotes. Recommendations? Battery Mart? Looks like they're government CCR http://www.batterymart.com/p-eight--12v-5ah-sealed-lead-acid-batteryf2.html Looks like $159 for an 8-pack for RBC-43 http://www.batterymart.com/p-eight--12v-5ah-sealed-lead-acid-batteryf2.html -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A question
On Tue, Feb 12, 2013 at 04:51:54PM -0800, Bassem Sossan wrote: I have found a good resource, it's a book called Beginning Red Hat Linux 9... the centos's version that I've installed centos 6... Is this book may be compatible with Centos 6 ? Define compatible. RH9 is very very *very* old. It's from 2003. It got replace with Fedora. To confuse you, RedHat Enterprise Linux (RHEL) is a not the same as RedHat Linux (RH). CentOS follows RHEL. RHEL 2.1 was approximately RH7. RHEL3 ~= RH9. RHEL6 ~= Fedora 12. So some of the ideas (eg rpm) are the same, but because it's old many of the details will be wrong. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] recover lvm from pv
On Thu, Mar 07, 2013 at 09:54:59PM -0500, Harold Pritchett wrote: What other information do I need which may be available? What does 'vgscan' say? 'vgchange -a y' ? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Question around updates and drpms directory
Looking at the nice new 6.4 tree (thanks!!!) I see there are already a few updates. eg Packages/firefox-17.0.3-1.el6.centos.i686.rpm Packages/firefox-17.0.3-1.el6.centos.x86_64.rpm So far, so normal. These occur because of timing. That's not a problem; it's expected. What confuses me, though, is the drpms directory where there are 33 firefox drpm files compared to the 2 Packages, including firefox-3 versions! The drpms directory is around 3.3G whereas the Packages directory is only 680M. Is the drpms directory carrying legacy files? Or is this to be expected? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum update gone wild? - new base?
On Sun, Mar 10, 2013 at 09:30:40PM -0400, Robert Moskowitz wrote: I don't recall ever seeing the base repo change; it is almost like it is picking up the the 6.4 base repo instead. That's exactly what it's doing. The /6 base and update repository always point to the latest version. 6.4 was released this week so the /6 is now seeing lots of updates as a result. This is not new. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Newer version of ftdi_sio
I have just bought an FTDI USB UART New USB device found, idVendor=0403, idProduct=6015 New USB device strings: Mfr=1, Product=2, SerialNumber=3 Product: FT231X USB UART Manufacturer: FTDI However this appears to be slightly too new for the ftdi_sio driver in C6.4; it's not detected. If I force it modprobe ftdi_sio vendor=0x0403 product=0x6015 then it gets detected as a FT232RL which is _close_... but doesn't seem to quite work. If I use kermit -l /dev/ttyUSB0 -C 'transmit foo,quit' then I get Timeout errors from kermit. If I plug the same adapter into a Ubuntu 12.10 instance it detects as FT-X and the same kermit command works correctly. So I guess I need a newer ftdi_sio driver; has anyone built such, or have instructions? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nscd
On Mon, Mar 25, 2013 at 11:06:31PM +, Gary Greene wrote: NSCD is also necessary if you're running an LDAP or NIS environment, Not necessary in a NIS environment on a LAN 'cos NIS is UDP based and very very fast to respond. LDAP, however, pretty much needs nscd (or sssd) in order to be halfway near performant. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum configuration
On Fri, Mar 29, 2013 at 02:54:58PM +0200, Andreas K. wrote: baseurl=ftp://yum.xx.xx.xx.xx/pub/linux/centos/$releasever/os/$basearch/ Is there a way to force a 6.3 machine to remain at 6.3 until a human being decides that is is time to do so? Change releasever to 6.3 for base and updates and any other repo that might refer to it. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Possibly OT] - General question: state of internet traffic
the last month. Until today, I haven't experienced any. However, getting bank record data from chase.com here in NYC seems impossible. What do you mean by getting bank record data ? Every major US bank is under a constant DoS attack, which sometimes causes the sites to be slow. This is unrelated to the little squabble going on between SpamHaus and CyberBunker, though. (I have a machine in LA while being in NYC; ftp traffic is difficult to establish westbound; no problem eastbound). I'm in NJ and able to contact servers in Fremont, Dallas, NYC and Amsterdam without any issue. I suspect you have local issues. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenVPN routing question
On Sun, Apr 14, 2013 at 09:00:16AM -0400, Boris Epstein wrote: Let's say I have an OpenVPN (v2) server sitting on a Linux machine with the IP address of, say, 192.168.10.1o. We are talking real address, assigned to a NIC on the machine. Now let us say the OpenVPN server hands out IP's in the 192.168.20.0/24range. And let us say that I want the machines able to reach the VPN server to be able to route to the machines available via the VPN. So, for instance, 192.168.10.5 should be able to ping 192.168.20.6 assuming the latter is one of the VPN clients. So here is my question: is there a VPN setting that would facilitate that? In the server config file push route 192.168.10.0 255.255.255.0 That will tell the openvpn client to add a route to 192.168.10.0/24 via the openvpn gateway. Machines on the LAN also need a route to 192.168.20.0/24 via the gateway; this is easy if your OpenVPN server is also your default gateway (eg router); otherwise you may need to add routes per-machine or via DHCP, or potentially just tell the default router about the route and let it send redirects to the LAN machines. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenVPN routing question
On Sun, Apr 14, 2013 at 09:14:20AM -0400, Boris Epstein wrote: It works for every subnet except the one the OpenVPN server sits on ( 192.168.10.0/24 in our example). Yes, the VPN server has to be the default router - or else it just does not seem to work. This additional hop just kills everything, it seems. If you want one OpenVPN client to see another OpenVPN client then client-to-client is the config setting you need. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Having difficulty exporting display
On Thu, Apr 18, 2013 at 04:42:18PM -0400, Yves S. Garret wrote: $ xhost + $ ssh -X someusern...@somehostname.net -p 49283 Remote: $ export DISPLAY=192.168.1.6:0.0 Why are you doing this? If ssh isn't setting the DISPLAY variable to something like localhost:10.0 then sshd isn't configured to tunnel X, you're missing libraries, or something else. The whole point of -X is that it tells ssh to tunnel X traffic back to your machine. So all you should need to do is ssh -X user@host -p 49283 xclock Or ssh -Y user@host -p 49283 xclock -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing printer driver
# ./lexmark-inkjet-08-driver-1.0-1.i386.rpm.sh CPU Arch: x86_64 Warning: No installer for x86_64 found, defaulting to x86... ./startupinstaller.sh: bin/linux/x86/libc.so.6/lzma-decode: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory Your system is pure 64bit; no 32bit routines installed. You're trying to install a 32bit piece of software. You probably need to install glibc.i686 or determine if there's a x86_64 version of the package you're trying to install. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-Fasttrack readme and repo file is missing?
Just an FYI; hopefully someone who knows will be able to fix :-) http://wiki.centos.org/AdditionalResources/Repositories says CentOS-Fasttrack - This repository contains bugfix and enhancement updates, issued from time to time, between update sets that may be rolled into the next update set. See this Readme file for more details. This repository has a config file located here for CentOS-5. CentOS-6 Fasttrack is now available and can be accessed with the repo configuration here. But the Readme file and the two here links to the repo file are broken. I don't know if it's just the location has changed, or if the files are missing :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot get rtorrent to run
On Fri, Jun 21, 2013 at 09:47:22PM -0400, Yves S. Garret wrote: If I'm writing about this in the wrong place, please let me know. However, when I uninstalled rtorrent and then re-installed it, I kept getting this very same error: Where did you get rtorrent from? It's not part of the default CentOS packages. You might want to ask on a list related to where you got the package from. $ rtorrent foobar.torrent rtorrent: symbol lookup error: rtorrent: undefined symbol: _ZN7torrent10ThreadBase8m_globalE You have the wrong version of libraries installed; possibly libcurl. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot get rtorrent to run
On Fri, Jun 21, 2013 at 10:02:47PM -0400, Yves S. Garret wrote: I got it from here: http://pkgs.repoforge.org/rtorrent/ Then you might want to join this list http://lists.repoforge.org/mailman/listinfo/users and ask there. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5.9 and google-authenticator
I'm playing with google-authenticator libpam
https://code.google.com/p/google-authenticator/
It appears to be failing the make test on CentOS 5.9 32bit.
./pam_google_authenticator_unittest
Testing base32 encoding
Testing base32 decoding
Testing HMAC_SHA1
Loading PAM module
Running tests, querying for verification code
Testing failed login attempt
Testing required number of digits
Testing a blank response
Test handling of missing state files
Testing successful login
Testing WINDOW_SIZE option
Testing DISALLOW_REUSE option
Testing RATE_LIMIT option
Testing TIME_SKEW
pam_google_authenticator_unittest: pam_google_authenticator_unittest.c:137:
verify_prompts_shown: Assertion `num_prompts_shown == expected_prompts_shown'
failed.
Invalid verification code
make: *** [test] Error 1
Playing with the code...
// Test TIME_SKEW option
puts(Testing TIME_SKEW);
for (int i = 0; i 4; ++i) {
set_time((12000 + i)*30);
char buf[7];
response = buf;
sprintf(response, %06d,
compute_code(binary_secret, binary_secret_len, 11000 + i));
assert(pam_sm_open_session(NULL, 0, targc, targv) ==
(i = 2 ? PAM_SUCCESS : PAM_SESSION_ERR));
verify_prompts_shown(expected_good_prompts_shown);
}
Up to here works fine...
set_time(12010 * 30);
char buf[7];
response = buf;
sprintf(response, %06d, compute_code(binary_secret,
binary_secret_len, 11010));
assert(pam_sm_open_session(NULL, 0, 1,
(const char *[]){ noskewadj, 0 }) ==
PAM_SESSION_ERR);
verify_prompts_shown(0);
This is where it fails.
The same code works correctly without error on CentOS 6.4 64bit.
Has anyone else managed to pass the tests on 5.9 32bit?
--
rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fstab, unusual behavior of missing UUID
(sorry for out-of-order post; I deleted the OP's before replying) On Sat, 2013-07-06 at 10:40 -0500, Joseph Hesse wrote: I have the following as the last line of my /etc/fstab file on a computer running CentOS6.4.. UUID=3b550884-8d05-41a5-a205-17b6d7269dd1 /mnt ext3 rw,suid,dev,exec,noauto,nouser,async 0 2 This final 2 should be a zero. You've told the system to check the disk at boot time. If the disk doesn't exist then fsck will abort and the machine will drop to single-user mode prompt. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel 3.10 and CentOS 5
I have a Centos 5 machine which I've just compiled the 3.10.4 kernel on (remembering to set CONFIG_SYSFS_DEPRECATED) because I needed new rtlwifi drivers for my rtl8192cu device. So far, so good. It seems to work. Except /proc/bus/usb doesn't exist anymore. USB_DEVICEFS has been removed. An older kernel (3.2.9) says Usbfs entries are files and not character devices; usbfs can't handle Access Control Lists (ACL) which are the default way to grant access to USB devices for untrusted users of a desktop system. The usbfs functionality is replaced by real device-nodes managed by udev. These nodes lived in /dev/bus/usb and are used by libusb. Has anyone got udev on C5 working with this new kernel so my USB devices show? (It's not causing me any real issues, other than lsusb nor working; just curious!) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How does such long term support work?
On Tue, Jul 30, 2013 at 10:42:46AM -0700, John R Pierce wrote: NetBSD), is a UNIX derived system, while Linux was derived from Minix, which was created from scratch as a Unix work-alike. Umm. No; Linux was not derived from Minix. Minix was a micro-kernel message-passing based system developed by Tanenbaum for education purposes (see Operating Systems: Design and Implementation). Linux is a traditional monolithic design with shared data structures. (Yes, early Linux used the Minix filesystem because of the early development environment used... that's the closest they came). There is even a comparison of early Linux (0.01, 0.11 etc) to Minix where there is no similarity in the code base, on Tanenbaum's own site: http://www.cs.vu.nl/~ast/brown/codecomparison/ -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel 3.10 and CentOS 5
On Tue, Jul 30, 2013 at 08:25:43PM +0200, Ljubomir Ljubojevic wrote: HAve you checked ElRepo third-party reposiroty? kmod packaged drivers for stock kernels. Just go to http://elrepo.org/tiki/DeviceIDs and check for vendor:device ID pairing that lspci command will show for your rtl8192cu device. lsusb in my case, but yeah. Interesting. Thanks. The driver there ( kmod-r8192cu-3.4.4_4749-1.el5.elrepo ) appears to detect the device and join the network. We'll have to see how stable it is :-) Thanks! Btw, RHEL/CentOS kernel is much more advanced then vanilla kernel of the same numbering because Red Hat backports latest drivers to their kernel. USB wifi drivers tend to lag in the RH kernel. The first thing I do is see if there's a driver of the right name before hunting elsewhere :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] run script on cron job only run on first Saturdat every month???
On Wed, Jul 31, 2013 at 08:52:02AM -0700, Bart Schaefer wrote: As Keith said, it's because the conditions are OR'd. A careful reading of crontab(5) shows that the algorithm is [minute AND hour AND (restricted day of week OR restricted day of month) AND month]. Day of week and day of month only restrict independently when one or both is *. The manpage explicitly says Note: The day of a command's execution can be specified by two fields -- day of month, and day of week. If both fields are restricted (ie, aren't *), the command will be run when either field matches the cur- rent time. For example, 30 4 1,15 * 5 would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes
On Tue, Aug 06, 2013 at 04:01:12PM +0530, Anumeha Prasad wrote: Hi, I'm currently at CentOS 5.8. I'm using openssl version openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus security scan: Don't trust Nessus scans As per following link, Redhat has introduced openssl-0.9.8m which fixes this specific issue: https://access.redhat.com/site/articles/20490#Updates_adding_RFC_5746_support If you follow that link it points to https://rhn.redhat.com/errata/RHSA-2010-0162.html (openssl-0.9.8e-12.el5_4.6) as having the fix. Which is superceded by https://rhn.redhat.com/errata/RHSA-2013-0587.html (openssl-0.9.8e-26.el5_9.1) The version numbers reported by RedHat do not always match the version numbers reported by upstream because RedHat backports fixes into older versions. According to the very pages you linked to, the flaw has been addressed by RedHat in the 0.9.8e-12 and newer packages. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3TB External USB Drive isn't recognized
On Mon, Aug 12, 2013 at 02:56:59PM -0400, m.r...@5-cent.us wrote: I'll note right back at'cha that all of the 3TB drives we have appear to have firmware in them that will present the blocks as 512b. Many/most advanced format do 512e but not all do. The newer 1Tb disks I have do, as smartctl -a tells me: User Capacity:1,000,204,886,016 bytes [1.00 TB] Sector Sizes: 512 bytes logical, 4096 bytes physical -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba: check password with AD without joining domain?
On Thu, Aug 15, 2013 at 06:40:54PM -0700, Devin Reade wrote: Last time I checked a few years ago I don't think AD supported an LDAP anonymous bind, so you may need to bind as that user in order to validate the creds. AD is kerberos for authentication. If you just want to authenticate user xyzzy to AD with password (as opposed to krb keys) then just configure /etc/krb5.conf to point to an AD domain controller. Don't need LDAP at all. Everything else (samba, ldap, etc) gives closer integration, but isn't essential for pure 'AD password' authentication. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Really Weird Question.....
On Mon, Aug 19, 2013 at 08:20:28PM -0400, Eddie G. O'Connor Jr. wrote: So I just got ahold of an old e-Machine (Model EL1600) with 1GB of Umm, this machine? http://www.newegg.com/Product/Product.aspx?Item=N82E16883114074 memory. I was going to install CEntOS on it and try to run VirtualBox This is an Atom 230 based machine http://ark.intel.com/products/35635/Intel-Atom-Processor-230-512K-Cache-1_60-GHz-533-MHz-FSB It doesn't do VT; I'm not sure it's a good base for VirtualBox... it's probably gonna be very slow. for other OS'es. I am curious to know if I have to stick with the 2GB max the specs say the machine can take or if its possible to install a Crucial don't believe it can handle anything except 2GB http://www.crucial.com/upgrade/eMachines-memory/E-Series/EL1600-01-upgrades.html -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fastest way of removing very large number of files?
On Fri, Aug 23, 2013 at 12:40:51PM +0200, Dennis Jacobfeuerborn wrote: I doubt saving functions calls is going to gain you anything in this case as 99.9% of the time the rm takes is on disk I/O. If you want to reduce the rm time you have to find a way to reduce the disk I/O it requires. Correct. If it's a whole directory (tree) that needs removing then I find mv dir dir.o ; mkdir dir ; chown ##:## dir; chmod ### dir ; rm -r dir.o type stuff works just fine; the rm can chunk along in the background while there's now a nice clean empty directory for the application. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Adding new root suffix to 389 server
My apologies if this is off-topic...
On a centos6.4 system I installed 389 server from EPEL. It seems to
work well enough. However I'm trying to script things, rather than
do it via the GUI. So, for example, I want to add a new suffix:
#!/bin/ksh -p
pswd=$(cat ~/passwd)
add()
{
echo dn: cn=example,cn=ldbm database,cn=plugins,cn=config
changetype: add
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: dc=example,dc=com
dn: cn=dc=example\,dc=com,cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: example
cn: dc=example,dc=com
| ldapmodify -a -D cn=directory manager -w $pswd -h $1
}
add my_server
This appears to work.
adding new entry cn=example,cn=ldbm database,cn=plugins,cn=config
adding new entry cn=dc=example\,dc=com,cn=mapping tree,cn=config
However I then try and use this new root suffix:
#!/bin/ksh -p
pswd=$(cat ~/passwd)
add()
{
echo dn: dc=stephen_test,dc=example,dc=com
objectClass: top
objectClass: domain
dc: stephen_test
| ldapmodify -a -D cn=directory manager -w $pswd -h $1
}
add my_server
And this fails
adding new entry dc=stephen_test,dc=example,dc=com
ldap_add: No such object (32)
Similarly:
% ldapsearch -x -b 'dc=example,dc=com'
# extended LDIF
#
# LDAPv3
# base dc=example,dc=com with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
Clearly I'm missing something obvious... but I can't see what!
--
rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Shell Script Help
On Thu, Sep 05, 2013 at 10:24:55AM -0500, Matt wrote: I have a script file in my cron.hourly that contains a good number of scripts I must call. #!/bin/sh sleep 15 perl /scripts/create_graph.pl sleep 15 perl /scripts/create_graph_out.pl many more lines. etc. Don't background them individually; background the whole lot #!/bin/sh ( perl /scripts/create_graph.pl perl /scripts/create_graph_out.pl etc ) Now they will run one after another and you don't need to sleep between them. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Enterprise Class Hard Drive - Scam Warning
On Wed, Oct 02, 2013 at 05:24:54PM +0100, Steve Brooks wrote: 9 Power_On_Hours 0x0032 098 097 000Old_age - 2106 12 Power_Cycle_Count 0x0032 100 100 000Old_age - 80 replaced with new drives. Wow... I was also told by the online retailer this is known as a grey import and is not that uncommon.. Grey imports would not have been running for 87 days and power cycled 80 times in that period. If the retailer doesn't refund your money then you need to escalate. And name the retailer... -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog not loading relp
On Thu, Oct 31, 2013 at 05:25:50PM -0400, Mauricio Tavares wrote: Oct 31 17:23:43 scan rsyslogd: the last error occured in /etc/rsyslog.conf, line 24:module(load=imrelp) # needs to be done just once Do 'rsyslogd -n -N1 -d' and you might get a better diagnostic (eg missing libraries or incompatible libraries) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog not loading relp
On Thu, Oct 31, 2013 at 05:43:28PM -0400, m.r...@5-cent.us wrote: Stephen Harris wrote: Do 'rsyslogd -n -N1 -d' and you might get a better diagnostic (eg missing libraries or incompatible libraries) Or ldd /sbin/rsyslogd. No, that's not good enough. rsyslogd loads modules dynamically and they don't show in the ldd output. Further, if the dependent module is the wrong version then the code might abort with missing function linkages. You can only see this by actually running the programming. The options I provided basically tells rsyslogd to do a config check with debug mode turned on. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog not loading relp
On Fri, Nov 01, 2013 at 05:32:53PM -0400, Mauricio Tavares wrote: 1968.101297470:7f2b4eda1700: Requested to load module 'imuxsock' 1968.101300039:7f2b4eda1700: Module 'imuxsock' already loaded Well the good news is that the libraries are all good. There's no failure there. I think it's a compatibility issue causing a module to be loaded twice. Try running rsyslogd -n -N1 (without the -d). That might give you some more readable format data Hmm, do you have $ActionFileDefaultTemplate in your config twice? Check also the /etc/rsyslogd.d/*.conf files (possibly /etc/rsyslog.d/remote-hosts.conf ) for issues. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix vs Sendmail
On Sat, Nov 02, 2013 at 01:58:33PM -0400, Fred Smith wrote: I've accumulated a set of rules for the sendmail.mc file that do what sendmail.mc ? Back in the day all we had (SunOS 4) was the cf files that we had to mangle by hand :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog not loading relp
On Mon, Nov 04, 2013 at 09:49:37AM -0500, Mauricio Tavares wrote: I really have nobody else but rsyslog.conf here: [root@scan log]# ls -ld /etc/rsyslog.* Don't use the d flag to ls; that'll stop it looking inside directories. The debug output showed it reading a file from /etc/rsyslog.d/remote-hosts.conf 1968.099981778:7f2b4eda1700: cfline: '$IncludeConfig /etc/rsyslog.d/*.conf' 1968.100012146:7f2b4eda1700: requested to include config file '/etc/rsyslog.d/remote-hosts.conf' -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
On Tue, Nov 26, 2013 at 09:25:55AM -0300, Glenn Eychaner wrote: Further investigation seems to indicate that these events should be handled by mcelog or mced. However, there is no /var/log/mcelog, nor do I have a mcelog or mced binary, nor does yum seem to contain anything related (based on yum whatprovides '*/mcelog' and similar queries). Thus, I still don't know what to do with these errors. Ignore them? I am running 32-bit CentOS 6.4 (legacy software reasons). You should have this package available: % rpm -qi mcelog Name: mcelog Relocations: (not relocatable) Version : 1.0pre3_20120814_2Vendor: CentOS Release : 0.6.el6 Build Date: Thu Feb 21 20:52:19 2013 Install Date: Sat Mar 9 06:48:53 2013 Build Host: c6b8.bsys.dev.centos.org Group : System Environment/Base Source RPM: mcelog-1.0pre3_20120814_2-0.6.el6.src.rpm Size: 116942 License: GPLv2 Signature : RSA/SHA1, Sat Feb 23 12:38:34 2013, Key ID 0946fca2c105b9de Packager: CentOS BuildSystem http://bugs.centos.org URL : http://git.kernel.org/?p=utils/cpu/mce/mcelog.git Summary : Tool to translate x86-64 CPU Machine Check Exception data. Description : mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. % rpm -ql mcelog /etc/cron.hourly/mcelog.cron /etc/mcelog/mcelog.conf /etc/rc.d/init.d/mcelogd /etc/sysconfig/mcelogd /usr/sbin/mcelog /usr/share/doc/mcelog-1.0pre3_20120814_2 /usr/share/doc/mcelog-1.0pre3_20120814_2/CHANGES /usr/share/doc/mcelog-1.0pre3_20120814_2/README /usr/share/man/man8/mcelog.8.gz -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Story of an email
On Sat, Nov 30, 2013 at 07:43:36AM -0500, Scott Robbins wrote: Fetchmail (and getmail) don't make use of smtp. As their name suggests, Yes it does. From man fetchmail As each message is retrieved, fetchmail normally delivers it via SMTP to port 25 on the machine it is running on (localhost), just as though it were being passed in over a normal TCP/IP link. fetchmail provides the SMTP server with an envelope recipient derived in the manner So, for example, in my fetchmailrc file: poll verizon via pop.verizon.net port 995 user verizonusername is foo here If I look at the headers of a message: Received: from pop.verizon.net (localhost [127.0.0.1]) by spuddy.org (8.13.8/8.13.8) with ESMTP id p6LKB3b6010977 for foo@localhost; Fri, 29 Nov 2013 16:11:03 -0400 It's clear this was passed from fetchmail to the local SMTP server. Of course you _can_ configure fetchmail to operate differently, but this is its default behaviour. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Error in 6.5 release notes?
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.5 Here it says In addition to the samba4 RPM mentioned above but, except for that line, samba isn't mentioned at all. Is this a legacy comment, or is information missing? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What is eating up Swap
# free -m total used free sharedbuffers cached Mem: 32081 31784296 0206 2635 -/+ buffers/cache: 28943 3137 Swap:16111 3220 12891 free memory without need of swapping? Not really. The values at the time of that snapshot show that you've just exceeded memory (swap used (3220) free (3137)). However what you can't see, from this, is other periods of peak load. Maybe you have overnight processing going on that causes extra memory requirements at that time? You might be able to tell, from sar output or similar. Maybe you had an extra VM running temporarily that has since been shut down? There could be many reasons for a temporary increase in memory usage. Once a page has been swapped out then the kernel won't normally swap it back in unless it's needed again. Efficiency; non-requested pages can happily stay on swap and leave RAM free for real activity :-) Having pages in swap is not indicative of a problem; what's more important is the level of swap _activity_. See vmstat output, for example, to determine how much swap activity is occuring. If that's zero then you're not throwing new pages out to swap. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] New company name
On Sat, Jan 04, 2014 at 06:36:34AM -0600, John R. Dennison wrote: How can this even be remotely construed to be on-topic for this list? It's not; it's spam. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I want to ask about some Kernel level operations.
On Sun, Jan 05, 2014 at 11:54:12PM +0200, Eliezer Croitoru wrote: Well I am building as root when I understand it is safe to do so. This is the point; unless you wrote every line of code then you _don't_ know it's safe. If I sent you a random script, would you run it as root without checking every line of code first? I'd hope not. Have you checked all 10,000+ lines of code in all the configure scripts and Makefiles ? If (and only if) you've written every single line of code then... Ok, do it as root. But if you've done that then you might as well write the build process so you _don't_ need root. Best practices says root should be an exception rather than the norm. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat
On Wed, Jan 08, 2014 at 01:04:29AM +, Always Learning wrote: The compulsory imposition of USA law on all Centos downloaders creates the possibility of being arrested in one's home country and sent to the [...] Can anyone remember seeing this on the old Centos ? By downloading CentOS software, you acknowledge that you understand all of the following: CentOS software and technical information may be subject to the U.S. Export Administration Regulations (the ???EAR???) and Whether this was there, before, is irrelevant. If the software was subject to EAR then it was subject to it regardless of a web page stating it. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat
On Wed, Jan 08, 2014 at 01:27:49AM +, Always Learning wrote: On Tue, 2014-01-07 at 20:14 -0500, Stephen Harris wrote: If the software was subject to EAR then it was subject to it regardless of a web page stating it. [EAR = USA's Export Administration Regulations] How would a mere downloader from a mirror, or a purchaser of a Centos disk or even a beneficiary of a free Centos disk at a Centos event beware of USA law restrictions and understand the full legal implications of USA law ? You're missing the point. This is not RedHat causing [t]he compulsory imposition of USA law on all Centos downloaders (your words); that imposition _already existed_ regardless of a web page telling you. The difference, now is that you're told about it (presumably standard RedHat legal boiler template 'cos RH lawyers believe it adds some protection to _them_ - and thus the CentOS board - by having it there). The legal situation for downloaders _has not changed_ by the presence of that section on the web site (and the page has even less importance considering you can download the DVDs without even having to see that page; it's not an agreement you sign or click through). Its reminiscent of the PGP farce from nearly 20? years ago. It's the same farce. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Project joins forces with Red Hat
On Thu, Jan 09, 2014 at 03:18:10PM -0500, m.r...@5-cent.us wrote: Tell them you can try it out, and if they like the results, they can pay for a license and support for RHEL, the real thing, and that's a *lot* easier sell. Especially if there's a migration script to convert existing CentOS images to point to RHEL repos and refresh packages :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A question about 7
On Tue, Jan 14, 2014 at 08:35:06PM -0600, Les Mikesell wrote: Let anaconda figure it out. I don't care what it is, just that it is repeatable. Awooga! Awoooga! Awooga! Here's the fun part; devices discovered by Anaconda may not match the devices disovered during the production boot. Device driver order and bus discovery order wasn't necessarily consistent with the production kernel. This is why the HWADDR stuff was added; to work around (poorly) this issue. I say poorly becuase I've seen many cases of _net# devices where the ifcfg files conflict in same way with the actual device. Ultimately what we have is a situation similar to hard disks. We've got used to sd devices changing depending on the order disks are discovered in, which is why we use LABEL or UUID. HWADDR doesn't work consistently. The existing process is demonstrably broken. The new process is new and therefor bad, wrong, disgusting, an abomination. But maybe... just maybe... it'll work. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A question about 7
On Tue, Jan 14, 2014 at 08:54:33PM -0600, Les Mikesell wrote: On Tue, Jan 14, 2014 at 8:43 PM, Stephen Harris li...@spuddy.org wrote: Ultimately what we have is a situation similar to hard disks. We've got used to sd devices changing depending on the order disks are discovered in, which is why we use LABEL or UUID. But those don't work until something has already identified the device. If you are old enough, you might remember unix versions that At install time we have a disk; we designate it 'datadisk' we give it label DATA. That's what Anaconda does. The production kernel might find it as another disk, but because it has the label then all works. There's still a boot dependency, but there's not a lot we can do to work around the BIOS. named disks by controller, bus, target numbers. Which worked, but wasn't very human-friendly either. You mean the modern c0t0d0s0 type structures (eg Solaris SPARC) and similar (truncated) SVR4 Intel paths? Heh, I'm much older than that. That was actually not a bad scheme... but it required the bus to be detected in a consistent format. The problem with the Intel architecture is that this detection is _not_ consistent. It depends on module loading order, hotplug device issues etc etc. c0 isn't necessarily c0 on an Intel platform. That's where it all fell down. Back in the day (if you can remember back that far), Dell servers were a fun issue with RedHat; the install kernel would detect devices on the PCI bus in one order but the production install kernel would detect them in the _reverse_ order. So if you had two ethernet cards eth0 and eth1 would be reversed between install and boot kernels. Some HP servers also did this. Fun times! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat
On Thu, Jan 16, 2014 at 10:00:39PM -0500, Joseph Godino wrote: If I recall this was about a CentOS mirror in Iran and the new export restrictions prohibit that. There are no *new* export restrictions. You're just now aware of them. It's the US gubmint that puts those restrictions, not RedHat, and they've always applied to CentOS. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat
On Thu, Jan 16, 2014 at 10:29:09PM -0500, Joseph Godino wrote: stating and what it was referring to. Please retract the word new. That's the point though. If you (for generic values of you) export code under US legal restriction from the US then you're in breach of US regulations. Whether you know about it or not. Fun, huh? If you run a mirror then you get to determine your legal risk and whether you should keep the mirror. The CentOS team are not lawyers; they can't tell you. It's a fun legal question as to who does the export; the person making available for export on a web site or the person downloading from that website. As far as I know it's not really settled. In my opinion the RedHat wording is a prayer hoping that'll cover them :-) But I'm not a lawyer, either! If you're really concerned then consult a lawyer. (This actually applies to _any_ downloader, not just people who mirror). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with cron
On Sun, Feb 23, 2014 at 08:20:06AM -0600, Joseph Hesse wrote: I have a root cron job that powers down my server every day at 1am and 6pm. The output of '# crontab -l' is shown below. * 1,18 * * * poweroff Nope. That says every minute of hours 1 and 18. So 0100, 0101, 0102, 0103 etc etc You want it to read 0 1,18 * * * poweroff Apparently a cron job that executed correctly at 6pm was executing minutes past 6pm when the server was restarted. This is totally unexpected behavior. Totally expected. Is there a fix for this behavior? Yes, user error; fix the cron job. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnutls bug
On Wed, Mar 05, 2014 at 06:12:49PM -0600, Les Mikesell wrote: On Wed, Mar 5, 2014 at 6:00 PM, Michael Coffman updated. I did not realize that once the OS was vaulted, there were no more updates. Now I know so thanks... No, what everyone has said is that there _are_ updates, and yum knows how to get them, even selectively. More to the point, 6.4 and 6.5 are just markers in the sand for CentOS 6. 6.5 is basically just a rebasing of the packages to make it easier to install; it's an accumulation of updates for 6.4 in an easy to digest form. If you stop thinking of 6.4 and 6.5 as different OS's but as the same OS but at different parts of their patch lifecycle then it becomes a lot simpler. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Removing a file that starts with dashes
On Wed, Apr 02, 2014 at 09:51:41AM -0500, Frank M. Ramaekers wrote: rm: unrecognized option `--backup=numbered' Try `rm ./'--backup=numbered'' to remove the file `--backup=numbered'. Try `rm --help' for more information. This is one of the oldest of oldest of Unix FAQs eg http://fisica.ehu.es/ref/unixfaq.html#2.1 -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
On Wed, Apr 09, 2014 at 09:36:25AM -0400, James B. Byrne wrote: However, if one was running an affected service, say httpd/ mod_ssl, on a host that had sftp sessions connected to it then would not the ssh private keys of the host and local users be in memory and therefore readable by the exploit? [...] state. As I understand the exploit it allows systematic transfer of every byte in memory which would include the unprotected keys would it not? I'm pretty sure the exploit can only read the memory of the process and not of the kernel; apache shouldn't be able to read the memory space of a root process. If it could then we'd have no key security at all, anyway! This isn't a privilege escalation attack... -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
On Thu, Apr 10, 2014 at 03:10:31PM +0200, David Hrbá?? wrote: are going to regenerate the user passwords and ssh keys. What more we SSH keys were not compromised by heartbleed (unless you had a management tool that was vulnerable or an alternative ssh daemon that used libssl). Nothing in the standard SSH was vulnerable so if your only encrypted traffic was via OpenSSH then you have no problems. Web servers, POP3, IMAP etc that were vulnerable may have potentially leaked user passwords, but they can't leak SSH keys. are also going to regenerate server ssh keys, they could be compromised because of GSISSHD. If the GSI patches used libssl then you might be vulnerable, but if they only used libcrypt then you weren't exposed. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Death of dyndns
On Sun, Apr 13, 2014 at 02:06:42PM +, David G. Miller wrote: Be aware that the actual owner of the dynamic IP address is still authoritative for reverse look ups. This means that some uses of a system with a dynamic IP address are problematic (e.g., mail server) since the reverse look up fails. Other uses (sshd) in theory work but folks have to Not necessarily fail. eg I do my own dynamic DNS so that xxx.my.domain has an A record to my home. But if I do an rDNS for that IP then it returns a verizon.net record. However this is not a problem as long as a forward lookup for that name returns an A record which matches. Anyone who does xxx.my.domain - A - IP - rDNS - verizon and thinks that is broken is doing DNS wrong wrong wrong. You either do xxx.my.domain - A - IP OR IP - rDNS - verizon - A - IP (note: dynamic DNS doesn't even show up here). You never do xxx.my.domain - A - IP - rDNS - verizon. because that's a misunderstanding of how DNS works and what the rDNS lookup is meant to validate. Where it can fail is if the owner of the IP doesn't have rDNS or the rDNS doesn't match a further A lookup. That's irrelevant to the dynamic DNS record, though. What does confuse some people is a second misunderstanding of DNS; eg I have xxx.my.domain but mail is being rejected from it. That's, again, because the dynamic DNS isn't in the question; it's a pure IP-rDNS-A-IP check and you don't own the IP. continually update their ssh saved keys for that system whenever the IP address changes. ssh client should manage that for you automatically. It'll know you're connecting to xxx.my.domain and the host key will match and it should automatically add a new record to known_hosts for the IP address. (Or you can configure ssh_config to not care). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Death of dyndns
On Mon, Apr 14, 2014 at 01:42:07PM +, David G. Miller wrote: Interesting. I had to have my ISP add a C record to their DNS for my fixed IP address before most of my e-mails were accepted. I recently also had to add an SPF (sender policy framework) record on my DNS to get my e-mails accepted bu gmail. You could try to manage the SPF record the same way you do other dynamic IP address records but there was a couple of day lag before gmail accepted it when I put it in place. Right. Here you're not running into a dynamic DNS issue (xxx.my.domain isn't involved) but into other policy questions (eg RBLs that block dynamic IPs; SPF policies). Pretty much sending email from a dynamic IP is going to be problematic at best. (Even worse when ISPs like Verizon and Comcast block outgoing port 25). For outgoing email you either have to go through your ISP's relay or run your own relay (I have a linode for this, and have my home machines send via my linode, to take dynamic IPs out of the equation). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Some basic SELinux questions
At my place we don't use SELinux because we have a gazillion tonnes of legacy software that just are not compatible with the default policies. No one wants to go to the effort of working out everything that needs changing. We also use cfengine for central management. Which somestimes causes a problem when CFe modifies a file that I don't want modified on my machine. So I want to be able to track when specific files were changed. My obvious thought was create an SELinux audit policy that can track file changes, raise a log message, and we can monitor the logs. At this point I'm at a loss. Let's say I want to know when /local/app/my_app/etc/myfile.conf has been modified; how would I do this? Any ideas? Failing that I guess I could use inotify, but I don't know how well this would scale to 100s of files. Thanks! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
On Fri, Apr 25, 2014 at 02:51:40PM -0400, m.r...@5-cent.us wrote: Stephen Harris wrote: a problem when CFe modifies a file that I don't want modified on my machine. Doesn't cfengine allow for logging changes on a per-system basis? I don't control the cfengine configuration, so I don't get to determine the logs, which is why I want to be alerted if it changes one of my files :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Some basic SELinux questions
Sorry, I got trigger happy with the delete key... so this message is a little out of order... Eero Volotinen wrote: how about using auditd or ossec ? And it looks like auditd may be exactly what I need. Thanks! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ulimit problem - CentOS 5.10
On Mon, Apr 28, 2014 at 04:20:25PM -0600, Nathan Duehr wrote: Seems like the brokenness is the behavior of init ignoring /etc/security/limits.conf, to my way of thinking anyway. Umm, no. That's you not understanding what limits.conf is. Limits are hard to grok. I had to write a massive document at work explaining it. And people still don't get it. Basically: init scripts inherit from init (pid 1), which gets defaults from the kernel Processes initiated by a user will inherit limits from the the user's environment. For most users that will have involved a PAM session, and most PAM configs call pam_limits and _that_ reads limits.conf. Doing a 'su' will involve PAM and that may cause pam_limits (and thus limits.conf) to be read. Remember that init processes started at boot time will run as root and so can increase limits. You need to increase hard limits before you increase soft limits. Processes started as a user can _not_ increase hard limits. You need to su to root, or su to a user defined in limits.conf to change those values. Bottom line: limits.conf is a PAM config setting for pam_limits. It's not in the general path. Other process _may_ use the file but they need to have root level privs to obey it properly. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disappearing Network Manager config scripts
On Thu, May 01, 2014 at 08:59:54AM -0400, James B. Byrne wrote: On Wed, April 30, 2014 14:11, Les Mikesell wrote: Makes me wonder why we have cars that are all approximately the correct widths to fit on a road and brake and accelerator pedals in the same relative positions. Graveyards. https://www.youtube.com/watch?v=_amZsf8A1Lo Go to 7:27 for the answer. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ulimit problem - CentOS 5.10
On Mon, May 05, 2014 at 12:44:01PM -0600, Nathan Duehr wrote: Not processes started that change to a non-root user from a root/init/rc script. No session. At least not from what I was seeing in 5.10. Intended or not, it wasn't behaving like PAM was ever involved. :-) If you're doing it as su user then pam.d/su is called which calls system-auth which calls pam_limits. If you're doing it as runuser then pam.d/runuser is called which directly calls pam_limits If your program just does setreuid() calls (which it can do if started as root, or is setuid) then it's not going near PAM and so will inherit the kernel defaults (if started by init) or the user current values (if started by a user). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Processes launched from rc*.d and ulimit -n
On Fri, May 09, 2014 at 12:06:15AM +, Mitch Patenaude wrote: I figured out part of this: limits.conf is read by pam_limits.so, so until you log in, it isn't effective. I don't have an elegant solution, but my hackish solution so far is just to put a ulimit -n 65536 into the init script. Does anybody have a better (more elegant) solution? You can either do that or, maybe, use su or runuser to cause PAM to be called. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.5 fresh install, public ssh keys cannot authenticate
On Fri, May 09, 2014 at 03:42:52PM -0700, Greg Bailey wrote: I think you're missing: chmod 600 ~dan/.ssh/authorized_keys Without it, sshd won't use the authorized_keys file if it's readable by other users. (I think that's related to StrictMode; consult sshd man page) No. Public keys are public and are happy to be readable. What can _not_ be allowed is group/world writeable... ANYWHERE in the path. eg if ~dan is /home then / must be owned by root and permission 755 /home must be owned by root and permission 755 /home/dan must be owned by dan and not be group/world writeable /home/dan/.ssh must be owned by dan and not be group/world writeable /home/dan/.ssh/authorized_keys must be owned by dan and not be group/world writeable Also permissions of /etc /etc/ssh /etc/ssh/sshd_config and so on. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find with exclude directory
On Sun, May 11, 2014 at 12:33:47PM -0400, Tim Dunphy wrote: find / -path '/usr/local/digitalplatform/*' -prune -o -name *varnish* Try find / -path /usr/local/digitalplatform -prune -o name '*varnish*' -print Without the explicit -print, find will implicitly add one e.g find / \( -path -o -name ... \) -print -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sorry
On Sat, May 17, 2014 at 03:36:16PM -0700, Russell Miller wrote: One of the adages that drove the creation of the Internet is thus: Be conservative in what you send, and liberal in what you accept. ... says the person sending 100 character width emails :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is it legal ?
On Sun, May 18, 2014 at 02:00:32PM -0700, ngeorgop wrote: Please tell me your opinion. How legal is to use, redistribute, include in installation cds, repos etc, This is not a legal mailing list. Any opinion represented is not worth the electrons used to transmit it. If you are concerned about licencing and compliance then consult a lawyer. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] parsing out adjacent text
On Tue, Jun 03, 2014 at 11:55:55AM -0400, Tim Dunphy wrote:
while true
do
echo Time and date: $(/bin/date +%D %H:%M:%S)
/tmp/apache_request_log /tmp/apache_request_log
echo ???hostname: $(/bin/hostname -f)\n???/tmp/apache_request_log
echo ???host ip: $(/bin/hostname -i)???/tmp/apache_request_log
echo Server Stats: $(/usr/bin/GET `hostname -f`/server-status/?auto |
/bin/egrep -i 'kbytes') /tmp/apache_request_log
echo Server Stats: $(/usr/bin/GET `hostname -f`/server-status/?auto |
/bin/egrep -i 'ReqPerSec') /tmp/apache_request_log
echo -e \n
sleep 60
done
Look at this code structure:
while true
do
{
echo Time and date: $(date +%D %H:%M:%S)
echo Hostname: $(hostname -f)
echo Hostname IP: $(hostname -i)
...
...
# Leave two blank lines
echo
echo
} /tmp/apache_request_log
sleep 60
done
Note how we're only doing one redirect; this makes the code easier
to read and less likely to make a mistake (and more efficient).
Still can't get the echo -e \n statement to print a new line for some
reason. Other than that I'm good. And thanks for everyone's help!
That's one of the mistakes; you forgot the /tmp/apache_request_log
on the echo line. But echo on its own without anything else leaves
a blank line.
The next clever bit is to not call GET twice; why make apache do
twice the work? Call it once and store the results in a variable
stat=$(GET $(hostname -f)/server-status/?auto)
echo Server Stats: $(echo $stat | grep -i kbytes)
echo Server Stats: $(echo $stat | grep -i ReqPerSec)
(You can get even more clever, but that's a little more involved; we'll
start with some basics :-))
So we end up with something like:
#!/bin/bash
# These never change...
name=$(hostname -f)
ip=$(hostname -i)
# Once a minute, record some stats
while true
do
{
echo Time and date: $(date +%D %H:%M:%S)
echo Hostname: $name
echo Hostname IP: $ip
stat=$(GET $name/server-status/?auto)
echo Server Stats: $(echo $stat | grep -i kbytes)
echo Server Stats: $(echo $stat | grep -i ReqPerSec)
echo
echo
} /tmp/apache_request_log
sleep 60
done
--
rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] OSX-10.9.3 cd ~'/ problem with spaces'
On Tue, Jun 03, 2014 at 09:34:29AM -0700, Bill Campbell wrote: On Tue, Jun 03, 2014, James B. Byrne wrote: Apologies for this OT post. I need some help debugging a bash script. It just happens to be provided by Apple Inc. In a terminal session under OSX-10.9.3 I want do do this: cd ~/'Library/Application Support' Works for me on my OS X 10.8.5 Macbook Pro, xterm under xQuartz and under the Terminal.app. The OP likely has a function called cd which does other stuff (sets the prompt?) and then calls the builtin cd, but its not quoting the variables properly and so breaking. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] OSX-10.9.3 cd ~'/ problem with spaces'
On Wed, Jun 04, 2014 at 02:42:23PM -0400, James B. Byrne wrote: On Tue, June 3, 2014 12:37, Stephen Harris wrote: The OP likely has a function called cd which does other stuff (sets hll-m22:~ byrnejb$ alias A function is not an alias. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dumb developer explodes yum
On Sat, Jun 14, 2014 at 08:14:43PM -0400, Tim Dunphy wrote: rpm-libs-4.4.2-37.el5.i386.rpm Asks for a bunch of libraries. This is what I see when I try: [root@uszmpaplp005lc i386]# rpm -Uvh rpm-libs-4.4.2-37.el5.i386.rpm warning: rpm-libs-4.4.2-37.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897 error: Failed dependencies: libelf.so.1 is needed by rpm-libs-4.4.2-37.el5.i386 libelf.so.1(ELFUTILS_1.0) is needed by rpm-libs-4.4.2-37.el5.i386 libelf.so.1(ELFUTILS_1.1.1) is needed by rpm-libs-4.4.2-37.el5.i386 libsqlite3.so.0 is needed by rpm-libs-4.4.2-37.el5.i386 rpm = 4.4.2-37.el5 is needed by rpm-libs-4.4.2-37.el5.i386 Try just rebuilding the database... rpm --rebuilddb -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] block level changes at the file system level?
On Thu, Jul 03, 2014 at 12:48:34PM -0700, Lists wrote: Whatever we do, we need the ability to create a point-in-time history. We commonly use our archival dumps for audit, testing, and debugging purposes. I don't think PG + WAL provides this type of capability. So at the moment we're down to: You can recover WAL files up until the point in time specified in the restore file See, for example http://opensourcedbms.com/dbms/how-to-do-point-in-time-recovery-with-postgresql-9-2-pitr-3/ #recovery_target_time = '' # e.g. '2004-07-14 22:39:00 EST' -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6.5 - combine two DVD isos into one tree?
On Tue, Jul 15, 2014 at 04:15:44PM +, Tony Mountifield wrote: Or any other ideas? I'm sure I can't be the first to stumble over this! Make a symlink tree from a third location that just points to all the files, and point your boot infrastructure at that. (assuming you're doing a http based install that follow symlinks is enabled on your web server). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-7 amavisd-new
On Fri, Jul 18, 2014 at 06:07:08PM +0200, Timothy Murphy wrote: What is the point of putting an rpm in the epel repo if it cannot be installed? Why don't you ask on the EPEL list where it is on-topic and not here, where it is not. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Shrinking a RAID array
My google-fu appears to be weak today... I currently have 8*4Tb in a RAID6. So far I'm only using 6Tb PV VGFmt Attr PSize PFree Used /dev/md6 Large lvm2 a-- 21.83t 15.37t 6.46t Let's say I wanted to remove 2 of these disks from the array and shrink it down to a 6*4Tb How would I do this? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sssd and authconfig and ldap database lookups
On Wed, Aug 06, 2014 at 05:05:36PM -0400, Mauricio Tavares wrote: [root@testcentos ~]# yum install sssd [...] Package sssd-1.9.2-129.el6_5.4.x86_64 already installed and latest version Nothing to do It didn't re-install any files because the package is already installed. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 - iptables service failed to start
On Sat, Aug 09, 2014 at 10:21:33PM -0500, Neil Aggarwal wrote: Hello all: I did a fresh install of CentOS 7 on a new machine. I wrote /usr/local/bin/firewall.stop to remove all the firewall rules. It contains this code: # Flush the rules /usr/sbin/iptables -F You are missing a first line: #!/bin/sh Aug 10 06:09:38 jamm23.jammconsulting.com systemd[2268]: Failed at step EXEC spawning /usr/local/bin/firewall.start: Exec format error And that's the error expected. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bare drive RAID question, was RE: *very* ugly mdadm issue [Solved, badly]
On Fri, Sep 05, 2014 at 08:01:05AM -0600, Warren Young wrote: So the real question is, why do you believe you need to make each RAID member a *partition* on a disk, instead of just take over the entire disk? Unless you're going to do something insane like: For me I have things like sda1 sdb2 sdc3 sdd4 and I align the partitions to the physical slot. This makes it easier to see what is the failed disk; sdc3 has fallen out of the array; that's the disk in slot 3. Because today's sdc may be tomorrow's sdf depending on any additional disks that have been added or kernel device discover order changes or whatever. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.11 / Firefox 31 -- totally borked...
On Mon, Oct 20, 2014 at 12:49:38PM +0100, Lars Hecking wrote: http://people.centos.org/tru/firefox-31.2.0-3.el5.centos.bz1150082-32/ Sweet. Thanks Tru and Johnny! Yay, also fixed my read RH5 32bit desktop at work :-) Thanks! -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing dark SSL sites
On Tue, Oct 21, 2014 at 02:57:42PM -0700, li...@benjamindsmith.com wrote: So we have a set of unit tests written using PHPUnit, having trouble validating certificates. How do you test/validate an SSL cert for a prototype foo.com server if it's not actually active at the IP address that matches DNS for foo.com? openssl s_client -connect ip.ad.dr.ess:443 then decode the cert e.g. $ openssl s_client -connect 1.2.3.4:443 /dev/null | cert Now you can use the x509 to look at various things eg $ openssl x509 -in cert -subject -noout subject= /description=foobar/C=US/CN=ssl.example.com/emailAddress=f...@example.com man x509 -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing dark SSL sites
On Tue, Oct 21, 2014 at 04:17:25PM -0700, li...@benjamindsmith.com wrote: I've already confirmed for example, that using openssl s_client as you mention above doesn't actually check the certs, just lists them. Actually it does check them as well. e.g. openssl s_client -connect localhost:443 /dev/null /dev/null depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=a.example.com/emailAddress=r...@a.example.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=a.example.com/emailAddress=r...@a.example.com verify error:num=10:certificate has expired notAfter=Aug 9 23:55:39 2014 GMT verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=a.example.com/emailAddress=r...@a.example.com notAfter=Aug 9 23:55:39 2014 GMT verify return:1 DONE Notice the verify error lines; it's both self-signed _and_ expired. In chained certs it'll check each of the chains. e.g. openssl s_client -connect www.google.com:443 /dev/null /dev/null CONNECTED(0003) depth=3 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority verify return:1 depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA verify return:1 depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2 verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority You can do a _LOT_ with the openssl command line (e.g. show all the intermediate certs in detail with -showcerts). 'man s_client' If you have a server with a broken intermediate chain then run the command and see what it returns. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos7 Annoyances
On Thu, Oct 30, 2014 at 05:45:58PM -0700, david wrote: 1: Firewall changes Remove firewalld; install iptables. Problem solved. This has been discussed ad nauseum on this list recently. 2: Apache changes Not RedHat specific issues; that's just progress from upstream. 3: Service - systemd This one _is_ nasty; it means you didn't properly use upstart in RH6, but then again who did? We all stuck with standard init scripts :-) 5) Sendmail is out, postfix is in. Only a default; sendmail is still there to install if you need it. 7) Lack of 32-bit support I think I understand this. After all, 32-bit machines may become unusable when the clock overflows, but isn't that a few years away, You've misunderstood kernel support and type support. We've had 64bit filesizes for many years on 32bit kernels. Changing time_t to 64bits is independent of the hardware being 32 or 64 bit. Basically, RHEL is Enterprise (the E); very very few enterprises have 32bit machines any more. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] mail address - centos mail list
On Sat, Nov 08, 2014 at 05:58:53PM -0800, Keith Keller wrote: The fundamental reason is because Mailman is rewriting the headers in an incompatible way. It is not his site's usage of DKIM. This is a known issue with Mailman. (I used to have a good link explaining the issue, but can't find it now; if I find it later I'll post it.) So we have a 20-year old piece of technology (mailman) and a modern proposal (DKIM)... and somehow it's mailman's fault. Uh huh. Note; it's not just mailman that has problems, it's _any_ mail forwarder. Going back 27 years to my first Unix account, I could create a file called .forward that would forward my mail to another address. This is BROKEN by DKIM. Basically DKIM is incompatible with how internet email works. But here's the thing... I think DKIM has a potential future; we need to _change_ how the internet works. So mailman will need to be rewritten; mail forwarders will need to change. And so on. I use DKIM on my domain but I specifically set it to fail safe (deliver it anyway) because I _know_ the internet, today, isn't compatible. I get email reports so I can see if spammers _are_ sending as me. The problem is with domains like yahoo.com who have a fail deny policy. Any yahoo.com sender gets so much mail rejected that many mail lists auto-block yahoo senders these days. The problem, ultimately, is with senders with a reject policy published. DKIM is not compatible with internet email today, and so mail from those senders _will_ be rejected. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Error: libusb-1.0.so.0 is needed....
On Sun, Dec 14, 2014 at 07:22:01PM -0500, Mark LaPierre wrote: On 12/14/14 07:29, ken wrote: uname -r; rpm -q libusb CentOS 6.6 says: [mlapier@mushroom ~]$ uname -r; rpm -q libusb 2.6.32-504.1.3.el6.i686 libusb-0.1.12-23.el6.i686 CentOS 5 has: libusb-0.1.12 CentOS 6 has: libusb-0.1.12 libusb1-1.0.9 CentOS 7 has: libusb-0.1.4 libusbx-1.0.15 -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On Wed, Dec 17, 2014 at 05:14:21PM +, Xinhuan Zheng wrote: used is openssl smime -encrypt -aes256 -in backup.tar -binary -outform DEM -out backup.tar.ssl public.pem². The resulting backup.tar.ssl file is only 2G then encryption process stops there and refuse to do more. Cannot get around 2G. It seems likely that openssl hasn't been compiled with large-file support. Not so uncommon with RH5. Can you send the output to stdout and redirect? Or if that fails then send to stdout and filter via dd to write to the file. Now at this point openssl is only writing to a pipe and won't hit the 2G limit. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changing LANG from de_DE to en_US in CentOS 6
On Sun, Dec 21, 2014 at 11:04:30AM +0100, Alexander Farber wrote: on a Macbook with OSX Yosemite (which prints de_DE.UTF-8 as value of $LANG in Terminal) and VmWare Fusion 7 I have installed CentOS 6.6 minimal. When I ssh to my new VM as root, the $LANG is de_DE.UTF-8 too. So where does the change to de_DE happen and what is the best spot in ssh is setting it, based on your terminal settings. In /etc/ssh/sshd_config you'll see a lines starting with AcceptEnv - one of the settings will be LANG. This tells the ssh daemon to accept the LANG value sent by the client. A standard ssh client (/etc/ssh/ssh_config) has SendEnv settings, and LANG is one of those... So you can do various things: 1) Stop sshd from accepting LANG (edit sshd_config, restart) 2) Stop ssh client from sending LANG 3) Modify .profile -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can i skip this in backups
On Mon, Jan 26, 2015 at 05:31:54PM +, Jake Shipton wrote: On 26/01/15 17:27, John R Pierce wrote: On 1/26/2015 6:54 AM, kqt4a...@gmail.com wrote: Is it ok to skip /run/log/journal/ in backups there is no directory /run/ on a stock centos system. I think he means /var/run/log/journal/ Which is included on a stock centos system. /run is standard on CentOS 7. /var/run is a symlink to /run on that OS. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to prevent root from managing/disabling SELinux
At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of security admin. So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the standard OS permissions would block them) and system admins control the OS (so they can be root, but can't override eTrust). Ideally this type of separation would be useful in the SELinux world as well. OK, maybe this is a bit of an overkill for my own machines, but then I do have bastion hosts and internal segmented networking at home; I do overkill at times :-) The problem is that I can't see how to prevent this. There are too many access points (not just the CLI tools but the pp files and the /sys tree and I don't know what else). I do note that /etc/selinux has selinux_config_t and /sys/fs/selinux has security_t so maybe a policy that deny's everyone except a new security_admin_t permission to modify those files might work? Has anyone actually attempted this? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Extracting Subject Lines from IMAP Mailbox
On Mon, Feb 16, 2015 at 01:50:31PM -0500, Tim Evans wrote: Looking for a command-line way to extract only the Subject lines from my mailbox on my ISP's IMAP server, without actually downloading/modifying the contents of the mailbox. Sort of the remote equivalent of locally doing: telnet (or use openssl) to connect to the imap port. eg telnet localhost imap a1 LOGIN username password a2 SELECT INBOX a3 FETCH 1:* ENVELOPE a4 logout The FETCH command will give you output like: * 1 FETCH (ENVELOPE (Mon, 16 Feb 2015 13:50:31 -0500 [CentOS] OT: Extracting Subject Lines from IMAP Mailbox ((Tim Evans NIL tkevans tkevans.com)) ((NIL NIL centos-bounces centos.org)) ((CentOS mailing list NIL centos centos.org)) ((CentOS mailing list NIL centos centos.org)) NIL NIL NIL 54e23bf7.7020...@tkevans.com)) * 2 FETCH (ENVELOPE (Mon, 16 Feb 2015 19:33:43 + (GMT) Re: [CentOS] OT: Extracting Subject Lines from IMAP Mailbox ((Nux! NIL nux li.nux.ro)) ((NIL NIL centos-bounces centos.org)) ((CentOS mailing list NIL centos centos.org)) ((CentOS mailing list NIL centos centos.org)) NIL NIL 54e23bf7.7020...@tkevans.com 1705307878.67382.1424115223759.javamail.zim...@li.nux.ro)) From RFC 3501 we can be sure of the order of the data: The fields of the envelope structure are in the following order: date, subject, from, sender, reply-to, to, cc, bcc, in-reply-to, and message-id. The date, subject, in-reply-to, and message-id fields are strings. The from, sender, reply-to, to, cc, and bcc fields are parenthesized lists of address structures. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to prevent root from managing/disabling SELinux
On Mon, Jan 26, 2015 at 03:29:23PM -0500, Daniel J Walsh wrote: You could also set the secure_ booleans Is this in addition to or instead of removing unconfined users? getsebool -a | grep secure_* secure_mode -- off secure_mode_insmod -- off secure_mode_policyload -- off Without removing unconfined users this definitely stops setenforce working... but root can still set the boolean off. So playing around, just to see what destruction I can cause... Window 1 had an unconfined user doing tail -f /var/log/messages Window 2 had a guest_u user Window 3 had a sysadm_u user, su'd to root In window 3 I did 'semanage -d unconfined' and then 'semanage -d unconfineduser'. At that point that window threw up libsemanage.dbase_llist_query: could not query record value (No such file or directory). and control-C, control-Z, control-\ all did nothing interesting. Window 1 (unconfined) displayed tonnes of errors from messages, around things like staff_u not being valid. Then froze, then eventually ssh session died; I'm guessing SELinux starting blocking the port. SELinux: Context staff_u:unconfined_r:samba_unconfined_net_t:s0 became invalid (unmapped). SELinux: Context unconfined_u:system_r:samba_unconfined_net_t:s0-s0:c0.c1023 became invalid (unmapped). SELinux: Context staff_u:system_r:samba_unconfined_net_t:s0 became invalid (unmapped). The one session that stayed active was the guest_u one... but not a lot I can do, there! root login on the console failed: Unable to get valid context for root Cannot make/remove an entry for the specified session [342970.402198] audit: backlog limit exceeded [342970.402622] audit: backlog limit exceeded [342970.402983] audit: backlog limit exceeded ssh as the sysadm_u user fails with context issues. I can login with the sysadm_u user on the console, although this user can't see his own home directory. And that was able to su to root and re-enable the two modules :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
