Re: yum.log and logwatch
On 2006-09-14 13:03:17 -0400, Matthew Miller wrote: On Tue, Sep 12, 2006 at 09:54:02AM +0200, Nils Breunese (Lemonbit Internet) wrote: at the bottom of the file. Apparently the entries in yum.log do not contain years in their dates, so logwatch doesn't know these updates were installed a year ago instead of now. It's definitely an annoying problem. Newer yum can log to syslog, which will solve this. Syslog doesn't contain a year either. But on most machines the syslog files are rotated more than once per year ;-) hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpAngiUV0mMz.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: sendmail update left me in a fix
On 2006-04-10 13:45:01 +1200, Parker Jones wrote: Is the sendmail.mc replaced during the update? Should there be a backup of the old version e.g as sendmail.mc.rpmnew? I didn't find one. Why is there a sendmail.cf.rpmnew and not a sendmail.mc.rpmnew? Configuration files are silently replaced during an upgrade if they haven't been changed locally. If they have been changed, they are left alone and the new config file from the package is stored with a .rpmnew suffix[0]. So, if you have a sendmail.cf.rpmnew, but no sendmail.mc.rpmnew, it is most probably the case that you changed the sendmail.cf, but not the sendmail.mc. Maybe you just rebuilt the .cf file at one time (it contains a a line which looks like a timestamp, so it would appear to be changed even if the real content was the same). hp [0] Or sometimes, they are replaced and your file is renamed to .rpmsave. I still haven't figured out when that happens. -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpejgq3xUb35.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: sendmail update left me in a fix
On 2006-04-10 11:53:04 +0100, Brian Morrison wrote: On 10/04/2006 Peter J. Holzer wrote: That's when the config file has essential changes for the updated package to work at all, and hence must be installed. The rpmsave file is there as a hint that you need to merge your previous changes with the new format. How does RPM decide whether the changes are essential? Is there a flag in the SPEC file? It is decided by whoever writes the spec file. Hmpf. I guess that's what I deserve for asking such imprecise questions. Ok, I think I found it in /usr/share/doc/rpm-4.3.1/spec: | The %config(noreplace) indicates that the file in the package should | be installed with extension .rpmnew if there is already a modified file | with the same name on the installed machine. So, the default seems to be to replace config files, but it the packager deems an update non-essential he can mark it with noreplace. BTW, is there somewhere a complete up-to-date description of the spec file? The file above is just a what's new since some unspecified release file, and RPM to the max is now over 5 years old. hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpOhAgVl9R3c.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: sendmail update left me in a fix
On 2006-04-10 15:00:23 +0200, Nils Breunese (Lemonbit Internet) wrote: Peter J. Holzer wrote: BTW, is there somewhere a complete up-to-date description of the spec file? The file above is just a what's new since some unspecified release file, and RPM to the max is now over 5 years old. See the documentation section on the frontpage of http://www.rpm.org/ Thanks. http://fedora.redhat.com/docs/drafts/rpm-guide-en/ does indeed seem to be fairly complete and up-to-date. I remember seeing only RPM to the max and the howto there, which are both rather old (including the next version of RPM to the max). hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgp9pHg5NAGcj.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Long RTT on fedora-legacy-list (was: Question about yum.conf for fc2)
On 2006-03-23 23:49:53 -0500, Gene Heskett wrote: Received: from listman.util.phx.redhat.com (localhost.localdomain [127.0.0.1]) by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id k2OH5hkP031529; Fri, 24 Mar 2006 12:06:05 -0500 ^ Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id k2O4o2sH012586 for [EMAIL PROTECTED]; Thu, 23 Mar 2006 23:50:02 -0500 ^ [...] Humm, this is the second copy, to the list, posted at 14:00 your time, just now walked in the door Seth, its 23:48 here now. As somebody else already noted, the fedora-legacy-list sometimes has extremely long round-trip times. This mail seems to have been more than 12 hours on listman.util.phx.redhat.com, before it was sent on. hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpmzI8uFKKj7.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: slapper worm
On 2006-01-24 08:46:24 +1000, Michael Mansour wrote: More generally, I read advice somewhere that mounting /tmp with the noexec option (and making any other temp directories symbolic links to that one) can make this type of attack much more difficult. This doesn't really prevent execution of programs on /tmp, it just makes it more difficult. It is useful against worms which don't expect /tmp to be mounted noexec, though. (In other words: It works as long as only a few people use this trick) Definately noted as one of the measures to stop this type of attack, but for this particular server, /tmp is not a mounted filesystem but part of /, so I can't really do that without re-partitioning the disk and creating a dedicated /tmp. You could put /tmp on a tmpfs: /etc/fstab: none /tmp tmpfs noexec 0 0 hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpablwhfuGVZ.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: slapper worm
On 2006-01-24 22:13:26 +1000, Michael Mansour wrote: Hi Peter, On 2006-01-24 08:46:24 +1000, Michael Mansour wrote: Definately noted as one of the measures to stop this type of attack, but for this particular server, /tmp is not a mounted filesystem but part of /, so I can't really do that without re-partitioning the disk and creating a dedicated /tmp. You could put /tmp on a tmpfs: /etc/fstab: none /tmp tmpfs noexec 0 0 That's actually a very good idea, I forgot about that. But I thought it was more like: /dev/shm /tmp tmpfs noexec,size=512M,mode=777 0 0 ie. I'd have to use the /dev/shm device instead of none ? The device is ignored for filesystems which don't really use any device (like proc, sys, tmpfs, etc.).It might be a good idea to use a more descriptive string than none, though. Actually, I forgot whether the tmpfs automatically adds the sticky bit on /tmp, or would I need to change the mode to 1777 ? The default mode is 1777. If you explicitely set the mode to 777, the sticky bit isn't set. hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpoa0iXhxcWA.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: Maintenance? Re: Proposed changes to Fedora Legacy Project
On 2006-01-19 20:41:20 -0600, David Eisenstein wrote: I'm going to step into this discussion with a point that some non-USA folks here may not realize. In my midwestern United States dialect, the word maintenance generally has connotations that make it rather less than glamorous. Yes, maintenance isn't glamourous, but it's necessary. When you hear about building maintenance, that usually means the custodian or janitorial staff for the building or campus. To me, calling our project a Community Maintenance Project sort of has the connotation of software janitor project, or package housekeeper project, or security roto-rooter project. In a recent survey are these professions important for Austria? cleaning staff was ranked before IT professionals, so maybe the fedora janitor project wouldn't be that bad :-) hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpVbeqhZsAPM.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: recent ntpd problems
On 2005-09-19 11:51:59 -0400, Gene Heskett wrote: On Monday 19 September 2005 11:42, Peter J. Holzer wrote: On 2005-09-19 10:48:34 -0400, Gene Heskett wrote: [new version of ntpd] This latter version does not seem to be writing to /var/log/ntpd.log at all, so I have no idea what its doing. Have you started it with -l /var/log/ntpd.log? Normally ntpd writes to syslog (and I believe this it has done this for the last 10 years or so). No, but I didn't have to before. In the init.d/ntpd script, the ntpd starter is daemon ntpd $OPTIONS but I've NDI where $OPTIONS actually gets set. It gets set in /etc/sysconfig/ntpd On my system it contains # Drop root to id 'ntp:ntp' by default. Requires kernel = 2.2.18. OPTIONS=-U ntp -p /var/run/ntpd.pid which I believe is the default for FC2 (I certainly can't remember changing it). AFAIR the default for (x)ntpd on Redhat systems has always been to log to syslog since Redhat 3.0.3 (before I used Slackware, and I think it was the same). hp -- _ | Peter J. Holzer| In our modern say,learn,know in a day |_|_) | Sysadmin WSR | world, perhaps being an expert is an | | | [EMAIL PROTECTED] | outdated concept. __/ | http://www.hjp.at/ |-- Catharine Drozdowski on dbi-users. pgpzZKt5G75Ja.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list